1、 Reference numberISO/IEC/IEEE 8802-1AR:2014(E)IEEE 2009INTERNATIONAL STANDARD ISO/IEC/IEEE8802-1ARFirst edition2014-02-15Information technology Telecommunications and information exchange between systems Local and metropolitan area networks Part 1AR: Secure device identity Technologies de linformati
2、on Tlcommunications et change dinformation entre systmes Rseaux locaux et mtropolitains Partie 1AR ISO/IEC/IEEE 8802-1AR:2014(E) IEEE 2009 All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form or by any means, electronic or m
3、echanical, including photocopying, or posting on the internet or an intranet, without permission in writing from ISO, IEC or IEEE at the respective address below. ISO copyright office IEC Central Office Institute of Electrical and Electronics Engineers, Inc. Case postale 56 3, rue de Varemb 3 Park A
4、venue, New York CH-1211 Geneva 20 CH-1211 Geneva 20 NY 10016-5997, USA Tel. + 41 22 749 01 11 Switzerland E-mail stds.iprieee.org Fax + 41 22 749 09 47 E-mail inmailiec.ch Web www.ieee.org E-mail copyrightiso.org Web www.iec.ch Web www.iso.org Published in Switzerland ii IEEE 2009 All rights reserve
5、dISO/IEC/IEEE 8802-1AR:2014(E) IEEE 2009 All rights reserved iiiForeword ISO (the International Organization for Standardization) and IEC (the International Electrotechnical Commission) form the specialized system for worldwide standardization. National bodies that are members of ISO or IEC particip
6、ate in the development of International Standards through technical committees established by the respective organization to deal with particular fields of technical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international organizations, governmental a
7、nd non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1. IEEE Standards documents are developed within the IEEE Societies and the Standards Coordinating Committees of
8、 the IEEE Standards Association (IEEE-SA) Standards Board. The IEEE develops its standards through a consensus development process, approved by the American National Standards Institute, which brings together volunteers representing varied viewpoints and interests to achieve the final product. Volun
9、teers are not necessarily members of the Institute and serve without compensation. While the IEEE administers the process and establishes rules to promote fairness in the consensus development process, the IEEE does not independently evaluate, test, or verify the accuracy of any of the information c
10、ontained in its standards. The main task of ISO/IEC JTC 1 is to prepare International Standards. Draft International Standards adopted by the joint technical committee are circulated to national bodies for voting. Publication as an International Standard requires approval by at least 75 % of the nat
11、ional bodies casting a vote. Attention is called to the possibility that implementation of this standard may require the use of subject matter covered by patent rights. By publication of this standard, no position is taken with respect to the existence or validity of any patent rights in connection
12、therewith. ISO/IEEE is not responsible for identifying essential patents or patent claims for which a license may be required, for conducting inquiries into the legal validity or scope of patents or patent claims or determining whether any licensing terms or conditions provided in connection with su
13、bmission of a Letter of Assurance or a Patent Statement and Licensing Declaration Form, if any, or in any licensing agreements are reasonable or non-discriminatory. Users of this standard are expressly advised that determination of the validity of any patent rights, and the risk of infringement of s
14、uch rights, is entirely their own responsibility. Further information may be obtained from ISO or the IEEE Standards Association. ISO/IEC/IEEE 8802-1AR was prepared by the LAN/MAN Standards Committee of the IEEE Computer Society (as IEEE Std 802.1AR-2009). It was adopted by Joint Technical Committee
15、 ISO/IEC JTC 1, Information technology, Subcommittee SC 6, Telecommunications and information exchange between systems, in parallel with its approval by the ISO/IEC national bodies, under the “fast-track procedure” defined in the Partner Standards Development Organization cooperation agreement betwe
16、en ISO and IEEE. IEEE is responsible for the maintenance of this document with participation and input from ISO/IEC national bodies. ISO/IEC/IEEE 8802 consists of the following parts, under the general title Information technology Telecommunications and information exchange between systems Local and
17、 metropolitan area networks: Part 11: Wireless LAN medium access control (MAC) and physical layer (PHY) specifications Part 1X: Port-based network access control Part 1AB: Station and media access control connectivity discovery Part 1AE: Media access control (MAC) security Part 1AR: Secure device id
