HOME   Cart(0)   Quotation   About-Us Tax PDFs Standard-List Powered by Google www.ChineseStandard.net Database: 189760 (18 Jan 2025)

GB/T 15843.3-2023 English PDF (GB/T 15843.3-2016, GB/T 15843.3-2008)

GB/T 15843.3-2023_English: PDF (GB/T15843.3-2023)
Standard IDContents [version]USDSTEP2[PDF] delivered inStandard Title (Description)StatusPDF
GB/T 15843.3-2023English514 Add to Cart 5 days [Need to translate] Information technology -- Security techniques -- Entity authentication -- Part 3: Mechanisms using digital signature techniques Valid GB/T 15843.3-2023
GB/T 15843.3-2016English210 Add to Cart 0--9 seconds. Auto-delivery Information technology -- Security techniques -- Entity authentication -- Part 3: Mechanisms using digital signature techniques Obsolete GB/T 15843.3-2016
GB/T 15843.3-2008English439 Add to Cart 3 days [Need to translate] Information technology -- Security techniques -- Entity authentication -- Part 3: Mechanisms using digital signature techniques Obsolete GB/T 15843.3-2008
GB/T 15843.3-1998English439 Add to Cart 3 days [Need to translate] Information technology--Security techniques--Entity authentication--Part 3: Mechanisms using asymmetric signature techniques Obsolete GB/T 15843.3-1998


BASIC DATA
Standard ID GB/T 15843.3-2023 (GB/T15843.3-2023)
Description (Translated English) Information technology -- Security techniques -- Entity authentication -- Part 3: Mechanisms using digital signature techniques
Sector / Industry National Standard (Recommended)
Classification of Chinese Standard L80
Classification of International Standard 35.030
Word Count Estimation 26,231
Date of Issue 2023-03-17
Date of Implementation 2023-10-01
Older Standard (superseded by this standard) GB/T 15843.3-2016
Drafting Organization Xi'an Xidian Jietong Wireless Network Communication Co., Ltd., Zhongguancun Wireless Network Security Industry Alliance, National Information Technology Security Research Center, China Mobile Communications Group Co., Ltd., Zhongneng Fusion Smart Technology Co., Ltd., China Southern Power Grid Co., Ltd., Beijing Digital Certification Co., Ltd., Software Research Institute of Chinese Academy of Sciences, First Research Institute of Ministry of Public Security, Commercial Password Testing Center of State Cryptography Administration, National Radio Monitoring Center Testing Center, Guangxi University, China Radio and Television Network Group Co., Ltd., Guangxi Chengxin Huichuang Technology Co., Ltd., Geer Software Co., Ltd., Guangxi Flux Energy Technology Co., Ltd., China General Technology Research Institute, Beijing Computer Technology and Application Research Institute
Administrative Organization National Information Security Standardization Technical Committee (SAC/TC260)
Proposing organization National Information Security Standardization Technical Committee (SAC/TC260)
Issuing agency(ies) State Administration for Market Regulation, National Standardization Management Committee

BASIC DATA
Standard ID GB/T 15843.3-2016 (GB/T15843.3-2016)
Description (Translated English) Information technology -- Security techniques -- Entity authentication -- Part 3: Mechanisms using digital signature techniques
Sector / Industry National Standard (Recommended)
Classification of Chinese Standard L80
Classification of International Standard 35.040
Word Count Estimation 18,155
Date of Issue 25/4/2016
Date of Implementation 2016-11-01
Older Standard (superseded by this standard) GB/T 15843.3-2008
Drafting Organization Xi An Xietong Jietong Wireless Network Communications Co., Ltd., State Password Bureau of Commerce Password Censoring Center, State Key Laboratory of Information Security, China Electronics Standardization Institute, National Radio Monitoring Center Testing Center, Xi An University of Electronic Science and Technology, Xi An University of Posts and Telecommunications, China Information Security Certification Center, the National Information Security Engineering Technology Research Center, the National Computer Network Emergency Technology Processing Coordination Center, the National Information Technology Security Research Center, the National Information Technology Research Center, the National Information Network Technology Co., Ltd., Ministry of Public Security of the first research institute, the Ministry of Industry and Information Technology Communication Measurement Center, the Ministry of Public Security Information Security Level Protection and Evaluation Center, National University of Defense Technology, Beijing Municipal Government Network Management Center, Chongqing University of Posts and Telecommunications, Yulong Computer Communications Technology (Shenzhen)
Administrative Organization National Information Security Standardization Technical Committee (SAC/TC 260)
Regulation (derived from) National Standard Announcement No
Proposing organization National Information Security Standardization Technical Committee (SAC/TC 260)
Issuing agency(ies) General Administration of Quality Supervision, Inspection and Quarantine of the People Republic of China, Standardization Administration of the People Republic of China

BASIC DATA
Standard ID GB/T 15843.3-2008 (GB/T15843.3-2008)
Description (Translated English) Information technology. Security techniques. Entity authentication. Part 3: Mechanisms using digital signature techniques
Sector / Industry National Standard (Recommended)
Classification of Chinese Standard L80
Classification of International Standard 35.040
Word Count Estimation 11,138
Date of Issue 2008-06-19
Date of Implementation 2008-11-01
Older Standard (superseded by this standard) GB/T 15843.3-1998
Quoted Standard GB/T 15843.1-2008; GB 15851-1995
Adopted Standard ISOIEC 9798-3-1998, IDT
Drafting Organization Data Protection Research Institute of Education and Communication Center (State Key Laboratory of Information Security)
Administrative Organization Standardization Technical Committee of the National Information Security
Regulation (derived from) Announcement of Newly Approved National Standards No. 10 of 2008 (total 123)
Proposing organization National Safety Standardization Technical Committee
Issuing agency(ies) Administration of Quality Supervision, Inspection and Quarantine of People's Republic of China; Standardization Administration of China
Summary This standard specifies the use of digital signature technology Entity authentication mechanisms. There are two types of authentication mechanisms are a single entity identification (one-way authentication), the remaining two entities mutual authentication mechanism. Mechanisms provided in this section uses such as timestamps, serial number, or other time-varying parameters of random numbers, to prevent previously valid authentication information has been received or is later repeatedly accepted. If a timestamp or sequence number, then the only way to identify a single pass, and mutual authentication is required two passes. If a random number using the excitation response method, two -way authentication to be transmitted, mutual authentication is required to pass three or four (depending on the mechanisms used).


GB/T 15843.3-2023 ICS 35.030 CCSL80 National Standards of People's Republic of China Replace GB/T 15843.3-2016 Information Technology Security Technology Entity Authentication Part 3.Mechanisms using digital signature technology Released on 2023-03-17 2023-10-01 implementation State Administration for Market Regulation Released by the National Standardization Management Committee table of contents Preface III Introduction IV 1 Range 1 2 Normative references 1 3 Terms and Definitions 1 4 Symbols and abbreviations 2 4.1 Symbol 2 4.2 Abbreviations 3 5 General 3 5.1 Time-varying parameters 3 5.2 Token 3 5.3 Usage of Text field 3 6 Requirements 4 7 Mechanisms that do not introduce online trusted third parties4 7.1 One-way authentication 4 7.2 Two-way authentication 6 8 Mechanisms for Introducing Online Trusted Third Parties9 8.1 General 9 8.2 One-way authentication 9 8.3 Two-way authentication 11 Appendix A (Normative) Object Identifiers 17 A.1 Form definition 17 A.2 Use of Subsequent Object Identifiers 17 Appendix B (Informative) User Guide 18 B.1 Security properties 18 B.2 Comparison and selection of mechanisms19 Appendix C (informative) How to use the Text field 20 Reference 21 foreword This document is in accordance with the provisions of GB/T 1.1-2020 "Guidelines for Standardization Work Part 1.Structure and Drafting Rules for Standardization Documents" drafting. This document is part 3 of GB/T 15843 "Information Technology Security Technical Entity Identification". GB/T 15843 has been issued The following sections. --- Part 1.General; --- Part 2.Mechanisms using symmetric encryption algorithms; --- Part 3.Mechanisms using digital signature technology; --- Part 4.Mechanisms using cryptographic verification functions; --- Part 5.Mechanisms for using zero-knowledge technology; --- Part 6.Using manual data transfer mechanism. This document replaces GB/T 15843.3-2016 "Information Technology Security Technical Entity Authentication - Part 3.Using digital signature technology Compared with GB/T 15843.3-2016, except for structural adjustment and editorial changes, the main technical changes are as follows. a) Added "Symbols and Abbreviations" (see Chapter 4); b) Added "General Principles" (see Chapter 5); c) Added "one-way authentication" (see 8.2); d) Added "seven pass identification" (see 8.3.4); e) Added "Guidelines for Use" (see Appendix B). This document is equivalent to ISO /IEC 9798-3.2019 "IT Security Technology Entity Authentication Part 3.Mechanisms Using Digital Signature Technology". The following minimal editorial changes have been made to this document. ---In order to coordinate with my country's technical standard system, the name of the standard is changed to "Information Technology Security Technical Entity Identification Part 3. Mechanisms using digital signature technology"; ---In order to conform to the technical expression habits of our country, TP (third party) is changed to TTP (trusted third party); --- For the convenience of understanding, an informative note was added to 5.1, 8.1, and 8.2.1 respectively. This document is proposed and managed by the National Information Security Standardization Technical Committee (SAC/TC260). This document is drafted by. Xi'an Xidian Jietong Wireless Network Communication Co., Ltd., Zhongguancun Wireless Network Security Industry Alliance, National Information Technology Security Research Center, China Mobile Communications Group Co., Ltd., China Energy Fusion Smart Technology Co., Ltd., China Southern Power Grid Co., Ltd. The responsible company, Beijing Digital Certification Co., Ltd., the Institute of Software of the Chinese Academy of Sciences, the First Research Institute of the Ministry of Public Security, and the State Encryption Administration Password Testing Center, National Radio Monitoring Center Testing Center, Guangxi University, China Radio and Television Network Group Co., Ltd., Guangxi Chengxin Huichuang Technology Co., Ltd., Geer Software Co., Ltd., Guangxi Flux Energy Technology Co., Ltd., China General Technology Research Institute, Beijing Institute of Computer Technology and Applications. The main drafters of this document. Cao Jun, Du Zhiqiang, Zhang Lulu, Wang Hong, Chen Yu, Li Qin, Huang Zhenhai, Wang Yuehui, Zhang Bianling, Tie Manxia, Zhang Yang, Wang Li, Hou Pengliang, Hu Xiaoliang, Zheng Li, Sha Xuesong, Lai Xiaolong, Zhao Xiaorong, Yan Xiang, Zhang Guoqiang, Chen Baoren, Zhang Liwu, Zhang Yan, Jiang Caiping, Jian Jian, Zhou Tao, Li Dong, Li Guoyou, Tao Hongbo, Yin Yuang, Luo Peng, Deng Kaiyong, Lu Quan, Li Shuang, Wei Lina, Zheng Qiang, Wei Changcai, Liu Kewei, Yu Guangming, Wang Rui, Li Yujiao, Zhu Zhengmei, Zhao Hui, Jia Jia, Liu Hongyun, He Shuangyu, Li Nan, Jing Jingtao, Pan Qi, Chen Weigang, Bai Kunpeng, Zhang Zhijun, Sun Shuo, Chen Xiaolong, Lu Liang, Guo Jinfa, Tian Yucun. The release status of previous versions of this document and the documents it replaces are as follows. --- First published as GB/T 15843.3-1998 in.1998, first revised in.2008, and second revised in.2016; --- This is the third revision. introduction This document stipulates that the entity authentication mechanism using digital signature technology is divided into two types. one-way authentication and two-way authentication. Among them, one-way authentication is pressed According to the number of message transmissions, it is divided into one-pass authentication, two-pass authentication and four-pass authentication; two-way authentication is based on the number of message transmissions, Divided into two-pass authentication, three-pass