PROTECTED{BaseType, PROTECTION-MAPPING:protectionReqd} ::= CHOICE { dirEncrypt BIT STRING (CONSTRAINED BY { BaseType-- dirEncrypt is for use only with the -- dirEncryptedTransformation, -- and generates the same encoding as the -- X.509/9594-8 ENCRYPTED type-- }), dirSign SEQUENCE {baseType BaseType OPTIONAL, -- must be present for dirSignedTransformation -- and must be omitted for -- dirSignatureTransformation algorithmId AlgorithmIdentifier, encipheredHash BIT STRING (CONSTRAINED BY { BaseType -- contains enciphered hash-- -- of a value of BaseType -- })}-- dirSign is for use only with the -- dirSignedTransformation or -- dirSignatureTransformation, and generates -- the same encoding as the corresponding -- X.509/9594-8 SIGNED or SIGNATURE type--, noTransform [0] BaseType, -- noTransform invokes no security transformation. -- Subject to security policy, noTransform may be used -- if adequate protection is provided by lower layers -- and any application relays through which the data -- may pass are trusted to maintain the required -- protection. This alternative may only be used -- if protectionReqd.&bypassPermitted is TRUE, direct [1] SyntaxStructure{{protectionReqd.&SecurityTransformation}}, -- direct generates a protecting transfer syntax -- value, which is encoded using the same encoding -- rules as the surrounding ASN.1 (The type -- SyntaxStructure is imported from Rec. X.833 | -- ISO/IEC 11586-3) embedded [2] EMBEDDED PDV (WITH COMPONENTS { identification (WITH COMPONENTS { presentation-context-id , context-negotiation (WITH COMPONENTS { transfer-syntax (CONSTRAINED BY { OBJECT IDENTIFIER: protectionReqd. &protTransferSyntax}) }), transfer-syntax (CONSTRAINED BY { OBJECT IDENTIFIER: protectionReqd. &protTransferSyntax}) }), data-value (CONTAINING BaseType) -- The data value encoded is a value of type BaseType }) }