Codeofchina.com is in charge of this English translation. In case of any doubt about the English translation, the Chinese original shall be considered authoritative.
This standard is developed in accordance with the rules given in GB/T 1.1-2009.
This standard was proposed by and is under the jurisdiction of the National Technical Committee 268 on Intelligent Transport Systems of Standardization Administration of China(SAC/TC 268).
Introduction
Based on the national classification of digital certificates, and combined with various application scenarios of transportation information systems,this standard gives priority to the requirements of various data security services on the length and operational efficiency of digital certificates in the application of intelligent transport systems, and standardizes the format of ITS device certificates.
The content of this standard relevant to cryptographic algorithm takes into account the application and implementation of the indigenous cryptographic algorithms of China.
Transportation—Digital certificate format
1 Scope
This standard specifies the classification and format of digital certificates in transportation information systems.
This standard is applicable to the design, development and testing of software and hardware systems related to the application of digital certificates in transportation information systems.
2 Normative References
The following referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.
GB/T 25069-2010 Information security technology-Glossary
GB/T 0015 Digital certificate format based on SM2 algorithm
3 Terms and Definitions
For the purposes of this document, the terms and definitions given in GB/T 25069-2010 and the following apply.
3.1
intelligent transport systems, ITS
an integrated transportation system, based on perfect transportation infrastructure, effectively and comprehensively applying advanced scientific technologies (information, computer, data communication, sensor, and electronic control technologies, automatic control theories, operation research, artificial intelligence, etc.)to transportation, service control and vehicle manufacturing, which can strengthen the connection of vehicles, roads and users, and thus guarantee safety, enhance efficiency, improve environment and save energy
3.2
cooperative ITS
an intelligent transport system that realizes intelligent collaboration and cooperation of vehicles and infrastructure, vehicles and vehicles, and vehicles and people through the information interaction of people, vehicles and roads
3.3
digital certificate
a credible digital document digitally signed by a third-party certificate authority (CA) recognized by the state with authority, credibility and impartiality
[GB/T 20518-2017, definition 3.7]
3.4
ITS device certificate
certificate files with specific formats issued for on-board units, roadside units and mobile terminals in intelligent transport systems
3.5
SM2 algorithm
an elliptic curve cryptographic algorithm with a key length of 256 bits
4 Abbreviations
For the purposes of this document, the following abbreviations apply.
CA: Certificate Authority
CRL: Certificate Revocation List
ITS: Intelligent Transport System
UTC: Coordinated Universal Time
5 Certificate classification
The issuance and management of digital certificates in transport systems include the following five types of certificates:
A) Organization certificate—issued to internal organizations or service units of transportation system;
B) Civil servant certificate—issued to computer terminal users of transportation system (internal staff);
C) Public certificate—issued to computer terminal users of transportation system (external users);
D) Device certificate—issued for servers and terminal equipments of transportation system;
E) ITS device certificate—issued for on-board units, roadside units and mobile terminals in transportation system.
6 Digital certificate format
6.1 General format
The format of organization, civil servant, public and device certificates shall meet the requirements of GM/T 0015.
6.2 ITS device certificate format
6.2.1 Description of basic elements
6.2.1.1 Coding rules
Describe data structure by ASN.1, and encode the information in digital certificate format by Octet Coding Rule (OER).
6.2.1.2 Basic data types
Basic data types are defined as follows:
6.2.1.3 Octet hash value
The octet hash value is defined as HashedId8, and its structure is as follows:
HashedId8∷=OCTET STRING (SIZE(8))
Note: This hash value is used to identify data including certificates. First, calculate the hash value of input data, and then take eight least-significant bytes from the hash value. The eight least-significant bytes are the last eight bytes of the 32-byte hash.
6.2.1.4 Digest algorithm
Digest algorithm is defined as HashAlgorithm, and its structure is as follows:
Foreword i Introduction ii 1 Scope 2 Normative References 3 Terms and Definitions 4 Abbreviations 5 Certificate classification 6 Digital certificate format Annex A (Informative) Example ITS device certificate format Annex B (Informative)Example of CRL format Bibliography
Codeofchina.com is in charge of this English translation. In case of any doubt about the English translation, the Chinese original shall be considered authoritative.
