GB/T 15843.3-2016 English PDF (GBT15843.3-2016)
GB/T 15843.3-2016 English PDF (GBT15843.3-2016)
GB/T 15843.3-2016: Information technology -- Security techniques -- Entity authentication -- Part 3: Mechanisms using digital signature techniques
Information technology - Security techniques - Entity authentication - Part 3.Mechanisms using digital signature techniques ICS 35.040
National Standards of People's Republic of China
Replace GB/T 15843.3-2008
Information technology security technology entity authentication
Part 3.Mechanisms using digital signature technology
General Administration of Quality Supervision, Inspection and Quarantine of the People's Republic of China Issued by China National Standardization Administration
Table of contents
1 Scope 1
2 Normative references 1
3 Terms, definitions and symbols 1
4 Requirements 1
5 Mechanism 2
5.1 Overview 2
5.2 One-way authentication 2
5.3 Mutual authentication 3
6 Mechanism for introducing online trusted third parties 6
6.1 Overview 6
6.2 Five passes to authenticate TePA-A (initiated by entity A) 6
6.3 Five passes to authenticate TePA-B (initiated by entity B) 8
Appendix A (informative appendix) Use of text fields 10
Appendix B (Normative Appendix) OID and ASN.1 Notation 11
B.1 Formal definition 11
B.2 Use of subsequent object identifiers 11
B.3 Coding example based on basic coding rules 11
GB/T 15843 "Information Technology Security Technical Entity Identification" is currently divided into five parts. ---Part 1.Overview;
---Part 2.The mechanism of using symmetric encryption algorithms;
---Part 3.The mechanism of using digital signature technology;
---Part 4.Using the mechanism of password verification function;
---Part 5.The mechanism of adopting zero-knowledge technology.
This part is Part 3 of GB/T 15843.
This section was drafted in accordance with the rules given in GB/T 1.1-2009. This Part replaces GB/T 15843.3-2008 "Information Technology Security Technology Entity Authentication Part 3.Using Digital Signature Technology The mechanism of technology. Compared with GB/T 15843.3-2008, the main technical changes in this part are as follows. ---Added an authentication mechanism for introducing online trusted third parties (see Chapter 6); ---Added OID and ASN.1 syntax (see Appendix B).
Among them, the relevant chapters and articles involved in the amendment of GB/T 15843.3-2008 are as follows. Modified item number GB/T 15843.3-2008 chapter number modification description 1 Chapter 1 replaces the third paragraph of Chapter 1
2 Chapter 3 adds three term descriptions at the end of Chapter 3
3 Add chapter 6 after chapter 5
4 Appendix A replaces the first paragraph of Appendix A
5 Add Appendix B after Appendix A
The translation method used in this part is equivalent to the ISO /IEC 9798-3.1998 "Information Technology Security Technical Entity Authentication Part 3. The Mechanism of Using Digital Signature Technology and Amd.1.2010 "Information Technology Security Technology Entity Authentication Part 3.Using Digital The mechanism of signature technology No. 1 amendment. the introduction of an online trusted third-party authentication mechanism", only editorial changes. This part is proposed and managed by the National Information Security Standardization Technical Committee (SAC/TC260). The main drafting units of this section. Xi'an Xidian Jietong Wireless Network Communication Co., Ltd., and the State Cryptography Administration Center, State Key Laboratory of Information Security, China Electronics Standardization Institute, National Radio Monitoring Center Testing Center, Xi’an Electronics University of Technology, Xi'an University of Posts and Telecommunications, Guangzhou Jiesai Technology Co., Ltd., Shenzhen Minghua Aohan Technology Co., Ltd., China Information Security Certification Center, National Information Security Engineering Technology Research Center, National Computer Network Emergency Technology Processing Coordination Center, National Information Technology Security Full Research Center, the First Research Institute of the Ministry of Public Security, the Communication Metrology Center of the Ministry of Industry and Information Technology, the Information Security Level Protection Evaluation Center of the Ministry of Public Security, University of Defense Technology, Beijing Municipal Affairs Network Management Center, Chongqing University of Posts and Telecommunications, Yulong Computer