Skip to product information
1 of 7

PayPal, credit cards. Download editable-PDF and invoice in 1 second!

GB/T 38660-2020 English PDF (GBT38660-2020)

GB/T 38660-2020 English PDF (GBT38660-2020)

Regular price $155.00 USD
Regular price Sale price $155.00 USD
Sale Sold out
Shipping calculated at checkout.
Quotation: In 1-minute, 24-hr self-service. Click here GB/T 38660-2020 to get it for Purchase Approval, Bank TT...

GB/T 38660-2020: Identification system for internet of things -- Security mechanism for E-code identification system

This Standard specifies the general requirements, encoding data security, authentication and authorization, access control, interaction security, security assessment and management requirements for Ecode identification system in the identification system for Internet of Things. This Standard is applicable to information security assurance in the construction and application of Ecode identification system in the identification system for Internet of Things.
GB/T 38660-2020
GB
NATIONAL STANDARD OF THE
PEOPLE REPUBLIC OF CHINA
ICS 35.040
A 24
Identification System for Internet of Things - Security
Mechanism for Ecode Identification System
ISSUED ON: MARCH 31, 2020
IMPLEMENTED ON: OCTOBER 1, 2020
Issued by: State Administration for Market Regulation;
Standardization Administration of the PEOPLE Republic of
China.
Table of Contents
Foreword ... 3
1 Scope ... 4
2 Normative References ... 4
3 Terms and Definitions ... 4
4 Abbreviations ... 5
5 General Requirements for Security of Ecode Identification System ... 5 6 Security Requirements for Ecode Encoding Data ... 6
7 Identity Authentication and Authorization Requirements for Ecode
Identification System ... 8
8 Access Control Requirements for Ecode Identification System... 9
9 Interaction Security Requirements for Ecode Identification System ... 10 10 Security Assessment Requirements for Ecode Identification System ... 10 11 Management Requirements for Ecode Identification System ... 12
Bibliography ... 13
Identification System for Internet of Things - Security
Mechanism for Ecode Identification System
1 Scope
This Standard specifies the general requirements, encoding data security, authentication and authorization, access control, interaction security, security assessment and management requirements for Ecode identification system in the identification system for Internet of Things.
This Standard is applicable to information security assurance in the construction and application of Ecode identification system in the identification system for Internet of Things.
2 Normative References
The following documents are indispensable to the application of this document. In terms of references with a specified date, only versions with a specified date are applicable to this document. In terms of references without a specified date, the latest version (including all the modifications) is applicable to this document. GB/T 2887 General Specification for Computer Field
GB/T 17963 Information Technology - Open Systems Interconnection - Network Layer Security Protocol
GB/T 22239 Information Security Technology - Baseline for Classified Protection of Cybersecurity
GB/T 25064 Information Security Technology - Public Key Infrastructure - Electronic Signature Formats Specification
GB/T 31866 Identification System for Internet of Things - Entity Code
3 Terms and Definitions
What is defined in GB/T 31866, and the following terms and definitions are applicable to this document.
3.1 Security Mechanism for Ecode Identification System
Security mechanism for Ecode identification system refers to a collection of assessment or certification of a nationally approved third-party institution. 5.3 Disaster Recovery Center
The Ecode identification system disaster recovery center should select a location with good geological conditions. The disaster recovery center shall adopt remote disaster recovery and should not be in the same earthquake zone as the main center. 5.4 Security Audit
Security audit shall include functions, such as: automatic response, data generation, audit analysis, review, event selection and event storage, etc. The audit log content shall include the time, type, subject identity and result of security event. 6 Security Requirements for Ecode Encoding Data
6.1 Ecode Encoding Data Storage
The security of Ecode encoding data storage shall comply with the following requirements:
a) The medium that stores Ecode encoding data shall be stable and reliable, and shall not be significantly affected by the physical conditions of the external environment;
b) Mobile medium shall not be used to store or transfer Ecode encoding data; c) Technical processing shall be carried out on the medium, from which, Ecode encoding data has been deleted, so that the deleted data cannot be recovered; d) Authorization management shall be carried out on the storage medium entry and exit process, and corresponding records shall be retained.
6.2 Ecode Encoding Data Transmission
The anti-interference, privacy, integrity and correctness of Ecode encoding data during the transmission process shall be guaranteed. See the specific requirements below: a) Necessary technical and management measures shall be taken to prevent interference of Ecode encoding data during the transmission.
b) Necessary technical and management measures shall be taken to ensure the privacy of Ecode encoding data during the transmission. The network
transmission of the Ecode identification system shall have the capability of preventing eavesdropping; security protocols, for example, HTTPS, should be adopted; digital certificates shall be installed. The security protection mechanism of the transmission protocol shall comply with the requirements established, which shall be respectively stored on media like disks, so as to facilitate data recovery when necessary;
