GB/T 27928.1-2011 English PDFUS$1959.00 · In stock
Delivery: <= 13 days. True-PDF full-copy in English will be manually translated and delivered via email. GB/T 27928.1-2011: Certificate management for financial services -- Part 1: Public key certificates Status: Valid
Basic dataStandard ID: GB/T 27928.1-2011 (GB/T27928.1-2011)Description (Translated English): Certificate management for financial services -- Part 1: Public key certificates Sector / Industry: National Standard (Recommended) Classification of Chinese Standard: A11 Classification of International Standard: 35.240.40 Word Count Estimation: 89,868 Date of Issue: 2011-12-30 Date of Implementation: 2012-05-01 Quoted Standard: GB/T 16262.1; GB/T 16262.2-2006; GB/T 16262.3; GB/T 16262.4; GB/T 16263.1; GB/T 16263.2; GB/T 16264.8; ISO 15782-2-2001; ISO/IEC 9594-2; ISO/IEC 9594-6; ISO/IEC 9834-1-1993; ISO/IEC 15408-1; ISO/IEC 15408-2; ISO/IEC 15408-3 Adopted Standard: ISO 15782-1-2003, MOD Regulation (derived from): Announcement of Newly Approved National Standards No. 23 of 2011 Issuing agency(ies): General Administration of Quality Supervision, Inspection and Quarantine of the People's Republic of China, Standardization Administration of the People's Republic of China Summary: This standard provides for legal and natural persons financial management system certificate. This section applies to the financial sector in the management of public key certificates. Although this section provides a certificate (can include the public key used to encrypt the key management) to generate relevant aspects, but did not specify the encryption key generation and transmission. GB/T 27928.1-2011: Certificate management for financial services -- Part 1: Public key certificates---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order.Certificate management for financial services Part 1. Public key certificates ICS 35.240.40 A11 National Standards of People's Republic of China Financial business management certificate Part 1. Public key certificates Part 1. Publickeycertificates (ISO 15782-1.2003, MOD) Issued on. 2011-12-30 2012-05-01 implementation Administration of Quality Supervision, Inspection and Quarantine of People's Republic of China Standardization Administration of China released Table of ContentsIntroduction Ⅲ Introduction Ⅳ 1 Scope 1 2 Normative references 1 3 Terms and definitions 2 4 Symbols and Abbreviations 7 5 Public Key Infrastructure 8 6 CB system 10 7 23 data elements and relationships 8 public key certificates and certificate revocation list extensions 31 Appendix A (normative appendix) ASN.1 module 39 Appendix B (normative) parameters and their inheritance 54 Annex C (normative) Financial Institutions Version 3 Certificate extensions frame 55 Annex D (normative) object identifiers and attributes 64 Appendix E (normative) encoding the public key and associated parameters 65 Annex F (normative) content certification body audit log and use 71 Annex G (informative) Optional trust model 74 Recommendation Annex H (informative) accepts the certificate request data requirements 79 Annex I (informative) Disaster Recovery CB technology 81 Distribution Appendix J (informative) certificates and certificate revocation lists 83 References 84ForewordGB/T 27928, under the general title "Banking Certificate management", includes the following two parts. --- Part 1. public key certificate; --- Part 2. Certificate extensions. This section GB/T 27928 Part 1. The partial modification of the use of ISO 15782-1.2003 "Banking Certificate management - Part 1. Public key certificates" (in English). This section according to ISO 15782-1.2003 redrafted with ISO 15782-1.2003 technical differences and the reasons are. a) by deleting "2 Normative references" in reference to the following files. ANSX9.30-1 financial services using an irreversible algorithm of public key cryptography - Part 1. Digital Signature Algorithm (DSA); ANSX9.31-1 financial services using a reversible algorithm of public key cryptography - Part 1. RSA signature algorithm; ANSX9.62 financial services public key cryptosystem. Elliptic Curve Digital Signature Algorithm (ECDSA). b) 6.2.1.2d). "The appropriate use of standardized () cryptography and cryptographic module ISO or country for compliance with the requirements of the financial industry Level 4 security module. "Was changed to." States should use cryptography and cryptographic modules used meet the requirements of the financial industry Level 4 security module. " c) by deleting the original English standard "6.3.5CA public distribution" in the following text. High-risk applications, you should use ISO 9807.1991, Annex C as defined 3DESMAC, or single DESMAC, single DESMAC use a different key for each entry in a database or buffer signed. For low-risk applications, use Any approval TC68 key management standard single DESMAC enough. And deleting the last paragraph of this section, "such as DSA And RSA ". d) the last paragraph 6.4.2 original "automated audit logs should be protected to prevent modification or replacement. hashing and digital signatures Use can follow ANSX9.30, ANSX9.31 and ANSX9.62 specified "to" automated audit logs should be maintained Guard to prevent modification or replacement. Hashing and digital signature use should be subject to the provisions of password management. " e) deleting the title of Appendix B Note. 3) to deliberate algorithm based on the log as. Diffie-HelIman, DSA and ECDSA; deleted Examples Appendix B.3 addition, because the example uses examples DSA and RSA. f) The footnote in Appendix E "4) upcoming (ISO 8824-2.1998 revision)," because the corresponding national standards GB/T 16262.2-2006 has been released. g) by deleting Annex I (informative), as cited in the DSA and other examples. h) Remove 5.5, and 3.33 as duplicate. For ease of use, this section also made the following editorial changes. a) Normative references to international standards in the document referenced in corresponding national standards, references to the national standards; b) Delete ISO foreword. Appendix A ~ Appendix