ISO/IEC 20248:2022 信息技术 自动识别和数据采集技术 数据结构 数字签名元结构

标准编号：ISO/IEC 20248:2022

中文名称：信息技术 自动识别和数据采集技术 数据结构 数字签名元结构

英文名称：Information technology — Automatic identification and data capture techniques — Digital signature data structure schema

发布日期：2022-06

标准范围

ISO/IEC 20248:2022本文件是ISO/IEC 9594？8【公钥基础设施（PKI）数字签名和证书】自动识别服务应用规范。它规定了一种方法，由此存储在条形码和/或RFID标签内的数据被结构化、编码和数字签名。ISO/IEC 9594？图8用于提供密钥和数据描述管理和分发的标准方法。自动识别数据载体的数据容量和/或数据传输容量受到限制。这限制了ISO/IEC 9594中规定的数字签名的正常使用？8在自动识别服务中。本文档的目的是在自动识别服务和数据载体之间提供一种开放且可互操作的方法，以在离线用例中读取数据、验证数据原创性和数据完整性。本文件规定-元数据结构DigSig，其包含数字签名和编码的结构化数据，-公钥证书参数和扩展使用，DigSig证书，其包含经认证的关联公钥、结构化数据描述、读取方法和私有容器，-用于指定、读取、描述、签名、验证、编码和解码所述结构化数据的方法，所述DigSig数据描述，-DigSig编码器生成器，其生成相关的非对称密钥对，使私钥保密，并生成DigSig，以及-DigSig解码器验证器，其通过使用DigSig证书从该组数据载体读取DigSig，验证DigSig并从DigSig提取结构化数据。本文档未指定-密码方法，或——重点管理办法。

ISO/IEC 20248:2022 This document is an ISO/IEC 9594？8 [public key infrastructure (PKI) digital signatures and certificates] application specification for automated identification services. It specifies a method whereby data stored within a barcode and/or RFID tag are structured, encoded and digitally signed. ISO/IEC 9594？8 is used to provide a standard method for key and data description management and distribution. The data capacity and/or data transfer capacity of automated identification data carriers are restricted. This restricts the normal use of a digital signature as specified in ISO/IEC 9594？8 within automated identification services.
The purpose of this document is to provide an open and interoperable method, between automated identification services and data carriers, to read data, verify data originality and data integrity in an offline use case.
This document specifies
- the meta data structure, the DigSig, which contains the digital signature and encoded structured data,
- the public key certificate parameter and extension use, the DigSig certificate, which contains the certified associated public key, the structured data description, the read methods, and private containers,
- the method to specify, read, describe, sign, verify, encode, and decode the structured data, the DigSig Data Description,
- the DigSig EncoderGenerator which generates the relevant asymmetric key pairs, keeps the private key secret, and generates the DigSigs, and
- the DigSig DecoderVerifier which, by using to the DigSig certificate, reads the DigSig from the set of data carriers, verifies the DigSig and extracts the structured data from the DigSig.
This document does not specify
- cryptographic methods, or
- key management methods.

标准预览图