1、BSI Standards Publication BS ISO/IEC 25185-1:2016 Identification cards Integrated circuit card authentication protocols Part 1: Protocol for Lightweight Authentication of IdentityBS ISO/IEC 25185-1:2016 BRITISH STANDARD National foreword This British Standard is the UK implementation of ISO/IEC 2518
2、5-1:2016. The UK participation in its preparation was entrusted to Technical Committee IST/17, Cards and personal identification. A list of organizations represented on this committee can be obtained on request to its secretary. This publication does not purport to include all the necessary provisio
3、ns of a contract. Users are responsible for its correct application. The British Standards Institution 2016. Published by BSI Standards Limited 2016 ISBN 978 0 580 80310 9 ICS 35.240.15 Compliance with a British Standard cannot confer immunity from legal obligations. This British Standard was publis
4、hed under the authority of the Standards Policy and Strategy Committee on 31 January 2016. Amendments/corrigenda issued since publication Date T e x t a f f e c t e dBS ISO/IEC 25185-1:2016 Identification cards Integrated circuit card authentication protocols Part 1: Protocol for Lightweight Authent
5、ication of Identity Cartes didentification Integrated circuit protocoles dauthentification par carte Partie 1: Protocole pour lauthentification de lidentit lger INTERNATIONAL STANDARD ISO/IEC 25185-1 Reference number ISO/IEC 25185-1:2016(E) First edition 2016-01-15 ISO/IEC 2016 BS ISO/IEC 25185-1:20
6、16ii ISO/IEC 2016 All rights reserved COPYRIGHT PROTECTED DOCUMENT ISO/IEC 2016, Published in Switzerland All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying
7、, or posting on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below or ISOs member body in the country of the requester. ISO copyright office Ch. de Blandonnet 8 CP 401 CH-1214 Vernier, Geneva, Switzerland Tel. +41 22 749 01
8、 11 Fax +41 22 749 09 47 copyrightiso.org www.iso.org ISO/IEC 25185-1:2016(E)BS ISO/IEC 25185-1:2016ISO/IEC 25185-1:2016(E)Foreword iv Introduction v 1 Scope .1 2 Normative references 1 3 Terms and definitions .2 4 Symbols and abbreviated terms .2 5 Data dictionary .3 6 Authentication Protocol Descr
9、iption 5 6.1 Step 1 INITIAL AUTHENTICATE command 6 6.2 Step 2 INITIAL AUTHENTICATE command evaluation . 7 6.3 Step 3 INITIAL AUTHENTICATE response . 7 6.4 Step 4 INITIAL AUTHENTICATE response evaluation . 7 6.5 Step 5 FINAL AUTHENTICATE command . 7 6.6 Step 6 FINAL AUTHENTICATE command evaluation .
10、8 6.7 Step 7 FINAL AUTHENTICATE response . 8 6.8 Step 8 FINAL AUTHENTICATE response evaluation . 8 7 Application identification .9 8 Command set 9 9 Status bytes and error handling .9 10 Key diversification .10 11 Session key generation .10 12 Default mode .10 Annex A (normative) Test vectors 11 Ann
11、ex B (informative) Key management policy 12 Annex C (informative) Keyset management .13 Annex D (informative) Reference implementation 14 Annex E (informative) Identity leakage considerations15 Annex F (informative) Operational mode management .16 Annex G (informative) PLAID security features .17 Bi
12、bliography .20 ISO/IEC 2016 All rights reserved iii Contents PageBS ISO/IEC 25185-1:2016ISO/IEC 25185-1:2016(E) Foreword ISO (the International Organization for Standardization) and IEC (the International Electrotechnical Commission) form the specialized system for worldwide standardization. Nationa
13、l bodies that are members of ISO or IEC participate in the development of International Standards through technical committees established by the respective organization to deal with particular fields of technical activity. ISO and IEC technical committees collaborate in fields of mutual interest. O
14、ther international organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1. The procedures used to develop this document and those intend
15、ed for its further maintenance are described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for the different types of document should be noted. This document was drafted in accordance with the editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.or
16、g/directives). Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights. Details of any patent rights identified during the development of the document
