HOME   Cart(0)   Quotation   About-Us Policy PDFs Standard-List
www.ChineseStandard.net Database: 189759 (12 Oct 2025)

GB/T 43779-2024 PDF English

US$380.00 · In stock · Download in 9 seconds
GB/T 43779-2024: Cybersecurity technology - Technical specification for caller identity authentication using crypto tokens
Delivery: 9 seconds. True-PDF full-copy in English & invoice will be downloaded + auto-delivered via email. See step-by-step procedure
Status: Valid
Standard IDContents [version]USDSTEP2[PDF] deliveryName of Chinese StandardStatus
GB/T 43779-2024English380 Add to Cart 0-9 seconds. Auto-delivery Cybersecurity technology - Technical specification for caller identity authentication using crypto tokens Valid

Excerpted PDFs (Download full copy in 9 seconds upon purchase)

PDF Preview: GB/T 43779-2024
      

Similar standards

GB/T 43696   GB/T 42460   GB/T 42453   GB/T 37027   

GB/T 43779-2024: Cybersecurity technology - Technical specification for caller identity authentication using crypto tokens


---This is an excerpt. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.), auto-downloaded/delivered in 9 seconds, can be purchased online: https://www.ChineseStandard.net/PDF.aspx/GBT43779-2024
GB NATIONAL STANDARD OF THE PEOPLE’S REPUBLIC OF CHINA ICS 35.030 CCS L 80 Cybersecurity Technology - Technical Specification for Caller Identity Authentication Using Crypto Tokens Issued on. APRIL 25, 2024 Implemented on. NOVEMBER 1, 2024 Issued by. State Administration for Market Regulation; Standardization Administration of the People’s Republic of China.

Table of Contents

Foreword... 3 Introduction... 4 1 Scope... 5 2 Normative References... 5 3 Terms and Definitions... 5 4 Symbols and Abbreviations... 7 4.1 Symbols... 7 4.2 Abbreviations... 7 5 Overview... 8 5.1 Basic Principles of Caller Identity Authentication Using Crypto Tokens... 8 5.2 Issuance Architecture of Trusted Identity Ticket... 8 5.3 Issuance Modes of Trusted Identity Ticket... 8 5.4 Verification of Trusted Users... 9 5.5 Basic Process of Identity Authentication Using Token Message... 9 6 Security Requirements... 10 6.1 Issuance of Trusted Identity Ticket... 10 6.2 Transmission, Authentication and Information Display of the Caller’s Trusted Identity ... 12 6.3 Content and Format Requirements for Trusted Identity Ticket Data... 15 6.4 Content and Format Requirements for Crypto Token Data... 15 7 Test and Evaluation Methods... 17 7.1 Authorization Authority and Identity Ticket Issuer... 17 7.2 Calling Terminal... 18 7.3 Called Terminal... 19 7.4 Token Message Service... 20 7.5 Identity Ticket Acquisition System... 20 Appendix A (normative) ASN.1 Description of Trusted Identity Ticket Data Content and Format... 22 Appendix B (normative) ASN.1 Description of Crypto Token Data Content and Format ... 29 Appendix C (normative) Crypto Token Transmission Method Based on SIP Calls... 32 Appendix D (informative) Example of Terminal Display Interface... 34 Bibliography... 39

1 Scope

This document specifies the technical requirements for transmitting, verifying and displaying the trusted identity of the caller based on crypto tokens in communications, and describes the corresponding test and evaluation methods. This document is applicable to the design, production and test of systems that guide the transmission, verification and display of the trusted identity of the caller.

