{"id":402429,"date":"2024-10-20T05:01:08","date_gmt":"2024-10-20T05:01:08","guid":{"rendered":"https:\/\/pdfstandards.shop\/product\/uncategorized\/bs-iso-iec-30118-22021-2\/"},"modified":"2024-10-26T08:55:55","modified_gmt":"2024-10-26T08:55:55","slug":"bs-iso-iec-30118-22021-2","status":"publish","type":"product","link":"https:\/\/pdfstandards.shop\/product\/publishers\/bsi\/bs-iso-iec-30118-22021-2\/","title":{"rendered":"BS ISO\/IEC 30118-2:2021"},"content":{"rendered":"

PDF Catalog<\/h4>\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
PDF Pages<\/th>\nPDF Title<\/th>\n<\/tr>\n
2<\/td>\nundefined <\/td>\n<\/tr>\n
11<\/td>\nForeword <\/td>\n<\/tr>\n
12<\/td>\nIntroduction <\/td>\n<\/tr>\n
15<\/td>\n1 Scope
2 Normative References <\/td>\n<\/tr>\n
17<\/td>\n3 Terms, definitions and abbreviated terms
3.1 Terms and definitions <\/td>\n<\/tr>\n
19<\/td>\n3.2 Symbols and abbreviated terms <\/td>\n<\/tr>\n
21<\/td>\n4 Document conventions and organization
4.1 Conventions
4.2 Notation <\/td>\n<\/tr>\n
22<\/td>\n4.3 Data types
4.4 Document structure
5 Security overview
5.1 Preamble <\/td>\n<\/tr>\n
24<\/td>\n5.2 Access control
5.2.1 Access control general <\/td>\n<\/tr>\n
25<\/td>\n5.2.2 ACL architecture <\/td>\n<\/tr>\n
26<\/td>\n5.3 Onboarding overview
5.3.1 Onboarding general <\/td>\n<\/tr>\n
28<\/td>\n5.3.2 Onboarding steps <\/td>\n<\/tr>\n
29<\/td>\n5.3.3 Establishing a Device Owner <\/td>\n<\/tr>\n
30<\/td>\n5.3.4 Provisioning for Normal Operation
5.3.5 OCF Compliance Management System
5.4 Provisioning
5.4.1 Provisioning general <\/td>\n<\/tr>\n
31<\/td>\n5.4.2 Access control provisioning
5.4.3 Credential provisioning
5.4.4 Role provisioning
5.5 Secure Resource Manager (SRM) <\/td>\n<\/tr>\n
32<\/td>\n5.6 Credential overview
5.7 Event logging
5.7.1 Event logging general <\/td>\n<\/tr>\n
33<\/td>\n6 Security for the discovery process
6.1 Preamble
6.2 Security considerations for discovery <\/td>\n<\/tr>\n
35<\/td>\n7 Security provisioning
7.1 Device identity
7.1.1 General Device identity
7.1.2 Device identity for devices with UAID [Deprecated]
7.2 Device ownership <\/td>\n<\/tr>\n
36<\/td>\n7.3 Device Ownership Transfer Methods
7.3.1 OTM implementation requirements <\/td>\n<\/tr>\n
37<\/td>\n7.3.2 SharedKey credential calculation <\/td>\n<\/tr>\n
38<\/td>\n7.3.3 Certificate credential generation
7.3.4 Just-Works OTM
7.3.4.1 Just-Works OTM general <\/td>\n<\/tr>\n
39<\/td>\n7.3.4.2 Security considerations
7.3.5 Random PIN based OTM
7.3.5.1 Random PIN based OTM general
7.3.5.2 Random PIN based Owner Transfer sequence <\/td>\n<\/tr>\n
41<\/td>\n7.3.5.3 Security considerations <\/td>\n<\/tr>\n
42<\/td>\n7.3.6 Manufacturer Certificate Based OTM
7.3.6.1 Manufacturer Certificate Based OTM general
7.3.6.2 Certificate Profiles
7.3.6.3 Certificate Owner Transfer sequence security considerations <\/td>\n<\/tr>\n
43<\/td>\n7.3.6.4 Manufacturer Certificate Based OTM sequence <\/td>\n<\/tr>\n
44<\/td>\n7.3.6.5 Security considerations
7.3.7 Vendor specific OTMs
7.3.7.1 Vendor specific OTM general
7.3.7.2 Vendor-specific Owner Transfer Sequence Example <\/td>\n<\/tr>\n
45<\/td>\n7.3.7.3 Security considerations
7.3.8 Establishing Owner Credentials <\/td>\n<\/tr>\n
48<\/td>\n7.3.9 Security profile assignment <\/td>\n<\/tr>\n
49<\/td>\n7.4 Provisioning
7.4.1 Provisioning flows
7.4.1.1 Provisioning flows general
7.4.1.2 Client-directed provisioning <\/td>\n<\/tr>\n
