Trusted mobile e-document framework — Requirements, functionality and criteria for ensuring reliable and safe mobile e-business

This document provides a set of requirements, functionality and criteria for ensuring reliability and safety of mobile e-business. The specification of this document covers overall use cases for mobile e-business including simple inquiry of electronic documents, exchange of electronic documents for general transaction and even exchange of contract and payment documents. This can be applied to the most wireless protocols such as 3G, 4G and Wi-Fi, etc. This could be also used in the general mobile e-business area such as logistics, electronic trades, financing, manufacturing and service, and can be referenced by system developers of electronic transaction using mobile devices, mobile network service providers and users.

Titre manque

General Information

Status
Published
Publication Date
09-Oct-2019
Current Stage
6060 - International Standard published
Start Date
10-Oct-2019
Completion Date
10-Oct-2019
Ref Project

Buy Standard

Standard
ISO 20415:2019 - Trusted mobile e-document framework -- Requirements, functionality and criteria for ensuring reliable and safe mobile e-business
English language
29 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (sample)

INTERNATIONAL ISO
STANDARD 20415
First edition
2019-10
Trusted mobile e-document
framework — Requirements,
functionality and criteria for ensuring
reliable and safe mobile e-business
Reference number
ISO 20415:2019(E)
ISO 2019
---------------------- Page: 1 ----------------------
ISO 20415:2019(E)
COPYRIGHT PROTECTED DOCUMENT
© ISO 2019

All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may

be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting

on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address

below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Fax: +41 22 749 09 47
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO 2019 – All rights reserved
---------------------- Page: 2 ----------------------
ISO 20415:2019(E)
Contents Page

Foreword ........................................................................................................................................................................................................................................iv

Introduction ..................................................................................................................................................................................................................................v

1 Scope ................................................................................................................................................................................................................................. 1

2 Normative references ...................................................................................................................................................................................... 1

3 Terms and definitions ..................................................................................................................................................................................... 2

4 General requirements ..................................................................................................................................................................................... 4

4.1 General ........................................................................................................................................................................................................... 4

4.2 Capability of linkage with wired environment ............................................................................................................ 4

4.3 Generality of applying various wireless network ..................................................................................................... 4

4.4 Minimum protocol set ...................................................................................................................................................................... 5

4.5 Neutrality of technology ................................................................................................................................................................. 5

4.6 Feasibility of implementation .................................................................................................................................................... 5

5 TMEF environment and model............................................................................................................................................................... 5

5.1 Physical environment ........................................................................................................................................................................ 5

5.2 TMEF logical model ......... .................................................................................................................................................................... 6

6 TMEF functionality ............................................................................................................................................................................................. 7

6.1 General ........................................................................................................................................................................................................... 7

6.2 Mobile authentication ....................................................................................................................................................................... 8

6.2.1 Requirements ..................................................................................................................................................................... 8

6.2.2 Authentication process............................................................................................................................................... 8

6.2.3 Functionality for authentication .....................................................................................................................10

6.2.4 Usage criteria for authentication ....................................................................................................................13

6.3 Mobile confidentiality ....................................................................................................................................................................13

6.3.1 Requirements ..................................................................................................................................................................13

6.3.2 Sub-functionality for mobile confidentiality management ......................................................14

6.3.3 Usage criteria for mobile confidentiality .................................................................................................16

6.4 Mobile reliable messaging ..........................................................................................................................................................17

6.4.1 Requirements ..................................................................................................................................................................17

6.4.2 Functionality for mobile reliable messaging ........................................................................................18

6.4.3 Reliable messaging criteria ..................................................................................................................................23

7 TMEF management .........................................................................................................................................................................................24

7.1 General ........................................................................................................................................................................................................24

7.2 User management .............................................................................................................................................................................24

7.3 MD management ................................................................................................................................................................................25

7.4 Electronic document application management .......................................................................................................25

7.5 Mobile network management .................................................................................................................................................26

7.6 Mobile server management ......................................................................................................................................................27

Bibliography .............................................................................................................................................................................................................................29

© ISO 2019 – All rights reserved iii
---------------------- Page: 3 ----------------------
ISO 20415:2019(E)
Foreword

ISO (the International Organization for Standardization) is a worldwide federation of national standards

bodies (ISO member bodies). The work of preparing International Standards is normally carried out

through ISO technical committees. Each member body interested in a subject for which a technical

committee has been established has the right to be represented on that committee. International

organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.

ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of

electrotechnical standardization.

The procedures used to develop this document and those intended for its further maintenance are

described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the

different types of ISO documents should be noted. This document was drafted in accordance with the

editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/directives).

Attention is drawn to the possibility that some of the elements of this document may be the subject of

patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of

any patent rights identified during the development of the document will be in the Introduction and/or

on the ISO list of patent declarations received (see www .iso .org/patents).

Any trade name used in this document is information given for the convenience of users and does not

constitute an endorsement.

For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and

expressions related to conformity assessment, as well as information about ISO's adherence to the

World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see www .iso

.org/iso/foreword .html.

This document was prepared by Technical Committee ISO/TC 154, Processes, data elements and

documents in commerce, industry and administration.

Any feedback or questions on this document shall be directed to the user’s national standards body. A

complete listing of these bodies can be found at www .iso .org/members .html.
iv © ISO 2019 – All rights reserved
---------------------- Page: 4 ----------------------
ISO 20415:2019(E)
Introduction

Communication via mobile devices is essential in the modern world, so that most mobile devices are

ever used as a passage for the connection of people, business and network. Electronic transactions,

information processing and data transmission via the mobile device are common in business area. In

addition, electronic documents utilized by mobile devices in the business world are rapidly increasing

and its application area is growing also. Mobile electronic document exchange will be used in overall

industrial areas including B2C and B2B; the effect will be enormous considering the characteristic of

the mobile device.

However, communication using the mobile device always also involves a number of problems. First, the

wireless channel could be disconnected unexpectedly even while transmitting data; in that case the data

could be lost. This could be a fatal flaw in the transmission and reception of sensitive corporate data.

Second, it is possible for anyone to steal easily the mobile device, causing data transmission by a fake

user. Third, the mobile communication is relatively vulnerable compared with online communication in

the respect of security and reliability. These problems have been an obstacle to the flow of electronic

documents and electronic transactions diffusion through the mobile communication. Companies or

individuals have increasing demand for data transmission to continue to be safe and reliable enough

from the mobile communication. Thus, it is necessary to have a standard way to exchange data with the

electronic document in a manner that is safe and reliable over a mobile device.

In the process to distribute electronic documents for electronic transactions using mobile networks,

principles and standards different from those in the wired situation need to be suggested in order to

maintain the reliability of distribution of electronic documents due to the negative characteristics of

mobile network. As mobile networks give lower reliability generally and limit available computing

resources, users of mobile electronic documents need to have wide range of options for ensuring the

reliability in the distribution of mobile electronic documents. That is, a guide needs to be suggested

to find out an appropriate way for distributing mobile electronic documents according to costs or the

network environment.
Figure 1 — Concept of a trusted mobile e-document framework (TMEF)

This document is intended to provide a framework standard for creating and transmitting electronic

documents for B2B/B2C via a mobile device using a secure and trusted method in an unstable and

unreliable mobile environment. The concept of TMEF is illustrated in Figure 1. Businesses or individuals

are getting more dependent on mobile devices in terms of handling business as time passes by. Also,

the situation is that the demand to handle important duties of businesses is increasing. Therefore, the

© ISO 2019 – All rights reserved v
---------------------- Page: 5 ----------------------
ISO 20415:2019(E)

demand for safe and reliable processing of electronic documents under mobile environment is also

rapidly increasing.

However, a mobile environment is unable to apply all methods for maintaining highest security and

reliability due to the limitations of computing resources and the limitations of wireless network.

Therefore, trusted factors necessary for performing safe electronic transactions under the mobile

environment need to be derived to apply them in reality.

