GM/T 0050-2016 PDF in English
GM/T 0050-2016 (GM/T0050-2016, GMT 0050-2016, GMT0050-2016)
Standard ID | Contents [version] | USD | STEP2 | [PDF] delivered in | Name of Chinese Standard | Status |
GM/T 0050-2016 | English | 170 |
Add to Cart
|
0-9 seconds. Auto-delivery.
|
Cryptography Device Management - Specification of Device Management Technology
| Valid |
Standards related to (historical): GM/T 0050-2016
PDF Preview
GM/T 0050-2016: PDF in English (GMT 0050-2016) GM/T 0050-2016
GM
CRYPTOGRAPHY INDUSTRY STANDARD
OF THE PEOPLE’S REPUBLIC OF CHINA
ICS 35.040
L 80
Record No.. 58555-2017
Cryptography Device Management –
Specification of Device Management Technology
ISSUED ON. DECEMBER 23, 2016
IMPLEMENTED ON. DECEMBER 23, 2016
Issued by. State Cryptography Administration
Table of Contents
Foreword . 5
Introduction .. 6
1 Scope .. 7
2 Normative references .. 7
3 Terms and definitions .. 7
4 Abbreviation . 9
5 Cryptography device management system .. 9
5.1 The position of cryptography device management in the framework of the
cryptographic infrastructure application technology system .. 9
5.2 Cryptography device management platform structure .. 10
5.3 Cryptography device management application system structure .. 11
5.4 Management application layer .. 12
5.5 Device management platform layer .. 12
5.5.1 Structure and function of device management platform .. 12
5.5.2 General center of device management.. 13
5.5.3 Device management information base .. 13
5.5.4 Subcenter of device management . 14
5.6 Cryptography device layer .. 15
5.7 Device certificate management . 16
5.8 Registration process .. 16
5.8.1 Registration requirements .. 16
5.8.2 Registration for subcenter of device management .. 17
5.8.3 Registration of be-managed object .. 17
6 Security tunnel message .. 18
6.1 Security tunnel protocol.. 18
6.2 Security tunnel message .. 18
6.2.1 Definition of format for security tunnel message.. 18
6.2.2 Message format for security tunnel establishment request . 20
6.2.3 Message format for security tunnel establishment response . 21
6.2.4 Message format for security tunnel data sending . 21
6.2.5 Message format to inform the security tunnel to restart . 22
6.3 Opportunity for establishing security tunnel .. 22
6.4 Use of security tunnel.. 23
7 Device management information .. 23
7.1 Definition of device management information .. 23
7.2 Definition of data type . 23
7.3 Hierarchical structure of management information .. 25
7.4 Attribute definition . 27
7.4.1 Basic information group .. 27
7.4.2 Interface group .. 29
7.4.3 Management entity group .. 30
8 Device management message .. 31
8.1 Format definition of device management message . 31
8.2 get operation message .. 33
8.3 Get-next operation message .. 33
8.4 Response operation message .. 33
8.5 Set operation message .. 34
8.6 Get-bulk operation message .. 34
8.7 Inform operation message .. 34
8.8 Trap operation message .. 34
9 Device management platform provides interface for management
application .. 34
9.1 Overview . 35
9.2 System initialization interface . 35
9.2.1 Initialization device management environment .. 35
9.2.2 Exit device management environment. 36
9.3 Device attribute management interface .. 36
9.3.1 Get the total number of device . 36
9.3.2 Get device information as per number. 37
9.3.3 Get device attribute values in batches . 38
9.3.4 Set device attribute value .. 39
9.3.5 Export device certificate .. 39
9.4 Data sending interface .. 40
9.4.1 Use security tunnel to send data . 40
9.5 Alarm information management interface .. 41
9.5.1 Get the number of alarm information and alarm number .. 41
9.5.2 Get one alarm information .. 42
9.5.3 Set alarm information to be processed .. 43
Appendix A (Normative) Error code definition .. 44
Appendix B (Normative) Security tunnel protocol framework .. 45
Bibliography .. 47
Introduction
Cryptographic device management provides application interface of device
management to the upper management application; provides device management
functions to the upper management applications such as realization of remote key
management, device maintenance, device monitoring, device compliance inspection,
etc.; convert the management request of the upper management applications into
standard message for transferring; establish the security tunnel of application layer
through security protocol; realize the message transferring between management
application and cryptographic device.
