|
US$1299.00 ยท In stock
Delivery: <= 8 days. True-PDF full-copy in English will be manually translated and delivered via email.
YD/T 2408-2021: Test methods for security capability of smart mobile terminal
Status: Valid YD/T 2408: Evolution and historical versions
| Standard ID | Contents [version] | USD | STEP2 | [PDF] delivered in | Standard Title (Description) | Status | PDF |
| YD/T 2408-2021 | English | 1299 |
Add to Cart
|
8 days [Need to translate]
|
Test methods for security capability of smart mobile terminal
| Valid |
YD/T 2408-2021
|
| YD/T 2408-2013 | English | 480 |
Add to Cart
|
0--9 seconds. Auto-delivery
|
Test methods for security capability of smart mobile terminal
| Obsolete |
YD/T 2408-2013
|
PDF similar to YD/T 2408-2021
Basic data | Standard ID | YD/T 2408-2021 (YD/T2408-2021) | | Description (Translated English) | Test methods for security capability of smart mobile terminal | | Sector / Industry | Telecommunication Industry Standard (Recommended) | | Classification of Chinese Standard | M13 | | Classification of International Standard | 33.040.40 | | Word Count Estimation | 64,633 | | Date of Issue | 2021-05-17 | | Date of Implementation | 2021-07-01 | | Issuing agency(ies) | Ministry of Industry and Information Technology | YD/T 2408-2013: Test methods for security capability of smart mobile terminal---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order.
Test methods for security capability of smart mobile terminal
ICS 33.060
M 36
YD
People 's Republic of China Communication Industry Standard
Test Method for Security Capability of Mobile Intelligent Terminal
2013-04-25 release
2013-11-01 implementation
Issued by the Ministry of Industry and Information Technology of the People 's Republic of China
Directory
Foreword
Introduction
1 Scope
2 normative reference documents
3 terms, definitions and abbreviations
3.1 Terms and definitions
3.2 Abbreviations
4 Mobile intelligent terminal security capability test method
4.1 Overview
4.2 mobile intelligent terminal hardware security capabilities
4.3 mobile intelligent terminal operating system security capabilities
4.4 Mobile intelligent terminal peripheral interface security capability
4.5 Mobile intelligent terminal application layer security
4.6 mobile intelligent terminal user data security protection
5 Mobile intelligent terminal function Restriction requirements Test method
references
Foreword
This standard is prepared in accordance with the rules given in GB/T 1.1-2009.
This standard is one of the standards for mobile intelligent terminal security, and the names and structures of this series of standards are expected to be as follows.
A) Design Guidelines for Safety Capability of Mobile Intelligent Terminals;
B) YD/T 2407-2013 "Mobile intelligent terminal security capability technical requirements";
D) YD/T 1886-2009 "Technical requirements and test methods for mobile terminal chip safety".
This standard is used in conjunction with the "mobile intelligent terminal security capabilities technical requirements" supporting the use.
This standard is proposed and centralized by China Communications Standardization Association.
The drafting of this standard. Ministry of Industry and Information Technology Telecommunications Research Institute, Beijing Spreadtrum Transtech Services Communication Technology Co., Ltd., Datang
Telecommunication Technology Industry Group.
The main drafters of this standard. Pan Juan, Guoxiao Ju, Hong Hongwei, Wang Kun, Li Yunfan, Yu Lu, Yuan Guangxiang, He Guili,
Shi Denian, Li Wei, Yu Huawei, Li Jianwei, Li Qian.
Introduction
With the extensive application of mobile intelligent terminals and the continuous expansion of functions, the security problems in the use of the process are more and more
Many users of concern. In recent years, malicious fees, eavesdropping, theft, location information leakage and other security incidents frequently, so that users
The mobile intelligent terminal security concerns, and thus affect the mobile smart terminals and mobile Internet applications. this
Standard, designed to improve the mobile intelligent terminal's own security capabilities, to prevent the mobile smart terminal on the
Security threats, to avoid the interests of users are damaged, while preventing mobile smart terminals on mobile communications network security is not
Influence.
