GM/T 0051-2016 PDF EnglishUS$170.00 · In stock · Download in 9 seconds
GM/T 0051-2016: Cryptography device management - Specifications of symmetric key management technology Delivery: 9 seconds. True-PDF full-copy in English & invoice will be downloaded + auto-delivered via email. See step-by-step procedure Status: Valid
Similar standardsGM/T 0051-2016: Cryptography device management - Specifications of symmetric key management technology---This is an excerpt. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.), auto-downloaded/delivered in 9 seconds, can be purchased online: https://www.ChineseStandard.net/PDF.aspx/GMT0051-2016 GM CRYPTOGRAPHY INDUSTRY STANDARD OF THE PEOPLE’S REPUBLIC OF CHINA ICS 35.040 L 80 File No.. 58556-2017 Cryptography device management – Specifications of symmetric key management technology Issued on: DECEMBER 23, 2016 Implemented on: DECEMBER 23, 2016 Issued by. State Cryptography Administration Table of ContentsForeword ... 3 Introduction .. 4 1 Scope .. 5 2 Normative references ... 5 3 Terms and definitions ... 5 4 Abbreviations .. 8 5 Symmetric key management physical security requirements ... 8 5.1 System security requirements ... 8 5.2 Functional security requirements ... 8 6 Symmetric key management system ... 11 6.1 Position in the cryptographic infrastructure technology framework ... 11 6.2 Management scope ... 13 6.3 System technology framework .. 13 6.4 System function structure ... 15 6.5 Function description ... 16 6.6 System design requirements ... 18 7 Symmetric key management application instructions and management interfaces ... 25 7.1 Basic requirements .. 25 7.2 Application instructions ... 26 7.3 Management interface ... 34 Appendix A (Normative) Error code definition .. 37 Appendix B (Normative) Key format configuration file ... 38ForewordThis Standard was drafted in accordance with the rules given in GB/T 1.1-2009. GM/T 0051 “Cryptography device management - Specifications of symmetric key management technology” is one of the cryptography device management standards. This type of standard consists of a basic specification and a series of management application specifications and currently includes. - Basic specifications. GM/T 0050 Cryptography device management - Equipment management technical specifications; - Management application specification. GM/T 0051 Cryptography device management - Specifications of symmetric key management technology; - Management application specification. GM/T 0052 Cryptographic device management - VPN device monitoring management specification; - Management application specification. GM/T 0053 Cryptographic device management - Remote monitoring and compliance verification interface data specification. Any contents of this standard related to the contents of cryptographic algorithms are implemented in accordance with relevant national laws and regulations. This Standard was proposed by and shall be under the jurisdiction of Cryptography Industry Standardization Technical Committee. Main drafting organizations of this Standard. Xingtang Communication Technology Co., Ltd., Wuxi Jiangnan Information Security Engineering Technology Center, Chengdu Weishitong Information Industry Co., Ltd., Shandong De’an Computer Technology Co., Ltd., Shanghai Koal Software Co., Ltd., Beijing Haitai Fangyuan Technology Limited company. Main drafters of this Standard. Wang Nina, Li Yufeng, Xu Qiang, Li Yuanzheng, Kong Yufan, Tan Wuzheng, Liu Zengshou. Cryptography device management – Specifications of symmetric key management technology1 ScopeThis standard specifies key and system-related security technical requirements for symmetric key management applications, including symmetric key management security requirements, system architecture and functional requirements, key management security protocols and interface design requirements, management center construction, operation, and management requirements, etc. This standard applies to the development, construction, operation, and management of symmetric key management systems. This standard adopts the security tunnel technology in the “Cryptography device management - Equipment management technical specifications”, it shall use the interfaces in clause 6 and clause 9 of the “Cryptography device management - Equipment management technical specifications”.2 Normative referencesThe following documents are essential to the application of this document. For the dated documents, only the versions with the dates indicated are applicable to this document; for the undated documents, only the latest version (including all the amendments) are applicable to this standard. GB/T 32915 Information security technology - Binary sequence randomness detection method GM/T 0006 Cryptographic application identifier criterion specification GM/T 0015 Digital certificate format based on SM2 algorithm GM/T 0050-2016 Cryptography device management - Equipment management technical specifications3 Terms and definitionsThe following terms and definitions apply to this document. 5.2.2 Key storage and backup Key storage shall ensure confidentiality and integrity and prevent the leakage and replacement of unauthorized keys. Specific storage requirements for different types of keys are as follows. - Plaintext key The plaintext key that needs to be stored for a long time shall be stored in the physical security module of the security cryptographic device. When the physical security module fails, the stored plaintext key immediately expires. - Key component The key components shall be stored in different media during the life cycle and held by different administrators. - Ciphertext key It can be stored in a cryptographic device or it can be stored outside a cryptographic device. If stored outside the cryptographic device, it shall ensure that it is authorized for access. Key backups shall also ensure confidentiality and integrity, the specific requirements are consistent with key storage. 