2 Normative References

The contents of the following documents constitute indispensable clauses of this document through the normative references in the text. In terms of references with a specified date, only versions with a specified date are applicable to this document. In terms of references without a specified date, the latest version (including all the modifications) is applicable to this document. GB/T 15843.2 Information Technology - Security Techniques - Entity Authentication - Part 2. Mechanisms Using Symmetric Encipherment Algorithm GB/T 15843.3 Information Technology - Security Techniques - Entity Authentication - Part 3. Mechanisms Using Digital Signature Techniques GB/T 16262.1 Information Technology - Abstract Syntax Notation One (ASN.1) - Part 1. Specification of Basic Notation GB/T 20518 Information Security Technology - Public Key Infrastructure - Digital Certificate Format GB/T 32905 Information Security Technology - SM3 Cryptographic Hash Algorithm GB/T 32907 Information Security Technology - SM4 Block Cipher Algorithm GB/T 32918.2 Information Security Technology - Public Key Cryptographic Algorithm SM2 Based on Elliptic Curves - Part 2.Digital Signature Algorithm

3 Terms and Definitions

The following terms and definitions are applicable to this document. 3.1 caller The initiator of the call connection, or the intelligent terminal of the call connection initiator. 3.2 called The receiver of the call connection, or the intelligent terminal of the call connection receiver. 3.3 carrier The network service provider of the caller or the called. 3.4 crypto token A data message signed by a trusted user using cryptographic technology and submitted to the called user for verification to represent its own identity. 3.5 identity ticket issuer An organization that generates and issues trusted identity tickets for users. 3.6 identity ticket issuer authorization authority The authorized party of the identity ticket issuer implements authorization management by issuing identity tickets to the identity ticket issuer through digital signatures. 3.7 identity ticket acquisition service A service provided for the called user to query the identity tickets of the caller. services, for example, cloud service, and is accessed in the calling or called network. 3.8 privilege credential Data obtained by a trusted user using symmetric cryptographic technique to indicate that he has the right to use it. 3.9 token message service A transmission service that provides token message for trusted user calls.

4 Symbols and Abbreviations

4.1 Symbols The following symbols apply to this document. IDi. the identity ID issued by the operating system to the ith trusted user for the authentication using the service. The ID is a randomly generated 128-bit data to protect the user’s personal information. Ki. the symmetric key corresponding to the IDi of the ith trusted user securely transmitted by the carrier. RK. a root key for managing users of the carrier that manages trusted users. 4.2 Abbreviations The following abbreviations apply to this document.

5 Overview

5.1 Basic Principles of Caller Identity Authentication Using Crypto Tokens The caller identity authentication using crypto tokens (CHAKEN) specified in this document aims to securely display the trusted identity of the caller to the called. To complete the display of the trusted identity, it is first necessary to issue trusted identity tickets to the trusted user that has passed the review. The tickets contain verified caller information that can be used for display, which is text, picture, audio signal or video information. Secondly, the called utilizes the crypto token and the trusted identity tickets of the caller to authenticate the caller’s identity, so as to ensure that the caller is the holder of the trusted identity ticket. 5.2 Issuance Architecture of Trusted Identity Ticket In the CHAKEN technology specified in this document, the identity management of trusted user adopts a two-layer mode of “identity ticket issuer authorization authority” plus “identity ticket issuer”. The authorization authority is the trust root of the CHAKEN system. Its self- signed identity ticket is pre-set in the user’s cryptographic module in a trusted mode, or a trusted download path is provided for the user. The identity ticket issuer needs to obtain the permission of the authorization authority and obtain the valid identity ticket issued by the authorization authority before issuing identity tickets for general users. The issuance architecture of the trusted identity ticket is shown in Figure 1. 5.3 Issuance Modes of Trusted Identity Ticket Trusted identity tickets are generally issued in two modes. One is that the identity ticket issuer directly reviews user information and issues trusted identity tickets to users. The other is that the subscribers of the identity ticket issuer, that is, the organization users or group users, review Identity Ticket Issuer

