|
US$489.00 · In stock
Delivery: <= 5 days. True-PDF full-copy in English will be manually translated and delivered via email.
GB/T 17901.1-2020: Information technology - Security techniques - Key management - Part 1: Framework
Status: Valid GB/T 17901.1: Evolution and historical versions
| Standard ID | Contents [version] | USD | STEP2 | [PDF] delivered in | Standard Title (Description) | Status | PDF |
| GB/T 17901.1-2020 | English | 489 |
Add to Cart
|
5 days [Need to translate]
|
Information technology - Security techniques - Key management - Part 1: Framework
| Valid |
GB/T 17901.1-2020
|
| GB/T 17901.1-1999 | English | 919 |
Add to Cart
|
4 days [Need to translate]
|
Information technology. Security techniques. Key management. Part 1: Framework
| Obsolete |
GB/T 17901.1-1999
|
PDF similar to GB/T 17901.1-2020
Basic data | Standard ID | GB/T 17901.1-2020 (GB/T17901.1-2020) | | Description (Translated English) | Information technology - Security techniques - Key management - Part 1: Framework | | Sector / Industry | National Standard (Recommended) | | Classification of Chinese Standard | L80 | | Classification of International Standard | 35.040 | | Word Count Estimation | 26,266 | | Date of Issue | 2020-03-06 | | Date of Implementation | 2020-10-01 | | Older Standard (superseded by this standard) | GB/T 17901.1-1999 | | Quoted Standard | GB/T 15843.1; GB/T 15843.2; GB/T 15843.3; GB/T 15843.4; GB/T 15843.5; GB/T 15843.6; GB/T 17903.2; GB/T 18794.1; GB/T 32907; GB/T 32918.1; GB/T 32918.2; GB/T 32918.3; GB/T 32918.4; GB/T 32918.5; GB/T 37092-2018; ISO/IEC 18014-1; ISO/IEC 18014-2; ISO/IEC 18 | | Adopted Standard | ISO/IEC 11770-1-2010, MOD | | Issuing agency(ies) | State Administration for Market Regulation, China National Standardization Administration | | Summary | This standard specifies the following: a) establish a general model for key management mechanisms; b) define the basic concepts of key management common to GB/T 17901; c) define the characteristics of key management services; General principles for managing keys during their lifetime; e) establishing a conceptual model of key distribution for communications. This standard applies to establishing key management models and designing key management methods. | GB/T 17901.1-2020: Information technology - Security techniques - Key management - Part 1: Framework
---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order.
Information technology - Security techniques - Key management - Part 1.Framework
ICS 35.040
L80
National Standards of People's Republic of China
Replace GB/T 17901.1-1999
Information technology security technology key management
Part 1.Frame
2020-03-06 released
2020-10-01 implementation
State Administration for Market Regulation
Issued by the National Standardization Management Committee
Table of contents
Preface Ⅲ
Introduction Ⅴ
1 Scope 1
2 Normative references 1
3 Terms and definitions 1
4 Symbols and abbreviations 3
4.1 Symbol 3
4.2 Abbreviations 3
5 General model of key management 4
5.1 Overview 4
5.2 Key protection 4
5.3 General model of key life cycle 5
6 Basic content of key management 6
6.1 Key Management Service 6
6.2 Support Services 9
7 Conceptual model of key distribution between two entities 10
7.1 Overview of key distribution 10
7.2 Key distribution between communicating entities 10
7.3 Single domain key distribution 10
7.4 Key distribution between domains 12
8 Providers of specific services 13
Appendix A (informative appendix) Security threats to key management 14
Appendix B (informative appendix) Password application classification 15
Appendix C (Informative Appendix) Key Management Information Object 17
Reference 18
Foreword
GB/T 17901 "Information Technology Security Technology Key Management" is planned to be divided into 6 parts.
