HOME   Cart(0)   Quotation   About-Us Policy PDFs Standard-List
www.ChineseStandard.net Database: 189760 (18 Oct 2025)

GM/T 0023-2023 (GM/T 0023-2014) PDF English

US$150.00 · In stock · Download in 9 seconds
GM/T 0023-2014: IPSec VPN gateway product specification
Delivery: 9 seconds. True-PDF full-copy in English & invoice will be downloaded + auto-delivered via email. See step-by-step procedure
Status: Obsolete

GM/T 0023: Evolution and historical versions

Standard IDContents [version]USDSTEP2[PDF] deliveryName of Chinese StandardStatus
GM/T 0023-2023English399 Add to Cart 4 days (IPSec VPN Gateway Product Specification) Valid
GM/T 0023-2014English150 Add to Cart 0-9 seconds. Auto-delivery IPSec VPN gateway product specification Obsolete

Excerpted PDFs (Download full copy in 9 seconds upon purchase)

PDF Preview: GM/T 0023-2014
      

Similar standards

GB/T 15843.1   GA/T 1389   GM/T 0017   

GM/T 0023-2014: IPSec VPN gateway product specification

---This is an excerpt. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.), auto-downloaded/delivered in 9 seconds, can be purchased online: https://www.ChineseStandard.net/PDF.aspx/GMT0023-2014
GM CRYPTOGRAPHIC INDUSTRY STANDARD ICS 35.040 L 80 Record No.. 44624-2014 IPSec VPN Gateway Product Specification Issued on: FEBRUARY 13, 2014 Implemented on: FEBRUARY 13, 2014 Issued by. State Cryptography Administration

Table of Contents

Foreword... 3 1 Scope... 4 2 Normative References... 4 3 Terms, Definitions and Abbreviations... 4 4 Cryptographic Algorithms and Key Types... 7 4.1 Algorithm requirements... 7 4.2 Key types... 8 5 IPSec VPN Gateway Product Requirements... 8 5.1 Product function requirements... 8 5.2 Product performance parameters... 10 5.3 Security requirements... 11 5.4 Management function requirements... 12 5.5 Hardware requirements... 16 5.6 Parameter configurable capability requirements... 19 5.7 Process protection... 19 6 IPSec VPN Gateway Product Inspection... 19 6.1 Product function inspection... 19 6.2 Product performance inspection... 21 6.3 Security inspection... 22 6.4 Management function inspection... 22 6.5 Hardware inspection... 23 6.6 Parameter configurable capability inspection... 23 6.7 Process protection inspection... 24 7 Qualification Judgment... 24

Foreword

This Standard was drafted as per the rules specified in GB/T 1.1-2009. Please note that some contents of this documents may involve patents. The issuing agency of this document doesn’t assume the responsibility for identifying these patents. This Standard was proposed by and under the jurisdiction of National Technical Committee for Standardization of Cipher Industry. Drafting organizations of this Standard. Chengdu Westone Information Industry Inc., Ltd., Shanghai Koal Software Co., Ltd., Wuxi South-China Information Security Engineering Technology Center, Xingtang Communication Technology Co., Ltd., and Shandong De’an Computer Technology Co., Ltd. Chief drafting staffs of this Standard. Luo Jun, Li Yuanzheng, Tan Wuzheng, Xu Qiang, Wang Nina, and Kong Fanyu. IPSec VPN Gateway Product Specification

1 Scope

This Standard specifies the function requirements, hardware requirements, software requirements, cryptographic algorithm, key requirements, security requirements, inspection requirements, and the like contents of IPSec VPN gateway product. This Standard is applicable to the research, inspection, use and management of IPSec VPN gateway product.

2 Normative References

The following documents are essential to the application of this document. For the dated documents, only the versions with the dates indicated are applicable to this document; for the undated documents, only the latest version (including all the amendments) are applicable to this document. GB/T 2423-2008 Environmental Testing for Electric and Electronic Products (All Part) GB/T 9813-2000 Specification for Microcomputer GB/T 15153.1-1998 Telecontrol Equipment and Systems - Part 2.Operating Conditions - Section 1.Power Supply and Electromagnetic Compatibility GB/T 17964-2008 Information Technology - Security Techniques - Modes of Operation for a Block Cipher GM/T 0005 Randomness Test Specification GM/T 0014 Protocol Specification for Authentication System Password of Digital Certificate GM/T 0015 Digital Certificate Format based on SM2 Algorithm GM/T 0022 IPSec VPN Specification

