Search result: YD/T 2407-2021 (YD/T 2407-2013 Older version)
| Standard ID | Contents [version] | USD | STEP2 | [PDF] delivered in | Standard Title (Description) | Status | PDF |
| YD/T 2407-2021 | English | 509 |
Add to Cart
|
4 days [Need to translate]
|
Gasoline engine powered portable collecting and pulverizing cleaners
| Valid |
YD/T 2407-2021
|
| YD/T 2407-2013 | English | 160 |
Add to Cart
|
0--9 seconds. Auto-delivery
|
Technical requirements for security capability of smart mobile terminal
| Obsolete |
YD/T 2407-2013
|
| Standard ID | YD/T 2407-2021 (YD/T2407-2021) | | Description (Translated English) | (Technical requirements for security capabilities of mobile smart terminals) | | Sector / Industry | Telecommunication Industry Standard (Recommended) | | Classification of Chinese Standard | M36 | | Classification of International Standard | 33.060 | | Word Count Estimation | 23,260 | | Date of Issue | 2021-12-02 | | Date of Implementation | 2022-04-01 | | Older Standard (superseded by this standard) | YD/T 2407-2013 | | Regulation (derived from) | Ministry of Industry and Information Technology Announcement No. 33 of 2021 | | Summary | This standard specifies the technical requirements for the security capabilities of mobile smart terminals, including the hardware security capabilities, operating system security capabilities, peripheral interface security capabilities, application layer security requirements, and user data protection security capabilities of mobile smart terminals. Grading. This standard is applicable to mobile smart terminals of various standards. Individual clauses are not applicable to special industries and professional applications. Other terminals can also be used for reference. |
YD/T 2407-2013
YD
COMMUNICATION INDUSTRY STANDARD
OF THE PEOPLE’S REPUBLIC OF CHINA
ICS 33.060
M 36
Technical requirements for
security capability of smart mobile terminal
(ITU-T X.msec-6.2012, Security aspects of smartphones, NEQ)
ISSUED ON. APRIL 25, 2013
IMPLEMENTED ON. NOVEMBER 1, 2013
Issued by. Ministry of Industry and Information Technology of the
People 's Republic of China
3. No action is required - Full-copy of this standard will be automatically &
immediately delivered to your EMAIL address in 0~60 minutes.
Table of Contents
Foreword ... 3
Introduction ... 4
1 Scope ... 5
2 Normative references ... 5
3 Terms, definitions and abbreviations ... 5
4 Security capability framework and objectives of smart mobile terminal ... 7
4.1 Security capability framework of smart mobile terminal ... 7
4.2 Security objectives of smart mobile terminal ... 7
5 Technical requirements for security capability of smart mobile terminal ... 8
5.1 Basic requirements ... 8
5.2 Hardware security capability requirements of smart mobile terminal ... 9
5.3 Operating system security capability requirements of smart mobile terminal
... 9
5.4 Peripheral interface security capability requirements of smart mobile
terminal ... 12
5.5 Application layer security requirements of smart mobile terminal ... 14
5.6 Requirements for security protection capability of smart mobile terminal
user data ... 16
6 Functional restriction requirements of smart mobile terminal ... 17
7 Security capability grading of smart mobile terminal ... 17
7.1 Overview ... 17
7.2 Grading of security capability ... 18
Annex A (Informative) Level-mark of security capability ... 20
Bibliography ... 22
Foreword
This Standard was drafted in accordance with the rules given in GB/T
1.1-2009.
This Standard uses redrafting method to modify and adopt ITU-T
X.msec-6.2012 Security aspects of smartphones, a related advice of
International Telecommunication Union (ITU). It is inequivalent to ITU-T
X.msec-6.
This Standard is one of the series of mobile intelligent terminal security series.
The names and structures of this series are expected to be as follows.
a) Guidelines for the design for security capability of smart mobile terminal;
b) YD/T 2407-2013, Technical requirements for security capability of smart
mobile terminal;
c) YD/T 2408-2013, Test methods for security capability of smart mobile
terminal;
d) YD/T 1886-2009, Security requirements and test specification for SoC in
mobile terminal.
This Standard was proposed by and shall be under the jurisdiction of China
Communications Standardization Association.
