ISO/IEC 20248:2018 信息技术 自动识别和数据采集技术 数据结构 数字签名元结构

标准编号：ISO/IEC 20248:2018

中文名称：信息技术 自动识别和数据采集技术 数据结构 数字签名元结构

英文名称：Information technology — Automatic identification and data capture techniques — Data structures — Digital signature meta structure

发布日期：2018-03

标准范围

ISO/IEC 20248:2018是ISO/IEC 9594吗？8（公钥基础设施:数字签名和证书）自动识别服务应用规范。它规定了一种方法，由此存储在条形码和/或RFID标签内的数据被结构化、编码和数字签名。ISO/IEC 9594？图8用于提供密钥和数据描述管理和分发的标准方法。值得注意的是，自动识别数据载体的数据容量和/或数据传输容量受到限制。这限制了ISO/IEC 9594中规定的数字签名的正常使用？8在自动识别服务中。本文档的目的是在自动识别服务和数据载体之间提供一种开放且可互操作的方法，以在离线用例中读取数据、验证数据原创性和数据完整性。ISO/IEC 20248:2018规定-元数据结构DigSig，其包含数字签名和编码的结构化数据，-公钥证书参数和扩展使用，DigSig证书，其包含经认证的关联公钥、结构化数据描述、读取方法和私有容器，-用于指定、读取、描述、签名、验证、编码和解码结构化数据的方法，-DigSig编码器生成器，其生成相关的非对称密钥对，使私钥保密并生成DigSig，以及-DigSig解码器验证器，其通过使用DigSig证书从该组数据载体读取DigSig，验证DigSig并从DigSig提取结构化数据。DigSig的成功验证表明:-数据未被篡改；-数据的来源如用于验证DigSig的DigSig证书上所指示的；-如果数据载体的安全标识符被包括在其包含的DigSig中，则存储在数据载体上的数据可以被认为是数据的原始发布副本；安全标识符将能够保证数据载体是可信的。ISO/IEC 20248:2018未规定-加密方法，也不——重点管理办法。ISO/IEC 20248:2018与使用环境的标准风险评估一起使用。

ISO/IEC 20248:2018 is an ISO/IEC 9594？8 (Public Key Infrastructure: digital signatures and certificates) application specification for automated identification services. It specifies a method whereby data stored within a barcode and/or RFID tag are structured, encoded and digitally signed. ISO/IEC 9594？8 is used to provide a standard method for key and data description management and distribution. It is worth noting that the data capacity and/or data transfer capacity of Automated Identification Data Carriers are restricted. This restricts the normal use of a Digital Signature as specified in ISO/IEC 9594？8 within automated identification services.
The purpose of this document is to provide an open and interoperable method, between automated identification services and data carriers, to read data, verify data originality and data integrity in an offline use case.
ISO/IEC 20248:2018 specifies
- the meta data structure, the DigSig, which contains the Digital Signature and encoded structured data,
- the public key certificate parameter and extension use, the DigSig Certificate, which contains the certified associated public key, the structured data description, the read methods and private containers,
- the method to specify, read, describe, sign, verify, encode and decode the structured data, the DigSig Data Description,
- the DigSig EncoderGenerator which generates the relevant asymmetric key pairs, keeps the Private Key secret and generates the DigSigs, and
- the DigSig DecoderVerifier which, by using to the DigSig Certificate, reads the DigSig from the set of Data Carriers, verifies the DigSig and extracts the structured data from the DigSig.
A successful verification of the DigSig signifies the following:
- the data was not tampered with;
- the source of the data is as indicated on the DigSig Certificate used to verify the DigSig with;
- if a secured identifier of the data carrier is included in the DigSig it contains, then the data stored on the data carrier can be considered as the original issued copy of the data; the secure identifier will be able to guarantee that the data carrier is authentic.
ISO/IEC 20248:2018 does not specify
- cryptographic methods, nor
- key management methods.
ISO/IEC 20248:2018 is used in conjunction with standard risk assessments of the use environment.

标准预览图