ISO 20415:2019

INTERNATIONAL ISO
STANDARD 20415
First edition
2019-10
Trusted mobile e-document
framework — Requirements,
functionality and criteria for ensuring
reliable and safe mobile e-business
Reference number
©
ISO 2019
© ISO 2019
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting
on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address
below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Fax: +41 22 749 09 47
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO 2019 – All rights reserved

Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 2
4 General requirements . 4
4.1 General . 4
4.2 Capability of linkage with wired environment . 4
4.3 Generality of applying various wireless network . 4
4.4 Minimum protocol set . 5
4.5 Neutrality of technology . 5
4.6 Feasibility of implementation . 5
5 TMEF environment and model. 5
5.1 Physical environment . 5
5.2 TMEF logical model . . 6
6 TMEF functionality . 7
6.1 General . 7
6.2 Mobile authentication . 8
6.2.1 Requirements . 8
6.2.2 Authentication process. 8
6.2.3 Functionality for authentication .10
6.2.4 Usage criteria for authentication .13
6.3 Mobile confidentiality .13
6.3.1 Requirements .13
6.3.2 Sub-functionality for mobile confidentiality management .14
6.3.3 Usage criteria for mobile confidentiality .16
6.4 Mobile reliable messaging .17
6.4.1 Requirements .17
6.4.2 Functionality for mobile reliable messaging .18
6.4.3 Reliable messaging criteria .23
7 TMEF management .24
7.1 General .24
7.2 User management .24
7.3 MD management .25
7.4 Electronic document application management .25
7.5 Mobile network management .26
7.6 Mobile server management .27
Bibliography .29
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out
through ISO technical committees. Each member body interested in a subject for which a technical
committee has been established has the right to be represented on that committee. International
organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.
ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of
electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the
different types of ISO documents should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of
any patent rights identified during the development of the document will be in the Introduction and/or
on the ISO list of patent declarations received (see www .iso .org/patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO's adherence to the
World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see www .iso
.org/iso/foreword .html.
This document was prepared by Technical Committee ISO/TC 154, Processes, data elements and
documents in commerce, industry and administration.
Any feedback or questions on this document shall be directed to the user’s national standards body. A
complete listing of these bodies can be found at www .iso .org/members .html.
iv © ISO 2019 – All rights reserved

Introduction
Communication via mobile devices is essential in the modern world, so that most mobile devices are
ever used as a passage for the connection of people, business and network. Electronic transactions,
information processing and data transmission via the mobile device are common in business area. In
addition, electronic documents utilized by mobile devices in the business world are rapidly increasing
and its application area is growing also. Mobile electronic document exchange will be used in overall
industrial areas including B2C and B2B; the effect will be enormous considering the characteristic of
the mobile device.
However, communication using the mobile device always also involves a number of problems. First, the
wireless channel could be disconnected unexpectedly even while transmitting data; in that case the data
could be lost. This could be a fatal flaw in the transmission and reception of sensitive corporate data.
Second, it is possible for anyone to steal easily the mobile device, causing data transmission by a fake
user. Third, the mobile communication is relatively vulnerable compared with online communication in
the respect of security and reliability. These problems have been an obstacle to the flow of electronic
documents and electronic transactions diffusion through the mobile communication. Companies or
individuals have increasing demand for data transmission to continue to be safe and reliable enough
from the mobile communication. Thus, it is necessary to have a standard way to exchange data with the
electronic document in a manner that is safe and reliable over a mobile device.
In the process to distribute electronic documents for electronic transactions using mobile networks,
principles and standards different from those in the wired situation need to be suggested in order to
maintain the reliability of distribution of electronic documents due to the negative characteristics of
mobile network. As mobile networks give lower reliability generally and limit available computing
resources, users of mobile electronic documents need to have wide range of options for ensuring the
reliability in the distribution of mobile electronic documents. That is, a guide needs to be suggested
to find out an appropriate way for distributing mobile electronic documents according to costs or the
network environment.
Figure 1 — Concept of a trusted mobile e-document framework (TMEF)
This document is intended to provide a framework standard for creating and transmitting electronic
documents for B2B/B2C via a mobile device using a secure and trusted method in an unstable and
unreliable mobile environment. The concept of TMEF is illustrated in Figure 1. Businesses or individuals
are getting more dependent on mobile devices in terms of handling business as time passes by. Also,
the situation is that the demand to handle important duties of businesses is increasing. Therefore, the
demand for safe and reliable processing of electronic documents under mobile environment is also
rapidly increasing.
However, a mobile environment is unable to apply all methods for maintaining highest security and
reliability due to the limitations of computing resources and the limitations of wireless network.
Therefore, trusted factors necessary for performing safe electronic transactions under the mobile
environment need to be derived to apply them in reality.
Wireless network and the mobile device (MD) are exposed to risks and easiest to get attacked under the
mobile environment. It is very difficult to identify strictly the MD and the user who owns the MD due to
its portable nature. Also, the wireless network causes many problems with reliability and safety while
performing electronic transactions since it can often be cut off suddenly and also can be tapped by a
random user very easily.
Accordingly, in order to process electronic documents in a safe and reliable way under a mobile
environment, authentication on the MD in use, platforms on the MD, and the users who use the software
and MD need to precede. Also, det
...