PayPal, credit cards. Download editable-PDF & invoice In 1 second!
GB/T 36644-2018 English PDF (GBT36644-2018)
GB/T 36644-2018 English PDF (GBT36644-2018)
Precio habitual
$410.00 USD
Precio habitual
Precio de oferta
$410.00 USD
Precio unitario
/
por
Los gastos de envío se calculan en la pantalla de pago.
No se pudo cargar la disponibilidad de retiro
Delivery: 3 seconds. Download true-PDF + Invoice.
Get QUOTATION in 1-minute: Click GB/T 36644-2018
Historical versions: GB/T 36644-2018
Preview True-PDF (Reload/Scroll if blank)
GB/T 36644-2018: Information security technology -- Methods for obtaining security attestations for digital signature applications
GB/T 36644-2018
GB
NATIONAL STANDARD OF THE
PEOPLE’S REPUBLIC OF CHINA
ICS 35.040
L 80
Information security technology - Methods for
obtaining security attestations for digital signature
applications
ISSUED ON: SEPTEMBER 17, 2018
IMPLEMENTED ON: APRIL 01, 2019
Issued by: State Administration for Market Regulation;
Standardization Administration of PRC.
Table of Contents
Foreword ... 3
Introduction ... 4
1 Scope ... 5
2 Normative references ... 5
3 Terms and definitions ... 5
4 Abbreviations ... 7
5 Acquisition of security attestations for digital signature application ... 7
5.1 Overview ... 7
5.2 Acquisition of attestation of private key possession ... 9
5.2.1 Determined acquisition timeliness model of attestation of private key
possession at the time of proof ... 9
5.2.2 Undetermined acquisition timeliness model of attestation of private key
possession at the time of proof ... 10
5.2.3 The process of obtaining the attestation of private key possession ... 11
5.2.4 Specific acquisition flow of attestation of private key possession... 17
5.3 Obtain the security attestation of public key validity ... 24
5.3.1 General ... 24
5.3.2 Obtaining the attestation of public key validity ... 25
5.3.3 Verifier obtains a security attestation of public key validity ... 25
5.3.4 Verification process of public key validity ... 26
5.4 Obtain security attestation of the generation time of digital signature ... 26
5.4.1 General ... 26
5.4.2 Obtain attestation of signature timeliness from TTSA ... 26
5.4.3 Use the data provided by the verifier to obtain attestation of signature
generation time ... 42
Appendix A (Informative) Acquisition process of SM2 signature algorithm public
key validity ... 49
References ... 50
Information security technology - Methods for
obtaining security attestations for digital signature
applications
1 Scope
This standard specifies a set of methods for obtaining security attestations for
digital signature application, to standardize the process of security attestations
for digital signature application.
This standard is applicable to signature application scenarios that need to
provide the security of the digital signature generation process and have clear
requirements for the signature generation time.
2 Normative references
The following documents are indispensable for the application of this document.
For dated reference documents, only the dated version applies to this document.
For undated references, the latest version (including all amendments) applies
to this document.
GB/T 20520-2006 Information security technology - Public key infrastructure
- Time stamp specification
GB/T 25069-2010 Information security technology - Terminology
GB/T 32918.1-2016 Information security technology - SM2 elliptic curve
public key cryptography algorithm - Part 1: General rules
GB/T 32918.2-2016 Information security technology - SM2 elliptic curve
public key cryptography algorithm - Part 2: Digital signature algorithm
3 Terms and definitions
The terms and definitions as defined in GB/T 25069-2010 as well as the
following terms and definitions apply to this document.
3.1
includes: the acquisition of the security attestation of the attributes of the private
key, the acquisition of the security attestation of public key validity, the
acquisition of the security attestation of the generation time of the digital
signature.
The owner of the private key refers to the entity that is authorized to use the
private key in the public-private key pair for digital signature generation. The
generated digital signature can be verified by the corresponding public key.
Being authorized to use the private key to generate a signature does not mean
that the owner actually knows the correct private key. Therefore, before the
owner performs a digital signature, it is necessary to obtain a attestation of
private key possession.
According to the different generation methods of signature public-private key
pairs, the ways in which the private key is known can be divided into the
following five types:
a) The owner generates and maintains a public-private key pair; only the
owner knows the private key;
b) The owner generates a public-private key pair with the help of TTP;
however, the private key can only be known by the owner;
c) The public-private key pair is generated by TTP and provided to the owner;
the owner and TTP know the private key at the same time;
d) The public-private key pair is generated by the method a); then provided
to the TTP acting as the key server, so that the owner and the TTP know
the private key at the same time;
e) The public-private key pair is generated by means of b); then provided to
the TTP acting as the key server, so that the owner and the TTP acting as
the key server know the private key at the same time.
The latter three methods need to be established on the trust that TTP will not
generate a digital signature with a private key. The public-private key pair owner,
the signature verifier, other signature relying parties must be able to share this
trust. The methods c), d), e) have a lower level of credibility than the method a)
and b).
The usage scenarios of the attestation of private key possession are as follows:
●The owner of the public-private key pair needs to obtain a security
attestation of the attributes of the private key before or at the same time
the signature is generated;
●Before or at the same time, the verifier needs to obtain the security
t1 - The time when the relying party trusts the proof generation ahead of tG;
t2 - The time when the relying party trusts the proof generation lags of tG;
d - The difference between t1 and t2;
tA - The designated attestation time, which shall satisfy t1 ≤ tA ≤ t2. For
convenience, it may specify tA = t1, or tA = t2.
a, b, c, d are determined by the relying party of the signature or its organization,
considering the following factors:
●The values of a, b, c are determined according to the requirements of the
organization's policy on the security attestation of digital signatures; at the
same time, it shall also consider the difficulty of obtaining the attestation
of private key possession used;
●The value of d shall be less than half of the minimum value of a and b, that
is, d < 1/2 min (a, b), meanwhile the determination of d shall also consider
the error estimate of the signature acquisition time tG. In addition, the
determination of d also considers the time of secure transmission of the
security attestation on the network.
According to the estimated acquisition time tA of the attestation of private key
possession, the relying party can determine the proof level at different times.
As shown in Figure 2, at the time tA - (a - d) and tA + (b - d), the security
attestation obtained has a high or medium attestation level, which depends on
the process of obtaining the security attestation. After tA + (b - d), the attestation
level gradually decreases. At tA + (b - d) + c, the security attestation level drops
to a low level. After that, the security attestation level will remain low. If the policy
requires a high level of security attestation, then the security attestation needs
to be re-obtained.
See 5.2.4 for the determination of specific security attestation’s timeliness
model parameters.
5.2.3 The process of obtaining the attestation...
Get QUOTATION in 1-minute: Click GB/T 36644-2018
Historical versions: GB/T 36644-2018
Preview True-PDF (Reload/Scroll if blank)
GB/T 36644-2018: Information security technology -- Methods for obtaining security attestations for digital signature applications
GB/T 36644-2018
GB
NATIONAL STANDARD OF THE
PEOPLE’S REPUBLIC OF CHINA
ICS 35.040
L 80
Information security technology - Methods for
obtaining security attestations for digital signature
applications
ISSUED ON: SEPTEMBER 17, 2018
IMPLEMENTED ON: APRIL 01, 2019
Issued by: State Administration for Market Regulation;
Standardization Administration of PRC.
Table of Contents
Foreword ... 3
Introduction ... 4
1 Scope ... 5
2 Normative references ... 5
3 Terms and definitions ... 5
4 Abbreviations ... 7
5 Acquisition of security attestations for digital signature application ... 7
5.1 Overview ... 7
5.2 Acquisition of attestation of private key possession ... 9
5.2.1 Determined acquisition timeliness model of attestation of private key
possession at the time of proof ... 9
5.2.2 Undetermined acquisition timeliness model of attestation of private key
possession at the time of proof ... 10
5.2.3 The process of obtaining the attestation of private key possession ... 11
5.2.4 Specific acquisition flow of attestation of private key possession... 17
5.3 Obtain the security attestation of public key validity ... 24
5.3.1 General ... 24
5.3.2 Obtaining the attestation of public key validity ... 25
5.3.3 Verifier obtains a security attestation of public key validity ... 25
5.3.4 Verification process of public key validity ... 26
5.4 Obtain security attestation of the generation time of digital signature ... 26
5.4.1 General ... 26
5.4.2 Obtain attestation of signature timeliness from TTSA ... 26
5.4.3 Use the data provided by the verifier to obtain attestation of signature
generation time ... 42
Appendix A (Informative) Acquisition process of SM2 signature algorithm public
key validity ... 49
References ... 50
Information security technology - Methods for
obtaining security attestations for digital signature
applications
1 Scope
This standard specifies a set of methods for obtaining security attestations for
digital signature application, to standardize the process of security attestations
for digital signature application.
