STANDARDS

Standardisation in R&I projects like IMPULSE offers big opportunities. In a first step an overview of the standardisation landscape connected with the projects topic is given. This is intended to raise awareness on what is already on the market and to support the tool developments. Here, we provide the standards, which are the most relevant ones for the IMPULSE project.

We categorised the following standards into FORMAL and INFORMAL STANDARDS:

DIN SPEC 4997
“Privacy by Blockchain Design: A standardised model for processing personal data using blockchain technology”
UNE 71307-1
“Digital Enabling Technologies – Distributed Identities Management Model on Blockchain and other Distributed Ledger Technologies. Part 1: Reference Framework”
CEN/TS 16921
“Personal identification – Borders and law enforcement application profiles for mobile biometric identification systems”
ETSI TS 119 182-1
“Electronic Signatures and Infrastructures (ESI); JAdES digital signatures; Part 1: Building blocks and JAdES baseline signatures”
ISO/IEC 20889
“Privacy enhancing data de-identification terminology and classification of techniques”
ISO/IEC 27001
“Information technology – Security techniques – Information security management systems – Requirements”
ISO/IEC 30107 series
“Information technology — Biometric presentation attack detection”
ETSI GR SAI 001
“Securing Artificial Intelligence (SAI) – AI Threat Ontology”
ETSI GR SAI 002
“Securing Artificial Intelligence (SAI) – Data Supply Chain Security”

A standardisation flyer has been developed by the end of the project to provide a summary on the standardisation activities conducted in IMPULSE, which mainly are linked to the analysis of existing standards and the contribution to standardisation via a liaison with standardisation committees.

Standardisation flyer

FORMAL STANDARDS

DIN SPEC 4997

Privacy by Blockchain Design: A standardised model for processing personal data using blockchain technology

“This DIN SPEC establishes general principles for and methods of handling personal data in BC/DLT systems. It specifies technical and organizational measures for data protection while taking into account the principles of privacy by design as well as specifications that are inspired by legal frameworks, such as the GDPR…”


UNE 71307-1

Digital Enabling Technologies – Decentralized Identities Management Model on Blockchain and other Distributed Ledger Technologies. Part 1: Reference Framework

“This standard defines a reference framework for the management of decentralized identities oriented to people, physical and legal, which includes the description of an approach based on life cycles and the relationship of the main actors that participate in them, as well as the interrelationships among them.” 


CEN/TS 16921

Personal identification – Borders and law enforcement application profiles for mobile biometric identification systems

“This Technical Specification primarily focuses on biometric aspects of portable verification and identification systems for law enforcement and border control authorities. The recommendations given here will balance the needs of security, ease of access and data protection….”


ETSI TS 119 182-1

Electronic Signatures and Infrastructures (ESI); JAdES digital signatures; Part 1: Building blocks and JAdES baseline signatures

“The present document is intended to cover digital signatures supported by PKI and public key certificates, and aims to meet the general requirements of the international community to provide trust and confidence in electronic transactions, including, amongst other, applicable requirements from Regulation (EU) No 910/2014 [i.1].”


ISO/IEC 20889

Privacy enhancing data de-identification terminology and classification of techniques

“This document provides a description of privacy-enhancing data de-identification techniques, to be used to describe and design de-identification measures in accordance with the privacy principles in ISO/IEC 29100.”


ISO/IEC 27001

Information technology – Security techniques – Information security management systems – Requirements

“ISO/IEC 27001:2013 specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization. It also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization…”


ISO/IEC 30107 series

Information technology — Biometric presentation attack detection

Part 1: Framework

“The purpose of ISO/IEC 30107-1 is to provide a foundation for PAD through defining terms and establishing a framework through which presentation attack events can be specified and detected so that they can be categorized, detailed and communicated for subsequent decision making and performance assessment activities.”

Part 2: Data formats

“ISO/IEC 30107-2:2017 defines data formats for conveying the mechanism used in biometric presentation attack detection and for conveying the results of presentation attack detection methods. The attacks considered in the ISO/IEC 30107 series take place at the sensor during the presentation and collection of the biometric characteristics. Any other attacks are outside the scope of this document”

Part 3: Testing and reporting

“ISO/IEC 30107-3:2017 establishes:

– principles and methods for performance assessment of presentation attack detection mechanisms;

– reporting of testing results from evaluations of presentation attack detection mechanisms;

– a classification of known attack types (in an informative annex).”

Part 4: Profile for testing of mobile devices

“This document is a profile that provides requirements for testing biometric presentation attack detection (PAD) mechanisms on mobile devices with local biometric recognition.”


ETSI GR SAI 001

Securing Artificial Intelligence (SAI) – AI Threat Ontology

“The document defines what an Artificial Intelligence (AI) threat is and defines how it can be distinguished from any non-AI threat. The model of an AI threat is presented in the form of an ontology to give a view of the relationships between actors representing threats, threat agents, assets and so forth. The ontology described in the present document applies to AI both as a threat agent and as an attack target.”


ETSI GR SAI 002

Securing Artificial Intelligence (SAI) – Data Supply Chain Security

“The document summarises the methods currently used to source data for training AI, along with a review of existing initiatives for developing data sharing protocols. It then provides a gap analysis on these methods and initiatives to scope possible requirements for standards for ensuring integrity and confidentiality of the shared data, information, and feedback.”


INFORMAL STANDARDS


Decentralized Identifiers (DIDs) v1.0

Information technology – Security techniques – Information security management systems – Requirements

“Decentralized identifiers (DIDs) are a new type of identifier for verifiable, “self-sovereign” digital identity. DIDs are fully under the control of the DID subject, independent from any centralized registry, identity provider, or certificate authority. DIDs resolve to DID Documents — simple documents that describe how to use that specific DID. This document specifies the algorithms and guidelines for resolving DIDs and dereferencing DID URLs.”


Verifiable Credentials Data Model v1.1

“Credentials are a part of our daily lives; driver’s licenses are used to assert that we are capable of operating a motor vehicle, university degrees can be used to assert our level of education, and government-issued passports enable us to travel between countries. This specification provides a mechanism to express these sorts of credentials on the Web in a way that is cryptographically secure, privacy respecting, and machine-verifiable.”


Verifiable Credentials JSON Schema Specification

“The [VC_DATA_MODEL] specifies the models used for Verifiable Credentials and Verifiable Presentations, and explains the relationships between three parties: issuer, holder, and verifier. A critical piece of infrastructure out of the scope of those specifications is the Credential Schema. This specification provides a mechanism to express a Credential Schema and the protocols for evolving the schema.”


JSON-LD 1.1

“JSON is a useful data serialization and messaging format. This specification defines JSON-LD 1.1, a JSON-based format to serialize Linked Data. The syntax is designed to easily integrate into deployed systems that already use JSON, and provides a smooth upgrade path from JSON to JSON-LD…”


OpenId Specifications for Verifiable Credential Issuance

“This specification defines an Application Programming Interface (API) designated as Credential Endpoint that is used to issue verifiable credentials and corresponding OAuth 2.0 based authorisation mechanisms that the Wallet uses to obtain authorisation to receive verifiable credentials.”


OpenId Specifications for Verifiable Presentations

“This specification defines a mechanism on top of OAuth 2.0 [RFC6749] for presentation of claims via verifiable credentials, supporting W3C formats as well as other credential formats. This allows existing OpenID Connect RPs to extend their reach towards claim sources asserting claims in this format. It also allows new applications built using verifiable credentials to utilise OAuth 2.0 or OpenID Connect as integration and interoperability layer towards credential holders.”