ISO/IEC INTERNATIONAL STANDARD 13157-3 First edition 2016-04-01 Information technology Telecommunications and information exchange between systems NFC Security - Part 3: NFC-SEC cryptography standard using ECDH-256 and AES-GCM Technologies de I'information - Teleinformatique - Sécurité NFC Partie 3: Norme de cryptographie NFC-SEC utilisant ECDH-256 et AES-GCM Reference number IS0/IEC 13157-3:2016(E) IEC S International Organization for Standardization STANDARDIZATIONC15956617 @ IS0/IEC 2016 ed without license from IHS IS0/IEC 13157-3:2016(E) COPYRIGHT PROTECTEDDOCUMENT IS0/IEC 2016, Published in Switzerland All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below or ISO's member body in the country of the requester. ISO copyright office Ch. de Blandonnet 8 . CP 401 CH-1214 Vernier, Geneva, Switzerland Tel. +41 22 749 01 11 Fax +41 22 749 09 47 [email protected] www.iso.org Licensee-ZHEJIANG INST OF STANDAJSA/NEC Od6 - All rights reserved HS und networking permited without license from IHS ISO/IEC 13157-3:2016(E) Contents Page Foreword. .iv Introduction. 1 Scope. 2 Conformance 3 Normative references. 4 Terms and definitions... 5 Conventions and notations 6 Acronyms. 7 General 8 Protocol Identifier (PID) .. 9 Primitives .. 9.1 Key agreement.. 9.1.1 Curve P-256.. 9.1.2 EC Key Pair Generation Primitive..... 9.1.3 EC Public key validation .... 9.1.4 ECDH secret value derivation Primitive. 9.1.5 3 9.2 KeyDerivationFunctions 9.2.1 KDF for the SSE... 9.2.2 KDF for the SCH 9.3 9.4 Key Confirmation... 9.4.1 Key confirmation tag generation. 9.4.2 Key confirmation tag verification. 9.5 Data Authenticated Encryption.... 9.5.1 Starting Variable (StartVar) . 9.5.2 Additional Authenticated Data (AAD) 9.5.3 Generation-Encryption.... 9.5.4 Decryption-Verification. 9.6 Data Integrity... 9.7 Message Sequence Integrity .. 10 Data Conversions.. .6 11 SSE and SCH service invocation... 12 SCH data exchange .... 12.1 Preparation..... .6 12.2 Data Exchange 12.2.1 Send. 12.2.2 Receive Annex A (normative) Fields sizes. 3=ZHEJIANG INST OF STANDARDIZATION C1 5956617 ili ed without license from IHS