1
/
of
10
PayPal, credit cards. Download editable-PDF and invoice in 1 second!
GM/T 0109-2021 English PDF (GMT0109-2021)
GM/T 0109-2021 English PDF (GMT0109-2021)
Regular price
$260.00 USD
Regular price
Sale price
$260.00 USD
Unit price
/
per
Shipping calculated at checkout.
Couldn't load pickup availability
Delivery: 3 seconds. Download true-PDF + Invoice.
Get QUOTATION in 1-minute: Click GM/T 0109-2021
Historical versions: GM/T 0109-2021
Preview True-PDF (Reload/Scroll if blank)
GM/T 0109-2021: Technical requirements for electronic signature service based on cloud computing
GM/T 0109-2021
GM
CRYPTOGRAPHY INDUSTRY STANDARD
OF THE PEOPLE’S REPUBLIC OF CHINA
ICS 35.030
CCS L 80
Technical Requirements for Electronic Signature Service Based
on Cloud Computing
ISSUED ON: OCTOBER 18, 2021
IMPLEMENTED ON: MAY 1, 2022
Issued by: State Cryptography Administration
Table of Contents
Foreword ... 3
Introduction ... 4
1 Scope ... 5
2 Normative References ... 5
3 Terms and Definitions ... 6
4 Abbreviated Terms ... 7
5 General Architecture of Electronic Signature Service Based on Cloud Computing .. 7
5.1 Architecture model ... 7
5.2 Service mode ... 9
6 Technical Requirements for Relying Parties ... 9
7 Technical Requirements for Signers ... 10
7.1 General requirements ... 10
7.2 Local data protection ... 10
7.3 Identity authentication ... 10
7.4 Communication data protection ... 10
7.5 Key management ... 10
7.6 Confirmation and control of electronic signatures ... 10
8 Technical Requirements for Cloud-Base Signing Services ... 11
8.1 Overview ... 11
8.2 Construction requirements ... 11
8.3 Requirements for Electronic Signature Services ... 11
8.4 Operation support requirements ... 17
8.5 Security audit requirements ... 18
Appendix A (Informative) Several Typical Modes of Cloud Signature Service ... 19
Technical Requirements for Electronic Signature Service Based
on Cloud Computing
1 Scope
This Document describes the cryptographic technology requirements for electronic signature
services based on cloud computing, and proposes the cryptographic technology requirements
for electronic signature services based on cloud computing using digital certificates and digital
signature technologies.
This Document is applicable to guiding the construction, management, detection and
application of electronic signature services based on cloud computing.
2 Normative References
The provisions in following documents become the essential provisions of this Document
through reference in this Document. For the dated documents, only the versions with the dates
indicated are applicable to this Document; for the undated documents, only the latest version
(including all the amendments) is applicable to this Document.
GB/T 15843 Information technology - Security techniques - Entity authentication
GB/T 20518 Information security technology - Public key infrastructure - Digital
certificate format
GB/T 22239 Information security technology - Baseline for classified protection of
cybersecurity
GB/T 25056 Information security technology - Specifications of cryptograph and related
security technology for certificate authentication system
GB/T 25064 Information security technology - Public key infrastructure - Electronic
signature formats specification
GB/T 31168-2014 Information Security Technology - Security Capability Requirements
of Cloud Computing Services
GB/T 32905 Information security technology - SM3 cryptographic hash algorithm
GB/T 32907 Information security techno1ogy - SM4 b1ock cipher algorithm
GB/T 32918 (all parts) Information security technology - Public key cryptographic
--- In the cloud-based electronic signature activity, the signer entrusts the electronic
signature function or part of the electronic signature function to the cloud-base signing
service; and the signer uses the terminal, application program or application system to
control and confirm the process of making electronic signature;
--- The relying party performs subsequent business operations by judging the validity of the
electronic signature and related data provided by the signer or cloud-base signing service;
--- The cloud-base signing service provides electronic signature services and related user
management, key management and other services; and shall provide operation support
for the cloud-base signing service. The cloud-base signing service is provided in the form
of cloud service; and has the characteristics of on-demand cloud service, ubiquitous
access, resource pooling, rapid scalability, and service measurability.
5.2 Service mode
Depending on the business scenario, the cloud-base signing service can provide services to the
outside in different modes. Common service modes are as follows.
