Information technology -- Conformance test methods for security service crypto suites

ISO/IEC 19823-13:2018 describes test methods for determining the conformance of security crypto suites with the specifications given in ISO/IEC 29167‑13. ISO/IEC 19823-13:2018 contains conformance tests for all mandatory and optional functions. The conformance parameters are the following: - parameters that apply directly affecting system functionality and inter-operability; - protocol including commands and replies; and - nominal values and tolerances. Unless otherwise specified, the tests in this document are applied exclusively to RFID tags and interrogators defined in the ISO/IEC 18000 series using ISO/IEC 29167‑13.

Technologies de l’information -- Conformance test methods for security service crypto suites

General Information

Status
Published
Publication Date
11-Apr-2018
Current Stage
6060 - International Standard published
Start Date
17-Mar-2018
Completion Date
12-Apr-2018
Ref Project

Buy Standard

Standard
ISO/IEC 19823-13:2018 - Information technology -- Conformance test methods for security service crypto suites
English language
21 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (sample)

INTERNATIONAL ISO/IEC
STANDARD 19823-13
First edition
2018-04
Information technology —
Conformance test methods for
security service crypto suites —
Part 13:
Cryptographic Suite Grain-128A
Technologies de l’information — Conformance test methods for
security service crypto suites —
Partie 13: Suite cryptographique Grain-128A
Reference number
ISO/IEC 19823-13:2018(E)
ISO/IEC 2018
---------------------- Page: 1 ----------------------
ISO/IEC 19823-13:2018(E)
COPYRIGHT PROTECTED DOCUMENT
© ISO/IEC 2018

All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may

be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting

on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address

below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Fax: +41 22 749 09 47
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO/IEC 2018 – All rights reserved
---------------------- Page: 2 ----------------------
ISO/IEC 19823-13:2018(E)
Contents Page

Foreword ........................................................................................................................................................................................................................................iv

Introduction ..................................................................................................................................................................................................................................v

1 Scope ................................................................................................................................................................................................................................. 1

2 Normative references ...................................................................................................................................................................................... 1

3 Terms, definitions, symbols and abbreviated terms ....................................................................................................... 1

4 Test methods ............................................................................................................................................................................................................. 2

4.1 General ........................................................................................................................................................................................................... 2

4.2 By demonstration ................................................................................................................................................................................. 2

4.3 By design ...................................................................................................................................................................................................... 2

5 Test methods in respect to the ISO/IEC 18000 parts ...................................................................................................... 2

5.1 Test requirements for ISO/IEC 18000-62 interrogators and tags .............................................................. 2

6 Test methods in respect to the ISO/IEC 29167-13 interrogators and tags ..............................................3

6.1 Test map for optional features .................................................................................................................................................. 3

6.2 Crypto suite requirements ............................................................................................................................................................ 3

6.3 Test patterns ..........................................................................................................................................................................................14

Bibliography .............................................................................................................................................................................................................................21

© ISO/IEC 2018 – All rights reserved iii
---------------------- Page: 3 ----------------------
ISO/IEC 19823-13:2018(E)
Foreword

ISO (the International Organization for Standardization) and IEC (the International Electrotechnical

Commission) form the specialized system for worldwide standardization. National bodies that are

members of ISO or IEC participate in the development of International Standards through technical

committees established by the respective organization to deal with particular fields of technical

activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international

organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the

work. In the field of information technology, ISO and IEC have established a joint technical committee,

ISO/IEC JTC 1.

The procedures used to develop this document and those intended for its further maintenance are

described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for

the different types of document should be noted. This document was drafted in accordance with the

editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/ directives).

Attention is drawn to the possibility that some of the elements of this document may be the subject

of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent

rights. Details of any patent rights identified during the development of the document will be in the

Introduction and/or on the ISO list of patent declarations received (see www .iso .org/ patents).

Any trade name used in this document is information given for the convenience of users and does not

constitute an endorsement.

