商用密码管理条例 1999

商用密码管理条例 1999

商用密码管理条例  Regulations on the Commercial Passwords 
 
中华人民共和国国务院令第273号现发布《商用密码管理条例》,自发布之日起实施。总理*1999年10月7日  1999-10-07Promulgated by the State Council of the People’s Republic of China 
 
第一章总则  Chapter 1 General Principles 
 
第一条 为了加强商用密码管理,保护信息安全,保护公民和组织的合法权益,维护国家的安全和利益,制定本条例。  Article 1 In order to strengthen the administration of the commercial passwords, safeguard the information security and the lawful rights and interests of the citizens and organizations and maintain the security and interest of the state, these Regulations are hereby issued. 
 
第二条 本条例所称商用密码,是指对不涉及国家秘密内容的信息进行加密保护或者安全认证所使用的密码技术和密码产品。  Article 2 The commercial passwords referred to herein shall mean the password techniques and products used in the encryption protection and security certification to the information does not involve the state secrets. 
 
第三条 商用密码技术属于国家秘密。国家对商用密码产品的科研、生产、销售和使用实行专控管理。  Article 3 The commercial password techniques shall belong to the state secrets. The scientific research, production, selling and use of the commercial password products shall be under the special control and administration of the state. 
 
第四条 国家密码管理委员会及其办公室(以下简称国家密码管理机构)主管全国的商用密码管理工作。  Article 4 The State Password Administration Committee and its offices (hereinafter referred to as the State Password Administration Institution) shall be in charge of the administration of the commercial passwords nationwide.  
省、自治区、直辖市负责密码管理的机构根据国家密码管理机构的委托,承担商用密码的有关管理工作。  The institutions in charge of the administration of the commercial passwords in the provinces, autonomous regions and municipalities shall, in accordance with the entrustment of the State Password Administration Institution, be responsible for the relevant administration of the commercial passwords. 
 
第二章 科研、生产管理  Chapter 2 The Administration of the Scientific Research and Production 
 
第五条 商用密码的科研任务由国家密码管理机构指定的单位承担。  Article 5 The scientific research of the commercial passwords shall be undertaken by the units designated by the State Password Administration Institution.  
商用密码指定科研单位必须具有相应的技术力量和设备,能够采用先进的编码理论和技术,编制的商用密码算法具有较高的保密强度和抗攻击能力。  The designated scientific research units of the commercial passwords shall have the corresponding techniques and equipments and be able to adopt advanced theories and techniques of coding and the arithmetic of the commercial passwords programmed shall have high secrecy intensity and ability against the attack. 
 
第六条 商用密码的科研成果,由国家密码管理机构组织专家按照商用密码技术标准和技术规范审查、鉴定。  Article 6 The scientific research results of the commercial passwords shall, in accordance with the standards and criterion of the commercial password techniques, be examined and appraised by the specialists organized by the State Password Administration Institution. 
 
第七条 商用密码产品由国家密码管理机构指定的单位生产。未经指定,任何单位或者个人不得生产商用密码产品。  Article 7 The commercial password products shall be produced by the units designated by the State Password Administration Institution. Any corporation or individual without the designation shall not produce the commercial password products.  
商用密码产品指定生产单位必须具有与生产商用密码产品相适应的技术力量以及确保商用密码产品质量的设备、生产工艺和质量保证体系。  The designated production units of the commercial password products shall have the techniques competent for the production of the commercial products and the equipments, produce arts and crafts and the quality guarantee system insuring the quality of the commercial password products.
 
第八条 商用密码产品指定生产单位生产的商用密码产品的品种和型号,必须经国家密码管理机构批准,并不得超过批准范围生产商用密码产品。  Article 8 The varieties and types of the commercial password products produced by the designated production units shall be approved by the State Password Administration Institution and the designated production units of the commercial password products shall not produce the commercial password products exceeding the production scope approved. 
 
第九条 商用密码产品,必须经国家密码管理机构指定的产品质量检测机构检测合格。  Article 9 Commercial password products must be qualified by the product quality inspection institutions designated by the State Password Administration Institution. 
 
第三章 销售管理  Chapter 3 The Administration of Sales 
 
第十条 商用密码产品由国家密码管理机构许可的单位销售。未经许可,任何单位或者个人不得销售商用密码产品。 Article 10 The commercial password products shall be sold by the units licensed by the State Password Administration Institution. Any corporation or individual without the license shall not sell the commercial password products. 
 
第十一条 销售商用密码产品,应当向国家密码管理机构提出申请,并应当具备下列条件:  Article 11 To sell the commercial password products, the units shall apply to the State Password Administration Institution with the following conditions:  
(一)有熟悉商用密码产品知识和承担售后服务的人员;  (1) Having the personnel who know the knowledge of the commercial password products and bear the after services;  
(二)有完善的销售服务和安全管理规章制度;  (2) Having the consummate selling services and security administration rules and regulations; and  
(三)有独立的法人资格。  (3) Having the independent corporate capacity.  
经审查合格的单位,由国家密码管理机构发给《商用密码产品销售许可证》。  The units examined to be qualified shall be issued with a Selling License of the Commercial Password products by the State Password Administration Institution. 
 