---Part 1.Framework;
---Part 2.Mechanisms using symmetric technology;
---Part 3.The mechanism of adopting asymmetric technology;
---Part 4.Mechanism based on weak secrets;
---Part 5.Group key management;
---Part 6.Key Derivation.
This part is Part 1 of GB/T 17901.
This section was drafted in accordance with the rules given in GB/T 1.1-2009.
This part replaces GB/T 17901.1-1999 "Information Technology Security Technology Key Management Part 1.Framework", and
Compared with GB/T 17901.1-1999, the main technical changes are as follows.
---New reference documents have been added to the normative reference documents (see Chapter 2);
--- Deleted "decryption, encryption, key confirmation, key control, key distribution center (KDC), key material, key management, key transfer
The terms and definitions of KTC, public key information, random numbers, sequence numbers, and “hash function, key derivation letter” have been added
The terms and definitions of "number, key establishment, key token, message authentication code, signature system" (see Chapter 3, Chapter 3 of the.1999 edition);
--- Added Chapter 4 "Symbols and Abbreviations" (see Chapter 4);
---Chapter 4 "Summary of Key Management" of the.1999 edition was revised to Chapter 5 "General Model of Key Management", and.1999 was deleted
Version 4.1.2, adding 5.1, 5.3.1, and modifying part of the content (see Chapter 5, Chapter 4 of the.1999 edition);
---Chapter 6 "Conceptual Model of Key Distribution" of the.1999 edition was revised to Chapter 7 "Conceptual Model of Key Distribution between Two Entities", adding
7.1 has been added and part of the content has been modified (see Chapter 7, Chapter 6 of the.1999 edition);
--- Deleted Appendix D of the.1999 edition, and the relevant content is consistent with the existing national standards and cryptographic industry standards.
This section uses the redrafting law to modify and adopt ISO /IEC 11770-1.2010 "Information Technology Security Technology Key Management Part 1.Framework".
Compared with ISO /IEC 11770-1.2010, the structure of this part has been adjusted. Chapter 2 has been added. Subsequent clause numbers have been sequentially changed and adjusted.
4.2.3~4.2.5 are 5.2.2, 5.2.3.1 and 5.2.3.2, adjust Appendix B to Appendix C, and Appendix C to Appendix B.
The technical differences between this part and ISO /IEC 11770-1.2010 and the reasons are as follows.
---Chapter 2 normative references have been added (see Chapter 2);
--- Deleted some terms and definitions (see Chapter 2 of ISO /IEC 11770-1.2010);
--- The symbols of "CA" and "RA" are deleted (see 3.1 of ISO /IEC 11770-1.2010);
---Chapter 5 clarifies that "cryptographic algorithms recognized by the national cryptographic management department should be used", and ISO /IEC 11770-1.2010
The referenced cryptographic algorithm standards are modified to quote the corresponding cryptographic algorithm standards of our country for ease of use (see Chapter 5).
This section also made the following editorial changes.
---Delete the informative appendix D of ISO /IEC 11770-1.2010, and the relevant content is consistent with the existing national standards and cryptographic industry standards.
Please note that certain contents of this document may involve patents. The issuing agency of this document is not responsible for identifying these patents.
This part is proposed and managed by the National Information Security Standardization Technical Committee (SAC/TC260).
Drafting organizations of this section. Xi'an Xidian Jietong Wireless Network Communication Co., Ltd., National Engineering Laboratory of Wireless Network Security Technology,
Zhongguancun Wireless Network Security Industry Alliance, Commercial Password Testing Center of National Cryptography Administration, Peking University Shenzhen Graduate School, China Electronics
The 30th Research Institute of Science and Technology Group Corporation, National Radio Monitoring Center Testing Center, China Electronic Technology Standardization Institute, China General Technology
Technology Research Institute, China Network Security Review Technology and Certification Center, Tianjin Radio Monitoring Station, Beijing Institute of Computer Technology and Application,
Tianjin Electronic and Mechanical Products Testing Center, Chongqing University of Posts and Telecommunications.
