|
US$819.00 · In stock
Delivery: <= 6 days. True-PDF full-copy in English will be manually translated and delivered via email.
GB/T 29243-2012: Information security technology -- Specifications of delegated certification path construction and delegated validation for digital certificate
Status: Valid
| Standard ID | Contents [version] | USD | STEP2 | [PDF] delivered in | Standard Title (Description) | Status | PDF |
| GB/T 29243-2012 | English | 819 |
Add to Cart
|
6 days [Need to translate]
|
Information security technology -- Specifications of delegated certification path construction and delegated validation for digital certificate
| Valid |
GB/T 29243-2012
|
PDF similar to GB/T 29243-2012
Basic data | Standard ID | GB/T 29243-2012 (GB/T29243-2012) | | Description (Translated English) | Information security technology -- Specifications of delegated certification path construction and delegated validation for digital certificate | | Sector / Industry | National Standard (Recommended) | | Classification of Chinese Standard | L80 | | Classification of International Standard | 35.040 | | Word Count Estimation | 37,373 | | Quoted Standard | GB/T 16263.1-2006; GB/T 16264.8-2005; RFC 3852 | | Regulation (derived from) | National Standards Bulletin No. 41 of 2012 | | Issuing agency(ies) | General Administration of Quality Supervision, Inspection and Quarantine of the People's Republic of China, Standardization Administration of the People's Republic of China | | Summary | This standard specifies the digital certificate path construction proxy authentication and proxy authentication to the concept of service and protocol requirements, and to meet the requirements in the agreement of agency service agreement. This standard a | GB/T 29243-2012: Information security technology -- Specifications of delegated certification path construction and delegated validation for digital certificate
---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order.
Information security technology. Specifications of delegated certification path construction and delegated validation for digital certificate
ICS 35.040
L80
National Standards of People's Republic of China
Information security technology digital certificate authentication proxy path
Construction norms and proxy authentication
Issued on. 2012-12-31
2013-06-01 implementation
Administration of Quality Supervision, Inspection and Quarantine of People's Republic of China
Standardization Administration of China released
Table of Contents
Introduction Ⅲ
Introduction Ⅳ
1 Scope 1
2 Normative references 1
3 Terms and definitions
4 Abbreviations 2
5 Agent Service 2
5.1 Services Basic Mode 2
Agent Certification Path Construction 5.2 2
5.3 Proxy Authentication 3
5.4 proxy service policy 3
6 Proxy service protocol requirements 4
6.1 Overview 4
6.2 proxy authentication protocol requires 4 Path Construction
6.3 Proxy authentication protocol requires 5
6.4 Policy query protocol requirements 6
6 7 Agent Services Agreement
7.1 Basic request/response message 6
7.2 policy configuration request/response message 26
Appendix A (informative) Basic principles of agency services 31
A.1 Overview 31
A.2 digital certificate authentication proxy path structure 31
A.3 digital certificate validation agent 31
Foreword
This standard was drafted in accordance with GB/T 1.1-2009 given rules.
This standard by the National Safety Standardization Technical Committee (SAC/TC260) and focal points.
This standard was drafted. CAS data protection and Communication Research and Education Center.
The main drafters of this standard. Xia Luning, Wang Qiongxiao, Jingji Wu, Jing Lin Qiang, to continue.
This standard was first formulated.
Introduction
With the promotion of "People's Republic of China Electronic Signature Law", the construction of the application of electronic authentication services and PKI system also entered
A new stage of development. At the same time, with the further development of the Internet, more types of terminal access network. For certain types of terminals,
Such as mobile phones, sensors, etc., due to limitations of its computing or communication resources, it is difficult to complete its certification path is constructed or independent verification certificate is required
PKI system provides agency services to assist in the completion of these two tasks.
For PKI relying party, the certificate authority certificate path construction and validation process is necessary, but the process required in the certificate
Find, locate revocation information, Certificate/CRL verification calculation, require larger bandwidth and computing resources consumption, limited computing or communication resources
There will be varying degrees of difficulty under the circumstances. Agent technology is an important way to solve these difficulties, the authentication certificate path construction or inspection certificate
Permit delegated to the proxy server, can greatly reduce the computational burden PKI client communication and consumption.
Acting certification path construction and proxy authentication are two different security level agency services. For proxy certification path construction, agent
Verify that the server returns the full path to the certificate required (including the certificate chain, CRL, OCSP communications messages, etc.), and then the client's own
authenticating. Under this approach can significantly reduce the communication cost the client, and does not require the client to trust the server; for proxy authentication,
Proxy servers are returned directly to verify the certificate is valid. In this way the client computational load and communication cost are significantly reduced,
But the client should trust the proxy server. To meet the needs of different security level of transactions, general requirements for PKI systems offer both
Different services.
This standard defines the agent certification path construction and proxy authentication to the service concept and protocol requirements, and according to the agreement required to give a
Species standardized client and server interaction agency services agreement.
Information security technology digital certificate authentication proxy path
Construction norms and proxy authentication
1 Scope
This standard specifies the digital certificate path construction and proxy authentication proxy authentication to service concept and protocol requirements, and to meet the protocol
Proxy service protocol requirements.
Implementation and application of this standard applies to the PKI system operators proxy agent certification path construction and validation services.
2 Normative references
The following documents for the application of this document is essential. For dated references, only the dated version suitable for use herein
Member. For undated references, the latest edition (including any amendments) applies to this document.
GB/T 16263.1-2006 Information technology - ASN.1 encoding rules Part 1. Basic Encoding Rules (BER), Canonical Encoding
Rules (CER) and Distinguished Encoding Rules (DER) specification
GB/T 16264.8-2005 Information technology - OSI Directory - Part 8. a public key and attribute certificate frameworks
RFC3852 password message syntax (CryptographicMessageSyntax, CMS)
3 Terms and Definitions
GB/T 16264.8-2005 and as defined in the following terms and definitions apply to this document.
3.1
Digital certificates proxy authentication delegatedvalidationfordigitalcertificate
Digital certificate authentication process by the proxy server for PKI relying party.
3.2
Proxy Authentication delegatedvalidation
Within the scope of this standard, and the "digital certificate proxy authentication", respectively.
3.3
Digital Certificate Authority certificate path construction delegatedcertificationpathconstructionfordigitalcertificate
By the proxy server digital certificate for the relying party PKI certification path construction process.
3.4
Agent Certification Path Construction delegatedcertificationpathconstruction
Within the scope of this standard, and the "digital certificate authentication proxy path structure" are synonymous.
3.5
Proxy authentication policy delegatedvalidationpolicy
Expression of a set of rules how proxy authentication execution.
3.6
Agent Certification Path Construction Policy delegatedcertificationpathconstructionpolicy
Expression of a set of rules on how the agent should perform certification path construction.
Tips & Frequently Asked Questions:Question 1: How long will the true-PDF of GB/T 29243-2012_English be delivered?Answer: Upon your order, we will start to translate GB/T 29243-2012_English as soon as possible, and keep you informed of the progress. The lead time is typically 4 ~ 6 working days. The lengthier the document the longer the lead time. Question 2: Can I share the purchased PDF of GB/T 29243-2012_English with my colleagues?Answer: Yes. The purchased PDF of GB/T 29243-2012_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet. Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countriesQuestion 4: Do you accept my currency other than USD?Answer: Yes. If you need your currency to be printed on the invoice, please write an email to [email protected]. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay.
|