For an explanation on the voluntary nature of standards, the meaning of ISO specific terms and

expressions related to conformity assessment, as well as information about ISO's adherence to the

World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see the following

URL: www .iso .org/ iso/ foreword .html.

This document was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology,

Subcommittee SC 31, Automatic identification and data capture techniques.
A list of all parts in the ISO/IEC 19823 series can be found on the ISO website.
iv © ISO/IEC 2018 – All rights reserved
---------------------- Page: 4 ----------------------
ISO/IEC 19823-13:2018(E)
Introduction

The ISO/IEC 29167 series of standards describes security services as applicable for ISO/IEC 18000 series

of standards. The various parts of ISO/IEC 29167 describe crypto suites that are optional extensions to

the ISO/IEC 18000 air interfaces.

The ISO/IEC 19823 series of standards describes the conformance test methods for security service

crypto suites. The ISO/IEC 19823 series is related to the ISO/IEC 18047 series of standards, which

describes the radio frequency identification device conformance test methods, in the same way as

ISO/IEC 29167 series is related to the ISO/IEC 18000 series.

These relations mean that for a product that is claimed to be compliant to a pair of ISO/IEC 18000-n and

ISO/IEC 29167-m then the test methods of ISO/IEC 18047-n and ISO/IEC 19823-m apply. If a product

supports more than one part of ISO/IEC 18000 or ISO/IEC 29167, all related parts of ISO/IEC 18047 and

ISO/IEC 19823 apply.

NOTE 1 The conformance test requirements of ISO/IEC 18000-6, ISO/IEC 18000-61, ISO/IEC 18000-62,

ISO/IEC 18000-63, ISO/IEC 18000-64 are currently all in ISO/IEC 18047-6.

This document describes the test methods for the Grain-128A crypto suite as standardized in

ISO/IEC 29167-13.

NOTE 2 Test methods for interrogator and tag performance are covered by the multiple parts of ISO/IEC 18046.

© ISO/IEC 2018 – All rights reserved v
---------------------- Page: 5 ----------------------
INTERNATIONAL STANDARD ISO/IEC 19823-13:2018(E)
Information technology — Conformance test methods for
security service crypto suites —
Part 13:
Cryptographic Suite Grain-128A
1 Scope

This document describes test methods for determining the conformance of security crypto suites with

the specifications given in ISO/IEC 29167-13.

This document contains conformance tests for all mandatory and optional functions.

The conformance parameters are the following:

— parameters that apply directly affecting system functionality and inter-operability;

— protocol including commands and replies; and
— nominal values and tolerances.

Unless otherwise specified, the tests in this document are applied exclusively to RFID tags and

interrogators defined in the ISO/IEC 18000 series using ISO/IEC 29167-13.
2 Normative references

The following documents are referred to in the text in such a way that some or all of their content

constitutes requirements of this document. For dated references, only the edition cited applies. For

undated references, the latest edition of the referenced document (including any amendments) applies.

ISO/IEC 19762 (all parts), Information technology — Automatic identification and data capture (AIDC)

techniques — Harmonized vocabulary

ISO/IEC 18000-62, Information technology — Radio frequency identification for item management —

Part 62: Parameters for air interface communications at 860 MHz to 960 MHz Type B

ISO/IEC 18047-6:2017, Information technology — Radio frequency identification device conformance test

methods — Part 6: Test methods for air interface communications at 860 MHz to 960 MHz

ISO/IEC 29167-13:2015, Information technology — Automatic identification and data capture

techniques — Part 13: Crypto suite Grain-128A security services for air interface communications

ISO/IEC 17025, General requirements for the competence of testing and calibration laboratories

3 Terms, definitions, symbols and abbreviated terms
3.1 Terms and definitions

For the purposes of this document, the terms and definitions given in ISO/IEC 19762 (all parts) and

ISO/IEC 29167-13 apply.

