ImageVerifierCode 换一换
格式:PDF , 页数:22 ,大小:2MB ,
资源ID:396740      下载积分:5000 积分
快捷下载
登录下载
邮箱/手机:
温馨提示:
如需开发票,请勿充值!快捷下载时,用户名和密码都是您填写的邮箱或者手机号,方便查询和重复下载(系统自动生成)。
如填写123,账号就是123,密码也是123。
特别说明:
请自助下载,系统不会自动发送文件的哦; 如果您已付费,想二次下载,请登录后访问:我的下载记录
支付方式: 支付宝扫码支付 微信扫码支付   
注意:如需开发票,请勿充值!
验证码:   换一换

加入VIP,免费下载
 

温馨提示:由于个人手机设置不同,如果发现不能下载,请复制以下地址【http://www.mydoc123.com/d-396740.html】到电脑端继续下载(重复下载不扣费)。

已注册用户请登录:
账号:
密码:
验证码:   换一换
  忘记密码?
三方登录: 微信登录  

下载须知

1: 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。
2: 试题试卷类文档,如果标题没有明确说明有答案则都视为没有答案,请知晓。
3: 文件的所有权益归上传用户所有。
4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
5. 本站仅提供交流平台,并不能对任何下载内容负责。
6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。

版权提示 | 免责声明

本文(BS ISO IEC 29176-2011 Information technology Mobile item identification and management Consumer privacy-protection protocol for Mobile RFID services《信息技术 手机产品识别和管理 手机RFID服.pdf)为本站会员(dealItalian200)主动上传,麦多课文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知麦多课文库(发送邮件至master@mydoc123.com或直接QQ联系客服),我们立即给予删除!

BS ISO IEC 29176-2011 Information technology Mobile item identification and management Consumer privacy-protection protocol for Mobile RFID services《信息技术 手机产品识别和管理 手机RFID服.pdf

1、raising standards worldwide NO COPYING WITHOUT BSI PERMISSION EXCEPT AS PERMITTED BY COPYRIGHT LAW BSI Standards Publication BS ISO/IEC 29176:2011 Information technology Mobile item identification and management Consumer privacy-protection protocol for Mobile RFID servicesBS ISO/IEC 29176:2011 BRITI

2、SH STANDARD National foreword This British Standard is the UK implementation of ISO/IEC 29176:2011. The UK participation in its preparation was entrusted to Technical Committee IST/34, Automatic identification and data capture techniques. A list of organizations represented on this committee can be

3、obtained on request to its secretary. This publication does not purport to include all the necessary provisions of a contract. Users are responsible for its correct application. BSI 2011 ISBN 978 0 580 74883 7 ICS 35.040 Compliance with a British Standard cannot confer immunity from legal obligation

4、s. This British Standard was published under the authority of the Standards Policy and Strategy Committee on 31 October 2011. Amendments issued since publication Date Text affectedBS ISO/IEC 29176:2011Reference number ISO/IEC 29176:2011(E) ISO/IEC 2011INTERNATIONAL STANDARD ISO/IEC 29176 First editi

5、on 2011-10-15 Information technology Mobile item identification and management Consumer privacy-protection protocol for Mobile RFID services Technologies de linformation Gestion et identification dlment mobile Protocole de protection de la vie prive de lutilisateur pour les services RFID mobiles BS

6、ISO/IEC 29176:2011 ISO/IEC 29176:2011(E) COPYRIGHT PROTECTED DOCUMENT ISO/IEC 2011 All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm, without permissio

7、n in writing from either ISO at the address below or ISOs member body in the country of the requester. ISO copyright office Case postale 56 CH-1211 Geneva 20 Tel. + 41 22 749 01 11 Fax + 41 22 749 09 47 E-mail copyrightiso.org Web www.iso.org Published in Switzerland ii ISO/IEC 2011 All rights reser

8、vedBS ISO/IEC 29176:2011 ISO/IEC 29176:2011(E) ISO/IEC 2011 All rights reserved iiiContents Page Foreword iv Introduction . v 1 Scope 1 2 Conformance . 1 3 Normative references 1 4 Terms and definitions . 2 5 Background 2 5.1 Reference model for consumer privacy-protection . 2 5.2 Prerequisites 3 6

9、Consumer privacy-protection protocol . 3 6.1 Goal . 3 6.2 Phase 1. Transition to secured state . 3 6.3 Phase 2. Acquisition of the original access password . 4 6.4 Phase 3. Generation of the consumers access password and cover-coding the EMII . 4 6.5 Phase 4. Updating memory banks . 6 6.6 Phase 5. L

10、ocking memory banks . 6 7 Operation scenarios 7 7.1 Valid consumers Mobile RFID terminal 7 7.2 Invalid consumers Mobile RFID terminal . 8 Annex A (informative) Security Analysis 9 Bibliography 10 BS ISO/IEC 29176:2011 ISO/IEC 29176:2011(E) iv ISO/IEC 2011 All rights reservedForeword ISO (the Interna

11、tional Organization for Standardization) and IEC (the International Electrotechnical Commission) form the specialized system for worldwide standardization. National bodies that are members of ISO or IEC participate in the development of International Standards through technical committees establishe

12、d by the respective organization to deal with particular fields of technical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the work. In the fiel

13、d of information technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1. International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2. The main task of the joint technical committee is to prepare International Standards. Draft

14、International Standards adopted by the joint technical committee are circulated to national bodies for voting. Publication as an International Standard requires approval by at least 75% of the national bodies casting a vote. Attention is drawn to the possibility that some of the elements of this doc

15、ument may be the subject of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights. ISO/IEC 29176 was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology, Subcommittee SC 31, Automatic identification and data capture techniques.

