1、raising standards worldwideNO COPYING WITHOUT BSI PERMISSION EXCEPT AS PERMITTED BY COPYRIGHT LAWBSI Standards PublicationBS ISO/IEC 29176:2011Information technology Mobile item identification andmanagement Consumerprivacy-protection protocol forMobile RFID servicesBS ISO/IEC 29176:2011 BRITISH STAN
2、DARDNational forewordThis British Standard is the UK implementation of ISO/IEC29176:2011.The UK participation in its preparation was entrusted to TechnicalCommittee IST/34, Automatic identification and data capturetechniques.A list of organizations represented on this committee can beobtained on req
3、uest to its secretary.This publication does not purport to include all the necessaryprovisions of a contract. Users are responsible for its correctapplication. BSI 2011ISBN 978 0 580 74883 7ICS 35.040Compliance with a British Standard cannot confer immunity fromlegal obligations.This British Standar
4、d was published under the authority of theStandards Policy and Strategy Committee on 31 October 2011.Amendments issued since publicationDate Text affectedBS ISO/IEC 29176:2011Reference numberISO/IEC 29176:2011(E)ISO/IEC 2011INTERNATIONAL STANDARD ISO/IEC29176First edition2011-10-15Information techno
5、logy Mobile item identification and management Consumer privacy-protection protocol for Mobile RFID services Technologies de linformation Gestion et identification dlment mobile Protocole de protection de la vie prive de lutilisateur pour les services RFID mobiles BS ISO/IEC 29176:2011ISO/IEC 29176:
6、2011(E) COPYRIGHT PROTECTED DOCUMENT ISO/IEC 2011 All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at t
7、he address below or ISOs member body in the country of the requester. ISO copyright office Case postale 56 CH-1211 Geneva 20 Tel. + 41 22 749 01 11 Fax + 41 22 749 09 47 E-mail copyrightiso.org Web www.iso.org Published in Switzerland ii ISO/IEC 2011 All rights reservedBS ISO/IEC 29176:2011ISO/IEC 2
8、9176:2011(E) ISO/IEC 2011 All rights reserved iiiContents Page Foreword iv Introduction . v 1 Scope 1 2 Conformance . 1 3 Normative references 1 4 Terms and definitions . 2 5 Background 2 5.1 Reference model for consumer privacy-protection . 2 5.2 Prerequisites 3 6 Consumer privacy-protection protoc
9、ol . 3 6.1 Goal . 3 6.2 Phase 1. Transition to secured state . 3 6.3 Phase 2. Acquisition of the original access password . 4 6.4 Phase 3. Generation of the consumers access password and cover-coding the EMII . 4 6.5 Phase 4. Updating memory banks . 6 6.6 Phase 5. Locking memory banks . 6 7 Operatio
10、n scenarios 7 7.1 Valid consumers Mobile RFID terminal 7 7.2 Invalid consumers Mobile RFID terminal . 8 Annex A (informative) Security Analysis 9 Bibliography 10 BS ISO/IEC 29176:2011ISO/IEC 29176:2011(E) iv ISO/IEC 2011 All rights reservedForeword ISO (the International Organization for Standardiza
11、tion) and IEC (the International Electrotechnical Commission) form the specialized system for worldwide standardization. National bodies that are members of ISO or IEC participate in the development of International Standards through technical committees established by the respective organization to
12、 deal with particular fields of technical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information technology, ISO an
13、d IEC have established a joint technical committee, ISO/IEC JTC 1. International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2. The main task of the joint technical committee is to prepare International Standards. Draft International Standards adopted by
14、the joint technical committee are circulated to national bodies for voting. Publication as an International Standard requires approval by at least 75% of the national bodies casting a vote. Attention is drawn to the possibility that some of the elements of this document may be the subject of patent
15、rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights. ISO/IEC 29176 was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology, Subcommittee SC 31, Automatic identification and data capture techniques. BS ISO/IEC 29176:2011ISO/IEC 29176
16、:2011(E) ISO/IEC 2011 All rights reserved vIntroduction There are many possible concerns regarding the authenticity and integrity of mobile radio frequency identification (Mobile RFID) systems. For example, an unauthorized interrogator can easily read a UII (Unique Item Identifier), TID (Tag Identif
17、ier), and the User memory banks of ISO/IEC 18000-6 Type C tags and ISO/IEC 18000-3 MODE 3 tags because there is no read-protection for these memory banks. In this case, the unauthorized interrogator could gather the product information by analysing the UII coding rules. Therefore, a privacy protecti
18、on function needs to be included in a Mobile RFID system utilizing those tags. This International Standard is intended to address consumer privacy-protection for Mobile RFID services. It focuses on technical solutions for protecting the privacy of Mobile RFID consumers. Its scope is limited to consu
19、mer privacy-protection suitable for tags and interrogators conforming to ISO/IEC 18000-6 Type C and ISO/IEC 18000-3 MODE 3 RFID interfaces. Cases for other ISO/IEC 18000-X protocols are not included. In addition, this International Standard will be coordinated with ISO/IEC 29167-X without conflict.