Wireless network and the mobile device (MD) are exposed to risks and easiest to get attacked under the

mobile environment. It is very difficult to identify strictly the MD and the user who owns the MD due to

its portable nature. Also, the wireless network causes many problems with reliability and safety while

performing electronic transactions since it can often be cut off suddenly and also can be tapped by a

random user very easily.

Accordingly, in order to process electronic documents in a safe and reliable way under a mobile

environment, authentication on the MD in use, platforms on the MD, and the users who use the software

and MD need to precede. Also, detection on the disconnection of wireless network and fast recovering

the network are necessary. In addition, maintaining confidentiality is also absolutely required

to be ready for tapping. In some cases, verification of integrity or confirmation of authenticity on a

document prepared in an MD can be required. If a mobile device is assumed to provide partly some

of these functions, it cannot be considered safe or reliable. So, it is necessary to establish an overall

mobile framework which can cover completely the vulnerability of the mobile environment: safety and

reliability.

This document presents a framework standard, called TMEF, necessary for using and transmitting

electronic documents in a safe and reliable way under a mobile electronic transaction environment.

TMEF presents functional requirements and criteria for practical use and management factors

necessary for performing mobile transactions.
vi © ISO 2019 – All rights reserved
---------------------- Page: 6 ----------------------
INTERNATIONAL STANDARD ISO 20415:2019(E)
Trusted mobile e-document framework — Requirements,
functionality and criteria for ensuring reliable and safe
mobile e-business
1 Scope

This document provides a set of requirements, functionality and criteria for ensuring reliability and

safety of mobile e-business.

The specification of this document covers overall use cases for mobile e-business including simple

inquiry of electronic documents, exchange of electronic documents for general transaction and even

exchange of contract and payment documents. This can be applied to the most wireless protocols such

as 3G, 4G and Wi-Fi, etc. This could be also used in the general mobile e-business area such as logistics,

electronic trades, financing, manufacturing and service, and can be referenced by system developers of

electronic transaction using mobile devices, mobile network service providers and users. The scope of

this document is shown in Figure 2.
Figure 2 — Scope of this document
This document is intended for:

— mobile-based electronic document system development, operation and certification organization;

— mobile electronic document software development organization;
— mobile electronic document third-party service provider organization.
2 Normative references
There are no normative references in this document.
© ISO 2019 – All rights reserved 1
---------------------- Page: 7 ----------------------
ISO 20415:2019(E)
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.

ISO and IEC maintain terminological databases for use in standardization at the following addresses:

— ISO Online browsing platform: available at https: //www .iso .org/obp
— IEC Electropedia: available at http: //www .electropedia .org/
3.1
acknowledgement
ACK

signal passed between communicating processes or mobile devices (3.9) to signify acknowledgement, or

receipt of response, as part of a communications protocol
3.2
access point

cellular base station, typically designed for use in communication business, which connects to the

service provider’s network via broadband
3.3
electronic document
digital representation of content that is stored and managed electronically

Note 1 to entry: Association of content, logical structure and display attributes, retrievable by a device capable of

rendering a human-readable (or machine-readable) object. A document can be digitally born (creation) at source

or converted from an analog document.
3.4
denial of service
DoS

attempt to make a machine or network resource unavailable to its intended users, such as to temporarily

or indefinitely interrupt or suspend services of a host connected to the mobile network

3.5
digital signature

data appended to, or cryptographic transformation of, a data unit that allows a recipient of the data

unit to prove the source and integrity (3.8) of the unit and protect against forgery by, for example, the

recipient
3.6
electronic signature

data which, when appended to a digital document, enable the user of the document to authenticate its

origin and integrity (3.8)
3.7
handover

ability which allows a mobile device (3.9) to continue the service offered by the previous cell even if it

moves out of the cell to another cell
3.8
integrity
attribute of a document whose content is unimpaired
3.9
mobile device
device for mobile e-business
EXAMPLE Smartphone, notepad, etc.
2 © ISO 2019 – All rights reserved
---------------------- Page: 8 ----------------------
ISO 20415:2019(E)
3.10
mobile server

server which sends message or receives from MD (3.9) through AP (3.2) and authenticates MD,

software (S/W)
3.11
mobile communication

data and electronic document (3.3) transmission through wireless network such as CDMA, WCDMA, Wi-