ISO and IEC maintain terminological databases for use in standardization at the following addresses:

— IEC Electropedia: available at https:// www .electropedia .org/
© ISO/IEC 2018 – All rights reserved 1
---------------------- Page: 6 ----------------------
ISO/IEC 19823-13:2018(E)
— ISO Online browsing platform: available at https:// www .iso .org/ obp
3.2 Symbols and abbreviated terms

For the purposes of this document, the symbols and abbreviated terms given in ISO/IEC 19762 apply.

4 Test methods
4.1 General

This Clause describes the general test methods for ISO/IEC 29167-13. As the parts of ISO/IEC 19823

are always tested in relation with ISO/IEC 18047 a duplication of information requirements, and

specifications should be avoided.

Clause 5 defines elements that are assumed to be covered in the respective ISO/IEC 18047 parts and

therefore shall not be addressed in an ISO/IEC 19823 part. Only if ISO/IEC 18047 does not define

them, then they may be defined in ISO/IEC 19823, although a revision of ISO/IEC 18047 should be the

preferred option.

Clause 6 defines elements that are not expected to be covered by ISO/IEC 18047 and these shall be

addressed in the respective ISO/IEC 19823 part.
4.2 By demonstration

Laboratory testing of one, or (if required for statistical reasons), multiple products, processes, or

services to ensure compliance. A test laboratory that meets ISO/IEC 17025 shall perform the indicated

testing to ensure conformance of the component or system.

For Protocol requirements that are verified by demonstration, the test conditions are specified by this

document. The detailed test plan is at the discretion of the test laboratory.
4.3 By design

Design parameters and/or theoretical analysis that ensure compliance. A vendor submitting a

component or system for compliance testing shall provide the necessary technical information, in the

form of a technical memorandum or similar. A test laboratory shall issue a test certificate indicating

whether the technical analysis was sufficient to ensure conformance of the component or system.

For Protocol requirements that are verified by design, the method of technical analysis is at the

discretion of the submitting vendor and is not specified by this document. In general, the technical

analysis shall have sufficient rigor and technical depth to convince a test engineer knowledgeable of the

Protocol that the particular requirement has been met.
5 Test methods in respect to the ISO/IEC 18000 parts
5.1 Test requirements for ISO/IEC 18000-62 interrogators and tags

The following mandatory requirements and applicable optional requirements of ISO/IEC 18047-6:2017

shall be fulfilled:
— Clause 4 Default conditions applicable to the test methods;
— Clause 5 Setup of test equipment.

Before a DUT is tested according this document it shall successfully pass the following of

ISO/IEC 18047-6:2017:
— Clause 7 Conformance tests for ISO/IEC 18000-62.
2 © ISO/IEC 2018 – All rights reserved
---------------------- Page: 7 ----------------------
ISO/IEC 19823-13:2018(E)
6 Test methods in respect to the ISO/IEC 29167-13 interrogators and tags
6.1 Test map for optional features

Table 1 lists all optional features of this crypto suite and shall be used as template to report the test

results. Furthermore, it is used to refer to the test requirements in 6.2.
Table 1 — Test map for optional features
# Feature Additional requirement Mark items to Test results
be tested for
supplied
product
1 TA Shall be tested with the authenticate command of
the declared ISO/IEC 18000 part
2 IA Shall be tested with the authenticate command of
the declared ISO/IEC 18000 part
3 Secure Shall be tested with the SecureComm command of
Authenticated the declared ISO/IEC 18000 part
Communication
4 Key update Shall be tested with the SecureComm command of
the declared ISO/IEC 18000 part
2 Number of keys
supported

Table 2 lists all crypto suite requirements that shall be tested in dependence of the features of Table 1

as supported by the DUT. Items marked with M are mandatory and shall be tested for each DUT.

