Intelligent transport — Digital certificate application interface
1 Scope
This standard specifies the digital certificate application interface and secured message syntax in intelligent transport system.
This standard is applicable to the design, research and development and testing of software and hardware systems related to the application of digital certificate in intelligent transport system.
2 Normative references
The following referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.
GB/T 25069-2010 Information security technology — Glossary
GM/T 0010 SM2 cryptography message syntax specification
3 Terms and definitions
For the purposes of this document, the terms and definitions given in GB/T 25069-2010 and the following apply.
3.1
intelligent transport systems, ITS
an integrated transport system to ensure safety, enhance efficiency, improve environment and save energy, by effectively and comprehensively applying advanced scientific technologies (information, computer, data communication, sensor, and electronic control technologies, automatic control theories, operation research, artificial intelligence, etc.) to transportation, service control and vehicle manufacturing on the basis of sound transportation infrastructure, so as to strengthen the connection of vehicles, roads and users
3.2
cooperative ITS
an intelligent transport system that realizes intelligent collaboration and cooperation of vehicles and infrastructure, vehicles and vehicles, and vehicles and people through the information interaction of people, vehicles and roads
3.3
digital certificate
digital document digitally signed by a certification authority, which contains public key owner information, public key, issuer information, validity period and some extended information
[GB/T 20518-2006, definition 3.7]
3.4
SM2 algorithm
an elliptic curve cryptographic algorithm with a key length of 256 bits
3.5
algorithm identifier
digital information to indicate the algorithm mechanism
4 Abbreviations
For the purposes of this document, the following abbreviations apply.
ASN.1: Abstract Syntax Notation One
OER: Octet Encoding Rules
ITS: Intelligent Transport System
UTC: Coordinated Universal Time
CBC: Cipher Block Chaining
CFB: Cipher Feedback
OFB: Output Feedback
CCM: Counter with Cipher Block Chaining-Message
5 Digital certificate application interface
5.1 General
Digital certificate application interface includes message signature and verification, and message encryption and decryption using asymmetric algorithm and symmetric algorithm respectively.
5.2 Description of basic elements
5.2.1 Elliptic curve coordinate
The elliptic curve coordinate format is defined as follows:
Note:
The “type” value is as follows:
5.2.2 Public key structure
The public key structure of elliptic curve is defined as follows:
Note:
The “curve” value is as follows:
5.2.3 Signature structure
The signature structure is defined as follows:
Note:
The “curve” value is as follows:
5.2.4 Symmetric encryption structure
The symmetric encryption structure is defined as follows:
Note:
Param is the parameter of symmetric cryptographic operation;
Param is not used if the block mode is ECB;
Param stores iv if the block mode is CBC/CFB/OFB;
Param stores nonce if the block mode is CCM;
If the actual data of param is less than 16 bytes, it is followed by 0;
Note: The modes of operation for a block cipher are specified in GB/T 17964.
5.2.5 Asymmetric Encryption Structure
The asymmetric encryption structure is defined as follows:
Note:
The “curve” value is as follows:
5.3 Message signature
The message signature interface is defined as follows:
Prototype: int ITS_SignData (unsigned char * plain, int plainLen, int keyId, Signature* sign)
Description: digital signature for message
Parameters:
plain [IN] data buffer pointer to be signed.
plainLen [IN] length of data to be signed.
keyId [IN] signed key identifier; if there are multiple signed keys, it is used to specify the use of a specific signed key.
sign [OUT] signature result.
Return value: 0 — successful; Others — wrong number.
Foreword i
1 Scope
2 Normative references
3 Terms and definitions
4 Abbreviations
5 Digital certificate application interface
6 Secured message syntax
Annex A (Informative) Example of cooperative ITS secured signature message
Annex B (Informative) Example of cooperative ITS secured encryption message
Bibliography