GB/T 29243-2012 English PDF

US$819.00 · In stock
Delivery: <= 6 days. True-PDF full-copy in English will be manually translated and delivered via email.
GB/T 29243-2012: Information security technology -- Specifications of delegated certification path construction and delegated validation for digital certificate
Status: Valid

Standard ID	USD	BUY PDF	Lead-Days	Standard Title (Description)	Status
GB/T 29243-2012	819	Add to Cart	6 days	Information security technology -- Specifications of delegated certification path construction and delegated validation for digital certificate	Valid

Similar standards

GB/T 29246   GB/T 28458   GB/T 28454   GB/T 29244   GB/T 29240   

Basic data

Standard ID: GB/T 29243-2012 (GB/T29243-2012)
Description (Translated English): Information security technology -- Specifications of delegated certification path construction and delegated validation for digital certificate
Sector / Industry: National Standard (Recommended)
Classification of Chinese Standard: L80
Classification of International Standard: 35.040
Word Count Estimation: 37,373
Quoted Standard: GB/T 16263.1-2006; GB/T 16264.8-2005; RFC 3852
Regulation (derived from): National Standards Bulletin No. 41 of 2012
Issuing agency(ies): General Administration of Quality Supervision, Inspection and Quarantine of the People's Republic of China, Standardization Administration of the People's Republic of China
Summary: This standard specifies the digital certificate path construction proxy authentication and proxy authentication to the concept of service and protocol requirements, and to meet the requirements in the agreement of agency service agreement. This standard a

GB/T 29243-2012: Information security technology -- Specifications of delegated certification path construction and delegated validation for digital certificate

---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order.
Information security technology. Specifications of delegated certification path construction and delegated validation for digital certificate ICS 35.040 L80 National Standards of People's Republic of China Information security technology digital certificate authentication proxy path Construction norms and proxy authentication Issued on. 2012-12-31 2013-06-01 implementation Administration of Quality Supervision, Inspection and Quarantine of People's Republic of China Standardization Administration of China released

Table of Contents

Introduction Ⅲ Introduction Ⅳ 1 Scope 1 2 Normative references 1 3 Terms and definitions 4 Abbreviations 2 5 Agent Service 2 5.1 Services Basic Mode 2 Agent Certification Path Construction 5.2 2 5.3 Proxy Authentication 3 5.4 proxy service policy 3 6 Proxy service protocol requirements 4 6.1 Overview 4 6.2 proxy authentication protocol requires 4 Path Construction 6.3 Proxy authentication protocol requires 5 6.4 Policy query protocol requirements 6 6 7 Agent Services Agreement 7.1 Basic request/response message 6 7.2 policy configuration request/response message 26 Appendix A (informative) Basic principles of agency services 31 A.1 Overview 31 A.2 digital certificate authentication proxy path structure 31 A.3 digital certificate validation agent 31

Foreword

This standard was drafted in accordance with GB/T 1.1-2009 given rules. This standard by the National Safety Standardization Technical Committee (SAC/TC260) and focal points. This standard was drafted. CAS data protection and Communication Research and Education Center. The main drafters of this standard. Xia Luning, Wang Qiongxiao, Jingji Wu, Jing Lin Qiang, to continue. This standard was first formulated.

Introduction

With the promotion of "People's Republic of China Electronic Signature Law", the construction of the application of electronic authentication services and PKI system also entered A new stage of development. At the same time, with the further development of the Internet, more types of terminal access network. For certain types of terminals, Such as mobile phones, sensors, etc., due to limitations of its computing or communication resources, it is difficult to complete its certification path is constructed or independent verification certificate is required PKI system provides agency services to assist in the completion of these two tasks. For PKI relying party, the certificate authority certificate path construction and validation process is necessary, but the process required in the certificate Find, locate revocation information, Certificate/CRL verification calculation, require larger bandwidth and computing resources consumption, limited computing or communication resources There will be varying degrees of difficulty under the circumstances. Agent technology is an important way to solve these difficulties, the authentication certificate path construction or inspection certificate Permit delegated to the proxy server, can greatly reduce the computational burden PKI client communication and consumption. Acting certification path construction and proxy authentication are two different security level agency services. For proxy certification path construction, agent Verify that the server returns the full path to the certificate required (including the certificate chain, CRL, OCSP communications messages, etc.), and then the client's own authenticating. Under this approach can significantly reduce the communication cost the client, and does not require the client to trust the server; for proxy authentication, Proxy servers are returned directly to verify the certificate is valid. In this way the client computational load and communication cost are significantly reduced, But the client should trust the proxy server. To meet the needs of different security level of transactions, general requirements for PKI systems offer both Different services. This standard defines the agent certification path construction and proxy authentication to the service concept and protocol requirements, and according to the agreement required to give a Species standardized client and server interaction agency services agreement. Information security technology digital certificate authentication proxy path Construction norms and proxy authentication

1 Scope

This standard specifies the digital certificate path construction and proxy authentication proxy authentication to service concept and protocol requirements, and to meet the protocol Proxy service protocol requirements. Implementation and application of this standard applies to the PKI system operators proxy agent certification path construction and validation services.

2 Normative references

The following documents for the application of this document is essential. For dated references, only the dated version suitable for use herein Member. For undated references, the latest edition (including any amendments) applies to this document. GB/T 16263.1-2006 Information technology - ASN.1 encoding rules Part 1. Basic Encoding Rules (BER), Canonical Encoding Rules (CER) and Distinguished Encoding Rules (DER) specification GB/T 16264.8-2005 Information technology - OSI Directory - Part 8. a public key and attribute certificate frameworks RFC3852 password message syntax (CryptographicMessageSyntax, CMS)

3 Terms and Definitions

GB/T 16264.8-2005 and as defined in the following terms and definitions apply to this document. 3.1 Digital certificates proxy authentication delegatedvalidationfordigitalcertificate Digital certificate authentication process by the proxy server for PKI relying party. 3.2 Proxy Authentication delegatedvalidation Within the scope of this standard, and the "digital certificate proxy authentication", respectively. 3.3 Digital Certificate Authority certificate path construction delegatedcertificationpathconstructionfordigitalcertificate By the proxy server digital certificate for the relying party PKI certification path construction process. 3.4 Agent Certification Path Construction delegatedcertificationpathconstruction Within the scope of this standard, and the "digital certificate authentication proxy path structure" are synonymous. 3.5 Proxy authentication policy delegatedvalidationpolicy Expression of a set of rules how proxy authentication execution. 3.6 Agent Certification Path Construction Policy delegatedcertificationpathconstructionpolicy Expression of a set of rules on how the agent should perform certification path construction. ......

Image     

Tips & Frequently Asked Questions:

Question 1: How long will the true-PDF of GB/T 29243-2012_English be delivered?

Answer: Upon your order, we will start to translate GB/T 29243-2012_English as soon as possible, and keep you informed of the progress. The lead time is typically 4 ~ 6 working days. The lengthier the document the longer the lead time.

Question 2: Can I share the purchased PDF of GB/T 29243-2012_English with my colleagues?

Answer: Yes. The purchased PDF of GB/T 29243-2012_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet.

Question 3: Does the price include tax/VAT?

Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countries

Question 4: Do you accept my currency other than USD?

Answer: Yes. If you need your currency to be printed on the invoice, please write an email to Sales@ChineseStandard.net. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay.