GB/T 29828-2013 English PDF
Basic dataStandard ID: GB/T 29828-2013 (GB/T29828-2013)Description (Translated English): Information security technology -- Trusted computing specification -- Trusted connect architecture Sector / Industry: National Standard (Recommended) Classification of Chinese Standard: L80 Classification of International Standard: 35.040 Word Count Estimation: 146,148 Quoted Standard: GB 15629.11-2003; GB 15629.14-2003; GB/T 28455-2012; ISO/IEC 9798-3-1998; ISO/IEC 18028-5-2006; IETF RFC 2138; IETF RFC 2216; IETF RFC 2547; IETF RFC 2675; IETF RFC 2865; IETF RFC 2866; IETF RFC 3280; IETF RFC 3539; IETF RFC 3588; IETF RFC 3589; IETF RFC Regulation (derived from): National Standards Bulletin No. 22 of 2013 Issuing agency(ies): General Administration of Quality Supervision, Inspection and Quarantine of the People's Republic of China, Standardization Administration of the People's Republic of China Summary: This standard specifies the level trusted connection architecture, entities, components, interfaces, implementation process, evaluation, isolation, and repair and concrete realization of each interface to solve terminal connected to the network user ident GB/T 29828-2013: Information security technology -- Trusted computing specification -- Trusted connect architecture---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order. Information security technology. Trusted computing specification. Trusted connect architecture ICS 35.040 L80 National Standards of People's Republic of China Information security technology trusted computing specifications Trusted Connection Architecture Issued on. 2013-11-12 2014-02-01 implementation Administration of Quality Supervision, Inspection and Quarantine of People's Republic of China Standardization Administration of China released Table of ContentsIntroduction Ⅴ Introduction Ⅵ 1 Scope 1 2 Normative references 1 3 Terms and definitions 2 4 Abbreviations 3 5 general description 5 5.1 OVERVIEW 5 5.2 entity 6 5.3 level 6 6 5.4 Components 7 5.5 Interface Implementation 8 5.6 5.7 Assessment, isolation and repair 9 6 network access control layer 11 6.1 Overview 11 6.2 network transport mechanism 11 6.3 access control mechanism 51 7 Trusted Platform assessments layer 52 7.1 Overview 52 7.2 Identification of internet infrastructure 53 8 integrity measurement layer 115 8.1 Overview 115 8.2 IF-IM messaging protocol 115 9 IF-IMC and IF-IMV 120 9.1 Overview 120 9.2 IF-IMC 120 9.3 IF-IMV 129 Appendix A (informative) integrity management framework 134 Annex B (informative) Security Policy Management Framework 136 Annex C (informative) digital envelope 138 Figure 1 trusted connection architecture (TCA) 5 Figure 2 TCA implementation process 8 Figure 3 trusted connections architecture 10 having a barrier layer of repair FIG. 4 TCA sequence TAEP discrimination to achieve a hierarchical model 12 Figure 5 sequence to achieve a discriminating TAEP of TAEP interaction 14 Figure 6 TCA sequence identification TAEP achieve two hierarchical model 15 7 identification sequence TAEP II TAEP achieve a 18 interactions TAEP identification 8 sequence diagram II TAEP achieve interaction 2.19 Figure 9 FLAG 21 Figure 10 EWAI certificate authentication protocols 21 11 1 message data field 22 format 12 2 message data field 22 format 13 3 message data field 23 format 14 4 message data field 24 format 15 message format 5 data field 27 Figure 6 16 message data field 30 format 17 7 message format of the data field 33 18 message format 8 data field 36 19 messages 9 format of the data field 36 FIG. 20 TCA tunnel TAEP discriminating way hierarchical model 38 TAEP interaction tunnel 21 to achieve a discriminating TAEP 41 TAEP interaction 22 tunnel TAEP discrimination implemented 2.42 Figure 23 ETLS protocol handshake protocol packet format 43 Figure 24 ETLS handshake agreement 44 Figure 1 25 message data field 44 format Figure 26 FLAG 45 27 2 message data field 46 format Figure 28 Message 3 data field 48 format 29 4 message data field 49 format Port control system structure 30 full implementation of port control under 52 Figure 31 PAI agreement basic flow 54 Figure 32 PAI protocol packet format 56 33 The FLAG format 57 Figure 34 Component Type-class platform integrity measurement request parameter 58 Figure 35 Component Properties class platform integrity measurement request parameter entry 58 Figure 36 Component Type-class platform integrity assessment policy entry 59 37 level platform component product integrity assessment policy entry 59 38 Component Properties entry-level platform integrity evaluation strategy 60 Figure 39 Component Type-class platform integrity metric of 60 entries Figure 40 IF-IM entry-level platform integrity metric 61 Figure 41 Component Type 61 entry-level data values \u200b\u200bQuote Figure 42 IF-IM data value entry-level Quote 61 Figure 43 Component Type Configuration Protection policy entry-level platform 62 Figure 44 assembly production-level platform Configuration Protection policy entry 62 Figure 45 Component Properties entry-level platform configuration protection policies 63 46 level platform component type patch information entry 63 Figure 47 IF-IM entry-level platform repair information 63 Figure 48 Component Type 64 entry-level error cause Figure 49 Component Product information entry level error Cause 64 Attribute-level cause of the error information entry 65 Figure 50 Components Figure 51 Type - Length - Value (TLV) format 65 52 66 Signature Properties 53 platform integrity measurement request parameter 67 54 platform integrity evaluation strategy 67 55 platform integrity metric 68 Figure 56 Quote data value 68 Figure 57 platform configuration protection policy 69 Figure 58 PIK certificate authentication and platform integrity assessment results 69 59 platform repair information 71 Figure 60 Cause of error message 71 61 convergence platform integrity evaluation strategy 71 Figure 1 62 message data field 72 format 63 message data field format 2 76 Figure 3 64 message data field 79 format The specific process Figure 65 PAI-1 protocol IMV generation