HOME   Cart(0)   Quotation   About-Us Tax PDFs Standard-List Powered by Google www.ChineseStandard.net Database: 189759 (12 Jan 2025)

GB/T 38660-2020 English PDF

GB/T 38660-2020_English: PDF (GB/T38660-2020)
Standard IDContents [version]USDSTEP2[PDF] delivered inStandard Title (Description)StatusPDF
GB/T 38660-2020English155 Add to Cart 0--9 seconds. Auto-delivery Identification system for internet of things -- Security mechanism for E-code identification system Valid GB/T 38660-2020


BASIC DATA
Standard ID GB/T 38660-2020 (GB/T38660-2020)
Description (Translated English) Identification system for internet of things -- Security mechanism for E-code identification system
Sector / Industry National Standard (Recommended)
Classification of Chinese Standard A24
Classification of International Standard 35.040
Word Count Estimation 9,948
Date of Issue 2020-03-31
Date of Implementation 2020-10-01
Quoted Standard GB/T 2887; GB/T 17963; GB/T 22239; GB/T 25064; GB/T 31866
Drafting Organization China Article Numbering Center, Beijing University of Posts and Telecommunications, Inner Mongolia Autonomous Region Standardization Institute, China Civil Aviation Information Network Co., Ltd., Beijing Oriental Jetma Technology Development Center, Shenzhen Institute of Standards and Technology, Beijing Jiaotong University
Administrative Organization National Technical Committee on Standardization of Article Coding (SAC/TC 287)
Proposing organization National Technical Committee on Standardization of Article Coding (SAC/TC 287)
Issuing agency(ies) State Administration for Market Regulation, National Standardization Administration
Summary This standard specifies the general requirements, coded data security, authentication and authorization, access control, interaction security, security assessment and management requirements for the Ecode identification system in the IoT identification system. This standard is applicable to the information security assurance in the construction and application of the Ecode identification system in the IoT identification system.


