GB/T 20520-2006_English: PDF (GB/T20520-2006)
Standard ID | Contents [version] | USD | STEP2 | [PDF] delivered in | Standard Title (Description) | Status | PDF |
GB/T 20520-2006 | English | 150 |
Add to Cart
|
0--9 seconds. Auto-delivery
|
Information security technology -- Public key infrastructure -- Time stamp specification
| Valid |
GB/T 20520-2006
|
Standard ID | GB/T 20520-2006 (GB/T20520-2006) | Description (Translated English) | Information security technology. Public key infrastructure. Time stamp specification | Sector / Industry | National Standard (Recommended) | Classification of Chinese Standard | L80 | Classification of International Standard | 35.040 | Word Count Estimation | 18,178 | Date of Issue | 2006-08-30 | Date of Implementation | 2007-02-01 | Quoted Standard | GB 17859-1999; GB/T 20518-2006; GB/T 20273-2006; GB/T 20271-2006; RFC 2630 | Drafting Organization | Chinese Academy of Sciences State Key Laboratory of Information Security | Administrative Organization | Standardization Technical Committee of the National Information Security | Regulation (derived from) | China Announcement of Newly Approved National Standards No. 10 of 2006 (No. 97 overall) | Proposing organization | National Safety Standardization Technical Committee | Issuing agency(ies) | Administration of Quality Supervision, Inspection and Quarantine of People's Republic of China; Standardization Administration of China | Summary | This standard specifies the timestamp of the system components, the timestamp format and timing system security management requirements. This standard applies to the design and implementation of the system timestamp, timestamp, system testing and product procurement also refer to the use. |
GB/T 20520-2006
NATIONAL STANDARD OF THE
PEOPLE’S REPUBLIC OF CHINA
ICS 35.040
L 80
Information security technology - Public key
infrastructure - Time stamp specification
ISSUED ON: AUGUST 30, 2006
IMPLEMENTED ON: FEBRUARY 01, 2007
Issued by: General Administration of Quality Supervision, Inspection and
Quarantine;
Standardization Administration of the People's Republic of
China.
Table of Contents
Foreword ... 3
Introduction ... 4
1 Scope ... 5
2 Normative references ... 5
3 Terms and definitions ... 5
4 Abbreviation ... 6
5 Composition of time stamp system ... 7
6 Generation and issuance of time stamp ... 8
6.1 Application and issuance method ... 8
6.2 Generation method for trusted time ... 8
6.3 Time synchronization ... 9
6.4 Application and issuance process ... 10
7 Time stamp management ... 11
7.1 Storage of time stamp ... 11
7.2 Time stamp backup ... 11
7.3 Time stamp retrieval ... 12
7.4 Time stamp deletion and destruction ... 12
7.5 Check and verification of time stamp ... 13
8 Time stamp format ... 14
8.1 Requirements for TSA ... 14
8.2 Key identification ... 14
8.3 Representation format of time ... 15
8.4 Time stamp application and response message format ... 16
8.5 Document storage ... 21
8.6 MIME object definition used ... 21
8.7 Security considerations for time stamp format ... 22
9 Security of time stamp system ... 23
9.1 Physical security ... 23
9.2 Software security ... 23
Bibliography ... 27
Information security technology - Public key
infrastructure - Time stamp specification
1 Scope
This Standard specifies the requirements for time stamp system component
composition, time stamp management, time stamp format, and time stamp
system security management.
This Standard is applicable to the design and implementation of time stamp
systems. The testing of time stamp system and product procurement can also
be used as reference.
2 Normative references
The provisions in following documents become the provisions of this Standard
through reference in this Standard. For dated references, the subsequent
amendments (excluding corrigendum) or revisions do not apply to this Standard,
however, parties who reach an agreement based on this Standard are
encouraged to study if the latest versions of these documents are applicable.
For undated references, the latest edition of the referenced document applies.
