Information technology — Personal identification — ISO-compliant driving licence — Part 3: Access control, authentication and integrity validation — Amendment 2: Updates for passive authentication

Technologies de l'information — Identification des personnes — Permis de conduire conforme à l'ISO — Partie 3: Contrôle d'accès, authentification et validation d'intégrité — Amendement 2: Titre manque

General Information

Status
Not Published
Current Stage
5020 - FDIS ballot initiated: 2 months. Proof sent to secretariat
Completion Date
06-Feb-2023
Ref Project

Relations

Buy Standard

Draft
ISO/IEC 18013-3:2017/PRF Amd 2 - Information technology — Personal identification — ISO-compliant driving licence — Part 3: Access control, authentication and integrity validation — Amendment 2: Updates for passive authentication Released:2/6/2023
English language
9 pages
sale 15% off
Preview
sale 15% off
Preview
Draft
REDLINE ISO/IEC 18013-3:2017/PRF Amd 2 - Information technology — Personal identification — ISO-compliant driving licence — Part 3: Access control, authentication and integrity validation — Amendment 2: Updates for passive authentication Released:2/6/2023
English language
9 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (Sample)

INTERNATIONAL ISO/IEC
STANDARD 18013-3
Second edition
2017-04
AMENDMENT 2
Information technology — Personal
identification — ISO-compliant driving
licence —
Part 3:
Access control, authentication and
integrity validation
AMENDMENT 2: Updates for passive
authentication
PROOF/ÉPREUVE
Reference number
ISO/IEC 18013-3/Amd. 2:2023(E)
© ISO/IEC 2023
---------------------- Page: 1 ----------------------
ISO/IEC 18013-3/Amd. 2:2023(E)
COPYRIGHT PROTECTED DOCUMENT
© ISO/IEC 2023

All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may

be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on

the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below

or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
PROOF/ÉPREUVE © ISO/IEC 2023 – All rights reserved
---------------------- Page: 2 ----------------------
ISO/IEC 18013-3/Amd. 2:2023(E)
Foreword

ISO (the International Organization for Standardization) and IEC (the International Electrotechnical

Commission) form the specialized system for worldwide standardization. National bodies that are

members of ISO or IEC participate in the development of International Standards through technical

committees established by the respective organization to deal with particular fields of technical

activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international

organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the

work.

The procedures used to develop this document and those intended for its further maintenance

are described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria

needed for the different types of document should be noted. This document was drafted in

accordance with the editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives or

www.iec.ch/members_experts/refdocs).

Attention is drawn to the possibility that some of the elements of this document may be the subject

of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent

rights. Details of any patent rights identified during the development of the document will be in the

Introduction and/or on the ISO list of patent declarations received (see www.iso.org/patents) or the IEC

list of patent declarations received (see https://patents.iec.ch).

Any trade name used in this document is information given for the convenience of users and does not

constitute an endorsement.

For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and

expressions related to conformity assessment, as well as information about ISO's adherence to

the World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see

www.iso.org/iso/foreword.html. In the IEC, see www.iec.ch/understanding-standards.

This document was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology, SC 17,

Cards and security devices for personal identification.
A list of all parts in the ISO/IEC 18013 series can be found on the ISO website.

Any feedback or questions on this document should be directed to the user’s national standards

body. A complete listing of these bodies can be found at www.iso.org/members.html and

www.iec.ch/national-committees.
iii
© ISO/IEC 2023 – All rights reserved PROOF/ÉPREUVE
---------------------- Page: 3 ----------------------
ISO/IEC 18013-3/Amd. 2:2023(E)
Information technology — Personal identification — ISO-
compliant driving licence —
Part 3:
Access control, authentication and integrity validation
AMENDMENT 2: Updates for passive authentication
Page 1, Clause 2 Normative references
Replace ISO/IEC 7816-4:2013 with ISO/IEC 7816-4.