The main drafters of this section. Du Zhiqiang, Li Qin, Lang Yuan, Zhu Yuesheng, Liu Kewei, Zhou Guoliang, Tao Hongbo, Wang Yuehui, Tie Manxia, Zhang Bianling,
Peng Xiao, Li Bing, Xu Yuna, Huang Zhenhai, Buning, Zhang Lulu, Yu Guangming, Yan Xiang, Zhang Guoqiang, Liu Jingli, Li Dong, Shang Jun, Zhao Hui, Wang Ying,
Zhu Zhengmei, Gao Delong, Zheng Li, Xiong Keqi, Huang Kuigang, Long Zhaohua, Wu Dongyu.
The previous releases of the standards replaced by this part are.
---GB/T 17901.1-1999.
Introduction
In information technology, the need to use password mechanisms to protect data from illegal theft or tampering, to achieve entity identification and non-repudiation is increasing.
increase. The security and reliability of these mechanisms directly depend on the management and protection of keys. If there are weak links in key management, then
It invalidates all the cryptographic functions it claims, so safe management of keys is essential for integrating cryptographic functions into the system. Key management
The purpose is to provide key processing procedures used in symmetric or asymmetric cryptographic mechanisms.
This part of the revision adopts ISO /IEC 11770-1.2010 "Information Technology Security Technology Key Management Part 1.Framework", suitable
Used for the management of communication keys. ISO /IEC 11770 defines a general model of key management, which does not depend on the specific cryptographic algorithm used.
But some key distribution mechanisms depend on the characteristics of specific algorithms, such as asymmetric algorithm characteristics.
If the non-repudiation function is needed in key management, see GB/T 17903.
This section describes both automatic and manual key management methods, including the data element framework and the operations used to obtain key management services.
Work process, but does not elaborate on the details required for protocol exchange.
Like other security services, key management only provides key management services in the defined security policy, but the definition of security policy exceeds
Out of the scope of this section.
The fundamental problem of key management is to confirm the key material by all parties involved, and ensure its source, integrity, and immediacy to direct and indirect users
And (in the case of secret keys) confidentiality. Key management includes generating, storing, distributing, deleting and archiving keys according to a certain security policy
(GB/T 9387.2-1995) and other functions.
Information technology security technology key management
Part 1.Frame
1 Scope
This part of GB/T 17901 contains the following.
a) Establish a general model of key management mechanism;
b) Define the basic concept of key management common to GB/T 17901;
c) Define the characteristics of the key management service;
d) Provide general principles for the management of keys during their life cycle;
e) Establish a conceptual model of communication key distribution.
This section applies to the establishment of key management models and design key management methods.
2 Normative references
The following documents are indispensable for the application of this document. For dated reference documents, only the dated version applies to this document.
For undated references, the latest version (including all amendments) applies to this document.
GB/T 15843 (all parts) Information technology security technology entity authentication [ISO /IEC 9798 (all parts)]
GB/T 17903.2 Information technology security technology anti-repudiation Part 2.Mechanisms using symmetric technology (GB/T 17903.2-2008, ISO /IEC 13888-2.1998, IDT)
GB/T 18794.1 Information Technology Open System Interconnection Open System Security Framework Part 1.Overview (GB/T 18794.1-2002, idtISO /IEC 10181-1.1996)
GB/T 32907 Information Security Technology SM4 Block Cipher Algorithm
GB/T 32918 (all parts) Information security technology SM2 elliptic curve public key cryptographic algorithm
GB/T 37092-2018 Information Security Technology Cryptographic Module Security Requirements
ISO /IEC 18014 (all parts) Information technology security technology time stamp service
ISO /IEC 18031 Information Technology Security Technology Random Number Generation
3 Terms and definitions
The following terms and definitions apply to this document.
3.1
Asymmetric cryptography
Two related transformations are used, the public transformation defined by the public key and the private transformation defined by the private key.