The drafting organizations of this Standard. Ministry of Industry and
Information Technology, Beijing Spreadtrum Hi-Tech Communications
Technology Co., Ltd., Datang Telecom Technology & Industry Group.
Main drafters of this Standard. Pan Juan, Kuang Xiaoxuan, Luo Hongwei,
Wang Kun, Li Yunfan, Yu Lu, Yuan Guangxiang, He Guili, Shi Denian, Li Wei,
Yu Huawei, Li Jianwei, Li Qian.
Introduction
With the extensive application of smart mobile terminals and the continuous
expansion of functions, the security issues during the use are concerned by
more and more users. In recent years, security incidents such as malicious
charge, eavesdropping, theft record, location information leakage make user
worry about the security of smart mobile terminals, which shall affect the
development of smart mobile terminals and mobile Internet applications. The
purpose of this Standard is to improve the smart mobile terminal's own
security protection, to prevent a variety of security threats on smart mobile
terminals, to protect users from interest damage, while preventing adverse
effects on mobile communication network security caused by smart mobile
terminals.
The basic principle of this Standard is that the behavior and application on
smart mobile terminal shall be in line with the user's wishes. This Standard
does not specify specific implementation methods and measures to facilitate
innovation and development. This Standard specifies the requirements to the
security capability of smart mobile terminal, from five aspects. hardware
security capability requirements, operating system security capability
requirements, peripheral interface security capability requirements,
application software security requirements, and user data security protection
requirements. And it grades the security capability from basic security
protection, difficulty of achievement, special security capability, so as to make
the product has a specific quality, make it easy for consumer to choose. This
Standard not only guides smart mobile terminals to preset application
software more standardized and safer, but also guides smart mobile terminals
to improve their own security capabilities, which shall make them perform
security control on the third-party applications downloaded latter. Meanwhile,
it can also prevent security impact on network caused by the preset malicious
codes in smart mobile terminals.
Technical requirements for
security capability of smart mobile terminal
1 Scope
This Standard specifies the technical requirements for security capability of
smart mobile terminal, including hardware security capability of smart mobile
terminal, operating system security capability of smart mobile terminal,
peripheral interface security capability of smart mobile terminal, application
layer security requirements of smart mobile terminal, user data protection
security capability of smart mobile terminal, etc. And it also grades the
security capability.
This Standard is applicable to various formats of smart mobile terminals.
Individual terms do not apply to special industries, professional applications.
Other terminals shall also refer to use.
2 Normative references
The following referenced documents are indispensable for the application of
this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including
any amendments) applies.
YD/T 1699-2007, Information security technical specification for mobile
terminal
YD/T 1760-2012, Technical requirements for data exchange via peripheral
interface of mobile terminal
3 Terms, definitions and abbreviations
3.1 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
3.1.1 Smart Mobile Terminal
an open operating system capable of accessing a mobile communication
network, capable of providing an application development interface, and a
mobile terminal capable of installing and operating a third-party application
software
3.1.2 Security Capability
technical means that can be achieved in smart mobile terminal and can
prevent security threats
3.1.3 User
an object that uses smart mobile terminal’s resources, including human or
third-party applications
3.1.4 User Data
personal information stored on smart mobile terminal, including data
generated locally by user, locally generated data for user, data coming into
user data area from the outside after user's permission, etc.
3.1.5 Authorization
a process of granting user the appropriate authority according to pre-set
security policy after user’s identity is certified
3.1.6 Digital Signature
data attached to data unit, or data obtained by cryptographic transformation
of data unit; allowing the recipient of data to verify the source and integrity of
data, protecting data from being tampered, forged, and ensuring that data is
undeniable
3.1.7 Code Signature
a mechanism that uses a digital signature mechanism to sign all or part of a
code by an entity with signed permission
3.1.8 Operator System of Smart Mobile Terminal
the most basic system software of smart mobile terminal; it controls and
manages various hardware and software resources of smart mobile terminal
and provides application development interfaces
3.1.9 Malicious Charge
user economic losses caused by application software on the terminal without
knowledge or authorization of user
3.2 Abbreviations
- confirm every call of application software;
- confirm the first call of application software; this confirmation shall be
valid for a certain period of time and the confirmation shall be carried out
separately for each call;
- confirm the first installation or call of app...
......
|