1
/
of
5
PayPal, credit cards. Download editable-PDF and invoice in 1 second!
GB/T 15843.3-2016 English PDF (GB/T15843.3-2016)
GB/T 15843.3-2016 English PDF (GB/T15843.3-2016)
Regular price
$210.00
Regular price
Sale price
$210.00
Unit price
/
per
Shipping calculated at checkout.
Couldn't load pickup availability
GB/T 15843.3-2016: Information technology -- Security techniques -- Entity authentication -- Part 3: Mechanisms using digital signature techniques
Delivery: 9 seconds. Download (& Email) true-PDF + Invoice.
Get Quotation: Click GB/T 15843.3-2016 (Self-service in 1-minute)
Historical versions (Master-website): GB/T 15843.3-2016
Preview True-PDF (Reload/Scroll-down if blank)
GB/T 15843.3-2016
Information technology - Security techniques - Entity authentication - Part 3.Mechanisms using digital signature techniques
ICS 35.040
L80
National Standards of People's Republic of China
Replace GB/T 15843.3-2008
Information technology security technology entity authentication
Part 3.Mechanisms using digital signature technology
Released on.2016-04-25
2016-11-01 implementation
General Administration of Quality Supervision, Inspection and Quarantine of the People's Republic of China
Issued by China National Standardization Administration
Table of contents
Foreword Ⅰ
Introduction Ⅲ
1 Scope 1
2 Normative references 1
3 Terms, definitions and symbols 1
4 Requirements 1
5 Mechanism 2
5.1 Overview 2
5.2 One-way authentication 2
5.3 Mutual authentication 3
6 Mechanism for introducing online trusted third parties 6
6.1 Overview 6
6.2 Five passes to authenticate TePA-A (initiated by entity A) 6
6.3 Five passes to authenticate TePA-B (initiated by entity B) 8
Appendix A (informative appendix) Use of text fields 10
Appendix B (Normative Appendix) OID and ASN.1 Notation 11
B.1 Formal definition 11
B.2 Use of subsequent object identifiers 11
B.3 Coding example based on basic coding rules 11
Preface
GB/T 15843 "Information Technology Security Technical Entity Identification" is currently divided into five parts.
---Part 1.Overview;
---Part 2.The mechanism of using symmetric encryption algorithms;
---Part 3.The mechanism of using digital signature technology;
---Part 4.Using the mechanism of password verification function;
---Part 5.The mechanism of adopting zero-knowledge technology.
This part is Part 3 of GB/T 15843.
This section was drafted in accordance with the rules given in GB/T 1.1-2009.
This Part replaces GB/T 15843.3-2008 "Information Technology Security Technology Entity Authentication Part 3.Using Digital Signature Technology
The mechanism of technology. Compared with GB/T 15843.3-2008, the main technical changes in this part are as follows.
---Added an authentication mechanism for introducing online trusted third parties (see Chapter 6);
---Added OID and ASN.1 syntax (see Appendix B).
Among them, the relevant chapters and articles involved in the amendment of GB/T 15843.3-2008 are as follows.
Modified item number GB/T 15843.3-2008 chapter number modification description
1 Chapter 1 replaces the third paragraph of Chapter 1
2 Chapter 3 adds three term descriptions at the end of Chapter 3
3 Add chapter 6 after chapter 5
4 Appendix A replaces the first paragraph of Appendix A
5 Add Appendix B after Appendix A
The translation method used in this part is equivalent to the ISO /IEC 9798-3.1998 "Information Technology Security Technical Entity Authentication Part 3.
The Mechanism of Using Digital Signature Technology and Amd.1.2010 "Information Technology Security Technology Entity Authentication Part 3.Using Digital
The mechanism of signature technology No. 1 amendment. the introduction of an online trusted third-party authentication mechanism", only editorial changes.
This part is proposed and managed by the National Information Security Standardization Technical Committee (SAC/TC260).