50<\/td>\n7.4.1.3 Server-directed provisioning [DEPRECATED]
7.4.1.4 Server-directed provisioning involving multiple support services [DEPRECATED]
8 Device Onboarding state definitions
8.1 Device Onboarding general <\/td>\n<\/tr>\n
51<\/td>\n8.2 Device Onboarding-Reset state definition <\/td>\n<\/tr>\n
52<\/td>\n8.3 Device Ready-for-OTM State definition <\/td>\n<\/tr>\n
53<\/td>\n8.4 Device Ready-for-Provisioning State Definition
8.5 Device Ready-for-Normal-Operation state definition <\/td>\n<\/tr>\n
54<\/td>\n8.6 Device Soft Reset State definition <\/td>\n<\/tr>\n
55<\/td>\n9 Security Credential management
9.1 Preamble
9.2 Credential lifecycle
9.2.1 Credential lifecycle general
9.2.2 Creation
9.2.3 Deletion
9.2.4 Refresh <\/td>\n<\/tr>\n
56<\/td>\n9.2.5 Revocation
9.3 Credential types
9.3.1 Preamble
9.3.2 Pair-wise symmetric key credentials
9.3.3 Group symmetric key credentials <\/td>\n<\/tr>\n
57<\/td>\n9.3.4 Asymmetric authentication key credentials
9.3.4.1 Asymmetric authentication key credentials general
9.3.4.2 External creation of asymmetric authentication key credentials
9.3.5 Asymmetric Key Encryption Key credentials <\/td>\n<\/tr>\n
58<\/td>\n9.3.6 Certificate credentials
9.3.7 Password credentials
9.4 Certificate based key management
9.4.1 Overview <\/td>\n<\/tr>\n
59<\/td>\n9.4.2 X.509 digital certificate profiles
9.4.2.1 Digital certificate profile general
9.4.2.2 Certificate profile and fields
9.4.2.2.1 Root CA certificate profile <\/td>\n<\/tr>\n
60<\/td>\n9.4.2.2.2 Intermediate CA certificate profile <\/td>\n<\/tr>\n
61<\/td>\n9.4.2.2.3 End-Entity Black certificate profile <\/td>\n<\/tr>\n
64<\/td>\n9.4.2.2.4 OCF Compliance X.509v3 Extension <\/td>\n<\/tr>\n
65<\/td>\n9.4.2.2.5 Manufacturer Usage Description (MUD) X.509v3 Extension
9.4.2.2.6 OCF Security Claims X.509v3 Extension
9.4.2.2.7 OCF Certified Product List Attributes X.509v3 Extension <\/td>\n<\/tr>\n
66<\/td>\n9.4.2.3 Supported certificate extensions <\/td>\n<\/tr>\n
68<\/td>\n9.4.2.4 Cipher suite for authentication, confidentiality and integrity
9.4.2.5 Encoding of certificate
9.4.3 Certificate Revocation List (CRL) Profile [deprecated]
9.4.4 Resource model
9.4.5 Certificate provisioning <\/td>\n<\/tr>\n
69<\/td>\n9.4.6 CRL provisioning [deprecated]
10 Device authentication
10.1 Device authentication general <\/td>\n<\/tr>\n
70<\/td>\n10.2 Device authentication with symmetric key credentials
10.3 Device authentication with raw asymmetric key credentials
10.4 Device authentication with certificates
10.4.1 Device authentication with certificates general <\/td>\n<\/tr>\n
71<\/td>\n10.4.2 Role assertion with certificates <\/td>\n<\/tr>\n
72<\/td>\n10.4.3 OCF PKI Roots
10.4.4 PKI Trust Store <\/td>\n<\/tr>\n
73<\/td>\n10.4.5 Path Validation and extension processing
11 Message integrity and confidentiality
11.1 Preamble
11.2 Session protection with DTLS
11.2.1 DTLS protection general
11.2.2 Unicast session semantics
11.3 Cipher suites
11.3.1 Cipher suites general <\/td>\n<\/tr>\n
74<\/td>\n11.3.2 Cipher suites for Device Ownership Transfer
11.3.2.1 Just Works Method cipher suites
11.3.2.2 Random PIN Method cipher suites
11.3.2.3 Certificate Method cipher suites
11.3.3 Cipher Suites for symmetric keys <\/td>\n<\/tr>\n
75<\/td>\n11.3.4 Cipher auites for asymmetric credentials <\/td>\n<\/tr>\n
76<\/td>\n12 Access control
12.1 ACL generation and management
12.2 ACL evaluation and enforcement
