GB/T 28455-2012 English PDF
Basic dataStandard ID: GB/T 28455-2012 (GB/T28455-2012)Description (Translated English): Information security technology -- Entity authentication involving a trusted third party and access architecture specification Sector / Industry: National Standard (Recommended) Classification of Chinese Standard: L80 Classification of International Standard: 35.020 Word Count Estimation: 227,238 Quoted Standard: GB/T 15629.2-2008; GB/T 15629.3-1995; GB 15629.11-2003; ISO/IEC 9798-3-1998/AMD 1-2010; IEEE STD 802.3-2005; IEEE STD 802.1D-2004; IEEE STD 802.1Q-2003; IEEE STD 802.1X-2004 Regulation (derived from): National Standards Bulletin No. 13 of 2012 Issuing agency(ies): General Administration of Quality Supervision, Inspection and Quarantine of the People's Republic of China, Standardization Administration of the People's Republic of China Summary: This standard specifies the introduction of a trusted third party entity authentication and access architecture of the general method. Include: a) the introduction of a trusted third party entity authentication and access architecture framework, b) the in GB/T 28455-2012: Information security technology -- Entity authentication involving a trusted third party and access architecture specification---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order. Information security technology. Entity authentication involving a trusted third party and access architecture specification ICS 35.020 L80 National Standards of People's Republic of China Information security technology into a trusted third party entity Identification and access architecture specification Issued on. 2012-06-29 2012-10-01 implementation Administration of Quality Supervision, Inspection and Quarantine of People's Republic of China Standardization Administration of China released Table of ContentsIntroduction Ⅲ Introduction Ⅳ 1 Scope 1 2 Normative references 1 3 Terms and definitions 2 4 Abbreviations 2 Entity authentication and access infrastructure 5 introduces a trusted third party 3 5.1 Overview 3 Range 5.2 access control 4 5.3 system, roles, and port 4 5.4 port access entity (PAE) 8 5.5 IEEEStd802.3-2005 port access control use 15 TAEP package (TAEPoL) 15 6 link 6.1 Overview 15 Send and identification 6.2 octet 15 6.3 TAEPoLMPDU format GB/T 15629.2 (IEEE802.2) Logical Link Control (LLC) in 16 6.4 TAEPoLMPDU format GB/T 15629.3 (IEEE802.3) in 16 6.5 Label TAEPoLMPDU 17 6.6 TAEPoLPDU format 17 6.7 TAEPoLPDU acknowledgment is received and processed 21 TAEPoL protocol format 7 identification to access control protocols such as 21 7.1 Overview 21 7.2 Identification Process 22 7.3 PCAP state machine 23 8-port access control management 47 47 8.1 General Requirements 8.2 management function 47 48 8.3 Managed Objects 8.4 Data Types 48 8.5 Identification Access Controller PAE managed object 49 8.6 supplicant PAE managed object 54 57 8.7 System Management Objects 9 Port Access Control MIB definitions 58 Appendix A (normative appendix) PICS proforma 85 Annex B (informative) authentication protocol based TAEP package 91 Annex C (informative) for wireless metropolitan area network TAAA mechanism 116 Annex D (informative) LAN MAC technology 136 Consider Appendix E (normative) 219 one-way control function References 221ForewordThis standard was drafted in accordance with GB/T 1.1-2009 given rules. This standard by the National Safety Standardization Technical Committee (SAC/TC260) and focal points. This standard is mainly drafted by. Xi'an Electric Co., Ltd. Jietong wireless network, the National Bureau of commercial encryption password Detection Heart, State Key Laboratory of Information Security, China Electronics Standardization Institute, State Radio Monitoring Center Testing Center, Xi'an Electronics Division University of Technology, Xi'an Institute of Posts and Telecommunications, Guangzhou GCI Science & Technology Co., Ltd., Shenzhen, China and Macao-Technology Co., Ltd., China Information Security Certification Center, the National Information Security Engineering Research Center, the National Computer Network Emergency Response Technical Team Coordination Center, the National Information Technology Security Full Research Center, Ministry of Public Security First Research Institute, the Ministry of Industry and Information Technology Communications Measurement Center, Ministry of Public Security Protection Information Evaluation Center, Country University of Defense Technology Beijing Government Network Management Center, Chongqing University of Posts and Telecommunications, Yulong Computer Telecommunication Scientific (Shenzhen) Co., Ltd., the Chinese people University, the PLA Information Security Evaluation and Certification Center, China