GB/T 34953.1-2017 PDF English
US$150.00 · In stock · Download in 9 secondsGB/T 34953.1-2017: Information technology -- Security techniques -- Anonymous entity authentication -- Part 1: General Delivery: 9 seconds. True-PDF full-copy in English & invoice will be downloaded + auto-delivered via email. See step-by-step procedureStatus: Valid
| Standard ID | Contents [version] | USD | STEP2 | [PDF] delivery | Name of Chinese Standard | Status |
| GB/T 34953.1-2017 | English | 150 |
Add to Cart
|
0-9 seconds. Auto-delivery
|
Information technology -- Security techniques -- Anonymous entity authentication -- Part 1: General
| Valid |
Excerpted PDFs (Download full copy in 9 seconds upon purchase)PDF Preview: GB/T 34953.1-2017
GB/T 34953.1-2017: Information technology -- Security techniques -- Anonymous entity authentication -- Part 1: General
---This is an excerpt. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.), auto-downloaded/delivered in 9 seconds, can be purchased online: https://www.ChineseStandard.net/PDF.aspx/GBT34953.1-2017
Information technology - Security techniques - Anonymous entity authentication - Part 1.General
ICS 35.040
L80
National Standards of People's Republic of China
Information technology security technology anonymous entity authentication
Part 1.General
2017-11-01 released
2018-05-01 Implementation
General Administration of Quality Supervision, Inspection and Quarantine of the People's Republic of China
Issued by China National Standardization Administration
Table of Contents
Foreword Ⅰ
Introduction Ⅱ
1 Scope 1
2 Terms and definitions 1
3 Symbols and abbreviations 3
4 Anonymous entity identification model 3
5 General requirements and restrictions 4
6 Anonymous management 4
Reference 6
Preface
GB/T 34953 "Information Technology Security Technology Anonymous Entity Identification" is divided into four parts.
---Part 1.General Provisions;
---Part 2.Mechanism based on group public key signature;
---Part 3.Mechanism based on blind signature;
---Part 4.Mechanism based on weak secrets.
This part is Part 1 of GB/T 34953.
This section was drafted in accordance with the rules given in GB/T 1.1-2009.
The translation method used in this part is equivalent to the ISO /IEC.20009-1.2013 "Information Technology Security Technology Anonymous Entity Authentication No. 1
Part. General Provisions.
Please note that certain contents of this document may involve patents. The issuing agency of this document is not responsible for identifying these patents.
This part is proposed and managed by the National Information Security Standardization Technical Committee (SAC/TC260).
Drafting organizations of this section. Xi'an Xidian Jietong Wireless Network Communication Co., Ltd., National Engineering Laboratory of Wireless Network Security Technology,
WAPI Industry Alliance, Chongqing University of Posts and Telecommunications, Commercial Cryptographic Testing Center of State Cryptography Administration, Testing Center of National Radio Monitoring Center, China
National Institute of Electronic Technology Standardization, Tianjin Radio Monitoring Station, Peking University Shenzhen Graduate School, Chinese People’s Liberation Army Information Security Survey
Evaluation and Certification Center, Beijing Institute of Computer Technology and Application, Fujian Radio Monitoring Station, National Information Technology Security Research Center, Beijing Digital
Word Certification Co., Ltd., Shanghai Research Institute of China Telecom Co., Ltd., Broadband Wireless IP Standard Working Group of the Ministry of Industry and Information Technology.
The main drafters of this section. Du Zhiqiang, Cao Jun, Long Zhaohua, Huang Zhenhai, Li Dawei, Song Qizhu, Li Qin, Zhang Lulu, Li Ming, Tie Manxia,
Zhang Bianling, Xu Yuna, Li Nan, Zhu Yuesheng, Li Guangsen, Yan Xiang, Zhang Guoqiang, Tong Weigang, Wan Hongtao, Wang Yuehui, Gao Delong, Zhu Zhengmei, Chen Zhiyu,
Ge Peiqin, Hou Pengliang, Xu Fuming, Gao Bo, Zheng Li.
introduction
Verifying the legitimacy of communication participants is one of the most important cryptographic services. There are multiple encryption mechanisms to support this service, for example,
The entity authentication mechanism specified by ISO /IEC 9798 and the digital signature mechanism specified by ISO /IEC 9796 and ISO /IEC 14888.
Anonymous authentication communication includes hiding the identity of the authenticated entity from the correspondent and/or third party, while retaining the ability to enable the verifier to determine its identity.
The communication peer is a legal attribute. An anonymous entity authentication mechanism is designed to support these anonymous communications. This mechanism is defined as inter-entity
The exchange of information, when needed, these exchanges will involve a trusted third party.
