1
/
of
9
PayPal, credit cards. Download editable-PDF and invoice in 1 second!
GM/T 0070-2019 English PDF (GMT0070-2019)
GM/T 0070-2019 English PDF (GMT0070-2019)
Regular price
$150.00 USD
Regular price
Sale price
$150.00 USD
Unit price
/
per
Shipping calculated at checkout.
Couldn't load pickup availability
Delivery: 3 seconds. Download true-PDF + Invoice.
Get QUOTATION in 1-minute: Click GM/T 0070-2019
Historical versions: GM/T 0070-2019
Preview True-PDF (Reload/Scroll if blank)
GM/T 0070-2019: Technical requirement for applications of cryptography in electronic insurance policy
GM/T 0070-2019
CRYPTOGRAPHIC INDUSTRY STANDARD
OF THE PEOPLE’S REPUBLIC OF CHINA
ICS 35.040
L 80
Technical requirement for applications of
cryptography in electronic insurance policy
ISSUED ON: JULY 12, 2019
IMPLEMENTED ON: JULY 12, 2019
Issued by: State Cryptography Administration
Table of Contents
Foreword ... 3
1 Scope ... 4
2 Normative references ... 4
3 Terms and definitions ... 5
4 Acronyms ... 6
5 Security requirements for electronic insurance policy ... 7
5.1 Business process of electronic insurance policy ... 7
5.2 Security requirements ... 8
6 Technical framework of cryptographic application of electronic insurance
policy ... 9
7 Cryptographic application requirements in the management process of
electronic insurance policy ... 11
7.1 Application of electronic insurance policy ... 11
7.2 Issuance of electronic insurance policy ... 12
7.3 Storage of electronic insurance policies ... 13
7.4 Delivery of electronic insurance policy ... 13
7.5 Verification of electronic insurance policy ... 14
7.6 Lapse of electronic insurance policy ... 15
8 Cryptographic technical requirements for electronic insurance policy ... 15
8.1 Requirements for cryptographic algorithms ... 15
8.2 Requirement for cryptographic equipment ... 15
8.3 Requirements for key management ... 16
8.4 Requirements for certificate management ... 16
8.5 Requirements for digital certificate of electronic insurance policy ... 16
8.6 Data format requirements for electronic insurance policies ... 16
Technical requirement for applications of
cryptography in electronic insurance policy
1 Scope
This standard describes the cryptographic application requirements of the
electronic policy business in the insurance industry. It specifies the technical
requirements for the application of cryptography in the main aspects of
electronic policy management, such as insurance, issuance, storage,
verification, delivery of electronic insurance policy. This standard can provide
guide for the cryptographic application for electronic insurance policy.
This standard applies to the development and use of electronic insurance policy
systems.
2 Normative references
The following documents are essential to the application of this document. For
the dated documents, only the versions with the dates indicated are applicable
to this document; for the undated documents, only the latest version (including
all the amendments) are applicable to this standard.
GB/T 20518 Information security technology - Public key infrastructure -
Digital certificate format
GB/T 20520 Information security technology - Public key infrastructure -
Timestamp specification
GB/T 32905 Information security techniques - SM3 cryptographic hash
algorithm
GB/T 32907 Information security technology - SM4 block cipher algorithm
GB/T 32918 (all parts) Information security technology - Public key
cryptographic algorithm SM2 based on elliptic curves
GB/T 35275 Information security technology - SM2 cryptographic algorithm
encrypted signature message syntax specification
GB/T 35276 Information security technology - SM2 cryptography algorithm
usage specification
Electronic policy
The electronic insurance contract certificate issued by the insurance
company with the digital signature of the insurance company for the
insurance applicant, which is legally equivalent to a paper insurance
document.
3.7
Electronic application form
An electronic offer application made by an insurance applicant to an
insurance company for the purpose of entering into an insurance contract.
3.8
SM2 algorithm
An algorithm as defined by GB/T 32918.
3.9
SM3 algorithm
An algorithm as defined by GB/T 32905.
3.10
SM4 algorithm
An algorithm defined by GB/T 32907.
3.11
Lapse of electronic policy
An electronic policy after it becomes effective loses its legal effect for some
reason.
4 Acronyms
The following abbreviations apply to this document.