The main drafting units of this section. Xi'an Xidian Jietong Wireless Network Communication Co., Ltd., and the State Cryptography Administration
Center, State Key Laboratory of Information Security, China Electronics Standardization Institute, National Radio Monitoring Center Testing Center, Xi’an Electronics
University of Technology, Xi'an University of Posts and Telecommunications, Guangzhou Jiesai Technology Co., Ltd., Shenzhen Minghua Aohan Technology Co., Ltd., China Information Security
Certification Center, National Information Security Engineering Technology Research Center, National Computer Network Emergency Technology Processing Coordination Center, National Information Technology Security
Full Research Center, the First Research Institute of the Ministry of Public Security, the Communication Metrology Center of the Ministry of Industry and Information Technology, the Information Security Level Protection Evaluation Center of the Ministry of Public Security,
University of Defense Technology, Beijing Municipal Affairs Network Management Center, Chongqing University of Posts and Telecommunications, Yulong Computer Communication Technology (Shenzhen) Co., Ltd., People of China
University, Chinese People’s Liberation Army Information Security Evaluation and Certification Center, China Telecom Corporation, National Information Center, Peking University Shenzhen Postgraduate
Institute, China Electric Power Research Institute, Beijing Zhongdian Huada Electronic Design Co., Ltd., Southeast University, China Mobile Communications Group Design Institute have
Co., Ltd., Chinese People’s Liberation Army Information Engineering University, Jiangnan Institute of Computing Technology, Beijing University of Posts and Telecommunications, Shanghai Longzhao Electronics Co., Ltd.,
Beijing Wulong Telecommunications Technology Company, Beijing Wangbei Hechuang Technology Co., Ltd., Shenzhen Hongdian Technology Co., Ltd., Peking University Founder Group
Company, Haier Group, Beijing Guangxin Finance Technology Co., Ltd., Beijing Liuhe Wantong Microelectronics Technology Co., Ltd., Honghao Ming Chuan Technology (North
Beijing) Co., Ltd., Beijing City Hotspot Information Co., Ltd., Beijing Huaan Guangtong Technology Development Co., Ltd., Maipu Communication Technology Co., Ltd.,
Changchun Jida Zhengyuan Information Technology Co., Ltd., Tsinghua University, Beijing Tianyi Integrated Technology Co., Ltd., Guilin University of Electronic Technology, Xi'an
Realan Technology Co., Ltd., Broadband Wireless IP Standard Working Group, WAPI Industry Alliance.
The main drafters of this section. Huang Zhenhai, Lai Xiaolong, Li Dawei, Feng Dengguo, Song Qizhu, Tie Manxia, Cao Jun, Li Jiandong, Lin Ning, Shu Min,
Zhu Zhixiang, Chen Xiaohua, Guo Xiaolei, Li Jingchun, Yu Yali, Wang Yumin, Zhang Bianling, Xiao Yuelei, Gao Bo, Gao Kunlun, Pan Feng, Hu Yanan, Jiang Qingsheng,
Xiao Li, Zhu Jianping, Jia Yan, Shi Weinian, Li Qin, Li Guangsen, Wu Yafei, Liang Zhaohui, Liang Qiongwen, Luo Xuguang, Long Zhaohua, Shen Lingyun, Zhang Wei,
Xu Pingping, Ma Huaxing, Gao Feng, Qiu Hongbing, Zhu Yuesheng, Wang Yahui, Lan Tian, Wang Zhijian, Du Zhiqiang, Zhang Guoqiang, Tian Xiaoping, Tian Hui, Zhang Yongqiang,
Shou Guoliang, Mao Liping, Cao Zhuqing, Guo Zhigang, Gao Hong, Han Kang, Wang Gang, Bai Guoqiang, Chen Zhifeng, Li Jianliang, Li Dawei, Wang Liren, Gao Yuan,
Yue Lin, Jing Jingtao.
