ITU JOURNAL: ICT Discoveries, Vol. 1(2), December 2018




          hash  component  of  type  HashPointer  contains  a   contentLocations ATTRIBUTE ::= {
          value of the CMS message type DigestedData.            WITH SYNTAX URIs
                                                                           ID id-ContentLocations
                                                               }
          This  CMS  type  specifies  the  message  digest
          algorithm used to calculate the hash on the pointed   URIs ::= SEQUENCE SIZE(1..MAX) OF uri URI
          to  object.  Type  DigestedData  also  indicates  the
          type of object being hashed is a SignedData block    URI ::= UTF8String (SIZE(1..MAX))
          header,  a  value  of  CMS  type  SignerInfo.  In  a   A collection of items are signed by first calculating
          precedingBlock  attribute  the  type  of  object  is   a  message  digest  over  type  ContentToBeSigned
          indicated by an ASN.1 information object identifier   defined as follows:
          named  id-signerInfo.  Other  types  of  objects  can
          also be identified in the DigestedData message.      ContentToBeSigned ::= SEQUENCE
                                                                  SIZE(1..MAX)OF content LocatedValue
          In a precedingBlock attribute, the optional value of
          type Pointers in type HashPointer may be omitted     LocatedValue ::= OCTET STRING
          when  adjacent  block  locations  are  known.  This   Each value in type ContentToBeSigned is the data
          may  be  the  case  when  adjacent  blocks  are  not   located  by  one URI  value  in  the  contentLocations
          distributed and reside in a common file system or    attribute. Each URI contains a generalized form of a
          database. More than one type of Pointer value may    uniform resource locator (URL).
          be used in series to fully qualify the location of a
          distributed block. The defined set of pointer types   3.3  SignedData required attributes
          is extensible to allow additional types of pointers
          to be added as needed by an application.
                                                               CMS requires at least two attributes to be present
                                                               if  any  signed  attributes  are  included  in  a
          3.2  Detached content
                                                               SignedData message. These attributes are defined
                                                               in CMS and named contentInfo and messageDigest.
          The data content of a SignedData block is optional
          to  include  and  need  not  be  present  in  a  given   When SignedData is used as a blockchain block, the
                                                               contentInfo  attribute  value  is  set  to  indicate  the
          message.  In  a  secure  electronic  mail  (email)   type of content in the block is ordinary data, rather
          application  that  provides  signed  email  messages   than one of the other cryptographic message types
          using  the  SignedData  type,  the  detached  message   defined in CMS.
          content and the signature are located in separate
          parts  of  the  same  email message.  This allows the   The required messageDigest attribute contains the
          content  to  be  displayed  for  the  email  recipient   hash  of  the  content.  The  content  is  bound  to  the
          even  when  an  email  agent  cannot  process  signed   other  signed  attributes  cryptographically  under
          email, or when verification of the digital signature   the  digital  signature  of  the  signer.  There  may  be
          on the detached content fails.
                                                               any  number  of  additional  attributes  included  in
                                                               this binding at the signers choice, and these may be
          In other application contexts, such as the cloud and   of any type or format.
          Internet of things (IoT) environments, the location
          of detached SignedData content must be identified    3.4   Blockchain required attributes
          and made available for verification of the signature
          on  the  message  content.  When  the  location  of   In  a  SignedData  blockchain,  both  the  timeStamp
          detached data content is not known to blockchain     attribute  and  precedingBlock  attributes  shown  in
          participants,  a  SignedData  message  signer  can   Fig.  1  must  be  included  in  the  SignerInfo  block
          include  a  content  location  attribute  in  the  signed   header.  The  value  of  a  timeStamp  attribute  in  a
          attributes of the block header. This attribute can be   given block header may contain a choice of either a
          used to locate detached data content distributed in   locally  sourced  synchronized  time,  or  a  trusted
          one or more locations. A content location attribute   timestamp token. A trusted timestamp is based on
          can be defined as a series of one or more uniform    a  coordinated  time  source,  such  as  one  of  those
          resource  identifier  (URI)  [6]  values  in  ASN.1  as   specified  in  the  X9.95  standard  [7].  The  type  of
          follows:                                             time  value  used  may  vary  by  block,  but  should
                                                               meet the requirements agreed to by the blockchain
                                                               participants.  For  blocks  associated  with  tagged,




                                             © International Telecommunication Union, 2018                     3