HOME   Cart(0)   Quotation   About-Us Tax PDFs Standard-List Powered by Google www.ChineseStandard.net Database: 189759 (12 Jan 2025)

GM/T 0045-2016 PDF English


Search result: GM/T 0045-2016_English: PDF (GM/T0045-2016)
Standard IDContents [version]USDSTEP2[PDF] delivered inName of Chinese StandardStatus
GM/T 0045-2016English180 Add to Cart 0-9 seconds. Auto-delivery. Specifications of financial cryptographic server Valid
BUY with any currencies (Euro, JPY, GBP, KRW etc.): GM/T 0045-2016     Related standards: GM/T 0045-2016

PDF Preview: GM/T 0045-2016


GM/T 0045-2016: PDF in English (GMT 0045-2016)

GM/T 0045-2016 GM CRYPTOGRAPHY INDUSTRY STANDARD OF THE PEOPLE’S REPUBLIC OF CHINA ICS 35.040 L 80 File No.. 55613-2016 Specifications of financial cryptographic server ISSUED ON. MARCH 28, 2016 IMPLEMENTED ON. MARCH 28, 2016 Issued by. State Cryptography Administration Table of Contents Foreword ... 3  1 Scope .. 4  2 Normative references ... 4  3 Terms and definitions ... 5  4 Abbreviation ... 7  5 Functional requirements .. 8  5.1 Cryptographic algorithm ... 8  5.2 Key management... 9  5.3 Random number ... 11  5.4 Access control ... 12  5.5 Device management ... 13  5.6 Device initialization .. 13  5.7 Self-test .. 14  6 Hardware requirements ... 14  6.1 Physical interface.. 14  6.2 Status indicator .. 14  6.3 Random number generator ... 14  6.4 Environmental adaptability.. 14  6.5 Reliability ... 14  7 Security business requirements ... 15  7.1 Basic requirements .. 15  7.2 Data message interface ... 15  7.3 Business function requirements ... 16  8 Security requirements ... 38  9 Test requirements .. 38  9.1 Function test ... 38  9.2 Performance test .. 40  9.3 Environmental compatibility test .. 43  9.4 Security test ... 43  10 Determination of qualification .. 43  Foreword This Standard was drafted in accordance with the rules given in GB/T 1.1-2009. Attention is drawn to the possibility that some of the elements of this Standard may be the subject of patent rights. The issuing authority shall not be held responsible for identifying any or all such patent rights. This Standard was proposed by and shall be under the jurisdiction of Code Industry Standardization Technical Committee. Main drafting organizations of this Standard. Chengdu Westone Information Industry Joint Stock Company, Wuxi Jiangnan Institute of Computer Technology, Xing Tang Communication Technology Co., Ltd., Shandong De'an Information Technology Co., Ltd., Beijing Sansec Technology Development Company, Ltd., Beijing Jiangnan Tian-An Technology Co., Ltd. Main drafters of this Standard. Li Yuanzheng, Zhang Shixiong, Huang Jin, Zhang Suocheng, Xu Mingyi, Wang Nina, Zheng Haisen, Gao Zhiquan, Li Guo, Ma Xiaoyan. Specifications of financial cryptographic server 1 Scope This Standard defines relevant terms of financial cryptographic server, specifies functional requirements, interface requirements, hardware requirements, business requirements, security requirements and test requirements for financial cryptographic server. This Standard is applicable to the development, use of financial cryptographic server. It is also applicable to guide the test of financial cryptographic server. 2 Normative references The following referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies. GB/T 4943, Safety of information technology equipment GB/T 9813-2000, Specification for microcomputer GB/T 17964, Information technology - Security techniques - Modes of operation for a block cipher GM/T 0002, SM4 Block Cipher Algorithm GM/T 0003, Public Key Cryptographic Algorithm SM2 Based on Elliptic Curves GM/T 0004, SM3 Password Hashing Algorithm GM/T 0005, Randomness Test Specification GM/T 0006, Cryptographic application identifier criterion specification GM/T 0009, SM2 Cryptography Algorithm Application Specification GM/T 0028, Security Requirements for Cryptographic Modules JR/T 0025, China Financial Integrated Circuit Card Specifications use physical means to protect hardware cryptographic device and its keys or sensitive information 3.9 master key; MK it is at the highest layer in hierarchical key structure, used to protect its lower keys 3.10 secondary master key; SMK it is at the second layer in hierarchical key structure, used to generate or protect its lower keys 3.11 key separation; KS ensure that each cryptographic operation uses only the specified key type, for example, the MAC key can only be used to generate a message authentication code 3.12 data key; DK a key that is to protect PIN and calculate MAC, including MAC key (MAK) and PIN key (PINK), also known as working