GM/T 0034-2014 PDF English
US$360.00 · In stock · Download in 9 secondsGM/T 0034-2014: Specifications of cryptograph and related security technology for certification system based on SM2 cryptographic algorithm Delivery: 9 seconds. True-PDF full-copy in English & invoice will be downloaded + auto-delivered via email. See step-by-step procedureStatus: Valid
| Standard ID | Contents [version] | USD | STEP2 | [PDF] delivery | Name of Chinese Standard | Status |
| GM/T 0034-2014 | English | 360 |
Add to Cart
|
0-9 seconds. Auto-delivery
|
Specifications of cryptograph and related security technology for certification system based on SM2 cryptographic algorithm
| Valid |
Excerpted PDFs (Download full copy in 9 seconds upon purchase)PDF Preview: GM/T 0034-2014
GM/T 0034-2014: Specifications of cryptograph and related security technology for certification system based on SM2 cryptographic algorithm
---This is an excerpt. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.), auto-downloaded/delivered in 9 seconds, can be purchased online: https://www.ChineseStandard.net/PDF.aspx/GMT0034-2014
GM
CRYPTOGRAPHY INDUSTRY STANDARD
ICS 35.040
L 80
File No.. 44635-2014
Specifications of cryptograph and related
security technology for certification system
based on SM2 cryptographic algorithm
Issued on. FEBRUARY 13, 2014
Implemented on. FEBRUARY 13, 2014
Issued by. State Cryptography Administration
Table of Contents
Foreword... 4
1 Scope... 5
2 Normative references... 5
3 Terms and definitions... 6
4 Abbreviations... 9
5 Certificate authentication system... 9
6 Key management system... 22
7 Cryptography algorithm, cryptography device and interface... 28
8 Certificate authentication center... 31
9 Key management center... 41
10 Certificate authentication center operation and management requirements
... 44
11 Key management center operations management requirements... 51
12 Certificate operation process... 53
Appendix A (Informative) Certificate authentication system network structure
... 58
References... 61
1 Scope
This standard specifies the specifications of cryptograph and related security
technology for digital certificate authentication system based on SM2
cryptographic algorithm, including certificate authentication center, key
management center, cryptography algorithm, cryptography device and
interfaces.
This standard applies to guide the construction and detection assessment of
the digital certificate authentication system of the third-party authority,
standardize the application of cryptograph and related security technology in
digital certificate authentication system. The construction, operation and
management of the digital certificate authentication system of the non-third-
party authority may refer to this standard.
2 Normative references
The following documents are essential to the application of this document. For
the dated documents, only the versions with the dates indicated are applicable
to this document; for the undated documents, only the latest version (including
all the amendments) are applicable to this standard.
GB/T 2887 General specification for computer field
GB/T 6650 Technical conditions for movable floor of computer room
GB/T 9361 Safety requirements for computer field
GB 50174 Code for design of electronic information system room
GM/T 0014 Digital certificate authentication system cryptography protocol
specification
GM/T 0015 Digital certificate format based on SM2 algorithm
GM/T 0016 Smart token cryptography application interface specification
3 Terms and definitions
3.1
Authority certificate
Certificate that is signed and issued to the certificate authentication institute.
3.2
CA certificate
A certificate signed by a CA to another CA; a CA may also sign a certificate
to itself, which is a self-signed certificate.
3.3
Certificate authentication system
A system that manages the entire life cycle of digital certificates such as the
issuance, release, update, revocation.
3.4
Certificate policy
A specified set of rules that indicates the suitability of a certificate for a
specific community and/or application-specific class with general security
requirements. For example, a specific certificate policy may indicate the
suitability of one type of certificate for the authentication of electronic data
processing of the commodity transaction at a certain price range.
3.5
Certificate revocation list; CRL
A list of revoked certificates that are signed and issued by the certificate
authority (CA).
4 Abbreviations
The following abbreviations apply to this document.
KMC. Key Management Center
5 Certificate authentication system
5.1 Overview
Certificate authentication system is a security system to perform entire process
management of the digital certificate within the life cycle.
5.2 Functional requirements
5.2.1 Overview
Certificate authentication system provides the entire process management
function of the digital certificates within the life cycle, including user registration
management, certificate/certificate revocation list generation and issuance,
5.2.3 Certificate/certificate revocation list generation and issuance
system
5.2.3.1 Function
The certificate/certificate revocation list generation and issuance system are
responsible for generating and issuing digital certificates and certificate
revocation lists.
The digital certificate of the user is issued by the CA of the system, the digital
certificate of the root CA is issued by the root CA itself, and the digital certificate
of the subordinate CA is issued by the higher CA.