authentication, five-pass authentication and seven-pass authentication. GB/T 15843 aims to standardize entity authentication technology and consists of 6 parts. --- Part 1.General. The purpose is to standardize the model, framework and general requirements of entity authentication technology. --- Part 2.Mechanisms using symmetric encryption algorithms. The purpose is to standardize six entity authentication mechanisms based on symmetric encryption algorithms and relevant requirements. --- Part 3.Mechanisms using digital signature technology. The purpose is to standardize ten kinds of entity authentication mechanisms based on digital signature technology and related requirements. --- Part 4.Mechanisms using cryptographic verification functions. The purpose is to standardize four entity authentication mechanisms based on password verification functions and related requirements. --- Part 5.Mechanisms for using zero-knowledge techniques. The purpose is to standardize five entity authentication mechanisms based on zero-knowledge technology and related related requirements. --- Part 6.Using manual data transfer mechanism. The purpose is to standardize eight entity authentication mechanisms based on manual data transfer and related requirements. Since the distribution of certificates used for signing is beyond the scope of this document, distribution of certificates is optional in all mechanisms. The issuer of this document draws attention to the fact that when declaring compliance with this document, CN201510654832.X, CN201510654832.X, JP5425314B2, EP2472772, KR10-1405509, CN200910023774.5, CN200910023735.5, US8,763,100B2, JP5468138B2, KR10-1471259, CN200910023734.0, US8,732,464B2, JP5468137B2, KR10-1471827, 1139547, RU2445741C2, CN200710018920.6, US8,356,179B2, EP2214429B1, JP5099568B2, KR10- 1117393, RU2458481C2, CN201510654785.9, US10,615,978B2, JP6687728, EP16853041.8, KR10- The use of patents such as 2141289 and CN201510654784.4. The issuing agency of this document takes no position on the veracity, validity and scope of the above patents. The above-mentioned patent holder has undertaken to the issuing authority of this document that he is willing to cooperate with any applicant on reasonable and non-discriminatory terms and conditions Next, negotiate the licensing of patents. Statements from the above patent holders are on file with the issuing authority of this document. Relevant information can be passed through Obtained through the following contact information. Name of patent holder. Xi'an Xidian Jietong Wireless Network Communication Co., Ltd. Address. A201, Qinfengge, Xi'an Software Park, No. 68, Keji 2nd Road, High-tech Zone, Xi'an Contact. Wang Lizhen Zip Code. 710075 Email. ipri@iwncomm.com Tel. 029-87607836 Fax. 029-87607829 Please note that in addition to the above patents, some content of this document may still involve patents. The issuer of this document is not responsible for identifying patents responsibility. Information Technology Security Technology Entity Authentication Part 3.Mechanisms using digital signature technology 1 Scope This document specifies two types of entity authentication mechanisms using digital signature technology. The first category does not introduce online trusted third parties, including two One-way authentication mechanism and three kinds of two-way authentication mechanism; the second type introduces online trusted third party, also includes two kinds of one-way authentication mechanism and three kinds of two-way authentication mechanism authentication mechanism. This document is applicable to guide the research of entity authentication mechanism using digital signature technology, as well as the development and application of related products and systems. Appendix A defines the object identifiers for the entity authentication mechanisms specified in this document. 2 Normative references The contents of the following documents constitute the essential provisions of this document through normative references in the text. Among them, dated references For documents, only the version corresponding to the date is applicable to this document; for undated reference documents, the latest version (including all amendments) is applicable to this document. GB/T 15843.1-2017 Information Technology Security Technology Entity Identification Part 1.General Principles (ISO /IEC 9798-1. 2010, IDT) ISO /IEC 9796 (all parts) Information technology security techniques digital signature scheme with message recovery (Information Note. GB/T 15851.3-2018 Information Technology Security Technology Digital Signature Scheme with Message Recovery Part 3.Mechanism Based on Discrete Logarithm (ISO /IEC 9796-3.2006, MOD) ISO /IEC 14888 (all parts) Information technology security techniques Digital signature with appendices (Information Note. GB/T 17902.2-2005 Information technology security technology digital signature with appendix Part 2.Identity-based mechanism (ISO / IEC 14888-2.1999, IDT) GB/T 17902.3-2005 Information Technology Security Technology Digital Signature with Appendix Part 3.Certificate-Based Mechanism (ISO / IEC 14888-3.1998, IDT) 3 Terms and Definitions The following terms and definitions apply to this document. 3.1 Atomic business atomictransaction A business that cannot be further split into multiple smaller businesses. 3.2 claiming party claimant The authenticated entity itself or some representative entity for the purpose of authentication. Note. The claiming party has the parameters and private data needed to authenticate the exchange. [Source. GB/T 15843.1-2017, 3.6] ......


