1
/
von
9
PayPal, credit cards. Download editable-PDF and invoice in 1 second!
GB/T 37373-2019 English PDF (GBT37373-2019)
GB/T 37373-2019 English PDF (GBT37373-2019)
Normaler Preis
$150.00 USD
Normaler Preis
Verkaufspreis
$150.00 USD
Grundpreis
/
pro
Versand wird beim Checkout berechnet
Verfügbarkeit für Abholungen konnte nicht geladen werden
Delivery: 3 seconds. Download true-PDF + Invoice.
Get QUOTATION in 1-minute: Click GB/T 37373-2019
Historical versions: GB/T 37373-2019
Preview True-PDF (Reload/Scroll if blank)
GB/T 37373-2019: Intelligent transport -- Data security service
GB/T 37373-2019
NATIONAL STANDARD OF THE
PEOPLE’S REPUBLIC OF CHINA
ICS 03.220.20
R 85
Intelligent transport - Data security service
ISSUED ON: MAY 10, 2019
IMPLEMENTED ON: DECEMBER 01, 2019
Issued by: State Administration for Market Regulation;
Standardization Administration of the People's Republic of
China.
Table of Contents
Foreword ... 3
1 Scope ... 4
2 Normative references ... 4
3 Terms and definitions ... 4
4 Abbreviations ... 6
5 Security support platform ... 7
6 Data security service ... 8
Annex A (informative) Security support platform of internet of vehicles based on
PKI ... 15
Annex B (informative) Certificate authentication system ... 17
Annex C (informative) Authorization management system ... 19
Annex D (informative) Key management system ... 20
Annex E (informative) Security management system ... 22
Bibliography ... 24
Intelligent transport - Data security service
1 Scope
This Standard specifies security support platform and data security service of
intelligent transport system.
This Standard is applicable to intelligent transport system to realize data
security service that is based on cryptography.
2 Normative references
The following referenced documents are indispensable for the application of
this document. For dated references, only the edition cited applies. For undated
references, the latest edition of the referenced document (including any
amendments) applies.
GB/T 20839-2007, Intelligent transport systems - General terminology
GB/T 22239-2008, Information security technology - Baseline for classified
protection of information system security
GB/T 25069-2010, Information security technology - Glossary
3 Terms and definitions
For the purposes of this document, the terms and definitions defined in GB/T
20839-2007 and GB/T 25069-2010 as well as the followings apply. To facilitate
the use, some terms and definitions in GB/T 20839-2007 and GB/T 25069-2010
are repeatedly listed below.
3.1 intelligent transport systems; ITS
An integrated transport system that is based on better transportation
infrastructure, that effectively and comprehensively applies advanced science
and technology (information technology, computer technology, data
communication technology, sensor technology, electronic control technology,
automatic control theory, operations research, artificial intelligence, etc.) to
transportation, service control, and vehicle manufacturing, so as to strengthen
the connection between vehicles, roads and users, thus to form a guarantee for
safety, efficiency, environment and energy conservation.
A mode that provides and manages scalable and elastic shared physical and
virtual resource pools through network, in a manner of self-service on demand.
NOTE: Resources include servers, operating systems, networks, software, applications,
and storage devices.
[GB/T 32400-2015, definition 3.2.5]
3.8 data integrity
The property that the data has not been altered or destroyed in an unauthorized
manner.
[GB/T 25069-2010, definition 2.1.36]
3.9 confidentiality
A feature that prevents data from being leaked to or used by unauthorized
individuals, entities, processes.
[GB/T 25069-2010, definition 2.1.1]
3.10 availability
A feature of data and resources that an authorized entity can access and use
as needed.
[GB/T 25069-2010, definition 2.1.20]
3.11 digital certificate
A credible digital file that is digitally signed by a nationally-recognized,
authoritative, credible and fair third-party certificate authority (CA).
[GB/T 20518-2006, definition 3.7]
3.12 digital signature
Data that is attached to the data unit, or cryptographic transformation of data
unit. Such data or transformation allows the receiver of the data unit to verify
the source and integrity of the data unit and protect data from forgery or
repudiation by someone (e.g., recipient).