CA: Certificate Authority
CRL: Certificate Revocation List
HTTPS: Hyper Text Transfer Protocol over Secure Socket Layer
premium rate;
c) Insurance acceptance: Refers to the insurance company's acceptance of
the insurance application that has been successfully underwritten and
paid; carries out the process of issuing, storing, delivering electronic
insurance police;
d) Claims: After the insured accident occurs, the insurance applicant and the
insured submit an application for premium to the insurance company
based on the electronic insurance policy. The insurance company verifies
the electronic insurance policy and makes compensation or payment
according to the insurance contract;
e) Routine insurance process: querying policy information, renewing
payment and other routine insurance processes.
5.2 Security requirements
Insurance contract information is the key data in the insurance business.
Electronic insurance policies exist as data messages in the form of insurance
contracts. In order to ensure that electronic insurance policies have the same
legal effect as paper insurance policies, the following security requirements
exist in the generation and use of electronic insurance policies:
a) Identity authentication requirements for traders of electronic insurance
policy:
-- Confirm that the parties such as the insurance applicant and insured
have signed and approved the insurance contract;
-- Ensure that the electronic insurance policy obtained by the customer is
signed by the insurance company entrusted by the user to bear the
insurance liability.
b) Confidentiality requirements of electronic insurance policies: Ensure the
security of relevant information of electronic policies of insurance
companies during the storage, delivery, etc.; prevent user’s privacy
information related to electronic policies from being stolen illegally during
storage or transmission.
c) Integrity requirements of electronic policies: It is necessary to ensure that
the information seen by the insurance applicant and the insurance
company is completely consistent. Therefore, it is required to ensure the
integrity of the electronic policy information during the generation, storage,
and delivery of the electronic policy and not to be illegally tampered with.
The technical framework of cryptographic application of electronic insurance
policy is composed of business support layer, cryptographic function layer,
infrastructure layer:
a) Business support layer: the electronic insurance policy’s business support
layer involves the core data of network insurance, electronic insurance
policy data and main management processes, including such links as the
insurance application, issuance, verification, storage, delivery, lapse, etc.
of the electronic insurance policy; it achieves the secure management of
electronic insurance policy by calling the cryptographic function layer.
b) Cryptographic function layer: The cryptographic function layer is an
intermediate layer between the infrastructure layer and the insurance
business application layer. It provides relevant cryptographic service
functions for the electronic insurance policy’s business support layer to
ensure the security of electronic insurance policies.
The cryptographic function layer is a collection of hardware cryptographic
modules and cryptographic middleware, which implements the following
basic functi...
Get QUOTATION in 1-minute: Click GM/T 0070-2019
Historical versions: GM/T 0070-2019
Preview True-PDF (Reload/Scroll if blank)
GM/T 0070-2019: Technical requirement for applications of cryptography in electronic insurance policy
GM/T 0070-2019
CRYPTOGRAPHIC INDUSTRY STANDARD
OF THE PEOPLE’S REPUBLIC OF CHINA
ICS 35.040
L 80
Technical requirement for applications of
cryptography in electronic insurance policy
ISSUED ON: JULY 12, 2019
IMPLEMENTED ON: JULY 12, 2019
Issued by: State Cryptography Administration
Table of Contents
Foreword ... 3
1 Scope ... 4
2 Normative references ... 4
3 Terms and definitions ... 5
4 Acronyms ... 6
5 Security requirements for electronic insurance policy ... 7
5.1 Business process of electronic insurance policy ... 7
5.2 Security requirements ... 8
6 Technical framework of cryptographic application of electronic insurance
policy ... 9
7 Cryptographic application requirements in the management process of
electronic insurance policy ... 11
7.1 Application of electronic insurance policy ... 11
7.2 Issuance of electronic insurance policy ... 12
7.3 Storage of electronic insurance policies ... 13
7.4 Delivery of electronic insurance policy ... 13
7.5 Verification of electronic insurance policy ... 14
7.6 Lapse of electronic insurance policy ... 15
8 Cryptographic technical requirements for electronic insurance policy ... 15
8.1 Requirements for cryptographic algorithms ... 15
8.2 Requirement for cryptographic equipment ... 15
8.3 Requirements for key management ... 16
8.4 Requirements for certificate management ... 16
8.5 Requirements for digital certificate of electronic insurance policy ... 16
8.6 Data format requirements for electronic insurance policies ... 16
Technical requirement for applications of
cryptography in electronic insurance policy
1 Scope
This standard describes the cryptographic application requirements of the
electronic policy business in the insurance industry. It specifies the technical
requirements for the application of cryptography in the main aspects of
electronic policy management, such as insurance, issuance, storage,
verification, delivery of electronic insurance policy. This standard can provide
guide for the cryptographic application for electronic insurance policy.
