{"id":347373,"date":"2024-10-20T00:25:54","date_gmt":"2024-10-20T00:25:54","guid":{"rendered":"https:\/\/pdfstandards.shop\/product\/uncategorized\/bs-iso-iec-30118-22018\/"},"modified":"2024-10-25T23:56:14","modified_gmt":"2024-10-25T23:56:14","slug":"bs-iso-iec-30118-22018","status":"publish","type":"product","link":"https:\/\/pdfstandards.shop\/product\/publishers\/bsi\/bs-iso-iec-30118-22018\/","title":{"rendered":"BS ISO\/IEC 30118-2:2018"},"content":{"rendered":"

This specification defines security objectives, philosophy, resources and mechanism that impacts OCF base layers of the OCF Core Specification. The OCF Core Specification contains informative security content. The OCF Security specification contains security normative content and may contain informative content related to the OCF base or other OCF specifications.<\/p>\n

PDF Catalog<\/h4>\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
PDF Pages<\/th>\nPDF Title<\/th>\n<\/tr>\n
2<\/td>\nundefined <\/td>\n<\/tr>\n
6<\/td>\nBlank Page <\/td>\n<\/tr>\n
18<\/td>\n1 Scope
2 Normative References <\/td>\n<\/tr>\n
19<\/td>\n3 Terms, Definitions, Symbols and Abbreviations
3.1 Terms and definitions <\/td>\n<\/tr>\n
21<\/td>\n3.2 Symbols and Abbreviations <\/td>\n<\/tr>\n
22<\/td>\n3.3 Conventions <\/td>\n<\/tr>\n
23<\/td>\n4 Document Conventions and Organization
4.1 Notation
4.2 Data types <\/td>\n<\/tr>\n
24<\/td>\n4.3 Document structure <\/td>\n<\/tr>\n
25<\/td>\n5 Security Overview <\/td>\n<\/tr>\n
27<\/td>\n5.1 Access Control <\/td>\n<\/tr>\n
28<\/td>\n5.1.1 ACL Architecture <\/td>\n<\/tr>\n
29<\/td>\n5.1.1.1 Use of local ACLs
5.1.1.2 Use of Access Manager Service <\/td>\n<\/tr>\n
31<\/td>\n5.1.2 Access Control Scoping Levels <\/td>\n<\/tr>\n
32<\/td>\n5.2 Onboarding Overview <\/td>\n<\/tr>\n
34<\/td>\n5.2.1 OnBoarding Steps <\/td>\n<\/tr>\n
35<\/td>\n5.2.2 Establishing a Device Owner <\/td>\n<\/tr>\n
36<\/td>\n5.2.2.1 Preparing the Device for provisioning
5.2.3 Provisioning for Normal Operation <\/td>\n<\/tr>\n
37<\/td>\n5.3 Provisioning
5.3.1 Provisioning a bootstrap service
5.3.2 Provisioning other services <\/td>\n<\/tr>\n
38<\/td>\n5.3.3 Credential provisioning
5.3.4 Role assignment and provisioning
5.3.5 ACL provisioning <\/td>\n<\/tr>\n
39<\/td>\n5.4 Secure Resource Manager (SRM)
5.5 Credential Overview <\/td>\n<\/tr>\n
41<\/td>\n6 Security for the Discovery Process
6.1 Security Considerations for Discovery <\/td>\n<\/tr>\n
44<\/td>\n7 Security Provisioning
7.1 Device Identity
7.1.1 Device Identity for Devices with UAID <\/td>\n<\/tr>\n
45<\/td>\n7.1.1.1 Validation of UAID <\/td>\n<\/tr>\n
46<\/td>\n7.2 Device Ownership
7.3 Device Ownership Transfer Methods
7.3.1 OTM implementation requirements <\/td>\n<\/tr>\n
47<\/td>\n7.3.2 SharedKey Credential Calculation <\/td>\n<\/tr>\n
48<\/td>\n7.3.3 Certificate Credential Generation
7.3.4 Just-Works Owner Transfer Method <\/td>\n<\/tr>\n
49<\/td>\n7.3.4.1 Security Considerations <\/td>\n<\/tr>\n
50<\/td>\n7.3.5 Random PIN Based Owner Transfer Method
7.3.5.1 Random PIN Owner Transfer Sequence <\/td>\n<\/tr>\n
51<\/td>\n7.3.5.2 Security Considerations <\/td>\n<\/tr>\n
52<\/td>\n7.3.6 Manufacturer Certificate Based Owner Transfer Method
7.3.6.1 Certificate Profiles <\/td>\n<\/tr>\n
