ISO/IEC 19823-19:2018

INTERNATIONAL ISO/IEC
STANDARD 19823-19
First edition
2018-09
Information technology —
Conformance test methods for
security service crypto suites —
Part 19:
Crypto suite RAMON
Technologies de l'information — Méthodes d'essai de conformité pour
les suites cryptographiques des services de sécurité —
Partie 19: Suite cryptographique RAMON
Reference number
©
ISO/IEC 2018
© ISO/IEC 2018
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting
on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address
below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Fax: +41 22 749 09 47
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO/IEC 2018 – All rights reserved

Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms, definitions, symbols and abbreviated terms . 1
4 Test methods . 2
4.1 General . 2
4.2 By demonstration . 2
4.3 By design . 2
5 Test methods with respect to ISO/IEC 18000 parts . 2
5.1 Test requirements for ISO/IEC 18000-63 interrogators and tags . 2
5.2 Test requirements for other parts of ISO/IEC 18000 . 2
6 Test methods with respect to ISO/IEC 29167-19 interrogators and tags .3
6.1 Test map for optional features . 3
6.2 Crypto suite requirements . 3
6.3 Test patterns .12
Bibliography .17
© ISO/IEC 2018 – All rights reserved iii

Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are
members of ISO or IEC participate in the development of International Standards through technical
committees established by the respective organization to deal with particular fields of technical
activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international
organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the
work. In the field of information technology, ISO and IEC have established a joint technical committee,
ISO/IEC JTC 1.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for
the different types of document should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject
of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent
rights. Details of any patent rights identified during the development of the document will be in the
Introduction and/or on the ISO list of patent declarations received (see www .iso .org/patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation on the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO's adherence to the
World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see the following
URL: www .iso .org/iso/foreword .html.
This document was prepared by Technical Committee ISO/IEC JTC 1, Information technology,
Subcommittee SC 31, Automatic identification and data capture techniques.
A list of all parts in the ISO 19823 series can be found on the ISO website.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www .iso .org/members .html.
iv © ISO/IEC 2018 – All rights reserved

Introduction
ISO/IEC 29167 describes security as applicable for ISO/IEC 18000. The various parts of ISO/IEC 29167
describe crypto suites that are optional extensions to the ISO/IEC 18000 air interfaces.
ISO/IEC 19823 describes the conformance test methods for security service crypto suites. ISO/
IEC 19823 is related to ISO/IEC 18047, which describes the radio frequency identification device
conformance test methods, in the same way as ISO/IEC 29167 is related to ISO/IEC 18000.
These relations mean that, for a product that is claimed to be compliant to a pair of ISO/IEC 18000-n
and ISO/IEC 29167-m, the test methods of ISO/IEC 18047-n and ISO/IEC 19823-m apply. If a product
supports more than one part of ISO/IEC 18000 or ISO/IEC 29167, all related parts of ISO/IEC 18047 and
ISO/IEC 19823 apply.
NOTE The conformance test requirements of ISO/IEC 18000-6, ISO/IEC 18000-61, ISO/IEC 18000-62, ISO/
IEC 18000-63, ISO/IEC 18000-64 are currently all in ISO/IEC 18047-6.
This document describes the test methods for the RAMON crypto suite as standardized in ISO/
IEC 29167-19.
NOTE Test methods for interrogator and tag performance are covered by ISO/IEC 18046 (all parts).
© ISO/IEC 2018 – All rights reserved v

INTERNATIONAL STANDARD ISO/IEC 19823-19:2018(E)
Information technology — Conformance test methods for
security service crypto suites —
Part 19:
Crypto suite RAMON
1 Scope
This document describes test methods for determining the conformance of security crypto suites with
the specifications given in ISO/IEC 29167-19.
This document contains conformance tests for all mandatory and optional functions.
The conformance parameters are the following:
— parameters that apply directly, affecting system functionality and inter-operability;
— protocol including commands and replies;
— nominal values and tolerances.
Unless otherwise specified, the tests in this document are exclusively applicable in relation to RFID
tags and interrogators defined in the ISO/IEC 18000 series using a reference to this document.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments) applies.
ISO/IEC 18000-63:2015, Information technology — Radio frequency identification for item management —
Part 63: Parameters for air interface communications at 860 MHz to 960 MHz Type C
ISO/IEC 18047-6:2017, Information technology — Radio frequency identification device conformance test
methods — Part 6: Test methods for air interface communications at 860 MHz to 960 MHz
ISO/IEC 19762, Information technology — Automatic identification and data capture (AIDC) techniques —
Harmonized vocabulary
ISO/IEC 29167-19:2016, Information technology — Automatic identification and data capture techniques —
Part 19: Crypto suite RAMON security services for air interface communications
3 Terms, definitions, symbols and abbreviated terms
For the purposes of this document, the terms and definitions, symbols and abbreviated terms given in
ISO/IEC 19762 apply.
ISO and IEC maintain terminological databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https: //www .iso .org/obp
— IEC Electropedia: available at http: //www .electropedia .org/
© ISO/IEC 2018 – All rights reserved 1