This standard applies to the development and use of electronic insurance policy
systems.
2 Normative references
The following documents are essential to the application of this document. For
the dated documents, only the versions with the dates indicated are applicable
to this document; for the undated documents, only the latest version (including
all the amendments) are applicable to this standard.
GB/T 20518 Information security technology - Public key infrastructure -
Digital certificate format
GB/T 20520 Information security technology - Public key infrastructure -
Timestamp specification
GB/T 32905 Information security techniques - SM3 cryptographic hash
algorithm
GB/T 32907 Information security technology - SM4 block cipher algorithm
GB/T 32918 (all parts) Information security technology - Public key
cryptographic algorithm SM2 based on elliptic curves
GB/T 35275 Information security technology - SM2 cryptographic algorithm
encrypted signature message syntax specification
GB/T 35276 Information security technology - SM2 cryptography algorithm
usage specification
Electronic policy
The electronic insurance contract certificate issued by the insurance
company with the digital signature of the insurance company for the
insurance applicant, which is legally equivalent to a paper insurance
document.
3.7
Electronic application form
An electronic offer application made by an insurance applicant to an
insurance company for the purpose of entering into an insurance contract.
3.8
SM2 algorithm
An algorithm as defined by GB/T 32918.
3.9
SM3 algorithm
An algorithm as defined by GB/T 32905.
3.10
SM4 algorithm
An algorithm defined by GB/T 32907.
3.11
Lapse of electronic policy
An electronic policy after it becomes effective loses its legal effect for some
reason.
4 Acronyms
The following abbreviations apply to this document.
CA: Certificate Authority
CRL: Certificate Revocation List
HTTPS: Hyper Text Transfer Protocol over Secure Socket Layer
premium rate;
c) Insurance acceptance: Refers to the insurance company's acceptance of
the insurance application that has been successfully underwritten and
paid; carries out the process of issuing, storing, delivering electronic
insurance police;
d) Claims: After the insured accident occurs, the insurance applicant and the
insured submit an application for premium to the insurance company
based on the electronic insurance policy. The insurance company verifies
the electronic insurance policy and makes compensation or payment
according to the insurance contract;
e) Routine insurance process: querying policy information, renewing
payment and other routine insurance processes.
5.2 Security requirements
Insurance contract information is the key data in the insurance business.
Electronic insurance policies exist as data messages in the form of insurance
contracts. In order to ensure that electronic insurance policies have the same
legal effect as paper insurance policies, the following security requirements
exist in the generation and use of electronic insurance policies:
a) Identity authentication requirements for traders of electronic insurance
policy:
-- Confirm that the parties such as the insurance applicant and insured
have signed and approved the insurance contract;
-- Ensure that the electronic insurance policy obtained by the customer is
signed by the insurance company entrusted by the user to bear the
insurance liability.
b) Confidentiality requirements of electronic insurance policies: Ensure the
security of relevant information of electronic policies of insurance
companies during the storage, delivery, etc.; prevent user’s privacy
information related to electronic policies from being stolen illegally during
storage or transmission.
c) Integrity requirements of electronic policies: It is necessary to ensure that
the information seen by the insurance applicant and the insurance
company is completely consistent. Therefore, it is required to ensure the
integrity of the electronic policy information during the generation, storage,
and delivery of the electronic policy and not to be illegally tampered with.
The technical framework of cryptographic application of electronic insurance
policy is composed of business support layer, cryptographic function layer,
infrastructure layer:
a) Business support layer: the electronic insurance policy’s business support
layer involves the core data of network insurance, electronic insurance
policy data and main management processes, including such links as the
insurance application, issuance, verification, storage, delivery, lapse, etc.
of the electronic insurance policy; it achieves the secure management of
electronic insurance policy by calling the cryptographic function layer.
b) Cryptographic function layer: The cryptographic function layer is an
intermediate layer between the infrastructure layer and the insurance
business application layer. It provides relevant cryptographic service
functions for the electronic insurance policy’s business support layer to
ensure the security of electronic insurance policies.
The cryptographic function layer is a collection of hardware cryptographic
modules and cryptographic middleware, which implements the following
basic functi...
Share