Communication Technology (Shenzhen) Co., Ltd., People of China University, Chinese People’s Liberation Army Information Security Evaluation and Certification Center, China Telecom Corporation, National Information Center, Peking University Shenzhen Postgraduate Institute, China Electric Power Research Institute, Beijing Zhongdian Huada Electronic Design Co., Ltd., Southeast University, China Mobile Communications Group Design Institute have Co., Ltd., Chinese People’s Liberation Army Information Engineering University, Jiangnan Institute of Computing Technology, Beijing University of Posts and Telecommunications, Shanghai Longzhao Electronics Co., Ltd., Beijing Wulong Telecommunications Technology Company, Beijing Wangbei Hechuang Technology Co., Ltd., Shenzhen Hongdian Technology Co., Ltd., Peking University Founder Group Company, Haier Group, Beijing Guangxin Finance Technology Co., Ltd., Beijing Liuhe Wantong Microelectronics Technology Co., Ltd., Honghao Ming Chuan Technology (North Beijing) Co., Ltd., Beijing City Hotspot Information Co., Ltd., Beijing Huaan Guangtong Technology Development Co., Ltd., Maipu Communication Technology Co., Ltd., Changchun Jida Zhengyuan Information Technology Co., Ltd., Tsinghua University, Beijing Tianyi Integrated Technology Co., Ltd., Guilin University of Electronic Technology, Xi'an Realan Technology Co., Ltd., Broadband Wireless IP Standard Working Group, WAPI Industry Alliance. The main drafters of this section. Huang Zhenhai, Lai Xiaolong, Li Dawei, Feng Dengguo, Song Qizhu, Tie Manxia, Cao Jun, Li Jiandong, Lin Ning, Shu Min, Zhu Zhixiang, Chen Xiaohua, Guo Xiaolei, Li Jingchun, Yu Yali, Wang Yumin, Zhang Bianling, Xiao Yuelei, Gao Bo, Gao Kunlun, Pan Feng, Hu Yanan, Jiang Qingsheng, Xiao Li, Zhu Jianping, Jia Yan, Shi Weinian, Li Qin, Li Guangsen, Wu Yafei, Liang Zhaohui, Liang Qiongwen, Luo Xuguang, Long Zhaohua, Shen Lingyun, Zhang Wei, Xu Pingping, Ma Huaxing, Gao Feng, Qiu Hongbing, Zhu Yuesheng, Wang Yahui, Lan Tian, Wang Zhijian, Du Zhiqiang, Zhang Guoqiang, Tian Xiaoping, Tian Hui, Zhang Yongqiang, Shou Guoliang, Mao Liping, Cao Zhuqing, Guo Zhigang, Gao Hong, Han Kang, Wang Gang, Bai Guoqiang, Chen Zhifeng, Li Jianliang, Li Dawei, Wang Liren, Gao Yuan, Yue Lin, Jing Jingtao.
The previous releases of the standards replaced by this part are.
---GB/T 15843.3-1998, GB/T 15843.3-2008.
This part of GB/T 15843 defines the entity authentication mechanism using digital signature technology, which is divided into two types. one-way authentication and mutual authentication. Among them, one-way authentication is divided into one-pass authentication and two-pass authentication according to the number of message transfers; mutual authentication is based on the number of message transfers. The number is divided into two pass authentication, three pass authentication, two pass parallel authentication, and five pass authentication. Since the distribution method of the certificate used for signature is beyond the scope of this section, the sending of the certificate is optional in all mechanisms. All relevant content related to cryptographic algorithms in this section shall be implemented in accordance with relevant national regulations. The issuing agency of this document draws attention to the fact that when a declaration conforms to this document, it may involve the chapter 6 and "a method of two-way authentication of entities". A kind of two-way authentication method and system for entities based on a trusted third party" and other related patents. The issuing agency of this document has no position on the authenticity, validity and scope of the patent. The patent holder has assured the issuing organization of this document that he is willing to work with any applicant under reasonable and non-discriminatory terms and conditions. Negotiations on patent licensing. The statement of the patent holder has been filed with the issuing agency of this document. For relevant information, please contact Way to get.
Patentee. Xi'an Xidian Jietong Wireless Network Communication Co., Ltd. Address. A201, Qinfeng Tower, Xi'an Software Park, No. 68, Keji 2nd Road, High-tech Zone, Xi'an Contact. Liu Changchun
Please note that in addition to the above-mentioned patents, certain contents of this document may still involve patents. The issuing agency of this document is not responsible for identifying these Liability for patents.