GB 17859-1999, Classified criteria for security protection of computer
information system
GB/T 20518-2006, Information security technology - Public key infrastructure
- Digital certificate format
GB/T 20273-2006, Information security technology - Security techniques
requirement for database management system
GB/T 20271-2006, Information security technology - Common security
techniques requirement for information system
RFC 2630, Cryptographic Message Syntax
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
6 Generation and issuance of time stamp
6.1 Application and issuance method
The TSA can receive time stamp requests and issue time stamp in different
ways. But at least one of the following four ways shall be supported:
a) Application by email. The user sends a time stamp request to the email
address specified by TSA. The TSA also returns the time stamp issued to
the user via email. The MIME objects used for application and issuance
are described in clause 8.
b) Application by file transfer. The user stores the code of the application
message in a file. After the file is transferred to the TSA, the TSA also
saves the generated time stamp in a file and sends it to the user. File
transfer can use any trusted method, such as using the FTP protocol.
c) Application through Socket. The TSA listens for request from user on a
port on the computer. After the user establishes a secure socket
connection with this port of the TSA computer, the user sends an
application message to TSA. Finally, TSA also sends the generated time
stamp to the user on this connection.
d) Apply via HTTP. After the user connects to the TSA application page, the
application message is generated by using the webpage. The application
message is then sent to TSA via the HTTP protocol. The TSA then sends
back the time stamp via the HTTP protocol.
6.2 Generation method for trusted time
The original source of trusted time shall come from the national authoritative
time department (such as the National Time Service Center). Or the time
obtained by using hardware and methods approved by the national authoritative
time department.
Use one or more of the following methods to obtain time.
a) Use some kind of wireless receiving device to obtain the time release of
the national authoritative time department by wireless means, such as
long wave signal, satellite signal, etc.
b) Obtain time from a specified network address by using some sort of time
synchronization protocol. The time of the network address release and the
time synchronization protocol used shall be credible and approved by the
national authority time department.
synchronization. Alerts the administrator and writes to the audit log.
6.4 Application and issuance process
Regardless of which method is used in the TSA operation, the entire application
and time stamping process shall at least include the following basic processes.
a) The user submits an application request to TSA through one of the
methods described in 6.1. The format of the request message shall
conform to the provisions of clause 8.
b) After receiving the application request, the TSA's signature system checks
the validity of the request message according to the description of the time
stamp format in clause 8.
c) If the request message is not valid or the TSA cannot issue this time stamp
for some internal reason, the TSA shall generate a time stamp failure
response. The format shall also follow the provisions of clause 8. The TSA
shall fill in the reason the application is rejected in detail.
d) If the request message is valid and the system is functioning properly, the
TSA signature system shall fill in the normal time stamp and sign it
according to the time stamp format described in clause 8.
e) The TSA signature system sends the newly generated time stamp to the
time stamp database through the trusted channel. Save it by the time
stamp database. The time stamp failure response due to the rejection of
the application shall be determined by the TSA's own policy to save it. This
standard does not make mandatory provisions.
f) The TSA adopts the method of issuance corresponding to the user
application method. Send the newly generated time stamp to the user.
g) After receiving the time stamp, the user shall use the TSA certificate to
verify the validity of the time stamp. And check the time stamp content for
errors. If the time stamp is illegal or has an error, the user shall
immediately report the exception to the TSA manager. TSA agency shall
provide a user feedback channel. Notify administrator via this channel
when users find anomalies. If the time stamp is normal, the user can save
this time stamp for later use.
h) If the administrator receives an exception report from the user, he shall
immediately check the audit log and time stamp database to find out the
cause of the error. The TSA shall prepare a complete processing plan for
this situation.
d) The backup data shall be stored in a convenient way.
e) The access to backup data shall be done when an administrator is present.
f) The backup data does not necessarily need to be encrypted or signed.
However, if used, the selected algorithm shall comply with the relevant
regulations of the national cryptography management department.
7.3 Time stamp retrieval
The TSA shall provide the user with an environment that can easily retrieve time
stamps so that users can retrieve and obtain time stamps via the network or
face to face.
The time stamp that the TSA provides to the user for retrieval shall be more
than just the time stamp stored in the time stamp database. It shall also include
the time stamp of the previous backup.