第十二条 销售商用密码产品,必须如实登记直接使用商用密码产品的用户的名称(姓名)、地址(住址)、组织机构代码(居民身份证号码)以及每台商用密码产品的用途,并将登记情况报国家密码管理机构备案。  Article 12 To sell the commercial password products, the units shall accurately register the title (or name), address or (residence) and the code of the organization (or the Identity Card number of the citizen) of the consumer directly using the commercial password products and the purpose of every commercial password product. In addition, the registration shall be submitted to the State Password Administration Institution for records. 
 
第十三条 进口密码产品以及含有密码技术的设备或者出口商用密码产品,必须经国家密码管理机构批准。  Article 13 To import the password products and the equipments containing the password techniques or to export the commercial password products shall be submitted to the State Password Administration Institution for approval.  
任何单位或者个人不得销售境外的密码产品。  Any corporation or individual shall not sell the password products produced overseas. 
 
第四章 使用管理  Chapter 4 The Administration of Use 
 
第十四条任何单位或者个人只能使用经国家密码管理机构认可的商用密码产品,不得使用自行研制的或者境外生产的密码产品。 Article 14 Any corporation or individual can only use the commercial password products approved by the State Password Administration Institution and shall not use the password products produced by itself or oneself or produced beyond the borders. 
 
第十五条 境外组织或者个人在中国境内使用密码产品或者含有密码技术的设备,必须报经国家密码管理机构批准;但是,外国驻华外交代表机构、领事机构除外。 Article 15 The corporation or individual beyond the borders using the password products or the equipments containing the password techniques within the boundaries of the People’s Republic of China shall be approved by the State Password Administration Institution; however, the foreign representative diplomatic institutions and the consular institutions stationed in the People’s Republic of China shall be excluded. 
 
第十六条 商用密码产品的用户不得转让其使用的商用密码产品。商用密码产品发生故障,必须由国家密码管理机构指定的单位维修。报废、销售商用密码产品,应当向国家密码管理机构备案。  Article 16 The consumer of the commercial password products shall not transfer the commercial password products he/it is using. The malfunction of the commercial password products shall be repaired by the units designated by the State Password Administration Institution. To disuse or destroy the commercial password products shall be submitted to the State Password Administration Institution for records. 
 
第五章 安全、保密管理  Chapter 5 The Administration of the Security and Secrecy 
 
第十七条 商用密码产品的科研、生产,应当在符合安全、保密要求的环境中进行。销售、运输、保管商用密码产品,应当采取相应的安全措施。  Article 17 The scientific research and production of the commercial password products shall be conducted under the circumstances competent for the demands of security and secrecy. Relevant security measures shall be taken to sell, transport and store the commercial password products.  
从事商用密码产品的科研、生产和销售以及使用商用密码产品的单位和人员,必须对所接触和掌握的商用密码技术承担保密义务。  The corporation or personnel involved in the scientific research and production of the commercial password products and using the commercial password products shall bear the responsibility of keeping secret to the techniques of the commercial password products touched or mastered. 
 
第十八条 宣传、公开展览商用密码产品,必须事先报国家密码管理机构批准。  Article 18 To propagandize or openly exhibit the commercial password products shall be submitted to the State Password Administration Institution for approval. 
 
第十九条 任何单位和个人不得非法攻击商用密码,不得利用商用密码危害国家的安全和利益、危害社会治安或者进行其他违法犯罪活动。  Article 19 Any corporation or individual shall not illegally attack the commercial passwords, impair the security and interests of the state or the public security of the society or conduct any other activities of violating the law or committing a crime with the commercial passwords. 
 
第六章 罚则  Chapter 6 Penalty Provisions 
 
第二十条有下列行为之一的,由国家密码管理机构根据不同情况分别会同工商行政管理、海关等部门没收密码产品,有违法所得的,没收违法所得;  Article 20 Anyone who commits any of the following acts shall be confiscated of his password products and the illegal gains, if any, by the State Password Administration Institution jointly with the administrative departments of industry and commerce and the customs according to the different situation;  
 
情节严重的,可以并处违法所得1至3倍的罚款;  if the circumstances are serious, he shall be concurrently fined not less than 1 time, but not more than 3 times the amount of the illegal gains:  
 
(一)未经指定,擅自生产商用密码产品的,或者商用密码产品指定生产单位超过批准范围生产商用密码产品的;  (1) To produce the commercial password products without any designation, or the designated units produce the commercial password products exceeding the scope approved;  
 
(二)未经许可,擅自销售商用密码产品的; (2) To sell the commercial password products without any licenses; and  
 
(三)未经批准,擅自进口密码产品以及含有密码技术的设备、出口商用密码产品或者销售境外的密码产品的。  (3) To import the password products and the equipments containing the password techniques, to export the commercial password products or to sell the password products produced overseas without permit.  
 