This standard is applicable to signature application scenarios that need to
provide the security of the digital signature generation process and have clear
requirements for the signature generation time.
2 Normative references
The following documents are indispensable for the application of this document.
For dated reference documents, only the dated version applies to this document.
For undated references, the latest version (including all amendments) applies
to this document.
GB/T 20520-2006 Information security technology - Public key infrastructure
- Time stamp specification
GB/T 25069-2010 Information security technology - Terminology
GB/T 32918.1-2016 Information security technology - SM2 elliptic curve
public key cryptography algorithm - Part 1: General rules
GB/T 32918.2-2016 Information security technology - SM2 elliptic curve
public key cryptography algorithm - Part 2: Digital signature algorithm
3 Terms and definitions
The terms and definitions as defined in GB/T 25069-2010 as well as the
following terms and definitions apply to this document.
3.1
includes: the acquisition of the security attestation of the attributes of the private
key, the acquisition of the security attestation of public key validity, the
acquisition of the security attestation of the generation time of the digital
signature.
The owner of the private key refers to the entity that is authorized to use the
private key in the public-private key pair for digital signature generation. The
generated digital signature can be verified by the corresponding public key.
Being authorized to use the private key to generate a signature does not mean
that the owner actually knows the correct private key. Therefore, before the
owner performs a digital signature, it is necessary to obtain a attestation of
private key possession.
According to the different generation methods of signature public-private key
pairs, the ways in which the private key is known can be divided into the
following five types:
a) The owner generates and maintains a public-private key pair; only the
owner knows the private key;
b) The owner generates a public-private key pair with the help of TTP;
however, the private key can only be known by the owner;
c) The public-private key pair is generated by TTP and provided to the owner;
the owner and TTP know the private key at the same time;
d) The public-private key pair is generated by the method a); then provided
to the TTP acting as the key server, so that the owner and the TTP know
the private key at the same time;
e) The public-private key pair is generated by means of b); then provided to
the TTP acting as the key server, so that the owner and the TTP acting as
the key server know the private key at the same time.
The latter three methods need to be established on the trust that TTP will not
generate a digital signature with a private key. The public-private key pair owner,
the signature verifier, other signature relying parties must be able to share this
trust. The methods c), d), e) have a lower level of credibility than the method a)
and b).
The usage scenarios of the attestation of private key possession are as follows:
●The owner of the public-private key pair needs to obtain a security
attestation of the attributes of the private key before or at the same time
the signature is generated;
●Before or at the same time, the verifier needs to obtain the security
t1 - The time when the relying party trusts the proof generation ahead of tG;
t2 - The time when the relying party trusts the proof generation lags of tG;
d - The difference between t1 and t2;
tA - The designated attestation time, which shall satisfy t1 ≤ tA ≤ t2. For
convenience, it may specify tA = t1, or tA = t2.
a, b, c, d are determined by the relying party of the signature or its organization,
considering the following factors:
●The values of a, b, c are determined according to the requirements of the
organization's policy on the security attestation of digital signatures; at the
same time, it shall also consider the difficulty of obtaining the attestation
of private key possession used;
●The value of d shall be less than half of the minimum value of a and b, that
is, d < 1/2 min (a, b), meanwhile the determination of d shall also consider
the error estimate of the signature acquisition time tG. In addition, the
determination of d also considers the time of secure transmission of the
security attestation on the network.
According to the estimated acquisition time tA of the attestation of private key
possession, the relying party can determine the proof level at different times.
As shown in Figure 2, at the time tA - (a - d) and tA + (b - d), the security
attestation obtained has a high or medium attestation level, which depends on
the process of obtaining the security attestation. After tA + (b - d), the attestation
level gradually decreases. At tA + (b - d) + c, the security attestation level drops
to a low level. After that, the security attestation level will remain low. If the policy
requires a high level of security attestation, then the security attestation needs
to be re-obtained.
See 5.2.4 for the determination of specific security attestation’s timeliness
model parameters.
5.2.3 The process of obtaining the attestation...
Share