The TSA shall at least support retrieval of time stamps through the following
three types of information.
a) Retrieve according to the time of time stamp storage. Allow multiple results
to be retrieved. Then allow user to select by himself.
b) Retrieve based on the serial number of the time stamp. Since the serial
number is unique, such retrieval shall have only one result.
c) Retrieve according to the complete encoding of time stamp. Such retrieval
shall also have only one result.
The retrieval result of the time stamp can be sent to the user through the 6.1
issuance method. It can also let the user take it back by another reliable method,
such as using an IC card, CD, etc.
7.4 Time stamp deletion and destruction
7.4.1 Deletion of time stamp
When the TSA system generates an incorrect time stamp due to an internal
error or an external attack, it shall be allowed to delete the erroneous data in
the time stamp database.
All time stamps deleted from the time stamp database shall be backed up for
later auditing. This backup data shall be distinguished from normal backup data
and stored separately. But also need to meet the requirements for backup in
7.2.
All deleted time stamps shall be published in the public channel at the first time,
8 Time stamp format
8.1 Requirements for TSA
To complete a complete time stamp, the TSA system shall meet the following
conditions.
a) Have a reliable time source that shall meet the requirements of 9.2.2. The
generation of trusted time must meet the requirements of 6.2.
b) Include a trusted time value in each time stamp.
c) Include a one-time random integer (nonce field) in each newly generated
time stamp.
d) Whenever possible, when a legitimate request is received from a
requester, a time stamp is generated based on the request.
e) When the time stamp is generated, include a unique identifier within it.
This identifier indicates the security policy when the time stamp is
generated.
f) Only stamp the time stamp on the hash value of the data. The hash function
has a unique object identifier (OID).
g) To be able to check the identifier of a one-way hash function. And verify
that the hash length of the data matches the result length of the hash
function.
h) Except for the check of the length of the hash value required in g), no other
checks are performed on the entered hash value data.
i) Do not contain any requestor's identity within the time stamp.
j) Sign the time stamp with a special key. This purpose of the key shall be
stated in the certificate corresponding to the key.
k) If the requester makes some additional requirements in the extension field
of the application message and the TSA supports these extensions, the
TSA shall include the corresponding additional information in the time
stamp. Conversely, if the TSA does not support these extensions, it shall
return an error message.
8.2 Key identification
The TSA shall have a special key to sign the time stamp message. But a TSA
can have many different private keys to suit different requirements, for example,
local clock. nonce is a large random number and is not repeated with a
very high probability (for example: a 64-bit integer). In this case, the nonce
shall be included in the response message, otherwise the response
message shall be rejected.
e) If there is a certReq field in the request message and is set as true, the
TSA shall give its public key certificate in its response message. The
certificate is indicated by the ESSCertID of the SigningCertificate attribute
in the response message, and the certificate itself is stored in the
Certificates field of the SighedData [Translator note: should be
SignedData] structure in the response message. This domain can also
contain other certificates. If the certReq field is not given in the request
message or the certReq field is set to false, the above certificate is not
necessary in the response message.
f) The extensions field is a way to add additional information to the application
message in the future. Extensions are defined in GB/T 20518-2006. For
an extension, whether or not it is a critical extension, as long as it appears
in the request message and cannot be recognized by the TSA, the TSA
shall not generate a time slice and return a failure message
(unacceptedExtension).
The time stamp request message does not need to give the identity of the
requester because the TSA does not verify this information (see 8.1). If in some
cases the TSA needs to verify the identity of the requesting party, then two-way
authentication shall be performed.
8.4.2 Response message format
After receiving the application message, the TSA sends a response message
to the requester whether the application succeeds or fails. The response
message is either the correct time stamp or a time stamp containing the failure
information. The specific format of the time stamp response message is as
follows:
The status of the response message is defined as follows:
- The validity of the time stamp log so that it can be verified later that the
time stamp is authentic.
c) messagelmprint shall have the same value as a similar field in
TimeStampReq. The premise is that the length of the hash value is the
same as the expected length of the hashAlgorithm tag algorithm.
d) The serialNumber field is an integer assigned by the TSA to each time
stamp. It shall be unique for each time stamp issued by a given TSA (i.e.,
the TSA name and serial number can identify a time stamp flag). It shall
be noted that this feature shall be retained even after experiencing a
possible service interruption (such as a crash).
e) genTime is the time when the TSA creates a time stamp. It is expressed
in UTC time to reduce confusion caused by the use of local time zone
usage. The specific format of time shall comply with the provisions of 8.3.
f) accuracy represents the maximum error that may occur in time. genTime
plus the value of accuracy, the time limit for TSA can be obtained to create
this time stamp. Similarly, subtracting the value of accuracy is the lower
time limit for TSA to create a time stamp. The specific definition is as
follows:
If seconds, millis, or micros do not appear, the values of these fields that
do not appear shall be assigned as 0.