3 Terms, Definitions and Abbreviations

3.1 Terms and definitions 3.1.1 Cryptographic algorithm Describing the calculation rules during the cipher processing period. 3.1.2 Cryptographic hash algorithm It is also called hash algorithm, or cipher hash algorithm. Such algorithm maps an arbitrary-length bit string to a fixed-length bit string, and satisfy the following three characteristics. a) It is computationally difficult to find an input that can be mapped to the definite output; b) It is computationally difficult to find another input that can be mapped to the same output with a given input; c) It is computationally difficult to find different inputs that can be mapped to the same output. 3.1.3 Asymmetric cryptographic algorithm/public key cryptographic algorithm Cryptographic algorithm that the encryption and decryption using different keys. Thereof, one key (public key) can be public, while the other key (private key) must be kept secret; and the computer is infeasible to solve the private key with the public key. 3.1.4 Symmetric cryptographic algorithm Cryptographic algorithm that the encryption and decryption using the same keys. 3.1.5 Block cipher algorithm A symmetric cryptographic algorithm that divide the input data into fixed-length packet for encryption and decryption. 3.1.6 SM1 algorithm A block cipher algorithm with packet length of 128 bits, and key length of 128 bits. 3.17 SM2 algorithm An elliptic curve public key cryptographic algorithm, its key length is 256 bits. 3.1.8 SM3 algorithm A cryptographic hash algorithm, its output is 256 bits. 3.1.9 SM4 algorithm A block cipher algorithm with packet length of 128 bits, and key length of 128 bits. A protocol that is part of IPSec, which is used for providing the data confidentiality of IP data packet, data integrity, data source authentication, and anti-replay attack functions. 3.1.18 Virtual private network, VPN The technology using cryptography to build secure channel in the communication networks. 3.2 Abbreviations The following abbreviations are applicable to this document. AH. Authentication Header CBC. Cipher Block Chaining ESP. Encapsulating Security Payload HMAC. Keyed-HASH Message Authentication Code IPSec. Internet Protocol Security IV. Initialization Vector NAT. Network Address Translation SA. Security Association VPN. Virtual Private Network

4 Cryptographic Algorithms and Key Types

4.1 Algorithm requirements IPSec VPN uses asymmetric cryptographic algorithm, symmetric cryptographic algorithm, cryptographic hash algorithm, and random number generator algorithm approved by State Cryptography Administration Authority. The algorithm use requirements are as follows. --- Asymmetric cryptographic algorithm is used for authentication, digital signature and digital envelop, etc. --- Symmetric cryptographic algorithm uses block cipher algorithm, which is used for encryption protection for key exchange data, and encryption protection for message data. The algorithm operating mode uses CBC mode, and shall meet the requirements of GB/T 17964-2008. The security message encapsulation protocol can be divided into AH protocol and ESP protocol. The AH protocol shall be nested with the ESP protocol, in which case the authentication operation in the ESP protocol is not enabled. The ESP protocol can be used alone, in which case the authentication operation in the ESP protocol shall be enabled. The security message encapsulation protocol shall meet the requirements of 5.2 in GM/T 0022. 5.1.5 NAT traversal IPSec VPN gateway product shall support ESP traversal when ESP is used alone. NAT traversal protocol shall meet the requirements of 5.1.3 in GM/T 0022. 5.1.6 Authentication mode IPSec VPN gateway product shall have the entity authentication function, the authentication mode shall adopt digital certificate. The digital certificate format shall meet the requirements of GM/T 0015. 5.1.7 IP protocol version support IPSec VPN gateway product support IPv4 protocol, and optionally support IPv6 protocol. 5.1.8 Anti-replay attack IPSec VPN gateway product shall have, during the security message transmission phase, the anti-replay attack function. 5.1.9 Key update IPSec VPN gateway product shall perform the working key and session key update function according to two conditions like time period and message traffic; thereof the key update according to the time period is the necessary function; while the key update according to the message traffic is optional function. The maximum update period of the working key shall be no greater than 24h. If the traffic condition is adopted, the maximum update traffic shall be no grea... ......
Source: Above contents are excerpted from the full-copy PDF -- translated/reviewed by: www.ChineseStandard.net / Wayne Zheng et al.