1、raising standards worldwide NO COPYING WITHOUT BSI PERMISSION EXCEPT AS PERMITTED BY COPYRIGHT LAW BSI Standards Publication BS ISO/IEC 29176:2011 Information technology Mobile item identification and management Consumer privacy-protection protocol for Mobile RFID servicesBS ISO/IEC 29176:2011 BRITI
2、SH STANDARD National foreword This British Standard is the UK implementation of ISO/IEC 29176:2011. The UK participation in its preparation was entrusted to Technical Committee IST/34, Automatic identification and data capture techniques. A list of organizations represented on this committee can be
3、obtained on request to its secretary. This publication does not purport to include all the necessary provisions of a contract. Users are responsible for its correct application. BSI 2011 ISBN 978 0 580 74883 7 ICS 35.040 Compliance with a British Standard cannot confer immunity from legal obligation
4、s. This British Standard was published under the authority of the Standards Policy and Strategy Committee on 31 October 2011. Amendments issued since publication Date Text affectedBS ISO/IEC 29176:2011Reference number ISO/IEC 29176:2011(E) ISO/IEC 2011INTERNATIONAL STANDARD ISO/IEC 29176 First editi
5、on 2011-10-15 Information technology Mobile item identification and management Consumer privacy-protection protocol for Mobile RFID services Technologies de linformation Gestion et identification dlment mobile Protocole de protection de la vie prive de lutilisateur pour les services RFID mobiles BS
6、ISO/IEC 29176:2011 ISO/IEC 29176:2011(E) COPYRIGHT PROTECTED DOCUMENT ISO/IEC 2011 All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm, without permissio
7、n in writing from either ISO at the address below or ISOs member body in the country of the requester. ISO copyright office Case postale 56 CH-1211 Geneva 20 Tel. + 41 22 749 01 11 Fax + 41 22 749 09 47 E-mail copyrightiso.org Web www.iso.org Published in Switzerland ii ISO/IEC 2011 All rights reser
8、vedBS ISO/IEC 29176:2011 ISO/IEC 29176:2011(E) ISO/IEC 2011 All rights reserved iiiContents Page Foreword iv Introduction . v 1 Scope 1 2 Conformance . 1 3 Normative references 1 4 Terms and definitions . 2 5 Background 2 5.1 Reference model for consumer privacy-protection . 2 5.2 Prerequisites 3 6
9、Consumer privacy-protection protocol . 3 6.1 Goal . 3 6.2 Phase 1. Transition to secured state . 3 6.3 Phase 2. Acquisition of the original access password . 4 6.4 Phase 3. Generation of the consumers access password and cover-coding the EMII . 4 6.5 Phase 4. Updating memory banks . 6 6.6 Phase 5. L
10、ocking memory banks . 6 7 Operation scenarios 7 7.1 Valid consumers Mobile RFID terminal 7 7.2 Invalid consumers Mobile RFID terminal . 8 Annex A (informative) Security Analysis 9 Bibliography 10 BS ISO/IEC 29176:2011 ISO/IEC 29176:2011(E) iv ISO/IEC 2011 All rights reservedForeword ISO (the Interna
11、tional Organization for Standardization) and IEC (the International Electrotechnical Commission) form the specialized system for worldwide standardization. National bodies that are members of ISO or IEC participate in the development of International Standards through technical committees establishe
12、d by the respective organization to deal with particular fields of technical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the work. In the fiel
13、d of information technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1. International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2. The main task of the joint technical committee is to prepare International Standards. Draft
14、International Standards adopted by the joint technical committee are circulated to national bodies for voting. Publication as an International Standard requires approval by at least 75% of the national bodies casting a vote. Attention is drawn to the possibility that some of the elements of this doc
15、ument may be the subject of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights. ISO/IEC 29176 was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology, Subcommittee SC 31, Automatic identification and data capture techniques.