Replace ISO/IEC 7816-4:2013 with ISO/IEC 7816 in Clause 4 and subclauses 8.2.4.1, 8.5.4, B.6.1,

Table B.3 and Table B.5.
Page 1, Clause 2 Normative references
Replace

ISO/IEC 10118-3:2004, Information technology — Security techniques — Hash-functions — Part 3:

Dedicated hash-functions
with

ISO/IEC 10118-3, IT Security techniques — Hash-functions — Part 3: Dedicated hash-functions

Replace ISO/IEC 10118-3:2018 with ISO/IEC 10118-3 in B.8.
Page 2, Clause 2 Normative references, Footnote 2)
Replace
ISO/IEC 11770-2:1996 is withdrawn and replaced by the 2008 version.
with
ISO/IEC 11770-2:1996 is withdrawn and replaced by the 2018 version.
Page 2, Clause 2 Normative references
Replace

"FIPS 186-2 (including Change Notice), Digital Signature Standard (DSS), Federal Information

Processing Standards Publication, National Institute of Standards and Technology, 27 January 2000"

with

"FIPS 186-4 (including Change Notice), Digital Signature Standard (DSS), Federal Information

Processing Standards Publication, National Institute of Standards and Technology, July 2013"

© ISO/IEC 2023 – All rights reserved PROOF/ÉPREUVE
---------------------- Page: 4 ----------------------
ISO/IEC 18013-3/Amd. 2:2023(E)
Page 4, subclause 3.11
Replace
Note 1 to entry See 8.1.
with
Note 1 to entry See 8.1. and Annex G (informative)
Page 12, subclause 8.1
Replace
8.1 Passive authentication
with
8.1 Passive authentication (ver 02)
Page 12, subclause 8.1.1
Add the following paragraph at the end of the subclause:

This version 02 of passive authentication supersedes the deprecated version 01 included in Annex G

(informative) for the information of manufacturers of readers that must be able to read IDL cards

issued in accordance with this version that have not yet expired.
Page 13, subclause 8.1.3
In the third to last paragraph, second sentence, replace
“…it may be possible to further narrow down the cause of the non-verification.”
with
“…it can be possible to further narrow down the cause of the non-verification.”
Page 13, subclause 8.1.4.1
In the first paragraph, delete “SHA-1, SHA-224,”..

In the second paragraph, delete "SHA-1 remains for compatibility with ICAO Doc 9303-1."

Page 16, subclause 8.1.5.1
In NOTE 2 replace
“Data Groups 15 and 16 may be defined in future.”
with
“Data Groups 15 and 16 can be defined in future.”
PROOF/ÉPREUVE © ISO/IEC 2023 – All rights reserved
---------------------- Page: 5 ----------------------
ISO/IEC 18013-3/Amd. 2:2023(E)
Page 16, subclause 8.1.5.2
In the first NOTE replace "DG11" with "DG.SOD.1 and DG.SOD.H".
In the second paragraph, replace "FIPS 186-2, Appendix 6” with "Table 3".
In the third paragraph, delete “and one Type 1 data group”.
In the lettered list, replace b) with:

“b) DG.SOD.H: SHA-256 hash of IA public key certificate that contains the public key for the

verification of the DG.SOD.1 signature; the hash value shall be calculated over the entire DER-

encoded certificate (including the signature);”
In the lettered list, delete c).
Under "DG.SOD shall be added after DG12, as follows:", replace with:

“[header] × [Data Group 1] × [Data Group 2] × [Data Group 3] × [Data Group 4] × [Data Group 7] ×

[Data Group 11] × [Data Group 12] × [DG.SOD.1 length] [digital signature] × [DG.SOD.H length]

[hash value]”

Under the content of DG.SOD, replace “The inclusion of DG.SOD.2 and DG.SOD.3 (as a pair) is optional.”

with "DG.SOD.1 and DG.SOD.H shall be included."

In the second NOTE replace “specifically the ISO issuer ID number and document discriminator in

DG3 and the licence number and date of issue in DG1” with “specifically the ISO issuer ID number from

ISO/IEC 7812-1, and document discriminator in DG3 and the licence number and date of issue in DG1”.

Replace Table 3 with:
Curve name in FIPS 186-4 Curve name in RFC 5639
P-224 brainpoolP224r1
P-256 brainpoolP224t1
P-384 brainpoolP256r1
P-521 brainpoolP256t1
brainpoolP320r1
brainpoolP320t1
brainpoolP384r1
brainpoolP384t1
brainpoolP512r1
brainpoolP512t1
Replace the EXAMPLE with:

EXAMPLE Suppose that a compact encoded data string contains the following data groups: DG1, DG2,

DG7, DG.SOD.1 and DG.SOD.H. A digital signature and public key certificate hash is included.

