GB/T 27913-2022 English PDFUS$2039.00 ยท In stock
Delivery: <= 10 days. True-PDF full-copy in English will be manually translated and delivered via email. GB/T 27913-2022: Public key infrastructure for financial services - Practices and policy framework Status: Valid GB/T 27913: Historical versions
Basic dataStandard ID: GB/T 27913-2022 (GB/T27913-2022)Description (Translated English): Public key infrastructure for financial services - Practices and policy framework Sector / Industry: National Standard (Recommended) Classification of Chinese Standard: A11 Word Count Estimation: 106,140 Issuing agency(ies): State Administration for Market Regulation, China National Standardization Administration GB/T 27913-2022: Public key infrastructure for financial services - Practices and policy framework---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order. Public key infrastructure for financial services -- Practices and policy framework ICS 35.240.40 CCSA11 National Standards of People's Republic of China Replacing GB/T 27913-2011 Public Key Infrastructure for Financial Services Implementation and Policy Framework (ISO 21188.2018, MOD) Published on 2022-04-15 2022-04-15 Implementation State Administration for Market Regulation Released by the National Standardization Administration directory Preface III Introduction IV 1 Scope 1 2 Normative references 1 3 Terms and Definitions 2 4 Abbreviations8 5 Public Key Infrastructure (PKI) 9 5.1 Overview 9 5.2 Introduction to PKI 9 5.3 Impact of business requirements on the PKI environment 11 5.4 Certification Body 14 5.5 Business Perspective 14 5.6 Certificate Policy (CP) 17 5.7 Certification Service Description (CPS) 19 5.8 Protocol 20 5.9 Timestamp 21 5.10 Trust Model 21 6 Certificate Policy and Authentication Service Description Requirements 23 6.1 Certificate Policy (CP) 23 6.2 Certification Service Description (CPS) 25 7 Certification body control procedures 25 7.1 Overview 25 7.2 CA Environment Control 26 7.3 CA Key Lifecycle Management Control 40 7.4 Subject Key Lifecycle Management Control 45 7.5 Certificate Lifecycle Management Control 50 7.6 CA Certificate Lifecycle Management Control 57 7.7 Subordinate CA Certificate Lifecycle Management 58 Appendix A (Informative) Managed by Certificate Policy 60 Appendix B (Informative) Elements of the Certification Service Description 68 Appendix C (Informative) Object Identifiers (OIDs) 81 Appendix D (Informative) CA Key Generation Process 83 Appendix E (informative) Mapping RFC2527 to RFC3647 86 Appendix F (normative) Certification Body Audit Log Content and Use 87 Appendix G (Informative) Optional Trust Model 90 References 100 forewordThis document is in accordance with the provisions of GB/T 1.1-2020 "Guidelines for Standardization Work Part 1.Structure and Drafting Rules of Standardization Documents" drafted. This document replaces GB/T 27913-2011 "Public Key Infrastructure Implementation and Policy Framework for Financial Services", and GB/T 27913- Compared with.2011, in addition to editorial changes, the main technical changes are as follows. --- Deleted "Business continuity considerations comply with Annex J of ISO 15782-1.2003" (see D.4 of the.2011 edition); --- Modify "should be performed by the authorized person" to "executed by the process initiated by the authorized person" (see 7.4.1, 8.4.1 of the.2011 edition); --- Added about "two or more CAs can join a common scheme for mutual identification" (see 5.4); --- Added information about "the responsible management of the CA should be able to demonstrate that the information security policy is implemented and followed" and "should exist and be enforced. Procedures for conducting risk assessments that consider business and technical factors to identify, analyze, and evaluate trusted service risks. Conclusion of the risk assessment The results shall be communicated to the management group or committee responsible for information security and risk management" section (see 7.2.2). This document is modified to adopt ISO 21188.2018 "Public Key Infrastructure Implementation and Policy Framework for Financial Services". The technical differences between this document and ISO 21188.2018 and their reasons are as follows. --- Deleted the relevant terms of FIPS (US Federal Information Processing Standard) and references related to FIPS140-2 in the full text, choose to use Use ISO 19790 to meet the requirements of my country's password management. --- Added Chapter 2 for GB/T 16649.1~GB/T 16649.12, GB/T 16649.15, GB/T 18336.1-2015, References to GB/T 18336.2-2015 and GB/T 18336.3-2015. did not appear. --- Added SAN (Subject Alternative Name) and EV (Extended Validation) in Chapter 4, these terms appear in this document. --- Changed "as shown in 5.7.3 and 5.7.6" mentioned in 5.7.1 to "as shown in 5.7.2 and 5.7.6", in ISO 21188.2018 Citation error. --- Delete the "(see 0)" appearing in D.3 of Appendix D, the citation error in ISO 21188.2018. The following editorial changes have been made to this document. --- Deleted the relevant examples involving DOD (United States Department of Defense) in 5.10. This document is proposed by the People's Bank of China. This document is under the jurisdiction of the National Financial Standardization Technical Committee (SAC/TC180). This document was drafted by. People's Bank of China, CICC Financial Certification Center Co., Ltd., Chongqing Technology and Business University, Shandong University of Finance and Economics, Beijing National Institute of Financial Standardization Co., Ltd., Institute of Information Engineering, Chinese Academy of Sciences. The main drafters of this document. Li Wei, Hu Ying, Yang Fuyu, Li Da, Qu Weimin, Zhen Jie, Dong Kunxiang, Feng Lei, Xie Zongxiao, Ma Chunwang, Zhao Gaixia, Wang Zichong, Cao Jianfeng, Li Jiaqi, Xie Yanli, Bo Shuntian, He Yu, Xiong Gang, Gou Gaopeng. The previous versions of this document and its superseded documents are as follows. ---First published in.2011 as GB/T 27913-2011; ---This is the first revision.IntroductionWith the continuous expansion of the application of Internet technology in the financial services industry, the financial industry has become increasingly concerned about providing secure, confidential and trustworthy financial transactions. The growing demand for easy and processing systems has led to the combination of advanced security techniques and public key cryptography. public key cryptography needs Business-optimized technical, management