6 Security Requirements

6.1 Issuance of Trusted Identity Ticket 6.1.1 Identity ticket issuer authorization authority The issuance of tickets of the identity ticket issuer authorization authority satisfies the following aspects. a) The identity ticket issuer authorization authority shall formulate its own electronic certification business statement, including its own responsibilities and obligations in the issuance and use of identity tickets, the process of issuing identity tickets for the subordinate identity ticket issuer, and the definition of security policies related to the tickets; b) The identity ticket issuer authorization authority shall issue a self-signed ticket for itself in accordance with the format requirements in GB/T 20518, and the self-signed ticket shall be available for users to download in at least two modes; c) The identity ticket issuer authorization authority should set the value of pathLenConstraint in the Basic constraints extensions in the self-signed identity ticket to 1; d) The ticket issuance system used shall be run offline and shall not have any wireless or wired connection with any network; e) The identity ticket issued to the identity ticket issuer shall be encoded using the DER encoding method in accordance with the format requirements in GB/T 20518.The content of the issued ticket shall satisfy the requirements of the trusted identity ticket data content in 6.3; f) The identity ticket issued to the identity ticket issuer shall have the Basic constraints extensions. The meaning of the extensions shall be set in accordance with GB/T 20518.It is advisable to set pathLenConstraint = 0 to prevent nesting among the identity ticket issuers. 6.1.2 Identity ticket issuer The issuance of tickets of the identity ticket issuer satisfies the following aspects. a) The identity ticket issuer shall formulate its own ticket issuance business statement for the ticket security policy and make it public. The business statement shall describe the risk response and compensation strategy prepared for legal and economic issues caused by errors in the tickets it issues, or fraudulent behaviors caused by its tickets. b) The identity ticket issuer can provide online services through the Internet and can also provide offline services. c) The trusted identity ticket issued by the identity ticket issuer to the user shall be encoded using the DER encoding method in accordance with the format requirements in GB/T 20518.The content and format of the issued tickets shall satisfy the requirements of 6.3 and Appendix A. d) The identity ticket issuer can only issue identity tickets to trusted users and must not issue identity tickets to other identity ticker issuers. e) The identity ticket issuer should support the issuance service model of cloud tenants, that is, subscribers; subscribers may utilize their administrative accounts in the identity ticket issuer to type-in and review their employees, and the identity ticket issuer may automatically issue employee identity tickets containing the subscriber’s name to users who have been reviewed by the subscriber administrator in accordance with its own security requirements. f) The business statement shall make it clear that whether the ticket is issued directly by the identity ticket issuer or through the review of the subscriber administrator, the identity ticket issuer shall bear the same legal responsibilities in accordance with its published business statement. 6.1.3 Calling and called terminals The certificate application and acquisition of the calling and called terminals satisfy the following aspects. 6.2 Transmission, Authentication and Information Display of the Caller’s Trusted Identity 6.2.1 Calling terminal The trusted call of the caller satisfies the following aspects. a) When a trusted user makes a call, a crypto token shall be constructed in accordance with the selected trusted identity ticket and the content requirements of 6.4 and sent to the token message service. The content and format of the crypto token data shall comply with the requirements of Appendix B. b) If a trusted user needs to use the token message service, he shall securely obtain the randomly generated IDi and service key Ki from the operating organization of token message service. The trusted user may apply for new IDi and Ki from the operating organization of token message service in accordance with certain strategies to prevent the message service system or network eavesdroppers from tracking through IDi. c) When initiating a normal call, the token shall be transmitted to the token transmission service before the call is initiated. When utilizing the SIP protocol to call, the crypto token format shall comply with the requirements of Appendix C and be combined in the INVITE message of the SIP call for transmission. 6.2.2 Called terminal The call-receiving of the called terminal satisfies the following aspects. a) After receiving the call, the called shall calculate two index values in accordance with the calling number, its own number and the current time through the calculation method in Appendix B. The called shall send these two index values to the token message service to query the crypto token issued by the caller. b) After obtaining the crypto token issued by the caller, if necessary, the privilege credential in the token can be used to query the trusted identity ticket of the caller in the identity ticket acquisition system. c) The called shall verify the trusted identity ticket of the caller in accordance with the provisions of GB/T 20518.The verification of the trusted identity tickets shall start from the root ticket of the authorization authority, and the trusted identity tickets in the identity ticket chain shall be verified one by one. After the verification is completed, the verified caller identity tickets are used utilized to verify the identity token signed by the caller. d) The called terminal can cache the verified identity tickets of the identity ticket issuer in the cryptographic module in accordance with the user-defined storage security policy, or cache the verified trusted identity tickets of the caller in the contacts. When using the cached tickets, different colors or texts shall be used when displaying the identity to remind the user that the cached identity tickets are used this time. If necessary, the user can be reminded to query the tickets for update or the user can set the time for automatic ticket update. e) After verification is completed, the called terminal shall display at least the following information on the home page of calling. For specific display methods, see Appendix D. 1) The country name (c) and organization name (o) of the identity ticket issuer, and mark it as the identity issuer; 2) The policy of the caller identity ticket. If there is no policy in the identity ticket, it shall be displayed as a normal user; 3) Basic information of the trusted identity ticket, including the country name (c), organization name (o), organization unit name (ou), user or role name (cn); 4) Video, graphic or audio information contained in the ticket. At least one of them shall be taken out in order for demonstration; 5) The product name and certification certificate No. of the cryptographic module that supports cryptographic operations. f) The called terminal shall provide a ticket viewing function, through which, the called user can view all the information of the caller identity ticket.