16、 BS ISO/IEC 29176:2011 ISO/IEC 29176:2011(E) ISO/IEC 2011 All rights reserved vIntroduction There are many possible concerns regarding the authenticity and integrity of mobile radio frequency identification (Mobile RFID) systems. For example, an unauthorized interrogator can easily read a UII (Uniqu
17、e Item Identifier), TID (Tag Identifier), and the User memory banks of ISO/IEC 18000-6 Type C tags and ISO/IEC 18000-3 MODE 3 tags because there is no read-protection for these memory banks. In this case, the unauthorized interrogator could gather the product information by analysing the UII coding
18、rules. Therefore, a privacy protection function needs to be included in a Mobile RFID system utilizing those tags. This International Standard is intended to address consumer privacy-protection for Mobile RFID services. It focuses on technical solutions for protecting the privacy of Mobile RFID cons
19、umers. Its scope is limited to consumer privacy-protection suitable for tags and interrogators conforming to ISO/IEC 18000-6 Type C and ISO/IEC 18000-3 MODE 3 RFID interfaces. Cases for other ISO/IEC 18000-X protocols are not included. In addition, this International Standard will be coordinated wit
20、h ISO/IEC 29167-X without conflict. Consumer privacy-protection issues may be a critical barrier to deploying Mobile RFID services in a commercial field. Unless the Mobile RFID system is properly designed in aspects of privacy protection, there may be unexpected effects for Mobile RFID consumers. Th
21、is International Standard is not required for tags attached to some items. But, it is useful for providing a technique for protecting the consumers information if the tags are attached to private possessions such as purchased jewels and medicines. BS ISO/IEC 29176:2011BS ISO/IEC 29176:2011 INTERNATI
22、ONAL STANDARD ISO/IEC 29176:2011(E) ISO/IEC 2011 All rights reserved 1Information technology Mobile item identification and management Consumer privacy-protection protocol for Mobile RFID services 1 Scope This International Standard specifies a consumer privacy-protection protocol for Mobile RFID se
23、rvices. It provides a technical solution for addressing privacy concerns with tagged items for consumers. This International Standard focuses on tag-to-interrogator communications for providing a consumer privacy- protection solution. Interrogator-to-host and host (back-end enterprise) system securi
24、ty issues are not within the scope of this International Standard, but are covered by a variety of other best-practice documents. 2 Conformance This International Standard is intended for use in conjunction with the other standards related to Mobile RFID services. It can be applied to tags and inter
25、rogators conforming to ISO/IEC 18000-6 Type C and ISO/IEC 18000-3 MODE 3 RFID air interfaces and can, wherever appropriate and practicable, also be applied to tags and interrogators other than those covered by ISO/IEC 18000-6 Type C and ISO/IEC 18000-3 MODE 3 RFID air interfaces. 3 Normative referen
26、ces The following referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies. ISO/IEC 18000-3, Information technology Radio
27、 frequency identification for item management Part 3: Parameters for air interface communications at 13,56 MHz ISO/IEC 18000-6, Information technology Radio frequency identification for item management Part 6: Parameters for air interface communications at 860 MHz to 960 MHz ISO/IEC 19762 (all parts
28、), Information technology Automatic identification and data capture (AIDC) techniques Harmonized vocabulary ISO/IEC 29172, Information technology Mobile item identification and management Reference architecture for Mobile AIDC services BS ISO/IEC 29176:2011 ISO/IEC 29176:2011(E) 2 ISO/IEC 2011 All r
29、ights reserved4 Terms and definitions For the purposes of this document, the terms and definitions given in ISO/IEC 19762 (all parts), ISO/IEC 18000-6, ISO/IEC 29172, and the following apply. 4.1 cover-coding method by which an Interrogator obscures information that it is transmitting to a tag by re
30、questing a random number from the tag, then performing a bit-wise EXOR of the data or password with the received random number, and, finally, transmitting the cover-coded (also called ciphertext) string to the tag, which uncovers the data or password by performing a bit-wise EXOR of the received cov
31、er-coded string with the original random number ISO/IEC 18000-6 NOTE To cover-code an EMII (Encoded Mobile Item Identification), an interrogator performs a bit-wise XOR of the EMII with input information, and the interrogator uncovers the EMII by performing the bit-wise XOR of the cover-coded EMII w
32、ith the same input information. 4.2 Mobile RFID terminal electronic device equipped with one or more Mobile RFID interrogator(s) to support the functions of Mobile Item Identification and Management (MIIM) technologies 5 Background 5.1 Reference model for consumer privacy-protection This Internation
33、al Standard considers consumers actions such as the purchase of some tagged items as the reference model. Figure 1 illustrates an example of reading the information from a consumers low-cost tag. In this reference model using ISO/IEC 18000-6 Type C or ISO/IEC 18000-3 MODE 3 tags, UII memory, TID mem