GB/T 15843.3-2016 Information technology - Security techniques - Entity authentication - Part 3.Mechanisms using digital signature techniques ICS 35.040 L80 National Standards of People's Republic of China Replace GB/T 15843.3-2008 Information technology security technology entity authentication Part 3.Mechanisms using digital signature technology Released on.2016-04-25 2016-11-01 implementation General Administration of Quality Supervision, Inspection and Quarantine of the People's Republic of China Issued by China National Standardization Administration Table of contents Foreword Ⅰ Introduction Ⅲ 1 Scope 1 2 Normative references 1 3 Terms, definitions and symbols 1 4 Requirements 1 5 Mechanism 2 5.1 Overview 2 5.2 One-way authentication 2 5.3 Mutual authentication 3 6 Mechanism for introducing online trusted third parties 6 6.1 Overview 6 6.2 Five passes to authenticate TePA-A (initiated by entity A) 6 6.3 Five passes to authenticate TePA-B (initiated by entity B) 8 Appendix A (informative appendix) Use of text fields 10 Appendix B (Normative Appendix) OID and ASN.1 Notation 11 B.1 Formal definition 11 B.2 Use of subsequent object identifiers 11 B.3 Coding example based on basic coding rules 11 Preface GB/T 15843 "Information Technology Security Technical Entity Identification" is currently divided into five parts. ---Part 1.Overview; ---Part 2.The mechanism of using symmetric encryption algorithms; ---Part 3.The mechanism of using digital signature technology; ---Part 4.Using the mechanism of password verification function; ---Part 5.The mechanism of adopting zero-knowledge technology. This part is Part 3 of GB/T 15843. This section was drafted in accordance with the rules given in GB/T 1.1-2009. This Part replaces GB/T 15843.3-2008 "Information Technology Security Technology Entity Authentication Part 3.Using Digital Signature Technology The mechanism of technology. Compared with GB/T 15843.3-2008, the main technical changes in this part are as follows. ---Added an authentication mechanism for introducing online trusted third parties (see Chapter 6); ---Added OID and ASN.1 syntax (see Appendix B). Among them, the relevant chapters and articles involved in the amendment of GB/T 15843.3-2008 are as follows. Modified item number GB/T 15843.3-2008 chapter number modification description 1 Chapter 1 replaces the third paragraph of Chapter 1 2 Chapter 3 adds three term descriptions at the end of Chapter 3 3 Add chapter 6 after chapter 5 4 Appendix A replaces the first paragraph of Appendix A 5 Add Appendix B after Appendix A The translation method used in this part is equivalent to the ISO /IEC 9798-3.1998 "Information Technology Security Technical Entity Authentication Part 3. The Mechanism of Using Digital Signature Technology and Amd.1.2010 "Information Technology Security Technology Entity Authentication Part 3.Using Digital The mechanism of signature technology No. 1 amendment. the introduction of an online trusted third-party authentication mechanism", only editorial changes. This part is proposed and managed by the National Information Security Standardization Technical Committee (SAC/TC260). The main drafting units of this section. Xi'an Xidian Jietong Wireless Network Communication Co., Ltd., and the State Cryptography Administration Center, State Key Laboratory of Information Security, China Electronics Standardization Institute, National Radio Monitoring Center Testing Center, Xi’an Electronics University of Technology, Xi'an University of Posts and Telecommunications, Guangzhou Jiesai Technology Co., Ltd., Shenzhen Minghua Aohan Technology Co., Ltd., China Information Security Certification Center, National Information Security Engineering Technology Research Center, National Computer Network Emergency Technology Processing Coordination Center, National Information Technology Security Full Research Center, the First Research Institute of the Ministry of Public Security, the Communication Metrology Center of the Ministry of Industry and Information Technology, the Information Security Level Protection Evaluation Center of the Ministry of Public Security, University of Defense Technology, Beijing Municipal Affairs Network Management Center, Chongqing University of Posts and Telecommunications, Yulong Computer Communication Technology (Shenzhen) Co., Ltd., People of China University, Chinese People’s Liberation Army Information Security Evaluation and Certification Center, China Telecom Corporation, National Information Center, Peking University Shenzhen Postgraduate Institute, China Electric Power Research Institute, Beijing Zhongdian Huada Electronic Design Co., Ltd., Southeast University, China Mobile Communications Group Design Institute have Co., Ltd., Chinese People’s Liberation Army Information Engineering University, Jiangnan Institute of Computing Technology, Beijing University of Posts and Telecommunications, Shanghai Longzhao Electronics Co., Ltd., Beijing Wulong Telecommunications Technology Company, Beijing Wangbei Hechuang Technology Co., Ltd., Shenzhen Hongdian Technology Co., Ltd., Peking University Founder Group Company, Haier Group, Beijing Guangxin Finance Technology Co., Ltd., Beijing Liuhe Wantong Microelectronics Technology Co., Ltd., Honghao Ming Chuan Technology (North Beijing) Co., Ltd., Beijing City Hotspot