Skip to product information
1 of 12

PayPal, credit cards. Download editable-PDF and invoice in 1 second!

GB/T 37376-2019 English PDF (GBT37376-2019)

GB/T 37376-2019 English PDF (GBT37376-2019)

Regular price $175.00 USD
Regular price Sale price $175.00 USD
Sale Sold out
Shipping calculated at checkout.
Quotation: In 1-minute, 24-hr self-service. Click here GB/T 37376-2019 to get it for Purchase Approval, Bank TT...

GB/T 37376-2019: Transportation -- Digital certificate format

This Standard specifies the digital certificate classification and digital certificate format in the transportation information system. This Standard is applicable to the design, research and amp; development, and test of software and hardware related to the digital certificate applications in the transportation information system.
GB/T 37376-2019
NATIONAL STANDARD OF THE
PEOPLE REPUBLIC OF CHINA
ICS 03.220.20; 35.240.60
R 07
Transportation ?€? Digital Certificate Format
ISSUED ON: MAY 10, 2019
IMPLEMENTED ON: DECEMBER 01, 2019
Issued by: State Administration for Market Regulation;
Standardization Administration of PRC.
Table of Contents
Foreword ... 3
Introduction ... 4
1 Scope ... 5
2 Normative References ... 5
3 Terms and Definitions ... 5
4 Abbreviations ... 6
5 Certificate Classification ... 6
6 Digital Certificate Format ... 7
Appendix A (Informative) ITS Device Certificate Format Example ... 19
Appendix B (Informative) Certificate Revocation List Format Example ... 21 Bibliography ... 23
Foreword
This Standard was drafted as per the rules specified in GB/T 1.1-2009.
This Standard was proposed by and under the jurisdiction of National Technical Committee for Standardization of Intelligent Transport System (SAC/TC 268). Drafting organizations of this Standard: Research Institute of Highway Ministry of Transport; Beijing Zhongjiao Guotong Intelligent Traffic System Technology Co., Ltd.; Zhongguancun Zhongjiao Guotong Intelligent Traffic System Industry Alliance; National Computer Network and Information Security Management Center; Beijing Information Science and Technology University; Eversec (Beijing) Technology Co., Ltd.; and Beihang University.
Chief drafting staffs of this Standard: Mei Xinming, Zhou Zhou, Sun Jing, Wang Liyan, Wu Junfeng, Song Xianghui, Chen Xiaoguang, Liu Hongwei, Wang Yongjian, Zhao Tong, Wu Qiuxin, Wang Yunpeng, and Yu Guizhen.
Introduction
This Standard is based on the classification of the digital certificate by the country, combined with various application scenarios of the transportation information system, focusing on the requirements of various digital security service against the digital certificate length, calculation efficiency, etc. in the intelligent transport system application; it also conducts the standardized definitions on the format of the ITS device certificate.
All those relevant contents involved the cryptographic algorithm, this Standard considers the application and implementation of the Chinese cipher algorithm. Transportation ?€? Digital Certificate Format
1 Scope
This Standard specifies the digital certificate classification and digital certificate format in the transportation information system.
This Standard is applicable to the design, research and development, and test of software and hardware related to the digital certificate applications in the transportation information system.
2 Normative References
The following documents are essential to the application of this document. For the dated documents, only the versions with the dates indicated are applicable to this document; for the undated documents, only the latest version (including all the amendments) are applicable to this document.
GB/T 25069-2010 Information Security Technology ?€? Glossary
GM/T 0015 Digital Certificate Format based on SM2 Algorithm
3 Terms and Definitions
For the purpose of this document, the terms and definitions given in GB/T 25069-2010 and the following apply.
3.1 Intelligent transport system; ITS
In the more improved transport infrastructure, effectively and comprehensively use the advanced science and technology (information technology, computer technology, data communication technology, sensor technology, electronic control technology, automatic control theory, operations research, artificial intelligence, etc.) into the fields of transportation, service control, and vehicle manufacturing; strengthen the contact among the vehicle, road and users; so that form a comprehensive transport system that guarantees safety, increases efficiency, improved environment, and saves energy. 3.2 Cooperative ITS
An intelligent transport system that realizes intelligent coordination and cooperation between vehicle and infrastructure, between vehicle and vehicle, between vehicle and user through the information interaction of user, vehicle and road.
3.3 Digital certificate
A trusted digital file digitally signed by a nationally recognized, authoritative, credible and impartial third-party certification authority (CA).
[GB/T 20518-2018, definition 3.7]
3.4 ITS device certificate
A certificate file with a specific format issued for the onboard unit, roadside unit and mobile terminal in the intelligent transport system.
3.5 SM2 algorithm
An elliptic curve cryptographic algorithm with a key length of 256 bits. 4 Abbreviations
The following abbreviations are applicable to this document.
CA: Certificate Authority
CRL: Certificate Revocation List
ITS: Intelligent Transport System
UTC: Coordinated Universal Time
5 Certificate Classification
The issuance and management of the digital certificates in the transportation system include the following 5 types of certificates:
a) Institutional certificate ?€? issued to the internal agency and service organization of the transportation system;
b) Public service certificate ?€? issued to the computer terminal user of the transportation system (working staffs);