54<\/td>\n7.3.6.2 Certificate Owner Transfer Sequence Security Considerations <\/td>\n<\/tr>\n
55<\/td>\n7.3.6.3 Manufacturer Certificate Based Owner Transfer Method Sequence <\/td>\n<\/tr>\n
56<\/td>\n7.3.6.4 Security Considerations
7.3.7 Vendor Specific Owner Transfer Methods
7.3.7.1 Vendor-specific Owner Transfer Sequence Example <\/td>\n<\/tr>\n
57<\/td>\n7.3.7.2 Security Considerations
7.3.8 Establishing Owner Credentials <\/td>\n<\/tr>\n
68<\/td>\n7.3.9 Security considerations regarding selecting an Ownership Transfer Method
7.4 Provisioning
7.4.1 Provisioning Flows <\/td>\n<\/tr>\n
69<\/td>\n7.4.1.1 Client-directed Provisioning <\/td>\n<\/tr>\n
70<\/td>\n7.4.1.2 Server-directed Provisioning <\/td>\n<\/tr>\n
72<\/td>\n7.4.1.3 Server-directed Provisioning Involving Multiple Support Services <\/td>\n<\/tr>\n
74<\/td>\n7.5 Bootstrap Example <\/td>\n<\/tr>\n
75<\/td>\n8 Device Onboarding State Definitions <\/td>\n<\/tr>\n
76<\/td>\n8.1 Device Onboarding-Reset State Definition <\/td>\n<\/tr>\n
77<\/td>\n8.2 Device Ready-for-OTM State Definition
8.3 Device Ready-for-Provisioning State Definition <\/td>\n<\/tr>\n
78<\/td>\n8.4 Device Ready-for-Normal-Operation State Definition
8.5 Device Soft Reset State Definition <\/td>\n<\/tr>\n
81<\/td>\n9 Security Credential Management
9.1 Credential Lifecycle
9.1.1 Creation
9.1.2 Deletion
9.1.3 Refresh <\/td>\n<\/tr>\n
82<\/td>\n9.1.4 Revocation
9.2 Credential Types
9.2.1 Pair-wise Symmetric Key Credentials
9.2.2 Group Symmetric Key Credentials <\/td>\n<\/tr>\n
83<\/td>\n9.2.3 Asymmetric Authentication Key Credentials
9.2.3.1 External Creation of Asymmetric Authentication Key Credentials
9.2.4 Asymmetric Key Encryption Key Credentials <\/td>\n<\/tr>\n
84<\/td>\n9.2.5 Certificate Credentials
9.2.6 Password Credentials
9.3 Certificate Based Key Management
9.3.1 Overview <\/td>\n<\/tr>\n
85<\/td>\n9.3.2 Certificate Format
9.3.2.1 Certificate Profile and Fields <\/td>\n<\/tr>\n
87<\/td>\n9.3.2.2 Supported Certificate Extensions <\/td>\n<\/tr>\n
89<\/td>\n9.3.2.3 Cipher Suite for Authentication, Confidentiality and Integrity <\/td>\n<\/tr>\n
90<\/td>\n9.3.2.4 Encoding of Certificate
9.3.3 CRL Format
9.3.3.1 CRL Profile and Fields <\/td>\n<\/tr>\n
91<\/td>\n9.3.3.2 Encoding of CRL
9.3.4 Resource Model
9.3.5 Certificate Provisioning <\/td>\n<\/tr>\n
92<\/td>\n9.3.6 CRL Provisioning <\/td>\n<\/tr>\n
95<\/td>\n10 Device Authentication
10.1 Device Authentication with Symmetric Key Credentials
10.2 Device Authentication with Raw Asymmetric Key Credentials
10.3 Device Authentication with Certificates <\/td>\n<\/tr>\n
96<\/td>\n10.3.1 Role Assertion with Certificates <\/td>\n<\/tr>\n
98<\/td>\n11 Message Integrity and Confidentiality
11.1 Session Protection with DTLS
11.1.1 Unicast Session Semantics
11.2 Cipher Suites
11.2.1 Cipher Suites for Device Ownership Transfer
11.2.1.1 Just Works Method Cipher Suites
11.2.1.2 Random PIN Method Cipher Suites <\/td>\n<\/tr>\n
99<\/td>\n11.2.1.3 Certificate Method Cipher Suites
11.2.2 Cipher Suites for Symmetric Keys
11.2.3 Cipher Suites for Asymmetric Credentials <\/td>\n<\/tr>\n
100<\/td>\n12 Access Control
12.1 ACL Generation and Management
12.2 ACL Evaluation and Enforcement
12.2.1 Host Reference Matching
12.2.2 Resource Type Matching