This standard is "mobile intelligent terminal security capability technical requirements" supporting the test method. This standard is for technical requirements
Out of the technical indicators designed a corresponding, scientific test methods used to verify whether the mobile smart terminal to meet the technical requirements of the rules
Set the content. This standard can be used to manage the security capabilities of mobile intelligent terminals. Through this standard can be guaranteed from the perspective of test methods
Card mobile intelligent terminal security capability requirements of the implementation of the ground, and effectively improve the security capabilities of mobile intelligent terminals.
Test Method for Security Capability of Mobile Intelligent Terminal
1 Scope
This standard specifies the test method for the security capability of mobile intelligent terminals, including the mobile intelligent terminal hardware security capability test
Method, mobile intelligent terminal operating system security ability test method, mobile intelligent terminal peripheral interface security ability test method,
Mobile intelligent terminal application layer security ability test method, mobile intelligent terminal user data protection security ability test method.
This standard applies to a variety of standard mobile intelligent terminal, individual terms do not apply to special industries, professional applications. other
Terminal reference use.
2 normative reference documents
The following documents are indispensable for the application of this document. Note the date of the reference file, only the date of the date of the note
Apply to this document. For undated references, the latest edition (including all modifications) applies to this document.
Technical requirements and test methods for mobile terminal chip safety
Technical Requirements for Safety Capability of Mobile Intelligent Terminals YD/T 2407-2013
3 terms, definitions and abbreviations
3.1 Terms and definitions
The following terms and definitions apply to this document.
3.1.1
Mobile Smart Terminal Smart Mobile Terminal
Has access to mobile communication network capabilities, can provide application development interface of the open operating system, and can install and
A mobile terminal that runs third-party applications.
3.1.2
Security Capability
In the mobile intelligent terminal can be achieved, to prevent security threats of technical means.
3.1.3
User User
An object that uses mobile smart terminal resources, including human or third-party applications.
3.1.4
User Data User Data
The personal information stored on the mobile smart terminal, including the data generated locally by the user, is locally generated for the user
Into the data, after the user permission to enter the user data from the external data area.
3.1.5
Authorization Authorization
After the user identity is authenticated, according to the pre-set security policy, the process of granting the user the appropriate authority.
3.1.6
Digital Signature Digital Signature
Data attached to the data unit, or data obtained by cryptographic transformation of the data unit. Allow the recipient of the data
The source and integrity of the data, the protection of data is not tampered with, forged, and to ensure that the data is not denied.
3.1.7
Code Signature
A mechanism that uses a digital signature mechanism to sign all or part of a code by an entity with signed privileges.
3.1.8
Mobile Intelligent Terminal Operating System Operator System 0f Smart Mobile Terminal
Mobile intelligent terminal The most basic system software, it controls and manages various hardware and software resources of mobile intelligent terminal, and
Provides an interface for application development.
3.2 Abbreviations
The following abbreviations apply to this document.
CRL Certificate Revocation List Certificate Revocation List
LAWMO Lock and Wipe Management object Locking is erasing the managed object
OCSP Online Certificate Status Protocol
WLAN Wireless Local Area Network
4 Mobile intelligent terminal security capability test method
4.1 Overview
This chapter describes how to evaluate the various security capabilities of mobile smart terminals. Evaluation results are the following two;
- no abnormality. no safety risk or security incident was found by the evaluation method;
- does not meet the requirements. direct detection of security incidents or do not meet the safety requirements.
The requirements mentioned in this chapter are found in the requirements of YD/T 2407-2013 "Technical Requirements for Safety Requirements for Mobile Intelligent Terminals".
4.2 mobile intelligent terminal hardware security capabilities
To be determined.
4.3 mobile intelligent terminal operating system security capabilities
4.3.1 Security call control capability
4.3.1.1 Communication class function Control mechanism
4.3.1.1.1 Call the telephone control mechanism
Test number. 4.3.1.1.1
Test item. The control mechanism for making a call
Item Requirement. See YD/T 2407-2013 Section 5.3.1.1.1
Preset condition. The measured mobile intelligent terminal is in normal working condition
Test steps.
