Standards Development

Scope

This document is defining a framework for secure information processing and communication to safeguard integrity across the value chain of physical objects and electronic data, minimizing product fraud and counterfeiting through object identification techniques.

It provides a framework for establishing trust, interoperability, and interoperation via secure electronically signed encoded data sets (ESEDS) for multi-actor applications, applicable across various sectors and in multilingual environment.

While not disrupting existing traceability and authentication systems, it facilitates interoperability by introducing an ESEDS scheme to be combined with existing data constructs in order to cover and preserve existing data models

Purpose

According to FINAL draft SReq DPP + Annexes - Document under CoS vote until 2024-04-01 - document M/XXX DPP N 63:

ANNEX II

7.Standards on data authentication, reliability and integrity

7.1. The standard(s) shall provide an open and interoperable method between automated identification services and data carriers to read data, verify data originality and data integrity in offline and online use cases. The standard(s) shall establish a framework for ensuring trust, interoperability and interoperation via secure and reliable electronically signed encoded data set (ESEDS) schemes for multi-actor applications in multi-sector environment.

7.2. When developing the standard(s), at least the following elements shall be addressed:

 management and verification of identifiers;

 relationship between the unique identifiers and possible authentication elements related to them;

 questions that deal with the identification of the verifier and any authorised access to privileged product related information;

 verifier access history (logs);

 authentication solutions;

 artefact metrics, where relevant;

 information processing and communication that protects integrity along the supply chain of physical and related electronic documents, products, software and services life cycle to mitigate the risk of product fraud and counterfeit goods, by using object identification techniques;

 verifiable credentials.

7.3. Existing relevant standards shall be duly considered when drafting the new European standard(s). A non-exhaustive list is provided below:

 ISO/IEC 20248: Information technology - Automatic identification and data capture techniques – Digital signature data structure schema

 ISO 22378: Guidelines for establishing interoperability among independently functioning product identification and related authentication systems

 ISO 22383: Guidelines for selection and performance evaluation of authentication solutions for material goods

 ISO 22385: Guidelines for establishing a Framework for Trust and Interoperability

 ISO 22387: Confirmation procedures for the application of artefact metrics

 ISO 8000 – Data Quality

 Certificate Transparency (IETF RFCs 6962 and 9162 available at https://datatracker.ietf.org/doc/rfc6962/ and https://datatracker.ietf.org/doc/rfc9162/)