iTeh StandardsiTeh Standards
EURUSD
Your shopping cart is empty.
ISO

ISO 18185-4:2007

(Main)

Freight containers — Electronic seals — Part 4: Data protection

Freight containers — Electronic seals — Part 4: Data protection

ISO 18185-4:2007 specifies requirements for the data protection, device authentication and conformance capabilities of electronic seals for communication to and from a seal and its associated reader. These capabilities include the accessibility, confidentiality, data integrity, authentication and non-repudiation of stored data.

Conteneurs pour le transport de marchandises — Scellés électroniques — Partie 4: Protection des données

General Information

Status
Published
Publication Date
23-Apr-2007
ICS
55.180.10 - General purpose containers
Technical Committee
ISO/TC 104/SC 4 - Identification and communication
Drafting Committee
ISO/TC 104/SC 4/WG 2 - AEI for containers and container related equipment
Current Stage
9093 - International Standard confirmed
Completion Date
28-Mar-2022
Ref Project

Buy Standard

ISO 18185-4:2007 - Freight containers -- Electronic sealsISO 18185-4:2007 - Freight containers -- Electronic seals
PreviousNext
Standard
ISO 18185-4:2007 - Freight containers -- Electronic seals
English language
10 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (Sample)

INTERNATIONAL ISO
STANDARD 18185-4
First edition
2007-05-01


Freight containers — Electronic seals —
Part 4:
Data protection
Conteneurs pour le transport de marchandises — Scellés
électroniques —
Partie 4: Protection des données




Reference number
ISO 18185-4:2007(E)
©
ISO 2007

---------------------- Page: 1 ----------------------
ISO 18185-4:2007(E)
PDF disclaimer
This PDF file may contain embedded typefaces. In accordance with Adobe's licensing policy, this file may be printed or viewed but
shall not be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing. In
downloading this file, parties accept therein the responsibility of not infringing Adobe's licensing policy. The ISO Central Secretariat
accepts no liability in this area.
Adobe is a trademark of Adobe Systems Incorporated.
Details of the software products used to create this PDF file can be found in the General Info relative to the file; the PDF-creation
parameters were optimized for printing. Every care has been taken to ensure that the file is suitable for use by ISO member bodies. In
the unlikely event that a problem relating to it is found, please inform the Central Secretariat at the address given below.


COPYRIGHT PROTECTED DOCUMENT


©  ISO 2007
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means,
electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or
ISO's member body in the country of the requester.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland

ii © ISO 2007 – All rights reserved

---------------------- Page: 2 ----------------------
ISO 18185-4:2007(E)
Contents Page
Foreword. iv
Introduction . v
1 Scope . 1
2 Normative references . 1
3 Terms, definitions and abbreviated terms . 2
4 Data protection. 3
4.1 General. 3
4.2 Confidential information . 3
4.3 Public information . 3
4.4 Fixed data . 3
4.5 Variable data. 3
5 Device authentication. 3
5.1 General. 3
5.2 Physical authentication. 4
5.3 Electronic authentication. 4
6 Conformance. 4
Annex A (normative) Electronic seal manufacturers’ security-related practices. 5
Bibliography . 10

© ISO 2007 – All rights reserved iii

---------------------- Page: 3 ----------------------
ISO 18185-4:2007(E)
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies
(ISO member bodies). The work of preparing International Standards is normally carried out through ISO
technical committees. Each member body interested in a subject for which a technical committee has been
established has the right to be represented on that committee. International organizations, governmental and
non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the
International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization.
International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2.
The main task of technical committees is to prepare International Standards. Draft International Standards
adopted by the technical committees are circulated to the member bodies for voting. Publication as an
International Standard requires approval by at least 75 % of the member bodies casting a vote.
Attention is drawn to the possibility that some of the elements of this document may be the subject of patent
rights. ISO shall not be held responsible for identifying any or all such patent rights.
ISO 18185-4 was prepared by Technical Committee ISO/TC 104, Freight containers, Subcommittee SC 4,
Identification and communication.
ISO 18185 consists of the following parts, under the general title Freight containers — Electronic seals:
⎯ Part 1: Communication protocol
⎯ Part 2: Application requirements
⎯ Part 3: Environmental characteristics
⎯ Part 4: Data protection
⎯ Part 5: Physical layer