When the accuracy option does not appear, the accuracy can be obtained
from other sources, such as TSAPolicyld.
g) ordering indicates time stamp sorting conditions. If the ordering field does
not appear, or the ordering field appears but is set as false, then the
genTime field only indicates the time when the TSA creates the time stamp.
In this case, the difference between the genTime of the first of the two time
stamps and the genTime of the second is greater than the sum of the
precisions of the two genTime, time stamp flags issued by the same TSA
or different TSAs are possible to sort. If the ordering field appears and is
set as true, each time stamp sent by the same TSA can be sorted
according to genTime, regardless of genTime accuracy.
h) If the nonce field appears in TimeStampReq, it shall also appear here, and
the value shall be equal to the value in TimeStampReq.
9 Security of time stamp system
9.1 Physical security
The physical security requirements of the time stamp system shall comply with
the relevant requirements of 4.1 of GB/T 20271-2006. Secure the environment,
equipment and recording media.
9.2 Software security
9.2.1 Operating environment
The computer environment in which all components of the TSA operate, i.e. the
computer information system, shall have a security level that meets or exceeds
the requirements of the second level of "system audit protection level" specified
in GB 17859-1999.
All components of the TSA shall have a complete anti-virus, firewall solution.
Programs and services not related to TSA operation shall not be running in the
system. Personnel who can operate TSA component computers shall be strictly
controlled. The password for accessing the TSA component computer shall also
be strictly controlled to ensure that only authorized personnel know.
9.2.2 Trusted time source
The time source of the TSA shall be the national standard time. It is either the
time published by the national authority time department or the time obtained
by the hardware and method approved by the national authoritative time
department.
Regardless of the method used to obtain the trusted time, strict measures shall
be taken to ensure the integrity of the time information from the time source of
the trusted time source to the signature system to ensure that it has not been
tampered with by anyone. Even if someone invades the time information in the
middle, the signature system shall have the ability to discover that the time
information has been modified. Alert to TSA managers at the same time.
Software used to receive time from a time source shall also check the continuity
and integrity of time to ensure that it is true and effective.
9.2.3 Signature system
All use of the key by the signature system shall be performed in accordance
with the relevant regulations of the National Cryptographic Authority.
The access to the signature system shall have strict access control, including
Input, deletion and storage
of trusted public key
All changes to the trusted public
key (e.g. addition, deletion)
Including public key and
information related to the public
key
Private key and symmetric
key output
Output of private and symmetric
keys (including one-time
session keys)
Time stamp application All time stamp request requests
If the application is successful,
save the application request and
a copy of the generated time
stamp in the log;
If the application fails, save the
reason for the failure and the
generated time stamp failure
response in the log
Component configuration All security related configurations
Trusted time acquisition and
synchronization
Synchronization time based on
trusted time source
Including that if the trusted time
and local time do not match,
change the local time according to
the trusted time, and all errors
that occur during the
synchronization process
For each event in Table 1, the audit record shall include: the date and time of
the event, the user, the type of event, whether the event is successful, and what
is required in the additional information column of the table.
Private keys, asymmetric keys, and other security-related parameters in clear
text must not appear in the log record.
The audit feature component shall be able to associate an auditable event with
the identity of the system user who initiates the event.
9.2.5.2 Audit review
The audit feature component shall provide the auditor with the ability to view all
information about the log.
The audit feature component shall provide the log information to the reader in
a manner suitable for reading and interpretation.
9.2.5.3 Audit event storage
Audit feature component shall have the following capabilities.
a) The protected audit trail storage requires audit trail storage to be protected
......
|