iTeh StandardsiTeh Standards
EURUSD
Your shopping cart is empty.
ISO

ISO/IEC 30118-2:2021

(Main)

Information technology — Open Connectivity Foundation (OCF) Specification — Part 2: Security specification

Information technology — Open Connectivity Foundation (OCF) Specification — Part 2: Security specification

This document defines security objectives, philosophy, Resources and mechanism that impacts OCF base layers of ISO/IEC 30118-1. ISO/IEC 30118-1 contains informative security content. The OCF Security Specification contains security normative content and may contain informative content related to the OCF base or other OCF documents.

Technologies de l'information — Specification de la Fondation pour la connectivité ouverte (Fondation OCF) — Partie 2: Spécification de sécurité

General Information

Status
Published
Publication Date
17-Oct-2021
ICS
35.200 - Interface and interconnection equipment
Technical Committee
ISO/IEC JTC 1 - Information technology
Drafting Committee
ISO/IEC JTC 1 - Information technology
Current Stage
6060 - International Standard published
Start Date
18-Oct-2021
Due Date
16-May-2022
Completion Date
18-Oct-2021
Ref Project

Relations

Revises
ISO/IEC 30118-2:2018 - Information technology — Open Connectivity Foundation (OCF) Specification — Part 2: Security specification
Effective Date
18-Apr-2021
ISO/IEC 30118-2:2021 - Information technology -- Open Connectivity Foundation (OCF) SpecificationISO/IEC 30118-2:2021 - Information technology -- Open Connectivity Foundation (OCF) Specification
PreviousNext
Standard
ISO/IEC 30118-2:2021 - Information technology -- Open Connectivity Foundation (OCF) Specification
English language
187 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (Sample)


INTERNATIONAL ISO/IEC
STANDARD 30118-2
Second edition
2021-10
Information technology — Open
Connectivity Foundation (OCF)
Specification —
Part 2:
Security specification
Technologies de l'information — Specification de la Fondation pour la
connectivité ouverte (Fondation OCF) —
Partie 2: Spécification de sécurité
Reference number
© ISO/IEC 2021
© ISO/IEC 2021
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii
© ISO/IEC 2021 – All rights reserved

Contents Page
Foreword . ix
Introduction . x
1 Scope . 1
2 Normative References . 1
3 Terms, definitions and abbreviated terms . 3
3.1 Terms and definitions . 3
3.2 Symbols and abbreviated terms . 5
4 Document conventions and organization . 7
4.1 Conventions . 7
4.2 Notation . 7
4.3 Data types . 8
4.4 Document structure . 8
5 Security overview . 8
5.1 Preamble . 8
5.2 Access control . 10
5.2.1 Access control general. 10
5.2.2 ACL architecture . 11
5.3 Onboarding overview . 12
5.3.1 Onboarding general . 12
5.3.2 Onboarding steps . 14
5.3.3 Establishing a Device Owner . 15
5.3.4 Provisioning for Normal Operation . 16
5.3.5 OCF Compliance Management System . 16
5.4 Provisioning . 16
5.4.1 Provisioning general . 16
5.4.2 Access control provisioning . 17
5.4.3 Credential provisioning . 17
5.4.4 Role provisioning . 17
5.5 Secure Resource Manager (SRM) . 17
5.6 Credential overview . 18
5.7 Event logging . 18
5.7.1 Event logging general . 18
6 Security for the discovery process . 19
6.1 Preamble . 19
6.2 Security considerations for discovery . 19
7 Security provisioning . 21
7.1 Device identity . 21
7.1.1 General Device identity . 21
7.1.2 Device identity for devices with UAID [Deprecated] . 21
7.2 Device ownership . 21
7.3 Device Ownership Transfer Methods . 22
7.3.1 OTM implementation requirements . 22
7.3.2 SharedKey credential calculation . 23
7.3.3 Certificate credential generation . 24
7.3.4 Just-Works OTM . 24
© ISO/IEC 2021 – All rights reserved iii

