https://www.ChinaStandards.net -> Buy the full version pdf -> Delivered by sales@ChinaStandards.

net

ICS 03.220.20
R 85

National Standard of the People’s Republic of China

GB/T 37378-2019

Transportation - Information security

specification

交通运输 信息安全规范

(English Translation)

Issue date: 2019-05-10 Implementation date: 2019-12-01

Issued by the State Administration for Market Regulation of the
People’s Republic of China
the Standardization Administration of the People’s Republic
of China

https://www.chinastandards.net/standard/GBT37378-2019.html
https://www.ChinaStandards.net -> Buy the full version pdf -> Delivered by [email protected]

Contents

Foreword............................................................................................................................................. i
1 Scope........................................................................................................................................... 1
2 Normative references................................................................................................................ 1
3 Terms and definitions................................................................................................................ 1
4 Abbreviations.............................................................................................................................. 4
5 Architecture of information security technology for transportation.................................... 5
6 General technical requirements for transport information system security..................... 6
7 Technical requirements for user terminal security................................................................8
8 Technical requirements for vehicle side unit security........................................................ 10
9 Technical requirements for infrastructure side unit security............................................. 13
10 Technical requirements for computing center security....................................................15
11 Technical requirements for network and communication security.................................19
Bibliography.................................................................................................................................... 23

https://www.chinastandards.net/standard/GBT37378-2019.html
https://www.ChinaStandards.net -> Buy the full version pdf -> Delivered by [email protected]

Foreword
ChinaStandards.net is in charge of this English translation. In case of any doubt about the
English translation, the Chinese original shall be considered authoritative.

This standard is developed in accordance with the rules given in GB/T 1.1-2009.

This standard was proposed by and is under the jurisdiction of SAC/TC 268 National
Technical Committee 268 on Intelligent Transport Systems of Standardization
Administration of China.

https://www.chinastandards.net/standard/GBT37378-2019.html
https://www.ChinaStandards.net -> Buy the full version pdf -> Delivered by [email protected]

Transportation - Information security

specification

1 Scope

The Standard specifies the system architecture and general technical requirements of
information security technology for transportation, including the general and special
technical requirements for information security of user terminals, vehicle side units,
infrastructure side units, computing centers, and network and communication basic
components that constitute the transport information system.

The Standard is applicable to guiding the operators of transport information system to put
forward specific information security standards, specifications, implementation guidelines,
etc. according to the specific information security requirements of non-confidential
systems, and can also be used to guide the planning, design, construction, operation and
maintenance, evaluation, etc. of information security technology systems.

2 Normative references

The following referenced documents are indispensable for the application of this
document. For dated references, only the edition cited applies. For undated references,
the latest edition of the referenced document (including any amendments) applies.

GB/T 20839-2007 Intelligent transport systems - General terminology

GB/T 25069-2010 Information security technology - Glossary

3 Terms and definitions

For the purposes of this document, the terms and definitions given in GB/T 20839-2007
and GB/T 25069-2010 as well as the following apply. For the convenience of application,
some terms and definitions in GB/T 20839-2007 and GB/T 25069-2010 are listed again.

3.1
transport information system

system composed of computers or other information terminals and relevant equipment

and networks for collecting, storing, transmitting, exchanging and processing information
according to certain rules and procedures in the field of transportation, which usually
consists of terminals, vehicle side units, infrastructure side units, computing centers,
networks and communications in whole or in part

https://www.chinastandards.net/standard/GBT37378-2019.html
https://www.ChinaStandards.net -> Buy the full version pdf -> Delivered by [email protected]

3.2
information security

protecting and maintaining the confidentiality, integrity and availability of information, with
authenticity, verifiability, non-repudiation and reliability includible

[GB/T 25069-2010, Definition 2.1.52]

3.3
operators of transport information system

owners, administrators and service providers of non-confidential information systems for

transport

3.4
general user terminal for transport

general desktop terminal equipment and mobile intelligent terminal equipment used in
transport business, including desktop computers, laptop computers, smart phones, tablet
computers, etc.

3.5
special user terminal for transport

equipment used in transport business, which has specific functions and can realize
man-machine interaction

3.6
infrastructure side unit

equipment or modules deployed on roadside and/or shore side in order to realize the
function of transport information system, including communication equipment, information
release equipment, condition monitoring equipment, environment monitoring equipment,
etc.