Step 1. Check whether the operating system of the mobile intelligent terminal under test provides the development function of making the call;
Step 2. If the mobile smart terminal operating system provides dial-up development capabilities, use this feature to develop a call
With procedures;
Step 3. Run the application to see if the terminal requires the user to confirm the call
expected outcome.
After step 1, if the mobile intelligent terminal operating system does not provide the development function of the call, the project evaluation result is
"No exception", the end of the evaluation;
After step 3, if the mobile intelligent terminal requires the user to confirm, the project evaluation result is "no abnormality", the evaluation result
bundle;
After step 3, if the mobile smart terminal does not require the user to confirm and successfully call, the project evaluation result is
"Does not meet the requirements", the evaluation is over
4.3.1.1.2 Three-party call control mechanism
Test No.. 4.3.1.1.2
Test items. controlled mechanisms for three-way calls
Item Requirement. See YD/T 2407-2013 Section 5.3.1.1.2
Preset condition. The measured mobile intelligent terminal is in normal working condition
Test steps.
Step 1. Check whether the operating system of the mobile intelligent terminal under test provides the development function of the three-way call;
Step 2. If the mobile smart terminal operating system provides three-party call development function, use this function to develop a three-party call
With procedures;
Step 3. Run the application to see if the terminal requires the user to confirm the three-party call
expected outcome.
After step 1, if the mobile intelligent terminal operating system does not provide the development function of the three-party call, the project evaluation result is
"No exception", the end of the evaluation;
After step 3, if the mobile intelligent terminal requires the user to confirm, the project evaluation result is "no abnormality", the evaluation result
bundle;
After step 3, if the mobile intelligent terminal does not require the user to confirm and successfully open the three-party call, the project evaluation result
As "does not meet the requirements", the evaluation is over
4.3.1.1.3 Send SMS controlled mechanism
Test number. 4.3.1.1.3
Test items. the control mechanism for sending text messages
Item Requirement. See YD/T 2407-2013 Section 5.3.1.1.3
Preset condition. The measured mobile intelligent terminal is in normal working condition
Test steps.
Step 1. Check whether the operating system of the mobile terminal under test is providing the development function of sending the SMS;
Step 2. If the mobile intelligent terminal operating system provides the development function of sending SMS, use this function to develop send SMS
With procedures;
Step 3. Run the application to see if the terminal requires the user to confirm sending text messages
expected outcome.
After step 1, if the mobile intelligent terminal operating system does not provide the development function of sending the message, the project evaluation result is
"No exception", the end of the evaluation;
After step 3, if the mobile intelligent terminal requires the user to confirm, the project evaluation result is "no abnormality", the evaluation result
bundle;
After step 3, if the mobile intelligent terminal does not require the user to confirm and successfully send the message, the project evaluation result is
"Does not meet the requirements", the evaluation is over
4.3.1.1.4 Send MMS controlled mechanism
Test number. 4.3.1.1.4
Test item. A controlled mechanism for sending multimedia messages
Item Requirement. See YD/T 2407-2013 Section 5.3.1.1.4
Preset condition. The measured mobile intelligent terminal is in normal working condition
Test steps.
Step 1. Check whether the operating system of the mobile terminal under test is providing the development function of sending MMS;
Step 2. If the mobile intelligent terminal operating system provides the development function of sending MMS, use this function to develop send MMS
With procedures;
Step 3. Run the application to see if the terminal requires the user to confirm sending a multimedia message
expected outcome.
After step 1, if the mobile intelligent terminal operating system does not provide the development function of sending the multimedia message, the project evaluation result is
"No exception, the end of the evaluation;
After step 3, if the mobile intelligent terminal requires the user to confirm, the project evaluation result is "no abnormality", the evaluation result
bundle;
After step 3, if the mobile intelligent terminal does not require the user to confirm and successfully send the multimedia message, the project evaluation result is
"Does not meet the requirements", the evaluation is over
4.3.1.1.5 Send mail controlled mechanism
Test number. 4.3.1.1.5
Test item. The managed mechanism for sending mail
Item Requirement. See YD/T 2407-2013 Section 5.3.1.1.5
Preset condition. The measured mobile intelligent terminal is in normal working condition
Test steps.