This Standard specifies the application interface, management process, management
information structure of the cryptographic device management; confirms the specific
requirements for cryptographic device to implement the management agent; realize
the irrelevance between device management application and the specific
cryptographic device; to achieve the purposes of the cryptographic device designed
and developed according to this Standard shall be uniformly managed and configured
by the management system developed as per this Standard. The establishment and
operation requirements for the cryptographic device management system can refer to
the relevant standards of CA management system; this Standard shall not define
additionally. This Standard provides guidance and basis for the study and development
of cryptographic device and upper management application.
This Standard stipulates a set of cryptographic device management application
interfaces, confirms the specific requirements for the cryptographic device to
implement the management agent; realizes the irrelevance between device
management application and specific cryptographic device; so that achieve the
purpose that the cryptographic device designed and developed as per this Standard
can be uniformly managed and configured.
The Clause 5, 6, 7, 8, 9 of this Standard shall be used by the developer of the
cryptographic device management system.
The Clause 5, 6, 7, 8 of this Standard shall be used by the cryptographic device
manufacturer.
The Clause 5, 9 of this Standard shall be used by the management application
manufacturer.
The preparation of this Standard has been guided by the overall working group of
National Commercial Cryptographic Application System.
Cryptography Device Management –
Specification of Device Management Technology
1 Scope
This Standard specifies the system structure, management process, security tunnel
protocol, management information structure, application interface and standard
management message format of cryptographic device management.
Provide guidance and basis for the study and development of cryptographic device
within the technical system framework and the upper management application.
This Standard is applicable to the study and development of cryptographic device
management system, cryptographic device management application, cryptographic
machine, and the like cryptographic devices; it can also be used for guiding the
inspection of cryptographic device management system and cryptographic device.
2 Normative references
The following documents are essential to the application of this document. For the
dated documents, only the versions with the dates indicated are applicable to this
document; for the undated documents, only the latest version (including all the
amendments) are applicable to this document.
GM/T 0006 Cryptographic Application Identifier Criterion Specification
GM/T 0009 SM2 Cryptography Algorithm Application Specification
GM/T 0015 Digital Certificate Format based on SM2 Algorithm
GM/T 0018 Interface Specifications of Cryptography Device Application
3 Terms and definitions
The following terms and definitions are applicable to this document.
3.1 Cryptography device
The device that provides secure storage for key and the secret information, provides
cryptographic security service basis on the secret information. In this Standard, it refers
specially to the cryptographic device that can accept the device management
operations, it mainly includes network cipher machine, application cipher machine/card;
however, it excludes intelligent cryptographic end, cryptographic chip, and the like
component-level devices.
3.2 Device certificate
The digital information that can identify the cryptography device ID includes the basic
information of cryptography device, device public key information, and other
supplement information, etc. The device certificate can be issued by special CA system,
but also can be issued by device management platform.
3.3 Security tunnels
The application layer security connection established through the data interaction
security protocol between device management center and cryptography device-
managed agent; it aims to provide confidentiality and integrity protection for application
layer information interaction between device management network and cryptography
device.
3.4 Device key pair
The asymmetric key pair for device management stored inside the device, it includes
signature key pair and encryption key pair.
3.5 Be-managed object
The cryptography device that accepts the management, it becomes the be-managed
object through device-managed agent.
3.6 Device-managed agent
The device-managed device is a logic entity that implements the establishment of
security tunnels, analysis of device management message; it processes the message
command issued by the device management center, the processed results shall be
returned to the device management center. Each device-managed agent corresponds
to one cryptography device; the device-managed agent can be realized within the
cryptography device or realized by the external host computer of the cryptography
device. If it is realized externally, the security connection between external device
agent and agent cryptography device.
3.7 Security tunnels message
The initialization protocol message that the cryptography device management platform
establishes and maintains secure session connection between the managed device
be divided into three layers as per the function, namely. management application layer,
management platform layer and cryptography device layer. The management
application lay...
...... Source: Above contents are excerpted from the PDF -- translated/reviewed by: www.chinesestandard.net / Wayne Zheng et al.
|