--- Collaborative signature mode: refers to the signer and the cloud-base signing server-side
each saving a part of the key component, and generating the final signature result through
cryptographic protocol interaction. See A.1 for details.
--- Proxy signature mode: refers to the signer hosting the key on the cloud-base signing
server-side, and authorizing the cloud-base signing server-side to complete the signing
operation for it when an electronic signature is required. See A.2 for details.
6 Technical Requirements for Relying Parties
The relying party shall use the cryptographic module to complete the cryptographic functions
related to the electronic signature process based on cloud computing and the verification
signature process. The cryptographic module shall pass the commercial cryptographic testing
and certification and meet the requirements of the security level matching the business in GB/T
37092. The cryptographic module shall support the relying party to verify the electronic
signature function; and the verification electronic signature process shall meet the requirements
of GB/T 25064. If the electronic signature function needs to be initiated by the relying party,
the cryptographic module shall provide the cryptographic function required for the cloud-base
signing service access function.
7 Technical Requirements for Signers
7.1 General requirements
Signers can use cryptographic modules to complete the cryptographic functions required for
electronic signatures based on cloud computing. If a cryptographic module is used, the module
shall pass the commercial cryptographic test and certification, meet the requirements of the
security level matching the business in GB/T 37092; and support the requirements of 7.2~7.6.
7.2 Local data protection
Signers shall protect the integrity and confidentiality of local key configuration data and
sensitive data.
7.3 Identity authentication
When the signer communicates with the cloud-base signing service, it shall support the
authentication of the cloud-base signing service identity and declare its own identity in
accordance with the access requirements of the cloud-base signing service.
7.4 Communication data protection
When the signer communicates with the cloud-base signing service, it shall protect the
communication data in accordance with the access requirements of the cloud-base signing
service.
7.5 Key management
When using the collaborative signature mode for electronic signature, the signers shall support
the generation of the client component of the signature key within the cryptographic module,
and support the storage and secure use of the key component.
7.6 Confirmation and control of electronic signatures
During the electronic signature process, the signer shall confirm the relevant data of the
electronic signature and control the signing process through interaction. If the content
confirmation and signature interaction adopt the cryptographic module, the following
requirements shall be met:
a) It shall support the identification of the source of the received electronic signature request
and the confirmation of the integrity of the electronic signature message content;
b) When the collaborative signature mode is adopted, it shall en...
Get QUOTATION in 1-minute: Click GM/T 0109-2021
Historical versions: GM/T 0109-2021
Preview True-PDF (Reload/Scroll if blank)
GM/T 0109-2021: Technical requirements for electronic signature service based on cloud computing
GM/T 0109-2021
GM
CRYPTOGRAPHY INDUSTRY STANDARD
OF THE PEOPLE’S REPUBLIC OF CHINA
ICS 35.030
CCS L 80
Technical Requirements for Electronic Signature Service Based
on Cloud Computing
ISSUED ON: OCTOBER 18, 2021
IMPLEMENTED ON: MAY 1, 2022
Issued by: State Cryptography Administration
Table of Contents
Foreword ... 3
Introduction ... 4
1 Scope ... 5
2 Normative References ... 5
3 Terms and Definitions ... 6
4 Abbreviated Terms ... 7
5 General Architecture of Electronic Signature Service Based on Cloud Computing .. 7
5.1 Architecture model ... 7
5.2 Service mode ... 9
6 Technical Requirements for Relying Parties ... 9
7 Technical Requirements for Signers ... 10
7.1 General requirements ... 10
7.2 Local data protection ... 10
7.3 Identity authentication ... 10
7.4 Communication data protection ... 10
7.5 Key management ... 10
7.6 Confirmation and control of electronic signatures ... 10
8 Technical Requirements for Cloud-Base Signing Services ... 11
8.1 Overview ... 11
8.2 Construction requirements ... 11
8.3 Requirements for Electronic Signature Services ... 11
8.4 Operation support requirements ... 17
8.5 Security audit requirements ... 18
Appendix A (Informative) Several Typical Modes of Cloud Signature Service ... 19
Technical Requirements for Electronic Signature Service Based
on Cloud Computing
1 Scope
This Document describes the cryptographic technology requirements for electronic signature
services based on cloud computing, and proposes the cryptographic technology requirements
for electronic signature services based on cloud computing using digital certificates and digital
signature technologies.
