GB/T 15843.2-2024 English PDFUS$529.00 · In stock
Delivery: <= 5 days. True-PDF full-copy in English will be manually translated and delivered via email. GB/T 15843.2-2024: Cybersecurity technology - Entity authentication - Part 2: Mechanisms using authenticated encryption Status: Valid GB/T 15843.2: Historical versions
Basic dataStandard ID: GB/T 15843.2-2024 (GB/T15843.2-2024)Description (Translated English): Cybersecurity technology - Entity authentication - Part 2: Mechanisms using authenticated encryption Sector / Industry: National Standard (Recommended) Classification of Chinese Standard: L80 Classification of International Standard: 35.030 Word Count Estimation: 26,250 Date of Issue: 2024-09-29 Date of Implementation: 2025-04-01 Older Standard (superseded by this standard): GB/T 15843.2-2017 Issuing agency(ies): State Administration for Market Regulation, China National Standardization Administration GB/T 15843.2-2024: Cybersecurity technology - Entity authentication - Part 2: Mechanisms using authenticated encryption---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order. ICS 35.030 CCSL80 National Standard of the People's Republic of China Replaces GB/T 15843.2-2017 Cybersecurity Technology Entity Authentication Part 2.Mechanisms using authenticated encryption Released on 2024-09-29 2025-04-01 Implementation State Administration for Market Regulation The National Standardization Administration issued Table of ContentsPreface III Introduction V 1 Scope 1 2 Normative references 1 3 Terms and Definitions 1 4 Symbols and abbreviations 2 4.1 Symbols 2 4.2 Abbreviations 3 5 General 3 6 Requirements 4 7 Mechanisms that do not involve online trusted third parties 5 7.1 General 5 7.2 One-way Authentication 5 7.3 Mutual Authentication 6 8 Mechanisms involving online trusted third parties 8 8.1 Overview 8 8.2 Mechanism TTP.TS---Four-pass Authentication 8 8.3 Mechanism TTP.CR---Five-pass authentication 9 Appendix A (Normative) Object Identifiers 11 Appendix B (Informative) Use of Text Fields 12 Appendix C (Informative) Main characteristics of entity authentication mechanism 13 Appendix D (Informative) Mechanism MUT.CR---Three-pass authentication reference example 14 Reference 17ForewordThis document is in accordance with the provisions of GB/T 1.1-2020 "Guidelines for standardization work Part 1.Structure and drafting rules for standardization documents" Drafting. This document is Part 2 of GB/T 15843.GB/T 15843 has been published in the following parts. --- Information technology security techniques - Entity authentication - Part 1.General principles; --- Network security technology Entity authentication Part 2.Mechanisms using authentication encryption; --- Information technology security techniques - Entity authentication - Part 3.Mechanisms using digital signature technology; --- Network security technology Entity authentication Part 4.Mechanism using cryptographic verification function; --- Information technology security techniques - Entity authentication - Part 5.Mechanisms using zero-knowledge techniques; --- Information technology security techniques. Entity authentication. Part 6.Mechanisms using manual data transfer. This document replaces GB/T 15843.2-2017 "Information technology security technology entity authentication Part 2.Using symmetric encryption algorithm Compared with GB/T 15843.2-2017, in addition to structural adjustments and editorial changes, the main technical changes are as follows. a) Added the description of the scope of application and applicable objects of the standard, and deleted the description of time-varying parameters and number of information transmission in the "scope" It is included in Chapter 5 (see Chapter 5, Chapter 1 of the.2017 edition); b) Added the term "authenticator" and its definition (see 3.3), and changed the term "authenticated encryption" to "authenticated encryption" (see 3.1, 3.1 of the.2017 version), "Timestamp" (see 3.4, 3.6 of the.2017 version), "Claiming Party" (see 3.2, 3.3 of the.2017 version), "Trusted third party" (see 3.5, 3.7 of the.2017 edition), deleted the terms "ciphertext", "message authentication code", and "message authentication code algorithm" (See 3.2, 3.4 and 3.5 of the.2017 edition); c) Added the symbol "SIDim" (see Chapter 4, Chapter 6, Chapter 7, Chapter 8 and Appendix A), and added the abbreviation "DER" "MAC" (see 4.2); d) Added "General Principles" to include the explanations of the authentication mechanism related to time-varying parameters, information transmission times, etc. Supplemented the description of the appendix (see Chapter 5); e) Changed “symmetric encryption” in “requirements” to “authentication encryption” and modified the wording (see Chapter 6, Chapter 5 of the.2017 edition); f) Added the requirements for initialization vector (see Chapter 6); g) Changed “trusted third party” to “online trusted third party” and modified the expression (see Chapter 7 and Chapter 8,.2017 Edition). Chapters 6 and 7); h) Change the identifiers of various mechanisms from numbers to English abbreviations (see Chapter 4, Chapter 7, Chapter 8, Appendix A,.2017 Edition) Chapter 6, Chapter 7, Appendix