The previous releases of the standards replaced by this part are.
---GB/T 15843.3-1998, GB/T 15843.3-2008.
introduction
This part of GB/T 15843 defines the entity authentication mechanism using digital signature technology, which is divided into two types. one-way authentication and mutual authentication.
Among them, one-way authentication is divided into one-pass authentication and two-pass authentication according to the number of message transfers; mutual authentication is based on the number of message transfers.
The number is divided into two pass authentication, three pass authentication, two pass parallel authentication, and five pass authentication.
Since the distribution method of the certificate used for signature is beyond the scope of this section, the sending of the certificate is optional in all mechanisms.
All relevant content related to cryptographic algorithms in this section shall be implemented in accordance with relevant national regulations.
The issuing agency of this document draws attention to the fact that when a declaration conforms to this document, it may involve the chapter 6 and "a method of two-way authentication of entities".
A kind of two-way authentication method and system for entities based on a trusted third party" and other related patents.
The issuing agency of this document has no position on the authenticity, validity and scope of the patent.
The patent holder has assured the issuing organization of this document that he is willing to work with any applicant under reasonable and non-discriminatory terms and conditions.
Negotiations on patent licensing. The statement of the patent holder has been filed with the issuing agency of this document. For relevant information, please contact
Way to get.
Patentee. Xi'an Xidian Jietong Wireless Network Communication Co., Ltd.
Address. A201, Qinfeng Tower, Xi'an Software Park, No. 68, Keji 2nd Road, High-tech Zone, Xi'an
Contact. Liu Changchun
Please note that in addition to the above-mentioned patents, certain contents of this document may still involve patents. The issuing agency of this document is not responsible for identifying these
Liability for patents.
Information technology security technology entity authentication
Part 3.Mechanisms using digital signature technology
1 Scope
This part of GB/T 15843 specifies an entity authentication mechanism using digital signature technology. There are two authentication mechanisms for a single entity
Authentication (one-way authentication), the rest is the mutual authentication mechanism of two entities.
The mechanisms specified in this section use time-varying parameters such as timestamps, serial numbers, or random numbers to prevent previously valid authentication information from being
Accepted or accepted multiple times.
If time stamps or serial numbers are used, one-way authentication only needs to be transmitted once, while mutual authentication requires two transmissions. If using random numbers
Challenge-response method, one-way authentication requires two passes, and mutual authentication requires three passes, two passes in parallel, or five passes (depending on the
mechanism).
This section applies to all applications and equipment with identification requirements.
2 Normative references
The following documents are indispensable for the application of this document. For dated reference documents, only the dated version applies to this article
Pieces. For undated references, the latest version (including all amendments) applies to this document.
GB/T 15843.1-2008 Information Technology Security Technical Entity Authentication Part 1.Overview (ISO /IEC 9798-1.
1997, IDT)
GB 15851-1995 Information Technology Security Technology Digital Signature Scheme with Message Recovery (idtISO /IEC 9796.1991)
GB/T 16263.1-2006 Information Technology ASN.1 Encoding Rules Part 1.Basic Encoding Rules (BER), Regular Encoding
Rules (CER) and Atypical Encoding Rules (DER) specifications (ISO /IEC 8825-1.2002, IDT)
3 Terms, definitions and symbols
The terms, definitions and the following symbols defined in GB/T 15843.1-2008 apply to this document.
IA. The identity of entity A, which can be A or CertA
IB. The identity of entity B, which can be B or CertB
ResX. Entity X's certificate verification result or entity X's public key
4 requirements
In the authentication mechanism specified in this section, the entity to be authenticated proves its identity by showing that it has a private signature key. This wants
This is done by the entity using its private signature key to sign specific data. The signature can be used by any public verification key of the entity
Entity to verify.
The authentication mechanism has the following requirements.
a) The verifier should have a valid public key of the claimant;
b) The claimant should have a private signature key that is only known by the claimant.