7.3.5 Random PIN based OTM . 25
7.3.6 Manufacturer Certificate Based OTM . 28
7.3.7 Vendor specific OTMs . 30
7.3.8 Establishing Owner Credentials . 31
7.3.9 Security profile assignment . 34
7.4 Provisioning . 35
7.4.1 Provisioning flows . 35
8 Device Onboarding state definitions . 36
8.1 Device Onboarding general . 36
8.2 Device Onboarding-Reset state definition . 37
8.3 Device Ready-for-OTM State definition . 38
8.4 Device Ready-for-Provisioning State Definition . 39
8.5 Device Ready-for-Normal-Operation state definition . 39
8.6 Device Soft Reset State definition . 40
9 Security Credential management . 41
9.1 Preamble . 41
9.2 Credential lifecycle . 41
9.2.1 Credential lifecycle general . 41
9.2.2 Creation . 41
9.2.3 Deletion . 41
9.2.4 Refresh . 41
9.2.5 Revocation . 42
9.3 Credential types . 42
9.3.1 Preamble . 42
9.3.2 Pair-wise symmetric key credentials . 42
9.3.3 Group symmetric key credentials . 42
9.3.4 Asymmetric authentication key credentials . 43
9.3.5 Asymmetric Key Encryption Key credentials . 43
9.3.6 Certificate credentials . 44
9.3.7 Password credentials . 44
9.4 Certificate based key management . 44
9.4.1 Overview . 44
9.4.2 X.509 digital certificate profiles . 45
9.4.3 Certificate Revocation List (CRL) Profile [deprecated] . 54
9.4.4 Resource model . 54
9.4.5 Certificate provisioning . 54
9.4.6 CRL provisioning [deprecated] . 55
10 Device authentication . 55
10.1 Device authentication general . 55
10.2 Device authentication with symmetric key credentials . 56
10.3 Device authentication with raw asymmetric key credentials . 56
10.4 Device authentication with certificates. 56
10.4.1 Device authentication with certificates general . 56
10.4.2 Role assertion with certificates . 57
10.4.3 OCF PKI Roots . 58
10.4.4 PKI Trust Store . 58
10.4.5 Path Validation and extension processing . 59
iv © ISO/IEC 2021 – All rights reserved

11 Message integrity and confidentiality. 59
11.1 Preamble . 59
11.2 Session protection with DTLS . 59
11.2.1 DTLS protection general . 59
11.2.2 Unicast session semantics . 59
11.3 Cipher suites . 59
11.3.1 Cipher suites general . 59
11.3.2 Cipher suites for Device Ownership Transfer . 60
11.3.3 Cipher Suites for symmetric keys . 60
11.3.4 Cipher auites for asymmetric credentials . 61
12 Access control . 62
12.1 ACL generation and management . 62
12.2 ACL evaluation and enforcement . 62
12.2.1 ACL evaluation and enforcement general . 62
12.2.2 Host reference matching .
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

This May Also Interest You

ISO
ISO/IEC 14776-346:2024(Main)
Information technology — Small computer system interface (SCSI) — Part 346: Zoned Block Commands - 2 (ZBC-2)

This document defines the model and command set extensions to facilitate operation of zoned block devices. The clauses in this document, implemented in conjunction with the applicable clauses of SPC-6 and SBC-5, specify the standard command set for zoned block devices.

  • Standard
    141 pages
    English language
    sale 15% off
ISO
ISO/IEC 24079:2024(Main)
Information technology — Network Controller Sideband Interface (NC-SI) specifications collection

This document defines the functionality and behavior of the Sideband Interface responsible for connecting the Network Controller to the Management Controller. It also outlines the behavioral model of the network traffic destined for the Management Controller from the Network Controller. This document defines the following two aspects of the Network Controller Sideband Interface (NC‑SI): behavior of the interface, which include its operational states as well as the states of the associated components, the payloads and commands of the communication protocol supported over the interface. The scope of this document is limited to addressing only a single Management Controller communicating with one or more Network Controllers. This document also defines the following aspects of a 3.3V RMII Based Transport (RBT) based physical medium: transport binding for NC-SI over RBT, electrical and timing requirements for the RBT, an optional hardware arbitration mechanism for RBT. Only the topics that may affect the behavior of the Network Controller or Management Controller, as it pertains to the Sideband Interface operations, are discussed in this document. NC-SI over MCTP Binding Specification (DSP0261) This document defines the bindings between NC-SI protocol elements and MCTP elements in order for NC-SI Control and Pass-Through traffic to be transported using MCTP. Portions of this document rely on information and definitions from other specifications, which clause REF _Ref99190650 \r \h 2 08D0C9EA79F9BACE118C8200AA004BA90B02000000080000000D0000005F00520065006600390039003100390030003600350030000000 identifies. Two of these references are particularly relevant: DMTF DSP0222, Network Controller Sideband Interface (NC-SI) Specification, provides the NC‑SI base control that is to be bound over MCTP by this specification. DMTF DSP0236, Management Component Transport Protocol (MCTP) Base Specification, defines the MCTP transport on which the NC-SI Control and Pass-through packets are to be conveyed.