6.2 Crypto suite requirements
This clause contains all requirements of ISO/IEC 29167-13.

6.2.1 Crypto suite requirements of ISO/IEC 29167-13:2015 in Clauses 1 to 8 and Annexes A to C

All the requirements of ISO/IEC 29167-13:2015 in Clauses 1 to 8 and Annexes A to C shall apply,

inherently by design only.

6.2.2 Crypto suite requirements of ISO/IEC 29167-13:2015 in Clauses 9 to 12 and Annex E

Table 2 contains all requirements of ISO/IEC 29167-13:2015 in Clauses 9 to 12 and Annex E.

The column MO (Mandatory/optional) has the following content:
M mandatory
Items marked with “M” are mandatory and shall be tested for all devices.
O optional

Items marked with “O” are optional and shall be tested only for devices that support the feature

that is indicated by the requirement.
© ISO/IEC 2018 – All rights reserved 3
---------------------- Page: 8 ----------------------
ISO/IEC 19823-13:2018(E)
Table 2 — Crypto suite requirements
Item Protocol Requirement MO Applies to How verified
Sub clause
1 9 The Tag’s air interface protocol logic M Tag By design
shall provide an external reset to the Tag
crypto engine which shall set INIT=FALSE,
TA=FALSE, IA=FALSE and ERROR=FALSE
before transition to the CS-Reset state.
2 9 The CS-Reset state shall process crypto M Tag By design
commands from the Tag’s air interface pro-
tocol logic only when ERROR=FALSE. If an
error condition exists then the Tag crypto
engine shall set ERROR=TRUE and remain
in the CS-Reset state.
3 9 If an error condition exists then the Tag M Tag By design
crypto engine shall set ERROR=TRUE and
remain in the CS-Reset state.
4 9 The Tag shall report an error condition if M Tag By design
it receives a CryptoCommCmd, CryptoSec-
CommCmd or CryptoKeyUpdate command
in the CS-Reset state.
5 9 The Tag shall check a CryptoAuthCmd pay- M Tag By design
load for any error conditions.
6 9 The Tag shall report an error condition if M Tag By demonstration
Step ≠ 00 in the CS-Reset state. using Test Pattern 3
7 9 The Tag shall report an error condition if M Tag By demonstration
the KeyID value is not supported by the Tag. using Test Pattern 2
(only if TA is sup-
ported), Test Pat-
tern 10 (only if IA
is supported) and
Test Pattern 16
8 9 The Tag shall report an error condition M Tag By design
if AuthMethod=00 and the Tag does not
support Tag authentication.
9 9 The Tag shall report an error condition if O Tag By design
AuthMethod=00 and the Options selected
are not supported by the Tag CSFeatures.
10 9 The Tag shall report an error condition M Tag By design
if AuthMethod=01 and the Tag does not
support Interrogator authentication.
11 9 The Tag shall report an error condition if O Tag By demonstration
AuthMethod=01 and Options ≠ 0000 using Test Pattern 9
b b.
12 9 The Tag shall report an error condition if M Tag By demonstration
AuthMethod=10 and Options ≠ 0000 using Test Pat-
b b.
tern 15
13 9 The Tag shall report an error condition if M Tag By design
AuthMethod=11 and the Tag does not sup-
port a vendor defined authentication.
14 9 If no error condition exists, the Tag shall M Tag By design
transition to the CS-Init state.
15 10.1 The authentication method to be per- M Tag, By design
formed shall be specified by the 2-bit value Interrogator
AuthMethod which is defined in Table 2.
4 © ISO/IEC 2018 – All rights reserved
---------------------- Page: 9 ----------------------
ISO/IEC 19823-13:2018(E)
Table 2 (continued)
Item Protocol Requirement MO Applies to How verified
Sub clause
16 10.1 If AuthMethod="00b" the Tag shall parse O Tag By demonstration
the Message for Tag Authentication as using Test Pattern 1
described in section 10.2
17 10.1 If AuthMethod="01b" the Tag shall parse O Tag By demonstration
the Message Interrogator Authentication as using Test Pattern 8
described in section 10.3
18 10.1 If AuthMethod="10b" the Tag shall parse M Tag By demonstration
the Message for Mutual Authentication as using Test Pattern 14
described in section 10.4
19 10.1 Some of the authentication methods re- M Tag, By design
quire multiple steps to be performed in a Interrogator
specific sequence. The current step in the
sequence shall be specified by the 2-bit
value Step as defined in Table 3.
20 10.1 During step 0 of an authentication method, M Tag By design
the Tag shall provide an 8-bit value CSFea-
tures which is used to indicate which of
the optional Grain-128A CS features are
supported by the Tag.
21 10.1 During step 0 and 1 of an authentication M Interrogator By design