16、 BS ISO/IEC 29176:2011 ISO/IEC 29176:2011(E) ISO/IEC 2011 All rights reserved vIntroduction There are many possible concerns regarding the authenticity and integrity of mobile radio frequency identification (Mobile RFID) systems. For example, an unauthorized interrogator can easily read a UII (Uniqu

17、e Item Identifier), TID (Tag Identifier), and the User memory banks of ISO/IEC 18000-6 Type C tags and ISO/IEC 18000-3 MODE 3 tags because there is no read-protection for these memory banks. In this case, the unauthorized interrogator could gather the product information by analysing the UII coding

18、rules. Therefore, a privacy protection function needs to be included in a Mobile RFID system utilizing those tags. This International Standard is intended to address consumer privacy-protection for Mobile RFID services. It focuses on technical solutions for protecting the privacy of Mobile RFID cons

19、umers. Its scope is limited to consumer privacy-protection suitable for tags and interrogators conforming to ISO/IEC 18000-6 Type C and ISO/IEC 18000-3 MODE 3 RFID interfaces. Cases for other ISO/IEC 18000-X protocols are not included. In addition, this International Standard will be coordinated wit

20、h ISO/IEC 29167-X without conflict. Consumer privacy-protection issues may be a critical barrier to deploying Mobile RFID services in a commercial field. Unless the Mobile RFID system is properly designed in aspects of privacy protection, there may be unexpected effects for Mobile RFID consumers. Th

21、is International Standard is not required for tags attached to some items. But, it is useful for providing a technique for protecting the consumers information if the tags are attached to private possessions such as purchased jewels and medicines. BS ISO/IEC 29176:2011BS ISO/IEC 29176:2011 INTERNATI

22、ONAL STANDARD ISO/IEC 29176:2011(E) ISO/IEC 2011 All rights reserved 1Information technology Mobile item identification and management Consumer privacy-protection protocol for Mobile RFID services 1 Scope This International Standard specifies a consumer privacy-protection protocol for Mobile RFID se

23、rvices. It provides a technical solution for addressing privacy concerns with tagged items for consumers. This International Standard focuses on tag-to-interrogator communications for providing a consumer privacy- protection solution. Interrogator-to-host and host (back-end enterprise) system securi

24、ty issues are not within the scope of this International Standard, but are covered by a variety of other best-practice documents. 2 Conformance This International Standard is intended for use in conjunction with the other standards related to Mobile RFID services. It can be applied to tags and inter

25、rogators conforming to ISO/IEC 18000-6 Type C and ISO/IEC 18000-3 MODE 3 RFID air interfaces and can, wherever appropriate and practicable, also be applied to tags and interrogators other than those covered by ISO/IEC 18000-6 Type C and ISO/IEC 18000-3 MODE 3 RFID air interfaces. 3 Normative referen

26、ces The following referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies. ISO/IEC 18000-3, Information technology Radio

27、 frequency identification for item management Part 3: Parameters for air interface communications at 13,56 MHz ISO/IEC 18000-6, Information technology Radio frequency identification for item management Part 6: Parameters for air interface communications at 860 MHz to 960 MHz ISO/IEC 19762 (all parts

28、), Information technology Automatic identification and data capture (AIDC) techniques Harmonized vocabulary ISO/IEC 29172, Information technology Mobile item identification and management Reference architecture for Mobile AIDC services BS ISO/IEC 29176:2011 ISO/IEC 29176:2011(E) 2 ISO/IEC 2011 All r

29、ights reserved4 Terms and definitions For the purposes of this document, the terms and definitions given in ISO/IEC 19762 (all parts), ISO/IEC 18000-6, ISO/IEC 29172, and the following apply. 4.1 cover-coding method by which an Interrogator obscures information that it is transmitting to a tag by re

30、questing a random number from the tag, then performing a bit-wise EXOR of the data or password with the received random number, and, finally, transmitting the cover-coded (also called ciphertext) string to the tag, which uncovers the data or password by performing a bit-wise EXOR of the received cov

31、er-coded string with the original random number ISO/IEC 18000-6 NOTE To cover-code an EMII (Encoded Mobile Item Identification), an interrogator performs a bit-wise XOR of the EMII with input information, and the interrogator uncovers the EMII by performing the bit-wise XOR of the cover-coded EMII w

