GB/T 14504-1993
Abolished
GB/T 27913-2022
Active
National standards
GB/T 27913-2022 Public key infrastructure for financial services—Practices and policy framework
GB/T 27913-2022 Public key infrastructure for financial services—Practices and policy framework
Basic Information
Standard Code:
GB/T 27913-2022
Standard Type:
National standards
Standard Status:
Active
is_force_gb:
no
CCS Name:
Finance, insurance
ICS Name:
The application of information technology in banks
Publish Date:
2022-04-15
Implement Date:
2022-04-15
Pages:
105 pages
Scope
This document specifies the management of PKI through certificate policies and certification practice statements, as well as the requirements framework for the use of public key certificates in the financial services industry. It also defines the control objectives and control procedures for risk management. Although this document may be used for the generation of public key certificates for digital signatures or key establishment, it will not be used for authentication methods, non-repudiation requirements, or key management protocols.
This document is applicable to PKI systems in open, closed, and contractual environments, and further defines the operations of the business according to the control objectives of the information systems in the financial services industry. The purpose of this document is to assist implementers in defining PKI operations that support multiple certificate policies, including the use of digital signatures, remote authentication, key exchange, and data encryption.
This document makes it easier to implement PKI-controlled operations that meet the requirements of the financial services industry in contractual environments. Although this document is primarily aimed at contractual environments, it does not exclude the application of the document to other environments. The term "certificate" in the document refers to public key certificates. Attribute certificates are not within the scope of this document.
The target audience of this document is diverse, and each type of user will focus on different content.
Business managers and analysts are those who need to use PKI technology in their businesses (e.g., e-commerce), see Chapters 1~6.
Technical designers and implementers are those who write certificate policies and certification practice statements, see Chapters 6~7, and Appendices A~G.
Operations managers and auditors are those responsible for the daily operation of PKI systems and conducting consistency
Development Information
Replace the following standards
Referenced Standards
GB/T 14916-2006 Identification cards—Physical characteristics
GB/T 17552-2008 Information technology—Identification cards—Financial transaction cards
GB/T 18336.1-2015 Information technology—Security techniques—Evaluation criteria for IT security—Part 1:Introduction and general model
GB/T 18336.2-2015 Information technology—Security techniques—Evaluation criteria for IT security—Part 2:Security functional components
GB/T 18336.3-2015 Information technology—Security techniques—Evaluation criteria for IT security—Part 3:Security assurance components
ISO 13491-1
ISO/IEC 9594-8
ISO/IEC 18032
ISO/IEC 18033-1
ISO/IEC 18033-2
ISO/IEC 18033-3
ISO/IEC 18033-4
ISO/IEC 19790
GB/T 16649.1-1996 Identification cards—Integrated circuit(s) cards with contacts—Part 1:Physical characteristics
GB/T 16649.1-2006 Identification cards—Integrated circuit(s) cards with contacts—Part 1:Physical characteristics
GB/T 16649.2-1996 Identification cards—Integrated circuit(s) cards with contacts—Part 2:Dimensions and Location of the contacts
GB/T 16649.2-2006 Identification cards—Integrated circuit(s) cards with contacts—Part 2:Dimensions and location of the contacts
GB/T 16649.2-2024 Identification cards—Integrated circuit cards—Part 2:Cards with contacts—Dimensions and location of the contacts
GB/T 16649.3-1996 Identification cards—Integrated circuit(s) cards with contacts—Part 3:Electronic signals and transmission protocols
GB/T 16649.3-2006 Identification cards—Integrated circuit(s) cards with contacts—Part 3:Electronic signals and transmission protocols
GB/T 16649.3-2024 Identification cards—Integrated circuit cards—Part 3:Cards with contacts—Electrical interface and transmission protocols
GB/T 16649.4-2010 Identification Cards—Integrated circuit cards—Part 4:Organization,security and commands for interchange
GB/T 16649.5-2002 Identification cards-integrated circuit(s) cards with contacts—Part 5:National numbering system and registration procedure for application identifiers
GB/T 16649.6-2001 Identification cards—Integrated circuit(s) cards with contacts—Part 6:Interindustrv data elements
GB/T 16649.7-2000 Identification cards—Integrated circuit(s) cards with contacts—Part 7:Interindustry commands for structured Card query language(SCQL)
GB/T 16649.8-2002 Identification cards—Intergrated circuit(s) cards with contacts—Part 8:Security related interindustry commands
GB/T 16649.9-2010 Identification cards—Integrated circuit cards—Part 9:Commands for card management
GB/T 16649.10-2002 Identification cards—Intergrated circuit(s) cards with contacts—Part 10:Electronic signals and answer to reset for synchronous cards
GB/T 16649.11-2019 Identification cards—Integrated circuit cards—Part 11:Personal verification through biometric methods
GB/T 16649.12-2010 Identification cards—Integrated circuit cards—Part 12:Cards with contacts—USB electrical interface and operating procedures
GB/T 16649.15-2010 Identification cards—Integrated circuit cards—Part 15:Cryptographic information application
Adopt standards
ISO 21188:2018
Related Standards
GB/T 15733-1995
Active
GB/T 15733-1995 The basic terminology of financial computerization
GB/T 15935-1995
Replaced
GB/T 15935-1995 Magnetic stripes on savingsbooks
GB/T 15948.1-1995
Replaced
GB/T 15948.1-1995 Bank telecommunication—Funds transfer message—Part 1:Vocabulary and data elements
GB/T 18789-2002
Replaced
GB/T 18789-2002 General specification for automated teller machine (ATM)
GB/T 18240.1-2003
Active