|
US$229.00 · In stock
Delivery: <= 3 days. True-PDF full-copy in English will be manually translated and delivered via email.
SFT0076-2020: (Electronic data storage technical specifications)
Status: Valid
| Standard ID | Contents [version] | USD | STEP2 | [PDF] delivered in | Standard Title (Description) | Status | PDF |
| SF/T 0076-2020 | English | 229 |
Add to Cart
|
3 days [Need to translate]
|
(Electronic data storage technical specifications)
| Valid |
SF/T 0076-2020
|
PDF similar to SFT0076-2020
Basic data | Standard ID | SF/T 0076-2020 (SF/T0076-2020) | | Description (Translated English) | (Electronic data storage technical specifications) | | Sector / Industry | Chinese Industry Standard (Recommended) | | Classification of Chinese Standard | A16 | | Classification of International Standard | 35.240.01 | | Word Count Estimation | 10,193 | | Date of Issue | 2020-05-29 | | Date of Implementation | 2020-05-29 | | Regulation (derived from) | Announcement of the Ministry of Justice (2020.05.29) | | Issuing agency(ies) | Ministry of Justice of the People's Republic of China | SFT0076-2020: (Electronic data storage technical specifications)---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order.
Technical specification for digital evidence preservation
ICS 35.240.01
A 16
SF
People's Republic of China judicial administration industry standards
Technical specifications for electronic data storage
2020-05-29 released
2020-05-29 implementation
Issued by the Ministry of Justice of the People's Republic of China
Table of contents
Foreword...II
1 Scope...1
2 Normative references...1
3 Terms and definitions...1
4 Electronic data storage service providers...2
5 Electronic data storage platform...2
6 Electronic data storage process...3
References...6
Foreword
This standard was drafted in accordance with the rules given in GB/T 1.1-2009.
Please note that certain contents of this document may involve patents. The issuing agency of this document is not responsible for identifying these patents.
This standard was proposed by the Forensic Science Research Institute.
This standard is under the jurisdiction of the Information Center of the Ministry of Justice.
Drafting organizations of this standard. Forensic Forensic Science Research Institute, the Third Research Institute of the Ministry of Public Security, Xiamen Meiya Pike Information Co., Ltd.
National Industrial Information Security Development Research Center, Chinese Academy of Sciences Software Research Institute, Shanghai Honglian Network Technology Co., Ltd.
The main drafters of this standard. Guo Hong, Shi Shaopei, Wu Songyang, Wang Yong, Pan Yan, Li Yan, Wen Jing, Ding Liping, Lu Daohong, Zhang He,
Lu Jianbin, Qian Zhigao, Zhang Huiji.
Technical specifications for electronic data storage
1 Scope
This standard specifies requirements for electronic data storage service providers, electronic data storage platforms and electronic data storage processes.
This standard applies to the standardized operation of electronic data storage.
2 Normative references
The following documents are indispensable for the application of this document. For dated reference documents, only the dated version applies to this document.
For undated references, the latest version (including all amendments) applies to this document.
GB/T 22239-2019 Information Security Technology Network Security Level Protection Basic Requirements
GB/T 35273-2020 Information Security Technology Personal Information Security Specification
GA/T 1568-2019 Forensic Science Electronic Evidence Inspection Terminology
3 Terms and definitions
GB/T 22239-2019, GB/T 35273-2020, GA/T 1568-2019 and the following terms and definitions apply to this article
Pieces.
3.1
Digital evidence preservation
Provide users with electronic data evidence storage and verification services via the Internet.
3.2
Digital evidence preservation provider
Institutions or organizations that provide electronic data storage services.
3.3
Digital evidence preservation user
Organizations or individuals using electronic data storage services.
3.4
Digital evidence preservation platform
Where electronic data storage service providers provide users with electronic data storage services in the form of websites, applications, and programming interfaces
Software or system.
3.5
Trusted timestamp
A sequence of characters that uniquely identifies a moment in time.
Note. This logo can not only identify the time when the behavior occurred, but also build a chain of evidence with time sequence through the sequence of time.