method, the Interrogator shall provide a
4-bit value Options
22 10.2.1 The Tag authentication method uses a chal- O Interrogator, By design
lenge-response protocol having one pair of Tag
message exchange (see Figure 2).
23 10.2.2 For Tag authentication the Interrogator O Interrogator By design
shall generate a 48-bit random number
for use as IRandomNumber and issue the
challenge to the Tag with the TA.1 Payload
as specified in Table 6.
24 10.2.3 The Tag shall generate a 48-bit random O Tag By design
number for use as TRandomNumber. The
Tag crypto engine shall be initialized for
Tag authentication using TRandomNumber,
IRandomNumber and the crypto key speci-
fied by KeyID. The crypto engine then shall
generate the Tag keystream.
25 10.2.3 The Tag shall respond to the challenge O Tag By design
from the Interrogator with the TA.1 Pay-
load as specified in Table 7.
26 10.2.3 The Tag shall transition to the TA.1 state O Tag By design
after the response to the Interrogator and
shall set TA=TRUE.
27 10.2.4 The Interrogator shall be initialized for Tag O Interrogator By design
authentication using TRandomNumber,
IRandomNumber and the crypto key speci-
fied by KeyID. The crypto engine shall then
generate the Interrogator keystream.
28 10.2.4 The Interrogator shall compare the Tag O Interrogator By design
keystream with the Interrogator key-
stream to authenticate the Tag and accepts
it as valid if they are equal.
© ISO/IEC 2018 – All rights reserved 5
---------------------- Page: 10 ----------------------
ISO/IEC 19823-13:2018(E)
Table 2 (continued)
Item Protocol Requirement MO Applies to How verified
Sub clause
29 10.3.1 The Interrogator authentication method O Interrogator, By design
uses a challenge-response protocol having Tag
two pairs of message exchange as shown in
(see Figure 3).
30 10.3.2 In the first step of the Interrogator authen- O Interrogator By design
tication process, the Interrogator shall
generate a 48-bit random number for use
as IRandomNumber and request a chal-
lenge from the Tag using the IA.1 Payload,
as specified in Table 8.
31 10.3.3 The Tag shall generate a 48-bit random O Tag By design
number for use as TRandomNumber. The
Tag crypto engine shall be initialized for
Interrogator authentication using TRan-
domNumber, IRandomNumber and the
crypto key specified by KeyID.
32 10.3.3 The Tag shall respond with the challenge to O Tag By design
the Interrogator with the IA.1 Payload as
specified in Table 9.
33 10.3.3 The Tag shall transition to the IA.1 state O Tag By design
after the response to the Interrogator.
34 10.3.4 In the second step, the Interrogator crypto O Interrogator By design
engine shall be initialized for Interrogator
authentication using TRandomNumber,
IRandomNumber and the crypto key speci-
fied by KeyID. The crypto engine shall then
generate the Interrogator keystream.
35 10.3.4 The Interrogator shall respond to the chal- O Interrogator By design
lenge from the Tag with the IA.2 Payload as
specified in Table 10.
36 10.3.5 The Tag shall check the crypto command O Tag By design
and payload for any error conditions. If an
error condition exists then the Tag crypto
engine shall set ERROR=True and remain
in the IA.1 state.
37 10.3.5 The Tag shall report an error condition if O Tag By design
it receives a CryptoCommCmd, CryptoSec-
CommCmd or CryptoKeyUpdate command
in the IA.1 state.
38 10.3.5 The Tag shall report an error condition if O Tag By design
AuthMethod ≠ 01 in the IA.2 payload.
39 10.3.5 The Tag shall report an error condition if O Tag By design
Step ≠ 01 in the IA.2 payload.
40 10.3.5 The Tag shall report an error condition if O Tag By design
the KeyID value is not the same as used for
the IA.1 payload.
41 10.3.5 The Tag shall report an error condition if O Tag By design
the selected Options are not supported by
the Tag CSFeatures.
42 10.3.5 If no error condition exists, the Tag crypto O Tag By demonstration
engine shall generate the Tag keystream using Test Pattern 8
and compare it with the Interrogator key- and Test Pattern 11
stream. It shall accept the Interrogator as
valid if the parameters are equal.
6 © ISO/IEC 2018 – All rights reserved
---------------------- Page: 11 ----------------------
ISO/IEC 19823-13:2018(E)
Table 2 (continued)
Item Protocol Requirement MO Applies to How verified
Sub clause
43 10.3.5 The Tag shall respond with the IA.2 Pay- O Tag By design
load as specified in Table 11.
44 10.3.5 If the Interrogator authentication succeed- O Tag By design
ed, the Tag shall transition to the IA.2 state