GB/T 38660-2020 GB NATIONAL STANDARD OF THE PEOPLE’S REPUBLIC OF CHINA ICS 35.040 A 24 Identification System for Internet of Things - Security Mechanism for Ecode Identification System ISSUED ON: MARCH 31, 2020 IMPLEMENTED ON: OCTOBER 1, 2020 Issued by: State Administration for Market Regulation; Standardization Administration of the People’s Republic of China. Table of Contents Foreword ... 3  1 Scope ... 4  2 Normative References ... 4  3 Terms and Definitions ... 4  4 Abbreviations ... 5  5 General Requirements for Security of Ecode Identification System ... 5  6 Security Requirements for Ecode Encoding Data ... 6  7 Identity Authentication and Authorization Requirements for Ecode Identification System ... 8  8 Access Control Requirements for Ecode Identification System... 9  9 Interaction Security Requirements for Ecode Identification System ... 10  10 Security Assessment Requirements for Ecode Identification System ... 10  11 Management Requirements for Ecode Identification System ... 12  Bibliography ... 13  Identification System for Internet of Things - Security Mechanism for Ecode Identification System 1 Scope This Standard specifies the general requirements, encoding data security, authentication and authorization, access control, interaction security, security assessment and management requirements for Ecode identification system in the identification system for Internet of Things. This Standard is applicable to information security assurance in the construction and application of Ecode identification system in the identification system for Internet of Things. 2 Normative References The following documents are indispensable to the application of this document. In terms of references with a specified date, only versions with a specified date are applicable to this document. In terms of references without a specified date, the latest version (including all the modifications) is applicable to this document. GB/T 2887 General Specification for Computer Field GB/T 17963 Information Technology - Open Systems Interconnection - Network Layer Security Protocol GB/T 22239 Information Security Technology - Baseline for Classified Protection of Cybersecurity GB/T 25064 Information Security Technology - Public Key Infrastructure - Electronic Signature Formats Specification GB/T 31866 Identification System for Internet of Things - Entity Code 3 Terms and Definitions What is defined in GB/T 31866, and the following terms and definitions are applicable to this document. 3.1 Security Mechanism for Ecode Identification System Security mechanism for Ecode identification system refers to a collection of assessment or certification of a nationally approved third-party institution. 5.3 Disaster Recovery Center The Ecode identification system disaster recovery center should select a location with good geological conditions. The disaster recovery center shall adopt remote disaster recovery and should not be in the same earthquake zone as the main center. 5.4 Security Audit Security audit shall include functions, such as: automatic response, data generation, audit analysis, review, event selection and event storage, etc. The audit log content shall include the time, type, subject identity and result of security event. 6 Security Requirements for Ecode Encoding Data 6.1 Ecode Encoding Data Storage The security of Ecode encoding data storage shall comply with the following requirements: a) The medium that stores Ecode encoding data shall be stable and reliable, and shall not be significantly affected by the physical conditions of the external environment; b) Mobile medium shall not be used to store or transfer Ecode encoding data; c) Technical processing shall be carried out on the medium, from which, Ecode encoding data has been deleted, so that the deleted data cannot be recovered; d) Authorization management shall be carried out on the storage medium entry and exit process, and corresponding records shall be retained. 6.2 Ecode Encoding Data Transmission The anti-interference, privacy, integrity and correctness of Ecode encoding data during the transmission process shall be guaranteed. See the specific requirements below: a) Necessary technical and management measures shall be taken to prevent interference of Ecode encoding data during the transmission. b) Necessary technical and management measures shall be taken to ensure the privacy of Ecode encoding data during the transmission. The network transmission of the Ecode identification system shall have the capability of preventing eavesdropping; security protocols, for example, HTTPS, should be adopted; digital certificates shall be installed. The security protection mechanism of the transmission protocol shall comply with the requirements established, which shall be respectively stored on media like disks, so as to facilitate data recovery when necessary; d) A regular transferred storage system of the Ecode database shall be established. In accordance with the Ecode encoding data transaction volume, the frequency of the transferred storage shall be determined. The strategy of real-time transferred storage should be adopted. 6.5 Ecode Identification System Sensitive Information Protection Necessary technical and management measures shall be taken to protect sensitive information of the Ecode identification system. See the specific requirements below: a) Sensitive information, such as: ID cards and business licenses, shall be stored and calculated in the Ecode identification system; data shall not be locally stored; b) The application and transferring process of sensitive information storage media shall be rigorously tracked and monitored, so as to prevent loss and information leakage; c) Without permission, the scope of data services must not be exceeded, and data must not be altered or transmitted. In addition, it is prohibited to display sensitive information in the Ecode identification system in plain text; d) Unified medium destruction tools shall be provided, which include, but are not limited to: physical destruction and degaussing equipment, so as to implement effective destruction of various media. 6.6 Ecode Encoding Verification Ecode encoding verification shall comply with the following requirements: a) In the Ecode encoding structure, the MD encoding method shall be complete and accurate; necessary verification mechanisms shall be adopted; b) Ecode encoding resolution system shall establish an Ecode encoding comparison and verification mechanism to compare and verify the resolved V, NSI and MD information with the original codewords in the database, so as to ensure the accuracy and consistency of the encoding. 7 Identity Authentication and Authorization Requirements for Ecode Identification System 7.1 Ecode Identification System Identity Authentication Management 9 Interaction Security Requirements for Ecode Identification System The consistency, integrity and non-repudiation of information during the interaction process shall be ensured. There shall be mechanisms to prevent attacks, such as: fraud, replay and counterfeiting, and ensure the privacy of data between the communicating parties. 10 Security Assessment Requirements for Ecode Identification System The security assessment of the Ecode identification system shall comply with the following requirements: a) A security assessment mechanism for the Ecode identification system shall be established; b) The security assessment mechanism shall be able to analyze the security risks of the Ecode identification system. Reasonable security function components shall be selected; a security profile of the Ecode identification system shall be established; c) An assessment method model library shall be established for the Ecode identification system. Appropriate models and methods may be adopted for the assessment, which include, but are not limited to: formalization, testing and expert assessment, etc.; d) In accordance with the security profile and corresponding assessment method of the Ecode identification system, the Ecode identification system information security protection and assessment specifications shall be formulated to guide the development, construction and application of the Ecode identification system; e) It shall be ensured that the protection level of the Ecode identification system complies with the requirements of GB/T 22239. A security assessment reference model of the Ecode identification system is shown in Figure 1, which includes the determination of security objectives, the formalization of security protection profiles, the decomposition of security function components and other assessment processes. The security objectives include four categories: the confidentiality, identifiability, controllability and availability of the Ecode identification system. 11 Management Requirements for Ecode Identification System 11.1 Registration Approval Mechanism The Ecode identification system shall add a registration approval mechanism. When users are applying for codes online, they shall submit corresponding materials to be used in the internal approval process of the management institution. 11.2 Security Management 11.2.1 Daily security management In the Ecode identification system, the daily security management shall comply with the following requirements: a) Establish a security management system for the daily management activities; b) Designate or authorize specialized personnel to take charge of the formulation and assessment of the security management system; c) Publish the security management system to relevant personnel in various forms, such as: paper documents and electronic documents, etc. 11.2.2 Software maintenance management The software maintenance management of the Ecode identification system shall comply with the following requirements: a) Store source files of software products on the media, for example, disks; compile detailed catalogs for the long-term preservation; b) Make two copies of important software. One shall be archived as the master copy, and the other shall be used as a backup; c) It shall be ensured that the modification of relevant software of the Ecode identification system will not impair the security of the system. 11.3 Personnel Management The Ecode identification system shall establish necessary personnel recruitment, assessment, security education and training, and external personnel access management systems, so as to ensure that the system hardware, software and data are not altered, leaked or destroyed due to accidental and malicious reasons. ......

Similar standards: GB/T 38662.2-2023  GB/T 38656-2020  
Similar PDFs (Auto-delivered in 9 seconds): GB/T 38660-2020  GB/T 38662-2020  GB/T 39852-2021  GB/T 33993-2017