34、ory, and User memory are easily disclosed to Mobile RFID terminals conforming to this International Standard. Note that the TID remain unchanged. Consumer privacy problems caused by this disclosed memory data are analysed as follows in ITU-T X.1171 (Refer to the chapter 9 of ITU-T X.1171 for more de
35、tail): 1) leakage of information associated with the identifier; 2) leakage of the historical context data. BS ISO/IEC 29176:2011 ISO/IEC 29176:2011(E) ISO/IEC 2011 All rights reserved 3Mobile RFID consumer Mobile RFID terminal RFID tag TLDc: JTC1 Class: 2 SLOC: OK Pharm. E012H 2H A08DH IC: aspirin
36、A399H SC: serial number AC89H HLC: High Level Code TLDc: Top Level Domain Code SLOC: Second Level Organization Code IC: Item Code SC: Serial Code HLC: MII 1HFigure 1 Reference model for consumer privacy-protection 5.2 Prerequisites The following conditions are prerequisites for defining the consumer
37、 privacy-protection protocol of this International Standard. 1) The tag shall support the Access command of ISO/IEC 18000-6 Type C and ISO/IEC 18000-3 MODE 3. - If a tag is not able to support the Access command, the tag shall not be used to execute the consumer privacy-protection protocol of this I
38、nternational Standard. 2) The tag shall support a nonzero-valued access password. - If a tag is not able to support a nonzero-valued access password, the tag shall not be used to execute the consumer privacy-protection protocol of this International Standard. 3) The consumer privacy-protection proto
39、col does not preclude other methods of securing an RFID tag. 6 Consumer privacy-protection protocol 6.1 Goal The goal of the consumer privacy-protection protocol is to conceal the original EMII (Encoded Mobile Item Identifier). The consumer privacy-protection protocol consists of five phases: 1) tra
40、nsition to a secured state, 2) acquisition of the original access password, 3) generation of the consumers access password and cover- coding the EMII, 4) updating the memory banks, and 5) locking the memory banks. 6.2 Phase 1. Transition to secured state The first phase is related to an action immed
41、iately after purchasing a tagged item. The purpose of this phase is to transit the tag to the secured state. This International Standard considers two cases regarding the access password of the tag. The first is an all zero-values access password at purchase and the other is a nonzero-valued access
42、password at purchase. In the case of the all zero-valued access password, the tag in the acknowledged state can transition to the secured state after receiving a valid Req_RN command. Therefore, the consumers Mobile RFID terminal can write a new access password on the Access Passwd field of the Rese
43、rved memory bank of the tag (Refer to BS ISO/IEC 29176:2011 ISO/IEC 29176:2011(E) 4 ISO/IEC 2011 All rights reserved9.3.2.1 Tag memory of ISO/IEC 18000-6:2010). In this case, the second phase, acquisition of the original access password, may be skipped because the all zero-valued access password is
44、the default value of this International Standard. In the case of the nonzero-valued access password, the tag shall use the Access command with a valid access password in order to transition to the secured state. Therefore, the consumers Mobile RFID terminal shall go to the next phase to acquire the
45、original access password. 6.3 Phase 2. Acquisition of the original access password The second phase is to acquire the original access password of the tag. The transfer mechanism of the access password from a host computer or a key management server is out of the scope of this International Standard.
46、 This International Standard presumes that the access password of the tag is securely transferred to the consumers Mobile RFID terminal. 6.4 Phase 3. Generation of the consumers access password and cover-coding the EMII In the third phase, the consumers Mobile RFID terminal generates its own access
47、password and cover-codes the EMII. This International Standard provides for three generation methods of the access password. One of the methods is to use the Mobile RFID terminal number and the mobile device identifier of the terminal. The typical Mobile RFID terminal number is the ITU-T E.164 telep
48、hone number and the typical mobile device identifiers are ESN (Electronic Serial Number), MEID (Mobile Equipment Identifier), and IMEI (International Mobile Equipment Identity). In the case of a 2G CDMA mobile phone, a telephone number of 01012345678 can be an example of the terminal number and an E
49、SN of B0000000 can be an example of the mobile device identifier. Figure 2 shows the generation method of the consumers access password. The main feature of this method is that the access password is automatically derived without the consumers intervention. The Mobile RFID start program performs the SHA1 (Secure Hash Algorithm 1) and selects the MSB (Most Significant Bits) 32 bits as the access password. The Mobile RFID start program is a special application that an end-user of the terminal meets