Note. These two transformations have the following characteristics, that is, it is computationally infeasible to derive the private key for a given public key.
3.2
Asymmetric key pair
A pair of related keys, where the private key specifies the private transformation, and the public key specifies the public transformation.
[ISO /IEC 11770-3.2008, definition 3.3]
3.3
Private key
In an asymmetric key pair of an entity, the key used only by the entity.
3.4
Public key
In an entity's asymmetric key pair, the key that can be disclosed.
3.5
Certification authority
An authority trusted by users that is responsible for generating, issuing, and managing certificates.
Note. The user can select the institution to create a specific key for it.
3.6
digital signature
The data attached to the data unit, or the cryptographic transformation done on the data unit.
Note. This data or transformation allows the recipient of the data unit to confirm the source and integrity of the data unit and protect the data from being
者) Forgery or denial.
3.7
Hash function
A function that maps a bit string to a fixed-length bit string.
Note. This function meets the following two characteristics.
a) For a given output, it is computationally infeasible to find the input mapped to that output.
b) For a given input, it is computationally infeasible to find the second input that maps to the same output.
3.8
Key
A symbol sequence used to control cryptographic transformation operations (such as encryption, decryption, cryptographic verification function calculation, signature generation, or signature verification).
3.9
Key agreement
The process of establishing a shared secret key between entities, in which no entity can determine the value of the key in advance.
3.10
Key derivation function
A function to generate one or more shared secret keys by acting on the shared secret and other parameters known to both parties.
3.11
Key establishment
The process of generating a usable and shared secret key for one or more entities, including key agreement and key transmission.
[ISO /IEC 11770-3.2008, definition 3.22]
3.12
Key token
During the execution of the key establishment mechanism, one entity sends a key establishment message to another entity.
3.13
Message authentication code
The bit string output by the message authentication code algorithm.
3.14
Primary identification
Confirmation that the received data source is consistent with the claim.
3.15
Public key certificate
The non-forgeable data structure of the public key information issued by the certification authority to an entity.
3.16
Secret key
A key used in symmetric cryptography, and used only by a set of specified entities.
3.17
Signature system
Based on asymmetric cryptography, its private key is used to sign the transformation, and its public key is used to verify the transformed system.
3.18
Timestamp
According to a common time base to represent the time-varying parameters at a certain point in time.
3.19
Time-varying parameters
A data item used to verify that the data is not reused, such as a random number, a serial number, or a timestamp.
Note. Timestamp can be used while keeping the clock synchronization between entities. The sequence can be used while maintaining and verifying the synchronization of the sequence number counter between the entities
Column number.
3.20
Trusted third party
In terms of security-related activities, security agencies or their agents trusted by other entities.
4 Symbols and abbreviations
4.1 Symbols
The following symbols apply to this document.
A, B. distinguishable identifier of the entity.
DIR. Directory maintenance certification body.
KDC. Key Distribution Center.
KG. Key generator.
KTC. Key Exchange Center.
SA. Entity A's signing key.
VA. Entity A's verification key.
X. The distinguishable identifier of the certification body.
4.2 Abbreviations
The following abbreviations apply to this document.
5 General model of key management
5.1 Overview
The goal of key management is to manage and use key services safely, and key protection is extremely important.
The key management process depends on the basic cryptographic mechanism, the intended use of the key, and the security policy used. Key management is also included in
Functions performed in cryptographic devices.
Anyone involving the use of cryptographic technology to solve the requirements of confidentiality, integrity, authenticity, and non-repudiation shall follow the national and industry standards related to cryptography.
5.2 Key protection
5.2.1 Basic concepts of key management
The key is a key part in all security systems that rely on cryptographic technology. The proper protection of keys depends on many factors,
Such as the application type of the key, the threats faced, the different states that the key may appear, etc., the key should be protected from being leaked, modified, destroyed and reused.