Fi, Wibro, etc
3.12
negative acknowledgement
NACK
negative acknowledgement (3.1) for transmission control and confirmation
3.13
personal identification number
PIN

numeric password shared between a user and a system, which can be used to authenticate the user to

the system
3.14
public key infrastructure
PKI

set of hardware, software, people, policies and procedures needed to create, manage, distribute, use,

store and revoke digital certificates and manage public-key encryption
3.15
public key certificate

digitally-signed statement that binds the value of a public key to the identity of the person, device or

service that holds the corresponding private key
3.16
short message service
SMS

text messaging service component of phone, Web, or mobile communication (3.11) systems which uses

standardized communications protocols to allow fixed line or mobile phone devices to exchange short

text messages
3.17
synchronous message
SYN

message packet for requesting session connection in TCP (transmission control protocol)

3.18
timestamp

sequence of characters denoting the date and/or time at which a certain event occurs

3.19
trusted mobile e-document framework
TMEF

electronic document (3.3) framework operating in the mobile environment which can overcome

the difficulties of the authentication, the limited resources of a mobile device (3.9), unreliable data

transmission channel and the instability of the data exposed
© ISO 2019 – All rights reserved 3
---------------------- Page: 9 ----------------------
ISO 20415:2019(E)
3.20
trusted communication

qualified electronic communication including secure and reliable transfer of electronic documents (3.3)

and its provable custody for the purpose of dematerialization in the distributed open environments in

achieving the certainty, the completeness and the confidentiality of communication

3.21
wired equivalent privacy
WEP

security algorithm for wireless networks introduced as part of IEEE 802.11 whose intention was to

provide data confidentiality comparable to that of a traditional wired network
3.22
Wi-Fi protected access
WPA

security protocol and security certification program developed by the Wi-Fi Alliance to secure wireless

computer networks
3.23
wireless public key infrastructure
WPKI
infrastructure for PKI (3.14) in mobile system
4 General requirements
4.1 General

The TMEF has the precondition that it is a kind of framework and the presented functions shall be

executed in reality after being implemented. Therefore, there are general requirements which the

TMEF shall possess considering the environment where the TMEF is executed, implemented technology

and user aspect. This clause describes the general requirements of TMEF.
4.2 Capability of linkage with wired environment

Electronic documents created under a mobile environment may be used under a wired environment

and a document created under a wired environment may be used in an MD on the contrary. Therefore,

functions described in the TMEF shall consider linkage and interface with the wired environment.

Although a protocol on the physical level or link level of the wireless network is not directly linked

with a wired environment, a linkage on the session level or application level shall be adequately

considered at all times. ISO/IEC 27033-3 specifies standards for wired network security threats, design

techniques and control issues, and ISO/IEC 27000 provides information security management concepts

and vocabularies. In general, communication interfaces of wireless network and wired network

are implemented in a mobile server (MS). A kind of message communication software can be used

without classifying it as wired or wireless. In such a case, the linkage of wired and wireless network

is accomplished just by using the software. However, if communication software is used in exclusively

wireless or wired network, it is necessary creating a protocol linkage interface in order to link between

wired protocol and wireless protocol.
4.3 Generality of applying various wireless network

Types of wireless network are very diverse and its evolution speed is very fast. Mobile electronic

transactions may be performed on all kinds of wireless network. Therefore, a TMEF shall possess

generality so it may be applied to all kinds of wireless network. In other words, a TMEF shall not be based

on a specific wireless network or a specific function which the specific wireless network possesses and

shall be able to present protocol requirements or criteria for use to overcome the limitations of the

wireless network based on the universal characteristics possessed by the specific wireless network.

