收藏 分享(赏)

ISO_IEC_30118-2_2021.pdf

上传人:益****师 文档编号:236788 上传时间:2023-03-14 格式:PDF 页数:200 大小:2.77MB
下载 相关 举报
ISO_IEC_30118-2_2021.pdf_第1页
第1页 / 共200页
ISO_IEC_30118-2_2021.pdf_第2页
第2页 / 共200页
ISO_IEC_30118-2_2021.pdf_第3页
第3页 / 共200页
ISO_IEC_30118-2_2021.pdf_第4页
第4页 / 共200页
ISO_IEC_30118-2_2021.pdf_第5页
第5页 / 共200页
ISO_IEC_30118-2_2021.pdf_第6页
第6页 / 共200页
亲,该文档总共200页,到这儿已超出免费预览范围,如果喜欢就下载吧!
资源描述

1、Information technology Open Connectivity Foundation(OCF)SpecificationPart 2:SecurityspecificationTechnologies de linformation Specification de la Fondation pour la connectivit ouverte(Fondation OCF)Partie 2:Spcification de scuritINTERNATIONAL STANDARDISO/IEC 30118-2Second edition 2021-10Reference nu

2、mber ISO/IEC 30118-2:2021(E)ISO/IEC 2021iiISO/IEC 30118-2:2021(E)COPYRIGHT PROTECTED DOCUMENT ISO/IEC 2021All rights reserved.Unless otherwise specified,or required in the context of its implementation,no part of this publication may be reproduced or utilized otherwise in any form or by any means,el

3、ectronic or mechanical,including photocopying,or posting on the internet or an intranet,without prior written permission.Permission can be requested from either ISO at the address below or ISOs member body in the country of the requester.ISO copyright officeCP 401 Ch.de Blandonnet 8CH-1214 Vernier,G

4、enevaPhone:+41 22 749 01 11Email:copyrightiso.orgWebsite:www.iso.orgPublished in Switzerland ISO/IEC 2021 All rights reserved ISO/IEC 30118-2:2021(E)ISO/IEC 2021 All rights reserved iii Contents Page Foreword.ix Introduction.x 1 Scope.1 2 Normative References.1 3 Terms,definitions and abbreviated te

5、rms.3 3.1 Terms and definitions.3 3.2 Symbols and abbreviated terms.5 4 Document conventions and organization.7 4.1 Conventions.7 4.2 Notation.7 4.3 Data types.8 4.4 Document structure.8 5 Security overview.8 5.1 Preamble.8 5.2 Access control.10 5.2.1 Access control general.10 5.2.2 ACL architecture

6、.11 5.3 Onboarding overview.12 5.3.1 Onboarding general.12 5.3.2 Onboarding steps.14 5.3.3 Establishing a Device Owner.15 5.3.4 Provisioning for Normal Operation.16 5.3.5 OCF Compliance Management System.16 5.4 Provisioning.16 5.4.1 Provisioning general.16 5.4.2 Access control provisioning.17 5.4.3

7、Credential provisioning.17 5.4.4 Role provisioning.17 5.5 Secure Resource Manager(SRM).17 5.6 Credential overview.18 5.7 Event logging.18 5.7.1 Event logging general.18 6 Security for the discovery process.19 6.1 Preamble.19 6.2 Security considerations for discovery.19 7 Security provisioning.21 7.1

8、 Device identity.21 7.1.1 General Device identity.21 7.1.2 Device identity for devices with UAID Deprecated.21 7.2 Device ownership.21 7.3 Device Ownership Transfer Methods.22 7.3.1 OTM implementation requirements.22 7.3.2 SharedKey credential calculation.23 7.3.3 Certificate credential generation.2

9、4 7.3.4 Just-Works OTM.24 ISO/IEC 30118-2:2021(E)iv ISO/IEC 2021 All rights reserved 7.3.5 Random PIN based OTM.25 7.3.6 Manufacturer Certificate Based OTM.28 7.3.7 Vendor specific OTMs.30 7.3.8 Establishing Owner Credentials.31 7.3.9 Security profile assignment.34 7.4 Provisioning.35 7.4.1 Provisio

10、ning flows.35 8 Device Onboarding state definitions.36 8.1 Device Onboarding general.36 8.2 Device Onboarding-Reset state definition.37 8.3 Device Ready-for-OTM State definition.38 8.4 Device Ready-for-Provisioning State Definition.39 8.5 Device Ready-for-Normal-Operation state definition.39 8.6 Dev

11、ice Soft Reset State definition.40 9 Security Credential management.41 9.1 Preamble.41 9.2 Credential lifecycle.41 9.2.1 Credential lifecycle general.41 9.2.2 Creation.41 9.2.3 Deletion.41 9.2.4 Refresh.41 9.2.5 Revocation.42 9.3 Credential types.42 9.3.1 Preamble.42 9.3.2 Pair-wise symmetric key cr

12、edentials.42 9.3.3 Group symmetric key credentials.42 9.3.4 Asymmetric authentication key credentials.43 9.3.5 Asymmetric Key Encryption Key credentials.43 9.3.6 Certificate credentials.44 9.3.7 Password credentials.44 9.4 Certificate based key management.44 9.4.1 Overview.44 9.4.2 X.509 digital cer

13、tificate profiles.45 9.4.3 Certificate Revocation List(CRL)Profile deprecated.54 9.4.4 Resource model.54 9.4.5 Certificate provisioning.54 9.4.6 CRL provisioning deprecated.55 10 Device authentication.55 10.1 Device authentication general.55 10.2 Device authentication with symmetric key credentials.

14、56 10.3 Device authentication with raw asymmetric key credentials.56 10.4 Device authentication with certificates.56 10.4.1 Device authentication with certificates general.56 10.4.2 Role assertion with certificates.57 10.4.3 OCF PKI Roots.58 10.4.4 PKI Trust Store.58 10.4.5 Path Validation and exten

15、sion processing.59 ISO/IEC 30118-2:2021(E)ISO/IEC 2021 All rights reserved v 11 Message integrity and confidentiality.59 11.1 Preamble.59 11.2 Session protection with DTLS.59 11.2.1 DTLS protection general.59 11.2.2 Unicast session semantics.59 11.3 Cipher suites.59 11.3.1 Cipher suites general.59 1

16、1.3.2 Cipher suites for Device Ownership Transfer.60 11.3.3 Cipher Suites for symmetric keys.60 11.3.4 Cipher auites for asymmetric credentials.61 12 Access control.62 12.1 ACL generation and management.62 12.2 ACL evaluation and enforcement.62 12.2.1 ACL evaluation and enforcement general.62 12.2.2 Host reference matching.62 12.2.3 Resource wildcard matching.62 12.2.4 Multiple criteria matching.63 12.2.5 Subject matching using wildcards.63 12.2.6 Subject matching using roles.64 12.2.7 ACL evalu

展开阅读全文
相关资源
猜你喜欢
相关搜索

当前位置:首页 > 专业资料 > 国外标准

copyright@ 2008-2023 wnwk.com网站版权所有

经营许可证编号:浙ICP备2024059924号-2