Telecom, the State Information Center, Peking University Shenzhen Graduate Institute, China Electric Power Research Institute, Beijing Hua Tai Electronic Design Co., Ltd., Southeast University, China Mobile Group Design Institute has Limited, PLA Information Engineering University, Jiangnan Institute of Computing Technology, Beijing University of Posts and Telecommunications, according to Shanghai Dragon Electronics Co., Beijing Wulong telecommunications technology company, Beijing Network Technology Co., Ltd. co-founder of PayPal, Shenzhen-Hong Electric Technology Co., Ltd., Beijing University Founder Group Corporation Division, Haier Group Company, Beijing Guang Xin Rong Branch Technology Co., Ltd. Beijing Liugewantong Microelectronics Technology Co., Ltd., Hong Haoming Chuan Technology (North Beijing) Co., Ltd., Beijing city hotspots Information Co., Ltd., Beijing Hua Guang Tong Technology Development Co., Maipu Communication Technology Co., Changchun Jida Zhengyuan Information Technology Co., Ltd., Tsinghua University, Beijing Tianyi Science and Technology Co., Ltd. integrated, Guilin Institute of Electronic Technology, Xi'an Liren Technology Co., Broadband Wireless IP Standard Working Group, WAPI Industry Alliance. The main drafters of this standard. Huang Zhenhai, Lai Xiaolong Li Dawei, FENG Deng, Song from the column, iron full Xia Cao, Li Jiandong, Lin Ning, Soothing, Zhu Zhixiang, Chen Xiaohua, Guo Lei, Lijing Chun, Yu Yali, Wang Yumin, Zhang Ling changed, Xiao Yue Lei, high waves, high Kunlun, Pan Feng, Hu Yanan, Jiang Qingsheng, Shaw Gimli, Zhu Jianping, Jia Yan, Shi Wei years, Li Qin, Li Guangsen, non-Mattress, Liang Zhaohui, Liangqiong Wen, Luo Xuguang, Zhao Hua Long, Shen Ling Yun, Zhang Wei, Xu Pingping, Ma Huaxing, peak, ice Qiu Hong, Zhu Yuesheng, Wang Yahui, blue sky, Wang Zhijian, His Odes Guoqiang, Tian Xiaoping, Tian Hui, Zhang Yongqiang, Shou Guoliang, Mao Liping, Caozhu Qing, Guo Zhigang, Gao Hong, Han Kang, Wang Gang, BAI Guo-qiang, Chen Zhifeng, Li Jianliang, Li Dawei, Wang Liren, plateaus, Yue Lin, Well Jing Tao.IntroductionNetwork communications often in such an environment, an unauthorized terminal device may be physically connected to the network, the terminal equipment connected authorization Then the network is not necessarily expect it, so in front of the terminal and network communication, authentication and authorization functions required by discriminating each other body Parts of legitimacy, in order to ensure secure communications. This communications and information technology industry has been looking for cost-effective security solutions, security The network should be protected against malicious and inadvertent attacks, and should meet the business information and services, confidentiality, integrity, availability, Non-repudiation, verifiability, authenticity and reliability requirements. Therefore, the main objective of this paper is to propose a suitable network access control and identity management, the support of upper-layer services, universal FITNESS entity authentication and secure access protocol and structure. This standard will use asymmetric cryptographic technology, and the introduction of online trusted third party, Construction of authentication protocol, and define the network security access architecture. The standard main contents are. --- Introduction of entity authentication and access infrastructure ternary structure of a trusted third party, will participate in the identification and authorization of entities placed on such Role, using the logical port control method to complete both the authentication and authorization; --- Access control method of the present standard may be applied to determine the wireless network access control, wired network access control and IP adaptive shift Dynamic access control systems. Users of this standard is the communications industry manufacturers, testing organizations and research institutions. At the time of the issuing authority drew attention to a statement of compliance with this standard may involve 5.4.5.4 and "Ternary structure peer visit Q. control method "," peer to peer access control system for ternary structure "and other patents related to the use. The standard release mechanism for the patent authenticity, validity and scope without any position. The patent holder has the issuing authority to ensure this standard, he is willing to reasonable and non-discriminatory terms and conditions with any applicant, Patent licensing negotiations. The patent holder has released a statement for the record in the present standard. Information is available through the following link Ways. Patentee. Xi'an Electric Jietong Wireless Network Communication Co., Ltd. Address. Xi'an High-tech Zone Xi'an Software Park Road No. 68 Qin Pavilion A201 Contact. Liu Changchun Postal Code. 710075 Email. ipri@iwncomm.com Phone. 