Information Co., Ltd., Beijing Huaan Guangtong Technology Development Co., Ltd., Maipu Communication Technology Co., Ltd., Changchun Jida Zhengyuan Information Technology Co., Ltd., Tsinghua University, Beijing Tianyi Integrated Technology Co., Ltd., Guilin University of Electronic Technology, Xi'an Realan Technology Co., Ltd., Broadband Wireless IP Standard Working Group, WAPI Industry Alliance. The main drafters of this section. Huang Zhenhai, Lai Xiaolong, Li Dawei, Feng Dengguo, Song Qizhu, Tie Manxia, Cao Jun, Li Jiandong, Lin Ning, Shu Min, Zhu Zhixiang, Chen Xiaohua, Guo Xiaolei, Li Jingchun, Yu Yali, Wang Yumin, Zhang Bianling, Xiao Yuelei, Gao Bo, Gao Kunlun, Pan Feng, Hu Yanan, Jiang Qingsheng, Xiao Li, Zhu Jianping, Jia Yan, Shi Weinian, Li Qin, Li Guangsen, Wu Yafei, Liang Zhaohui, Liang Qiongwen, Luo Xuguang, Long Zhaohua, Shen Lingyun, Zhang Wei, Xu Pingping, Ma Huaxing, Gao Feng, Qiu Hongbing, Zhu Yuesheng, Wang Yahui, Lan Tian, Wang Zhijian, Du Zhiqiang, Zhang Guoqiang, Tian Xiaoping, Tian Hui, Zhang Yongqiang, Shou Guoliang, Mao Liping, Cao Zhuqing, Guo Zhigang, Gao Hong, Han Kang, Wang Gang, Bai Guoqiang, Chen Zhifeng, Li Jianliang, Li Dawei, Wang Liren, Gao Yuan, Yue Lin, Jing Jingtao. The previous releases of the standards replaced by this part are. ---GB/T 15843.3-1998, GB/T 15843.3-2008. introduction This part of GB/T 15843 defines the entity authentication mechanism using digital signature technology, which is divided into two types. one-way authentication and mutual authentication. Among them, one-way authentication is divided into one-pass authentication and two-pass authentication according to the number of message transfers; mutual authentication is based on the number of message transfers. The number is divided into two pass authentication, three pass authentication, two pass parallel authentication, and five pass authentication. Since the distribution method of the certificate used for signature is beyond the scope of this section, the sending of the certificate is optional in all mechanisms. All relevant content related to cryptographic algorithms in this section shall be implemented in accordance with relevant national regulations. The issuing agency of this document draws attention to the fact that when a declaration conforms to this document, it may involve the chapter 6 and "a method of two-way authentication of entities". A kind of two-way authentication method and system for entities based on a trusted third party" and other related patents. The issuing agency of this document has no position on the authenticity, validity and scope of the patent. The patent holder has assured the issuing organization of this document that he is willing to work with any applicant under reasonable and non-discriminatory terms and conditions. Negotiations on patent licensing. The statement of the patent holder has been filed with the issuing agency of this document. For relevant information, please contact Way to get. Patentee. Xi'an Xidian Jietong Wireless Network Communication Co., Ltd. Address. A201, Qinfeng Tower, Xi'an Software Park, No. 68, Keji 2nd Road, High-tech Zone, Xi'an Contact. Liu Changchun Please note that in addition to the above-mentioned patents, certain contents of this document may still involve patents. The issuing agency of this document is not responsible for identifying these Liability for patents. Information technology security technology entity authentication Part 3.Mechanisms using digital signature technology 1 Scope This part of GB/T 15843 specifies an entity authentication mechanism using digital signature technology. There are two authentication mechanisms for a single entity Authentication (one-way authentication), the rest is the mutual authentication mechanism of two entities. The mechanisms specified in this section use time-varying parameters such as timestamps, serial numbers, or random numbers to prevent previously valid authentication information from being Accepted or accepted multiple times. If time stamps or serial numbers are used, one-way authentication only needs to be transmitted once, while mutual authentication requires two transmissions. If using random numbers Challenge-response method, one-way authentication requires two passes, and mutual authentication requires three passes, two passes in parallel, or five passes (depending on the mechanism). This section applies to all applications and equipment with identification requirements. 2 Normative references The following documents are indispensable for the application of this document. For dated reference documents, only the dated version applies to this article Pieces. For undated references, the latest version (including all amendments) applies to this document. GB/T 15843.1-2008 Information Technology Security Technical Entity Authentication Part 1.Overview (ISO /IEC 9798-1. 