Described in this standard is the blockchain-based application reference architecture of e-invoice business, including roles of participants, typical business scenarios, platform frameworks, and security requirements.
A framework of a custodian service for cryptocurrency and token assets is defined in this standard. Custodian reference technical architecture, business logic description, custodian service business models, digital asset evaluation criteria, operational procedure models, and regulatory requirement support models are included in this framework.
This standard defines an extension framework based on IEEE 2140.1-2020. The extension framework uses a Smart Contract mechanism to process transactions on an exchange, to replace the role of exchange operators. This standard also defines a series of extensible interfaces for the exchange scenario, enabling support of third-party financial derivatives using tokens.
In this standard requirements are defined for multiple aspects of security management for customer cryptographic assets on cryptocurrency exchanges, such as user identification using multi-factor authentication, prioritized protection of customer assets under unforeseen circumstances, and professional ethics of operation for cryptocurrency exchange platforms.
Self-discipline and professional ethics of cryptocurrency exchange platforms, as well as relevance between them and to cryptocurrency wallets are covered in this standard. Exchange business logic, operational procedures, user authentication programs are also covered in this standard. In addition, a small but necessary technical category of requirements, including terminologies, basic architectural framework, key indicators, end-user interface specifications, in order to achieve the previously mentioned goals is covered in this standard.
The ISO/IEC TS 29003:2018 standard:- gives guidelines for the identity proofing of a person;- specifies levels of identity proofing, and requirements to achieve these levels.ISO/IEC TS 29003:2018 is applicable to identity management systems.
This document specifies guidelines for developing a cybersecurity framework. It is applicable to cybersecurity framework creators regardless of their organizations' type, size or nature.
ISO/IEC 29146:2016 defines and establishes a framework for access management (AM) and the secure management of the process to access information and Information and Communications Technologies (ICT) resources, associated with the accountability of a subject within some context.This International Standard provides concepts, terms and definitions applicable to distributed access management techniques in network environments.This International Standard also provides explanations about related architecture, components and management functions.The subjects involved in access management might be uniquely recognized to access information systems, as defined in ISO/IEC 24760.The nature and qualities of physical access control involved in access management systems are outside the scope of this International Standard.
ISO/IEC 29115:2013 provides a framework for managing entity authentication assurance in a given context. In particular, it:- specifies four levels of entity authentication assurance;- specifies criteria and guidelines for achieving each of the four levels of entity authentication assurance;- provides guidance for mapping other authentication assurance schemes to the four LoAs;- provides guidance for exchanging the results of authentication that are based on the four LoAs; and- provides guidance concerning controls that should be used to mitigate authentication threats.
ISO/IEC 24760-2:2015:- provides guidelines for the implementation of systems for the management of identity information, and- specifies requirements for the implementation and operation of a framework for identity management.ISO/IEC 24760-2:2015 is applicable to any information system where information relating to identity is processed or stored.
Defined in this standard is the general process of cryptocurrency payment between consumers and merchants. This process describes how a consumer purchases goods or services with cryptocurrency and how the merchant receives fiat money in return. It involves multiple aspects such as cryptocurrency payment operators playing an agent role, consumers owning cryptocurrency, merchant accessing to a cryptocurrency payment platform, banks, and cryptocurrency exchanges.
This standard can be applied to internet-based business scenarios, and can also be served serve as a practical guide to achieve help assess business security risk control through the big data technology. This standard can be applied in other types of organization, including public or privately-owned or state-owned enterprises, associations, or organizations, or by individuals, to improve assessment of their protection capability against business security risks based on big data technology.