The sequence of data groups and data group delimiters will be as follows:
[header] × [DG1] × [DG2] × × × [DG7] × × × [DG.SOD.1] × [DG.SOD.H] ¶
Page 46, A.5.1, second list b) second paragraph
© ISO/IEC 2023 – All rights reserved PROOF/ÉPREUVE
---------------------- Page: 6 ----------------------
ISO/IEC 18013-3/Amd. 2:2023(E)
Replace

"For compact encoding, the appropriate public document key is identified by comparing the issue date

of the IDL with the “valid for signing from” and “valid for signing until” dates of the available public

document keys of the IA."
with

"For compact encoding, the appropriate public document key can be identified using the hash value of

the signer certificate."
After Annex F
Add new Annex G.
PROOF/ÉPREUVE © ISO/IEC 2023 – All rights reserved
---------------------- Page: 7 ----------------------
ISO/IEC 18013-3/Amd. 2:2023(E)
Annex G
(informative)
Passive authentication (version 01)
G.1 General

This annex defines the deprecated passive authentication (ver 01) for the information of manufacturers

of readers that must be able to read IDL cards issued in accordance with this version that have not yet

expired.
G.2 Purpose

The purpose of passive authentication is to confirm that machine-readable data has not been changed

since the IDL was issued.
G.3 Applicability
Passive authentication is applicable to all machine-readable technologies.
G.4 Description

Passive authentication is implemented by way of a digital signature over specified machine-readable

data on the IDL, using a public-private (asymmetric) key pair.

In the case of standard encoding, a separate message digest is calculated for each data group and

included in the machine-readable data. The collection of message digests is then digitally signed (using

a private key that is kept secret by the IA) and the digital signature is added to the machine-readable

data.

In the case of compact encoding, no message digests are calculated separately. The contents of the

data groups present is directly signed (using a private key that is kept secret by the IA) and the digital

signature is added to the machine-readable data.
NOTE A message digest has the following properties:
a) It is very small
...

Deleted: Date: 2022-12-13¶
ISO/IEC 18013-3:2017/PRF Amd 2
Deleted: AM
ISO/IEC JTC 1/SC 17
Deleted: :2022(E)
Deleted: /WG 10
Secretariat: BSI
Date: 2023-01-27
Information technology — Personal identification — ISO-
Deleted: —
compliant driving licence —
Part 3:
Access control, authentication and integrity validation
Deleted: Certificate hash
AMENDMENT 2: Updates for passive authentication
Deleted: compact encoding
Deleted: Technologies de l'information — Identification
des personnes — Permis de conduire conforme à l'ISO —
Partie 3: Contrôle d'accès authentification et validation
FDIS stage
d'intégrité Amendement 2¶
Copyright notice¶
This
---------------------- Page: 1 ----------------------
ISO/IEC 18013-3:2017/PRF Amd 2(E)
Deleted: DAM
Deleted: :2022
© ISO/IEC 2017
Deleted: document is a working draft

All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this

publication may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, Deleted: committee draft and is copyright-protected

by ISO. While …

including photocopying, or posting on the internet or an intranet, without prior written permission. Permission can

be requested from either ISO at the address below or ISO’s member body in the country of the requester.

Deleted: reproduction
Deleted: working drafts or committee drafts in any
ISO copyright office
form for use by participants in the ISO standards
CP 401 • Ch. de Blandonnet 8
development process is permitted without prior
CH-1214 Vernier, Geneva
permission from ISO, neither
Phone: + 41 22 749 01 11
Deleted: document nor any extract from it
E-mail: copyright@iso.org
Deleted: , stored
Website: www.iso.org
Deleted: transmitted in any form for any other
Published in Switzerland
purpose…
Deleted: from ISO
Deleted: Requests for permission to reproduce this
document for the purpose of selling it should be
addressed as shown below or to ISO's member body in
the country of the requester:¶
Deleted: Case postale 56 •
Deleted: 1211
Deleted: 20
Deleted: Tel.
Deleted: Fax + 41 22 749 09 47¶
Deleted: Web
Deleted: Reproduction for sales purposes may be
subject to royalty payments or a licensing agreement.¶
Violators may be prosecuted.¶
© ISO/IEC 2017 – All rights reserved
---------------------- Page: 2 ----------------------
ISO/IEC 18013-3:2017/PRF Amd 2(E)
Foreword

ISO (the International Organization for Standardization) and IEC (the International Electrotechnical

Commission) form the specialized system for worldwide standardization. National bodies that are

members of ISO or IEC participate in the development of International Standards through technical

committees established by the respective organization to deal with particular fields of technical activity.

