YD/T 2407-2021 (YD/T 2407-2013) PDF EnglishUS$160.00 · In stock · Download in 9 seconds
YD/T 2407-2013: Technical requirements for security capability of smart mobile terminal Delivery: 9 seconds. True-PDF full-copy in English & invoice will be downloaded + auto-delivered via email. See step-by-step procedure Status: Obsolete YD/T 2407: Historical versions
Similar standardsYD/T 2407-2013: Technical requirements for security capability of smart mobile terminal---This is an excerpt. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.), auto-downloaded/delivered in 9 seconds, can be purchased online: https://www.ChineseStandard.net/PDF.aspx/YDT2407-2013YD COMMUNICATION INDUSTRY STANDARD ICS 33.060 M 36 Technical requirements for security capability of smart mobile terminal (ITU-T X.msec-6.2012, Security aspects of smartphones, NEQ) Issued on: APRIL 25, 2013 Implemented on: NOVEMBER 1, 2013 Issued by. Ministry of Industry and Information Technology of the People 's Republic of China 3.No action is required - Full-copy of this standard will be automatically & immediately delivered to your EMAIL address in 0~60 minutes. Table of ContentsForeword... 3 Introduction... 4 1 Scope... 5 2 Normative references... 5 3 Terms, definitions and abbreviations... 5 4 Security capability framework and objectives of smart mobile terminal... 7 4.1 Security capability framework of smart mobile terminal... 7 4.2 Security objectives of smart mobile terminal... 7 5 Technical requirements for security capability of smart mobile terminal... 8 5.1 Basic requirements... 8 5.2 Hardware security capability requirements of smart mobile terminal... 9 5.3 Operating system security capability requirements of smart mobile terminal ... 9 5.4 Peripheral interface security capability requirements of smart mobile terminal... 12 5.5 Application layer security requirements of smart mobile terminal... 14 5.6 Requirements for security protection capability of smart mobile terminal user data... 16 6 Functional restriction requirements of smart mobile terminal... 17 7 Security capability grading of smart mobile terminal... 17 7.1 Overview... 17 7.2 Grading of security capability... 18 Annex A (Informative) Level-mark of security capability... 20 Bibliography... 22ForewordThis Standard was drafted in accordance with the rules given in GB/T 1.1-2009. This Standard uses redrafting method to modify and adopt ITU-T X.msec-6.2012 Security aspects of smartphones, a related advice of International Telecommunication Union (ITU). It is inequivalent to ITU-T X.msec-6. This Standard is one of the series of mobile intelligent terminal security series. The names and structures of this series are expected to be as follows. a) Guidelines for the design for security capability of smart mobile terminal; b) YD/T 2407-2013, Technical requirements for security capability of smart mobile terminal; c) YD/T 2408-2013, Test methods for security capability of smart mobile terminal; d) YD/T 1886-2009, Security requirements and test specification for SoC in mobile terminal. This Standard was proposed by and shall be under the jurisdiction of China Communications Standardization Association. The drafting organizations of this Standard. Ministry of Industry and Information Technology, Beijing Spreadtrum Hi-Tech Communications Technology Co., Ltd., Datang Telecom Technology & Industry Group. Main drafters of this Standard. Pan Juan, Kuang Xiaoxuan, Luo Hongwei, Wang Kun, Li Yunfan, Yu Lu, Yuan Guangxiang, He Guili, Shi Denian, Li Wei, Yu Huawei, Li Jianwei, Li Qian.IntroductionWith the extensive application of smart mobile terminals and the continuous expansion of functions, the security issues during the use are concerned by more and more users. In recent years, security incidents such as malicious charge, eavesdropping, theft record, location information leakage make user worry about the security of smart mobile terminals, which shall affect the development of smart mobile terminals and mobile Internet applications. The purpose of this Standard is to improve the smart mobile terminal's own security protection, to prevent a variety of security threats on smart mobile terminals, to protect users from interest damage, while preventing adverse effects on mobile communication network security caused by smart mobile terminals. The basic principle of this Standard is that the behavior and application on smart mobile terminal shall be in line with the user's wishes. This Standard does not specify specific implementation methods and measures to facilitate innovation and development. This Standard specifies the requirements to the security capability of smart mobile terminal, from five aspects. hardware security capability requirements, operating system security capability requirements, peripheral interface security capability requirements, application software security requirements, and user data security protection requirements. And it grades the security capability from basic security protection, difficulty of achievement, special security capability, so as to make the product has a specific quality, make it easy for consumer to choose. This Standard not only guides smart mobile terminals to preset application software more standardized and safer, but also guides smart mobile terminals to improve their own security capabilities, which shall make them perform security control on the third-party applications downloaded latter. Meanwhile, it can also prevent security impact on network caused by the preset malicious codes in smart mobile terminals. Technical requirements for security capability of smart mobile terminal1 ScopeThis Standard specifies the technical requirements for security capability of smart mobile terminal, including hardware security capability of smart mobile terminal, operating system security capability of smart mobile terminal, peripheral interface security capability of smart mobile terminal, application layer security requirements of smart mobile terminal, user data protection security capability of smart mobile terminal, etc. And it also grades the security capability. This Standard is applicable to various formats of smart mobile terminals. Individual terms do not apply to special industries, professional applications. Other terminals shall also refer to use.2 Normative referencesThe following referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies. YD/T 1699-2007, Information security technical specification for mobile terminal YD/T 1760-2012, Technical requirements for data exchange via peripheral interface of mobile terminal3 Terms, definitions and abbreviations3.1 Terms and definitions For the purposes of this document, the following terms and definitions apply. 3.1.1 Smart Mobile Terminal an open operating system capable of accessing a mobile communication network, capable of providing an application development interface, and a mobile terminal capable of installing and operating a third-party application software 3.1.2 Security Capability technical means that can be achieved in smart mobile terminal and can prevent security threats 3.1.3 User an object that uses smart mobile terminal’s resources, including human or third-party applications 3.1.4 User Data personal information stored on smart mobile terminal, including data generated locally by user, locally generated data for user, data coming into user data area from the outside after user's permission, etc. 3.1.5 Authorization a process of granting user the appropriate authority according to pre-set security policy after user’s identity is certified 3.1.6 Digital Signature data attached to data unit, or data obtained by cryptographic transformation of data unit; allowing the recipient of data to verify the source and integrity of data, protecting data from being tampered, forged, and ensuring that data is undeniable 3.1.7 Code Signature a mechanism that uses a digital signature mechanism to sign all or part of a code by an entity with signed permission 3.1.8 Operator System of Smart Mobile Terminal the most basic system software of smart mobile terminal; it controls and manages various hardware and software resources of smart mobile terminal and provides application development interfaces 3.1.9 Malicious Charge user economic losses caused by application software on the terminal without knowledge or authorization of user 3.2 Abbreviations - confirm every call of application software; - confirm the first call of application software; this confirmation shall be valid for a certain period of time and the confirmation shall be carried out separately for each call; - confirm the first installation or call of app... ......Source: Above contents are excerpted from the full-copy PDF -- translated/reviewed by: www.ChineseStandard.net / Wayne Zheng et al. |