12.2.1 ACL evaluation and enforcement general
12.2.2 Host reference matching
12.2.3 Resource wildcard matching <\/td>\n<\/tr>\n
77<\/td>\n12.2.4 Multiple criteria matching
12.2.5 Subject matching using wildcards <\/td>\n<\/tr>\n
78<\/td>\n12.2.6 Subject matching using roles
12.2.7 ACL evaluation
12.2.7.1 ACE2 matching algorithm <\/td>\n<\/tr>\n
79<\/td>\n12.2.7.2 ACL considerations for batch request to the Atomic Measurement Resource Type
12.2.7.3 ACL considerations for a batch OCF Interface request to a Collection
12.2.7.4 ACL Considerations on creation of a new Resource <\/td>\n<\/tr>\n
80<\/td>\n13 Security Resources
13.1 Security Resources general <\/td>\n<\/tr>\n
82<\/td>\n13.2 Device Owner Transfer Resource
13.2.1 Device Owner Transfer Resource General <\/td>\n<\/tr>\n
85<\/td>\n13.2.2 OCF defined OTMs
13.3 Credential Resource
13.3.1 Credential Resource general <\/td>\n<\/tr>\n
90<\/td>\n13.3.2 Properties of the Credential Resource
13.3.2.1 Credential ID
13.3.2.2 Subject UUID <\/td>\n<\/tr>\n
91<\/td>\n13.3.2.3 Role ID
13.3.2.4 Credential type
13.3.2.5 Public data
13.3.2.6 Private data
13.3.2.7 Optional data
13.3.2.8 Period
13.3.2.9 Credential Refresh Method type definition [deprecated]
13.3.2.10 Credential usage <\/td>\n<\/tr>\n
92<\/td>\n13.3.2.11 Resource Owner
13.3.3 Key formatting
13.3.3.1 Symmetric key formatting
13.3.3.2 Asymmetric keys
13.3.3.3 Asymmetric keys with certificate
13.3.3.4 Passwords <\/td>\n<\/tr>\n
93<\/td>\n13.3.4 Credential Refresh Method details [deprecated]
13.4 Certificate Revocation List
13.4.1 CRL Resource definition [deprecated]
13.5 ACL Resources
13.5.1 ACL Resources general
13.5.2 OCF Access Control List (ACL) BNF defines ACL structures. <\/td>\n<\/tr>\n
94<\/td>\n13.5.3 ACL Resource <\/td>\n<\/tr>\n
99<\/td>\n13.6 Access Manager ACL Resource [deprecated]
13.7 Signed ACL Resource [deprecated]
13.8 Provisioning Status Resource <\/td>\n<\/tr>\n
105<\/td>\n13.9 Certificate Signing Request Resource
13.10 Roles Resource <\/td>\n<\/tr>\n
107<\/td>\n13.11 Auditable Events List Resource
13.11.1 Auditable Events List Resource general <\/td>\n<\/tr>\n
110<\/td>\n13.12 Security Virtual Resources (SVRs) and Access Policy <\/td>\n<\/tr>\n
111<\/td>\n13.13 SVRs, discoverability and OCF Endpoints
13.14 Additional privacy consideration for Core Resources <\/td>\n<\/tr>\n
112<\/td>\n13.15 Easy Setup Resource Device state <\/td>\n<\/tr>\n
114<\/td>\n13.16 List of Auditable Events <\/td>\n<\/tr>\n
116<\/td>\n13.17 Security Domain Information Resource <\/td>\n<\/tr>\n
117<\/td>\n14 Security hardening guidelines\/ execution environment security
14.1 Preamble
14.2 Execution environment elements
14.2.1 Execution environment elements general
14.2.2 Secure storage
14.2.2.1 Secure storage general <\/td>\n<\/tr>\n
118<\/td>\n14.2.2.2 Hardware secure storage <\/td>\n<\/tr>\n
119<\/td>\n14.2.2.3 Software storage
14.2.2.4 Additional security guidelines and best practices <\/td>\n<\/tr>\n
120<\/td>\n14.2.3 Secure execution engine
14.2.4 Trusted input\/output paths
14.2.5 Secure clock <\/td>\n<\/tr>\n
121<\/td>\n14.2.6 Approved algorithms
14.2.7 Hardware tamper protection
14.3 Secure Boot
14.3.1 Concept of software module authentication <\/td>\n<\/tr>\n
123<\/td>\n14.3.2 Secure Boot process
14.3.3 Robustness requirements
14.3.3.1 Robustness general
14.3.3.2 Next steps <\/td>\n<\/tr>\n
124<\/td>\n14.4 Attestation
14.5 Software Update
14.5.1 Overview
14.5.2 Recognition of current differences <\/td>\n<\/tr>\n