ISO and IEC technical committees collaborate in fields of mutual interest. Other international

organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the

work.

The procedures used to develop this document and those intended for its further maintenance are

described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the

different types of document should be noted. This document was drafted in accordance with the editorial

rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives or
www.iec.ch/members_experts/refdocs).

Attention is drawn to the possibility that some of the elements of this document may be the subject of

patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights. Details

of any patent rights identified during the development of the document will be in the Introduction and/or

on the ISO list of patent declarations received (see www.iso.org/patents) or the IEC list of patent

declarations received (see https://patents.iec.ch). Deleted: ).

Any trade name used in this document is information given for the convenience of users and does not

constitute an endorsement.

For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and

expressions related to conformity assessment, as well as information about ISO's adherence to the World

Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see Deleted: ),

www.iso.org/iso/foreword.html. In the IEC, see www.iec.ch/understanding-standards.

This document was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology, SC 17,

Cards and security devices for personal identification.
A list of all parts in the ISO/IEC 18013 series can be found on the ISO website.

Any feedback or questions on this document should be directed to the user’s national standards body. A

complete listing of these bodies can be found at www.iso.org/members.html and www.iec.ch/national-

committees.
© ISO/IEC 2017 – All rights reserved iii
---------------------- Page: 3 ----------------------
Deleted: ISO/IEC 18013-3:2017/DAM 2:2022(E)
Information technology — Personal identification — ISO-
Deleted: —
compliant driving licence —
Part 3:
Access control, authentication and integrity validation
Deleted: standard and compact encoding
AMENDMENT 2: Updates for passive authentication
Page 1, Clause 2 Normative references
Deleted: 2
Replace ISO/IEC 7816-4:2013 with ISO/IEC 7816-4.

Replace ISO/IEC 7816-4:2013 with ISO/IEC 7816 in Clause 4 and subclauses 8.2.4.1, 8.5.4, B.6.1, Table

B.3 and Table B.5.
Page 1, Clause 2 Normative references
Replace

ISO/IEC 10118-3:2004, Information technology — Security techniques — Hash-functions — Part 3:

Dedicated hash-functions
with

ISO/IEC 10118-3, IT Security techniques — Hash-functions — Part 3: Dedicated hash-functions

Replace ISO/IEC 10118-3:2018 with ISO/IEC 10118-3 in B.8.
Page 2, Clause 2 Normative references, Footnote 2)
Replace
ISO/IEC 11770-2:1996 is withdrawn and replaced by the 2008 version.
with
ISO/IEC 11770-2:1996 is withdrawn and replaced by the 2018 version.
Page 2, Clause 2 Normative references
Replace

"FIPS 186-2 (including Change Notice), Digital Signature Standard (DSS), Federal Information Processing

Standards Publication, National Institute of Standards and Technology, 27 January 2000"

with

"FIPS 186-4 (including Change Notice), Digital Signature Standard (DSS), Federal Information Processing

Standards Publication, National Institute of Standards and Technology, July 2013"

Page 4, subclause 3.11 Deleted: Clause
Replace
Note 1 to entry See 8.1.
Deleted: :
with
Note 1 to entry See 8.1. and Annex G (informative)
Deleted: :
Deleted: © ISO/IEC 2022 – All rights reserved
...
---------------------- Page: 4 ----------------------
ISO/IEC 18013-3:2017/PRF Amd 2(E)
Page 12, subclause 8.1 Deleted: Clause
Replace
8.1 Passive authentication
with
8.1 Passive authentication (ver 02)
Page 12, subclause 8.1.1
Deleted: Clause
Add the following paragraph at the end of the subclause:
Deleted: clause

This version 02 of passive authentication supersedes the deprecated version 01 included in Annex G

(informative) for the information of manufacturers of readers that must be able to read IDL cards

issued in accordance with this version that have not yet expired.
Page 13, subclause 8.1.3 Deleted: Clause
In the third to last paragraph, second sentence, replace
“…it may be possible to further narrow down the cause of the non-verification.”
with

“…it can be possible to further narrow down the cause of the non-verification.” Deleted: .”.

