| Article 35 |
(Information protection measures for electronic trading)
Information protection measures should have the security designs that ensure confidentiality, integrity, authentication, and non-duplication, and should satisfy with the following requirements:
- Confidentiality: Information should be encrypted using the algorithm with a security level at or above AES 128bits, RSA2048bits or ECC 256bits. The communication protocol at or above TLS 1.2 should be adopted, and key exchanges should be made via Elliptic Curve Diffie-Hellman Exchange.
- Integrity: Information should have a message authorization code (MAC) or be encrypted using the algorithm with a security level at or above SHA 256bits, AES 128bits, RSA 2048bits or ECC 256bits.
- Authentication: Information should have a message authorization code (MAC), be encrypted or contain a digital signature using the algorithm with a security level at or above SHA 256 bits, AES 128bits, RSA 2048bits or ECC 256bits.
- Non-duplication:Information shall be generated by using methods such as serial number, one-time random number, and time stamp.
- Non-repudiation: Information should have a message authorization code (MAC)using the algorithm with a security level at or aboveSHA256, and contain a digital signature using the algorithm with a security level at or above RSA 2048bits or ECC 256bits.
|
|