after the response to the Interrogator and
set IA=TRUE.
45 10.3.5 If the Interrogator authentication failed, O Tag By design
the Tag shall transition to the IA.2 state
after the response to the Interrogator and
set ERROR=True.
46 10.4.1 The mutual authentication method uses a M Interrogator, By design
challenge-response protocol having two Tag
pairs of message exchange (see Figure 4).
47 10.4.2 In the first step of the mutual authentica- M Interrogator By design
tion process, the Interrogator shall gen-
erate a 48-bit random number for use as
IRandomNumber and request a challenge
from the Tag using the MA.1 Payload, as
specified in Table 12.
48 10.4.3 The Tag shall generate a 48-bit random M Tag By design
number for use as TRandomNumber. The
Tag crypto engine shall be initialized for
mutual authentication using the crypto key
specified in KeyID, TRandomNumber and
IRandomNumber.
49 10.4.3 The Tag shall respond with the challenge to M Tag By design
the Interrogator with the MA.1 Payload as
specified in Table 13.
50 10.4.3 The Tag shall transition to the MA.1 state M Tag By design
after the response to the Interrogator.
51 10.4.4 In the second step, the Interrogator shall M Interrogator By design
be initialized for mutual authentication
using TRandomNumber, IRandomNumber
and the crypto key specified by KeyID.
The crypto engine shall then generate the
Interrogator keystream.
52 10.4.4 The Interrogator shall respond to the chal- M Interrogator By design
lenge from the Tag with the MA.2 Payload
as specified in Table 14.
53 10.4.5 The Tag shall check the crypto command M Tag By design
and payload for any error conditions. If an
error condition exists then the Tag crypto
engine shall set ERROR=True and remain
in the MA.1 state.
54 10.4.5 The Tag shall report an error condition if M Tag By design
it receives a CryptoCommCmd, CryptoSec-
CommCmd or CryptoKeyUpdate command
in the MA.1 state.
55 10.4.5 The Tag shall report an error condition if M Tag By design
AuthMethod ≠ 10 in the MA.2 payload.
56 10.4.5 The Tag shall report an error condition if M Tag By design
Step ≠ 01 in the MA.2 payload.
© ISO/IEC 2018 – All rights reserved 7
---------------------- Page: 12 ----------------------
ISO/IEC 19823-13:2018(E)
Table 2 (continued)
Item Protocol Requirement MO Applies to How verified
Sub clause
57 10.3.5 The Tag shall report an error condition if M Tag By design
the KeyID value is not the same as used for
the MA.1 payload.
58 10.3.5 The Tag shall report an error condition if M Tag By design
the selected Options are not supported by
the Tag CSFeatures.
59 10.4.5 If no error condition exists, the Tag crypto M Tag By demonstration
engine shall generate the Tag keystream using Test Pat-
and compare it with the Interrogator key- tern 14 and
stream. It shall accept the Interrogator as Test Pattern 17
valid if the parameters are equal.
60 10.4.5 If the Interrogator is invalid, the Tag shall M Tag By design
transition to the MA.2 state after the
response to the Interrogator and set ER-
ROR=True.
61 10.4.5 If the Interrogator is valid, the Tag crypto M Tag By design
engine shall generate a new value for the
Tag keystream.
62 10.4.5 The Tag shall transition to the MA.2 state M Tag By design
after the response to the Interrogator and
set TA=IA=TRUE.
63 10.4.5 The Tag shall respond with the MA.2 Pay- M Tag By design
load as specified in Table 15.
64 10.4.6 The Interrogator shall check the authen- M Interrogator By design
tication status from the Tag and if it is
OK, the Interrogator crypto engine shall
generate a new value for the Interrogator
keystream.
65 10.4.6 The Interrogator shall use the updated key- M Interrogator By design
streams to authenticate the Tag. The Tag
is accepted as valid the Tag keystream and
the Interrogator keystream are equal.
66 11.1 Authentication integrity shall be main- M Interrogator, By design
tained for an Interrogator authentication Tag
and a mutual authentication, it is optional
to maintain the authentication integrity of
a Tag authentication.
67 11.1 Authentication integrity shall be per- M Interrogator, By design
formed using authenticated communica- Tag
tion and/or secure authenticated commu-
nication.
68 11.1 A Message Authentication Code (MAC) M Interrogator, By design
shall be used to provide the integrity pro- Tag
tection.
69 11.1 The Interrogator shall select between using M Interrogator By design
a MAC32 or a MAC64 via the Options pa-
rameter during the authentication process.