1997, IDT) GB 15851-1995 Information Technology Security Technology Digital Signature Scheme with Message Recovery (idtISO /IEC 9796.1991) GB/T 16263.1-2006 Information Technology ASN.1 Encoding Rules Part 1.Basic Encoding Rules (BER), Regular Encoding Rules (CER) and Atypical Encoding Rules (DER) specifications (ISO /IEC 8825-1.2002, IDT) 3 Terms, definitions and symbols The terms, definitions and the following symbols defined in GB/T 15843.1-2008 apply to this document. IA. The identity of entity A, which can be A or CertA IB. The identity of entity B, which can be B or CertB ResX. Entity X's certificate verification result or entity X's public key 4 requirements In the authentication mechanism specified in this section, the entity to be authenticated proves its identity by showing that it has a private signature key. This wants This is done by the entity using its private signature key to sign specific data. The signature can be used by any public verification key of the entity Entity to verify. The authentication mechanism has the following requirements. a) The verifier should have a valid public key of the claimant; b) The claimant should have a private signature key that is only known by the claimant. If any one of these two requirements is not met, the authentication process will be attacked or cannot be completed successfully. Note 1.One way to obtain a valid public key is to use a certificate (see Appendix C of GB/T 15843.1-2008). Generation, distribution and revocation of certificates All are beyond the scope of this section. In order to obtain a valid public key in the form of a certificate, a trusted third party can be introduced. Another way to obtain an effective public secret The key method is to use trusted messengers. Note 2.References related to digital signature schemes are described in the references of GB/T 15843.1-2008. 5 Mechanism 5.1 Overview The entity authentication mechanism specified in this section uses time-varying parameters, such as timestamps, serial numbers or random numbers (see GB/T 15843.1-2008 Appendix B and Note 1) of this article. In this section, the form of the token (also called token) is as follows. Token=X1||||Xi||sSA(Y1||||Yj) In this section, "signed data" refers to "Y1||||Yj", which is used as the input of the digital signature scheme, and "unsigned data" refers to "X1||||Xi". If the information contained in the tag name data can be recovered from the signature, it does not need to be included in the unsigned data of the tag (see GB 15851-1995). If the information contained in the text field of the tag name data cannot be recovered from the signature, it should be included in the unsigned text of the tag name. In the paragraph. If the information in the signature data of the token (such as the random number generated by the verifier) is known to the verifier, it need not be included in the voice Said party sent the token in the unsigned data. All text fields specified in the following mechanisms are also applicable to applications outside the scope of this section (text fields may be empty). they The relationship and content of the depends on the specific application. See Appendix A for information on the use of text fields. Note 1.In order to prevent the data block signed by an entity from being deliberately constructed by the second entity, the first entity can include it in the data block signed by it Own random number. In this case, the addition of random numbers makes the signature value unpredictable, thereby preventing the pre-defined data signature. Note 2.Since the distribution of certificates is beyond the scope of this section, the sending of certificates is optional in all mechanisms. Appendix B specifies the OID and ASN.1 syntax of the entity authentication mechanism specified in this section for accurate reference to a specific mechanism. 5.2 One-way authentication 5.2.1 Overview One-way authentication means that only one of the two entities is authenticated when using this mechanism. 5.2.2 One pass authentication In this authentication mechanism, the claimant A initiates the process and the verifier B authenticates it. Uniqueness and timeliness is achieved through generation and Check the time stamp or serial number (see Appendix B of GB/T 15843.1-2008) to control. The authentication mechanism is shown in Figure 1. Figure 1 Schematic diagram of one-way authentication mechanism 5.2.3 Two pass authentication In this authentication mechanism, the verifier B starts this process and authenticates the claimant A. Uniqueness and timeliness is achieved through generation and Check the random number RB (see Appendix B of GB/T 15843.1-2008) to control. The authentication mechanism is shown in Figure 2. Figure 2 Schematic diagram of two-pass one-way authentication mechanism The form of the token (TokenAB) sent by the claimant A to the verifier B is. TokenAB=RA||RB||B||Text3||sSA(RA||RB||Text2) Whether to include distinguishable identifier B in TokenAB is optional, and whether to use an application environment that depends on the authentication mechanism. Note 1.The optional inclusion of distinguishable identifier B in the signature data of TokenAB is to prevent the information from being accepted by entities other than the intended verifier (For example, when a man-in-the-middle attack occurs). Note 2.Including the random number RA in the signature data of TokenAB can prevent B from obtaining A's signature on the data selected by B before the authentication mechanism is activated. name. This kind of protection method is needed, for example, when A uses the same key for other purposes than entity authentication. (1) B sends a random number RB to A, and optionally sends a text field Text1. (2) A generates and sends TokenAB to B, and