It depends on the cryptographic technique used. See Appendix A for examples of possible threats to keys, and multiple protections may be required in actual use
Technology resists these threats. The validity of the key should be limited in time and the number of uses, these restrictions depend on the key recovery attack
The amount of time and data required, and the value of the information acquired over time. The original key used to derive the key is
The key needs more protection. Another important aspect of key protection is to avoid abuse, such as using key encryption keys to encrypt data.
5.2.2 Protection using password technology
The use of cryptographic techniques can resist some threats to the key. For example, use encryption to resist key leakage and unauthorized use; use data integrity
Sex mechanism to resist tampering; use data original authentication mechanism, digital signature and entity authentication mechanism to resist forgery.
This part shall adopt the password algorithm approved by the national password management department. For example, the encryption algorithm adopts GB/T 32907; the data integrity machine
The system adopts GB/T 32918; the digital signature adopts GB/T 32918; the entity authentication mechanism adopts GB/T 15843.
The password separation mechanism can resist the abuse of the key, and the use according to the function can be completed by combining the information and the key. For example. control
The combination of information and key ensures that a specific key is used for specific tasks (such as key encryption, data integrity), and uses symmetric cryptographic technology to resist
The denial mechanism requires key control. Regarding the use of symmetric cryptography to achieve non-repudiation, see GB/T 17903.2.See Appendix B for the classification of password applications.
The timestamp can be used to limit the use of the key within a certain validity period, and it can be used with the serial number to resist the recorded key
Replay attack of negotiation information. See ISO /IEC 18014 for time stamp technology.
5.2.3 Protection by other means
5.2.3.1 Protection by physical means
The keys used by cryptographic devices in the security system should be protected to prevent threats such as tampering, deletion, and disclosure (except public keys). This
These devices generally provide a secure area for key storage, key use, and implementation of cryptographic algorithms. The methods provided include.
a) Load the key from an independent secure key storage device;
b) Interact with cryptographic algorithms in independent security devices (such as smart cards);
c) Offline storage key (such as memory card).
Security zones are generally protected by physical security mechanisms. Physical security mechanisms can include. passive mechanisms to prevent direct access to the security zone
And an active tampering detection mechanism that destroys key data when the security zone may be invaded. The physical security mechanism used depends on the key
importance. See GB/T 37092-2018 for the security protection of cryptographic equipment.
5.2.3.2 Protection by organizational means
One method of key protection is to manage it into a key hierarchy. Except for the lowest level of the structure, the secrets on each level
The key is only used to protect subordinate keys. Only the lowest level key is directly used to provide data security services. This classification method limits the use of keys
Therefore, it reduces the possibility of leaking the key and increases the difficulty of the attack. For example, revealing a single session key will only reveal the information protected by that key.
Allowing access to keys can lead to some serious problems, including key disclosure and key abuse (especially non-repudiation). Only in safety equipment
The plaintext of the key can only be obtained internally. If you need to export them, you should take some special measures, for example, to decompose the key into several parts, and not allow someone to obtain all parts.
The use of the key should also be controlled to prevent the disclosure of the key or the information it protects.
5.3 General model of key life cycle
5.3.1 Definition of key life cycle
A key will go through a series of states, these states determine its life cycle. There are three main states.
a) Pending activation. In the pending activation state, the key has been generated, but has not yet been activated for use;
b) Activation. In the activated state, the key is used to encrypt data, decrypt or verify data;
c) Suspended. In the suspended state, the key can only be used for decryption or verification.
If it is clear that a key has been threatened, the key status should be changed to the suspended status immediately, and then the key can only be used for decryption or verification.
The data received before the status change of the certificate cannot be used for other purposes. It should be noted that it is determined that the compromised key cannot be activated again,
Therefore, the key in Figure 1 from the suspended state to the activated state is a conditional optional operation.
When the key is determined to be accessed or controlled without authorization, it can be considered that the key is threatened.
These states and the corresponding transitions are shown in Figure 1.Figure 1 shows a general model of the key life cycle, and other life cycle models.