Step 1. Check whether the operating system of the mobile terminal under test is providing the development function of sending mail;
Step 2. If the mobile smart terminal operating system provides the development function of sending mail, use this function to develop send mail should
With procedures;
Step 3. Run the application to see if the terminal requires the user to confirm sending the message
expected outcome.
After step 1, if the mobile intelligent terminal operating system does not provide the development function of sending mail, the project evaluation result is
"No exception", the end of the evaluation;
After step 3, if the mobile intelligent terminal requires the user to confirm, the project evaluation result is "no abnormality", the evaluation result
bundle;
After step 3, if the mobile smart terminal does not require the user to confirm and successfully send the message, the project evaluation result is
"Does not meet the requirements", the evaluation is over
4.3.1.1.6 Mobile communication network data connection controlled mechanism
Test No.. 4.3.1.1.6.1
Test items. Mobile communication network data connection on/off switch
Item Requirement. See YD/T 2407-2013 Section 5.3.1.1.6
Preset condition. Measured mobile intelligent terminal Mobile communication network data connection is off
Test steps.
Step 1. Check whether the mobile intelligent terminal is set to provide mobile communication network data connection open I closed switch;
Step 2. If the mobile intelligent terminal provides a switch, use this switch to turn on the mobile communication network data connection;
Step 3. Use the switch to turn off the mobile communication network data connection
expected outcome.
In step 1, the switch should be able to find the switch on/off the mobile communication network data on the mobile intelligent terminal;
After step 2, the mobile communication network data connection of the mobile intelligent terminal under test is successfully opened;
After step 3, the mobile communication network data connection of the mobile intelligent terminal under test is successfully closed.
Mobile intelligent terminal to meet the above expected results, the project evaluation results for the "no exception", the other side of the project evaluation results
As "does not meet the requirements"
Test number. 4.3.1.1.6.2
Test project; mobile communication network data connection on/off control mechanism
Item Requirement. See YD/T 2407-20113 Section 5.3.1.1.6
Preset condition. Measured mobile intelligent terminal Mobile communication network data connection is off
Test steps.
Step 1. Check whether the operating system of the mobile terminal under test is providing mobile communication network Data connection on/off
Hair function
Step 2. If the mobile intelligent terminal operating system provides the development function of the mobile communication network data connection on/off,
Use this function to develop mobile communication network data connection open/close application;
Step 3. Run the application to open the mobile communication network data connection to see if the terminal requires the user to confirm the mobile communication network
The connection of the data connection is open
expected outcome.
After step 1, if the mobile intelligent terminal operating system does not provide the development function of the mobile communication network data connection open
The evaluation results of the project are "no exception", the evaluation is over;
After step 3, if the mobile intelligent terminal requires the user to confirm the opening of the data link of the mobile communication network, the project evaluation
The result is "no exception", the end of the evaluation;
After step 3, if the mobile intelligent terminal does not require the user to confirm and successfully open the mobile communication network data connection, then
Project evaluation results for the "non-compliance", the evaluation is over
Test number. 4.3.1.1.6.3
Test items. Mobile Transparent Network data connection status prompts
Item Requirement. See YD/T 2407-2013 Section 5.3.1.1.6
Preset condition. The mobile terminal of the mobile terminal is in the off state
Test steps.
Step 1. Open the mobile communication network data connection by moving the switch on the intelligent terminal operating system;
Step 2. Turn off the mobile communication network data connection by moving the switch on the intelligent terminal operating system;
Step 3. If the mobile intelligent terminal operating system provides the development function of the mobile communication network data connection,
4.3.1.1.6.2 developed in the mobile communication network data connection to open the application;
Step 4. Run the mobile communication network data connection to close the application
expected outcome.