This standard is developed in accordance with the rules given in GB/T 1.1-2009.
This standard was proposed by and is under the jurisdiction of the National Technical Committee 268 on Intelligent Transport Systems of Standardization Administration of China(SAC/TC 268).
Introduction
Based on the national classification of digital certificates, and combined with various application scenarios of transportation information systems,this standard gives priority to the requirements of various data security services on the length and operational efficiency of digital certificates in the application of intelligent transport systems, and standardizes the format of ITS device certificates.
The content of this standard relevant to cryptographic algorithm takes into account the application and implementation of the indigenous cryptographic algorithms of China.
Transportation—Digital certificate format
1 Scope
This standard specifies the classification and format of digital certificates in transportation information systems.
This standard is applicable to the design, development and testing of software and hardware systems related to the application of digital certificates in transportation information systems.
2 Normative References
The following referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.
GB/T 25069-2010 Information security technology-Glossary
GB/T 0015 Digital certificate format based on SM2 algorithm
3 Terms and Definitions
For the purposes of this document, the terms and definitions given in GB/T 25069-2010 and the following apply.
3.1
intelligent transport systems, ITS
an integrated transportation system, based on perfect transportation infrastructure, effectively and comprehensively applying advanced scientific technologies (information, computer, data communication, sensor, and electronic control technologies, automatic control theories, operation research, artificial intelligence, etc.)to transportation, service control and vehicle manufacturing, which can strengthen the connection of vehicles, roads and users, and thus guarantee safety, enhance efficiency, improve environment and save energy
3.2
cooperative ITS
an intelligent transport system that realizes intelligent collaboration and cooperation of vehicles and infrastructure, vehicles and vehicles, and vehicles and people through the information interaction of people, vehicles and roads
3.3
digital certificate
a credible digital document digitally signed by a third-party certificate authority (CA) recognized by the state with authority, credibility and impartiality
[GB/T 20518-2017, definition 3.7]
3.4
ITS device certificate
certificate files with specific formats issued for on-board units, roadside units and mobile terminals in intelligent transport systems
3.5
SM2 algorithm
an elliptic curve cryptographic algorithm with a key length of 256 bits
4 Abbreviations
For the purposes of this document, the following abbreviations apply.
CA: Certificate Authority
CRL: Certificate Revocation List
ITS: Intelligent Transport System
UTC: Coordinated Universal Time
5 Certificate classification
The issuance and management of digital certificates in transport systems include the following five types of certificates:
A) Organization certificate—issued to internal organizations or service units of transportation system;
B) Civil servant certificate—issued to computer terminal users of transportation system (internal staff);
C) Public certificate—issued to computer terminal users of transportation system (external users);
D) Device certificate—issued for servers and terminal equipments of transportation system;
E) ITS device certificate—issued for on-board units, roadside units and mobile terminals in transportation system.
6 Digital certificate format
6.1 General format
The format of organization, civil servant, public and device certificates shall meet the requirements of GM/T 0015.
6.2 ITS device certificate format
6.2.1 Description of basic elements
6.2.1.1 Coding rules
Describe data structure by ASN.1, and encode the information in digital certificate format by Octet Coding Rule (OER).
6.2.1.2 Basic data types
Basic data types are defined as follows:
6.2.1.3 Octet hash value
The octet hash value is defined as HashedId8, and its structure is as follows:
HashedId8∷=OCTET STRING (SIZE(8))
Note: This hash value is used to identify data including certificates. First, calculate the hash value of input data, and then take eight least-significant bytes from the hash value. The eight least-significant bytes are the last eight bytes of the 32-byte hash.
6.2.1.4 Digest algorithm
Digest algorithm is defined as HashAlgorithm, and its structure is as follows:
Contents of GB/T 37376-2019
Foreword i
Introduction ii
1 Scope
2 Normative References
3 Terms and Definitions
4 Abbreviations
5 Certificate classification
6 Digital certificate format
Annex A (Informative) Example ITS device certificate format
Annex B (Informative)Example of CRL format
Bibliography