and policy infrastructure (defined in this document as public key infrastructure or PKI) to meet the needs of financial application systems Requirements for electronic identification, authentication, message integrity protection and authorization. The application of electronic identification, authentication and authorization standards in PKI further ensures that It improves the consistency, predictability and trustworthiness of electronic transactions in system security. In my country, digital signature and PKI technology can be used to develop applications in the financial service industry. The safety and efficacy of these applications depend in part on Rely on practices that ensure the overall integrity of the infrastructure. For bases that associate personal identities with other entities and key elements such as keys For authorized systems, its users can benefit from a standard risk management system and the auditable business basis defined in this document. This document establishes a framework for managing PKI through certificate policies, authentication service descriptions, control objectives and control procedures. to these marks For standard implementers, entities in my country's financial transactions can rely on the extent to which this document is implemented and the inter-PKI relationship achieved by using this document. The degree of interoperability will depend on the policy and implementation-related factors defined in this document. Public Key Infrastructure for Financial Services Implementation and Policy Framework1 ScopeThis document specifies the management of PKI through certificate policies and authentication business specifications, and the use of public key certificates in the financial services industry requirements framework. It also defines the control objectives and control procedures for risk management. Although this document may be used to process digital signatures or encryption generation of public key certificates for key establishment, but it will not be used to handle authentication methods, non-repudiation requirements, or key management protocols. This document applies to distinguish between PKI systems in open, closed and contractual environments, and is based on the financial services industry information system Control objectives further define the business that is run. The purpose of this document is to help implementers define PKI services that support multi-certificate policies, Includes the use of digital signatures, remote authentication, key exchange, and data encryption. This document makes it easier to implement the operability of PKI-controlled businesses that meet the requirements of the financial services industry in a contractual environment. Although this document is primarily aimed at the contract environment, it does not preclude the application of the document to other environments. The term "certificate" in this document refers to a public key certificate. Attribute certificates are outside the scope of this document. This document is aimed at a variety of users with different needs, so each type of user will focus on different content. Business managers and analysts are those who need to use PKI technology in the conduct of business (e.g. e-commerce), see Section 1 Chapter ~ Chapter 6. Technical designers and implementers are those who write the certificate policy and authentication business descriptions, see Chapters 6 to 7, and Appendix A to Appendix A. record G. Operational managers and auditors are those who are responsible for the day-to-day operation of the PKI system and perform consistency checks according to this document, see Chapters 6- Chapter 7.2 Normative referencesThe contents of the following documents constitute essential provisions of this document through normative references in the text. Among them, dated citations documents, only the version corresponding to that date applies to this document; for undated references, the latest edition (including all amendments) applies to this document. GB/T 14916-2006 Physical Characteristics of Identification Cards (ISO /IEC 7810.2003, IDT) GB/T 16649.1 Integrated circuit cards with contacts for identification cards - Part 1.Physical characteristics GB/T 16649.2 Identification card for integrated circuit cards with contacts - Part 2.Dimensions and locations of contacts GB/T 16649.3 Identification Cards Integrated Circuit Cards with Contacts Part 3.Electrical Signals and Transmission Protocols GB/T 16649.4 Identification Card Integrated Circuit Card Part 4.Structure, Security and Command for Switching GB/T 16649.5 Integrated circuit cards with contacts for identification cards - Part 5.National numbering system and registration of application identifiers Procedure GB/T 16649.6 Integrated circuit cards with contacts for identification cards - Part 6.Inter-industry data elements GB/T 16649.7 Integrated circuit cards with contacts for identification cards - Part 7.Lines for Structured Card Query Language (SCQL) inter-industry order GB/T 16649.8 Integrated circuit cards with contacts for identification cards - Part 8.Inter-industry commands related to security GB/T 16649.9 Identification Card Integrated Circuit Card Part 9.Commands for Card Management ......Tips & Frequently Asked Questions:Question 1: How long will the true-PDF of GB/T 27913-2022_English be delivered?Answer: Upon your order, we will start to translate GB/T 27913-2022_English as soon as possible, and keep you informed of the progress. The lead time is typically 6 ~ 10 working days. The lengthier the document the longer the lead time.Question 2: Can I share the purchased PDF of GB/T 27913-2022_English with my colleagues?Answer: Yes. The purchased PDF of GB/T 27913-2022_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet.Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countriesQuestion 4: Do you accept my currency other than USD?Answer: Yes. If you need your currency to be printed on the invoice, please write an email to Sales@ChineseStandard.net. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay.Question 5: Should I purchase the latest version GB/T 27913-2022?Answer: Yes. Unless special scenarios such as technical constraints or academic study, you should always prioritize to purchase the latest version GB/T 27913-2022 even if the enforcement date is in future. Complying with the latest version means that, by default, it also complies with all the earlier versions, technically. |