3.6
Blockchainblockchain
In a peer-to-peer network environment, through transparent and trustworthy rules, a block chain data structure that cannot be forged, tampered with, and traced is constructed
Structuring, realizing and managing transaction processing mode.
Note. Transaction processing includes but is not limited to the generation, access and use of trusted data.
[GB/T 37043-2018, definition 2.5.8]
4 Electronic data storage service provider
The electronic data storage service provider shall have technical personnel and professional capabilities commensurate with the scale of the service, and have a sound management mechanism.
system.
5 Electronic data storage platform
5.1 System Security
The electronic data storage platform should meet the basic requirements of the third level of GB/T 22239-2019.
5.2 Operating environment safety
5.2.1 The system or software of the electronic data storage platform shall operate stably 7×24 hours.
5.2.2 The physical equipment and environment used by the electronic data storage platform for data storage shall have a complete monitoring system.
5.2.3 The electronic data storage service provider shall take measures to ensure the security of the electronic data storage platform and prevent unauthorized access or damage.
There should be protective measures and emergency plans for unauthorized access or damage.
5.3 Storage security
The electronic data storage platform shall have the capability of redundant backup and storage expansion, as well as the capability of remote disaster tolerance.
5.4 Communication network security
The electronic data storage platform should be checked regularly to prevent network attacks, viruses and the use of network agents.
5.5 Data Security
5.5.1 The electronic data storage platform should use cryptographic technology that is certified and approved by the national cryptographic management authority to encrypt data.
And storage, and adopt the necessary protection mechanism for the key.
5.5.2 The electronic data storage platform shall promise to store content in compliance with relevant national regulations.
5.6 System software security
The electronic data storage service provider shall ensure that the systems and software involved in the electronic data storage and transmission process are fully controllable, and the system interfaces and
The system configuration is safe and reliable to avoid decompilation or tampering of the system code.
5.7 Data traceability
The electronic data storage platform shall ensure that the electronic data stored in the certificate can be verified and traced back.
5.8 Time can be trusted
The system time of the electronic data storage platform and the generated credible time identifier shall be time-served and punctual from the national credible time source.
5.9 System connection
5.9.1 When electronic data storage service providers provide programming interfaces to connect with other storage platforms or application systems, they shall
Evaluate the certification platform or application system to ensure that it meets the requirements of this standard.
5.9.2 When an electronic data storage service provider connects with other electronic data storage platforms or application systems such as courts and arbitrations, it shall comply with
Meet the requirements of the docking department.
5.10 Technical realization
The electronic data storage platform can use a variety of technologies to ensure the legal compliance of the process of generating, collecting, transmitting, storing and displaying electronic data.
The technologies used include but are not limited to.
a) Trusted computing technology;
b) Calibration technology;
c) Digital signature technology;
d) Electronic identity authentication technology;
e) Trusted timestamp technology;
f) Blockchain technology;
g) Encryption and decryption technology;
h) Smart contract technology;
i) Distributed storage and computing technology;
j) Cloud computing and big data technology;
k) Storage virtualization technology.
6 Electronic data storage process
6.1 General requirements
6.1.1 Before electronic data storage, the electronic data storage service provider shall verify the identity of users of the electronic data storage service. electronic
Data storage service users should check whether the hardware, software and network environment of the computer information system used for storage are reliable and safe, and
In a normal operating state, relevant information should also be recorded when conditions permit.
6.1.2 In the case of electronic data storage, users of electronic data storage services use websites and applications provided by electronic data storage service providers.
The program or programming interface shall simultaneously transmit the original text or integrity check value of the electronic data, and ancillary information to the electronic data storage platform.
6.1.3 The electronic data storage service provider shall record the hardware equipment information, software system information and network information of the electronic data storage platform
And process data, etc., and calculate the integrity check value of related information. Record the recorded data and the corresponding integrity check value at the same time.
6.1.4 If users of electronic data storage services need to perform original text storage, they should submit the original electronic data to the electronic data storage platform;
If the user of the sub-data storage certificate service does not need to carry out the original storage certificate, the electronic data storage platform shall inform the risk to prevent the user from breaking
Bad integrity leads to inability to verify and cause disputes.
