Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
IEC 10373-3-12:2016 – Test Methods for Contactless Integrated Circuit Cards and Relay Attack Prevention
Standardizing Performance Evaluation for Proximity Cards and Coupling Devices Operating at 13.56 MHz
Scope
IEC 10373-3-12:2016 (developed jointly with ISO/IEC JTC 1/SC 17) is part of the multi-series standard covering test methods for identification cards. This specific part focuses on contactless integrated circuit cards (CICC) – also known as proximity cards – and proximity coupling devices (PCDs) operating at 13.56 MHz. The document defines uniform test methods for measuring the physical and electrical parameters that determine interoperability and security, with special emphasis on relay attack (mafia fraud) prevention techniques.
The standard applies to cards and readers conforming to ISO/IEC 14443 (Type A and Type B) and is essential for applications such as payment, access control, transport ticketing, and electronic passports. Test methods cover field strength, modulation depth, data timing, load modulation amplitude, and the distance bounding capabilities used to thwart relay attacks.
Technical Requirements
The test methods in IEC 10373-3-12:2016 are structured into several clauses, each addressing a critical performance parameter. Testing must be performed under controlled environmental conditions (temperature, humidity, electromagnetic interference) using calibrated reference equipment. Key technical parameters include the following:
| Parameter | Clause | Measurement Requirement |
|---|---|---|
| RF Field Strength (H) | 5 | Determined at the card test position using a calibrated loop antenna and a reference PCD. Typical range: 1.5 A/m to 7.5 A/m. |
| Modulation Depth (PCD → CICC) | 6 | Measured as (A – B) / (A + B); must lie between 10 % and 30 % for both Type A and Type B. |
| Load Modulation Amplitude | 7 | Measured using a sense coil. The amplitude of the subcarrier modulation shall exceed a specified threshold (e.g., 30 mV at 847 kHz). |
| Turnaround / Frame Timing | 8 | Delay between PCD request and CICC response; must respect ISO/IEC 14443 limits. For relay attack prevention, the measured Round Trip Time (RTT) must fall within a narrow tolerance window. |
| Distance Bounding (Relay Attack) | 9 | A reference PCD and CICC are used to verify that the communication channel cannot be extended beyond a defined physical distance without detectable timing anomalies. |
Each test method includes a detailed test setup diagram, calibration procedure, and pass/fail criteria. The standard also specifies measurement uncertainty limits for the equipment.
Implementation Highlights
Implementing the test methods of IEC 10373-3-12:2016 requires careful preparation and adherence to the defined procedures. Three aspects deserve special attention:
Tip: Always calibrate the reference PCD and sense antenna using the reference card provided with the calibration kit. Temperature drift can affect field strength measurements; allow the equipment to stabilise for at least 30 minutes before testing.
Test laboratories should invest in a high-speed oscilloscope (≥ 1 GHz bandwidth) for accurate timing measurements, particularly for distance bounding tests. Shielded enclosures (Faraday cages) are mandatory to avoid ambient interference that could mask or alter load modulation patterns.
Caution: The standard distinguishes between Type A and Type B cards. Ensure the reference PCD supports both modulation schemes and that the card-under-test is correctly configured for the intended type. Using an incorrect reference card may produce invalid results.
For relay attack tests, the round-trip time measurement must be synchronised with the PCD’s internal clock. Some implementations use a challenge-response protocol that requires the card to respond within a narrow time window. Laboratories should implement automated test sequences to capture hundreds of RTT samples and statistically verify compliance.
Compliance Notes
Compliance with IEC 10373-3-12:2016 is typically required for product certification to ISO/IEC 14443. Here are key compliance considerations:
Certified Labs: Testing should be performed by an accredited laboratory that participates in proficiency testing programmes. Many payment and transport schemes mandate that test results be obtained from such labs.
Manufacturers must ensure that their products not only pass the parametric tests but also that the test report includes the exact test setup, calibration certificates, and measurement uncertainty budget. The standard expects a clear pass/fail determination for each clause.
Warning: Non‑compliance with the relay attack prevention tests is increasingly considered a critical security flaw. Products that fail distance bounding tests may be rejected by major payment networks and government programmes.
It is also important to note that the standard references several other documents: ISO/IEC 14443-1, -2, -3, -4 for card specifications, and ISO/IEC 10373-1 for general test methods. A complete compliance strategy must address all these normative references.
Frequently Asked Questions
Q: What is the relationship between IEC 10373-3-12:2016 and ISO/IEC 10373-3-12:2016?
A: IEC and ISO have adopted the same text; the standard is dual‑logo identical. Both are considered equivalent. The numeric identifier IEC 10373-3-12 corresponds to ISO/IEC 10373-3-12.
A: IEC and ISO have adopted the same text; the standard is dual‑logo identical. Both are considered equivalent. The numeric identifier IEC 10373-3-12 corresponds to ISO/IEC 10373-3-12.
Q: Does this standard cover only relay attack prevention?
A: No. Although relay attack prevention is a major focus of Part 12, the standard also provides test methods for field strength, modulation, and timing that are directly used for basic interoperability testing.
A: No. Although relay attack prevention is a major focus of Part 12, the standard also provides test methods for field strength, modulation, and timing that are directly used for basic interoperability testing.
Q: What equipment is essential for implementing the distance bounding tests?
A: A reference PCD with precise timing control, a reference CICC, a digital oscilloscope with deep memory, and a shielded test chamber. The standard also specifies a calibration reference card for verifying the PCD’s field.
A: A reference PCD with precise timing control, a reference CICC, a digital oscilloscope with deep memory, and a shielded test chamber. The standard also specifies a calibration reference card for verifying the PCD’s field.
Q: Can a manufacturer perform these tests in‑house for self‑declaration?
A: While internal testing is useful for development, formal compliance to ISO/IEC 14443 generally requires third‑party testing from an accredited laboratory to ensure impartiality and traceability.
A: While internal testing is useful for development, formal compliance to ISO/IEC 14443 generally requires third‑party testing from an accredited laboratory to ensure impartiality and traceability.