ISO/IEC INTERNATIONAL STANDARD 13157-4 First edition 2016-06-15 Information technology Telecommunications and information exchange between systems NFC Security - Part 4: NFC-SEC entity authentication and key agreement using asymmetric cryptography Technologies de I'information-Telécommunications et échange d'informationentresystemes-SécuriteNFC- Partie 4:Authentification d'entite NFC-SEC et accord de clés utilisant une cryptographie asymetrique Referencenumber ISO/IEC13157-4:2016(E) IEC Intemational Organization for Standardization STANDARDIZATIONC15956617 @IS0/IEC2016 IS0/IEC13157-4:2016(E) COPYRIGHTPROTECTEDDOCUMENT IS0/IEC 2016,Published in Switzerland All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below or ISO's member body in the country of the requester. ISOcopyrightoffice Ch. de Blandonnet 8.CP 401 CH-1214 Vernier, Geneva, Switzerland Tel.+4122 749 0111 Fax+41227490947 [email protected] www.iso.org License-ZHEJIANG INST.OF STANDRAJSAIECO6-All rights reserved etworking permitted without license from IHS Not for Resale, 2016/8/16 08:42:43 ISO/IEC 13157-4:2016(E) Contents Page Foreword Introduction. .vi 1 Scope 2 Conformance 3 Normative references. 4 Terms and definitions ... 5 Conventions and notations 6 Acronyms.. 7 General. 8 Fields and PDUs for NEAU-A 8.1 Protocol Identifier (PID) 8.2 NFC-SEC-PDUs.. 8.3 TTP involving.... 8.3.1 TTP policy and field. 8.3.2 TTP policy negotiation.. 8.4 Entity identifiers ... 8.5 Cert field..... 8.6 Res field. 9 Primitives .8 9.1 General requirements .. 9.2 9.2.1 Mechanisms .9 9.2.2 ECcurve 9.2.3 ECDSA 10 9.2.4 12 9.3 Key agreement.. 13 9.4 Key confirmation .. 13 9.5 Key Derivation Function (KDF). 13 10 13 10.1 Entity authentication involving a TTP 10.1.1 Protocol overview.... 13 10.1.2 Preparation... 14 10.1.3 Sender (A) transformation.... 10.1.4 Recipient (B) transformation. 16 10.1.5 TTP transformation ... 10.2 EntityauthenticationwithoutinvolvingaTTP 17 10.2.1 Protocol overview.... 10.2.2 Preparation... 17 10.2.3 Sender (A) transformation .... 18 10.2.4 Recipient (B) transformation.. 19 10.3 Key derivation. 20 10.3.1 Sender (A) 20 10.3.2 Recipient (B) 20 11 Data Authenticated Encryption in SCH... 20 Annex A (normative) UDP Port 5111 and TAEP A.1 UDp and po.t .... 21 ii IS0e=ZHEJIANG INST OF STANDARDIZATION C1 5956617 icense from IHS