[GB/T 25069-2010, definition 2.2.2.176]
4 Abbreviations
The following abbreviations apply to this document.
and defense function to provide security management services for the
intelligent transport system, including security policy formulation, security
policy distribution, security audit, security resource management, security
protection, backup and recovery, emergency handling and disaster
recovery. See Annex E for general functional description of the security
management system.
6 Data security service
6.1 Identity authentication
6.1.1 Basic requirements
Identity authentication mainly includes identification registration and
authentication the identity of the device / user.
Participating entities for identity authentication generally include: manufacturer,
registration agency, CA agency. The manufacturer provides globally unique
identification for device. The registration agency issues registration certificate
for user/device based on user/device identity. The CA agency certifies validity
of certificate and authenticates user/device identity.
6.1.2 Identification
The device and the user shall be identified first before accessing to the
intelligent transport system. And ensure the uniqueness in its life cycle. The
system shall manage and maintain the identification information to ensure that
it is not unauthorizedly accessed, modified or deleted, and is associated with
security audit.
The identification in the intelligent transport system mainly includes device
identification and user identification:
a) See Figure 1 for device identification method;
Identity certificate - Temporary identity that is required to apply for communication in the
system;
Identity characteristics - Information or biometrics that identify the user.
NOTE: The above three parts are bound by the registration entity when the device entity
applies for identity.
Figure 2 -- User identification
6.1.3 Registration
6.1.3.1 Application for registration
The registration authority is responsible to receive the registration request from
the device/user and determine if the information provided by the device/user
meets the requirements. Its main functions include:
a) Information input. Input the device/user application information for
registration request, including information required to issue a certificate
and information used to verify identity. Convert such information into the
information that meets system-specific format requirements and store it in
the registry database;
b) Information review. Extract the device/user application information for
registration request. Review its true identity according to certain rules;
c) Qualification issue. When the audit is passed, submit the information
required for certificate issuance to the CA. Issue the certificate to the
device/user;
d) Association binding. Bind the temporary identity information applied by the
device/user to its identity;
e) Security management. Conduct secure access control to registration
agency. Manage and backup the information database.
6.1.3.2 Certificate management
6.1.3.2.1 Overview
After the registration agency reviews the registration application, CA agency
shall issue the certificate to the device/user and manage the certificate.
6.1.3.2.2 Certificate issue
After the device/user submits a request to the registration agency and is
reviewed, the CA agency shall determine if a certificate request from the
device/user is accepted. Verify if the application info...
Get QUOTATION in 1-minute: Click GB/T 37373-2019
Historical versions: GB/T 37373-2019
Preview True-PDF (Reload/Scroll if blank)
GB/T 37373-2019: Intelligent transport -- Data security service
GB/T 37373-2019
NATIONAL STANDARD OF THE
PEOPLE’S REPUBLIC OF CHINA
ICS 03.220.20
R 85
Intelligent transport - Data security service
ISSUED ON: MAY 10, 2019
IMPLEMENTED ON: DECEMBER 01, 2019
Issued by: State Administration for Market Regulation;
Standardization Administration of the People's Republic of
China.
Table of Contents
Foreword ... 3
1 Scope ... 4
2 Normative references ... 4
3 Terms and definitions ... 4
4 Abbreviations ... 6
5 Security support platform ... 7
6 Data security service ... 8
Annex A (informative) Security support platform of internet of vehicles based on
PKI ... 15
Annex B (informative) Certificate authentication system ... 17
Annex C (informative) Authorization management system ... 19
Annex D (informative) Key management system ... 20
Annex E (informative) Security management system ... 22
Bibliography ... 24
Intelligent transport - Data security service
1 Scope
This Standard specifies security support platform and data security service of
intelligent transport system.
This Standard is applicable to intelligent transport system to realize data
security service that is based on cryptography.
2 Normative references
The following referenced documents are indispensable for the application of
this document. For dated references, only the edition cited applies. For undated
references, the latest edition of the referenced document (including any
amendments) applies.
GB/T 20839-2007, Intelligent transport systems - General terminology
GB/T 22239-2008, Information security technology - Baseline for classified
protection of information system security
GB/T 25069-2010, Information security technology - Glossary
3 Terms and definitions
For the purposes of this document, the terms and definitions defined in GB/T
20839-2007 and GB/T 25069-2010 as well as the followings apply. To facilitate
the use, some terms and definitions in GB/T 20839-2007 and GB/T 25069-2010
are repeatedly listed below.