17、 will be in the Introduction and/or on the ISO list of patent declarations received (see www.iso.org/patents). Any trade name used in this document is information given for the convenience of users and does not constitute an endorsement. For an explanation on the meaning of ISO specific terms and ex
18、pressions related to conformity assessment, as well as information about ISOs adherence to the WTO principles in the Technical Barriers to Trade (TBT), see the following URL: Foreword Supplementary information. The committee responsible for this document is ISO/IEC JTC 1, Information technology. ISO
19、/IEC 25185-1 was prepared by Standards Australia under the JTC1 Fast Track process from the existing AS-5185 Australian standard as a submission to ISO/IEC JTC 1, Information technology. ISO/IEC 25185 consists of the following parts, under the general title Identification cards Integrated circuit ca
20、rd authentication protocols: Part 1: Protocol for Lightweight Authentication of Identityiv ISO/IEC 2016 All rights reservedBS ISO/IEC 25185-1:2016ISO/IEC 25185-1:2016(E) Introduction PLAID (Protocol for Lightweight Authentication of IDentity) is an ICC (smartcard) authentication protocol, which is d
21、esigned to expressly support contactless applications. The protocol is designed to fill the gap in standardized protocols between tag and RFID based technologies which do not utilize cryptography but are fast, and PKI based authentication, which can be very strong cryptographically, but slower, and
22、unsuitable for many contactless use-cases. It is based on a cryptographic method, which uses both symmetric and asymmetric cryptography in a hybrid protocol to protect the communications between ICCs and terminal devices. This is done in such a way that strong authentication of the ICC and credentia
23、ls is possible in a fast, highly secure and private fashion without the exposure of card or cardholder identifying information or any other information which is useful to an attacker. PLAID uses standards-based cryptography commonly available on ICCs, computer systems and embedded devices and is con
24、sequently highly portable to a wide range of ICC cards and IFD devices. ISO/IEC draws attention to the fact that it is claimed that compliance with this International Standard may involve the use of intellectual property concerning PLAID. ISO/IEC takes no position concerning the evidence, validity a
25、nd scope of such an intellectual property right. The holder of the right has assured ISO/IEC that they are willing to negotiate licences under reasonable and non-discriminatory terms and conditions with applicants throughout the world. In this respect the licence provided is perpetual, irrevocable,
26、world-wide, non-exclusive, royalty free and no-charge. The statement of the holder of this intellectual property right is registered with ISO/IEC. Information may be obtained from: The Commonwealth of Australia, acting through the Commonwealth Services Delivery Agency, also known as “Human Services”
27、 or such other agency as may, from time to time, administer the PLAID Licence on behalf of the Commonwealth of Australia.Address: Attn: PLAID; Human Services; PO Box 7788, Canberra M.C. ACT 2910, AustraliaEmail: PLAIDhumanservices.gov.au Licence: https:/ /www.plaid.gov.au ISO/IEC wishes to thank the
28、 Australian Commonwealth for their support of the development of PLAID and the provision of the associated intellectual property in a royalty free and no-charge licence. Attention is drawn to the possibility that some of the elements of this International Standard may be the subject of patent rights
29、 other than those identified above. ISO and IEC shall not be held responsible for identifying any or all such patent rights. This is the first ISO/IEC edition, the previous Australian Standard, AS 5185:2010 is technically identical other than for references where ISO/IEC standards are required to di
30、ffer due to ISO convention including compliance to nominated normative standards and where cipher strengths have been updated. ISO/IEC 2016 All rights reserved vBS ISO/IEC 25185-1:2016BS ISO/IEC 25185-1:2016Identification cards Integrated circuit card authentication protocols Part 1: Protocol for Li
31、ghtweight Authentication of Identity 1 Scope This International Standard provides an authentication protocol suitable for use in physical and logical access control systems based on ICCs and related systems which support standards based AES-128 and RSA-2048 ciphers and the SHA-256 hashing algorithm.