Page 13, subclause 8.1.4.1 Deleted: Clause
In the first paragraph, delete “SHA-1, SHA-224,”..

In the second paragraph, delete "SHA-1 remains for compatibility with ICAO Doc 9303-1."

Page 16, subclause 8.1.5.1 Deleted: Clause
In NOTE 2 replace
“Data Groups 15 and 16 may be defined in future.”
with
“Data Groups 15 and 16 can be defined in future.”
Page 16, subclause 8.1.5.2 Deleted: Clause
In the first NOTE replace "DG11" with "DG.SOD.1 and DG.SOD.H".
In the second paragraph, replace "FIPS 186-2, Appendix 6” with "Table 3".
In the third paragraph, delete “and one Type 1 data group”.
In the lettered list, replace b) with:

“b) DG.SOD.H: SHA-256 hash of IA public key certificate that contains the public key for the

verification of the DG.SOD.1 signature; the hash value shall be calculated over the entire DER-

encoded certificate (including the signature);”
In the lettered list, delete c).
Under "DG.SOD shall be added after DG12, as follows:", replace with:

“[header] × [Data Group 1] × [Data Group 2] × [Data Group 3] × [Data Group 4] × [Data Group 7] ×

[Data Group 11] × [Data Group 12] × [DG.SOD.1 length] [digital signature] × [DG.SOD.H length] [hash

value]”
Deleted: 22
...
© ISO/IEC 2017 – All rights reserved
---------------------- Page: 5 ----------------------
ISO/IEC 18013-3:2017/PRF Amd 2(E)
Deleted: DAM

Under the content of DG.SOD, replace “The inclusion of DG.SOD.2 and DG.SOD.3 (as a pair) is optional.”

Deleted: :2022
with "DG.SOD.1 and DG.SOD.H shall be included."

In the second NOTE replace “specifically the ISO issuer ID number and document discriminator in DG3

and the licence number and date of issue in DG1” with “specifically the ISO issuer ID number from ISO/IEC Deleted: , which shall be in accordance with

7812-1, and document discriminator in DG3 and the licence number and date of issue in DG1”.

Replace Table 3 with:
Curve name in FIPS 186-4 Curve name in RFC 5639
P-224 brainpoolP224r1
P-256 brainpoolP224t1
P-384 brainpoolP256r1
P-521 brainpoolP256t1
brainpoolP320r1
brainpoolP320t1
brainpoolP384r1
brainpoolP384t1
brainpoolP512r1
brainpoolP512t1
Replace the EXAMPLE with:

EXAMPLE Suppose that a compact encoded data string contains the following data groups: DG1, DG2,

DG7, DG.SOD.1 and DG.SOD.H. A digital signature and public key certificate hash is

included. The sequence of data groups and data group delimiters will be as follows:

[header] × [DG1] × [DG2] × × × [DG7] × × × [DG.SOD.1] × [DG.SOD.H] ¶
Page 46, A.5.1, second list b) second paragraph Deleted: Annex
Replace

"For compact encoding, the appropriate public document key is identified by comparing the issue date of

the IDL with the “valid for signing from” and “valid for signing until” dates of the available public

document keys of the IA."
with

"For compact encoding, the appropriate public document key can be identified using the hash value of

the signer certificate."
After Annex F
Add new Annex G.
Deleted: © ISO/IEC 2022 – All rights reserved
...
© ISO/IEC 2017 – All rights reserved 3
---------------------- Page: 6 ----------------------
ISO/IEC 18013-3:2017/PRF Amd 2(E)
Annex G
(informative)
Passive authentication (version 01)
G.1 General

This annex defines the deprecated passive authentication (ver 01) for the information of manufacturers

of readers that must be able to read IDL cards issued in accordance with this version that have not yet

expired.
G.2 Purpose

The purpose of passive authentication is to confirm that machine-readable data has not been changed

since the IDL was issued.
G.3 Applicability
Passive authentication is applicable to all machine-readable technologies.
G.4 Description

Passive authentication is implemented by way of a digital signature over specified machine-readable data

on the IDL, using a public-private (asymmetric) key pair.
In t
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.