12.2.3 Interface Matching
12.2.4 Multiple Criteria Matching <\/td>\n<\/tr>\n
101<\/td>\n12.2.5 Resource Wildcard Matching <\/td>\n<\/tr>\n
102<\/td>\n12.2.6 Subject Matching using Wildcards
12.2.7 Subject Matching using Roles
12.2.8 ACL Evaluation <\/td>\n<\/tr>\n
103<\/td>\n13 Security Resources <\/td>\n<\/tr>\n
104<\/td>\n13.1 Device Owner Transfer Resource <\/td>\n<\/tr>\n
109<\/td>\n13.1.1 OCF defined owner transfer methods
13.2 Credential Resource <\/td>\n<\/tr>\n
115<\/td>\n13.2.1 Properties of the Credential Resource
13.2.1.1 Credential ID
13.2.1.2 Subject UUID <\/td>\n<\/tr>\n
116<\/td>\n13.2.1.3 Role ID
13.2.1.4 Credential Type
13.2.1.5 Public Data
13.2.1.6 Private Data
13.2.1.7 Optional Data
13.2.1.8 Period
13.2.1.9 Credential Refresh Method Type Definition <\/td>\n<\/tr>\n
117<\/td>\n13.2.1.1 Credential Usage
Credential Usage indicates to the Device the circumstances in which a credential should be used. Five values are defined:
\uf0b7 oic.sec.cred.trustca: This certificate is a trust anchor for the purposes of certificate chain validation, as defined in section 10.3.
\uf0b7 oic.sec.cred.cert: This credusage is used for certificates for which the Device possesses the private key and uses it for identity authentication in a secure session, as defined in section 10.3. <\/td>\n<\/tr>\n
118<\/td>\n\uf0b7 oic.sec.cred.rolecert: This credusage is used for certificates for which the Device possesses the private key and uses to assert one or more roles, as defined in section 10.3.1.
\uf0b7 oic.sec.cred.mfgtrustca: This certificate is a trust anchor for the purposes of the Manufacturer Certificate Based Owner Transfer Method as defined in section 7.3.6.
\uf0b7 oic.sec.cred.mfgcert: This certificate is used for certificates for which the Device possesses the private key and uses it for authentication in the Manufacturer Certificate Based Owner Transfer Method as defined in section 7.3.6.
13.2.2 Key Formatting
13.2.2.1 Symmetric Key Formatting
13.2.2.2 Asymmetric Keys
13.2.2.3 Asymmetric Keys with Certificate
13.2.2.4 Passwords
13.2.3 Credential Refresh Method Details
13.2.3.1.1 Provisioning Service
13.2.3.1.2 Pre-Shared Key <\/td>\n<\/tr>\n
119<\/td>\n13.2.3.1.3 Random PIN
13.2.3.1.4 SKDC
13.2.3.1.5 PKCS10 <\/td>\n<\/tr>\n
120<\/td>\n13.2.3.2 Resource Owner
13.3 Certificate Revocation List
13.3.1 CRL Resource Definition
13.4 ACL Resources
13.4.1 OCF Access Control List (ACL) BNF defines ACL structures. <\/td>\n<\/tr>\n
121<\/td>\n13.4.2 ACL Resource <\/td>\n<\/tr>\n
131<\/td>\n13.5 Access Manager ACL Resource
13.6 Signed ACL Resource
13.7 Provisioning Status Resource <\/td>\n<\/tr>\n
140<\/td>\n13.8 Certificate Signing Request Resource <\/td>\n<\/tr>\n
141<\/td>\n13.9 Roles resource <\/td>\n<\/tr>\n
142<\/td>\n13.10 Security Virtual Resources (SVRs) and Access Policy
13.11 SVRs, Discoverability and Endpoints <\/td>\n<\/tr>\n
143<\/td>\n13.12 Privacy Consideration for Core and SVRs <\/td>\n<\/tr>\n
145<\/td>\n14 Core Interaction Patterns Security
14.1 Observer
14.2 Subscription\/Notification
14.3 Groups
14.4 Publish-subscribe Patterns and Notification <\/td>\n<\/tr>\n
146<\/td>\n15 Security Hardening Guidelines\/ Execution Environment Security
15.1 Execution environment elements