If any one of these two requirements is not met, the authentication process will be attacked or cannot be completed successfully.
Note 1.One way to obtain a valid public key is to use a certificate (see Appendix C of GB/T 15843.1-2008). Generation, distribution and revocation of certificates
All are beyond the scope of this section. In order to obtain a valid public key in the form of a certificate, a trusted third party can be introduced. Another way to obtain an effective public secret
The key method is to use trusted messengers.
Note 2.References related to digital signature schemes are described in the references of GB/T 15843.1-2008.
5 Mechanism
5.1 Overview
The entity authentication mechanism specified in this section uses time-varying parameters, such as timestamps, serial numbers or random numbers (see GB/T 15843.1-2008
Appendix B and Note 1) of this article.
In this section, the form of the token (also called token) is as follows.
Token=X1||||Xi||sSA(Y1||||Yj)
In this section, "signed data" refers to "Y1||||Yj", which is used as the input of the digital signature scheme, and "unsigned data" refers to
"X1||||Xi".
If the information contained in the tag name data can be recovered from the signature, it does not need to be included in the unsigned data of the tag (see
GB 15851-1995).
If the information contained in the text field of the tag name data cannot be recovered from the signature, it should be included in the unsigned text of the tag name.
In the paragraph.
If the information in the signature data of the token (such as the random number generated by the verifier) is known to the verifier, it need not be included in the voice
Said party sent the token in the unsigned data.
All text fields specified in the following mechanisms are also applicable to applications outside the scope of this section (text fields may be empty). they
The relationship and content of the depends on the specific application. See Appendix A for information on the use of text fields.
Note 1.In order to prevent the data block signed by an entity from being deliberately constructed by the second entity, the first entity can include it in the data block signed by it
Own random number. In this case, the addition of random numbers makes the signature value unpredictable, thereby preventing the pre-defined data
signature.
Note 2.Since the distribution of certificates is beyond the scope of this section, the sending of certificates is optional in all mechanisms.
Appendix B specifies the OID and ASN.1 syntax of the entity authentication mechanism specified in this section for accurate reference to a specific mechanism.
5.2 One-way authentication
5.2.1 Overview
One-way authentication means that only one of the two entities is authenticated when using th...
Delivery: 9 seconds. Download (& Email) true-PDF + Invoice.
Get Quotation: Click GB/T 15843.3-2016 (Self-service in 1-minute)
Historical versions (Master-website): GB/T 15843.3-2016
Preview True-PDF (Reload/Scroll-down if blank)
GB/T 15843.3-2016
Information technology - Security techniques - Entity authentication - Part 3.Mechanisms using digital signature techniques
ICS 35.040
L80
National Standards of People's Republic of China
Replace GB/T 15843.3-2008
Information technology security technology entity authentication
Part 3.Mechanisms using digital signature technology
Released on.2016-04-25
2016-11-01 implementation
General Administration of Quality Supervision, Inspection and Quarantine of the People's Republic of China
Issued by China National Standardization Administration
Table of contents
Foreword Ⅰ
Introduction Ⅲ
1 Scope 1
2 Normative references 1
3 Terms, definitions and symbols 1
4 Requirements 1
5 Mechanism 2
5.1 Overview 2
5.2 One-way authentication 2
5.3 Mutual authentication 3
6 Mechanism for introducing online trusted third parties 6
6.1 Overview 6
6.2 Five passes to authenticate TePA-A (initiated by entity A) 6
6.3 Five passes to authenticate TePA-B (initiated by entity B) 8
Appendix A (informative appendix) Use of text fields 10
Appendix B (Normative Appendix) OID and ASN.1 Notation 11
B.1 Formal definition 11
B.2 Use of subsequent object identifiers 11
B.3 Coding example based on basic coding rules 11
Preface
GB/T 15843 "Information Technology Security Technical Entity Identification" is currently divided into five parts.