d) A regular transferred storage system of the Ecode database shall be
established. In accordance with the Ecode encoding data transaction volume, the frequency of the transferred storage shall be determined. The strategy of real-time transferred storage should be adopted.
6.5 Ecode Identification System Sensitive Information Protection
Necessary technical and management measures shall be taken to protect sensitive information of the Ecode identification system. See the specific requirements below: a) Sensitive information, such as: ID cards and business licenses, shall be stored and calculated in the Ecode identification system; data shall not be locally stored;
b) The application and transferring process of sensitive information storage media shall be rigorously tracked and monitored, so as to prevent loss and information leakage;
c) Without permission, the scope of data services must not be exceeded, and data must not be altered or transmitted. In addition, it is prohibited to display sensitive information in the Ecode identification system in plain text; d) Unified medium destruction tools shall be provided, which include, but are not limited to: physical destruction and degaussing equipment, so as to implement effective destruction of various media.
6.6 Ecode Encoding Verification
Ecode encoding verification shall comply with the following requirements: a) In the Ecode encoding structure, the MD encoding method shall be complete and accurate; necessary verification mechanisms shall be adopted;
b) Ecode encoding resolution system shall establish an Ecode encoding
comparison and verification mechanism to compare and verify the resolved V, NSI and MD information with the original codewords in the database, so as to ensure the accuracy and consistency of the encoding.
7 Identity Authentication and Authorization
Requirements for Ecode Identification System
7.1 Ecode Identification System Identity Authentication Management
9 Interaction Security Requirements for Ecode
Identification System
The consistency, integrity and non-repudiation of information during the interaction process shall be ensured. There shall be mechanisms to prevent attacks, such as: fraud, replay and counterfeiting, and ensure the privacy of data between the communicating parties.
10 Security Assessment Requirements for Ecode
Identification System
The security assessment of the Ecode identification system shall comply with the following requirements:
a) A security assessment mechanism for the Ecode identification system shall be established;
b) The security assessment mechanism shall be able to analyze the security risks of the Ecode identification system. Reasonable security function
components shall be selected; a security profile of the Ecode identification system shall be established;
c) An assessment method model library shall be established for the Ecode identification system. Appropriate models and methods may be adopted for the assessment, which include, but are not limited to: formalization, testing and expert assessment, etc.;
d) In accordance with the security profile and corresponding assessment method of the Ecode identification system, the Ecode identification system information security protection and assessment specifications shall be formulated to guide the development, construction and application of the Ecode identification system;
e) It shall be ensured that the protection level of the Ecode identification system complies with the requirements of GB/T 22239.
A security assessment reference model of the Ecode identification system is shown in Figure 1, which includes the determination of security objectives, the formalization of security protection profiles, the decomposition of security function components and other assessment processes. The security objectives include four categories: the confidentiality, identifiability, controllability and availability of the Ecode identification system.
11 Management Requirements for Ecode Identification
System
11.1 Registration Approval Mechanism
The Ecode identification system shall add a registration approval mechanism. When users are applying for codes online, they shall submit corresponding materials to be used in the internal approval process of the management institution.
11.2 Security Management
11.2.1 Daily security management
In the Ecode identification system, the daily security management shall comply with the following requirements:
a) Establish a security management system for the daily management activities; b) Designate or authorize specialized personnel to take charge of the formulation and assessment of the security management system;
c) Publish the security management system to relevant personnel in various forms, such as: paper documents and electronic documents, etc.
11.2.2 Software maintenance management
The software maintenance management of the Ecode identification system shall comply with the following requirements:
a) Store source files of software products on the media, for example, disks; compile detailed catalogs for the long-term preservation;
b) Make two copies of important software. One shall be archived as the master copy, and the other shall be used as a backup;
c) It shall be ensured that the modification of relevant software of the Ecode identification system will not impair the security of the system.
11.3 Personnel Management
The Ecode identification system shall establish necessary personnel recruitment, assessment, security education and training, and external personnel access management systems, so as to ensure that the system hardware, software and data are not altered, leaked or destroyed due to accidental and malicious reasons.

View full details