15.1.1 Secure Storage <\/td>\n<\/tr>\n
147<\/td>\n15.1.1.1 Hardware secure storage <\/td>\n<\/tr>\n
148<\/td>\n15.1.1.2 Software Storage
15.1.1.3 Additional Security Guidelines and Best Practices
15.1.2 Secure execution engine
15.1.3 Trusted input\/output paths <\/td>\n<\/tr>\n
149<\/td>\n15.1.4 Secure clock
15.1.5 Approved algorithms
15.1.6 Hardware tamper protection <\/td>\n<\/tr>\n
150<\/td>\n15.2 Secure Boot
15.2.1 Concept of software module authentication <\/td>\n<\/tr>\n
151<\/td>\n15.2.2 Secure Boot process
15.2.3 Robustness requirements <\/td>\n<\/tr>\n
152<\/td>\n15.2.3.1 Next steps
15.3 Attestation
15.4 Software Update
15.4.1 Overview:
15.4.2 Recognition of Current Differences
15.4.3 Software Version Validation
15.4.4 Software Update <\/td>\n<\/tr>\n
153<\/td>\n15.4.5 Recommended Usage
15.5 Non-OCF Endpoint interoperability
15.7 Security Levels <\/td>\n<\/tr>\n
154<\/td>\n16 Appendix A: Access Control Examples
16.1 Example OCF ACL Resource
16.2 Example Access Manager Service <\/td>\n<\/tr>\n
155<\/td>\n17 Appendix B: Execution Environment Security Profiles <\/td>\n<\/tr>\n
156<\/td>\n18 Appendix C: RAML Definition
A.1 OICSecurityAclResource
A.1.1 Introduction
A.1.2 Example URI
A.1.3 Resource Type
A.1.4 RAML Definition <\/td>\n<\/tr>\n
160<\/td>\nA.1.5 Property Definition
A.1.6 CRUDN behavior
A.2 OICSecurityAcl2Resource
A.2.1 Introduction
A.2.2 Example URI <\/td>\n<\/tr>\n
161<\/td>\nA.2.3 Resource Type
A.2.4 RAML Definition <\/td>\n<\/tr>\n
165<\/td>\nA.2.5 Property Definition
A.2.6 CRUDN behavior
A.2.7 Referenced JSON schemas
A.2.8 oic.sec.didtype.json
A.2.9 Property Definition
A.2.10 Schema Definition
A.2.11 oic.sec.ace2.json
A.2.12 Property Definition <\/td>\n<\/tr>\n
166<\/td>\nA.2.13 Schema Definition <\/td>\n<\/tr>\n
168<\/td>\nA.2.14 oic.sec.roletype.json
A.2.15 Property Definition
A.2.16 Schema Definition
A.2.17 oic.sec.time-pattern.json
A.2.18 Property Definition
A.2.19 Schema Definition <\/td>\n<\/tr>\n
169<\/td>\nA.2.20 oic.sec.crudntype.json
A.2.21 Property Definition
A.2.22 Schema Definition <\/td>\n<\/tr>\n
170<\/td>\nA.3 OICSecurityAmaclResource
A.3.1 Introduction
A.3.2 Example URI
A.3.3 Resource Type
A.3.4 RAML Definition <\/td>\n<\/tr>\n
173<\/td>\nA.3.5 Property Definition
A.3.6 CRUDN behavior
A.4 OICSecuritySignedAclResource
A.4.1 Introduction
A.4.2 Example URI
A.4.3 Resource Type
A.4.4 RAML Definition <\/td>\n<\/tr>\n
179<\/td>\nA.4.5 Property Definition
A.4.6 CRUDN behavior
A.4.7 Referenced JSON schemas
A.4.8 oic.sec.sigtype.json
A.4.9 Property Definition
A.4.10 Schema Definition <\/td>\n<\/tr>\n
180<\/td>\nA.5 OICSecurityDoxmResource
A.5.1 Introduction
A.5.2 Example URI
A.5.3 Resource Type
A.5.4 RAML Definition <\/td>\n<\/tr>\n
184<\/td>\nA.5.5 Property Definition <\/td>\n<\/tr>\n
185<\/td>\nA.5.6 CRUDN behavior
A.5.7 Referenced JSON schemas
A.5.8 oic.sec.doxmtype.json
A.5.9 Property Definition
A.5.10 Schema Definition
A.5.11 oic.sec.credtype.json
A.5.12 Property Definition
A.5.13 Schema Definition <\/td>\n<\/tr>\n
186<\/td>\nA.6 OICSecurityPstatResource
A.6.1 Introduction
A.6.2 Example URI
A.6.3 Resource Type
A.6.4 RAML Definition <\/td>\n<\/tr>\n
190<\/td>\nA.6.5 Property Definition <\/td>\n<\/tr>\n
191<\/td>\nA.6.6 CRUDN behavior
A.6.7 Referenced JSON schemas