key 3.13 key check value; KCV through the result value calculated by irreversible algorithm, it is used to for integrity inspection; the check value usually uses irreversible algorithm to calculate the result of any string under the key 3.14 personal identification number; PIN in financial business, a digital ID that authorizes a cardholder in a request for authorization message; PIN only contains decimal number; when logging in, it can support numbers, uppercase and lowercase letters, punctuation 3.15 key loading; KL a process of transferring keys to cryptographic server manually or electronically 3.16 manual key distribution; MKD a method of using non-electronic means such as cryptography envelope for key distribution 3.17 manual key entry; MKE inject keys with keyboard into financial cryptographic server 5 Functional requirements 5.1 Cryptographic algorithm 5.1.1 Symmetric cryptographic algorithm The financial cryptographic server shall be equipped with SM4 symmetric cryptographic algorithm. The realization of SM4 cryptographic algorithm shall follow GM/T 0002. In order to meet the requirement of compatibility with the original system or the interconnection with other systems (for example, the external card system), the international standard DES/3DES/AES cryptographic algorithm and other algorithms approved by the national cryptography management department may also be supported. The operation mode of symmetric cryptographic algorithm shall follow GB/T 17694, at least containing ECB and CBC modes. The symmetric cryptographic algorithm is mainly used for PIN encryption, PIN trans-encryption, MAC calculation, data encryption and decryption, key protection. 5.1.2 Public key algorithm The financial cryptographic server shall be equipped with SM2 asymmetric cryptographic algorithm. The realization of SM2 cryptographic algorithm shall follow GM/T 0003. The use of algorithm shall follow GM/T 0009. In order to meet the requirement of compatibility with the original system or the interconnection with other systems (for example, the external card system), the international standard RSA cryptographic algorithm and other algorithms approved by the national cryptography management department may also be supported. RSA cryptographic algorithm module length shall meet the length that is proposed and recommended by the international bank card organization. And it can be extended. The asymmetric cryptographic algorithm is mainly sued for digital signature and signature verification, cryptography envelope, key distribution. 5.1.3 Hash algorithm The financial cryptographic server shall be equipped with SM3 hash algorithm. The realization of SM3 hash algorithm shall follow GM/T 0004. In addition, when SM2 cryptographic algorithm is used for digital signature verification and calculation of message authentication code, the algorithm is required to equip with SM3 hash algorithm. The realization of SM3 hash algorithm used in SM2 information is not leaked. The key in plaintext form that requires manual entry shall use segment transmission, storage and entry. Different key components shall be saved separately by different authorized administrators. During key entry, it shall be completed together by at least more than 2 authorized administrators on the entry site. 5.2.5 Key backup / restore The financial cryptographic server shall have backup / restore function for master key, secondary master key. The backup data generated by the backup operation shall be stored in ciphertext on the storage medium. The key to encrypt the backup data shall have a security mechanism to ensure its security. The backup key can be restored to the financial cryptographic server. Different models of financial cryptographic server of same manufacturer shall be able to backup and restore each other. The key restore can be only performed in the financial cryptographic server. 5.3 Random number The financial cryptographic server shall use random numbers generated by no less than two hardware physical noise sources. The generated random numbers shall meet the requirements of GM/T 0005. The random number generator equipped for financial cryptographic server shall pass four phrases of random number tests. sample sending test, exit-factory test, power-on test and use test. a) Sample sending test Carry out sample sending test of random number according to GM/T 0005 requirements. b) Exit-factory test • test quantity. collect 50×106 bit random numbe... ......
 
Source: Above contents are excerpted from the PDF -- translated/reviewed by: www.chinesestandard.net / Wayne Zheng et al.