F normative appendix. Appendix G ~ Appendix J is informative appendix. This section proposed by the People's Bank of China. This part of the National Standardization Technical Committee on Finance (SAC/TC180) centralized. This section is responsible for drafting units. China Financial Computerization Corporation. Participated in the drafting of this section. People's Bank of China, Industrial and Commercial Bank of China, Agricultural Bank of China, China Construction Bank, Bank of Communications, China UnionPay Co., Ltd., North China Institute of Computing Technology, Beijing Technology and Business University. The main drafters of this section. Wang Ping baby, Lushu Chun, Li Shuguang, Lu Yi, Yang Yingli, Liu Yun, forest, Zhang Qirui, Zhong Zhihui, King Yun, Zhouyi Peng, Qian Xiang-long, Zhao Jinbo, Cao, and Li Jinsong, Xian.IntroductionThis section GB/T 27928 is adopted GB/T 16264.8 part in the financial services industry, defines the process for certificate management and several According to Yuan. ISO 15782-2 (soon transformed our national standard) gives the detailed requirements for the financial sector's independent extensions. Although the technology described in this section is used to ensure message integrity and financial support for non-repudiation services, but can not guarantee this section A particular implementation is secure. Financial institutions have a responsibility to the whole process in place add the necessary controls to ensure that the process is safe Full implementation. These controls include the application in order to verify compliance and appropriate audit tests. Bound to prove identity and public key of the owner of the public key is to confirm the ownership of the corresponding private key. This binding is called public key certificates. Public Key Certificate generated by a trusted entity --- certificate authority (CA). Proper implementation of this section shall be bound to ensure that the entity is used files (including wire transfers and contracts) and the identity of the entity key for signature premise. This section defines certificate management framework for the identification, including identification of the encryption key. The technology described in the section can be applied to initiate between legal entities (entity) business relationship. Financial business management certificate Part 1. Public key certificates1 ScopeGB/T 27928 in this section defines the legal and natural persons for financial certificate management system, comprising. --- Voucher and certificate content; --- Certificate authority system, including certificates for digital signatures and encryption key management; --- Certificate generation, distribution, verification and updating; --- Identification of the structure and a certification path; --- Withdrawal and recovery procedures; --- Public key certificates and certificate revocation lists defined extensions. This standard applies to the financial sector to manage public key certificates. This section GB/T 27928 also recommend some useful procedures (for example, the distribution mechanism, submitted documents acceptance criteria). The implementation of this part of the GB/T 27928 will also be based on business risk and legal requirements. This section GB/T 27928 does not include the following. --- In the certificate management process of the participating protocol packets between the parties; --- Timestamp of notaries and requirements; --- Certificate policy and certification requirements for behavior; --- Trusted third party claim; --- Attribute certificates. Although this section provides the certificate (which may include a public key management for encryption keys) to generate relevant aspects, but did not specify an encryption key Generation and transmission. We want to comply with GB/T 16264.8 implementers can use the structure of the certificate standard definition. We hope to achieve compatibility certificates and certificate withdrawal Pin structure without X.500 series implementers associated header field can use ASN.1 structure as defined in Appendix A.2 Normative referencesThe following documents for the application of this document is essential. For dated references, only the dated version suitable for use herein Member. For undated references, the latest edition (including any amendments) applies to this document. GB/T 16262.1 Information technology - Abstract Syntax Notation One (ASN.1) - Part 1. Specification of basic notation (GB/T 16262.1- 2006, ISO /IEC 8824-1.2002, IDT) GB/T 16262.2-2006 Information technology - Abstract Syntax Notation One (ASN.1) - Part 2. Information object specification (ISO /IEC 8824-2.2002, IDT) GB/T 16262.3 Information technology - Abstract Syntax Notation One (ASN.1) - Part 3. Constraint specification (GB/T 16262.3- 2006, ISO /IEC 8824-3.2002, IDT) GB/T 16262.4 Information technology - Abstract Syntax Notation One (ASN.1) - Part 4. ASN.1 specification of parameters (GB/T 16262.4-2006, ISO /IEC 8824-4.2002, IDT) GB/T 16263.1 Information technology - ASN.1 encoding rules Part 1. Basic Encoding Rules (BER), Canonical Encoding Rules (CER) and Distinguished Encoding Rules (DER) specification (GB/T 16263.1-2006, ISO /IEC 8825-1.2002, IDT) ......Tips & Frequently Asked Questions:Question 1: How long will the true-PDF of GB/T 27928.1-2011_English be delivered?Answer: Upon your order, we will start to translate GB/T 27928.1-2011_English as soon as possible, and keep you informed of the progress. The lead time is typically 9 ~ 13 working days. The lengthier the document the longer the lead time.Question 2: Can I share the purchased PDF of GB/T 27928.1-2011_English with my colleagues?Answer: Yes. The purchased PDF of GB/T 27928.1-2011_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet.Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countriesQuestion 4: Do you accept my currency other than USD?Answer: Yes. If you need your currency to be printed on the invoice, please write an email to Sales@ChineseStandard.net. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay. |