029-87607836 Fax. 029-87607829 Please note that in addition to the above patents, certain aspects of this standard may still involve patents. The standard release mechanism does not undertake to identify these Patent responsibility. Information security technology into a trusted third party entity Identification and access architecture specification1 ScopeThis standard provides a general method for introducing entity authentication and access infrastructure of a trusted third party. include. a) introducing a framework for entity authentication and access infrastructure of a trusted third party; b) introducing a trusted third party entity authentication and access to the basic principles of architecture; c) definition introduces a trusted third party entity authentication and access infrastructure at different levels and the corresponding behavior of sending and receiving data ports; d) definition introduces a trusted third party entity authentication and access architecture participation message exchange protocol between the entities; e) definition of message exchange protocol to complete the process using the entity authentication and access architecture introduced a trusted third party; f) the provisions of data encoding protocol interaction message; g) introducing a trusted third party to establish the needs of entity authentication and access infrastructure management, identity management objects defined management operations; h) describe a remote administrator using SNMP (SNMP) management operations that can be performed; i) description of equipment conforming to this standard should meet the requirements, see Appendix A. This standard applies to wireless network access control, network access control and IP wireline network access control systems.2 Normative referencesThe following documents for the application of this document is essential. For dated references, only the dated version suitable for use herein Member. For undated references, the latest edition (including any amendments) applies to this document. Between GB/T 15629.2-2008 Information technology - Telecommunications and information exchange between local area networks and metropolitan area networks-specific requirements - Part 2. LLC GB/T 15629.3-1995 Information processing systems - local area network - Part 3. with collision detection Carrier Sense Multiple Access (CSMA/CD) Access Method and Physical Layer Specifications Inter GB 15629.11-2003 Information technology - Telecommunications and information exchange between local area networks and metropolitan area networks-specific requirements - Part 11. Wireless LAN Medium Access Control and Physical Layer Specifications ISO /IEC 9798-3.1998/Amd.1.2010 Information technology - Security techniques - Entity Identification - Part 3. Digital Signature Mechanism technicians amendments 1 (Informationtechnology-Securitytechniques-Entityauthentication- Part 3. Mechanismsusingdigitalsignaturetechniques-Amendment1) IEEEStd802.3TM-2005 - Local and metropolitan area networks - Part 3. Carrier Sense Multiple Access with Collision Detection Access (CSMA/CD) Method and Physical Layer Specifications [IEEEStandardforLocalandMetropolitanAreaNetworks-Part 3. CarrierSenseMultipleAccesswithColisionDetection (CSMA/CD) AccessMethodandPhysical LayerSpecifications] IEEEStd802.1DTM-2004 LAN and MAN MAC Bridge specification [IEEEStandardforLocaland MetropolitanAreaNetworks-MediaAccessControl (MAC) Bridges] IEEEStd802.1QTM-2003 LAN and MAN specification Virtual LAN bridge (IEEEStandardsforLocaland MetropolitanAreaNetworks-VirtualBridgedLocalAreaNetworks) IEEEStd802.1xTM-2004 LAN and MAN specification port based network access control (IEEEStandardsfor LocalandMetropolitanAreaNetworks-Port-BasedNetworkAccessControl) ......Tips & Frequently Asked Questions:Question 1: How long will the true-PDF of GB/T 28455-2012_English be delivered?Answer: Upon your order, we will start to translate GB/T 28455-2012_English as soon as possible, and keep you informed of the progress. The lead time is typically 1 ~ 3 working days. The lengthier the document the longer the lead time.Question 2: Can I share the purchased PDF of GB/T 28455-2012_English with my colleagues?Answer: Yes. The purchased PDF of GB/T 28455-2012_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet.Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countriesQuestion 4: Do you accept my currency other than USD?Answer: Yes. If you need your currency to be printed on the invoice, please write an email to Sales@ChineseStandard.net. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay. |