iv © ISO 2007 – All rights reserved

---------------------- Page: 4 ----------------------
ISO 18185-4:2007(E)
Introduction
This part of ISO 18185 was prepared by ISO Technical Committee 104/Subcommittee 4/Working Group 2,
using the drafting conventions of ISO/IEC Directives, Part 2.
In early 2005, an extensive Vulnerability Assessment took place to analyse the use cases and potential data
integrity threats posed to devices based on the ISO/IEC 18185 series as written. Based on learnings from that
assessment, spoofing and cloning were identified as potential data integrity risks to electronic seals. Device
authentication became the highest priority solution to mitigate those identified risks, and the scope of the
electronic seal standard-setting work was expanded to meet that objective.
Three aspects are discussed in this part of ISO 18185: data protection, device authentication and
conformance.
Data protection addresses the confidentiality and integrity of transmitted data. ISO TC 104/SC 4/WG 2
decided that for this part of ISO 18185, all seal information has been deemed to be public information, and as
such, can be transmitted in clear text. Data confidentiality and integrity requirements are presented in this part
of ISO 18185 for both fixed data (e.g. data items created during the seal manufacturing process) and variable
data (e.g. event information generated by and stored within the seal during use).
Device authenticity addresses the capability to identify the seal as a valid device. This first-generation
specification outlines methods for physical authentication.
Conformance addresses the requirement for electronic seals claiming compliance with ISO 18185 to also
contain the physical properties of high security mechanical seals in ISO/PAS 17712, and identifies best
practices for electronic seal manufacturers.
This part of ISO 18185 defines the first-generation specifications for device authentication and data protection.
Further generations of this part of ISO 18185 may be created upon further review of the potential benefits for
these electronic seal devices using additional device authentication and data protection methods.

© ISO 2007 – All rights reserved v

---------------------- Page: 5 ----------------------
INTERNATIONAL STANDARD ISO 18185-4:2007(E)

Freight containers — Electronic seals —
Part 4:
Data protection
1 Scope
This part of ISO 18185 specifies requirements for the data protection, device authentication and conformance
capabilities of electronic seals for communication to and from a seal and its associated reader. These
capabilities include the accessibility, confidentiality, data integrity, authentication and non-repudiation of stored
data.
The protection of this information is provided through a radio-communications interface providing seal
identification and a method to determine whether a freight container’s seal has been opened.
This part of ISO 18185 specifies a freight container seal identification system, with an associated system for
verifying the accuracy of use, having:
⎯ a seal status identification system;
⎯ a battery status indicator;
⎯ a unique Seal Identifier including the identification of the manufacturer;
⎯ a seal (tag) type.
This part of ISO 18185 is intended for use in conjunction with the other parts of ISO 18185.
This part of ISO 18185 is designed to facilitate electronic device authentication. For mechanical seals, the seal
manufacturer is able to determine the authenticity of the device if and when necessary, e.g. to determine the
unauthorized opening of the seal. There are electronic authentication methods which can provide similar
validation without visual inspection. This part of ISO 18185 provides only the guidelines for those methods.
This part of ISO 18185 applies to all electronic seals used on freight containers covered by International
Standards ISO 668, ISO 1496-1 to ISO 1496-5 and ISO 8323 and should, wherever appropriate and
practicable, also be applied to freight containers other than those covered by these International Standards.
2 Normative references
The following referenced documents are indispensable for the application of this document. For dated
references, only the edition cited applies. For undated references, the latest edition of the referenced
document (including any amendments) applies.
ISO/IEC 17025, General requirements for the competence of testing and calibration laboratories
ISO/PAS 17712, Freight containers — Mechanical seals
ISO 18185-3, Freight containers — Electronic seals — Part 3: Environmental characteristics
© ISO 2007 – All rights reserved 1

