GB/T 34095-2017 English PDFUS$1879.00 · In stock
Delivery: <= 11 days. True-PDF full-copy in English will be manually translated and delivered via email. GB/T 34095-2017: Information security technology -- Technology requirements for electronic payment of mobile terminal security based on short-range radio communication technology Status: Valid
Basic dataStandard ID: GB/T 34095-2017 (GB/T34095-2017)Description (Translated English): Information security technology -- Technology requirements for electronic payment of mobile terminal security based on short-range radio communication technology Sector / Industry: National Standard (Recommended) Classification of Chinese Standard: L80 Classification of International Standard: 35.040 Word Count Estimation: 94,969 Date of Issue: 2017-07-31 Date of Implementation: 2018-02-01 Issuing agency(ies): General Administration of Quality Supervision, Inspection and Quarantine of the People's Republic of China, Standardization Administration of the People's Republic of China GB/T 34095-2017: Information security technology -- Technology requirements for electronic payment of mobile terminal security based on short-range radio communication technology---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order. Information security technology - Technology requirements for electronic payment of mobile terminal security based on short-range radio communication technology ICS 35.040 L80 National Standards of People's Republic of China Information Security Technology Near-field wireless for electronic payment Communication mobile terminal security technology requirements 2017-07-31 Posted 2018-02-01 implementation General Administration of Quality Supervision, Inspection and Quarantine of People's Republic of China China National Standardization Administration released Directory Foreword Ⅲ 1 Scope 1 2 Normative references 1 3 Terms and Definitions, Abbreviations 1 3.1 Terms and definitions 1 3.2 Abbreviations 3 4 Overview 4 5 Evaluation Object (TOE) 4 5.1 Overview 4 5.2 built-in safety unit 5 5.3 Universal Integrated Circuit Card (UICC) 8 5.4 life cycle 8 5.5 characters 10 6 Security Issues 10 6.1 Assets 6.2 Users and Subjects 12 6.3 Assumptions 12 6.4 Threats 13 6.5 Organizational Security Policy 19 7 safety purpose 21 7.1 TOE safety purpose 21 7.2 Environmental Safety Purpose 26 7.3 The purpose of safety correspondence 27 8 extended component definition 29 8.1 FCS_RNG Family Definition 29 8.2 FCS_RNG.1 Quality index of random number 30 Safety function requirements 9.1 Overview 9.2 security chip IC-Chip safety function requirements 33 9.3 Smart Card Management Security Feature Requirements 39 9.4 Operating Environment Safety Function Requirements 45 9.5 platform security features 55 9.6 Correspondence between safety function requirements 56 10 Security Assurance Requirements 10.1 Overview 10.2 smart card chip security requirements 66 10.3 Development Process 79 10.4 Guidance Document 80 10.5 Life Cycle Support 81 10.6 Test Procedure 83 10.7 Vulnerability Assessment 85 10.8 Security Assurance Requirements Corresponding Relationships 85 References 88 ForewordThis standard was drafted in accordance with the rules given in GB/T 1.1-2009. This standard by the National Information Security Standardization Technical Committee (SAC/TC260) and focal point. This standard was drafted by the Ministry of Industry and Information Technology Telecommunications Research Institute, China Mobile Communications Corporation, China United Network Communications Group has Limited, China Telecom Corporation, China UnionPay Co., Ltd., Beijing Shaw Data System Co., Ltd., Chongqing Telecom Research Institute. The main drafters of this standard. Xia Luohui, Sun Yutao, Chengqiu Liang, Ren Xiaoming, Zhang Qiang, Ji Chengjun, Tan Ying, Zhang Chu, Fan Yu Xiao, Yuan Hao. Information Security Technology Near-field wireless for electronic payment Communication mobile terminal security technology requirements1 ScopeThis standard specifies the short-range wireless communication based on the mobile terminal electronic payment smart card and built-in security unit security technology requirements, The contents include the definition of the object of assessment (TOE), the definition of the safety issue, the description of the safety purpose, the description of the safety requirements and so on. This standard applies to based on close-range communication technology to support the electronic payment services containing smart card or built-in security unit mobile terminal Electronic equipment.2 Normative referencesThe following documents for the application of this document is essential. For dated references, only the dated version applies to this article Pieces. For undated references, the latest edition (including all amendments) applies to this document. Information technology - Security terminology GM/T 0005-2012 randomness test specification ISO /IEC 7816-2-2007 Identification cards Integrated circuit cards Part 2. Dimensions and positioning of contact cards with contacts (Iden- tificationcards-Integratedcircuitcards-Part 2.Cardswithcontacts-Dimensionsandlocationof thecontacts) ISO /IEC 7816-6-2004 Identification cards - Integrated circuit cards - Part 6. Exchange of data elements in the industry (Identification cards-Integratedcircuitcards-Part 6.Interindustrydataelementsforinterchange) ISO /IEC 15946-1-2008 Information technology - Security techniques based on elliptic curve cryptography - Part 1. General (Informationtechnology-Securitytechniques-Cryptographictechniques based on elipticcurves- Part 1.General) ISO /IEC 15946-3-2002 Information technology - Security techniques based on elliptic curve cryptography - Part 3. Key determination (Informationtechnology-Securitytechniques-Cryptographictechniques based on elipticcurves- Part 3.Keyestablishment) ISO /IEC 9797-1-2011 Information technology Confidential technology Message authenticity code Part 1. Block code mechanism [Infor- mationtechnology.Securitytechniques.MessageAuthenticationCodes (MACs) -Part 1.Mechanisms usingablockcipher] ISO /IEC 10116.2006 Information technology Security n block operation of the block algorithm (Informationtechnolo- gy-Security technologies-Modes of operation forann-bit blockcipher) GP22.2011 GlobalPlatformCardSpecification 3 Terms and Definitions, Abbreviations 3.1 Terms and definitions GB/T 25069-2010 defined and the following terms and definitions apply to this document. ......Tips & Frequently Asked Questions:Question 1: How long will the true-PDF of GB/T 34095-2017_English be delivered?Answer: Upon your order, we will start to translate GB/T 34095-2017_English as soon as possible, and keep you informed of the progress. The lead time is typically 7 ~ 11 working days. The lengthier the document the longer the lead time.Question 2: Can I share the purchased PDF of GB/T 34095-2017_English with my colleagues?Answer: Yes. The purchased PDF of GB/T 34095-2017_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet.Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countriesQuestion 4: Do you accept my currency other than USD?Answer: Yes. If you need your currency to be printed on the invoice, please write an email to Sales@ChineseStandard.net. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay. |