In the anonymous entity authentication mechanism, the authenticated entity (the claimant) provides evidence to the verifier, which proves that the claimant knows the secret and does not
It will disclose the identity of the claimant to any unauthorized entity, that is, through the complete information exchanged between the claimant and the verifier, the
The right entity cannot discover the identity of the entity to be verified (that is, the claimant). At the same time, the verifier can have certain attributes of the claimant (such as scheduled
Group membership) to ensure the authenticity of the claimant. However, even an authorized verifier cannot be authorized to obtain
The identity of other entities. The anonymous entity authentication mechanism allows the authorized party to perform the opening process, which enables the authorized party to obtain the generated signature.
The identity of the entity of the name. The mechanism that allows it to be opened is called the partial anonymous entity authentication mechanism.
Anonymous entity authentication can be applied in many scenarios, such as e-commerce, e-voting, and e-identity (e.g., e-driving license, e-health
Certificates and e-passports), social networks, mobile payments, and trusted computing. In many such services, the customer’s personally identifiable information
(PII) is disclosed to the service provider as part of the authentication process. As a result, service providers may use PII for other purposes,
But not necessarily interested in PII itself. One way to restrict service providers from obtaining PII is to use an anonymous authentication mechanism. Anonymous entity authentication
See ISO /IEC 29191 Appendix A for other use cases.
GB/T 34953 is composed of multiple parts, which respectively stipulate the general model and mechanism of anonymous entity authentication. This part mainly stipulates the secret
The model of name entity authentication, the details of the anonymous entity authentication mechanism and the authentication interaction message are not within the scope of this part, and will be carried out by other parts
specification.
Information technology security technology anonymous entity authentication
Part 1.General
1 Scope
This part of GB/T 34953 specifies the model, requirements and agreement of an anonymous entity authentication mechanism used to verify the legitimacy of an entity.
Bundle condition.
2 Terms and definitions
The following terms and definitions apply to this document.
2.1
Anonymity strength
An unauthorized entity can determine the probability of the true signer from a given signature.
Note. The anonymity strength of n means that the probability that an unauthorized entity can correctly guess the real signer from a signature is 1/n.
[ISO /IEC.20008-1.2013]
2.2
Anonymous entity authentication
Prove that an entity has certain properties, but not distinguish the entity from other entities that have the same properties
come out.
2.3
Anonymous digital signature
It can be verified using a group public key or multiple public keys, and it is not chased by unauthorized entities including the verifier of the signature.
The signature of the distinguishable identifier traced to the signer.
[ISO /IEC.20008-1.2013]
2.4
Question
A data item randomly selected by the verifier and sent to the claimant, and the claimant uses this data item together with the secret information it possesses to generate it to
The verifier's response.
[ISO /IEC 9798-1.2010]
4 Anonymous entity identification model
Figure 1 Anonymous entity identification model
Figure 1 shows the general model of the anonymous entity authentication mechanism. The entity and message interaction in this model is not for all authentication mechanisms.
Both are required.
For the anonymous entity authentication mechanism described in other parts of GB/T 34953, such as one-way anonymous authentication, entity A is used as the claim
Party, entity B is the verifier. In the two-way anonymous authentication mechanism, entity A and entity B simultaneously assume the roles of claimant and verifier.
In the one-way anonymous two-way authentication mechanism, entity A and entity B assume the roles of claimant and verifier at the same time. The difference is that the authentication mechanism
It is anonymous in one direction and non-anonymous in the other direction (for example, A verifies the valid identity of B, and B only verifies that A belongs to one
Member of a predefined entity group.)
The role of TTP depends on the type of mechanism that uses it. Some mechanisms may not use trusted third parties. As an option, TTP
Can participate in the authentication process in an offline manner, for example, before using a mechanism, provide one or both of A and B for authentication
Information to support the use of this mechanism. As an optional third party, TTP may actively pass and identify one of the entities or
The two parties exchange information to participate in the authentication mechanism. TTP may also participate in the opening process or linking process. If TTP participates, no matter
Online or offline, both parties participating in the anonymous authentication mechanism must trust it.
In order to achieve the purpose of anonymous entity identification, entities generate and exchange standardized messages, which are called tokens. One-way anonymous authentication
At least one token needs to be exchanged, and at least two tokens need to be exchanged for two-way anonymous authentication. If a challenge must be used to initiate an anonymous entity authentication
Otherwise, additional message interaction may be required. If a trusted third party participates in authentication, additional message interaction may also be required.
In Figure 1, the arrows indicate the potential flow of information. Entity A and Entity B can interact directly, or they can use trusted third parties respectively.
Information issued by the party.
The anonymous entity authentication mechanism is composed of a message exchange, and the verifier is based on the certain attributes (such as predefined
(Group membership) as evidence to identify the authenticity of the claimant. The evidence is obtained by examining secret information that only real entities can possess.
Obtained after changing the line password. In addition, some mechanisms also allow the claimant to indicate to the verifier that it possesses in addition to being owned by a truly authorized entity.
Some attributes other than some attributes.