6.2 Recorded data
6.2.1 The electronic data record that is deposited should have a unique deposit identification code.
6.2.2 The recorded electronic data record shall include the integrity check value of the deposited electronic data and the integrity check algorithm used.
6.2.3 The electronic data record for evidence shall include a credible time stamp.
6.2.4 The electronic data records deposited should be able to be associated with a specific user, that is, have the signature information of the specific user.
6.2.5 The electronic data record of the certificate shall include complete log information, the credible time identification of the key nodes in the certificate process, users, operation
Work content, object and storage path and other information.
6.2.6 Where the electronic data storage platform deposits the original text, the electronic data record for the deposit shall include the original text and ancillary information.
6.3 Transfer of Deposited Data
6.3.1 Identity authentication
Before users of electronic data storage service users transmit data, the electronic data storage platform shall conduct credible authentication of their identity and keep the authentication records.
record.
6.3.2 Encrypted transmission
The communication between users of electronic data storage services and electronic data storage service providers should adopt cryptographic technology to ensure data during transmission.
Confidentiality.
6.3.3 Transmission integrity verification
Verification technology should be used to verify the transmission data of electronic data storage service users and electronic data storage service providers to ensure
The integrity of the transmitted data.
6.4 Verification and verification results of recorded data
6.4.1 Verification of recorded data
The electronic data storage platform should provide multiple verification methods. No matter what method of storage is used, the electronic data storage platform should perform verification.
And give the verification result. The deposit verification methods of the electronic data deposit platform include.
a) Original document verification
If the user of the electronic data storage service deposits the original text and needs to verify the original text, the electronic data storage platform shall calculate the submitted
The integrity check value of the original electronic data is verified.
b) Non-textual deposit verification
If the user of the electronic data storage service does not store the original text but stores information such as the integrity check value of the original text, when verification is required, the original
The document and integrity check algorithm are submitted to the electronic data storage platform, and the electronic data storage platform calculates according to the original text submitted and the integrity check algorithm.
Calculate the integrity check value, search the integrity check value of the user's certificate, and verify it based on the search result.
6.4.2 Verification result
The electronic data storage platform shall provide verification results, which include but are not limited to.
a) Deposit identification code;
b) The original text of the electronic data deposited (if applicable);
c) The integrity check value of the certificate and the integrity check algorithm used;
d) Reliable time stamp;
e) Deposit user information;
f) Record log information;
g) Other ancillary information.
6.5 Data retrieval
6.5.1 The electronic data storage platform shall provide certified electronic data storage service users with conditions such as passing data keywords and time.
A service for retrieving the submitted evidence data.
6.5.2 The electronic data storage platform should not provide data retrieval services to uncertified electronic data storage service providers.
6.6 Privacy protection
The electronic data storage platform shall meet the requirements of GB/T 35273-2020 and meet the following requirements.
a) The electronic data storage platform should only collect and store the user's personal information necessary for the storage business;
b) Electronic data deposit service users can retrieve the deposit data submitted by them, and the search results can show complete deposit information;
c) The search results of other users of the electronic data deposit platform should not display the deposit information other than the deposit data;
d) The administrator of the electronic data storage platform retrieves the storage information of the user of the electronic data storage service, and all data access should be recorded
record. The search results should not show the complete evidence information, and the sensitive personal information should be de-identified.
Tips & Frequently Asked Questions:Question 1: How long will the true-PDF of SFT0076-2020_English be delivered?Answer: Upon your order, we will start to translate SFT0076-2020_English as soon as possible, and keep you informed of the progress. The lead time is typically 1 ~ 3 working days. The lengthier the document the longer the lead time. Question 2: Can I share the purchased PDF of SFT0076-2020_English with my colleagues?Answer: Yes. The purchased PDF of SFT0076-2020_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet. Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countriesQuestion 4: Do you accept my currency other than USD?Answer: Yes. If you need your currency to be printed on the invoice, please write an email to [email protected]. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay.
|