7 Test and Evaluation Methods

7.1 Authorization Authority and Identity Ticket Issuer The test method, expected results and result judgment of the authorization authority and identity ticket issuer are as follows. a) Test method. 1) Review the submitted documents and check the format and validity of its own identity ticket; 2) Obtain at least one trusted identity ticket issued by the authorization authority or identity ticket issuer to check whether the identity ticket complies with the provisions of the trusted identity ticket data content in 6.3; 3) For all data items that meet the requirements of Appendix A, at least one complete trusted identity ticket application and issuance process shall be carried out. b) Expected results. 1) The identity ticket format complies with the requirements of GB/T 20518; 2) The identity ticket verification is valid; 3) The application review and issuance process of the trusted identity ticket can be completed, and the data format of the issued trusted identity ticket shall comply with the requirements of 6.3 and Appendix A. c) Result judgment. If all the above-mentioned expected results are met, it is compliant, and in other cases, it is non-compliant. 7.2 Calling Terminal The function test method, expected results and result judgment of the calling terminal are as follows. 7.3 Called Terminal The function test method, expected results and result judgment of the called terminal are as follows. ......
Source: Above contents are excerpted from the full-copy PDF -- translated/reviewed by: www.ChineseStandard.net / Wayne Zheng et al.

Tips & Frequently Asked Questions

Question 1: How long will the true-PDF of English version of GB/T 43779-2024 be delivered?

Answer: The full copy PDF of English version of GB/T 43779-2024 can be downloaded in 9 seconds, and it will also be emailed to you in 9 seconds (double mechanisms to ensure the delivery reliably), with PDF-invoice.

Question 2: Can I share the purchased PDF of GB/T 43779-2024_English with my colleagues?

Answer: Yes. The purchased PDF of GB/T 43779-2024_English will be deemed to be sold to your employer/organization who actually paid for it, including your colleagues and your employer's intranet.

Question 3: Does the price include tax/VAT?

Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countries

Question 4: Do you accept my currency other than USD?

Answer: Yes. www.ChineseStandard.us -- GB/T 43779-2024 -- Click this link and select your country/currency to pay, the exact amount in your currency will be printed on the invoice. Full PDF will also be downloaded/emailed in 9 seconds.

How to buy and download a true PDF of English version of GB/T 43779-2024?

A step-by-step guide to download PDF of GB/T 43779-2024_EnglishStep 1: Visit website https://www.ChineseStandard.net (Pay in USD), or https://www.ChineseStandard.us (Pay in any currencies such as Euro, KRW, JPY, AUD).
Step 2: Search keyword "GB/T 43779-2024".
Step 3: Click "Add to Cart". If multiple PDFs are required, repeat steps 2 and 3 to add up to 12 PDFs to cart.
Step 4: Select payment option (Via payment agents Stripe or PayPal).
Step 5: Customize Tax Invoice -- Fill up your email etc.
Step 6: Click "Checkout".
Step 7: Make payment by credit card, PayPal, Google Pay etc. After the payment is completed and in 9 seconds, you will receive 2 emails attached with the purchased PDFs and PDF-invoice, respectively.
Step 8: Optional -- Go to download PDF.
Step 9: Optional -- Click Open/Download PDF to download PDFs and invoice.
See screenshots for above steps: Steps 1~3    Steps 4~6    Step 7    Step 8    Step 9