3.1 intelligent transport systems; ITS
An integrated transport system that is based on better transportation
infrastructure, that effectively and comprehensively applies advanced science
and technology (information technology, computer technology, data
communication technology, sensor technology, electronic control technology,
automatic control theory, operations research, artificial intelligence, etc.) to
transportation, service control, and vehicle manufacturing, so as to strengthen
the connection between vehicles, roads and users, thus to form a guarantee for
safety, efficiency, environment and energy conservation.
A mode that provides and manages scalable and elastic shared physical and
virtual resource pools through network, in a manner of self-service on demand.
NOTE: Resources include servers, operating systems, networks, software, applications,
and storage devices.
[GB/T 32400-2015, definition 3.2.5]
3.8 data integrity
The property that the data has not been altered or destroyed in an unauthorized
manner.
[GB/T 25069-2010, definition 2.1.36]
3.9 confidentiality
A feature that prevents data from being leaked to or used by unauthorized
individuals, entities, processes.
[GB/T 25069-2010, definition 2.1.1]
3.10 availability
A feature of data and resources that an authorized entity can access and use
as needed.
[GB/T 25069-2010, definition 2.1.20]
3.11 digital certificate
A credible digital file that is digitally signed by a nationally-recognized,
authoritative, credible and fair third-party certificate authority (CA).
[GB/T 20518-2006, definition 3.7]
3.12 digital signature
Data that is attached to the data unit, or cryptographic transformation of data
unit. Such data or transformation allows the receiver of the data unit to verify
the source and integrity of the data unit and protect data from forgery or
repudiation by someone (e.g., recipient).
[GB/T 25069-2010, definition 2.2.2.176]
4 Abbreviations
The following abbreviations apply to this document.
and defense function to provide security management services for the
intelligent transport system, including security policy formulation, security
policy distribution, security audit, security resource management, security
protection, backup and recovery, emergency handling and disaster
recovery. See Annex E for general functional description of the security
management system.
6 Data security service
6.1 Identity authentication
6.1.1 Basic requirements
Identity authentication mainly includes identification registration and
authentication the identity of the device / user.
Participating entities for identity authentication generally include: manufacturer,
registration agency, CA agency. The manufacturer provides globally unique
identification for device. The registration agency issues registration certificate
for user/device based on user/device identity. The CA agency certifies validity
of certificate and authenticates user/device identity.
6.1.2 Identification
The device and the user shall be identified first before accessing to the
intelligent transport system. And ensure the uniqueness in its life cycle. The
system shall manage and maintain the identification information to ensure that
it is not unauthorizedly accessed, modified or deleted, and is associated with
security audit.
The identification in the intelligent transport system mainly includes device
identification and user identification:
a) See Figure 1 for device identification method;
Identity certificate - Temporary identity that is required to apply for communication in the
system;
Identity characteristics - Information or biometrics that identify the user.
NOTE: The above three parts are bound by the registration entity when the device entity
applies for identity.
Figure 2 -- User identification
6.1.3 Registration
6.1.3.1 Application for registration
The registration authority is responsible to receive the registration request from
the device/user and determine if the information provided by the device/user
meets the requirements. Its main functions include:
a) Information input. Input the device/user application information for
registration request, including information required to issue a certificate
and information used to verify identity. Convert such information into the
information that meets system-specific format requirements and store it in
the registry database;
b) Information review. Extract the device/user application information for
registration request. Review its true identity according to certain rules;
c) Qualification issue. When the audit is passed, submit the information
required for certificate issuance to the CA. Issue the certificate to the
device/user;
d) Association binding. Bind the temporary identity information applied by the
device/user to its identity;
e) Security management. Conduct secure access control to registration
agency. Manage and backup the information database.
6.1.3.2 Certificate management
6.1.3.2.1 Overview
After the registration agency reviews the registration application, CA agency
shall issue the certificate to the device/user and manage the certificate.
6.1.3.2.2 Certificate issue
After the device/user submits a request to the registration agency and is
reviewed, the CA agency shall determine if a certificate request from the
device/user is accepted. Verify if the application info...
Share
