ISO/IEC 13157-4:2016

INTERNATIONAL ISO/IEC
STANDARD 13157-4
First edition
��16��6�15
Information technology —
Telecommunications and information
exchange between systems — NFC
Security —
Part 4:
NFC-SEC entity authentication and
key agreement using asymmetric
cryptography
Technologies de l’information — Télécommunications et échange
d’information entre systèmes — Sécurité NFC —
Partie 4: Authentification d’entité NFC-SEC et accord de clés utilisant
une cryptographie asymétrique
Reference number
©
ISO/IEC 2016
© ISO/IEC 2016, Published in Switzerland
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form
or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior
written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of
the requester.
ISO copyright office
Ch. de Blandonnet 8 • CP 401
CH-1214 Vernier, Geneva, Switzerland
Tel. +41 22 749 01 11
Fax +41 22 749 09 47
copyright@iso.org
www.iso.org
ii © ISO/IEC 2016 – All rights reserved

Contents Page
Foreword . v
Introduction . vi
1  Scope . 1
2  Conformance . 1
3  Normative references . 1
4  Terms and definitions . 1
5  Conventions and notations . 3
6  Acronyms . 3
7  General . 4
8  Fields and PDUs for NEAU-A . 5
8.1  Protocol Identifier (PID) . 5
8.2  NFC-SEC-PDUs . 5
8.3  TTP involving . 6
8.3.1  TTP policy and field . 6
8.3.2  TTP policy negotiation . 6
8.4  Entity identifiers . 7
8.5  Cert field . 7
8.6  Res field . 7
9  Primitives . 8
9.1  General requirements . 8
9.2  Entity authentication . 9
9.2.1  Mechanisms . 9
9.2.2  EC curve . 10
9.2.3  ECDSA . 10
9.2.4  Certificate validation . 12
9.3  Key agreement . 13
9.4  Key confirmation . 13
9.5  Key Derivation Function (KDF) . 13
10  NEAU-A mechanism . 13
10.1  Entity authentication involving a TTP . 13
10.1.1  Protocol overview . 13
10.1.2  Preparation . 14
10.1.3  Sender (A) transformation . 14
10.1.4  Recipient (B) transformation . 16
10.1.5  TTP transformation . 17
10.2  Entity authentication without involving a TTP . 17
10.2.1  Protocol overview . 17
10.2.2  Preparation . 17
10.2.3  Sender (A) transformation . 18
10.2.4  Recipient (B) transformation . 19
10.3  Key derivation . 20
10.3.1  Sender (A) . 20
10.3.2  Recipient (B) . 20
11  Data Authenticated Encryption in SCH . 20
Annex A (normative) UDP Port 5111 and TAEP . 21
A.1 UDP and port 5111 . 21
© ISO/IEC 2016 — All rights reserved iii

A.1.1  UDP .21
A.1.2  Port 5111 .21
A.2 TAEP .22
A.2.1  TAEP packet format .22
A.2.2  TAEP_REQ and TAEP_RES format .22
Annex B (informative) ECDSA test vectors .24
Bibliography .27
iv © ISO/IEC 2016 — All rights reserved

Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are members of
ISO or IEC participate in the development of International Standards through technical committees
established by the respective organization to deal with particular fields of technical activity. ISO and IEC
technical committees collaborate in fields of mutual interest. Other international organizations, governmental
and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information
technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1.
The procedures used to develop this document and those intended for its further maintenance are described
in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for the different types of
document should be noted. This document was drafted in accordance with the editorial rules of the ISO/IEC
Directives, Part 2 (see www.iso.org/directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject of patent
rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights. Details of any
patent rights identified during the development of the document will be in the Introduction and/or on the ISO
list of patent declarations received (see www.iso.org/patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation on the meaning of ISO specific terms and expressions related to conformity assessment,
as well as information about ISO's adherence to the World Trade Organization (WTO) principles in the
Technical Barriers to Trade (TBT) see the following URL: www.iso.org/iso/foreword.html.
ISO/IEC 13157-4 was prepared by Ecma International (as ECMA-410) and was adopted, under a
special “fast-track procedure”, by Joint Technical Committee ISO/IEC JTC 1, Information technology, in
parallel with its approval by national bodies of ISO and IEC.
ISO/IEC 13157 consists of the following parts, under the general title Information technology —
Telecommunications and information exchange between systems — NFC Security:
— Part 1: NFC-SEC NFCIP-1 security services and protocol
— Part 2: NFC-SEC cryptography standard using ECDH and AES
— Part 3: NFC-SEC cryptography standard using ECDH-256 and AES-GCM
— Part 4: NFC-SEC entity authentication and key agreement using asymmetric cryptography
— Part 5: NFC-SEC entity authentication and key agreement using symmetric cryptography.
© ISO/IEC 2016 — All rights reserved v

Introduction
The NFC Security series of standards comprise a common services and protocol Standard and NFC-
SEC cryptography standards.
This NFC-SEC cryptography Standard specifies an NFC Entity Authentication (NEAU) mechanism that
uses the asymmetric cryptography algorithm (NEAU-A) for mutual authentication of two NFC entities.
This International Standard addresses entity authentication of two NFC entities possessing certificates
and private keys during key agreement and key confirmation for the Shared Secret Service (SSE) and
Secure Channel Service (SCH).
This International Standard adds entity authentication to the services provided by ISO/IEC 13157-3 (ECMA-
409) NFC-SEC-02.
This International Standard refers to the latest standards.
The holders of these patent rights have assured the ISO and IEC that they are willing to negotiate
licences under reasonable and non-discriminatory terms and conditions with applicants throughout the
world.
In this respect, the statements of the holders of these patent rights are registered with ISO and IEC.
Information on the declared patents may be obtained from:
Patent Holder: China IWNCOMM Co., Ltd.
nd
Address: A201, QinFengGe, Xi’an Software Park, No. 68, Keji 2 Road, Xi’an Hi-Tech Industrial,
Development Zone, Xi’an, Shaanxi, P. R. China 710075
vi © ISO/IEC 2016 — All rights reserved

INTERNATIONAL STANDARD ISO/IEC 13157-4:2016(E)
Information technology — Telecommunications and information
exchange between systems — NFC Security —
Part 4:
NFC-SEC entity authentication and key agreement using asymmetric
cryptography
1 Scope
This International Standard specifies the message contents and the cryptographic mechanisms for PID 03.
This International Standard specifies key agreement and confirmation mechanisms providing mutual
authentication, using asymmetric cryptography, and the transport protocol requirements for the
exchange between Sender and TTP.
NOTE This International Standard adds entity authentication to the services provided by ISO/IEC 13157-3 (ECMA-409)
NFC-SEC-02.
2 Conformance
Conformant NFC-SEC entities employ the security mechanisms and the transport pro
...