GB/T 40018-2021 English PDF

US$409.00 · In stock
Delivery: <= 4 days. True-PDF full-copy in English will be manually translated and delivered via email.
GB/T 40018-2021: Information security technology - Certificate request and application protocol based on multiple channels
Status: Valid

Standard ID	USD	BUY PDF	Lead-Days	Standard Title (Description)	Status
GB/T 40018-2021	409	Add to Cart	4 days	Information security technology - Certificate request and application protocol based on multiple channels	Valid

Similar standards

GB/T 40660   GB 40050   GB/T 39205   GB/T 37027   GB/T 19713   

Basic data

Standard ID: GB/T 40018-2021 (GB/T40018-2021)
Description (Translated English): Information security technology - Certificate request and application protocol based on multiple channels
Sector / Industry: National Standard (Recommended)
Classification of Chinese Standard: L80
Word Count Estimation: 22,267
Issuing agency(ies): State Administration for Market Regulation, China National Standardization Administration

GB/T 40018-2021: Information security technology - Certificate request and application protocol based on multiple channels

---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order.
Information security technology-Certificate request and application protocol based on multiple channels ICS 35.030 L80 National Standards of People's Republic of China Information security technology is based on multi-channel Certificate application and application agreement Released on 2021-04-30 2021-11-01 implementation State Administration of Market Supervision and Administration Issued by the National Standardization Management Committee

Table of contents

Foreword Ⅰ Introduction Ⅱ 1 Scope 1 2 Normative references 1 3 Terms, definitions and abbreviations 1 3.1 Terms and definitions 1 3.2 Abbreviations 1 4 General 2 5 Multi-channel-based certificate application protocol 3 6 Digital signature and verification agreement based on multi-channel 5 6.1 Digital signature 5 6.2 Signature verification 8 7 File encryption and decryption protocol based on multi-channel 11 7.1 File encryption key transmission protocol 11 7.2 File decryption key transmission protocol 12 Appendix A (informative appendix) Compatibility analysis 14 Appendix B (Informative Appendix) Certificate Application Agreement Using QR Code 15 Appendix C (Informative Appendix) Application Scenario 16 Reference 18 Information security technology is based on multi-channel Certificate application and application agreement

1 Scope

This standard specifies the use of smart mobile devices for certificate application and application agreements, including certificate application agreements, digital signatures and signature verification agreements. Protocol, file encryption and decryption protocol. This standard applies to the design, development and testing of application systems in a multi-channel environment.

2 Normative references

The following documents are indispensable for the application of this document. For dated reference documents, only the dated version applies to this article Pieces. For undated reference documents, the latest version (including all amendments) is applicable to this document. GB/T 25069-2010 Information Security Technical Terms GB/T 37092-2018 Information Security Technology Cryptographic Module Security Requirements GM/T 0014-2012 Digital Certificate Authentication System Password Protocol Specification 3 Terms, definitions and abbreviations 3.1 Terms and definitions The following terms and definitions defined in GB/T 25069-2010 apply to this document. 3.1.1 Nearfieldchannel A channel for close connection between smart mobile devices and certificate authentication system terminals or service system terminals. Examples. artificial channel, optical channel, NFC, etc. 3.1.2 Network channel The certificate authentication system or the business system connects the channel of the smart mobile device through the network. 3.1.3 VendorID vendorID The application server is assigned to the smart mobile device developer and is a unique identifier that indicates the identity of the smart mobile device developer. 3.1.4 Vendorprivatekey The private key in the key pair used to prove whether the manufacturer is credible is pre-embedded by the smart mobile device developer in the smart mobile device. 3.1.5 Vendorpublickey The public key in the key pair used to prove whether the manufacturer is credible is pre-embedded by the smart mobile device developer in the smart mobile device. 3.2 Abbreviations The following abbreviations apply to this document.

Appendix A

(Informative appendix) Compatibility analysis A.1 Purpose This appendix mainly analyzes the compatibility between the protocol defined in this standard and the existing application protocol. A.2 Compatibility analysis At present, the information carried by the QR code is usually a URI, and the format of the URI is. [scheme.][//authority][path] [? query], two-dimensional codes of different purposes can be distinguished by scheme. The content of the QR code in this standard also adopts the URI format, Use TAG as a scheme to distinguish different application scenarios, specifically. ---TAG is CERT, apply for certificate in accordance with Chapter 5 agreement; ---TAG is AUTH, and the identity is authenticated according to the 6.1.1 protocol; ---TAG is SIGN, digital signature of information content in accordance with the 6.1.2 protocol; ---TAG is AVERIFY, digital signature verification for identity authentication according to the 6.2.1 protocol; ---TAG is CVERIFY, and digital signature verification of information content is carried out in accordance with the 6.2.2 protocol; ---TAG is ENCRYPT, file encryption according to 7.1 protocol; ---TAG is DECRYPT, and the file is decrypted according to the 7.2 protocol.