c) Social public certificate -- issued to the computer terminal user of the transportation system (external user);
d) Device certificate ?€? issued to the server and terminal equipment, etc. in the transportation system;
e) ITS device certificate ?€? issued to onboard unit, roadside unit and mobile terminals, etc. in the transportation system.
6 Digital Certificate Format
6.1 General format
The formats for institutional certificate, staff certificate, social public certificate and device certificate shall meet the requirements of GM/T 0015.
6.2 ITS device certificate format
6.2.1 Basic element instruction
6.2.1.1 Encoding rules
Use ASN.1 to describe the data structure; use octet encoding rule (OER) to encode the digital certificate format and various information.
6.2.1.2 Basic data types
The basic data types are defined as follows:
6.2.1.3 8-byte hash value
The 8-byte hash value is defined as HashedId8 type; its structure is as follows: Instruction: this hash value is used to identify the data such as certificates. Firstly, calculate the hash value of the input data; then take 8 lowest significant bytes from the hash value. The 8 lowest bytes are the last 8 bytes of the hashed 32 bytes. 6.2.1.4 Digest algorithm
The digest algorithm is defined as HashAlgorithm type; its structure is as follows: 6.2.1.5 Elliptic curve algorithm
The elliptic curve algorithm is defined as EccCurve type; its structure is as follows: 6.2.1.6 Symmetric encryption algorithm
The symmetric encryption algorithm is defined as SymmetricAlgorithm type; its structure is as follows:
6.2.1.7 Signature public key
The signature public key is defined as PublicVerifyKey type; its structure is as follows: This item describes a point on an elliptic curve. This point is defined as ECCPoint type; its structure is as follows:
Instruction:
This structure indicates a public key for verifying the signature;
When taking Chinese cipher algorithm, ECCPoint is in the format of x-only. 6.2.1.8 Encrypted public key
The encrypted public key is defined as PublicEncryptionKey type; its structure is as follows:
Instruction: this structure indicates a public key for asymmetric encryption calculation and its supported symmetric cryptographic algorithm.
6.2.1.9 32-bit time
The 32-bit time information is defined as Time32 type; its structure is as follows: Instruction: Time32 is a 32-bit unsigned integer; in big-endian encoding format; starting from UTC 00:00:00 on January 01, 2004; giving the number of seconds in the international atomic time.
6.2.1.10 Geographic effective region
The geographic effective region is defined as GeographicRegion type; its structure is as follows:
Instruction: this identifier defines the certificate application geographic region, which can be used to limit the validity of the certificate.
6.2.1.11 Circular region
The circular geographic effective region is defined as CircularRegion type; its structure is as follows:
Instruction: the circular effective region is determined by the center point and the radius in meter. The effective region range needs to be at the distance of less than or equal to radius from the center point. Judge whether a geographic point containing an elevation parameter is within a specified circular region, it shall determine that such point?€?s horizontal projection on the surface of the reference ellipsoid is within the circular region.
6.2.1.12 Rectangular region
The rectangular geographic effective region is defined as RectangularRegion type; its structure is as follows:
Instruction: the rectangular effective region is formed by connecting the following points in turn (northWest.latitude, northWest.longitude), (southEast.latitude, northWest.longitude), (southEast.latitude, southEast.longitude), and
(northWest.latitude, southEast.longitude). Judge whether a geographic point contain an elevation parameter is within a specified rectangular region, it shall determine whether such point?€?s horizontal projection on the surface of reference ellipsoid is within the rectangular region.
6.2.1.13 Polygonal region
The polygonal geographic effective region is defined as PolygonalRegion type; its structure is as follows:
Instruction: the polygonal region defines a region that uses a series of different geographic points to connect and form a polygonal connection, and finally point to the first point. Judge whether a geographic point containing an elevation parameter is within the specified polygonal region, it shall determine that such point?€?s horizontal projection on the surface of reference ellipsoid is within this polygonal region. 6.2.14 2D location information
The 2D location information is defined as TwoDLocation type; its structure is as follows: Instruction: this data structure is used to define the region for the validity of the certificate; the latitude and longitude fields contain he latitude and longitude defined above.
6.2.1.15 3D location information
The 3D location information is defined as ThreeDLocation type; its structure is as follows:
Instruction: Elevation indicates height above sea-level; in dm; the value range is 6.2.1.16 Latitude
The latitude information is defined as Latitude type; its structure is as follows: Instruction:
The latitude field contains an integer encoding with the accuracy of 1 micro-degree; The allowed latitude value range is from -900 000 000 ~ +900 000 000; the Value 900 000 001 indicates that the altitude is unavailable.
6.2.1.17 Longitude
The longitude information is defined as Longitude type; its structure is as follows: Instruction:
The longitude field contains an integer encoding with the accuracy of 1 micro-degree; The allowed longitude value range is -1 799 999 999 ~+1 800 000 000; Value 1 800 000 001 indicates that the longitude is unavailable.
6.2.2 Certificate