经许可销售商用密码产品的单位未按照规定销售商用密码产品的,由国家密码管理机构会同工商行政管理部门给予警告,责令改正。  The units licensed to sell the commercial password products not selling the commercial password products according to the relevant provisions shall be given a warning and be ordered to revise by the State Password Administration Institution jointly with the administration department of industry and commerce. 
 
第二十一条 有下列行为之一的,由国家密码管理机构根据不同情况分别会同公安、国家安全机关给予警告,责令立即改正:  Article 21 Any one commits any of the following acts shall be given a warn and be ordered to make corrections immediately by the State Password Administration Institution jointly with the public security organ and the state security organ:  
(一)在商用密码产品的科研、生产过程中违反安全、保密规定的;  (1) To violate the provisions of security and secrecy in the course of the scientific research and production of the commercial password products;  
(二)销售、运输、保管商用密码产品,未采取相应的安全措施的;  (2) To sell, transport and store the commercial password products without corresponding security measures;  
(三)未经批准,宣传、公开展览商用密码产品的;  (3) To propagandize or openly exhibit the commercial password products without any approval; and  
(四)擅自转让商用密码产品或者不到国家密码管理机构指定的单位维修商用密码产品的。(4) To presumptuously transfer the commercial password products or not to repair the commercial password products in the units designated by the State Password Administration Institution.  
使用自行研制的或者境外生产的密码产品,转让商用密码产品,或者不到国家密码管理机构指定的单位维修商用密码产品,情节严重的,由国家密码管理机构根据不同情况分别会同公安、国家安全机关没收其密码产品。  The password products produced by itself or oneself or produced overseas, the commercial password products transferred or the commercial password products not being repaired in the units designated by the State Password Administration Institution, in the serious cases, shall be confiscated by the State Password Administration Institution jointly with the organs of public security and the state security. 
 
第二十二条商用密码产品的科研、生产、销售单位有本条例第二十条、第二十一条第一款第(一)、(二)、(三)项所列行为,造成严重后果的,由国家密码管理机构撤销其指定科研、生产单位资格,吊销《商用密码产品销售许可证》。  Article 22 If the scientific research, production and selling units of the commercial password products commit the acts referred to in Article 20 and Paragraph 1, 2 and 3 in Article 21 and cause serious results, their qualification of scientific research and production shall be canceled and the Selling License of the Commercial Password products shall be withdrawn by the State Password Administration Institution. 
 
第二十三条泄露商用密码技术秘密、非法攻击商用密码或者利用商用密码从事危害国家的安全和利益的活动,情节严重,构成犯罪的,依法追究刑事责任。  Article 23 The acts that divulge the secret of commercial password techniques, unlawfully attack the commercial passwords or conduct the activities impairing the security and interest of the state with commercial passwords and constitute a crime in serious cases shall be legally investigated into the criminal responsibility. 
有前款所列行为尚不构成犯罪的,由国家密码管理机构根据不同情况分别会同国家安全机关或者保密部门没收其使用的商用密码产品,对有危害国家安全行为的,由国家安全机关依法处以行政拘留;属于国家工作人员的,并依法给予行政处分。  The acts referred to in previous paragraph that do not constitute a crime shall have the commercial password products confiscated by the State Password Administration Institution jointly with the organs of state security and secrecy according to different situation; the acts impairing the security of the state shall be legally punished with an administrative detention by the organ of state security; the state personnel involved shall be concurrently subject to administrative penalty. 
 
第二十四条境外组织或者个人未经批准,擅自使用密码产品或者含有密码技术的设备的,由国家密码管理机构会同公安机关给予警告,责令改正,可以并处没收密码产品或者含有密码技术的设备。  Article 24 The corporation or individual beyond the borders presumptuously use the password products or the equipments containing the password techniques without any approval, shall be given a warn, ordered to revise and concurrently punished with a confiscation of the password products or the equipments containing the password techniques by the State Password Administration Institution jointly with the organ of public security. 
 
第二十五条商用密码管理机构的工作人员滥用职权、玩忽职守、徇私舞弊,构成犯罪的,依法追究刑事责任; Article 25 The staff members of the State Password Administration Institution, who abuse their power, neglect their duty, and commit irregularities for personal gains, which constitutes a crime, shall be prosecuted in accordance with the law;  
尚不构成犯罪的,依法给予行政处分。 if the offence does not constitute a crime, they shall be subject to the administrative sanctions in accordance with the law. 
 
第七章附则 Chapter 7 Supplementary Rules 
 
第二十六条国家密码管理委员会可以依据本条例制定有关的管理规定。 Article 26 The State Password Administration Committee may, in accordance with these Regulations, stipulate the corresponding provisions. 
第二十七条本条例自发布之日起施行。 Article 27 These Regulations shall take effect as of the promulgation.