4 © ISO 2019 – All rights reserved
---------------------- Page: 10 ----------------------
ISO 20415:2019(E)
4.4 Minimum protocol set

The TMEF gets executed in a mobile environment and it generally has the restrictions of computing

resources and the limitations of a wireless network. Recently, the performance of the MD or the

transmission speed of the wireless network is rapidly getting developed along with the development

of technology; an MD still has the limitations of a portable device. Therefore, it possesses various types

of problems such as battery capacity, small screen or coexistence of deteriorated mobile networks.

Therefore, a set of functions that construct the TMEF shall become a minimum set which is light but

can be executed quickly as the one that can be executed under various mobile network environments

without putting the burden on the MD as much as possible.
4.5 Neutrality of technology

All contents described by the TMEF shall be technologically neutral. In other words, they shall not

include the special functions that are dependent on a specific technology or protocol and shall become a

form to describe by deriving a common denominator on universal and essential functional requirements

of the protocols. The neutrality of a technology can be confirmed by whether the technology fully

complies with international standards. For example, if a user authentication technology using biometric

information fully accommodates the ISO/IEC JTC 1/SC 37 standard, it can be said that the technology

guarantees the neutrality. Special technologies that became generalized or standardized already may

be used at the position of being technologically neutral. The TMEF can become free from the problems

that fall under a technology license when it is technologically neutral and based on the standard.

4.6 Feasibility of implementation

The TMEF shall be described using the functions or the protocols that are commercialized already

or most widely used on the spot. In other words, it shall be written based on the currently released

technologies and the development shall be possible for all users without any limitations on the

technology by doing so. If a TMEF gets written based on a technology which is not released yet or will

be released in the future, the possibility of implementing the TMEF will be lower.

5 TMEF environment and model
5.1 Physical environment

The TMEF physical model has major components enabling electronic document exchange, such as

mobile devices, wireless communication networks, access points, the mobile service providers,

electronic document systems, trusted communication systems and wired communication networks as

shown in Figure 3. The following is a description of the physical model components:

— wireless communication network: a network that allows to send and receive electronic documents

over the air such as CDMA, WCDMA, Wibro, Wi-Fi, Bluetooth, etc;

— mobile service provider: an organization which operates a wireless network for electronic data

interchange and authenticates the mobile devices on the wireless network, the mobile application,

and the mobile users;

— electronic document system: a system for managing and distributing the electronic documents

which is connected to the mobile service provider for exchanging electronic documents;

— trusted communication system: a system which exchanges electronic documents in a reliable way

and safely through a wired network and provides the legal evidence available;

— wired network: passage which distributes electronic documents by utilizing VPN or by securely

encrypted messages.
© ISO 2019 – All rights reserved 5
---------------------- Page: 11 ----------------------
ISO 20415:2019(E)
Key
M2M mobile to mobile communication
Figure 3 — Physical environment for the TMEF
5.2 TMEF logical model

The TMEF logical model is composed of the requirement for mobile e-business, functionality and

criteria for practical use and management as shown in Figure 4.

Safety and reliability are the main requirements in a mobile electronic transaction. Safety means

whether an electronic document can be transmitted to a proper counterparty without exposing

or damaging such an electronic document when a user uses an electronic document under a mobile

environment. Reliability is whether the counterparty of mobile electronic transaction and the action

of mobile electronic transaction can be trusted. A party of mobile electronic transaction shall be able

to verify the identity of the transaction partner, effectiveness of the MD and even the operating system

(OS) or S/W which the MD is equipped with. An action of electronic transaction includes all activities of

sending or receiving the messages necessary for electronic transaction through wireless network and

all activities to create or manage electronic documents using an MD.

Functions for implementing the requirements of mobile electronic transactions and the application

standard for realistically utilizing such functions are required. Functions in a TMEF are composed of

an authentication function for the authentication of the user and MD, a trusted messaging function and

a safe messaging function in order to completely make up for the vulnerabilities of mobile electronic

transaction. Since these functions are utilized under the mobile electronic transaction environment,

they shall satisfy the requirements according to the environmental characteristics of th

...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.