Digital Identity Certification for Personal Media (DICPM)

Digital Identity Certification for Personal Media (DICPM) Independent Researcher

anjdric@gmail.com

This document specifies the Digital Identity Certification for Personal Media (DICPM), a protocol for cryptographic certification of personal media, binding media integrity to identity and consent while enabling verifiable licensing terms and revocation.

Introduction DICPM establishes a cryptographically verifiable certification layer binding media objects to identity and consent, with support for trust models, licensing constraints, and validation.

Conventions and Requirements Language The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 and when, and only when, they appear in all capitals, as shown here.

Certificate Data Model

Canonical Serialization All certificate payloads MUST be serialized using the JSON Canonicalization Scheme (RFC 8785) prior to signature generation.

Normative JSON Structure

Security Considerations Implementations SHOULD protect private keys using secure enclaves or HSMs where available. Biometric hashes MUST be salted and irreversible, and raw biometric templates MUST NOT be stored.

IANA Considerations This document requests registration of the media type "application/dicpm+json".

Normative References Key words for use in RFCs to Indicate Requirement Levels Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words IETF JSON Canonicalization Scheme (JCS) IETF