32、 The standard specifies PLAID and its implementation in sufficient detail to allow any two or more implementations to be interoperable. This International Standard does not address how implementations share cryptographic keys, access control system credential records (including revocation) or manage
33、 payload entities such as PIN, PINHash, or biometric templates or other payload objects. 2 Normative references The following documents, in whole or in part, are normatively referenced in this document and are indispensable for its application. For dated references, only the edition cited applies. F
34、or undated references, the latest edition of the referenced document (including any amendments) applies. ISO/IEC 7816-4, Identification cards Integrated circuit cards Part 4: Organization, security and commands for interchange ISO/IEC 7816-5, Identification cards Integrated circuit cards Part 5: Reg
35、istration of application providers ISO/IEC 8824-1, Information technology Abstract Syntax Notation One (ASN.1) Part 1: Specification of basic notation ISO/IEC 9797-1, Information technology Security techniques Message Authentication Codes (MACs) Part 1: Mechanisms using a block cipher ISO/IEC 10116,
36、 Information technology Security techniques Modes of operation for an n-bit block cipher ISO/IEC 10118-3, Information technology Security techniques Hash-functions Part 3: Dedicated hash-functions ISO/IEC 18033-2, Information technology Security techniques Encryption algorithms Part 2: Asymmetric ci
37、phers ISO/IEC 18033-3, Information technology Security techniques Encryption algorithms Part 3: Block ciphers IETF RFC 3447, Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography Specifications Version 2.1 INTERNATIONAL ST ANDARD ISO/IEC 25185-1:2016(E) ISO/IEC 2016 All rights reserved 1BS I
38、SO/IEC 25185-1:2016ISO/IEC 25185-1:2016(E) 3 Terms and definitions For the purposes of this document, the terms and definitions in ISO/IEC 7816-4, ISO/IEC 7816-5, ISO/IEC 8824-1, ISO/IEC 10116, ISO/IEC 10118-3, ISO/IEC 18033-2, ISO/IEC 18033-3, IETF RFC 3447, and the following apply. 4 Symbols and a
39、bbreviated terms For the purposes of this document the following symbols and abbreviated terms apply. | Logical concatenation of bit strings ACS Access Control System AES Advanced Encryption Standard (as defined in ISO/IEC 18033-3) AES Decrypt KeyPerform AES Decryption using Key AES Encrypt KeyPerfo
40、rm AES Encryption using Key AID Application IDentifier (as defined in ISO/IEC 7816-4) AP Authentication Protocol (as defined in ISO/IEC 24727-3) APDU Application Protocol Data Unit (as defined is ISO/IEC 7816-4) ASN.1 Abstract Syntax Notation Number 1 (as defined in ISO/IEC 8824-1) BER Basic Encodin
41、g Rules of ASN.1 (as defined in ISO/IEC 8825-1) CBC Cipher Block Chaining (as defined in ISO/IEC 10116) CLA Class Byte (as defined in ISO/IEC 7816-4) CRT Chinese Remainder Theorem DivData Diversification Data Seed data used in cryptographic operations e STR Encrypted version of data object (STR in t
42、his case) FA Final Authenticate IA Initial Authenticate ICC Integrated Circuit Card, logically equivalent in this International Standard to PICC IFD InterFace Device INS Instruction Byte (as defined in ISO/IEC 7816-4) IV Initialisation Vector Key (DIV)Diversified version of key KeySetID A 2 byte val
43、ue specifying which keyset the protocol will negotiate or use LACS Logical Access Control System OpModeID A 2 byte value specifying which operational mode the protocol will use PACS Physical Access Control System PICC Proximity Integrated Circuit Card, logically equivalent to ICC in this Internation
44、al Standard2 ISO/IEC 2016 All rights reservedBS ISO/IEC 25185-1:2016ISO/IEC 25185-1:2016(E) PIN Personal Identification Number PKI Public-Key Infrastructure PKCS1.5 RSA padding method (as defined in IETF RFC 3447) PLAID Protocol for Lightweight Authentication of IDentity RNG Random Number Generator
45、RSA Asymmetric cryptographic cipher (as defined in ISO/IEC 18033-2) RSA Decrypt KeyPerform RSA Decryption using Key RSA Encrypt KeyPerform RSA Encryption using Key SHA Secure Hash Algorithm (as defined in ISO/IEC 10118-3) SW1-SW2 Status Bytes (as defined in ISO/IEC 7816-4) TLV Tag, Length, Value UID
46、 Unique IDentifier UUID Open credential numbering system (as defined in IETF RFC 4122) Wiegand PACS credential numbering system based on Wiegand effect card readers from the 1980s 5 Data dictionary Table 1 defines the size and details of PLAID data objects. Table 1 Data dictionary Object name Purpos
47、e Size Data type Comments ACSRecord Access control system record Variable. NOTE ACSRecord plus Payload should not exceed 64 bits unless a secondary transmission error check such as CMAC is imple- mented. Open An access control system record for each supported Operational Mode Identi- fier for the pu
48、rpose of au- thorization and revocation by back office PACS or LACS access control systems. This record is mapped by the OpModeID to the particular back office num- bering system the protocol is supporting. This record is returned by the final authenticate command response. ISO/IEC 2016 All rights r
49、eserved 3BS ISO/IEC 25185-1:2016ISO/IEC 25185-1:2016(E) Object name Purpose Size Data type Comments DivData Symmetric key di- versification data 128 bits Binary A seed value which is set during PLAID enablement for use in the key diversifi- cation algorithm to ensure that loss of an individual ICC symmetric key cannot result in a breach of the system master keys. This seed is determined by the owner of the key and should preferably