Information technology security technology entity authentication
Part 3.Mechanisms using digital signature technology
This part of GB/T 15843 specifies an entity authentication mechanism using digital signature technology. There are two authentication mechanisms for a single entity Authentication (one-way authentication), the rest is the mutual authentication mechanism of two entities. The mechanisms specified in this section use time-varying parameters such as timestamps, serial numbers, or random numbers to prevent previously valid authentication information from being Accepted or accepted multiple times.
If time stamps or serial numbers are used, one-way authentication only needs to be transmitted once, while mutual authentication requires two transmissions. If using random numbers Challenge-response method, one-way authentication requires two passes, and mutual authentication requires three passes, two passes in parallel, or five passes (depending on the mechanism).
This section applies to all applications and equipment with identification requirements. 2 Normative references
The following documents are indispensable for the application of this document. For dated reference documents, only the dated version applies to this article Pieces. For undated references, the latest version (including all amendments) applies to this document. GB/T 15843.1-2008 Information Technology Security Technical Entity Authentication Part 1.Overview (ISO /IEC 9798-1. 1997, IDT)
GB 15851-1995 Information Technology Security Technology Digital Signature Scheme with Message Recovery (idtISO /IEC 9796.1991) GB/T 16263.1-2006 Information Technology ASN.1 Encoding Rules Part 1.Basic Encoding Rules (BER), Regular Encoding Rules (CER) and Atypical Encoding Rules (DER) specifications (ISO /IEC 8825-1.2002, IDT) 3 Terms, definitions and symbols
The terms, definitions and the following symbols defined in GB/T 15843.1-2008 apply to this document. IA. The identity of entity A, which can be A or CertA
IB. The identity of entity B, which can be B or CertB
ResX. Entity X's certificate verification result or entity X's public key 4 requirements
In the authentication mechanism specified in this section, the entity to be authenticated proves its identity by showing that it has a private signature key. This wants This is done by the entity using its private signature key to sign specific data. The signature can be used by any public verification key of the entity Entity to verify.
The authentication mechanism has the following requirements.
a) The verifier should have a valid public key of the claimant;
b) The claimant should have a private signature key that is only known by the claimant. If any one of these two requirements is not met, the authentication process will be attacked or cannot be completed successfully. Note 1.One way to obtain a valid public key is to use a certificate (see Appendix C of GB/T 15843.1-2008). Generation, distribution and revocation of certificates All are beyond the scope of this section. In order to obtain a valid public key in the form of a certificate, a trusted third party can be introduced. Another way to obtain an effective public secret The key method is to use trusted messengers.
Note 2.References related to digital signature schemes are described in the references of GB/T 15843.1-2008. 5 Mechanism
The entity authentication mechanism specified in this section uses time-varying parameters, such as timestamps, serial numbers or random numbers (see GB/T 15843.1-2008 Appendix B and Note 1) of this article.
In this section, the form of the token (also called token) is as follows. Token=X1||||Xi||sSA(Y1||||Yj)
In this section, "signed data" refers to "Y1||||Yj", which is used as the input of the digital signature scheme, and "unsigned data" refers to "X1||||Xi".
If the information contained in the tag name data can be recovered from the signature, it does not need to be included in the unsigned data of the tag (see GB 15851-1995).
If the information contained in the text field of the tag name data cannot be recovered from the signature, it should be included in the unsigned text of the tag name. In the paragraph.
If the information in the signature data of the token (such as the random number generated by the verifier) is known to the verifier, it need not be included in the voice Said party sent the token in the unsigned data.
All text fields specified in the following mechanisms are also applicable to applications outside the scope of this section (text fields may be empty). they The relationship and content of the depends on the specific application. See Appendix A for information on the use of text fields. Note 1.In order to prevent the data block signed by an entity from being deliberately constructed by the second entity, the first entity can include it in the data block signed by it Own random number. In this case, the addition of random numbers makes the signature value unpredictable, thereby preventing the pre-defined data signature.
Note 2.Since the distribution of certificates is beyond the scope of this section, the sending of certificates is optional in all mechanisms. Appendix B specifies the OID and ASN.1 syntax of the entity authentication mechanism specified in this section for accurate reference to a specific mechanism. 5.2 One-way authentication
One-way authentication means that only one of the two entities is authenticated when using this mechanism. 5.2.2 One pass authentication
In this authentication mechanism, the claimant A initiates the process and the verifier B authenticates it. Uniqueness and timeliness is achieved through generation and Check the time stamp or serial number (see Appendix B of GB/T 15843.1-2008) to control. The authentication mechanism is shown in Figure 1.