optionally sends A's certificate. (3) Once a message containing TokenAB is received, B performs the following steps. (i) Ensure possession of A's valid public key by verifying A's certificate or by other means. (i) Verify TokenAB by the following methods. verify the digital signature of A contained in the token; send in verification step (1) Whether the random number RB given to A matches the random number contained in the TokenAB signature data; check TokenAB The value of the identifier field (B) in the signature data (if any) should be equal to the distinguishable identifier of B. 5.3 Mutual authentication 5.3.1 Overview Mutual authentication means that two communicating entities use this mechanism to authenticate each other. In 5.3.2 and 5.3.3, the two mechanisms described in 5.2.2 and 5.2.3 are extended to achieve mutual authentication. This expansion adds a Messages are delivered, thus adding two operating steps. The steps specified in 5.3.4 use four messages, but these messages do not need to be sent sequentially. In this way, the identification process can be accelerated. 5.3.2 Two-pass authentication In this authentication mechanism, the uniqueness and timeliness is achieved by generating and checking the time stamp or serial number (see the attachment of GB/T 15843.1-2008). Record B) to control. 5.3.3 Three pass authentication In this mechanism, uniqueness and timeliness are controlled by generating and testing random numbers (see Appendix B of GB/T 15843.1-2008). The authentication mechanism is shown in Figure 4. 5.3.4 Two-pass parallel authentication In this mechanism, identification is performed in parallel, and uniqueness and timeliness are controlled by generating and testing random numbers (see GB/T 15843.1- Appendix B of.2008). The authentication mechanism is shown in Figure 5. 6 Mechanism for introducing online trusted third parties 6.1 Overview The authentication mechanism in this chapter requires the two entities A and B to pass through an online trusted third party (with distinguishable Sub-identifier TP) to verify the other party’s public key. Entity A and B have valid public keys of TP. And A and B don’t have each other’s validity Public key. This chapter describes two five-pass authentication mechanisms, which realize mutual authentication between entities A and B. In these two authentication mechanisms, There are three elements (A, B and TP). A and B are peer authentication entities relative to TP. The format of the token and text field follows the description of 5.1 Narrated. These two mechanisms are collectively referred to as the ternary peer authentication mechanism TePA (Tri-element Peer Authentication), and they use The signature mechanism defined in ISO /IEC 14888 or GB 15851-1995. 6.2 Five passes to authenticate TePA-A (initiated by entity A) In this identification mechanism, uniqueness/timeliness is controlled by generating and checking random numbers (see Appendix B of GB/T 15843.1-2008). 6.3 Five passes to authenticate TePA-B (initiated by entity B) In this identification mechanism, uniqueness/timeliness is controlled by generating and checking random numbers (see Appendix B of GB/T 15843.1-2008). The authentication mechanism is shown in Figure 7. Appendix A (Informative appendix) Use of text fields The tokens specified in Chapters 5 and 6 of this part include text fields. The practical use of different text fields in a given pass And the relationship between each text field depends on the specific application. Some examples are given below, and you can also refer to the attachment of GB/T 15843.1-2008 Record A. If a digital signature scheme without message recovery is used, and the text field of the signature is not empty, the verifier will verify the signature before To have text. In this appendix, "signed text field" refers to the text field in the signed data, and "unsigned text field" refers to the number of unsigned The text field in the data. For example, if a digital signature scheme without message recovery is used, any information that needs to be authenticated for the origin of the data should be placed in the signature of the token. The name text field and (as part of) the unsigned text field. If the token does not contain (sufficient) redundancy, the signature text field can be used to provide additional redundancy. The signature text field can be used to indicate that the token is only valid when used for entity authentication purposes. It should also be noted that an entity may Will deliberately attempt to choose a "degenerate" value for another entity to sign. To prevent this possibility, another entity can Introduce a random number in the segment. If a certain algorithm is used, a claimant uses the same key for all verifiers communicating with it, then potential s attack. If you think that this potential attack is a threat, you need to include in the signed text field and (if necessary) the unsigned text field. Contains the identity of the intended verifier. The unsigned text field can also be used to provide information to the verifier to indicate who the claimant is claiming (but has not yet been authenticated). If a certificate is not used to distribute the public key, this information is required to allow the verifier to determine which public key to use to authenticate the claimant. ......