---------------------- Page: 6 ----------------------
ISO 18185-4:2007(E)
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply:
3.1
AEI
Automatic Equipment Identification
3.2
authentication
method to verify the validity of a transmitted message and its originator
3.3
asset
anything an individual or a company owns which has value
NOTE In the container environment, an asset could be a container, the container’s contents, or information pertaining
to the container.
3.4
electronic seal
read-only, non-reusable freight container seal conforming to the high security seal defined in ISO/PAS 17712
and conforming to this part of ISO 18185 that electronically evidences tampering or intrusion though the
container doors
3.5
reader
wireless RFID communication device which interacts with RFID tags and electronic seals
3.6
Radio Frequency Identification
RFID
electrical transponder which stores information that can then be used to identify an item to which the
transponder is attached, similar to the way in which a bar code on a label stores information that can be used
to identify the item to which the label is attached
3.7
system
complete end-to-end RFID tracking solution of seal-to-reader-to-network-to-application-to-user
3.8
threat
potential abuse of an asset created by exploiting a vulnerability in order to impair the value of an asset
3.9
validation
process by which the integrity and correctness of data are established
3.10
vulnerability
potential flaw or weakness in system security procedures, design, or implementation that could be exercised
(accidentally triggered or intentionally exploited) and result in harm done to a system
2 © ISO 2007 – All rights reserved

---------------------- Page: 7 ----------------------
ISO 18185-4:2007(E)
4 Data protection
4.1 General
Data protection addresses the concern about the confidentiality and integrity of the data presented by the
electronic seal.
4.2 Confidential information
Under the terms of this first-generation part of ISO 18185, the current communication with the electronic seal
is performed in clear text and does not include any confidential information. Consequently, there are no
requirements regarding confidential information at this time.
4.3 Public information
All current information communicated by the electronic seal has been determined to be public information, and
as such, shall be communicated in clear text format. While it is not necessary to transmit public information
using confidentiality methods, there is a need to prevent the accidental or fraudulent alteration of the data
contained within the electronic seal.
4.3.1 Fixed data
Fixed data is defined as all seal information which will not change after the time of manufacture. This includes
the manufacturer ID, the tag ID (serial number), the protocol ID, the model number, the product version, the
seal tag type and the protocol version.
Fixed data shall be protected against erasure or alteration during the manufacturing process such that it
cannot be modified or deleted by an outside entity. The technical details of how fixed data protection is
performed are beyond the scope of this part of ISO 18185 and are left to the individual electronic seal
manufacturer.
4.3.2 Variable data
Variable data is defined as all seal event information which, after the time of manufacture, can and most
probably will change throughout the life of the seal. This includes the time of seal closure, the time of seal
opening and the battery status.
Event information shall be added to the seal’s memory upon each status change. Once written into the event
log, this information shall become a permanent record within the seal and shall not be modified or erased by
either the seal or an outside entity.
Variable data shall be protected against erasure or alteration within the device throughout the lifetime of the
seal. The technical details of how variable data protection is performed are beyond the scope of this part of
ISO 18185 and are left to the individual electronic seal manufacturer.
5 Device authentication
5.1 General
In addition to the integrity of the data communicated, this part of ISO 18185 requires the capability to verify the
authenticity of the electronic seal.
© ISO 2007 – All rights reserved 3

---------------------- Page: 8 ----------------------
ISO 18185-4:2007(E)
5.2 Physical authentication
The ability for forensic authentication is necessary for both the mechanical and the electronic components of a
seal. The seal manufacturer shall be able to identify and authenticate the seal as a valid seal based on
proprietary information, its unique manufacturing characteristics, and the fixed data defined in 4.3.1.
Presented with the physical device, the seal manufacturer shall be able to validate the authenticity of the
mechanical and electronic components of the seal. The technical details of how physical device authentication
is performed are beyond the scope of this part of ISO 18185 and are left to the individual electronic seal
manufacturer.
5.3 Electronic authentication
Under the terms of this first-generation part of ISO 18185, there are no requirements for the ability to
electronically authenticate a seal through data transmissions.
6 Conformance
Electronic seals claiming compliance with this part of ISO 18185 shall have the high security mechanical seal
physical properties defined in ISO/PAS 17712. They shall further comply with the electronic seal
manufacturers’ security-related practices identified in Annex A.