The specific details of the GB/T 34953 anonymous entity authentication mechanism will be regulated in the subsequent part.
5 General requirements and restrictions
In order for one entity (i.e. verifier) to anonymously identify another entity (i.e. claimant), both the claimant and the verifier should use
Use a public collection of cryptographic techniques and parameters.
In the process of using the key, the value of all time-varying parameters cannot be repeated (such as timestamp, sequence number, and random number), or at least pressure
The inverted probability will not repeat.
Assume that in the process of using the anonymous entity authentication mechanism, both entity A and entity B know the state that each other claims, that is, the sound
Which group member the claimant is claiming, and whether the claimant’s additional characteristics are proven to be correct. The claimed state can be from two
The interactive information of each entity (including the data string generated by the cryptographic operation) is obtained, or is derived from the environment used by the mechanism.
The authenticity of the claimant's identity is only verified when the anonymous entity authenticates the message exchange. To ensure that the claimant and verifier subsequently interact
The authenticity of the data, the information exchange process of the anonymous entity authentication mechanism should be carried out by means of secure communication (such as the use of digital signatures or
Information authentication code to ensure the integrity of communication data, the key, public key/private key pair used are all generated from the anonymous entity authentication mechanism).
If partial anonymous authentication is required, the claimant must provide sufficient data during the authentication exchange process to ensure subsequent authorization.
The body performs the opening process.
6 Anonymous management
The anonymity of an entity is determined by the characteristics of the anonymous entity authentication mechanism it uses and the environment in which the mechanism is used. For example, such as
If the entity has a property obtained from its use environment and the property is owned by only two entities, the degree of anonymity owned by the entity
Is extremely limited. This gives rise to the concept of anonymity strength, which is used to represent the size of the collection to which an entity belongs. In the above example, a
The anonymity strength of an entity with a unique attribute is 2.
In some cases, a mechanism can be used to revoke the anonymity of entities participating in an anonymous authentication session, and this revocation can be complete.
Full or partial. Linking and opening are two specific measures to reduce anonymity. Linking is a process.
Body execution. Through the linking process, two or more anonymous entity authentication entities will be proved to be performed by the same entity, which is obvious
Reduced anonymity. The opening process is executed by an authorized entity called the opening party, which can obtain a specific anonymous authentication mechanism instance
The identity of the participant, which shows that the anonymity of the entity has completely disappeared, at least for the opening party. What needs special explanation is,
Not all mechanisms need to support linking and opening. An anonymous entity authentication mechanism that allows authorized entities to open is called partial hidden
Name authentication mechanism. An anonymous entity authentication mechanism that allows an authorized entity to open but the opener does not have the link capability is called partial hidden
Name, partly unlinkable authentication mechanism.
......
Source: Above contents are excerpted from the full-copy PDF -- translated/reviewed by: www.ChineseStandard.net / Wayne Zheng et al.
Tips & Frequently Asked QuestionsQuestion 1: How long will the true-PDF of English version of GB/T 34953.1-2017 be delivered?Answer: The full copy PDF of English version of GB/T 34953.1-2017 can be downloaded in 9 seconds, and it will also be emailed to you in 9 seconds (double mechanisms to ensure the delivery reliably), with PDF-invoice. Question 2: Can I share the purchased PDF of GB/T 34953.1-2017_English with my colleagues?Answer: Yes. The purchased PDF of GB/T 34953.1-2017_English will be deemed to be sold to your employer/organization who actually paid for it, including your colleagues and your employer's intranet. Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countriesQuestion 4: Do you accept my currency other than USD?Answer: Yes. www.ChineseStandard.us -- GB/T 34953.1-2017 -- Click this link and select your country/currency to pay, the exact amount in your currency will be printed on the invoice. Full PDF will also be downloaded/emailed in 9 seconds. How to buy and download a true PDF of English version of GB/T 34953.1-2017?A step-by-step guide to download PDF of GB/T 34953.1-2017_EnglishStep 1: Visit website https://www.ChineseStandard.net (Pay in USD), or https://www.ChineseStandard.us (Pay in any currencies such as Euro, KRW, JPY, AUD).
Step 2: Search keyword "GB/T 34953.1-2017".
Step 3: Click "Add to Cart". If multiple PDFs are required, repeat steps 2 and 3 to add up to 12 PDFs to cart.
Step 4: Select payment option (Via payment agents Stripe or PayPal).
Step 5: Customize Tax Invoice -- Fill up your email etc.
Step 6: Click "Checkout".
Step 7: Make payment by credit card, PayPal, Google Pay etc. After the payment is completed and in 9 seconds, you will receive 2 emails attached with the purchased PDFs and PDF-invoice, respectively.
Step 8: Optional -- Go to download PDF.
Step 9: Optional -- Click Open/Download PDF to download PDFs and invoice.
See screenshots for above steps: Steps 1~3 Steps 4~6 Step 7 Step 8 Step 9
|