STANDARDS

Standardisation in R&I projects like IMPULSE offers big opportunities. In a first step an overview of the standardisation landscape connected with the projects topic is given. This is intended to raise awareness on what is already on the market and to support the tool developments. Here, we provide the standards, which are the most relevant ones for the IMPULSE project.

We categorised the following standards into FORMAL and INFORMAL STANDARDS:

DIN SPEC 4997
“Privacy by Blockchain Design: A standardised model for processing personal data using blockchain technology”
UNE 71307-1
“Digital Enabling Technologies – Distributed Identities Management Model on Blockchain and other Distributed Ledger Technologies. Part 1: Reference Framework”
CEN/TS 16921
“Personal identification – Borders and law enforcement application profiles for mobile biometric identification systems”
ETSI TS 119 182-1
“Electronic Signatures and Infrastructures (ESI); JAdES digital signatures; Part 1: Building blocks and JAdES baseline signatures”
ISO/IEC 20889
“Privacy enhancing data de-identification terminology and classification of techniques”
ISO/IEC 27001
“Information technology – Security techniques – Information security management systems – Requirements”
ISO/IEC 30107 series
“Information technology — Biometric presentation attack detection”

FORMAL STANDARDS

DIN SPEC 4997

Privacy by Blockchain Design: A standardised model for processing personal data using blockchain technology

“…This DIN SPEC establishes general principles for and methods of handling personal data in BC/DLT systems. It specifies technical and organizational measures for data protection while taking into account the principles of privacy by design as well as specifications that are inspired by legal frameworks, such as the GDPR…”


UNE 71307-1

Digital Enabling Technologies – Decentralized Identities Management Model on Blockchain and other Distributed Ledger Technologies. Part 1: Reference Framework

“This standard defines a reference framework for the management of decentralized identities oriented to people, physical and legal, which includes the description of an approach based on life cycles and the relationship of the main actors that participate in them, as well as the interrelationships among them.” 


CEN/TS 16921

Personal identification – Borders and law enforcement application profiles for mobile biometric identification systems

“This Technical Specification primarily focuses on biometric aspects of portable verification and identification systems for law enforcement and border control authorities. The recommendations given here will balance the needs of security, ease of access and data protection….”


ETSI TS 119 182-1

Electronic Signatures and Infrastructures (ESI); JAdES digital signatures; Part 1: Building blocks and JAdES baseline signatures

“The present document is intended to cover digital signatures supported by PKI and public key certificates, and aims to meet the general requirements of the international community to provide trust and confidence in electronic transactions, including, amongst other, applicable requirements from Regulation (EU) No 910/2014 [i.1].”


ISO/IEC 20889

Privacy enhancing data de-identification terminology and classification of techniques

“This document provides a description of privacy-enhancing data de-identification techniques, to be used to describe and design de-identification measures in accordance with the privacy principles in ISO/IEC 29100.”


ISO/IEC 27001

Information technology – Security techniques – Information security management systems – Requirements

“ISO/IEC 27001:2013 specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization. It also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization…”


ISO/IEC 30107 series

Information technology — Biometric presentation attack detection

Part 1: Framework

“The purpose of ISO/IEC 30107-1 is to provide a foundation for PAD through defining terms and establishing a framework through which presentation attack events can be specified and detected so that they can be categorized, detailed and communicated for subsequent decision making and performance assessment activities.”

Part 2: Data formats

“ISO/IEC 30107-2:2017 defines data formats for conveying the mechanism used in biometric presentation attack detection and for conveying the results of presentation attack detection methods. The attacks considered in the ISO/IEC 30107 series take place at the sensor during the presentation and collection of the biometric characteristics. Any other attacks are outside the scope of this document”

Part 3: Testing and reporting

“ISO/IEC 30107-3:2017 establishes:

– principles and methods for performance assessment of presentation attack detection mechanisms;

– reporting of testing results from evaluations of presentation attack detection mechanisms;

– a classification of known attack types (in an informative annex).”

Part 4: Profile for testing of mobile devices

“This document is a profile that provides requirements for testing biometric presentation attack detection (PAD) mechanisms on mobile devices with local biometric recognition.”


INFORMAL STANDARDS


Decentralized Identifiers (DIDs) v1.0

Information technology – Security techniques – Information security management systems – Requirements

“Decentralized identifiers (DIDs) are a new type of identifier for verifiable, “self-sovereign” digital identity. DIDs are fully under the control of the DID subject, independent from any centralized registry, identity provider, or certificate authority. DIDs resolve to DID Documents — simple documents that describe how to use that specific DID. This document specifies the algorithms and guidelines for resolving DIDs and dereferencing DID URLs.”


Verifiable Credentials Data Model v1.1

“Credentials are a part of our daily lives; driver’s licenses are used to assert that we are capable of operating a motor vehicle, university degrees can be used to assert our level of education, and government-issued passports enable us to travel between countries. This specification provides a mechanism to express these sorts of credentials on the Web in a way that is cryptographically secure, privacy respecting, and machine-verifiable.”


Verifiable Credentials JSON Schema Specification

“The [VC_DATA_MODEL] specifies the models used for Verifiable Credentials and Verifiable Presentations, and explains the relationships between three parties: issuer, holder, and verifier. A critical piece of infrastructure out of the scope of those specifications is the Credential Schema. This specification provides a mechanism to express a Credential Schema and the protocols for evolving the schema.”


JSON-LD 1.1

“JSON is a useful data serialization and messaging format. This specification defines JSON-LD 1.1, a JSON-based format to serialize Linked Data. The syntax is designed to easily integrate into deployed systems that already use JSON, and provides a smooth upgrade path from JSON to JSON-LD…”