125<\/td>\n14.5.2.1 Checking availability of new software
14.5.3 Software Version Validation
14.5.4 Software Update
14.5.4.1 State of Device after software update <\/td>\n<\/tr>\n
126<\/td>\n14.5.5 Recommended usage
14.6 Non-OCF Endpoint interoperability
14.7 Security levels <\/td>\n<\/tr>\n
127<\/td>\n14.8 Security Profiles
14.8.1 Security Profiles general <\/td>\n<\/tr>\n
128<\/td>\n14.8.2 Identification of Security Profiles (Normative)
14.8.2.1 Security Profiles in prior documents
14.8.2.2 Security Profile Resource definition
Table 59 defines the Properties of “\/oic\/sec\/sp” Resource. <\/td>\n<\/tr>\n
129<\/td>\nThe following OIDs are defined to uniquely identify Security Profiles. Future Security Profiles or changes to existing Security Profiles may result in a new ocfSecurityProfileOID.
14.8.3 Security Profiles
14.8.3.1 Security Profiles general
14.8.3.2 Security Profile Unspecified (sp-unspecified-v0)
14.8.3.3 Security Profile Baseline v0 (sp-baseline-v0) <\/td>\n<\/tr>\n
130<\/td>\n14.8.3.4 Security Profile Black (sp-black-v0)
14.8.3.4.1 Black Profile general
14.8.3.4.2 Devices Targeted for Security Profile Black v0
14.8.3.4.3 Requirements for Certification at Security Profile Black (normative) <\/td>\n<\/tr>\n
131<\/td>\n14.8.3.5 Security Profile Blue v0 (sp-blue-v0)
14.8.3.5.1 Blue Profile General
14.8.3.5.2 Platforms and Devices for Security Profile Blue v0
14.8.3.5.3 Requirements for Certification at Security Profile Blue v0 <\/td>\n<\/tr>\n
133<\/td>\n14.8.3.6 Security Profile Purple v0 (sp-purple-v0) <\/td>\n<\/tr>\n
134<\/td>\n15 Device Type specific requirements
15.1 Bridging security
15.1.1 Universal requirements for Bridging to another Ecosystem <\/td>\n<\/tr>\n
135<\/td>\n15.1.2 Additional security requirements specific to bridged protocols
15.1.2.1 Additional security requirements specific to the AllJoyn protocol <\/td>\n<\/tr>\n
136<\/td>\n15.1.2.2 Additional security requirements specific to the Bluetooth LE protocol
15.1.2.3 Additional security requirements specific to the oneM2M protocols
15.1.2.4 Additional security requirements specific to the U+ protocol
15.1.2.5 Additional security requirements specific to the Z-Wave protocol
15.1.2.6 Additional security requirements specific to the Zigbee protocol
15.1.2.7 Additional security requirements specific to the EnOcean Radio protocol <\/td>\n<\/tr>\n
137<\/td>\nAnnex A (informative) Access control examples
A.1 Example OCF ACL Resource <\/td>\n<\/tr>\n
138<\/td>\nAnnex B (informative) Execution environment security profiles <\/td>\n<\/tr>\n
139<\/td>\nAnnex C (normative) Resource Type definitions
C.1 List of Resource Type definitions
C.2 Access Control List-2
C.2.1 Introduction
C.2.2 Well-known URI
C.2.3 Resource type
C.2.4 OpenAPI 2.0 definition <\/td>\n<\/tr>\n
147<\/td>\nC.2.5 Property definition
C.2.6 CRUDN behaviour <\/td>\n<\/tr>\n
148<\/td>\nC.3 Credential
C.3.1 Introduction
C.3.2 Well-known URI
C.3.3 Resource type
C.3.4 OpenAPI 2.0 definition <\/td>\n<\/tr>\n
157<\/td>\nC.3.5 Property definition
C.3.6 CRUDN behaviour
C.4 Certificate Signing Request
C.4.1 Introduction
C.4.2 Well-known URI
C.4.3 Resource type <\/td>\n<\/tr>\n
158<\/td>\nC.4.4 OpenAPI 2.0 definition <\/td>\n<\/tr>\n
159<\/td>\nC.4.5 Property definition
C.4.6 CRUDN behaviour <\/td>\n<\/tr>\n
160<\/td>\nC.5 Device Owner Transfer Method
C.5.1 Introduction
C.5.2 Well-known URI
C.5.3 Resource type