component product-level platform integrity assessment results and other parameters 82 The specific process Figure 66 PAI-1 protocol EPS generation component type-class platform integrity assessment results and other parameters 84 The specific process Figure 67 PAI-1 protocol EPS generate AR platform integrity assessment results and other parameters 85 68 message data field format of 864 Figure 5 69 message data field 90 format Figure 6 70 message data field 93 format 71 1 message data field 94 format 72 2 message data field 98 format Message 3 of 73 field format data 101 Figure 74 PAI-2 protocol IMV generation component product-level platform integrity assessment results and other specific process parameters 104 The specific process Figure 75 PAI-2 protocol EPS generation component type-class platform integrity assessment results and other parameters 106 The specific process Figure 76 PAI-2 protocol EPS generate AR platform integrity assessment results and other parameters 107 77 message data field format 4 108 Message data field format 78 5 111 79 6 message format data field 114 Figure 80 IF-IM format messages 116 Figure 81 IF-IM format attribute 116 IF-IM property value 82 117 Products 83 digital version of IF-IM attribute values \u200b\u200b118 84 string version of the IF-IM attribute values \u200b\u200b118 IF-IM attribute values \u200b\u200bFigure 85 operating state 118 86 Platform Patch information IF-IM attribute values \u200b\u200b119 87 119 URI-based repair instructions Figure 88 IF-IM 120 error message Figure 89 AR in the IF-IMC interactive schematic 125 Figure 90 AC of the IF-IMC interactive schematic 129 Figure 91 IF-IMV interactive schematic 133 Figure A.1 Integrity Management Framework 134 Figure B.1 Security Policy Management Framework 136 Figure C.1 digital envelope generation and unlock 138 Table 1 platform integrity evaluation results or arithmetic rule 86 Table 2 platform integrity evaluation results and operational rules 86 Table 3 standard definition component type 115 Table 4 standard definition of IF-IM attribute type 117 Table 5 IF-IMC performance function result status code 120 Table 6 network connection status value 121 Table 7 the next cause value platform authentication process 121 Table 8 IF-IMV function function result status code 130ForewordThis standard was drafted in accordance with GB/T 1.1-2009 rules. This standard by the National Safety Standardization Technical Committee (SAC/TC260) and focal points. connection. This standard applies to the trusted network having a trusted platform control module terminal and the network connection.2 Normative referencesThe following documents for the application of this document is essential. For dated references, only the dated version suitable for use herein Member. For undated references, the latest edition (including any amendments) applies to this document. GB 15629.11-2003 between information technology systems to exchange specific requirements - Local and metropolitan area networks 11 Telecommunications and Information . Wireless LAN Medium Access Control and Physical Layer Specifications GB 15629.11-2003/XG1-2006 Information technology - Telecommunications and information exchange between systems - Local and metropolitan area networks Laid Statutory requirements - Part 11. Wireless LAN Medium Access Control and Physical Layer Specifications No. 1 amendments GB/T 28455-2012 Information security technology into a trusted third party entity authentication and access architecture specification ISO /IEC 9798-3.1998/Amd.1.2010 Information technology - Security techniques - Entity Identification - Part 3. Digital Signature Mechanism technical amendments No. 1. the introduction of online trusted third party mechanism (Informationtechnology-Securitytech- niques-Entityauthentication-Part 3. Mechanismsusingdigitalsignaturetechniques-Amendment 1. Mechanismsinvolvinganon-linetrustedthirdparty) ISO /IEC 18028-5.2006 Information technology - Security techniques - IT network security - Part 5. Using a cross-virtual private network Communications Security (Informationtechnology-Securitytechniques-ITnetworksecurity-Part 5. Securing communicationsacrossnetworksusingvirtualprivatenetworks) IETFRFC2138 Remote Authentication Dial-In User Service (RemoteAuthenticationDialInUserService) IETFRFC2246 TLS Protocol Version 1.0 (TheTLSProtocolVersion1.0) IETFRFC2547 Border Gateway Protocol/Multiprotocol Label Switching Virtual Private Network (BGP/MPLSVPNs) IETFRFC2675 Ipv6 giant package (IPv6Jumbograms) IETFRFC2865 Remote Authentication Dial-In User Service (RemoteAuthenticationDialInUserService) IETFRFC2866 Remote Authentication Dial In User Service billing (RADIUSAccounting) IETFRFC3280 X.509 Public Key Infrastructure Certificate and Certificate Revocation List contour (InternetX.509PublicKeyIn- frastructureCertificateandCertificateRevocationListProfile) IETFRFC3539 authentication, authorization, and accounting transport contour (AuthenticationAuthorizationandAccounting TransportProfile) IETFRFC3588 Diameter base protocol (DiameterBaseProtocol) IETFRFC3589 3GPP Diameter of command code (DiameterCommandCodesforThirdGeneration PartnershipProjectRelease5) IETFRFC4346 TLS protocol version 1.1 (TheTLSProtocolVersion1.1) ......Tips & Frequently Asked Questions:Question 1: How long will the true-PDF of GB/T 29828-2013_English be delivered?Answer: Upon your order, we will start to translate GB/T 29828-2013_English as soon as possible, and keep you informed of the progress. The lead time is typically 1 ~ 3 working days. The lengthier the document the longer the lead time.Question 2: Can I share the purchased PDF of GB/T 29828-2013_English with my colleagues?Answer: Yes. The purchased PDF of GB/T 29828-2013_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet.Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countriesQuestion 4: Do you accept my currency other than USD?Answer: Yes. If you need your currency to be printed on the invoice, please write an email to Sales@ChineseStandard.net. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay. |