In step 1, the mobile intelligent terminal should present the mobile communication network data connection to the user on the user's main interface.
State hints;
After step 1, the mobile intelligent terminal should present the mobile communication network data connection to the user on the user main interface.
State hints;
After step 2, the mobile intelligent terminal should present the mobile communication network data connection to the user on the user's main interface
State hints;
After step 3, the mobile intelligent terminal should present the mobile communication network data connection to the user on the user's main interface.
State hints;
After step 4, the mobile intelligent terminal shall present the mobile communication network data connection to the user on the user's main interface
State prompt.
Mobile intelligent terminal to meet the above expected results, the project evaluation results for the "no exception", the other side of the project evaluation results
As "does not meet the requirements"
Test No.. 4.3.1.1.6.4
Test item. Mobile communication network data transfer status prompt
Project requirements. see YD/T 2407- "2013 Section 5.3.1.1.6
Preset condition. The mobile terminal of the mobile terminal is on
Test steps.
Step 1. Run the preset application software on the mobile intelligent terminal to transmit the data through the mobile communication network.
Step 2. Turn off the running software;
Step 3. Run the third-party application software through the mobile communication network for data transfer
expected outcome.
In step 1, the mobile intelligent terminal should present the mobile communication network data connection to the user on the user's main interface.
State hints;
After step 1, the mobile intelligent terminal shall present the status of the mobile communication network data transmission to the user on the user's main interface.
Show;
After step 2, the mobile intelligent terminal should present the mobile communication network data connection to the user on the user's main interface.
State hints;
After step 3, the mobile intelligent terminal should present the status of the mobile communication network data transmission to the user on the user's main interface.
Show.
Mobile intelligent terminal to meet the above expected results, the project evaluation results for the "no exception", the other side of the project evaluation results
As "does not meet the requirements"
4.3.1.1.7 WLAN network connection controlled mechanism
Test No.. 4.3.1.1.7.1
Test items. WLAN network connection on/off switch
Item Requirement. See YD/T 2407-2013 Section 5.3.1.1.7
Preset condition. The mobile terminal of the measured mobile terminal is turned off
Test steps.
Step 1. Check whether the mobile smart terminal under test is to provide the WLAN network connection on/off switch;
Step 2. If the mobile smart terminal provides a switch, use this switch to turn on the WLAN network connection;
Step 3. Use the switch to turn off the Wi-Fi network connection
expected outcome.
In step 1, you should be able to find the switch on/off the WLAN network connection on the mobile intelligent terminal;
After step 2, the mobile network terminal of the mobile intelligent terminal is successfully opened;
After step 3, the mobile network terminal of the mobile intelligent terminal is successfully closed.
Mobile intelligent terminal to meet the above expected results, the project evaluation results for the "no exception", the other side of the project evaluation results
As "does not meet the requirements"
Test number. 4.3.1.1.7.2
Test item. The managed mechanism of the WLAN network connection on/off
Item Requirement. See YD/T 2407-2013...
Tips & Frequently Asked Questions:Question 1: How long will the true-PDF of YD/T 2408-2021_English be delivered?Answer: Upon your order, we will start to translate YD/T 2408-2021_English as soon as possible, and keep you informed of the progress. The lead time is typically 5 ~ 8 working days. The lengthier the document the longer the lead time. Question 2: Can I share the purchased PDF of YD/T 2408-2021_English with my colleagues?Answer: Yes. The purchased PDF of YD/T 2408-2021_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet. Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countriesQuestion 4: Do you accept my currency other than USD?Answer: Yes. If you need your currency to be printed on the invoice, please write an email to [email protected]. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay. Question 5: Should I purchase the latest version YD/T 2408-2021?Answer: Yes. Unless special scenarios such as technical constraints or academic study, you should always prioritize to purchase the latest version YD/T 2408-2021 even if the enforcement date is in future. Complying with the latest version means that, by default, it also complies with all the earlier versions, technically.
|