GB/T 36629.2-2018 (English Version)

Standard No.: GB/T 36629.2-2018
Language: Chinese, Available in English version
Release Date: 2018
Published By: General Administration of Quality Supervision, Inspection and Quarantine of the People‘s Republic of China
Latest: GB/T 36629.2-2018

Scope: This part specifies the basic security requirements for citizens' network electronic identity carriers, chip operating system and application security requirements, carrier key application management security technical requirements and carrier cryptographic application service security technical requirements. This part applies to the design, development, testing, production and application of citizens' network electronic identity carriers.

Introduction

GB/T 36629.2-2018 Standard Overview

The National Standard of the People's Republic of China GB/T 36629.2-2018 "Information Security Technology Citizen Network Electronic Identity Security Technical Requirements Part 2: Carrier Security Technical Requirements" is an important standard in the field of information security, which mainly regulates the carrier security of citizen network electronic identity. This standard is proposed and coordinated by the National Information Security Standardization Technical Committee, and aims to ensure the security, reliability and compliance of citizens' network electronic identities.

Background of Standard Formulation

With the development of information technology, network security issues are becoming increasingly severe, especially systems involving citizens' personal information and identity authentication face higher security requirements. The formulation of GB/T 36629.2-2018 fills the gap in my country's field of citizen network electronic identity carrier security technology, and provides clear technical specifications for the design, development and application of related products.

Comparison of standard frameworks

Dimensions	Technical requirements for traditional carriers	Requirements of GB/T 36629.2-2018
Security domain division	Single-level management	Support for coexistence of multiple security domains and independent application management
Chip requirements	Basic encryption functions	Support for advanced security features such as public key cryptography algorithms and random number generators
Key management	Simple key storage	Support for multiple types of keys, strict permission control and life cycle management

Technical Points Interpretation

Chip Operating System and Application Security

GB/T 36629.2-2018 requires that the carrier chip must have an independent security mechanism and realize unified management of multiple security domains through the chip operating system (COS). Each application should run in an independent security domain to ensure the isolation of code and data.

Key and Digital Certificate Management

The standard emphasizes the strict management requirements of carrier keys and digital certificates, including:

Key generation: must be completed in a dedicated cryptographic device to ensure randomness and security.
Key import/export: encrypted transmission is used, and private key export from the carrier is prohibited.
Certificate storage: stored separately in the specified key container file to ensure data isolation and access control.

Implementation Recommendations

In order to ensure the effective implementation of GB/T 36629.2-2018 standard, the following measures are recommended:

Technology Selection: Select chips and COS systems that meet the requirements of the standard, and give priority to products that have passed security certification.
Compliance Testing: Conduct comprehensive compliance testing during product development to ensure that all technical indicators meet the requirements of the standard.
Application Maintenance: Establish a sound key and certificate management mechanism, and regularly update and review relevant security policies.
Risk Management: Develop a comprehensive security incident response plan to ensure rapid response and repair when vulnerabilities occur.

Analysis of future technology evolution

As cybersecurity threats continue to evolve, the GB/T 36629.2-2018 standard may be further expanded and optimized in the future. Expected highlights include:

Multi-factor authentication: Combine biometric technology to improve the security of identity authentication.
Zero Trust Architecture: Implement more granular access control and identity management at the carrier level.
Privacy protection: Strengthen data encryption and desensitization to ensure that personal information is not abused.

GB/T 36629.2-2018 Referenced Document

GB/T 16649.3-2006 Identification cards - Integrated circuit(s) cards with contacts - Part 3: Electronic signals and transmission protocols
GB/T 16649.4-2010 Identification Cards.Integrated circuit cards.Part 4:Organization,security and commands for interchange
GB/T 16649.6-2001 Identification cards--Integrated circuit(s) cards with contacts--Part 6: Interindustrv data elements
GB/T 20518 Information security technology.Public key infrastructure.Digital certificate format
GB/T 20518-2018 Information security technology.Public key infrastructure.Digital certificate format
GB/T 22186 Information security techniques.Security technical requirements for IC card chip with CPU
GB/T 25069 Information security techniques—Terminology*， 2022-03-09 Update
GB/T 32915-2016 Information security technology.Randomness test methods for binary sequence
GB/T 32918.2-2016 Information security technology.Public key cryptographic algorithm SM2 based on elliptic curves.Part 2:Digital signature algorithm
GB/T 32918.4-2016 Information security technology.Public key cryptographic algorithm SM2 based on elliptic curves.Part 4:Public key encryption algorithm
GM/T 0008-2012 Cryptography test criteria for security IC

GB/T 36629.2-2018 history

2018 GB/T 36629.2-2018 Information security technology—Security techniques requirement for citizen cyber electronic identity—Part 2:Security technique requirements of carrier

GB/T 36629.2-2018