20、Consumer privacy-protection issues may be a critical barrier to deploying Mobile RFID services in a commercial field. Unless the Mobile RFID system is properly designed in aspects of privacy protection, there may be unexpected effects for Mobile RFID consumers. This International Standard is not req
21、uired for tags attached to some items. But, it is useful for providing a technique for protecting the consumers information if the tags are attached to private possessions such as purchased jewels and medicines. BS ISO/IEC 29176:2011BS ISO/IEC 29176:2011INTERNATIONAL STANDARD ISO/IEC 29176:2011(E) I
22、SO/IEC 2011 All rights reserved 1Information technology Mobile item identification and management Consumer privacy-protection protocol for Mobile RFID services 1 Scope This International Standard specifies a consumer privacy-protection protocol for Mobile RFID services. It provides a technical solut
23、ion for addressing privacy concerns with tagged items for consumers. This International Standard focuses on tag-to-interrogator communications for providing a consumer privacy-protection solution. Interrogator-to-host and host (back-end enterprise) system security issues are not within the scope of
24、this International Standard, but are covered by a variety of other best-practice documents. 2 Conformance This International Standard is intended for use in conjunction with the other standards related to Mobile RFID services. It can be applied to tags and interrogators conforming to ISO/IEC 18000-6
25、 Type C and ISO/IEC 18000-3 MODE 3 RFID air interfaces and can, wherever appropriate and practicable, also be applied to tags and interrogators other than those covered by ISO/IEC 18000-6 Type C and ISO/IEC 18000-3 MODE 3 RFID air interfaces. 3 Normative references The following referenced documents
26、 are indispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies. ISO/IEC 18000-3, Information technology Radio frequency identification for item man
27、agement Part 3: Parameters for air interface communications at 13,56 MHz ISO/IEC 18000-6, Information technology Radio frequency identification for item management Part 6: Parameters for air interface communications at 860 MHz to 960 MHz ISO/IEC 19762 (all parts), Information technology Automatic id
28、entification and data capture (AIDC) techniques Harmonized vocabulary ISO/IEC 29172, Information technology Mobile item identification and management Reference architecture for Mobile AIDC services BS ISO/IEC 29176:2011ISO/IEC 29176:2011(E) 2 ISO/IEC 2011 All rights reserved4 Terms and definitions F
29、or the purposes of this document, the terms and definitions given in ISO/IEC 19762 (all parts), ISO/IEC 18000-6, ISO/IEC 29172, and the following apply. 4.1 cover-coding method by which an Interrogator obscures information that it is transmitting to a tag by requesting a random number from the tag,
30、then performing a bit-wise EXOR of the data or password with the received random number, and, finally, transmitting the cover-coded (also called ciphertext) string to the tag, which uncovers the data or password by performing a bit-wise EXOR of the received cover-coded string with the original rando
31、m number ISO/IEC 18000-6 NOTE To cover-code an EMII (Encoded Mobile Item Identification), an interrogator performs a bit-wise XOR of the EMII with input information, and the interrogator uncovers the EMII by performing the bit-wise XOR of the cover-coded EMII with the same input information. 4.2 Mob
32、ile RFID terminal electronic device equipped with one or more Mobile RFID interrogator(s) to support the functions of Mobile Item Identification and Management (MIIM) technologies 5 Background 5.1 Reference model for consumer privacy-protection This International Standard considers consumers actions
33、 such as the purchase of some tagged items as the reference model. Figure 1 illustrates an example of reading the information from a consumers low-cost tag. In this reference model using ISO/IEC 18000-6 Type C or ISO/IEC 18000-3 MODE 3 tags, UII memory, TID memory, and User memory are easily disclos
34、ed to Mobile RFID terminals conforming to this International Standard. Note that the TID remain unchanged. Consumer privacy problems caused by this disclosed memory data are analysed as follows in ITU-T X.1171 (Refer to the chapter 9 of ITU-T X.1171 for more detail): 1) leakage of information associ
35、ated with the identifier; 2) leakage of the historical context data. BS ISO/IEC 29176:2011ISO/IEC 29176:2011(E) ISO/IEC 2011 All rights reserved 3Mobile RFID consumerMobile RFID terminalRFID tagTLDc: JTC1 Class: 2 SLOC: OK Pharm.E012H 2H A08DHIC: aspirinA399HSC: serial numberAC89HHLC: High Level Cod