A); i) Changed the "Object Identifier" (see Appendix A, Appendix A of the.2017 Edition) and deleted the "Comply with ASN.1 Basic Encoding Rules" (BER) Coding Examples” (see A.3 of the.2017 Edition). This document is modified to adopt ISO /IEC 9798-2.2019 "Information security technology entity authentication Part 2.Authentication using cryptographic authentication mechanism". This document has the following structural adjustments compared to ISO /IEC 9798-2.2019. ---4.1 corresponds to Chapter 4 of ISO /IEC 9798-2.2019, and adds 4.2; --- Added Appendix D. The technical differences between this document and ISO /IEC 9798-2.2019 and their reasons are as follows. --- Regarding normative references, this document has made adjustments with technical differences to adapt to my country's technical conditions. It is reflected in Chapter 2 “Normative Reference Documents”, and the specific adjustments are as follows. ● The normative reference GB/T 15843.1-2017 replaces ISO /IEC 9798-1 (see Chapter 3). GB/T 36624 replaces ISO /IEC 19772 (see Chapter 3 and Chapter 6); ● ISO /IEC 8824 (all parts) has been replaced by the normatively referenced GB/T 16262 (all parts) (see Appendix A); ● Added normative reference GB/T 25069-2022 (see Chapter 3); --- In order to ensure consistency with national standards, the introduction to the chapter "Terms and Definitions" adds references to the document GB/T 25069 (see Chapter 3); --- To ensure consistency with national standards, the term "verifier" and its definition are added (see Chapter 3), and the ISO /IEC 9798-2.2019 "ciphertext" terminology and definitions; ---To ensure the readability of the file, the symbols "A, B", "IU", "KUV", "NU", "RU", "TNU", "TokenUV", and "TU" have been modified. "TVPU", added symbols "IV" "R'X" "Textn" "MUT.CR" "MUT.TS" "TTP.CR" "TTP.TS" "UNI.CR" "UNI.TS" "‖" (see 4.1); --- In order to maintain the consistency of the text and ensure the readability of the text, modify the mechanism identifier involving the online trusted third party. "TP.TS" is changed to "TTP.TS", and "TP.CR" is changed to "TTP.CR" (see 4.1, Chapter 8). The following editorial changes were made to this document. --- According to the actual situation in China, the file name is modified to "Network Security Technology Entity Authentication Part 2.Using Authentication Encryption The mechanism of " --- Deleted the description of Appendix A in Chapter 1 of ISO /IEC 9798-2.2019 and adjusted it to Chapter 5 (see Chapter 5); --- Chapter 5 adds informative references to GM/T 0078, GM/T 0103 and GM/T 0105 (see Chapter 5); --- Chapter 6 replaces ISO /IEC 11770-1 with the informative reference GB/T 17901.1 (see Chapter 6); --- Added the informative appendix "Mechanism MUT.CR---Three-pass authentication reference example" (see Appendix D). Please note that some of the contents of this document may involve patents. The issuing organization of this document does not assume the responsibility for identifying patents. This document was proposed and coordinated by the National Cybersecurity Standardization Technical Committee (SAC/TC260). This document was drafted by. Beijing Digital Certification Co., Ltd., China Electronics Technology Standardization Institute, University of Chinese Academy of Sciences, National Password Administration, Puhua Integrity Information Technology Co., Ltd., Feitian Integrity Technology Co., Ltd., Geer Software Co., Ltd., Zhejiang University Hua Technology Co., Ltd., Shaanxi Information Engineering Research Institute, Yunnan Power Grid Co., Ltd. Information Center, Beijing Times Yixin Technology Co., Ltd., Zhengzhou Xindajiean Information Technology Co., Ltd., Institute of Software, Chinese Academy of Sciences, the Third Research Institute of the Ministry of Public Security, Xingtang Communications Technology Co., Ltd., Beijing Xin'an Century Technology Co., Ltd., Changyang Technology (Beijing) Co., Ltd., Beijing Times New Prestige Information Technology Co., Ltd., China Unicom Online Information Technology Co., Ltd., Institute of Information Engineering, Chinese Academy of Sciences, Beijing Guomai Xinan Technology Co., Ltd. Co., Ltd., Huawei Technologies Co., Ltd., Dingxuan Commercial Cryptography Evaluation Technology (Shenzhen) Co., Ltd., and Venusstar Information Technology Group Co., Ltd. The main drafters of this document are. Liu Zhong, Xia Luning, Li Yanfeng, Jing Jiwu, Wang Peng, Tian Minqiu, Lin Yanghuichen, Wang Qiongxiao, Zheng Yajie, Li Xiangfeng, Wang Yuewu, Gao Wuxing, Zhu Pengfei, Zheng Qiang, Yan Bin, Zhao Xiaorong, Xiao Peng, Liu Weifeng, Liu Weihua, Zhang Liwu, Yang Yuanyuan, Cai Zifan, Zhang Yu, Zhao Hua, Zhu Weiru, Fu Dapeng, Yan Xuewei, Tian Xuejuan, Guo Lifang, Wei Dong, Zhang Zhenhong, Zhang Yan, Cheng Fuxing, Jia Shijie, Ma Yuan, Yuan Feng, Zeng Guang, Chen Lei, Xu Xuejiao, Li Xin, Wang Xinjie, Liang Bin, Feng Weiduan, Xiao Fei, and Chen Xiaoyu. The previous versions of this document and the documents it replaces are as follows. ---First published in.1997 as GB/T 15843.2-1997, first revised in.2008, second revised in.2017; ---This is the third revision.IntroductionGB/T 15843 aims to standardize different types of entity authentication