5.2.5 Certificate status inquiry system
The certificate status inquiry system shall provide the certificate status inquiry
service for users and application systems, including.
5.2.6 Certificate management system
The certificate management system is a management control system which
realizes the functions of application, audit, generation, issuance, storage,
distribution, revocation and archiving of certificate/certificate revocation list in
certificate authentication system.
6 Key management system
6.1 Structure description
Key management system consists of key generation, key management, key
library management, authentication management, security audit, key recovery
and cryptography service modules. The proposed key management system
logic structure is shown in Figure 3.
6.2 Functional description
6.2.1 Overview
The key management system provides the function of managing the whole
process of the encrypted certificate key pair in the life cycle, including key
generation, key storage, key distribution, key backup, key update, key
revocation, key archiving, key recovery and security management.
6.2.4 Key distribution
The asymmetric key pair generated by the key management system, which is
distributed to the user certificate carrier through the certificate authentication
system.
6.2.7 Key revocation
When the certificate expires, the user needs or management agencies are
deemed necessary in accordance with the contract, the key management
system revokes the key currently used by the user in accordance with the CA
request.
6.3 System design
6.3.1 Overview
Key management system design includes the overall system design and
subsystem design. This standard provides the key management system design
principles and the realization of various subsystems, during the specific
implementation process, it shall be based on the selected development platform
and development environment for detailed design.
6.3.9 Cryptography service module
The cryptography service module is responsible for providing cryptography
support for various services of the key management system.
7 Cryptography algorithm, cryptography device and interface
7.1 Cryptography algorithm
The certificate authentication system uses the symmetric cryptography
algorithm, the asymmetric cryptography algorithm and the cryptography hash
algorithm to implement various functions of the cryptography service.
7.2 Cryptography device
7.2.1 Overview
The cryptography device approved by the national cryptography administration
department shall be used, including.
7.2.2 Cryptography device functions
The cryptography device must have the following basic functions.
7.2.3 Security requirements for cryptography devices
The cryptography device shall meet the following requirements.
7.3 Cryptography service interface
The interface of the cryptography device follows GM/T 0018, the interface of
the smart token follows GM/T 0016, the interface of the cryptography service
follows GM/T 0019 and GM/T 0020.
8 Certificate authentication center
8.1 System
8.1.1 Functional requirements
The service functions provided by CA mainly include.
8.1.3 Administrator configuration requirements
The following administration and operation staff shall be set up in the CA.
8.2 Security
8.2.1 Overview
CA system security includes system security, communication security, key
security, certificate management security, security audit, physical security,
personnel security and other aspects of security.
8.2.4 Key security
8.2.4.1 Overview
The key goal of key security is to secure the keys used in the CA system
throughout its lifecycle, including generation, storage, use, update, abolition,
archiving, destruction, backup, and recovery. It shall take a variety of security
measures such as hardware cryptography device, key management security
protocol, key access control, key management operation audit.
8.2.4.3 Root CA key
The root CA key security, in addition to meeting basic requirements, shall also
satisfy the following requirements.
8.2.6 Security audit
8.2.6.1 Overview
CA system involves a large number of mutual calling of functional modules in
the operation, as well as a variety of administrator operations, these calls and
operations need to be recorded in the form of logs for system error analysis,
risk analysis and security audit jobs.
8.6 Personnel management system
Personnel management system includes the personnel credibility
authentication, job settings and so on.
9 Key management center
9.1 Construction principles
Key management center is constructed in accordance with the principles of CA
unified planning, organic combination, independent set up, respective
management.
9.2 System
9.2.1 Functional requirements
Key management center shall provide the following service features.
9.2.2 Performance requirements
The performance of the key management center shall meet the following
requirements.
9.5 Reliability
KMC reliability makes reference to the requirements of clause 8.4.
9.6 Physical security
KMC physical security makes reference to the requirements of clause 8.5.
9.7 Personnel management system
KMC personnel management system makes reference to the requirements of
clause 8.6.