There may be sub-states of the above three states. Most life cycles need to be archived. According to the specific details of the life cycle, this kind of archive can be
All states are associated.
5.3.2 Transition between key states
As shown in Figure 1, when a key migrates from one state to another, it needs to undergo the following transitions.
a) "Generate". the key generation process. Key generation should be carried out according to the specified key generation rules, the process may include test procedures
To verify compliance with these rules. It should be noted that the use of unpredictable random numbers in the key generation process is extremely
Important, otherwise, even the strongest cryptographic algorithm cannot provide adequate protection. For the method of random number generation, see ISO /IEC 18031.
b) "Activate". make the key valid and can be used for cryptographic operations.
c) "Release". restrict the use of the key, this will happen if the key expires or has been revoked.
d) "Reactivate". Allow the suspended key to be reused for cryptographic operations.
e) "Destruction". Terminate the life cycle of the key, including the logical destruction of the key, and may also include the physical destruction.
The conversion can be triggered by the following events. a new key is required, the key is threatened, the key expires, the key life cycle ends, etc. All these conversions
Both include a series of key management services.
5.3.3 Conversion and service of key status
The key used for a specific cryptographic technique will use different combinations of services during its lifetime.
For symmetric encryption technology, after the key is generated, the transition from the to-be-activated state to the activated state includes the key installation, and can also include the key
Register and distribute. In some cases, installation may involve deriving a special key. The lifetime of the key should be limited to a fixed
Within the time limit. The release terminates the activation state, usually because the key has expired. If the active key is found to be threatened, revoke the key
The key can also put it into a suspended state. A key in a suspended state can be archived. If you need to reuse the archived under certain conditions
It will be reactivated before it is fully activated, it may need to be installed and distributed again; otherwise, after release, the key may be cancelled and destroyed.
For asymmetric encryption technology, after a pair of keys (public key and private key) is generated, the pair of keys will enter the state to be activated. Note that this pair
The key lifetimes are related but not the same. Before the private key enters the activated state, registration and distribution to users are optional, but installation is
Required. The transition of the private key between the activated state and the suspended state, including release, reactivation and destruction, is similar to the situation of the above symmetric key.
When a public key is issued, a certificate containing the public key is usually generated by the CA to ensure the validity and ownership of the public key. The public key certificate can be put
Used for distribution in catalogs or other similar services, or sent back to the owner for distribution. When the owner sends data signed with his private key
At the time, the certificate can also be attached. Once the public key is verified, the key pair enters the active state. When the key pair is used for digital signatures, the private key
After being released or destroyed, the corresponding public key may be activated or suspended from time to time. In order to verify that the relevant private key is
Digital signatures generated within the validity period may require access to the public key. When asymmetric technology is used to achieve confidentiality services, and the key used for encryption has been
When released or destroyed, the corresponding key in the key pair may still be activated or suspended for subsequent decryption.
For the signature key, the corresponding...
Tips & Frequently Asked Questions:Question 1: How long will the true-PDF of GB/T 17901.1-2020_English be delivered?Answer: Upon your order, we will start to translate GB/T 17901.1-2020_English as soon as possible, and keep you informed of the progress. The lead time is typically 3 ~ 5 working days. The lengthier the document the longer the lead time. Question 2: Can I share the purchased PDF of GB/T 17901.1-2020_English with my colleagues?Answer: Yes. The purchased PDF of GB/T 17901.1-2020_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet. Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countriesQuestion 4: Do you accept my currency other than USD?Answer: Yes. If you need your currency to be printed on the invoice, please write an email to [email protected]. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay. Question 5: Should I purchase the latest version GB/T 17901.1-2020?Answer: Yes. Unless special scenarios such as technical constraints or academic study, you should always prioritize to purchase the latest version GB/T 17901.1-2020 even if the enforcement date is in future. Complying with the latest version means that, by default, it also complies with all the earlier versions, technically.
|