GB/T 38629-2020 English PDFUS$489.00 ยท In stock
Delivery: <= 5 days. True-PDF full-copy in English will be manually translated and delivered via email. GB/T 38629-2020: Information security technology - Technical specifications for signature verification server Status: Valid
Basic dataStandard ID: GB/T 38629-2020 (GB/T38629-2020)Description (Translated English): Information security technology - Technical specifications for signature verification server Sector / Industry: National Standard (Recommended) Classification of Chinese Standard: L80 Classification of International Standard: 35.040 Word Count Estimation: 26,242 Date of Issue: 2020-04-28 Date of Implementation: 2020-11-01 Quoted Standard: GB/T 9813.3-2017; GB/T 19713-2005; GB/T 25069-2010; GB/T 32905; GB/T 32918.1; GB/T 32918.2; GB/T 32918.3; GB/T 32918.4; GB/T 32918.5; GB/T 33560-2017; GB/T 35275; GB/T 35276; GB/T 35291-2017; GB/T 36322; GM/T 0020; GM/T 0028; GM/T 0039 Issuing agency(ies): State Administration for Market Regulation, China National Standardization Administration Summary: This standard specifies the functional requirements, security requirements and message protocol syntax rules of the signature verification server. This standard applies to the development and use of signature verification servers. GB/T 38629-2020: Information security technology - Technical specifications for signature verification server---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order. Information security technology--Technical specifications for signature verification server ICS 35.040 L80 National Standards of People's Republic of China Information Security Technology Technical specification for signature verification server 2020-04-28 release 2020-11-01 implementation State Administration of Market Supervision and Administration Issued by the National Standardization Management Committee ContentsForeword I 1 Scope 1 2 Normative references 1 3 Terms and definitions 1 4 Acronyms 2 5 Functional requirements of the signature verification server 2 5.1 Initialization function 2 5.2 Connection configuration function with public key infrastructure 2 5.3 Application management functions 2 5.4 Certificate management and verification function 2 5.5 Digital signature and signature verification function 3 5.6 Log management function 3 5.7 Time source synchronization function 3 6 Security requirements of the signature verification server 3 6.1 Interface requirements 3 6.2 System requirements 3 6.3 Requirements for use 3 6.4 Management requirements 4 6.5 Equipment physical security protection 4 6.6 Network deployment requirements 4 6.7 Service Interface 4 6.8 Environmental adaptability 4 6.9 Reliability 4 6.10 Other 4 7 Message protocol syntax rules 5 7.1 Overview 5 7.2 Agreement Content 5 7.3 Request Agreement 6 7.4 Response Protocol 7 7.5 Protocol interface function description 9 Appendix A (Normative Appendix) HTTP-based message protocol syntax rules 18 Appendix B (Normative Appendix) Definition and Description of Response Code 22ForewordThis standard was drafted in accordance with the rules given in GB/T 1.1-2009. Please note that some content of this document may involve patents. The issuer of this document does not assume responsibility for identifying these patents. This standard is proposed and managed by the National Information Security Standardization Technical Committee (SAC/TC260). This standard was drafted by. Shandong Dean Information Technology Co., Ltd., Chengdu Weishitong Information Industry Co., Ltd., Wuxi Jiangnan Information Security Engineering Technology Center, Xingtang Communication Technology Co., Ltd., Geer Software Co., Ltd., Changchun Jida Zhengyuan Information Technology Co. Shanghai Digital Certificate Certification Center Co., Ltd., Beijing Digital Certification Co., Ltd., Beijing Chuangyuan Tiandi Technology Co., Ltd. Weixinan Technology Development Co., Ltd., Beijing Xinan Century Technology Co., Ltd. The main drafters of this standard. Ma Hongfu, Kong Fanyu, Luo Jun, Xu Mingyi, Wang Nina, Zheng Qiang, Zhao Lili, Han Wei, Li Shusheng, Xiao Qinghai, Gao Zhiquan, Wang Zongbin. Information Security Technology Technical specification for signature verification server1 ScopeThis standard specifies the functional requirements, security requirements and message protocol syntax rules of the signature verification server. This standard applies to the development and use of signature verification servers.2 Normative referencesThe following documents are essential for the application of this document. For dated references, only the dated version applies to this article Pieces. For the cited documents without date, the latest version (including all amendments) applies to this document. GB/T 9813.3-2017 General Computer Specification Part 3.Server GB/T 19713-2005 Information Technology Security Technology Public Key Infrastructure Online Certificate Status Protocol GB/T 25069-2010 Information Security Technical Terms GB/T 32905 information security technology SM3 password hash algorithm GB/T 32918 (all parts) Information security technology SM2 elliptic curve public key cryptographic algorithm GB/T 33560-2017 Information Security Technology Password Application Logo Specification GB/T 35275 Information Security Technology SM2 Cryptographic Algorithm Encrypted Signature Message Syntax Specification GB/T 35276 Information Security Technology SM2 Cryptographic Algorithm Usage Specification GB/T 35291-2017 Information Security Technology Intelligent Password Key Application Interface Specification GB/T 36322 Information Security Technology Cryptographic Equipment Application Interface Specification GM/T 0020 Certificate Application Comprehensive Service Interface Specification GM/T 0028 Password module security requirements GM/T 0039 Password module security testing requirements3 Terms and definitionsThe terms and definitions defined in GB/T 25069-2010 and the following apply to this document. 3.1 Security domain In an information system, a collection of entities operating under a single security strategy. For example, a single or a group of certification bodies adopt the same security policy A collection of public key certificates created slightly. [GB/T 25069-2010, definition 2.2.1.17] 3.2 Signature verification server Used on the server side to provide application entities with services such as digital signatures and verification signatures based on the PKI system and digital certificates Server to ensure the authenticity, integrity and non-repudiation of key business information. 