GM/T 0034-2014
GM
CRYPTOGRAPHY INDUSTRY STANDARD
ICS 35.040
L 80
File No.. 44635-2014
Specifications of cryptograph and related
security technology for certification system
based on SM2 cryptographic algorithm
Issued on. FEBRUARY 13, 2014
Implemented on. FEBRUARY 13, 2014
Issued by. State Cryptography Administration
Table of Contents
Foreword... 4
1 Scope... 5
2 Normative references... 5
3 Terms and definitions... 6
4 Abbreviations... 9
5 Certificate authentication system... 9
6 Key management system... 22
7 Cryptography algorithm, cryptography device and interface... 28
8 Certificate authentication center... 31
9 Key management center... 41
10 Certificate authentication center operation and management requirements
... 44
11 Key management center operations management requirements... 51
12 Certificate operation process... 53
Appendix A (Informative) Certificate authentication system network structure
... 58
References... 61
1 Scope
This standard specifies the specifications of cryptograph and related security
technology for digital certificate authentication system based on SM2
cryptographic algorithm, including certificate authentication center, key
management center, cryptography algorithm, cryptography device and
interfaces.
This standard applies to guide the construction and detection assessment of
the digital certificate authentication system of the third-party authority,
standardize the application of cryptograph and related security technology in
digital certificate authentication system. The construction, operation and
management of the digital certificate authentication system of the non-third-
party authority may refer to this standard.
2 Normative references
The following documents are essential to the application of this document. For
the dated documents, only the versions with the dates indicated are applicable
to this document; for the undated documents, only the latest version (including
all the amendments) are applicable to this standard.
GB/T 2887 General specification for computer field
GB/T 6650 Technical conditions for movable floor of computer room
GB/T 9361 Safety requirements for computer field
GB 50174 Code for design of electronic information system room
GM/T 0014 Digital certificate authentication system cryptography protocol
specification
GM/T 0015 Digital certificate format based on SM2 algorithm
GM/T 0016 Smart token cryptography application interface specification
3 Terms and definitions
3.1
Authority certificate
Certificate that is signed and issued to the certificate authentication institute.
3.2
CA certificate
A certificate signed by a CA to another CA; a CA may also sign a certificate
to itself, which is a self-signed certificate.
3.3
Certificate authentication system
A system that manages the entire life cycle of digital certificates such as the
issuance, release, update, revocation.
3.4
Certificate policy
A specified set of rules that indicates the suitability of a certificate for a
specific community and/or application-specific class with general security
requirements. For example, a specific certificate policy may indicate the
suitability of one type of certificate for the authentication of electronic data
processing of the commodity transaction at a certain price range.
3.5
Certificate revocation list; CRL
A list of revoked certificates that are signed and issued by the certificate
authority (CA).
4 Abbreviations
The following abbreviations apply to this document.
KMC. Key Management Center
5 Certificate authentication system
5.1 Overview
Certificate authentication system is a security system to perform entire process
management of the digital certificate within the life cycle.
5.2 Functional requirements
5.2.1 Overview
Certificate authentication system provides the entire process management
function of the digital certificates within the life cycle, including user registration
management, certificate/certificate revocation list generation and issuance,
5.2.3 Certificate/certificate revocation list generation and issuance
system
5.2.3.1 Function
The certificate/certificate revocation list generation and issuance system are
responsible for generating and issuing digital certificates and certificate
revocation lists.
The digital certificate of the user is issued by the CA of the system, the digital
certificate of the root CA is issued by the root CA itself, and the digital certificate
of the subordinate CA is issued by the higher CA.
5.2.5 Certificate status inquiry system
The certificate status inquiry system shall provide the certificate status inquiry
service for users and application systems, including.
5.2.6 Certificate management system
The certificate management system is a management control system which
realizes the functions of application, audit, generation, issuance, storage,
distribution, revocation and archiving of certificate/certificate revocation list in
certificate authentication system.
6 Key management system
6.1 Structure description
Key management system consists of key generation, key management, key
library management, authentication management, security audit, key recovery
and cryptography service modules. The proposed key management system
logic structure is shown in Figure 3.
6.2 Functional description
6.2.1 Overview
The key management system provides the function of managing the whole
process of the encrypted certificate key pair in the life cycle, including key
generation, key storage, key distribution, key backup, key update, key
revocation, key archiving, key recovery and security management.
6.2.4 Key distribution
The asymmetric key pair generated by the key management system, which is
distributed to the user certificate carrier through the certificate authentication
system.
6.2.7 Key revocation
When the certificate expires, the user needs or management agencies are
deemed necessary in accordance with the contract, the key management
system revokes the key currently used by the user in accordance with the CA
request.
6.3 System design
6.3.1 Overview
Key management system design includes the overall system design and
subsystem design. This standard provides the key management system design
principles and the realization of various subsystems, during the specific
implementation process, it shall be based on the selected development platform
and development environment for detailed design.
6.3.9 Cryptography service module
The cryptography service module is responsible for providing cryptography
support for various services of the key management system.
7 Cryptography algorithm, cryptography device and interface
7.1 Cryptography algorithm
The certificate authentication system uses the symmetric cryptography
algorithm, the asymmetric cryptography algorithm and the cryptography hash
algorithm to implement various functions of the cryptography service.
7.2 Cryptography device
7.2.1 Overview
The cryptography device approved by the national cryptography administration
department shall be used, including.
7.2.2 Cryptography device functions
The cryptography device must have the following basic functions.
7.2.3 Security requirements for cryptography devices
The cryptography device shall meet the following requirements.
7.3 Cryptography service interface
The interface of the cryptography device follows GM/T 0018, the interface of
the smart token follows GM/T 0016, the interface of the cryptography service
follows GM/T 0019 and GM/T 0020.
8 Certificate authentication center
8.1 System
8.1.1 Functional requirements
The service functions provided by CA mainly include.
8.1.3 Administrator configuration requirements
The following administration and operation staff shall be set up in the CA.
8.2 Security
8.2.1 Overview
CA system security includes system security, communication security, key
security, certificate management security, security audit, physical security,
personnel security and other aspects of security.
8.2.4 Key security
8.2.4.1 Overview
The key goal of key security is to secure the keys used in the CA system
throughout its lifecycle, including generation, storage, use, update, abolition,
archiving, destruction, backup, and recovery. It shall take a variety of security
measures such as hardware cryptography device, key management security
protocol, key access control, key management operation audit.
8.2.4.3 Root CA key
The root CA key security, in addition to meeting basic requirements, shall also
satisfy the following requirements.
8.2.6 Security audit
8.2.6.1 Overview
CA system involves a large number of mutual calling of functional modules in
the operation, as well as a variety of administrator operations, these calls and
operations need to be recorded in the form of logs for system error analysis,
risk analysis and security audit jobs.
8.6 Personnel management system
Personnel management system includes the personnel credibility
authentication, job settings and so on.
9 Key management center
9.1 Construction principles
Key management center is constructed in accordance with the principles of CA
unified planning, organic combination, independent set up, respective
management.
9.2 System
9.2.1 Functional requirements
Key management center shall provide the following service features.
9.2.2 Performance requirements
The performance of the key management center shall meet the following
requirements.
9.5 Reliability
KMC reliability makes reference to the requirements of clause 8.4.
9.6 Physical security
KMC physical security makes reference to the requirements of clause 8.5.
9.7 Personnel management system
KMC personnel management system makes reference to the requirements of
clause 8.6.
......
Source: Above contents are excerpted from the full-copy PDF -- translated/reviewed by: www.ChineseStandard.net / Wayne Zheng et al.
Tips & Frequently Asked QuestionsQuestion 1: How long will the true-PDF of English version of GM/T 0034-2014 be delivered?Answer: The full copy PDF of English version of GM/T 0034-2014 can be downloaded in 9 seconds, and it will also be emailed to you in 9 seconds (double mechanisms to ensure the delivery reliably), with PDF-invoice. Question 2: Can I share the purchased PDF of GM/T 0034-2014_English with my colleagues?Answer: Yes. The purchased PDF of GM/T 0034-2014_English will be deemed to be sold to your employer/organization who actually paid for it, including your colleagues and your employer's intranet. Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countriesQuestion 4: Do you accept my currency other than USD?Answer: Yes. www.ChineseStandard.us -- GM/T 0034-2014 -- Click this link and select your country/currency to pay, the exact amount in your currency will be printed on the invoice. Full PDF will also be downloaded/emailed in 9 seconds. How to buy and download a true PDF of English version of GM/T 0034-2014?A step-by-step guide to download PDF of GM/T 0034-2014_EnglishStep 1: Visit website https://www.ChineseStandard.net (Pay in USD), or https://www.ChineseStandard.us (Pay in any currencies such as Euro, KRW, JPY, AUD).
Step 2: Search keyword "GM/T 0034-2014".
Step 3: Click "Add to Cart". If multiple PDFs are required, repeat steps 2 and 3 to add up to 12 PDFs to cart.
Step 4: Select payment option (Via payment agents Stripe or PayPal).
Step 5: Customize Tax Invoice -- Fill up your email etc.
Step 6: Click "Checkout".
Step 7: Make payment by credit card, PayPal, Google Pay etc. After the payment is completed and in 9 seconds, you will receive 2 emails attached with the purchased PDFs and PDF-invoice, respectively.
Step 8: Optional -- Go to download PDF.
Step 9: Optional -- Click Open/Download PDF to download PDFs and invoice.
See screenshots for above steps: Steps 1~3 Steps 4~6 Step 7 Step 8 Step 9 |