  • Standard
    140 pages
    English language
    sale 15% off
ISO
ISO/IEC 17760-105:2024(Main)
Information technology — AT Attachment — Part 105: ATA Command Set - 5 (ACS-5)

The set of AT Attachment standards consists of this standard and the ATA implementation standards described in AT Attachment - 8 ATA/ATAPI Architecture Model (ATA8-AAM). This standard specifies the command set that host systems use to access storage devices. This standard provides a common command set for systems manufacturers, system integrators, software suppliers, and suppliers of intelligent storage devices. Figure 1 shows the relationship of this standard to other ATA standards as well as related device and host standards and specifications (e.g., SCSI standards and SATA-IO specifications). This standard maintains compatibility with the ACS-4 standard, INCITS 529-2018, while providing additional functions.

  • Standard
    693 pages
    English language
    sale 15% off
ISO
ISO/IEC 19987:2024(Main)
Information technology — EPC Information Services (EPCIS)

This document is a GS1 standard that defines Version 2.0 of EPC Information Services (EPCIS). The goal of EPCIS is to enable disparate applications to create and share visibility event data, both within and across enterprises. Ultimately, this sharing is aimed at enabling users to gain a shared view of physical or digital objects within a relevant business context.

  • Standard
    190 pages
    English language
    sale 15% off
ISO
ISO/IEC 14776-253:2023(Main)
Information technology — Small Computer System Interface (SCSI) — Part 253: USB attached SCSI - 3 (UAS-3)
  • Standard
    50 pages
    English language
    sale 15% off
ISO
ISO/IEC 30118-14:2021(Main)
Information technology – Open Connectivity Foundation (OCF) Specification — Part 14: OCF resource to BLE mapping specification

This document provides detailed mapping information between BLE (Bluetooth Low Energy) and OCF defined Resources.

  • Standard
    48 pages
    English language
    sale 15% off
ISO
ISO/IEC 30118-11:2021(Main)
Information technology – Open Connectivity Foundation (OCF) Specification — Part 11: Device to cloud services specification

This document defines functional extensions to the capabilities defined in ISO/IEC 30118-1 to meet the requirements of the OCF Cloud. This document specifies new Resource Types to enable the functionality and any extensions to the existing capabilities defined in ISO/IEC 30118-1.

  • Standard
    37 pages
    English language
    sale 15% off
ISO
ISO/IEC 30118-16:2021(Main)
Information technology — Open Connectivity Foundation (OCF) Specification — Part 16: OCF resource to UPlus mapping specification

This document provides detailed mapping information between UPlus (U+) and OCF defined Resources.

  • Standard
    16 pages
    English language
    sale 15% off
ISO
ISO/IEC 30118-10:2021(Main)
Information technology – Open Connectivity Foundation (OCF) Specification — Part 10: Cloud API for cloud services specification

This document defines functional requirements for the OCF Cloud to Cloud Application Programming Interface (API).

  • Standard
    63 pages
    English language
    sale 15% off
ISO
ISO/IEC 30118-8:2021(Main)
Information technology – Open Connectivity Foundation (OCF) Specification — Part 8: OCF resource to oneM2M resource mapping specification

This document provides detailed mapping information to provide equivalency between oneM2M defined Module Classes and OCF defined Resources. A oneM2M Bridge is Asymmetric Client Bridge, therefore this document provides unidirectional mapping for Device Types (oneM2M Devices to OCF Devices), identifies equivalent OCF Resources for specific oneM2M Module Classes, and defines the detailed Property by Property mapping using OCF defined extensions to JSON schema to programmatically define the mappings.

  • Standard
    115 pages
    English language
    sale 15% off