---Part 1.Overview;
---Part 2.The mechanism of using symmetric encryption algorithms;
---Part 3.The mechanism of using digital signature technology;
---Part 4.Using the mechanism of password verification function;
---Part 5.The mechanism of adopting zero-knowledge technology.
This part is Part 3 of GB/T 15843.
This section was drafted in accordance with the rules given in GB/T 1.1-2009.
This Part replaces GB/T 15843.3-2008 "Information Technology Security Technology Entity Authentication Part 3.Using Digital Signature Technology
The mechanism of technology. Compared with GB/T 15843.3-2008, the main technical changes in this part are as follows.
---Added an authentication mechanism for introducing online trusted third parties (see Chapter 6);
---Added OID and ASN.1 syntax (see Appendix B).
Among them, the relevant chapters and articles involved in the amendment of GB/T 15843.3-2008 are as follows.
Modified item number GB/T 15843.3-2008 chapter number modification description
1 Chapter 1 replaces the third paragraph of Chapter 1
2 Chapter 3 adds three term descriptions at the end of Chapter 3
3 Add chapter 6 after chapter 5
4 Appendix A replaces the first paragraph of Appendix A
5 Add Appendix B after Appendix A
The translation method used in this part is equivalent to the ISO /IEC 9798-3.1998 "Information Technology Security Technical Entity Authentication Part 3.
The Mechanism of Using Digital Signature Technology and Amd.1.2010 "Information Technology Security Technology Entity Authentication Part 3.Using Digital
The mechanism of signature technology No. 1 amendment. the introduction of an online trusted third-party authentication mechanism", only editorial changes.
This part is proposed and managed by the National Information Security Standardization Technical Committee (SAC/TC260).
The main drafting units of this section. Xi'an Xidian Jietong Wireless Network Communication Co., Ltd., and the State Cryptography Administration
Center, State Key Laboratory of Information Security, China Electronics Standardization Institute, National Radio Monitoring Center Testing Center, Xi’an Electronics
University of Technology, Xi'an University of Posts and Telecommunications, Guangzhou Jiesai Technology Co., Ltd., Shenzhen Minghua Aohan Technology Co., Ltd., China Information Security
Certification Center, National Information Security Engineering Technology Research Center, National Computer Network Emergency Technology Processing Coordination Center, National Information Technology Security
Full Research Center, the First Research Institute of the Ministry of Public Security, the Communication Metrology Center of the Ministry of Industry and Information Technology, the Information Security Level Protection Evaluation Center of the Ministry of Public Security,
University of Defense Technology, Beijing Municipal Affairs Network Management Center, Chongqing University of Posts and Telecommunications, Yulong Computer Communication Technology (Shenzhen) Co., Ltd., People of China
University, Chinese People’s Liberation Army Information Security Evaluation and Certification Center, China Telecom Corporation, National Information Center, Peking University Shenzhen Postgraduate
Institute, China Electric Power Research Institute, Beijing Zhongdian Huada Electronic Design Co., Ltd., Southeast University, China Mobile Communications Group Design Institute have
Co., Ltd., Chinese People’s Liberation Army Information Engineering University, Jiangnan Institute of Computing Technology, Beijing University of Posts and Telecommunications, Shanghai Longzhao Electronics Co., Ltd.,
Beijing Wulong Telecommunications Technology Company, Beijing Wangbei Hechuang Technology Co., Ltd., Shenzhen Hongdian Technology Co., Ltd., Peking University Founder Group
Company, Haier Group, Beijing Guangxin Finance Technology Co., Ltd., Beijing Liuhe Wantong Microelectronics Technology Co., Ltd., Honghao Ming Chuan Technology (North
Beijing) Co., Ltd., Beijing City Hotspot Information Co., Ltd., Beijing Huaan Guangtong Technology Development Co., Ltd., Maipu Communication Technology Co., Ltd.,
Changchun Jida Zhengyuan Information Technology Co., Ltd., Tsinghua University, Beijing Tianyi Integrated Technology Co., Ltd., Guilin University of Electronic Technology, Xi'an
Realan Technology Co., Ltd., Broadband Wireless IP Standard Working Group, WAPI Industry Alliance.