18、entity Part 1AS: Timing and synchronization for time-sensitive applications in bridged local area networks ISO/IEC/IEEE 8802-1AR:2014(E) iv IEEE 2009 All rights reserved Part 15-4: Wireless medium access control (MAC) and physical layer (PHY) specifications for low-rate wireless personal area networ
19、ks (WPANs) g44g40g40g40;#2323#2323#2323g54g87g71;#2323#2323#2323#88Hfb00711e94d5c5c1ca0806eadb1d9fdc#60H1799d84c33154617be7dc9cccbf2473b#6AH06e18e57934957988f9ad378a216c687#56Hb4497c3721389aa7ae81dc8b22c11fc0#65H8530abb812d887c40de1bf627dadec2fg36g53g140#51H1274c8daa7013003588a36354038d784#6AH06e18e
20、57934957988f9ad378a216c687#60H1799d84c33154617be7dc9cccbf2473b#60H1799d84c33154617be7dc9cccbf2473b#8DH27bc4655660492bc3728422b62e8ef49;#2323#2323#2323g44g40g40g40;#2323#2323#2323g54g87g68g81g71g68g85g71;#2323#2323#2323g73g82g85;#2323#2323#2323 g47g82g70g68g79;#2323#2323#2323g68g81g71;#2323#2323#2323
21、g80g72g87g85g82g83g82g79g76g87g68g81;#2323#2323#2323g68g85g72g68;#2323#2323#2323g81g72g87g90g82g85g78g86g179;#2323#2323#2323g54g72g70g88g85g72;#2323#2323#2323g39g72g89g76g70g72;#2323#2323#2323g44g71g72g81g87g76g87g92g44g40g40g40;#2323#2323#2323g38g82g80g83g88g87g72g85;#2323#2323#2323g54g82g70g76g72g
22、87g92g54g83g82g81g86g82g85g72g71;#2323#2323#2323g69g92;#2323#2323#2323g87g75g72g47g36g49#5BH5f5868c3e2010862c755b59fa6de2288g48g36g49;#2323#2323#2323g54g87g68g81g71g68g85g71g86;#2323#2323#2323g38g82g80g80g76g87g87g72g72g44g40g40g40#6FH490d9ad5a42a81859243381568509af8;#2323#2323#2323g51g68g85g78;#232
23、3#2323#2323g36g89g72g81g88g72;#2323#2323#2323g49g72g90;#2323#2323#2323g60g82g85g78#4CH4b014bede9dfb0fa47bf921fb818617c;#2323#2323#2323g49g60;#2323#2323#2323#65H8530abb812d887c40de1bf627dadec2f#60H1799d84c33154617be7dc9cccbf2473b#60H1799d84c33154617be7dc9cccbf2473b#65H8530abb812d887c40de1bf627dadec2f
24、#7EHfe96bb393f270b3db7469389ba681692#51H1274c8daa7013003588a36354038d784#79Hc80071c5282e292917147850d1dc80dc#8DH27bc4655660492bc3728422b62e8ef49#8DH27bc4655660492bc3728422b62e8ef49#83Hbe3c88f11ad468bf3cb626798b353acb#4CH4b014bede9dfb0fa47bf921fb818617c;#2323#2323#2323g56g54g36;#2323#2323#2323;#2323#
25、2323#2323#6AH06e18e57934957988f9ad378a216c687#6AH06e18e57934957988f9ad378a216c687;#2323#2323#2323g39g72g70g72g80g69g72g85;#2323#2323#2323#6AH06e18e57934957988f9ad378a216c687#60H1799d84c33154617be7dc9cccbf2473b#60H1799d84c33154617be7dc9cccbf2473b#8DH27bc4655660492bc3728422b62e8ef49#88Hfb00711e94d5c5c
26、1ca0806eadb1d9fdc#60H1799d84c33154617be7dc9cccbf2473b#6AH06e18e57934957988f9ad378a216c687#56Hb4497c3721389aa7ae81dc8b22c11fc0#65H8530abb812d887c40de1bf627dadec2fg36g53g55g48#88Hfb00711e94d5c5c1ca0806eadb1d9fdc#60H1799d84c33154617be7dc9cccbf2473bg44g54g50g18g44g40g38g18g44g40g40g40g3g27g27g19g21g16g2
27、0g36g53g29g21g19g20g23g11g40g12The Institute of Electrical and Electronics Engineers, Inc.3 Park Avenue, New York, NY 10016-5997, USACopyright 2009 by the Institute of Electrical and Electronics Engineers, Inc.All rights reserved. Published 22 December 2009. Printed in the United States of America.I
28、EEE and 802 are registered trademarks in the U.S. Patent +1 978 750 8400. Permission to photocopy portions of any individual standard for educationalclassroom use can also be obtained through the Copyright Clearance Center.Copyright 2009 IEEE. All rights reserved. g76g76g76ISO/IEC/IEEE 8802-1AR:2014
29、(E)iv Copyright 2009 IEEE. All rights reserved.IntroductionA secure device identifier (DevID) is a cryptographic identity bound to a device used for assertion of thedevices identity. IEEE Std 802.1AR specifies globally unique per-device identifiers and the management and cryptographic binding of a d
30、evice toits identifiers, the relationship between an initially installed identity and subsequent locally significant identities,and interfaces and methods for use of DevIDs with existing and new provisioning and authenticationprotocols.IEEE Std 802.1AR can be used in conjunction with IEEE Std 802.1X
31、TMB2 and other IEEE and industrystandards that require a secure identifier or credential as part of authentication and provisioning processesthat establish trust in a device.1This is the first edition of IEEE Std 802.1AR.Notice to usersLaws and regulationsUsers of these documents should consult all
32、applicable laws and regulations. Compliance with theprovisions of this standard does not imply compliance to any applicable regulatory requirements.Implementers of the standard are responsible for observing or referring to the applicable regulatoryrequirements. IEEE does not, by the publication of i
33、ts standards, intend to urge action that is not incompliance with applicable laws, and these documents may not be construed as doing so. CopyrightsThis document is copyrighted by the IEEE. It is made available for a wide variety of both public and privateuses. These include both use, by reference, i