GB/T 15843.3-2008 Information technology Security techniques Entity authentication Part 3.. Mechanisms using digital signature techniques ICS 35.040 L80 National Standards of People's Republic of China GB/T 15843.3-2008/ISO /IEC 9798-3.1998 Replacing GB/T 15843.3-1998 Information technology - Security techniques - Entity Identification Part 3. The digital signature mechanism (ISO /IEC 9798-3.1998, IDT) Posted 2008-06-19 2008-11-01 implementation Administration of Quality Supervision, Inspection and Quarantine of People's Republic of China Standardization Administration of China released Table of Contents Preface Ⅰ Introduction Ⅱ 1 Scope 1 2 Normative references 1 3 Terms, definitions and symbols 1 4 Requirements 1 5 Mechanism 1 5.0 Overview 1 5.1 Identification of 2-way 5.1.1 Identification of a transfer 2 5.1.2 Identification of two passes 2 5.2 mutual authentication 3 5.2.1 Identification of two passes 3 Three Pass 5.2.2 Identification 4 5.2.3 Identification of two passes parallel 4 Appendix A (informative) text field 6 GB/T 15843.3-2008/ISO /IEC 9798-3.1998 Foreword GB/T 15843 "Information technology - Security techniques - Entity authentication" is divided into five parts. --- Part 1. Overview --- Part 2. using symmetric encryption algorithm mechanism --- Part 3. The digital signature mechanism --- Part 4. the mechanism using a cryptographic check function --- Part 5. zero-knowledge techniques Mechanism You may also add other subsequent section. This section GB/T 15843 Part 3, identical with ISO /IEC 9798-3.1998 "Information technology - Security techniques - Entity Identification - Part 3. Digital Signature Technology mechanism ", only editorial changes. This Part replaces GB/T 15843.3-1998 "Information technology - Security techniques entity identification - Part 3. Asymmetric signature technology Operation mechanism. " This section compared with GB 15843.3-1998, the main changes are as follows. --- The partial modification of the name. --- This section according to GB/T 15843.1 revision, change some of the terms. --- Delete this part of ISO /IEC foreword, introduction and increased. Appendix A of this section is an informative annex. This part of the National Security Standardization Technical Committee and centralized. This part of the main drafting unit. Institute of Education Data and Research Center (State Key Laboratory of Information Security) communications protection. The main drafters of this section. Jingji Wu, Jian Ping, Xia Luning, high-energy, to continue. This part of the standard replaces the previous release case. --- GB/T 15843.3-1998. GB/T 15843.3-2008/ISO /IEC 9798-3.1998 introduction This section identical with the international standard ISO /IEC 9798-3.1998, which is by the ISO /IEC Joint Technical Committee JTC1 (INFORMATION TECHNOLOGY Surgery) sub-committee SC27 (IT security technology) drafted. This section defines the use of digital signature technology entity authentication mechanisms, divided into one-way authentication and mutual authentication two kinds. Wherein the one-way identification According to the number of messaging, it is divided into two passes one pass authentication and identification; mutual authentication based on the number of messaging, is divided into two Transfer identification, authentication and passed three times two passes parallel identification. Since the signing certificate used by way beyond the scope of this distribution, send a certificate in all the mechanisms are optional. This part of the cryptographic algorithm involving relevant content, according to the national laws and regulations implemented. GB/T 15843.3-2008/ISO /IEC 9798-3.1998 Information technology - Security techniques - Entity Identification Part 3. The digital signature mechanism 1 Scope This section provides entity authentication mechanisms using digital signature technology. There are two authentication mechanisms is to identify a single entity (one-way mirror Do), the rest is a mutual authentication mechanism for the two entities. Variable parameters specified in this part of the mechanism, such as the use of a time stamp, serial number or random number, etc., to prevent previously valid authentication information later Accepted or received multiple times. If the time stamp or serial number, the identification with a single one-way transmission, and mutual authentication is required two passes. If random Number incentive - response method, single identification required two passes, the mutual authentication is required to pass three or four (depending on the mechanism employed). 2 Normative references The following documents contain provisions which, through reference in this text, constitute provisions of this part. For dated references, subsequently Some amendments (not including errata content) or revisions do not apply to this section, however, encourage the parties to agreements based on this research Study whether the latest versions of these documents. For undated reference documents, the latest versions apply to this section. GB/T 15843.1-2008 Identification Information technology - Security techniques - Entity - Part 1. General (ISO /IEC 9798-1. 1997, IDT) GB 15851-1995 Information technology - Security techniques - Digital signature schemes giving message recovery (idt ISO /IEC 9796.1991) 3 Terms, definitions and symbols GB/T terms, definitions and symbols 15843.1-2008 established in this section apply. 4 Requirements Authentication mechanisms specified in this part of the entity to be identified by indicating that it has a private signature key to verify their identity. To this Specific data to complete the signature using its private signature key by the entity. The signature can be by the use of the entity's public key to verify any Entity authentication. Authentication mechanisms have the following requirements. a) shall verify that claim to have a valid public key parties; b) shall have only claimed by the party claiming they know the private signature key. If these two requirements are not met any one, then the authentication process will be attacked, or can not be completed successfully. Note 1. One way to obtain a valid public key with a certificate (see GB/T 15843.1-2008 Appendix C). Produce the certificate, distribution and revocation We are beyond the scope of this section. In order to obtain a valid certificate in the form of a public key, trusted third party can be introduced. Another effective public encryption Key way is to use a trusted courier. Note 2. For digital signature scheme is described in references GB/T 15843.1-2008 references. 5 Mechanism 5.0 Overview If the entity authentication mechanisms using the parameters specified in this variable, such as time stamp, serial number or a random number (see GB/T 15843.1-2008 Appendix B below and Note 1). Present, the right to form part of the subject as follows. GB/T 15843.3-2008/ISO /IEC 9798-3.1998 ......

Similar standards: GB/T 15843.2-2024  GB/T 15843.4-2024  
Similar PDFs (Auto-delivered in 9 seconds): GB/T 15843.2-2017  GB/T 15843.1-2017  GB/T 15843.6-2018  GB/T 20261-2020