Appendix B

(Informative appendix) Certificate application agreement using QR code B.1 Purpose This appendix presents a mode of certificate application, that is, an example of a certificate application based on a QR code in the near-field channel. The application scenario is through The mobile phone applies for a certificate to the certificate authentication system. B.2 Certificate application agreement using QR code The specific process of using a QR code to apply for a certificate is as follows. a) The certificate authentication system generates the QR code corresponding to the certificate application registration message ApplyCertificateRegistration. first The ApplyCertificateRegistration structure is DER-encoded, and then the encoding result is converted into a BASE64 The printed string CONTENT, and then add the prefix CERT.//, the system generates a QR code; b) The mobile phone obtains CERT.//CONTENT by scanning the code, and parses CONTENT to obtain the certificate generated by the certificate authentication system Application registration message ApplyCertificateRegistration; c) The mobile phone generates a random verification code VerificationCode and displays it to the user; d) The mobile phone sends a certificate application request message to the certificate authentication system where the URI is located through the network channel; e) After the certificate authentication system receives the request message from the mobile phone, it displays the input interface and requires the user to input the information generated by the mobile phone in c) VerificationCode; The certificate verification system verifies the certificate application request message of the mobile phone, including verification of RN, Whether the SessionID is valid; the user signature public key verifies whether the signature is correct; whether the vendor ID is in the list of trusted vendors, the vendor Whether the private key is valid for the RN signature; f) The certificate authentication system replies to the mobile phone with a certificate application response message through the network channel; g) The user can download the certificate according to the requirements of GM/T 0014-2012, or obtain the certificate download message through the near field channel. certificate The TAG of the downloaded QR code is DOWNLOAD, and the URI is the address of the certificate download service.

Appendix C

(Informative appendix) Application scenario C.1 Purpose This appendix introduces the typical application scenarios of the digital signature and signature verification protocol, and the file encryption and decryption protocol in the standard. C.2 Application scenarios of digital signature protocol for identity authentication A typical application scenario of this protocol is smart door locks, which can be used for smart door locks to authenticate users. User before the agreement begins The public key information has been registered in the business system that provides identity authentication services. The specific process is as follows. a) The user chooses to unlock the lock through a smart mobile device, and the smart mobile device obtains the network access address of the business system through NFC URI, RN, SessionID, business system description information and other information; b) The smart mobile device displays the URI and system description information obtained in a), and requires the user to confirm and confirm that the The service system sends an identity authentication request message; c) The business system performs verification after receiving the identity authentication request message, and unlocks the smart door lock after the verification is passed. C.3 Application Scenarios of Information Content Digital Signature Protocol A typical application scenario of this agreement is to sign online transaction content. The specific process is as follows. a) The user uses a smart mobile device to scan the QR code to obtain the access address URI and access token of the business system that provides transaction content Information AccessCode; b) The smart mobile device sends a request message for obtaining transaction content to the business system through the network channel; c) The business system sends transaction content to the smart mobile device through the network channel; d) The smart mobile device displays the signature content to the user. After the user confirms to sign the displayed content, the smart mobile device signs the content. The name result is sent to the business system through the network channel. C.4 Application scenarios of information content digital signature verification protocol A typical application scenario of this protocol is certificate verification. The specific process is as follows. a) The user uses a smart mobile device to scan the QR code of the certificate, and obtains the communication method with the certificate verification system as NFC and an access token Information AccessCode; b) The smart mobile device sends a certificate content signature verification request message to the certificate chip through NFC; c) After receiving the authentication request message, the credential chip first verifies the legitimacy of the AccessCode, and signs the credential content after the verification is passed. Name, which is sent to the smart mobile device together with the certificate download address or certificate; d) The smart mobile device extracts the certificate or downloads the certificate according to the download address to verify whether the signature value is valid. C.5 Application Scenarios of Key Transmission Protocol for File Encryption A typical application scenario of this protocol is email content encryption. Before the protocol starts, the user has imported the public key information of the email recipient into In smart mobile devices, the specific process is as follows. a) Before the mail system sends the content of the mail, a QR code is generated, and the user uses a smart mobile device to scan the QR code to obtain access to the mail system Address URI and communication key CommunicationKey; b) The smart mobile device generates a random number as the content encryption key ContentKey. Use the communication key Communica- tionKey and the public key of the mail recipient encrypt the content encryption key ContentKey, obtain the ciphertext c1 and ciphertext c2, and pass the network Network channel sent to the mail system; c) After receiving the data, the mail system decrypts the ciphertext c1 to obtain the content encryption key ContentKey, and encrypts it with ContentKey File, and at the same time send c2 and the encrypted file to the mail recipient. C.6 Application Scenarios of Key Transfer Protocol for File Decryption A typical application scenario of this protocol is email content decryption, which corresponds to the C.5 email content encryption process. The specific process is as follows. a) The email recipient clicks on the email content, the email system generates a QR code, and the recipient uses a smart mobile device to scan the QR code to obtain the email. File system access address URI and communication key CommunicationKey; b) The smart mobile device sends a file decryption key transmission request message to the mail system through the network channel; c) After the mail system receives the key transmission request message for file decryption, it sends and receives to the smart mobile device through the network channel. The encrypted ciphertext of the public key to the content encryption key ContentKey c2; d) The smart mobile device receives the key transmission response message for file decryption, uses the private key in the encryption and decryption key pair to decrypt c2, and obtains To the content encryption key ContentKey, and use the communication key CommunicationKey to encrypt the ContentKey to get the secret Text c1, send c1 to the mail system through the network channel; e) After the mail system receives the c1 data, decrypt c1 to get the content encryption key ContentKey, and use ContentKey to decrypt File ciphertext, get the plaintext of the file. ......

Image     

Tips & Frequently Asked Questions:

Question 1: How long will the true-PDF of GB/T 40018-2021_English be delivered?

Answer: Upon your order, we will start to translate GB/T 40018-2021_English as soon as possible, and keep you informed of the progress. The lead time is typically 2 ~ 4 working days. The lengthier the document the longer the lead time.

Question 2: Can I share the purchased PDF of GB/T 40018-2021_English with my colleagues?

Answer: Yes. The purchased PDF of GB/T 40018-2021_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet.

Question 3: Does the price include tax/VAT?

Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countries

Question 4: Do you accept my currency other than USD?

Answer: Yes. If you need your currency to be printed on the invoice, please write an email to Sales@ChineseStandard.net. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay.