2024 marks the 75th anniversary of the founding of the People’s Republic of China, a crucial year for achieving the goals of the 14th Five-Year Plan, and also the 10th anniversary of General Secretary Xi Jinping’s overall national security concept. April 15th is the ninth National Security Education Day, and this year’s theme for the password security education campaign is: “Implementing the overall national security concept, coordinating high-quality development and high-level security, enhancing password security awareness, and strengthening the password defense line for advancing Chinese-style modernization.” This issue is divided into two parts: the Password Law and password knowledge.
01Password LawMI MA FA
The “Password Law of the People’s Republic of China” was passed by the 14th meeting of the Standing Committee of the 13th National People’s Congress on October 26, 2019, and came into effect on January 1, 2020.
It is a law formulated to regulate the application and management of passwords, promote the development of the password industry, ensure network and information security, safeguard national security and public interests, and protect the legitimate rights and interests of citizens, legal persons, and other organizations. It is a comprehensive and fundamental law in the field of passwords in China.
Main Content of the Password Law
The Password Law is the first comprehensive and fundamental law in the field of passwords. It consists of 5 chapters and 44 articles, focusing on the following content:
Chapter 1: The general principles section clarifies the legislative purpose, the concept of passwords, the basic principles of password work, the leadership and management system, the classification management and use of passwords, and the measures to promote and ensure the development of passwords, outlining the basic framework of password work in legal terms.
Chapter 2: The core and ordinary passwords section further stipulates the usage requirements, security management systems for core and ordinary passwords, and a series of special institutional guarantees for the state to strengthen the work on core and ordinary passwords. It establishes the administrative status of the password management department in legal terms, granting it administrative management functions and responsibilities.
Chapter 3: The commercial password section stipulates the standardization system for commercial passwords, mandatory certification, market access and import-export systems, and the regulatory system for commercial passwords. This chapter supplements, improves, and perfects the relevant content of the “Regulations on the Management of Commercial Passwords” while providing a systematic connection to the content related to the “Cybersecurity Law”.
Chapter 4: The legal liability section stipulates the legal consequences for violating the relevant provisions of this law. The same act may violate multiple laws or legal provisions, and this chapter also provides for the connection with other laws that may be violated simultaneously.
Chapter 5: The supplementary provisions section grants the password management department the authority to formulate password management regulations.
This is an extension of the administrative status of the password management department, which can issue orders, instructions, and regulations within its authority based on laws and administrative regulations, decisions, and orders of the State Council.
02Password KnowledgeXIAO ZHI SHI01What is a key?
Literally, a key is the key to secret information. Mastering the key allows access to encrypted information. Specifically, a key is a set of information codes that participate in the “operation” of the password and play a specific control role in the password’s “operation”. Keys are an important component of cryptographic technology. In a cryptographic system, the generation, use, and management of keys are crucial. Keys usually need to be strictly protected, as the loss of control over a key can lead to the failure of the cryptographic system.
02What is a cryptographic algorithm?
A cryptographic algorithm is a specific rule for transforming information between “clear” and “encrypted” forms. Different cryptographic algorithms have different transformation rules. Cryptographic algorithms also encompass various algorithms such as encryption algorithms, decryption algorithms, signature algorithms, and authentication algorithms.
03What are encryption and decryption?
For the purpose of information protection, during the transmission or storage of information, cryptographic technology is used to process information that needs to be kept confidential, making the processed information unreadable or interpretable by unauthorized parties (including illegal ones). This process is called encryption. In the encryption process, the information that needs to be encrypted is called “plaintext”, and the information after encryption is called “ciphertext”. Encryption is the process of transforming “plaintext” into “ciphertext”; similarly, the process of transforming “ciphertext” back into “plaintext” is called decryption.
04What is commercial cryptography technology?
Commercial cryptography technology refers to the technology that can implement encryption, decryption, and authentication functions of commercial cryptographic algorithms. Commercial cryptography technology is at the core of commercial cryptography, and the state classifies commercial cryptography technology as a national secret. All units and individuals have the responsibility and obligation to protect the secrets of commercial cryptography technology.
05
What are the application areas of commercial cryptography?
The application areas of commercial cryptography are very broad, mainly used for encrypting sensitive internal information, administrative information, economic information, etc., that do not involve state secrets. For example, commercial cryptography can be used for the transmission encryption and storage encryption of various sensitive information within enterprises, preventing unauthorized third parties from accessing the information; it can also be used for various security authentications, online banking, digital signatures, etc.
Source: National Cryptography Administration website, Central Video
Editor, Publisher: Li Fangxin
If you find this useful, please like itβββ