4 © ISO 2007 – All rights reserved

---------------------- Page: 9 ----------------------
ISO 18185-4:2007(E)
Annex A
(normative)

Electronic seal manufacturers’ security-related practices
A.1 Introduction
This annex addresses security-related practices relevant to the manufacture and distribution of electronic
security seals (electronic seals) and related equipment that conform to all parts of ISO 18185.
Since electronic seals require interrogators (reader/writers) for communication, this annex also addresses
security-related practices related to the manufacture and dis
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

This May Also Interest You

ISO
ISO/TS 7352:2023(Main)
Freight containers — NFC or/and QR code seals

This document specifies the system composition, data format (storage data of the seal, interaction data and format between seal and APP, interaction data and format between smartphone APP and information platform, data exchanged between platforms), technical requirements, data communication requirements and operational requirements for freight container NFC seals, QR code seals, NFC and QR code seals. This document applies to the design, manufacture and application of freight container NFC seals, QR code seals, NFC and QR code seals.

  • Technical specification
    9 pages
    English language
    sale 15% off
  • Draft
    9 pages
    English language
    sale 15% off
  • Draft
    9 pages
    English language
    sale 15% off
ISO
ISO 6346:2022(Main)
Freight containers — Coding, identification and marking

This document provides a system for the identification and presentation of information about freight containers. The identification system is intended for general application, for example in documentation, control and communications (including automatic data processing systems), as well as for display on the containers themselves. The methods of displaying identification and certain other data (including operational data) on containers by means of permanent marks are included. This document specifies: a) a container identification system, with an associated system for verifying the accuracy of its use, having: — mandatory marks for the presentation of the identification system for visual interpretation, and — features to be used in optional Automatic Equipment Identification (AEI) and electronic data interchange (EDI); b) a coding system for data on container size and type, with corresponding marks for their display; c) operational marks, both mandatory and optional; d) physical presentation of marks on the container. The terms “mandatory” and “optional” in this document are used to differentiate those ISO marking provisions which shall necessarily be fulfilled by all containers from those which are not required of all containers. The optional marks are included to further comprehension and promote uniform application of the optional mark. If a choice has been made to display an optional mark, the provisions laid down in this document relating to the mark shall be applied. The terms “mandatory” and “optional” do not refer to requirements of any regulatory body. This document applies to all freight containers covered by International Standards ISO 668, parts 1 to 5 of ISO 1496, ISO 8323 and should, wherever appropriate and practicable, be applied: — to containers other than those covered by the International Standards mentioned in Clause 2; — to container-related and/or detachable equipment. NOTE 1 Containers marked according to previous editions of ISO 6346 need not be re-marked. This document does not cover temporary operational marks of any kind, permanent marks, data plates, etc. which may be required by intergovernmental agreements, national legislation or nongovernmental organizations. NOTE 2 Some of the major international conventions whose container-marking requirements are not covered in this document are as follows: — International Convention for Safe Containers (1972, as amended) (CSC), International Maritime Organization (IMO); — Customs Convention on Containers 1956 and 1972, related to temporary admission and transport under customs seal. — Convention on Temporary Admission (Istanbul, 26 June 1990), related to temporary admission. It should not be assumed that this list is exhaustive. This document does not cover the display of technical data on tank containers (see ISO 1496-3), nor does it, in any way, include identification marks or safety signs for items of cargo which may be carried in freight containers.