A.6.8 oic.sec.dostype.json
A.6.9 Property Definition
A.6.10 Schema Definition <\/td>\n<\/tr>\n
192<\/td>\nA.6.11 oic.sec.dpmtype.json
A.6.12 Property Definition
A.6.13 Schema Definition
A.6.14 oic.sec.pomtype.json
A.6.15 Property Definition <\/td>\n<\/tr>\n
193<\/td>\nA.6.16 Schema Definition
A.6.17
A.7 OICSecurityCredentialResource
A.7.1 Introduction
A.7.2 Example URI
A.7.3 Resource Type
A.7.4 RAML Definition <\/td>\n<\/tr>\n
197<\/td>\nA.7.5 Property Definition
A.7.6 CRUDN behavior
A.7.7 Referenced JSON schemas
A.7.8 oic.sec.roletype.json
A.7.9 Property Definition <\/td>\n<\/tr>\n
198<\/td>\nA.7.10 Schema Definition
A.7.11 oic.sec.credtype.json
A.7.12 Property Definition
A.7.13 Schema Definition <\/td>\n<\/tr>\n
199<\/td>\nA.7.14 oic.sec.pubdatatype.json
A.7.15 Property Definition
A.7.16 Schema Definition
A.7.17 oic.sec.privdatatype.json
A.7.18 Property Definition <\/td>\n<\/tr>\n
200<\/td>\nA.7.19 Schema Definition
A.7.20 oic.sec.optdatatype.json
A.7.21 Property Definition <\/td>\n<\/tr>\n
201<\/td>\nA.7.22 Schema Definition
A.7.23 oic.sec.crmtype.json
A.7.24 Property Definition
A.7.25 Schema Definition <\/td>\n<\/tr>\n
202<\/td>\nA.8 OICSecurityCsrResource
A.8.1 Introduction
A.8.2 Example URI
A.8.3 Resource Type
A.8.4 RAML Definition <\/td>\n<\/tr>\n
203<\/td>\nA.8.5 Property Definition
A.8.6 CRUDN behavior
A.9 OICSecurityRolesResource
A.9.1 Introduction <\/td>\n<\/tr>\n
204<\/td>\nA.9.2 Example URI
A.9.3 Resource Type
A.9.4 RAML Definition <\/td>\n<\/tr>\n
207<\/td>\nA.9.5 Property Definition
A.9.6 CRUDN behavior
A.10 OICSecurityCrlResource
A.10.1 Introduction
A.10.2 Example URI
A.10.3 Resource Type
A.10.4 RAML Definition <\/td>\n<\/tr>\n
210<\/td>\nA.10.5 Property Definition <\/td>\n<\/tr>\n
211<\/td>\nA.10.6 CRUDN behavior <\/td>\n<\/tr>\n<\/table>\n","protected":false},"excerpt":{"rendered":"

Information technology. Open Connectivity Foundation (OCF) Specification – Security specification<\/b><\/p>\n\n\n\n\n
Published By<\/td>\nPublication Date<\/td>\nNumber of Pages<\/td>\n<\/tr>\n
BSI<\/b><\/a><\/td>\n2018<\/td>\n212<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n","protected":false},"featured_media":347383,"template":"","meta":{"rank_math_lock_modified_date":false,"ep_exclude_from_search":false},"product_cat":[2641],"product_tag":[],"class_list":{"0":"post-347373","1":"product","2":"type-product","3":"status-publish","4":"has-post-thumbnail","6":"product_cat-bsi","8":"first","9":"instock","10":"sold-individually","11":"shipping-taxable","12":"purchasable","13":"product-type-simple"},"_links":{"self":[{"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/product\/347373","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/product"}],"about":[{"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/types\/product"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/media\/347383"}],"wp:attachment":[{"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/media?parent=347373"}],"wp:term":[{"taxonomy":"product_cat","embeddable":true,"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/product_cat?post=347373"},{"taxonomy":"product_tag","embeddable":true,"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/product_tag?post=347373"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}