3.3 User A person, institution, or system that communicates or authenticates with an application entity. Note. The digital certificate can be imported into the signature verification server. 3.4 SM2 algorithm SM2algorithm An elliptic curve cryptographic algorithm defined by GB/T 32918. 3.5 SM3 algorithm SM3algorithm A hashing algorithm defined by GB/T 32905.4 AcronymsThe following abbreviations apply to this document. API. Application program interface 7.3.2 SVSRequest and its structure explanation SVSRequest contains important information in the request syntax, this article will describe and explain the structure in detail. a) Protocol version This item describes the version number of the request syntax. The current version is 1, and the integer value is 0. b) Request type This item describes the value of the request type for different services. 0~999 is reserved and cannot be occupied. c) Request package The corresponding relationship between the request packet and the request type value is shown in Table 1. Table 1 Correspondence between request packet and request type value Request Type Character Description Request Type Value Request Package Description exportCert 0 export certificate request package parseCert 1 Parse certificate request package validateCert 2 Verification certificate validity request package signData 3 single package digital signature request package verifySignedData 4 Single package verification digital signature request package signDataInit 5 Multi-packet digital signature initialization request package signDataUpdate 6 Multi-packet digital signature update request package signDataFinal 7 multi-package digital signature end request package verifySignedDataInit 8 Multi-packet verification digital signature initialization request package verifySignedDataUpdate 9 Multi-packet verification digital signature update request package verifySignedDataFinal 10 Multi-packet verification digital signature end request package signMessage 11 single package message signature request package verifySignedMessage 12 Single package verification message signature request package d) Request time The time when the requester generated the request is expressed in GeneralizedTime syntax. e) Request timestamp The timestamp of the request content. If this data is included, the signature server should verify the timestamp. f) Extended data Expanded data added based on actual business needs. 7.4 Response protocol 7.4.1 Response data format 7.4.2 SVSRespond and its structure explanation SVSRespond contains important information in the response syntax.This article will describe and explain the structure in detail. a) Protocol version This item describes the version number of the response syntax. The current version is 1, and the integer value is 0. b) Response type This item describes the response type values of different services. 0~999 are reserved values and cannot be occupied. c) Response packet The corresponding relationship between the response packet and the response type value is shown in Table 2. Table 2 Correspondence between response packets and corresponding type values Response type character description Response type value Response packet description exportCert 0 export certificate response package parseCert 1 Parse certificate response packet validateCert 2 Verification certificate validity response package signData 3 single package digital signature response package verifySignedData 4 Single packet verification digital signature response package signDataInit 5 Multi-packet digital signature initialization response packet signDataUpdate 6 Multi-packet digital signature update response package signDataFinal 7 multi-packet digital signature end response package verifySignedDataInit 8 Multi-packet verification digital signature initialization response package verifySignedDataUpdate 9 Multi-packet verification digital signature update response package verifySignedDataFinal 10 Multi-packet verification digital signature end response package signMessage 11 single package message signature response package verifySignedMessage 12 single package verification message signature response package d) Response time The time when the responder generates the response is expressed in GeneralizedTime syntax. e) Response timestamp Timestamp of responding content. If this data is included, the client should verify the timestamp. f) Extended data Expanded data added based on actual business needs. 7.5 Protocol interface function description 7.5.1 Export CertificateAppendix A(Normative appendix) HTTP-based message protocol syntax rules A.1 Overview The ASN.1 format described in Chapter 7 is a binary format, considering that the signature verification service will be widely used in various WEB systems However, the WEB system is better at processing texts. For this reason, on the basis of Chapter 7, a set of message protocols based on the HTTP protocol is designed. The discussion interface is convenient for various WEB system calls. Its working principle is similar to the request response mode in Chapter 7, except that the message format is converted from the binary ASN.1 format. It is a text format that is easy to transfer in WEB application and HTTP protocol. This appendix only describes the conversion rules from the message format of Chapter 7 to the corresponding HTTP format, rather than repeating each request in Chapter 7 Request, the business meaning of the response. A.2 ASN.1 data type to HTTP format conversion rules Table A.1 ASN.1 data type to HTTP format conversion rules ......Tips & Frequently Asked Questions:Question 1: How long will the true-PDF of GB/T 38629-2020_English be delivered?Answer: Upon your order, we will start to translate GB/T 38629-2020_English as soon as possible, and keep you informed of the progress. The lead time is typically 3 ~ 5 working days. The lengthier the document the longer the lead time.Question 2: Can I share the purchased PDF of GB/T 38629-2020_English with my colleagues?Answer: Yes. The purchased PDF of GB/T 38629-2020_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet.Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countriesQuestion 4: Do you accept my currency other than USD?Answer: Yes. If you need your currency to be printed on the invoice, please write an email to Sales@ChineseStandard.net. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay. |