5.2.3 Key distribution and loading Key distribution and loading can be performed manually, loaded directly by a removable storage medium, loaded by a specific key delivery device, or by network distribution. Specific distribution requirements are as follows. - Plaintext key When a plaintext key is passed between two secure cryptographic devices, component delivery, password protection, or other methods shall be used to prevent the key from being compromised, tampered, or replaced. - Key component The key component distribution process shall not reveal any part of the key component to an unauthorized person. - Ciphertext key Ciphertext keys can be distributed and loaded over the network. Ciphertext key distribution shall prevent key tampering or key replacement. 5.2.4 Key usage - A key shall specify an attribute or control vector to prevent the key from being used without authorization; - The key can only be used for the specified application; - The key can only be used for a specified purpose or function; - When the known key is leaked, its use shall be stopped; - When it suspects that the key is compromised, it can stop using it actively. 5.2.5 Key update The key management system shall set key update policies for be-managed systems and the be-managed equipment. When the key exceeds the lifespan, has been exposed, or suspected of insecurity, it shall be able to be replaced in accordance with the corresponding update policy. If the compromised or suspected key is a key encryption key or a root key, all keys or subkeys encrypted by the key shall be replaced. The decryption and re-encryption of application data due to key exchange is not the responsibility of the key management center. Specific requirements are as follows. - A strict update in accordance with the key update policy; - New key cannot irreversibly derive the old key; - It cannot increase the risk of leakage of other keys. 5.2.6 Key archiving When the key expires or is no longer used, it can be archived in accordance with the key management policy. Keys can be archived in the following forms. - It is stored separately in the cryptographic device in the form of at least two separate key components; - Encrypt the archived key using the key encryption key; - Keys that have been archived can only be used to prove the legitimacy of The configuration of other policies includes operations such as key query mode and the import of a general key generator sealing format. When the policy condition is met, the corresponding key management operation will be triggered. 6.5.3 Key generation/storage This standard uses the general key generator and the customized key generator to generate a general format key and a customized format key, respectively. The general key generator generates a random key, and the main control management module seals the generated random key as an atom key in accordance with the requirements of the be-managed equipment key format configuration file. The customized key generator generates a dedicated atom key having a transformation requirement or a complicated format. A key based on a complex random number transformation can only be generated by a customized key generator. The key generation is triggered by the key generation policy. The genera... ......Source: Above contents are excerpted from the full-copy PDF -- translated/reviewed by: www.ChineseStandard.net / Wayne Zheng et al. Tips & Frequently Asked Questions:Question 1: How long will the true-PDF of English version of GM/T 0051-2016 be delivered?Answer: The full copy PDF of English version of GM/T 0051-2016 can be downloaded in 9 seconds, and it will also be emailed to you in 9 seconds (double mechanisms to ensure the delivery reliably), with PDF-invoice.Question 2: Can I share the purchased PDF of GM/T 0051-2016_English with my colleagues?Answer: Yes. The purchased PDF of GM/T 0051-2016_English will be deemed to be sold to your employer/organization who actually paid for it, including your colleagues and your employer's intranet.Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countriesQuestion 4: Do you accept my currency other than USD?Answer: Yes. www.ChineseStandard.us -- GM/T 0051-2016 -- Click this link and select your country/currency to pay, the exact amount in your currency will be printed on the invoice. Full PDF will also be downloaded/emailed in 9 seconds.How to buy and download a true PDF of English version of GM/T 0051-2016?A step-by-step guide to download PDF of GM/T 0051-2016_EnglishStep 1: Visit website https://www.ChineseStandard.net (Pay in USD), or https://www.ChineseStandard.us (Pay in any currencies such as Euro, KRW, JPY, AUD).Step 2: Search keyword "GM/T 0051-2016". Step 3: Click "Add to Cart". If multiple PDFs are required, repeat steps 2 and 3 to add up to 12 PDFs to cart. Step 4: Select payment option (Via payment agents Stripe or PayPal). Step 5: Customize Tax Invoice -- Fill up your email etc. Step 6: Click "Checkout". Step 7: Make payment by credit card, PayPal, Google Pay etc. After the payment is completed and in 9 seconds, you will receive 2 emails attached with the purchased PDFs and PDF-invoice, respectively. Step 8: Optional -- Go to download PDF. Step 9: Optional -- Click Open/Download PDF to download PDFs and invoice. See screenshots for above steps: Steps 1~3 Steps 4~6 Step 7 Step 8 Step 9 |