4 Test methods
4.1 General
Clause 4 describes the general test methods for ISO/IEC 29167-19. As the parts of ISO/IEC 19823 are
always tested in relation to ISO/IEC 18047, a duplication of information requirements and specifications
should be avoided.
Clause 5 defines elements that are assumed to be covered in the respective ISO/IEC 18047 part and
therefore shall not be addressed in an ISO/IEC 19823 part. They may only be defined in ISO/IEC 19823 if
ISO/IEC 18047 does not define them, although a revision of ISO/IEC 18047 should be the preferred option.
Clause 6 defines elements that are not expected to be covered by ISO/IEC 18047 and therefore shall be
addressed in the respective ISO/IEC 19823 part.
4.2 By demonstration
Laboratory testing of one, or (if required for statistical reasons) multiple, products, processes or services
to ensure conformance. A laboratory shall perform the indicated testing to ensure conformance of the
component or system.
For Protocol requirements that are verified by demonstration, the test conditions are specified by this
document. The detailed test plan is at the discretion of the laboratory.
4.3 By design
Design parameters and/or theoretical analysis that ensure conformance. A vendor submitting a
component or system for conformance testing shall provide the necessary technical information, in the
form of a technical memorandum or similar. A laboratory shall approve the technical analysis as being
sufficient to ensure conformance of the component or system.
For Protocol requirements that are verified by design, the method of technical analysis is at the
discretion of the submitting vendor and is not specified by this document. In general, the technical
analysis shall have sufficient rigor and technical depth to convince a test engineer knowledgeable of the
Protocol that the particular requirement has been met.
5 Test methods with respect to ISO/IEC 18000 parts
5.1 Test requirements for ISO/IEC 18000-63 interrogators and tags
Interrogators and tags tested according this document shall be based on ISO/IEC 18000-63. Test
requirements for ISO/IEC 18000-63 interrogators and tags shall be as specified in ISO/IEC 18047-
6:2017, Clauses 4 and 5.
Before a DUT is tested according to this document, it shall meet the requirements of ISO/IEC 18047-
6:2017, Clause 8.
5.2 Test requirements for other parts of ISO/IEC 18000
Currently there are no test methods defined for other parts of ISO/IEC 18000.
2 © ISO/IEC 2018 – All rights reserved

6 Test methods with respect to ISO/IEC 29167-19 interrogators and tags
6.1 Test map for optional features
Interrogators and tags tested according this document shall be based on ISO/IEC 29167-19. Table 1
lists all optional features of this crypto suite and shall be used as a template to report the test results.
Furthermore, it is used to refer to the test requirements in Table 2.
Table 1 — Test map for optional features
Mark items to be
Test
# Feature Additional requirement tested for
results
supplied product
1 Mutual authentication Shall be tested with the authenticate command
of the declared ISO/IEC 18000 part
2 Secure communication Shall be tested with the authenticate command
of the declared ISO/IEC 18000 part
3 Key update Shall be tested with the authenticate command
of the declared ISO/IEC 18000 part
4 Number of keys sup-
ported
5 Key length supported
by the tag
Table 2 lists all crypto suite requirements that shall be tested in dependence of the features of Table 1
as supported by the DUT.
6.2 Crypto suite requirements
Table 2 — Crypto suite requirements
Protocol M/O/
a,b
Item Requirement Applies to How to verify
a c
subclause PRM/CRM
1 6.2.1 The Interrogator shall com- M Interrogator By demonstration
pare its generated Interroga- using Test Pattern
tor challenge with the chal- 12 and Test Pattern
lenge it received from the Tag. 14
If the values match, the Tag is
identified.
2 6.2.1 If the Tag provides a signa- M Interr
...