protocols in entity authentication mechanisms and is intended to consist of 6 parts. --- Part 1.General. The purpose is to standardize the authentication model and general constraints in the entity authentication mechanism. --- Part 2.Mechanisms using authentication encryption. The purpose is to standardize six mechanisms for implementing entity authentication using authentication encryption and related requirements. --- Part 3.Mechanisms using digital signature technology. The purpose is to standardize ten entity authentication mechanisms based on digital signature technology and related requirements. --- Part 4.Mechanisms using cryptographic verification functions. The purpose is to standardize four entity authentication mechanisms using cryptographic verification functions and related requirements. ---Part 5.Mechanisms using zero-knowledge technology. The purpose is to standardize three entity authentication mechanisms using zero-knowledge technology and their related About requirements. --- Part 6.Mechanisms using artificial data transfer. The purpose is to standardize eight mechanisms based on artificial data transfer between devices. Mechanisms and related requirements for entity authentication. Cybersecurity Technology Entity Authentication Part 2.Mechanisms using authenticated encryption1 ScopeThis document specifies two categories (six in total) of mechanisms that use authentication encryption in accordance with GB/T 36624 to achieve entity authentication. The introduction of an online trusted third party includes two one-way authentication mechanisms and two mutual authentication mechanisms. It includes two one-way or mutual entity authentication mechanisms. This document is applicable to guiding the design, development and testing of entity authentication systems, products or services based on authentication encryption.2 Normative referencesThe contents of the following documents constitute essential clauses of this document through normative references in this document. For referenced documents without a date, only the version corresponding to that date applies to this document; for referenced documents without a date, the latest version (including all amendments) applies to This document. GB/T 15843.1-2017 Information technology security techniques Entity authentication Part 1.General principles (ISO /IEC 9798-1. 2010, IDT) GB/T 16262 (all parts) Information technology Abstract Syntax Notation One (ASN.1) [ISO /IEC 8824 (all parts)] Note. GB/T 16262.1-2006 Information technology Abstract syntax notation 1 (ASN.1) Part 1.Basic notation specification (ISO /IEC 8824-1. 2002,IDT); GB/T 16262.2-2006 Information technology Abstract Syntax Notation 1 (ASN.1) Part 2.Information object specification (ISO /IEC 8824-2. 2002,IDT); GB/T 16262.3-2006 Information technology Abstract Syntax Notation 1 (ASN.1) Part 3.Constraint specification (ISO /IEC 8824-3.2002, IDT); GB/T 16262.4-2006 Information technology Abstract Syntax Notation One (ASN.1) Part 4.Parameterization of ASN.1 specifications (ISO /IEC 8824-4.2002, IDT). GB/T 25069-2022 Information Security Technical Terminology GB/T 36624 Information technology security technology identifiable cryptographic mechanisms (GB/T 36624-2018, ISO /IEC 19772. 2009,MOD)3 Terms and definitionsThe terms and definitions defined in GB/T 15843.1-2017, GB/T 25069-2022, GB/T 36624 and the following terms and definitions apply to this document. 3.1 Reversible data conversion, which uses cryptographic algorithms to generate the corresponding ciphertext of the data, and unauthorized entities cannot be detected without being detected. It can be modified without any problems, while providing data confidentiality, data integrity and data source identification. Note. The "authenticated encryption" defined in this document is equivalent to the "authenticated encryption" defined in GB/T 36624. [Source. GB/T 25069-2022, 3.298, modified] ......Tips & Frequently Asked Questions:Question 1: How long will the true-PDF of GB/T 15843.2-2024_English be delivered?Answer: Upon your order, we will start to translate GB/T 15843.2-2024_English as soon as possible, and keep you informed of the progress. The lead time is typically 3 ~ 5 working days. The lengthier the document the longer the lead time.Question 2: Can I share the purchased PDF of GB/T 15843.2-2024_English with my colleagues?Answer: Yes. The purchased PDF of GB/T 15843.2-2024_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet.Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countriesQuestion 4: Do you accept my currency other than USD?Answer: Yes. If you need your currency to be printed on the invoice, please write an email to Sales@ChineseStandard.net. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay.Question 5: Should I purchase the latest version GB/T 15843.2-2024?Answer: Yes. Unless special scenarios such as technical constraints or academic study, you should always prioritize to purchase the latest version GB/T 15843.2-2024 even if the enforcement date is in future. Complying with the latest version means that, by default, it also complies with all the earlier versions, technically. |