70 11.2 If a Tag is authenticated as a result of Tag O Interrogator By demonstration

authentication, the Interrogator may use using Test Pattern 4
authenticated communication.
71 11.2 The TA.1 state shall process crypto re- O Tag By design
sponses from the Tag’s air interface proto-
col logic only when ERROR=FALSE.
8 © ISO/IEC 2018 – All rights reserved
---------------------- Page: 13 ----------------------
ISO/IEC 19823-13:2018(E)
Table 2 (continued)
Item Protocol Requirement MO Applies to How verified
Sub clause
72 11.2 The Tag shall check the crypto responses for O Tag By design
any error conditions. If an error condition
exists then the Tag crypto engine shall set
ERROR=True and remain in the TA.1 state.
73 11.2 An error condition shall occur for any O Tag By design
CryptoSecCommResp or CryptoAuthResp
in the TA.1 state.
74 11.2 If no error condition exists, the Tag shall O Tag By design
provide integrity protection for the Tag
response in the CryptoCommResp payload
(see Table 17).
75 11.2 Integrity of the Tag response shall be per- O Tag By design
formed with the addition of an 8-bit value
of 00 followed by a MAC.
76 11.2 The Tag shall remain in the TA.1 state after O Tag By design
the response is sent to the Interrogator.
77 11.2 The Interrogator shall generate a MAC for O Interrogator By design
the Tag response within the CryptoCom-
mResp payload to authenticate the Tag
response.
78 11.2 The Interrogator shall accept the response O Interrogator By design
as valid if the MAC from the Tag equals the
MAC from the Interrogator.

79 11.2 If an Interrogator is authenticated as a re- O Interrogator By demonstration

sult of Interrogator authentication, then it using T
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.