GB/T 35787-2017 PDF in English
GB/T 35787-2017 (GB/T35787-2017, GBT 35787-2017, GBT35787-2017)
Standard ID | Contents [version] | USD | STEP2 | [PDF] delivered in | Name of Chinese Standard | Status |
GB/T 35787-2017 | English | 85 |
Add to Cart
|
0-9 seconds. Auto-delivery.
|
Security technical requirement for the read-write equipment of the electronic identification of motor vehicles
| Valid |
Standards related to (historical): GB/T 35787-2017
PDF Preview
GB/T 35787-2017: PDF in English (GBT 35787-2017) GB/T 35787-2017
GB
NATIONAL STANDARD OF THE
PEOPLE’S REPUBLIC OF CHINA
ICS 35.240.15
L 80
Security Technical Requirement for the
Read-write Equipment of the Electronic
Identification of Motor Vehicles
ISSUED ON. DECEMBER 29, 2017
IMPLEMENTED ON. JULY 1, 2018
Issued by. General Administration of Quality Supervision, Inspection and
Quarantine;
Standardization Administration of the People’s Republic of
China.
Table of Contents
Foreword ... 3
1 Scope ... 4
2 Normative References ... 4
3 Terms and Definitions ... 4
4 Abbreviations ... 5
5 General Requirements ... 5
5.1 Requirements of Communication Security ... 5
5.2 Basic Structure ... 5
5.3 Cryptographic Algorithm ... 6
5.4 Key Management ... 6
5.5 Confidentiality ... 6
5.6 Integrity ... 6
5.7 Non-repudiation ... 6
5.8 Identity Authentication ... 7
5.9 Access Control ... 7
5.10 Audit Record ... 8
6 Manufacturing and Scrap Disposal ... 8
6.1 Manufacturing ... 8
6.2 Scrap Disposal ... 8
Foreword
This Standard was drafted in accordance with the rules in GB/T 1.1-2009.
Please be noted that certain content in this document might involve patents. The
institution that issues this document does not undertake the responsibility of identifying
these patients.
This Standard was proposed by and shall be under the jurisdiction of The Ministry of
Public Security of the People’s Republic of China.
The drafting organizations of this Standard. Traffic Management Research Institute of
the Ministry of Public Security, China Electronics Standardization Institute, RAY-LINKS
(Beijing) Technologies Co., Ltd., National Quality Supervision and Testing Center for
RFID Products, National Road Traffic Safety Product Quality Supervision and
Inspection Center.
The main drafters of this Standard. Liu Dongbo, Huangjin, Hu Jiabin, Xu Minjie, Fang
Wangsheng, Gaolin, Guanchao, Li Zhuofan, Yangyong, Daijia.
Security Technical Requirement for the
Read-write Equipment of the Electronic
Identification of Motor Vehicles
1 Scope
This Standard specifies the general security requirements, manufacturing and scrap
disposal of the read-write equipment of the electronic identification of motor vehicles.
This Standard is applicable to the design, development, test and application of the
read-write equipment and application system of the electric identification of motor
vehicles.
2 Normative References
The following documents are indispensable to the application of this Standard. In terms
of references with a specified date, only versions with a specified date are applicable
to this Standard. The latest version (including all the modifications) of references
without a specified date is applicable to this Standard.
GB/T 35789.1-2017 General Specification for the Electronic Identification of Motor
Vehicles - Part 1. Automobile
GM/T 0024 SSL VPN Specification
GM/T 0035.1-2014 Specifications of Cryptographic Application for RFID Systems -
Part 1. Cryptographic Protection Framework and Security Levels
GM/T 0035.5 Specifications of Cryptographic Application for RFID Systems - Part
5. Specification for Key Management
3 Terms and Definitions
What is defined in GB/T 35789.1-2017, and the following terms and definitions are
applicable to this document.
3.1 Security Module
Security module refers to a component, which is imbedded in the read-write equipment
and provides the function of cryptographic operation to the read-write equipment.
5.3 Cryptographic Algorithm
Security module and PSAM card shall adopt cryptographic algorithm approved by
national password management department.
5.4 Key Management
Key management shall comply with the following requirements.
a) The generation, input, storage, dispersion and usage of key shall comply with
the requirement in GM/T 0035.5;
b) Key in the security module shall be managed by institutions authorized by public
security organs;
c) Key in the PSAM card shall be managed by competent departments of
application industries.
5.5 Confidentiality
5.5.1 Storage confidentiality
Storage confidentiality shall comply with the following requirements.
a) Sensitive information shall adopt cryptographic algorithm for encryption
protection, so as to prevent unauthorized access;
b) Access permission information and keys shall be stored in the security module
or the PSAM card;
c) Asymmetric algorithm private key and symmetric algorithm key shall not be
readable.
5.5.2 Transmission confidentiality
SSL VPN technology, which complies with the requirement in GM/T 0024, should be
adopted, so as to guarantee transmission confidentiality between the read-write
equipment and the application system.
5.6 Integrity
Cryptography shall be adopted to verify sensitive information in the transmission
between the read-write equipment and the application system, so as to find out
information being tampered, deleted or interpolated.
5.7 Non-repudiation
Digital signature technology shall be adopted to implement non-repudiation between
the read-write equipment and the application system.
...... Source: Above contents are excerpted from the PDF -- translated/reviewed by: www.chinesestandard.net / Wayne Zheng et al.
|