3.7
vehicle side unit

device or communication module in transport equipment such as vehicles, ships and

containers that communicates with infrastructure side units, terminals or computing
centers

https://www.chinastandards.net/standard/GBT37378-2019.html
https://www.ChinaStandards.net -> Buy the full version pdf -> Delivered by [email protected]

3.8
security element; SE

integrated circuit module with central processing unit, which is responsible for access
permission, information authentication and encryption protection of general and special
user terminals, vehicle side units and infrastructure side units

3.9
safety related application

applications for emergency collision and injury reduction, potential collision and injury
reduction and prevention, emergency incident notification (such as emergency brake of
front vehicle), etc. as well as those for emergency condition notification (such as accident,
emergency vehicle, sudden environmental degradation notification)

3.10
driving aid application

applications for notification related to high-priority public security information from the
infrastructure side unit to vehicle, emergency notification of safety-related road conditions
such as traffic light cycle and sharp turn, and driving assistance messages such as
automatic driving, roadside periodic broadcasting, positioning differential signals, traffic
information broadcasting, etc.

3.11
value-added service application

applications for non-priority services such as online payment and recharge, personalized
navigation services, driving route suggestions, and e-commerce

3.12
confidentiality

feature that prevents data from being leaked to or exploited by unauthorized individuals,
entities or processes

[GB/T 25069-2010, Definition 2.1.1]

3.13
integrity

feature that data has not been altered or destroyed in an unauthorized manner

[GB/T 25069-2010, Definition 2.1.42]

https://www.chinastandards.net/standard/GBT37378-2019.html
https://www.ChinaStandards.net -> Buy the full version pdf -> Delivered by [email protected]

3.14
availability

feature of data and resources that can be accessed and used by authorized entities upon
request

[GB/T 25069-2010, Definition 2.1.20]

3.15
data freshness

feature of preventing the history data that has been successfully received from being
received again, or the data that has exceeded the data reception time from being received,
or the data that has exceeded the data validity range from being received

3.16
driving assistance

providing drivers with functions such as information service and support, and early
warning and control intervention support in emergency using sensing detection, automatic
control, communication and other technologies by virtue of intelligent detection of vehicle
side unit and infrastructure side unit, vehicle-vehicle and vehicle-infrastructure side unit
communication and other methods so as to improve drivers' travel safety and efficiency

[GB/T 20839-2007, Definition 7.2]

4 Abbreviations

For the purposes of this document, the following abbreviations apply.

RFID: Radio Frequency Identification

T-BOX: Telematics BOX

TPMS: Tire Pressure Monitoring System

USB: Universal Serial Bus

VIN: Vehicle Identification Number

https://www.chinastandards.net/standard/GBT37378-2019.html
https://www.ChinaStandards.net -> Buy the full version pdf -> Delivered by [email protected]

5 Architecture of information security technology for transportation

The architecture of information security technology for transportation consists of six parts,
namely user terminal security, vehicle side unit security, infrastructure side unit security,
computing center security, network and communication security, and security general
technology, with security general technology being the common requirement for the other
five parts.

The operators of transport information system shall ensure that their information systems
meet the special security technical requirements of the five system components, namely
the user terminal security, vehicle side unit security, infrastructure side unit security,
computing center security, and network and communication security and the security
general technical requirements.

When the technical requirements of network and communication security is adopted,

reference shall be made to the security technical requirements of user terminal, vehicle
side unit, infrastructure side unit, and computing center according to the characteristics of
different transport information systems, and reasonable technical measures shall be taken
to ensure the coordination and complementarity among the security protection
mechanisms of various components of the transport information system and form
longitudinal-depth protection capabilities. See Figure 1 for the transport information
security system architecture.

Transport information security technology

Security general technology

Authentication Access control Malicious code prevention

Security audit Cryptography application …

User terminal security Vehicle side unit security Infrastructure side unit security Computing center security
technology technology technology technology
Equipment and host Physical and Physical and Physical and
security environmental environmental environmental security
security security
Equipment and host
Application software security
Equipment identification Equipment identification
safety
Cloud computing
Application software safety platform security
Data security Application software safety
Application software
safety
Intrusion prevention Data security Data security
Data security
… Intrusion prevention Intrusion prevention
Intrusion prevention
… …
…

Physical and environmental Network architecture security Communication transmission Boundary protection
Network and communication security security
security technology
Centralized management and Access control Intrusion prevention …
control

Figure 1 Transport information security system architecture

https://www.chinastandards.net/standard/GBT37378-2019.html