32、ith the same input information. 4.2 Mobile RFID terminal electronic device equipped with one or more Mobile RFID interrogator(s) to support the functions of Mobile Item Identification and Management (MIIM) technologies 5 Background 5.1 Reference model for consumer privacy-protection This Internation

33、al Standard considers consumers actions such as the purchase of some tagged items as the reference model. Figure 1 illustrates an example of reading the information from a consumers low-cost tag. In this reference model using ISO/IEC 18000-6 Type C or ISO/IEC 18000-3 MODE 3 tags, UII memory, TID mem

34、ory, and User memory are easily disclosed to Mobile RFID terminals conforming to this International Standard. Note that the TID remain unchanged. Consumer privacy problems caused by this disclosed memory data are analysed as follows in ITU-T X.1171 (Refer to the chapter 9 of ITU-T X.1171 for more de

35、tail): 1) leakage of information associated with the identifier; 2) leakage of the historical context data. BS ISO/IEC 29176:2011 ISO/IEC 29176:2011(E) ISO/IEC 2011 All rights reserved 3Mobile RFID consumer Mobile RFID terminal RFID tag TLDc: JTC1 Class: 2 SLOC: OK Pharm. E012H 2H A08DH IC: aspirin

36、A399H SC: serial number AC89H HLC: High Level Code TLDc: Top Level Domain Code SLOC: Second Level Organization Code IC: Item Code SC: Serial Code HLC: MII 1HFigure 1 Reference model for consumer privacy-protection 5.2 Prerequisites The following conditions are prerequisites for defining the consumer

37、 privacy-protection protocol of this International Standard. 1) The tag shall support the Access command of ISO/IEC 18000-6 Type C and ISO/IEC 18000-3 MODE 3. - If a tag is not able to support the Access command, the tag shall not be used to execute the consumer privacy-protection protocol of this I

38、nternational Standard. 2) The tag shall support a nonzero-valued access password. - If a tag is not able to support a nonzero-valued access password, the tag shall not be used to execute the consumer privacy-protection protocol of this International Standard. 3) The consumer privacy-protection proto

39、col does not preclude other methods of securing an RFID tag. 6 Consumer privacy-protection protocol 6.1 Goal The goal of the consumer privacy-protection protocol is to conceal the original EMII (Encoded Mobile Item Identifier). The consumer privacy-protection protocol consists of five phases: 1) tra

40、nsition to a secured state, 2) acquisition of the original access password, 3) generation of the consumers access password and cover- coding the EMII, 4) updating the memory banks, and 5) locking the memory banks. 6.2 Phase 1. Transition to secured state The first phase is related to an action immed

41、iately after purchasing a tagged item. The purpose of this phase is to transit the tag to the secured state. This International Standard considers two cases regarding the access password of the tag. The first is an all zero-values access password at purchase and the other is a nonzero-valued access

42、password at purchase. In the case of the all zero-valued access password, the tag in the acknowledged state can transition to the secured state after receiving a valid Req_RN command. Therefore, the consumers Mobile RFID terminal can write a new access password on the Access Passwd field of the Rese

43、rved memory bank of the tag (Refer to BS ISO/IEC 29176:2011 ISO/IEC 29176:2011(E) 4 ISO/IEC 2011 All rights reserved9.3.2.1 Tag memory of ISO/IEC 18000-6:2010). In this case, the second phase, acquisition of the original access password, may be skipped because the all zero-valued access password is

44、the default value of this International Standard. In the case of the nonzero-valued access password, the tag shall use the Access command with a valid access password in order to transition to the secured state. Therefore, the consumers Mobile RFID terminal shall go to the next phase to acquire the

45、original access password. 6.3 Phase 2. Acquisition of the original access password The second phase is to acquire the original access password of the tag. The transfer mechanism of the access password from a host computer or a key management server is out of the scope of this International Standard.

46、 This International Standard presumes that the access password of the tag is securely transferred to the consumers Mobile RFID terminal. 6.4 Phase 3. Generation of the consumers access password and cover-coding the EMII In the third phase, the consumers Mobile RFID terminal generates its own access

47、password and cover-codes the EMII. This International Standard provides for three generation methods of the access password. One of the methods is to use the Mobile RFID terminal number and the mobile device identifier of the terminal. The typical Mobile RFID terminal number is the ITU-T E.164 telep

48、hone number and the typical mobile device identifiers are ESN (Electronic Serial Number), MEID (Mobile Equipment Identifier), and IMEI (International Mobile Equipment Identity). In the case of a 2G CDMA mobile phone, a telephone number of 01012345678 can be an example of the terminal number and an E

49、SN of B0000000 can be an example of the mobile device identifier. Figure 2 shows the generation method of the consumers access password. The main feature of this method is that the access password is automatically derived without the consumers intervention. The Mobile RFID start program performs the SHA1 (Secure Hash Algorithm 1) and selects the MSB (Most Significant Bits) 32 bits as the access password. The Mobile RFID start program is a special application that an end-user of the terminal meets

copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
备案/许可证编号:苏ICP备17064731号-1