Powered by Google www.ChineseStandard.net Database: 189759 (19 May 2024)

GM/T 0094-2020 PDF in English


GM/T 0094-2020 (GM/T0094-2020, GMT 0094-2020, GMT0094-2020)
Standard IDContents [version]USDSTEP2[PDF] delivered inName of Chinese StandardStatus
GM/T 0094-2020English205 Add to Cart 0-9 seconds. Auto-delivery. Public key cryptographic application technology framework specification Valid


Standards related to: GM/T 0094-2020

GM/T 0094-2020: PDF in English (GMT 0094-2020)

GM/T 0094-2020
GM
CRYPTOGRAPHIC INDUSTRY OF THE
PEOPLE’S REPUBLIC OF CHINA
ICS 35.040
CCS L 80
Public key cryptographic application technology
framework specification
ISSUED ON: DECEMBER 28, 2020
IMPLEMENTED ON: JULY 01, 2021
Issued by: State Cryptography Administration
Table of Contents
Foreword ... 3 
1 Scope ... 4 
2 Normative references ... 4 
3 Terms and definitions ... 4 
4 Public key cryptographic application technology framework ... 5 
Annex A (normative) Interface naming ... 13 
Annex B (normative) Error code interval division ... 14 
Annex C (informative) List of crypto industry standards in the framework that
have been transformed into national standards ... 15 
Bibliography ... 16 
Public key cryptographic application technology
framework specification
1 Scope
This Document specifies the public key cryptographic application technology
framework. It gives the components and their logical relationships within the
framework.
This Document is applicable to the construction of public key cryptographic
application technology system and the formulation as well as revision of related
standards. It guides the cryptographic application of the application system.
2 Normative references
The following referenced documents are indispensable for the application of
this document. For dated references, only the edition cited applies. For undated
references, the latest edition of the referenced document (including any
amendments) applies.
GB/T 35275, Information security technology - SM2 cryptographic algorithm
encrypted signature message syntax specification
GM/Z 4001, Cryptographic terms
3 Terms and definitions
For the purposes of this document, the terms and definitions defined in GM/Z
4001 as well as the followings apply.
3.1 attribute authority system
a management system that is used to generate, issue, issue, update and revoke
attribute certificates
3.2 access control
according to a specific policy, a mechanism to allow or deny users access to
resources
3.3 certificate authentication system
framework
4.2 Cryptography device service
The cryptography device service is composed of cryptographic modules. The
cryptographic module includes cryptographic machines, cryptographic cards,
smart cryptographic terminals and other equipment or cryptographic software.
It provides key management, cryptographic calculation and device
management services to the common cryptography application support through
the cryptography device service interface. It accepts the cryptography device
management of the infrastructure security support platform.
In the cloud computing environment, the cryptography device service consists
of a cryptography device and a cryptography resource pool. The physical
cryptography device is virtualized into virtual cryptography devices that shall be
assigned to tenants on demand. In order to effectively manage virtual
cryptographic resources, a cryptographic resource manager is required in the
infrastructure security support platform to manage the creation, destruction,
configuration and drift of cryptographic resources in the cryptography device
service.
4.3 Common cryptography application support
The common cryptography service function mainly includes: being responsible
to complete the security connection to the cryptography device; realize the
identity authentication based on digital certificate, obtain relevant information
from the certificate so as to implement security mechanisms such as
authorization management and access control; being responsible for interacting
with cryptography devices to implement specific cryptographic operations;
encapsulating the data according to the GB/T 35275 format, data encapsulation
format has nothing to do with the application system, realizing application
system interconnection and information sharing.
The common cryptography application support supports the interface through
the common cryptography application. It provides the upper layer (typical
cryptography application support and application) with transparent
cryptographic application support that has nothing to do with specific
cryptography devices. It transforms the upper-level cryptographic application
support request into a specific basic cryptographic operation request. It calls
the corresponding cryptography device through a unified cryptography device
application interface to implement specific cryptographic calculations and key
operations.
The common cryptography application support includes cryptographic functions
such as certificate analysis, certificate authentication, confidentiality, integrity,
authenticity and non-repudiation of information.
4.7 Series of specifications within the framework
The series of standards within this framework include but are not limited to:
a) Cryptography device (1):
GM/T 0017, Smart token cryptography application interface data format
specification
GM/T 0022, IPSec VPN specification
GM/T 0024, SSL VPN specification
GM/T 0027, Technique requirements for smart token
GM/T 0028, Security Requirements for Cryptographic Modules
GM/T 0029, Sign and verify server technical specification
GM/T 0030, Cryptographic server technical specification
b) Cryptography device service to common cryptography application support
(2):
GM/T 0016, Smart token cryptography application interface specification
GM/T 0018, Interface specifications of cryptography device application
The interface naming and error code interval division involved in the interface
specification shall be carried out in accordance with Annex A and Annex B.
c) Common cryptography service (3):
GM/T 0009, SM2 Cryptography Algorithm Application Specification
GM/T 0010, SM2 cryptography message syntax specification
d) Common cryptography application support to the upper layer (4):
GM/T 0019, Universal cryptography service interface specification
GM/T 0020, Certificate application integrated service interface
specification
e) Authentication (5):
GM/T 0026, Security authentication gateway product specification
f) Electronic signature (6):
Annex C
(informative)
List of crypto industry standards in the framework that have been
transformed into national standards
The List of crypto industry standards in the framework that have been
transformed into national standards is as follow:
a) GM/T 0022 “IPSec VPN specification” corresponds to the national
standard GB/T 36968-2018 “Information security technology - Technical
specification for IPSec VPN”;
b) GM/T 0028 “Security Requirements for Cryptographic Modules”
corresponds to the national standard GB/T 37092-2018 “Information
security technology - Security requirements for cryptographic modules”;
c) GM/T 0016 “Smart token cryptography application interface specification”
corresponds to the national standard GB/T 35291-2017 “Information
security technology - Cryptography token application interface
specification”;
d) GM/T 0009 “SM2 Cryptography Algorithm Application Specification”
corresponds to the national standard GB/T 35276-2017 “Information
security technology - SM2 cryptography algorithm usage specification”;
e) GM/T 0010 “SM2 cryptography message syntax specification”
corresponds to the national standard GB/T 35275-2017 “Information
security technology - SM2 cryptographic algorithm encrypted signature
message syntax specification”;
f) GM/T 0015 “Digital certificate format based on SM2 algorithm”
corresponds to the national standard GB/T 20518-2018 “Information
security technology - Public key infrastructure - Digital certificate format”;
g) GM/T 0034 “Specifications of cryptograph and related security technology
for certification system based on SM2 cryptographic algorithm”
corresponds to the national standard GB/T 25056-2018 “Information
security technology -Specifications of cryptograph and related security
technology for certificate authentication system”.
......
 
Source: Above contents are excerpted from the PDF -- translated/reviewed by: www.chinesestandard.net / Wayne Zheng et al.