The main drafters of this section. Huang Zhenhai, Lai Xiaolong, Li Dawei, Feng Dengguo, Song Qizhu, Tie Manxia, Cao Jun, Li Jiandong, Lin Ning, Shu Min,
Zhu Zhixiang, Chen Xiaohua, Guo Xiaolei, Li Jingchun, Yu Yali, Wang Yumin, Zhang Bianling, Xiao Yuelei, Gao Bo, Gao Kunlun, Pan Feng, Hu Yanan, Jiang Qingsheng,
Xiao Li, Zhu Jianping, Jia Yan, Shi Weinian, Li Qin, Li Guangsen, Wu Yafei, Liang Zhaohui, Liang Qiongwen, Luo Xuguang, Long Zhaohua, Shen Lingyun, Zhang Wei,
Xu Pingping, Ma Huaxing, Gao Feng, Qiu Hongbing, Zhu Yuesheng, Wang Yahui, Lan Tian, Wang Zhijian, Du Zhiqiang, Zhang Guoqiang, Tian Xiaoping, Tian Hui, Zhang Yongqiang,
Shou Guoliang, Mao Liping, Cao Zhuqing, Guo Zhigang, Gao Hong, Han Kang, Wang Gang, Bai Guoqiang, Chen Zhifeng, Li Jianliang, Li Dawei, Wang Liren, Gao Yuan,
Yue Lin, Jing Jingtao.
The previous releases of the standards replaced by this part are.
---GB/T 15843.3-1998, GB/T 15843.3-2008.
introduction
This part of GB/T 15843 defines the entity authentication mechanism using digital signature technology, which is divided into two types. one-way authentication and mutual authentication.
Among them, one-way authentication is divided into one-pass authentication and two-pass authentication according to the number of message transfers; mutual authentication is based on the number of message transfers.
The number is divided into two pass authentication, three pass authentication, two pass parallel authentication, and five pass authentication.
Since the distribution method of the certificate used for signature is beyond the scope of this section, the sending of the certificate is optional in all mechanisms.
All relevant content related to cryptographic algorithms in this section shall be implemented in accordance with relevant national regulations.
The issuing agency of this document draws attention to the fact that when a declaration conforms to this document, it may involve the chapter 6 and "a method of two-way authentication of entities".
A kind of two-way authentication method and system for entities based on a trusted third party" and other related patents.
The issuing agency of this document has no position on the authenticity, validity and scope of the patent.
The patent holder has assured the issuing organization of this document that he is willing to work with any applicant under reasonable and non-discriminatory terms and conditions.
Negotiations on patent licensing. The statement of the patent holder has been filed with the issuing agency of this document. For relevant information, please contact
Way to get.
Patentee. Xi'an Xidian Jietong Wireless Network Communication Co., Ltd.
Address. A201, Qinfeng Tower, Xi'an Software Park, No. 68, Keji 2nd Road, High-tech Zone, Xi'an
Contact. Liu Changchun
Please note that in addition to the above-mentioned patents, certain contents of this document may still involve patents. The issuing agency of this document is not responsible for identifying these
Liability for patents.
Information technology security technology entity authentication
Part 3.Mechanisms using digital signature technology
1 Scope
This part of GB/T 15843 specifies an entity authentication mechanism using digital signature technology. There are two authentication mechanisms for a single entity
Authentication (one-way authentication), the rest is the mutual authentication mechanism of two entities.
The mechanisms specified in this section use time-varying parameters such as timestamps, serial numbers, or random numbers to prevent previously valid authentication information from being
Accepted or accepted multiple times.