34、n laws and regulations, and use in private self-regulation,standardization, and the promotion of engineering practices and methods. By making this documentavailable for use and adoption by public authorities and private users, the IEEE does not waive any rights incopyright to this document.Updating
35、of IEEE documentsUsers of IEEE standards should be aware that these documents may be superseded at any time by theissuance of new editions or may be amended from time to time through the issuance of amendments,corrigenda, or errata. An official IEEE document at any point in time consists of the curr
36、ent edition of thedocument together with any amendments, corrigenda, or errata then in effect. In order to determine whethera given document is the current edition and whether it has been amended through the issuanceof amendments, corrigenda, or errata, visit the IEEE Standards Association website a
37、t http:/ieeexplore.ieee.org/xpl/standards.jsp, or contact the IEEE at the address listed previously.1The numbers in brackets correspond to those of the bibliography in Annex D.This introduction is not part of IEEE Std 802.1AR-2009, IEEE Standard for Local and metropolitan area networksSecure Device
38、Identity.ISO/IEC/IEEE 8802-1AR:2014(E)Copyright 2009 IEEE. All rights reserved. vFor more information about the IEEE Standards Association or the IEEE standards development process,visit the IEEE-SA website at http:/standards.ieee.org.ErrataErrata, if any, for this and all other standards can be acc
39、essed at the following URL: http:/standards.ieee.org/reading/ieee/updates/errata/index.html. Users are encouraged to check this URL forerrata periodically.InterpretationsCurrent interpretations can be accessed at the following URL: http:/standards.ieee.org/reading/ieee/interp/index.html.PatentsAtten
40、tion is called to the possibility that implementation of this standard may require use of subject mattercovered by patent rights. By publication of this standard, no position is taken with respect to the existence orvalidity of any patent rights in connection therewith. A patent holder or patent app
41、licant has filed a statementof assurance that it will grant licenses under these rights without compensation or under reasonable rates,with reasonable terms and conditions that are demonstrably free of any unfair discrimination to applicantsdesiring to obtain such licenses. Other Essential Patent Cl
42、aims may exist for which a statement of assurancehas not been received. The IEEE is not responsible for identifying Essential Patent Claims for which alicense may be required, for conducting inquiries into the legal validity or scope of Patents Claims, ordetermining whether any licensing terms or co
43、nditions provided in connection with submission of a Letter ofAssurance, if any, or in any licensing agreements are reasonable or non-discriminatory. Users of thisstandard are expressly advised that determination of the validity of any patent rights, and the risk ofinfringement of such rights, is en
44、tirely their own responsibility. Further information may be obtained fromthe IEEE Standards Association.ISO/IEC/IEEE 8802-1AR:2014(E)Contents1. Overview . 11.1 Scope 21.2 Purpose. 21.3 Relationship to other standards 22. Normative references 33. Definitions 54. Acronyms and abbreviations 75. Conform
45、ance . 95.1 Requirements terminology. 95.2 Protocol Implementation Conformance Statement 95.3 Required capabilities 95.4 Optional capabilities 105.5 Recommended capabilities 106. Secure Device Identifier Module 116.1 What is a device? . 116.2 Components of a DevID module . 116.3 DevID Service Interf
46、ace 146.4 DevID Management Interface .206.5 PKI hierarchy requirements . 226.6 Trust Model 247. DevID Credential details 277.1 DevID hierarchy credential fields 277.2 DevID credential fields 277.3 Cryptographic Primitives. 318. Management Information Base . 338.1 Internet-Standard Management Framewo
47、rk 338.2 Relationship to other MIB modules. 338.3 Structure of the MIB 338.4 Security considerations 358.5 Definitions for Secure Device Identifier MIB . 36Annex A (normative) PICS Proforma 47A.1 Introduction 47A.2 Abbreviations and special symbols47A.3 Instructions for completing the PICS proforma.
48、 48A.4 PICS proforma for IEEE 802.1AR . 50A.5 Major capabilities and options. 51A.6 DevID Service Interface 51A.7 DevID Management Interface .52A.8 DevID Supplied Information . 52Annex B (normative) Implementing a DevID with a TPM 53B.1 DevID goals . 53B.2 DevID requirements. 54vg76 Copyright 2009 I
49、EEE. All rights reserved.ISO/IEC/IEEE 8802-1AR:2014(E)Annex C (informative) Scenarios for DevID 59C.1 DevID use in EAP-TLS . 59C.2 DevID uses in consumer devices .60C.3 DevID uses in enterprise devices. 60Annex D (informative) Bibliography . 63Annex E (informative) List of participants 6g25Copyright 2009 IEEE. All rights reserved. g89g76iISO/IEC/IEEE 8802-1AR:2014(E)ISO/IEC/IEEE 8802-1AR:2014(E)Copyright 2009 IEEE. All rights reserved. 1IEEE Standard for Local and metropoli