C.5.4 OpenAPI 2.0 definition <\/td>\n<\/tr>\n
163<\/td>\nC.5.5 Property definition <\/td>\n<\/tr>\n
164<\/td>\nC.5.6 CRUDN behaviour <\/td>\n<\/tr>\n
165<\/td>\nC.6 Device provisioning status
C.6.1 Introduction
C.6.2 Well-known URI
C.6.3 Resource type
C.6.4 OpenAPI 2.0 definition <\/td>\n<\/tr>\n
168<\/td>\nC.6.5 Property definition <\/td>\n<\/tr>\n
172<\/td>\nC.6.6 CRUDN behaviour
C.7 Asserted roles
C.7.1 Introduction
C.7.2 Well-known URI
C.7.3 Resource type
C.7.4 OpenAPI 2.0 definition <\/td>\n<\/tr>\n
180<\/td>\nC.7.5 Property definition <\/td>\n<\/tr>\n
181<\/td>\nC.7.6 CRUDN behaviour
C.8 Security Profile
C.8.1 Introduction
C.8.2 Well-known URI
C.8.3 Resource type
C.8.4 OpenAPI 2.0 definition <\/td>\n<\/tr>\n
183<\/td>\nC.8.5 Property definition <\/td>\n<\/tr>\n
184<\/td>\nC.8.6 CRUDN behaviour
C.9 Auditable Event List
C.9.1 Introduction
C.9.2 Well-known URI
C.9.3 Resource type
C.9.4 OpenAPI 2.0 definition <\/td>\n<\/tr>\n
188<\/td>\nC.9.5 Property definition <\/td>\n<\/tr>\n
191<\/td>\nC.9.6 CRUDN behaviour
C.10 OCF Security Domain information
C.10.1 Introduction
C.10.2 Well-known URI
C.10.3 Resource type
C.10.4 OpenAPI 2.0 definition <\/td>\n<\/tr>\n
193<\/td>\nC.10.5 Property definition <\/td>\n<\/tr>\n
194<\/td>\nC.10.6 CRUDN behaviour <\/td>\n<\/tr>\n
195<\/td>\nAnnex D (informative) OID definitions <\/td>\n<\/tr>\n
197<\/td>\nAnnex E (informative) Security considerations specific to Bridged Protocols
E.1 Security considerations specific to the AllJoyn Protocol
E.2 Security considerations specific to the Bluetooth LE Protocol <\/td>\n<\/tr>\n
198<\/td>\nE.3 Security considerations specific to the oneM2M Protocol
E.4 Security considerations specific to the U+ Protocol
E.5 Security considerations specific to the Z-Wave Protocol <\/td>\n<\/tr>\n
200<\/td>\nE.6 Security considerations specific to the Zigbee Protocol
E.7 Security considerations specific to the the EnOcean Radio Protocol <\/td>\n<\/tr>\n<\/table>\n","protected":false},"excerpt":{"rendered":"

Information technology. Open Connectivity Foundation (OCF) Specification – Security specification<\/b><\/p>\n\n\n\n\n
Published By<\/td>\nPublication Date<\/td>\nNumber of Pages<\/td>\n<\/tr>\n
BSI<\/b><\/a><\/td>\n2022<\/td>\n204<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n","protected":false},"featured_media":402437,"template":"","meta":{"rank_math_lock_modified_date":false,"ep_exclude_from_search":false},"product_cat":[2641],"product_tag":[],"class_list":{"0":"post-402429","1":"product","2":"type-product","3":"status-publish","4":"has-post-thumbnail","6":"product_cat-bsi","8":"first","9":"instock","10":"sold-individually","11":"shipping-taxable","12":"purchasable","13":"product-type-simple"},"_links":{"self":[{"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/product\/402429","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/product"}],"about":[{"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/types\/product"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/media\/402437"}],"wp:attachment":[{"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/media?parent=402429"}],"wp:term":[{"taxonomy":"product_cat","embeddable":true,"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/product_cat?post=402429"},{"taxonomy":"product_tag","embeddable":true,"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/product_tag?post=402429"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}