If time stamps or serial numbers are used, one-way authentication only needs to be transmitted once, while mutual authentication requires two transmissions. If using random numbers
Challenge-response method, one-way authentication requires two passes, and mutual authentication requires three passes, two passes in parallel, or five passes (depending on the
mechanism).
This section applies to all applications and equipment with identification requirements.
2 Normative references
The following documents are indispensable for the application of this document. For dated reference documents, only the dated version applies to this article
Pieces. For undated references, the latest version (including all amendments) applies to this document.
GB/T 15843.1-2008 Information Technology Security Technical Entity Authentication Part 1.Overview (ISO /IEC 9798-1.
1997, IDT)
GB 15851-1995 Information Technology Security Technology Digital Signature Scheme with Message Recovery (idtISO /IEC 9796.1991)
GB/T 16263.1-2006 Information Technology ASN.1 Encoding Rules Part 1.Basic Encoding Rules (BER), Regular Encoding
Rules (CER) and Atypical Encoding Rules (DER) specifications (ISO /IEC 8825-1.2002, IDT)
3 Terms, definitions and symbols
The terms, definitions and the following symbols defined in GB/T 15843.1-2008 apply to this document.
IA. The identity of entity A, which can be A or CertA
IB. The identity of entity B, which can be B or CertB
ResX. Entity X's certificate verification result or entity X's public key
4 requirements
In the authentication mechanism specified in this section, the entity to be authenticated proves its identity by showing that it has a private signature key. This wants
This is done by the entity using its private signature key to sign specific data. The signature can be used by any public verification key of the entity
Entity to verify.
The authentication mechanism has the following requirements.
a) The verifier should have a valid public key of the claimant;
b) The claimant should have a private signature key that is only known by the claimant.
If any one of these two requirements is not met, the authentication process will be attacked or cannot be completed successfully.
Note 1.One way to obtain a valid public key is to use a certificate (see Appendix C of GB/T 15843.1-2008). Generation, distribution and revocation of certificates
All are beyond the scope of this section. In order to obtain a valid public key in the form of a certificate, a trusted third party can be introduced. Another way to obtain an effective public secret
The key method is to use trusted messengers.
Note 2.References related to digital signature schemes are described in the references of GB/T 15843.1-2008.
5 Mechanism
5.1 Overview
The entity authentication mechanism specified in this section uses time-varying parameters, such as timestamps, serial numbers or random numbers (see GB/T 15843.1-2008
Appendix B and Note 1) of this article.
In this section, the form of the token (also called token) is as follows.
Token=X1||||Xi||sSA(Y1||||Yj)
In this section, "signed data" refers to "Y1||||Yj", which is used as the input of the digital signature scheme, and "unsigned data" refers to
"X1||||Xi".
If the information contained in the tag name data can be recovered from the signature, it does not need to be included in the unsigned data of the tag (see
GB 15851-1995).
If the information contained in the text field of the tag name data cannot be recovered from the signature, it should be included in the unsigned text of the tag name.
In the paragraph.
If the information in the signature data of the token (such as the random number generated by the verifier) is known to the verifier, it need not be included in the voice
Said party sent the token in the unsigned data.
All text fields specified in the following mechanisms are also applicable to applications outside the scope of this section (text fields may be empty). they
The relationship and content of the depends on the specific application. See Appendix A for information on the use of text fields.
Note 1.In order to prevent the data block signed by an entity from being deliberately constructed by the second entity, the first entity can include it in the data block signed by it
Own random number. In this case, the addition of random numbers makes the signature value unpredictable, thereby preventing the pre-defined data
signature.
Note 2.Since the distribution of certificates is beyond the scope of this section, the sending of certificates is optional in all mechanisms.
Appendix B specifies the OID and ASN.1 syntax of the entity authentication mechanism specified in this section for accurate reference to a specific mechanism.
5.2 One-way authentication
5.2.1 Overview
One-way authentication means that only one of the two entities is authenticated when using th...
Share