36、eTLDc: Top Level Domain CodeSLOC: Second Level Organization CodeIC: Item CodeSC: Serial CodeHLC: MII1HFigure 1 Reference model for consumer privacy-protection 5.2 Prerequisites The following conditions are prerequisites for defining the consumer privacy-protection protocol of this International Stan
37、dard. 1) The tag shall support the Access command of ISO/IEC 18000-6 Type C and ISO/IEC 18000-3 MODE 3. - If a tag is not able to support the Access command, the tag shall not be used to execute the consumer privacy-protection protocol of this International Standard. 2) The tag shall support a nonze
38、ro-valued access password. - If a tag is not able to support a nonzero-valued access password, the tag shall not be used to execute the consumer privacy-protection protocol of this International Standard. 3) The consumer privacy-protection protocol does not preclude other methods of securing an RFID
39、 tag. 6 Consumer privacy-protection protocol 6.1 Goal The goal of the consumer privacy-protection protocol is to conceal the original EMII (Encoded Mobile Item Identifier). The consumer privacy-protection protocol consists of five phases: 1) transition to a secured state, 2) acquisition of the origi
40、nal access password, 3) generation of the consumers access password and cover-coding the EMII, 4) updating the memory banks, and 5) locking the memory banks. 6.2 Phase 1. Transition to secured state The first phase is related to an action immediately after purchasing a tagged item. The purpose of th
41、is phase is to transit the tag to the secured state. This International Standard considers two cases regarding the access password of the tag. The first is an all zero-values access password at purchase and the other is a nonzero-valued access password at purchase. In the case of the all zero-valued
42、 access password, the tag in the acknowledged state can transition to the secured state after receiving a valid Req_RN command. Therefore, the consumers Mobile RFID terminal can write a new access password on the Access Passwd field of the Reserved memory bank of the tag (Refer to BS ISO/IEC 29176:2
43、011ISO/IEC 29176:2011(E) 4 ISO/IEC 2011 All rights reserved9.3.2.1 Tag memory of ISO/IEC 18000-6:2010). In this case, the second phase, acquisition of the original access password, may be skipped because the all zero-valued access password is the default value of this International Standard. In the
44、case of the nonzero-valued access password, the tag shall use the Access command with a valid access password in order to transition to the secured state. Therefore, the consumers Mobile RFID terminal shall go to the next phase to acquire the original access password. 6.3 Phase 2. Acquisition of the
45、 original access password The second phase is to acquire the original access password of the tag. The transfer mechanism of the access password from a host computer or a key management server is out of the scope of this International Standard. This International Standard presumes that the access pas
46、sword of the tag is securely transferred to the consumers Mobile RFID terminal. 6.4 Phase 3. Generation of the consumers access password and cover-coding the EMII In the third phase, the consumers Mobile RFID terminal generates its own access password and cover-codes the EMII. This International Sta
47、ndard provides for three generation methods of the access password. One of the methods is to use the Mobile RFID terminal number and the mobile device identifier of the terminal. The typical Mobile RFID terminal number is the ITU-T E.164 telephone number and the typical mobile device identifiers are
48、 ESN (Electronic Serial Number), MEID (Mobile Equipment Identifier), and IMEI (International Mobile Equipment Identity). In the case of a 2G CDMA mobile phone, a telephone number of 01012345678 can be an example of the terminal number and an ESN of B0000000 can be an example of the mobile device ide
49、ntifier. Figure 2 shows the generation method of the consumers access password. The main feature of this method is that the access password is automatically derived without the consumers intervention. The Mobile RFID start program performs the SHA1 (Secure Hash Algorithm 1) and selects the MSB (Most Significant Bits) 32 bits as the access password. The Mobile RFID start program is a special application that an end-user of the terminal meets initially when using Mobile RFID services. When an end-user
