The Password Law of the People's Republic of China is a comprehensive and basic law in the field of password in China, and is the password work of the Party ninety The refinement and summary of years of valuable experience and system innovation are of great significance to comprehensively implement the important guiding spirit of General Secretary Xi Jinping on password work, straighten out the relationship between relevant laws and regulations in the field of national security, and improve the national security legal system. As an important part of password work, commercial passwords play an irreplaceable role in safeguarding national security, promoting economic and social development, and protecting the interests of the people. With the introduction and implementation of the Code Law, the development of commercial passwords will usher in a period of valuable strategic opportunities and leapfrog development.
1、 The accumulation and foundation of commercial password development
after twenty After years of rapid development, China's commercial passwords A series of achievements have been made in management system, scientific and technological innovation, industrial development, application promotion and other aspects, realizing leapfrog development.
(1) Commercial password management system keeps pace with the times
one thousand nine hundred and ninety-six year seven In June, the CPC Central Committee issued the Notice on Developing Commercial Passwords and Strengthening the Management of Commercial Passwords, which established the development and management policy of commercial passwords. one thousand nine hundred and ninety-nine In, the State Council promulgated and implemented the Regulations on the Administration of Commercial Passwords, which defined the management and work content of commercial passwords. The State Encryption Administration has successively formulated a series of rules and regulations on the research, production and sales of commercial passwords. two thousand and twelve Since, we have implemented the reform requirements of "releasing, regulating and serving", cancelled a number of commercial password administrative licensing issues, strengthened in-process and post event supervision, and optimized market services. two thousand and nineteen year ten month twenty-six The 14th Meeting of the Standing Committee of the 13th National People's Congress voted to pass the Password Law on October,, providing a strong legal guarantee for the commercial password work in the new era.
(2) Innovative achievements of commercial cryptography technology emerge continuously
Commercial password research one hundred and forty-two National, provincial and ministerial scientific and technological achievements, of which ten The remaining items have reached the international advanced level. Self designed ZUC and SM A series of cryptographic algorithms have formed a relatively complete system of commercial cryptographic algorithms ZUC and SM2/SM3/SM9 The algorithm has become an international standard. The Standardization Technical Committee of the Cryptographic Industry has successively issued the standards of the cryptographic industry ninety-one Item, national standard twenty-nine Item, covering password algorithm, protocol, product, detection, application, management and other aspects. The collection of new generation cryptographic algorithms is being carried out in a solid and orderly manner, and a batch of excellent research results have been preliminarily selected.
(3) The commercial password industry is developing healthily
More than two thousand The cumulative output value of commercial passwords exceeds 100 billion yuan, showing a rapid development trend. by two thousand and nineteen year eleven In August, the company obtained the product model certificate, and the number of commercial password products reached two thousand Balance, fifty-one Electronic certification services completed the SM2 Public key infrastructure upgrade and access to national root CA 。 The commercial password detection and authentication system has been continuously improved, and the ability to detect all categories and elements of commercial password products has been formed; The commercial password detection center has obtained the qualification of certification authority, two Commercial password product testing institutions have passed the pilot cultivation; Preliminary establishment of security evaluation system for commercial password applications, cultivation and identification twenty-seven Institutions.
(4) Continuous promotion of commercial password application
From creating password applications in the financial field to strengthening password applications in important fields, to implementing the work plan for password applications and innovative development, the demonstration of commercial password applications has led and achieved remarkable results.
2、 The historical mission and challenges faced by the development of commercial passwords
Throughout human history, the development of the world has always been the comprehensive result of various contradictions intertwined and interacting. Under the new wave of information technology reform, it is necessary to understand the background of the times and the historical mission of commercial passwords, as well as the opportunities and challenges they face from the perspective of contradiction and confrontation, so as to win the initiative for the future.
(1) The development of cryptography is in a great change not seen in a century
In today's world, a new round of scientific and technological revolution and industrial revolution is accelerating the evolution of globalization process, and the world is in a new political, economic, cultural and social ecological period. The password has experienced a historical process from art to science, from the black room to the public. Today's password has expanded from traditional communication password security to information password security, and is gradually expanding to cyberspace password security; It has expanded from the original tool of war to the tool of production and life; It has expanded from safeguarding national security to promoting economic and social development and protecting the interests of the people. Different from the development of traditional passwords, in the unprecedented change in a century, driven by a new wave of technological revolution characterized by networking, digitization and intelligence, passwords will be deeply integrated into the main battlefields of the game of great powers with unprecedented broad influence. Anyone who is one step ahead in the development of password and has a better skill will have the initiative in the development of password and related technologies. The promulgation and implementation of the Code Law marks that China's password industry has entered a new stage of development, that the password technology, as the core technology and basic support of cyberspace security, will play a greater role, and that the password industry will usher in significant historical development opportunities in the unprecedented change in a century.
(2) Password shoulders the historical mission of reconstructing the new pattern of cyberspace
The password is inseparable from the development of human civilization and plays a vital role in the historical change. The code of the Qing army in the Sino Japanese Naval Battle was deciphered by Japan, which was one of the important reasons for the defeat. The painful historical lesson proved that "secret breaking led to the destruction of the country, and national breaking led to the death of the family"; In World War II, the Allies developed special computing equipment to decipher the German army Enigma The password accelerated the victory process of World War II and gave birth to modern computers, proving that the historical mission entrusted to the password by the world is to "uphold justice, safeguard peace and promote human progress". Today, human society has changed from agricultural and industrial civilization to information and digital civilization. The digital world is still in the primitive society of "clothing is not covered, and the law of the jungle". As the core technology and basic support to ensure the security of cyberspace, password should strengthen the integration and development with emerging information technologies such as the Internet of Things, cloud computing, big data, artificial intelligence, and blockchain, and shoulder the historical mission of helping China to achieve "lane changing overtaking" in emerging information technology, change the pattern of cyberspace competition, and build a credible, manageable and controllable digital world, We will help secure and develop the digital economy and modernize the national governance system and capacity.
(3) The challenge of password development is severe and complex
At present, although password has made some achievements in management, industry, application, innovation and other aspects, compared with its historical mission, it still faces great challenges, which are highlighted in the following aspects: first, the overall national security strategy and password security are not closely linked, the password work is "hot in the middle and cold in the middle", and the policy implementation has not been fully implemented; Second, the password protection of some important information systems and key information infrastructure is weak, the system "streaks", the data "streaks", and the phenomenon of password application localization, fragmentation, and plug-in is common; Third, the network security environment of enterprises in China is worrying. They generally do not attach importance to the protection of digital assets, and there is a misunderstanding that no password protection is required if it is not a national secret, which has led enterprises to become a disaster area for attacking and stealing secrets; Fourth, the high-quality supply of passwords is insufficient, the supply capacity of new application and new mode passwords is insufficient, the integration with emerging information technology systems is insufficient, and the ecology of basic software and hardware supporting passwords has not yet formed; Fifth, the role of the "Belt and Road" crypto service is not fully played, and the international influence is not commensurate with China's status as a major country; Sixthly, the construction of cryptology discipline and personnel training do not meet the requirements of the development of cryptology, which restricts the wide application and scientific development of cryptology.
3、 New starting point and new journey of commercial password development
The promulgation and implementation of the Password Law will greatly enhance the scientific, standardized and legal level of password work, effectively promote the progress of password technology, industrial development and standardized application, and effectively safeguard national security and social public interests. All commercial password management and practitioners should take the implementation of the password law as an opportunity to continue to blaze new trails and promote the business of commercial passwords to become more brilliant.
(1) Effectively improve the level of password security and management, and serve the major deployment of modernization of national governance system and governance capacity
First, reshape the commercial password management system. Adhere to the guidance of the overall national security concept and the fundamental principle of the Party's control of passwords, accelerate the construction of a management system that adapts to the application and development of modern passwords, look at passwords out of passwords, study passwords out of passwords, and reshape management functions, management methods, and institutional settings. Clarify the division of management responsibilities, and improve the management system of commercial passwords at the national, provincial, municipal and county levels. The second is to strengthen the publicity and mobilization of commercial passwords. Do a good job of regular communication with all aspects to ensure that the requirements of commercial password application are implemented into the informatization development policies of all industries; Mobilize all social forces, strengthen the popularization of commercial password knowledge and socialized training, promote the whole society to form a good atmosphere of "learning, knowing and using secrets", and enhance the public password awareness. Third, improve the supervision and inspection mechanism of commercial passwords. Establish a commercial password detection and authentication system, and strictly control the two gateways of commercial password products entering the market and information system password application; Standardize the way of law enforcement, implement the supervision work of "double random, one open", make the whole process traceable, and create a good business environment for the whole society.
( two ) Continue to enhance the ability of password innovation and support, and help the country's high-quality economic and social development
The first is to promote the development of digital economy escorted by commercial passwords. Promote password and cloud computing, big data, Internet of Things, artificial intelligence, blockchain 5G The integration of new technologies and new formats of the digital economy, such as, leading the development of digital, networked and intelligent security, and giving full play to the driving role of passwords; Give play to the role of password in promoting the digital transformation of traditional industries, ensuring the security of digital assets, etc., and realize the on-demand sharing and secure interaction of data resources. The second is to promote the construction of a smart society for commercial password services. Build a password based cyberspace trust system to ensure that the cyberspace order is "credible, manageable and controllable", help the construction of smart transportation, smart medical care, smart security, smart communities, etc., and make the smart society safer and more convenient for people to use. Third Strengthen the high-quality supply of commercial passwords. Vigorously promote the technical breakthrough of embedding commercial passwords into basic software and hardware such as general processors and operating systems, and open up the upstream and downstream links of the industrial chain; Facing the emerging technology field, we will step up efforts to break through a number of key technologies for password applications, organize the development of various password products that meet high-performance requirements and cover complete scenarios, and form a good industrial ecosystem that supports password applications; We will strengthen the construction of the cryptology discipline system, promote the establishment of cryptology colleges and departments and characteristic specialties, and actively carry out the training of cryptology talents and socialized training.
( three ) Actively promote the "Belt and Road" construction of cryptographic services and jointly build a community of shared future in cyberspace
First, accelerate the internationalization of commercial password standards. Strengthen the international exchange and cooperation of commercial passwords, and promote the basic theory and engineering technology research of Chinese passwords to reach the international leading level in an all-round way; Promote a number of commercial cryptographic algorithms and protocols to become international standards, and expand the international influence of China's cryptographic technology. Second, encourage the commercial password industry to "go global". Carry out research on enterprise overseas data protection and security communication password protection technology and related system construction to provide password protection for Chinese enterprises serving the "Belt and Road" construction; Organize domestic password enterprises to "go out together" and promote China's password solutions to countries and regions along the "Belt and Road". Third, actively participate in international cyberspace security governance. Make full use of China's great achievements in mobile payment, information equipment and other fields in recent years to "borrow ships to sea" to serve the informatization construction of countries and regions along the "Belt and Road"; Actively participate in the design and formulation of international cyberspace security governance rules, and contribute China's wisdom and China's solutions to building a community with a shared future for mankind.
Law not only records the achievements of human civilization, but also promotes the evolution of human civilization. Cryptography inherits the password cause of the Party ninety The achievements of civilization accumulated in the development of will help mankind to build a more civilized digital world. Password management departments at all levels should earnestly enhance their sense of mission and responsibility, constantly forge ahead, and make new and greater contributions to the prosperity and development of the party's password cause in the new era and the progress of human civilization.
(Author Xu Hanliang is Deputy Director of the State Encryption Administration)
