GB/T 40651-2021 English PDFUS$519.00 · In stock
Delivery: <= 5 days. True-PDF full-copy in English will be manually translated and delivered via email. GB/T 40651-2021: Information security technique - Entity authentication assurance framework Status: Valid
Basic dataStandard ID: GB/T 40651-2021 (GB/T40651-2021)Description (Translated English): Information security technique - Entity authentication assurance framework Sector / Industry: National Standard (Recommended) Classification of Chinese Standard: L80 Word Count Estimation: 26,273 Issuing agency(ies): State Administration for Market Regulation, China National Standardization Administration GB/T 40651-2021: Information security technique - Entity authentication assurance framework---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order.Information security technique - Entity authentication assurance framework ICS 35.030 CCSL80 National Standards of People's Republic of China Information security technology entity authentication assurance framework Released on 2021-10-11 2022-05-01 implementation State Administration of Market Supervision and Administration Issued by the National Standardization Management Committee Table of contentsForeword Ⅲ 1 Scope 1 2 Normative references 1 3 Terms and definitions 1 4 Abbreviations 2 5 Assurance Framework 3 6 Participants' roles and responsibilities 4 6.1 Overview 4 6.2 Entity 4 6.3 Voucher service provider 4 6.4 Registration Authority 4 6.5 Relying party 4 6.6 Verifier 4 6.7 Trusted third parties 4 7 Main link 4 7.1 General 4 7.2 Registration process 5 7.3 Voucher management link 5 7.4 Identification link 7 7.5 Joint link 7 8 Protection level 8 8.1 Classification of guarantee levels 8 8.2 Principles for the classification of identity security levels 8 8.3 Principles for the classification of discriminator guarantee levels 8 8.4 Principles for the classification of joint guarantee levels 9 8.5 Selection of protection level 9 8.6 Mapping and interoperability of assurance levels 9 9 Management requirements 10 9.1 Overview 10 9.2 Service qualification 10 9.3 Information security management and review 10 9.4 Outsourcing service supervision 10 9.5 Service Assurance Standard 10 Appendix A (Informative) Threat Analysis and Risk Control 11 A.1 Overview 11 A.2 Threat analysis and risk control in the registration process 11 A.3 Threat analysis and risk control in the credential management link 12 A.4 Threat analysis and risk control in the identification link 15 A.5 Threat analysis and risk control in the joint link 19 Appendix B (Informative) Protection of Personal Information 21 References 22ForewordThis document is in accordance with the provisions of GB/T 1.1-2020 "Guidelines for Standardization Work Part 1.Structure and Drafting Rules of Standardization Documents" Drafting. Please note that some of the contents of this document may involve patents. The issuing agency of this document is not responsible for identifying patents. This document was proposed and managed by the National Information Security Standardization Technical Committee (SAC/TC260). Drafting organizations of this document. Lenovo (Beijing) Co., Ltd., National Certification Technology (Beijing) Co., Ltd., Chinese Academy of Sciences Data and Communication Insurance Nursing Research and Education Center, Software Research Institute of Chinese Academy of Sciences, China Electronics Standardization Institute, Geer Software Co., Ltd., China Trust Information Communication Research Institute, Beijing National Security Technology Co., Ltd. The main drafters of this document. Chai Haixin, Li Jun, Li Ruxin, Lu Na, Chen Tianyu, Zhang Yan, Hao Chunliang, Zheng Qiang, Ning Hua, Fu Shan, Shen Mingfeng, Gu Xiaozhuo. Information security technology entity authentication assurance framework1 ScopeThis document establishes the assurance framework for entity identification, stipulates the responsibilities of each participant's role, the main process links of entity identification, and the actual The classification and classification principles of entity authentication security levels, and the management requirements required for entity authentication security are stipulated. This document applies to the security testing and evaluation of entity authentication services, and provides a basis for the formulation of other entity identification standards And reference.2 Normative referencesThe contents of the following documents constitute the indispensable clauses of this document through normative references in the text. Among them, dated quotations Only the version corresponding to that date is applicable to this document; for undated reference documents, the latest version (including all amendments) is applicable to This document. GB/T 25069-2010 Information Security Technical Terms GB/T 35273-2020 Information Security Technology Personal Information Security Specification3 Terms and definitionsThe following terms and definitions defined in GB/T 25069-2010 apply to this document. 3.1 Assertion The result of authenticating the entity generated by the verifier. Note. It may contain entity attribute information or authorization information. 3.2 Authentication The process of fully confirming the binding relationship between an entity and its presented identity. 3.3 Authenticator The functional components or methods that the claimant possesses or possesses that can be used to identify the identity of the claimant. Note. The authenticator contains and binds entity credentials or credential generation methods, participates in and executes a specific authentication protocol. Examples. password modules, passwords, password generators, etc. 3.4 Authentication protocol The message sequence defined between the claimant and the verifier enables the verifier to perform the authentication of the claimant. 3.5 Authenticationfactor Elements used to identify or verify the identity of an entity. Note. The identification factors can be divided into three categories. ---Things owned by the entity (for example, device signatures, passports, hardware devices containing credentials, private keys, etc.), ---Information known to the entity (for example, password, PIN, etc.), ......Tips & Frequently Asked Questions:Question 1: How long will the true-PDF of GB/T 40651-2021_English be delivered?Answer: Upon your order, we will start to translate GB/T 40651-2021_English as soon as possible, and keep you informed of the progress. The lead time is typically 3 ~ 5 working days. The lengthier the document the longer the lead time.Question 2: Can I share the purchased PDF of GB/T 40651-2021_English with my colleagues?Answer: Yes. The purchased PDF of GB/T 40651-2021_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet.Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countriesQuestion 4: Do you accept my currency other than USD?Answer: Yes. If you need your currency to be printed on the invoice, please write an email to Sales@ChineseStandard.net. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay. |