  • Standard
    25 pages
    English language
    sale 15% off
  • Standard
    25 pages
    English language
    sale 15% off
  • Standard
    26 pages
    French language
    sale 15% off
  • Draft
    25 pages
    English language
    sale 15% off
ISO
ISO/TS 18625:2017(Main)
Freight containers — Container Tracking and Monitoring Systems (CTMS): Requirements

ISO/TS 18625 is intended to be applicable to freight containers as defined in ISO 668 as well as to other freight containers not defined in ISO 668 and to container ancillary equipment such as road and terminal chassis, generator sets and power packs. ISO/TS 18625 provides guidance for the requirements (operational and otherwise) for a system, and its enabling devices, used to track, monitor and/or report the status of the container, hereinafter referred to as the Container Tracking and Monitoring System (CTMS). The use of a CTMS is optional. The party opting to use a CTMS is hereafter referred to as the "user of the system" or just the "user". The user, which can be, e.g. a shipper, a consolidator, a logistics service provider or a container owner or operator, will identify and specify its specific requirements and usages of the CTMS pursuant to specific use cases defined by that party (see Clause 6). ISO/TS 18625 establishes a tiered approach to the CTMS. The tiered approach is described in 5.2 and 5.3. A CTMS in conformance with ISO/TS 18625, provides for interoperability in regard to both data transfer and data interpretation neither of which may be hindered by systems claiming such conformance. The CTMS elements addressed in ISO/TS 18625 include the following: a) a set of requirements for transferring information to and from a container tracking device to/from an automatic data processing systems by, e.g. air interface through RF or optical means; b) data for transmission to/from automatic data processing systems; c) functional requirements necessary to ensure consistent and reliable operation of the CTMS; d) features to inhibit malicious or unintentional alteration and/or deletion of the information content of the CTMS. Specifically excluded from the scope of ISO/TS 18625 is the processing and display of data by the users' information system hereinafter referred to as the Operator Information Management system (OIMS). Also specifically excluded is the specific identification, tracking and monitoring of cargo packed or filled in the container.

  • Technical specification
    18 pages
    English language
    sale 15% off
ISO
ISO 18185-3:2015(Main)
Freight containers — Electronic seals — Part 3: Environmental characteristics

ISO 18185-3:2015 specifies test methods and conditions for environmental characteristics of electronic seals. ISO 18185-3:2015 describes the environmental requirements for the ISO 18185 series, for ISO 10374 and for ISO 17363 and for ISO 10891 since it is expected that the implementation of these International Standards will face the same international conditions. However, each of these International Standards has its own unique requirements other than environmental conditions.

  • Standard
    15 pages
    English language
    sale 15% off
ISO
ISO 17363:2013(Main)
Supply chain applications of RFID — Freight containers

ISO 17363:2013 defines the usage of read/write radio-frequency identification technology (RFID) cargo shipment-specific tags associated with containerized freight for supply chain management purposes ("manifest tags"). ISO 17363:2013 defines the air interface communications, a common set of required data structures, and a commonly organized, through common syntax and semantics, set of optional data requirements. ISO 17363:2013: a) makes recommendations about a second generation supply chain tag intended to monitor the condition and security of the freight resident within a freight container; b) specifies the implementation of sensors for freight resident in a freight container; c) makes specific recommendations about mandatory non-reprogrammable information on the shipment tag; d) makes specific recommendations about optional, re-programmable information on the shipment tag; e) makes specific recommendations about the data link interface for GPS or GLS services; f) specifies the reuse and recyclability of the RF tag; g) specifies the means by which the data in a compliant RF tag is "backed-up" by bar codes and two-dimensional symbols, as well as human-readable information.

  • Standard
    28 pages
    English language
    sale 15% off
ISO
ISO 18186:2011(Main)
Freight containers — RFID cargo shipment tag system

This International Standard is applicable to freight containers as defined in ISO 668 as well as other associated containers and transport equipment. This International Standard defines how freight container logistic transparency and efficiency can be improved through use of an RFID cargo shipment tag system and an Internet-based software package. Such an RFID cargo shipment tag system can co-exist with, but is separate from, a container security and identification RFID framework using container "license plate" tags, described in ISO 10374 and ISO/TS 10891, and electronic seals ("e-seals"), described in ISO 18185 (all parts). In all cases, operation of and information from ISO/TS 10891 and ISO 18185 devices is independent from the operation and information of the cargo shipment tag and information from these devices is passed in discrete messages that are not routed via the RFID cargo shipment tag.

  • Standard
    9 pages
    English language
    sale 15% off
  • Standard
    12 pages
    French language
    sale 15% off
ISO
ISO/TS 10891:2009(Main)
Freight containers — Radio frequency identification (RFID) — Licence plate tag

ISO/TS 10891:2009 establishes: a set of requirements for container tags, which allow the transfer of information from a container to automatic processing systems by electronic means; a data coding system for container identification and permanent related information which resides within a container tag; a data coding system for the electronic transfer of both container identification and permanent related information from container tags to automatic data processing systems; the description of data to be included in container tags for transmission to automatic data processing systems; performance criteria necessary to ensure consistent and reliable operation of container tags within the international transportation community; the physical location of container tags on containers; features to inhibit malicious or unintentional alteration and/or deletion of the information content of container tags when installed on a freight container. It is intended to be applicable to freight containers as defined in ISO 668 as well as to other containers not defined in ISO 668 and container ancillary equipment such as road and terminal chassis, generator sets and power packs . The use of container tags and the equipping of containers for automatic identification are optional. The purpose of ISO/TS 10891:2009 is to optimise the efficiency of equipment control systems and to assist in container security initiatives and programs, including the optional usage of electronic seals in accordance with ISO 18185, and any subsequent International Standard. For this reason, any container tag system used for identifying containers shall be non-proprietary and conform to and be compatible with ISO/TS 10891:2009.

  • Technical specification
    16 pages
    English language
    sale 15% off
ISO
ISO 18185-5:2007(Main)
Freight containers — Electronic seals — Part 5: Physical layer

ISO 18185-5:2007 specifies the air interface between electronic container seals and Reader/Interrogators of those seals. It is to be used in conjunction with the other parts of ISO 18185. ISO 18185-5:2007 describes the physical layer for supply chain applications of RFID for freight containers in accordance with the ISO 18185 series and ISO 17363, since it is expected that the implementation of these standards will face the same international conditions. However, each of these standards has its own unique requirements other than the physical layer. It is expected that RFID Freight Container Identification (as specified in ISO 10374 and ISO 17363), and electronic seals (as specified in the ISO 18185 series) will be able to use the same infrastructure, while recognizing that that there may be requirements for different frequencies for passive devices as opposed to the active devices identified in ISO 18185-5:2007.

  • Standard
    10 pages
    English language
    sale 15% off
ISO
ISO 18185-1:2007(Main)
Freight containers — Electronic seals — Part 1: Communication protocol

ISO 18185-1:2007 provides a system for the identification and presentation of information about freight container electronic seals. The identification system provides an unambiguous and unique identification of the container seal, its status and related information. The presentation of this information is provided through a radio-communications interface providing seal identification and a method for determining whether a freight container's seal has been opened. ISO 18185-1:2007 specifies a read-only, non-reusable freight container seal identification system, with an associated system for verifying the accuracy of use, having a seal status identification system, a battery status indicator, a unique seal identifier including the identification of the manufacturer, seal (tag) type. ISO 18185-1:2007 is used in conjunction with the other parts of ISO 18185. It applies to all electronic seals used on freight containers covered by ISO 668, ISO 1496-1 to ISO 1496-5, and ISO 8323. Wherever appropriate and practicable, it also applies to freight containers other than those covered by these International Standards.

  • Standard
    23 pages
    English language
    sale 15% off
ISO
ISO 18185-2:2007(Main)
Freight containers — Electronic seals — Part 2: Application requirements

ISO 18185-2:2007 specifies a freight container seal identification system, with an associated system for verifying the accuracy of use, having: a seal status identification system; a battery status indicator; a unique seal identifier including the identification of the manufacturer; a seal (tag) type. ISO 18185-2:2007 is used in conjunction with the other parts of ISO 18185.

  • Standard
    7 pages
    English language
    sale 15% off