GB/T 35290-2023 English PDFUS$929.00 ยท In stock
Delivery: <= 7 days. True-PDF full-copy in English will be manually translated and delivered via email. GB/T 35290-2023: Information security technology - Security technical specification for radio frequency identification(RFID) systems Status: Valid GB/T 35290: Historical versions
Basic dataStandard ID: GB/T 35290-2023 (GB/T35290-2023)Description (Translated English): Information security technology - Security technical specification for radio frequency identification(RFID) systems Sector / Industry: National Standard (Recommended) Classification of Chinese Standard: L80 Classification of International Standard: 35.030 Word Count Estimation: 46,417 Date of Issue: 2023-12-28 Date of Implementation: 2024-07-01 Older Standard (superseded by this standard): GB/T 35290-2017 Issuing agency(ies): State Administration for Market Regulation, China National Standardization Administration GB/T 35290-2023: Information security technology - Security technical specification for radio frequency identification(RFID) systems---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order. ICS 35:030 CCSL80 National Standards of People's Republic of China Replace GB/T 35290-2017 Information Security Technology Radio Frequency Identification (RFID) System Safety technical specifications Published on 2023-12-28 2024-07-01 Implementation State Administration for Market Regulation Released by the National Standardization Administration Committee Table of contentsPreface III 1 Scope 1 2 Normative references 1 3 Terms and Definitions 1 4 Symbols and abbreviations 3 5 Overview 3 5:1 System composition 3 5:2 System security risks 4 6 System Security Classification 5 7 Safety technical requirements 5 7:1 Electronic tag security 5 7:2 Reader/Reader Security 7 7:3 Air interface communication link security 9 7:4 Network transmission communication link security 10 7:5 Snap-in Security 10 8 Test conditions 13 8:1 General requirements13 8:2 Test environmental conditions 14 8:3 General test equipment 14 9 Testing and evaluation methods 15 9:1 Electronic tag safety test and evaluation 15 9:2 Reader/Reader/Writer Security Test Evaluation 20 9:3 Air interface communication link security test evaluation 26 9:4 Network transmission communication link security test and evaluation 30 9:5 Management unit security test evaluation 32 Reference 40 Figure 1 Schematic diagram of radio frequency identification system 3 Table 1 Security risks of radio frequency identification systems 4ForewordThis document complies with the provisions of GB/T 1:1-2020 "Standardization Work Guidelines Part 1: Structure and Drafting Rules of Standardization Documents" Drafting: This document replaces GB/T 35290-2017 "General Security Technical Requirements for Radio Frequency Identification (RFID) Systems in Information Security Technology" and is consistent with Compared with GB/T 35290-2017, in addition to structural adjustments and editorial changes, the main technical changes are as follows: ---Changed the scope (see Chapter 1, Chapter 1 of the:2017 edition); ---Added and changed terms and definitions (see Chapter 3, 3:1 of the:2017 edition); ---Changed symbols and abbreviations (see Chapter 4, 3:2 of the:2017 edition); ---Changed the system composition (see 5:1, 4:1 of the:2017 version); ---Increased system security risks (see 5:2); ---Changed the system security classification (see Chapter 6,:2017 version 4:2); ---Changed the data verification requirements for electronic label security requirements (see 7:1:2:6, 5:1:2:6 of the:2017 version); --- Added identification uniqueness, security audit and security audit confidentiality protection requirements for reader/reader writer security technology requirements (see 7:2:1:1, 7:2:1:9, 7:2:2:4); ---Added data integrity requirements for air interface communication link security technical requirements (see 7:3:2:1); ---Deleted the integrity recovery mechanism requirements for network transmission communication link security technical requirements (see 5:4:2:3 of the:2017 version); ---Added management unit security related to authorized program loading and updating, malicious code prevention, trusted verification, data backup and recovery, Basic level requirements for security audits (see 7:5:1:3, 7:5:1:7, 7:5:1:8, 7:5:1:9, 7:5:1:10), as well as information on access control, data Enhanced requirements for data integrity, data confidentiality, trusted verification, intrusion prevention, malicious code prevention, recoverability, and security auditing (See 7:5:2:1, 7:5:2:2, 7:5:2:3, 7:5:2:4, 7:5:2:9, 7:5:2:10, 7:5:2:11, 7:5:2:12), understandable format removed Enhanced level requirements (see 5:5:2:1:3 of the:2017 version); ---Added test environment requirements (see Chapter 8); ---Added test evaluation method (see Chapter 9): Please note that some content in this document may be subject to patents: The publisher of this document assumes no responsibility for identifying patents: This document is proposed and coordinated by the National Information Security Standardization Technical Committee (SAC/TC260): This document was drafted by: The Third Research Institute of the Ministry of Public Security, China Electronics Technology Standardization Institute, Beijing Zhongke Guoji Information System Co:, Ltd: Company, Shanghai Yishi Intelligent Technology Co:, Ltd:, Shanghai Lingang Power Electronics Research Co:, Ltd:, Tencent Cloud Computing (Beijing) Co:, Ltd:, Zhuhai Haifudan Innovation