Geneva, 10 August 2015
On 17 June 2015, the 109th Ecma General Assembly approved the Standards:
- ECMA-385 4th edition – NFC-SEC: NFCIP-1 Security Services and Protocol
- ECMA-386 3rd edition – NFC-SEC-01: NFC-SEC Cryptography Standard using ECDH and AES
- ECMA-409 2nd edition – NFC-SEC-02: NFC-SEC Cryptography Standard using ECDH-256 and AES-GCM
- ECMA-410 2nd edition – NFC-SEC-03: NFC-SEC Entity Authentication and Key Agreement using Asymmetric Cryptography
- ECMA-411 2nd edition – NFC-SEC-04: NFC-SEC Entity Authentication and Key Agreement using Symmetric Cryptography
NFC has become a ubiquitous tool for citizens to intuitively control everyday interaction with the connected world for payment, access control or personal information access. NFC Security standards are aiming to provide a reliable basis to ensure that we pay the right amount to the right recipient, get access to the right doors, download the right information and prevent others from sniffing our private interaction.
ECMA-385 specifies the NFC-SEC secure channel and shared secret services for NFCIP-1 and the PDUs and protocol for those services. The NFC-SEC cryptography standards identified in the PID registry complement and use the services and protocol specified in this Standard. This fourth edition introduces full alignment with ISO/IEC 13157-1:2014.
ECMA-386 specifies cryptographic mechanisms that use the Elliptic Curves Diffie-Hellman (ECDH) protocol for key agreement and the AES algorithm for data encryption and integrity. This 3rd edition ensures to use the latest references to cryptographic standards.
ECMA-409 specifies cryptographic mechanisms that use the Elliptic Curves Diffie-Hellman (ECDH) protocol with a key length of 256 bits for key agreement and the AES algorithm in GCM mode to provide data authenticated encryption. This 2nd edition introduces references to the latest JTC1/SC27 standards and updates the generation method for StartVar in compliance with ISO/IEC 19772:2009/Cor.1:2014 which also complies with NIST SP 800-38B.
ECMA-410 specifies key agreement and confirmation mechanisms providing mutual authentication, using asymmetric cryptography, and the transport protocol requirements for the exchange between Sender and TTP. This 2nd edition introduces references to the latest JTC1/SC27 standards, including ISO/IEC 9798-3/Amd.1, which specifies Mechanisms involving an on-line trusted third party.
ECMA-411 specifies key agreement and confirmation mechanisms providing mutual authentication, using symmetric cryptography. This 2nd edition introduces references to the latest JTC1/SC27 standards and the StarVar generation method for IV in NFC-SEC-02.
“What all these new standards have in common is an application independent and secure transport layer that will protect NFC devices communicating,” said Reinhard Meindl, Acting Chairman of Ecma TC47 on Near Field Communications and Senior Principal of NXP Semiconductors. “They can effectively deal with typical security threats, such as forgery, data destruction, tampering and MITM attack, in order to ensure the security of NFC communication and the confidentiality, integrity and authenticity of data transfer between devices. TC47 recognizes the significant contributions of the experts of China’s NFC Security Research Group* to the development of these standards and their help in increasing the visibility of Ecma standards in Chinese and global markets.“
These new standards will be submitted to ISO/IEC JTC 1 for approval as international standards under the ISO/IEC fast-track procedure. Earlier versions of ECMA-385 and ECMA-386 are already available as ISO/IEC 13157-1 and ISO/IEC 13157-2 respectively.
* China NFC Security Research Group consists of companies, research institutes and operators focusing on security technologies research and deployment. The member includes China IWNCOMM Co., Ltd., National Engineering Laboratory for Wireless Security, etc.