6.2.2.1 Certificate structure
The ITS device digital certificate is the cooperative intelligent transport system digital certificate (Certificate); its structure is as follows:
ITS device digital certificate example can refer to Appendix A.
6.2.2.2 Version
It indicates the certificate version; the current value is 2.
6.2.2.3 Signer information
The certificate signer information is defined as IssuerId type; its structure is as follows: Instruction:
Self: self-signature; no additional data;
certificateDigest: Hash is calculated by using the specified digest algorithm for the certificate; and obtain the identifier.
6.2.2.4 Subject Information
The certificate subject information is defined as SubjectInfo type; its structure is as follows:
subjectName contains the subject information. The maximum length for the subjectName length-variable vector is 32 bytes.
Instruction:
When communicating with a certificate authority, the ITS device shall use the certificate of SubjectInfo whose SubjectType is enrollmentCredential; such certificate is forbidden to issue the ITS device registration certificate (authorization certificate) or used to authenticate and communicate with other ITS devices;
When communicating with other ITS devices, the ITS device shall use the SubjectInfo certificate whose SubjectType is authorizationTicket; such certificate is forbidden to issue the ITS device authorization certificate (registration certificate); When the authority issues an authorization certificate for the ITS device, the SubjectType shall be authorizationAuthority;
When the certification authority issues a registration certificate for the ITS device, the SubjectType shall be enrollmentAuthority;
When the certification authority signs the certificate for other certification authorities; the SubjectType shall be rootCa;
For the signer of the certificate revocation list; the SubjectType shall be crlSigner. 6.2.2.5 Subject attribute
The certificate subject attribute is defined as SubjectAttribute; its structure is as follows: Instruction:
verificationKey: public key data conforming to the PublicVerifyKey structure; encryptionKey: public key data conforming to the PublicEncryptionKey structure; if this content exists, it indicates that the following response data requires to be encrypted by such public key;
assuranceLevel: subject assurance level conforming to the SubjectAssurance structure; SubjectAssurance: this field defines the security level corresponding to the security assessment of the ITS device key management; if the specification of the subject trust and the encoding of the trust level exceed the scope of this document, all shall be set 0 by default (no guarantee).
itsAid: general intelligent traffic application identifier conforming to Unit64 type; ItsAidSsp: Intelligent transport application list that meet the specified service permissions of the ItsAidSsp structure;
The maximum length of serviceSpecificPermissions is 32 bytes.
6.2.2.6 Validity restriction
The certificate validity restriction is defined as ValidityRestriction; its structure is as follows:
Instruction:
timeEnd: expiration date of the certificate that conforms to the Time32 structure; timeStartAndEnd: conforms to the Time32 structure; contains the effective start date and expiration date of the certificate;
Region: certificate effective region conforming to the GeographicRegion structure. 6.2.2.7 Signature
The signature value (Signature) based on the public key cryptographic algorithm; its structure is as follows:
Instruction:
The original text of the signature calculation is: ; thereof,
data is the bytes of to-be-signed data; signer is the signing staff;
When self-signing, signer is a zero-byte array;
When not self-signing, it is the encoding content of the signer certificate. This method is used for the certificate signature and message signature. 6.3 Certificate revocation list format
CRL (certificate revocation list) structure is as follows:
Instruction:
version: the version of the CRL; this field is set to be 1 in this Standard; IssuerId: key for the identification signature; such value can?€?t take the self. If it contains the signature public key whose subjectType is rootCa, then such value can only take certificateDigestWithSM3;
UnsignedCrl: unsigned CRL;
Signature: CRL authority signature value; the signature is calculated based on the content of the unsignedCrl field.
crlSerial: counter; starting from 0; its value shall be increased by 1, each time a CRL is issued;
nextCrl and issueDate specify the time period covered by this CRL;
nextCrl: contains the estimated CRL release time;
Id: HashedId of the invalidated certificate;
hashAlg: digest algorithm that obtained through calculating the id;
expiry: expiration time of the certificate being revoked;
Certificate revocation list format example can refer to Appendix B.
Appendix A
(Informative)
ITS Device Certificate Format Example
A.1 Overview
This appendix gives a data structure for an authorization certificate that conforms to the digital certificate format; the entire certificate structure is 161 bytes. A.2 Certificate data
A.3 Certificate data parsing
Appendix B
(Informative)
Certificate Revocation List Format Example
B.1 Overview
This appendix gives a data structure that conforms to the certificate revocation list format; the entire certificate revocation list structure is totally 103 bytes. B.2 Message data
B.3 Data parsing
Bibliography
[1] GB/T 16262.1 Information Technology - Abstract Syntax Notation One (ASN.1) - Part 1: Specification of Basic Notation
[2] GB/T 20518-2018 Information Security Technology - Public Key Infrastructure - Digital Certificate Format
[3] GM/T 0009 SM2 Cryptography Algorithm Application Specification
[4] GM/T 0010 SM2 Cryptography Message Syntax Specification
__________ END __________

View full details