Skip to product information
1 of 10

PayPal, credit cards. Download editable-PDF and invoice in 1 second!

GB/T 40856-2021 English PDF (GBT40856-2021)

GB/T 40856-2021 English PDF (GBT40856-2021)

Regular price $350.00 USD
Regular price Sale price $350.00 USD
Sale Sold out
Shipping calculated at checkout.
Delivery: 3 seconds. Download true-PDF + Invoice.
Get QUOTATION in 1-minute: Click GB/T 40856-2021
Historical versions: GB/T 40856-2021
Preview True-PDF (Reload/Scroll if blank)

GB/T 40856-2021: Technical requirements and test methods for cybersecurity of on-board information interactive system
GB/T 40856-2021
GB
NATIONAL STANDARD OF THE
PEOPLE’S REPUBLIC OF CHINA
ICS 43.020
CCS T 40
Technical Requirements and Test Methods for
Cybersecurity of On-board Information Interactive
System
ISSUED ON: OCTOBER 11, 2021
IMPLEMENTED ON: MAY 1, 2022
Issued by: State Administration for Market Regulation;
Standardization Administration of the People’s Republic of
China.
Table of Contents
Foreword ... 3 
1 Scope ... 4 
2 Normative References ... 4 
3 Terms and Definitions ... 4 
4 Abbreviations ... 6 
5 Technical Requirements ... 7 
5.1 Security Requirements for Hardware ... 7 
5.2 Security Requirements for Communication Protocols and Interfaces ... 8 
5.3 Security Requirements for Operating System ... 11 
5.4 Security Requirements for Application Software ... 16 
5.5 Security Requirements for Data ... 19 
6 Test Methods ... 21 
6.1 Hardware Security Test ... 21 
6.2 Security Test of Communication Protocols and Interfaces ... 22 
6.3 Security Test of Operating System ... 25 
6.4 Security Test of Application Software ... 30 
6.5 Data Security Test ... 33 
Appendix A (informative) Schematic Diagram of On-board Information
Interactive System ... 36 
Technical Requirements and Test Methods for
Cybersecurity of On-board Information Interactive
System
1 Scope
This Standard specifies the technical requirements and test methods for the
cybersecurity of hardware, communication protocols and interfaces, operating systems,
application software and data of on-board information interactive system.
This Standard is applicable to the guidance of original equipment manufacturers,
component suppliers and software suppliers in the implementation of the design,
development, verification and production for the information security technology of on-
board information interactive system.
2 Normative References
The contents of the following documents constitute indispensable clauses of this
document through normative references in the text. In terms of references with a
specified date, only versions with a specified date are applicable to this document. In
terms of references without a specified date, the latest version (including all the
modifications) is applicable to this document.
GB/T 25069 Information Security Technology - Glossary
GB/T 40861 General Technical Requirements for Vehicle Cybersecurity
GM/T 0005-2012 Randomness Test Specification
3 Terms and Definitions
What is defined in GB/T 25069 and GB/T 40861, and the following terms and
definitions are applicable to this document.
3.1 On-board Information Interactive System
On-board information interactive system refers to a communication system installed
on the vehicle and with at least one of the following functions:
a) Externally, it can establish connections and perform data exchange functions
through communication technologies, such as cellular networks and short-
distance communications. Internally, it can perform functions, such as:
storage and transmission of sensitive personal information used by the on-board
information interactive system shall reduce the number of exposed pins.
5.1.3 In accordance with 6.1 d), perform the test. The number of exposed
communication lines shall be reduced among the key chips used by the on-board
information interactive system. For example, the on-board information interactive
system using multi-layer circuit boards may adopt the mode of internal wiring to
conceal the communication lines.
5.1.4 In accordance with 6.1 e), perform the test. The circuit boards and chips should
not expose readable screen printings that are used to mark the port and pin functions.
5.2 Security Requirements for Communication Protocols and Interfaces
5.2.1 Security of external communication
5.2.1.1 Security of communication connection
In accordance with 6.2.1.1 a), perform the test. The on-board information interactive
system shall implement identity authentication of the platform server or the external
terminal. When the identity authentication is successful, in accordance with 6.2.1.1 b),
perform the test, and the on-board information interactive system and the platform
server or the external terminal can realize communication and interaction of business
data.
5.2.1.2 Security of communication transmission
In accordance with 6.2.1.2, perform the test. The data content transmitted between the
on-board information interactive system and the platform server or the external
terminal shall be encrypted, and the national encryption algorithm should be used.
5.2.1.3 Security of communication termination response
When communicating with the on-board information interactive system, the following
requirement shall be satisfied:
a) In accordance with 6.2.1.3 a), perform the test. When the data content
verification fails, the response operation shall be terminated;
b) In accordance with 6.2.1.3 b), perform the test. When the identity
authentication fails, the response operation shall be terminated.
5.2.1.4 Security of telecommunication protocol
5.2.1.4.1 Security of on-board public telecommunication protocol
The on-board public telecommunication protocol shall be tested in accordance with
6.2.1.4.1. A secure communication protocol with TLS 1.2 version and above, or at least
the same level of security shall be adopted.
5.2.1.4.2 Security of on-board private telecommunication protocol
The on-board private telecommunication protocol shall satisfy the following
requirements:
a) In accordance with 6.2.1.4.2 a), perform the test. It shall support the update
of data encryption keys in a secure mode;
b) In accordance with 6.2.1.4.2 b), perform the test. The used keys shall be
securely transmitted.
5.2.1.5 Security of short-distance communication protocol
5.2.1.5.1 Security of short-distance communication password application
The security of short-distance communication password application shall satisfy the
following requirements:
a) In accordance with 6.2.1.5.1 a), perform the test. The default password shall
be a strong-complexity password that includes at least Arabic numerals,
uppercase and lowercase Latin letters, and a length of not less than 8 digits;
NOTE: Bluetooth is not limited to the requirements of the above clause.
b) In accordance with 6.2.1.5.1 b), perform the test. Different on-board
information interactive systems shall use different default passwords;
c) In accordance with 6.2.1.5.1 c), perform the test. When changing the
password, restrict the user in the setting of the password required by a) or
prompt the user of risks;
NOTE: Bluetooth is not limited to the requirements of the above clause.
d) In accordance with 6.2.1.5.1 d), perform the test. For the login authentication
of the human-machine interface or the interface between different on-board
information interactive systems across the trust network, the password anti-
brute force cracking mechanism shall be supported. In addition, in accordance
with 6.2.1.5.1 e), perform the test; the password file shall be set with security
access control.
5.2.1.5.2 Security of on-board Bluetooth communication protocol
The on-board information interactive system with on-board Bluetooth communication
function shall satisfy the following requirements:
a) In accordance with 6.2.1.5.2 a), perform the test. The on-board information
5.2.3.2.1 In accordance with 6.2.3.2 a), perform the test. The on-board information
interactive system...
View full details