This Document is applicable to guiding the construction, management, detection and
application of electronic signature services based on cloud computing.
2 Normative References
The provisions in following documents become the essential provisions of this Document
through reference in this Document. For the dated documents, only the versions with the dates
indicated are applicable to this Document; for the undated documents, only the latest version
(including all the amendments) is applicable to this Document.
GB/T 15843 Information technology - Security techniques - Entity authentication
GB/T 20518 Information security technology - Public key infrastructure - Digital
certificate format
GB/T 22239 Information security technology - Baseline for classified protection of
cybersecurity
GB/T 25056 Information security technology - Specifications of cryptograph and related
security technology for certificate authentication system
GB/T 25064 Information security technology - Public key infrastructure - Electronic
signature formats specification
GB/T 31168-2014 Information Security Technology - Security Capability Requirements
of Cloud Computing Services
GB/T 32905 Information security technology - SM3 cryptographic hash algorithm
GB/T 32907 Information security techno1ogy - SM4 b1ock cipher algorithm
GB/T 32918 (all parts) Information security technology - Public key cryptographic
--- In the cloud-based electronic signature activity, the signer entrusts the electronic
signature function or part of the electronic signature function to the cloud-base signing
service; and the signer uses the terminal, application program or application system to
control and confirm the process of making electronic signature;
--- The relying party performs subsequent business operations by judging the validity of the
electronic signature and related data provided by the signer or cloud-base signing service;
--- The cloud-base signing service provides electronic signature services and related user
management, key management and other services; and shall provide operation support
for the cloud-base signing service. The cloud-base signing service is provided in the form
of cloud service; and has the characteristics of on-demand cloud service, ubiquitous
access, resource pooling, rapid scalability, and service measurability.
5.2 Service mode
Depending on the business scenario, the cloud-base signing service can provide services to the
outside in different modes. Common service modes are as follows.
--- Collaborative signature mode: refers to the signer and the cloud-base signing server-side
each saving a part of the key component, and generating the final signature result through
cryptographic protocol interaction. See A.1 for details.
--- Proxy signature mode: refers to the signer hosting the key on the cloud-base signing
server-side, and authorizing the cloud-base signing server-side to complete the signing
operation for it when an electronic signature is required. See A.2 for details.
6 Technical Requirements for Relying Parties
The relying party shall use the cryptographic module to complete the cryptographic functions
related to the electronic signature process based on cloud computing and the verification
signature process. The cryptographic module shall pass the commercial cryptographic testing
and certification and meet the requirements of the security level matching the business in GB/T
37092. The cryptographic module shall support the relying party to verify the electronic
signature function; and the verification electronic signature process shall meet the requirements
of GB/T 25064. If the electronic signature function needs to be initiated by the relying party,
the cryptographic module shall provide the cryptographic function required for the cloud-base
signing service access function.
7 Technical Requirements for Signers
7.1 General requirements
Signers can use cryptographic modules to complete the cryptographic functions required for
electronic signatures based on cloud computing. If a cryptographic module is used, the module
shall pass the commercial cryptographic test and certification, meet the requirements of the
security level matching the business in GB/T 37092; and support the requirements of 7.2~7.6.
7.2 Local data protection
Signers shall protect the integrity and confidentiality of local key configuration data and
sensitive data.
7.3 Identity authentication
When the signer communicates with the cloud-base signing service, it shall support the
authentication of the cloud-base signing service identity and declare its own identity in
accordance with the access requirements of the cloud-base signing service.
7.4 Communication data protection
When the signer communicates with the cloud-base signing service, it shall protect the
communication data in accordance with the access requirements of the cloud-base signing
service.
7.5 Key management
When using the collaborative signature mode for electronic signature, the signers shall support
the generation of the client component of the signature key within the cryptographic module,
and support the storage and secure use of the key component.
7.6 Confirmation and control of electronic signatures
During the electronic signature process, the signer shall confirm the relevant data of the
electronic signature and control the signing process through interaction. If the content
confirmation and signature interaction adopt the cryptographic module, the following
requirements shall be met:
a) It shall support the identification of the source of the received electronic signature request
and the confirmation of the integrity of the electronic signature message content;
b) When the collaborative signature mode is adopted, it shall en...
Share