Figure 1 Schematic diagram of one-way authentication mechanism
5.2.3 Two pass authentication
In this authentication mechanism, the verifier B starts this process and authenticates the claimant A. Uniqueness and timeliness is achieved through generation and Check the random number RB (see Appendix B of GB/T 15843.1-2008) to control. The authentication mechanism is shown in Figure 2.
Figure 2 Schematic diagram of two-pass one-way authentication mechanism The form of the token (TokenAB) sent by the claimant A to the verifier B is. TokenAB=RA||RB||B||Text3||sSA(RA||RB||Text2)
Whether to include distinguishable identifier B in TokenAB is optional, and whether to use an application environment that depends on the authentication mechanism. Note 1.The optional inclusion of distinguishable identifier B in the signature data of TokenAB is to prevent the information from being accepted by entities other than the intended verifier (For example, when a man-in-the-middle attack occurs).
Note 2.Including the random number RA in the signature data of TokenAB can prevent B from obtaining A's signature on the data selected by B before the authentication mechanism is activated. name. This kind of protection method is needed, for example, when A uses the same key for other purposes than entity authentication. (1) B sends a random number RB to A, and optionally sends a text field Text1. (2) A generates and sends TokenAB to B, and optionally sends A's certificate. (3) Once a message containing TokenAB is received, B performs the following steps. (i) Ensure possession of A's valid public key by verifying A's certificate or by other means. (i) Verify TokenAB by the following methods. verify the digital signature of A contained in the token; send in verification step (1) Whether the random number RB given to A matches the random number contained in the TokenAB signature data; check TokenAB The value of the identifier field (B) in the signature data (if any) should be equal to the distinguishable identifier of B. 5.3 Mutual authentication
Mutual authentication means that two communicating entities use this mechanism to authenticate each other. In 5.3.2 and 5.3.3, the two mechanisms described in 5.2.2 and 5.2.3 are extended to achieve mutual authentication. This expansion adds a Messages are delivered, thus adding two operating steps.
The steps specified in 5.3.4 use four messages, but these messages do not need to be sent sequentially. In this way, the identification process can be accelerated. 5.3.2 Two-pass authentication
In this authentication mechanism, the uniqueness and timeliness is achieved by generating and checking the time stamp or serial number (see the attachment of GB/T 15843.1-2008). Record B) to control.
5.3.3 Three pass authentication
In this mechanism, uniqueness and timeliness are controlled by generating and testing random numbers (see Appendix B of GB/T 15843.1-2008). The authentication mechanism is shown in Figure 4.
5.3.4 Two-pass parallel authentication
In this mechanism, identification is performed in parallel, and uniqueness and timeliness are controlled by generating and testing random numbers (see GB/T 15843.1- Appendix B of.2008).
The authentication mechanism is shown in Figure 5.
6 Mechanism for introducing online trusted third parties
The authentication mechanism in this chapter requires the two entities A and B to pass through an online trusted third party (with distinguishable Sub-identifier TP) to verify the other party’s public key. Entity A and B have valid public keys of TP. And A and B don’t have each other’s validity Public key.
This chapter describes two five-pass authentication mechanisms, which realize mutual authentication between entities A and B. In these two authentication mechanisms, There are three elements (A, B and TP). A and B are peer authentication entities relative to TP. The format of the token and text field follows the description of 5.1 Narrated. These two mechanisms are collectively referred to as the ternary peer authentication mechanism TePA (Tri-element Peer Authentication), and they use The signature mechanism defined in ISO /IEC 14888 or GB 15851-1995.
6.2 Five passes to authenticate TePA-A (initiated by entity A)
In this identification mechanism, uniqueness/timeliness is controlled by generating and checking random numbers (see Appendix B of GB/T 15843.1-2008). 6.3 Five passes to authenticate TePA-B (initiated by entity B)
In this identification mechanism, uniqueness/timeliness is controlled by generating and checking random numbers (see Appendix B of GB/T 15843.1-2008). The authentication mechanism is shown in Figure 7.
Use of text fields
The tokens specified in Chapters 5 and 6 of this part include text fields. The practical use of different text fields in a given pass And the relationship between each text fie...