Research Institute, Zhengzhou Xinda Ji'an Information Technology Co:, Ltd:, Shanghai Institute of Chemical Industry Testing Co:, Ltd:, Changyang Technology (Beijing) Co:, Ltd:, Xi'an Jiaotong University Jabil Network Technology Co:, Ltd:, China Automotive Engineering Research Institute Co:, Ltd:, China Network Security Review Technology Technology and Certification Center, Guangdong Ji'an Technology Co:, Ltd:, Zhejiang University of Technology: The main drafters of this document: Liu Caixia, Gu Jian, Xie Fangyi, Zhang Yan, Liu Dandan, Jiao Zhihao, Li Lin, Li Zhe, Dai Jie, Liu Hong, Zhang Dongju, Liu Yucheng, Li Jianhui, Liu Haitao, Wang Junyu, Liu Weihua, Wang Siyi, Zhao Hua, He Jianfeng, Liu Chong, Shen Yongbo, He Hongliang, Gu Guomin: The previous versions of this document and the documents it replaces are as follows: ---First published as GB/T 35290-2017 in:2017; ---This is the first revision: Information Security Technology Radio Frequency Identification (RFID) System Safety technical specifications1 ScopeThis document specifies the security technical requirements for radio frequency identification (RFID) systems, including electronic tags, readers/readers, and air interface communications The security requirements for links, network transmission communication link management units, etc: are given, and test conditions and test evaluation methods are given: This document applies to the design, development, use, testing and evaluation of security functions of radio frequency identification (RFID) systems: This document does not apply to radio frequency identification (RFID) systems in the 5:8GHz band: Note: This document does not involve security functional requirements or security performance requirements for physical attack security risks:2 Normative reference documentsThe contents of the following documents constitute essential provisions of this document through normative references in the text: Among them, the dated quotations For undated referenced documents, only the version corresponding to that date applies to this document; for undated referenced documents, the latest version (including all amendments) applies to this document: GB/T 20271 Information security technology general security technical requirements for information systems GB/T 28925 Information technology radio frequency identification 2:45GHz air interface protocol GB/T 29261:3 Information technology automatic identification and data collection technical vocabulary Part 3: Radio frequency identification GB/T 29768 Information technology radio frequency identification 800/900MHz air interface protocol GB/T 32915 Information security technology binary sequence randomness detection method GB/T 33848:3 Information technology radio frequency identification Part 3: 13:56MHz air interface communication parameters GB/T 37033:1-2018 Information security technology radio frequency identification system password application technical requirements Part 1: Password security Protective frame and security level GB/T 37033:2-2018 Information security technology radio frequency identification system password application technical requirements Part 2: Electronic tags and Reader-writer and its communication password application technical requirements GB/T 37033:3-2018 Information security technology radio frequency identification system password application technical requirements Part 3: Key management technology technical requirements3 Terms and definitionsGB/T 20271, GB/T 29261:3, GB/T 28925, GB/T 29768, GB/T 37033:1-2018, GB/T 37033:2- 2018, GB/T 37033:3-2018 and the following terms and definitions apply to this document: 3:1 In the radio frequency part of the spectrum, electromagnetic coupling or inductive coupling is used to interactively communicate with electronic tags through various modulation and coding schemes: A technology that obtains the unique identity of electronic tags: [Source: GB/T 29261:3-2012,05:01:01] 3:2 Using radio frequency identification technology, including one or more readers/readers, one or more electronic tags, readers/readers and The air interface communication link between electronic tags, the network transmission communication link between the reader/reader and the management unit, and the management unit ......Tips & Frequently Asked Questions:Question 1: How long will the true-PDF of GB/T 35290-2023_English be delivered?Answer: Upon your order, we will start to translate GB/T 35290-2023_English as soon as possible, and keep you informed of the progress. The lead time is typically 4 ~ 7 working days. The lengthier the document the longer the lead time.Question 2: Can I share the purchased PDF of GB/T 35290-2023_English with my colleagues?Answer: Yes. The purchased PDF of GB/T 35290-2023_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet.Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countriesQuestion 4: Do you accept my currency other than USD?Answer: Yes. If you need your currency to be printed on the invoice, please write an email to Sales@ChineseStandard.net. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay.Question 5: Should I purchase the latest version GB/T 35290-2023?Answer: Yes. Unless special scenarios such as technical constraints or academic study, you should always prioritize to purchase the latest version GB/T 35290-2023 even if the enforcement date is in future. Complying with the latest version means that, by default, it also complies with all the earlier versions, technically. |
