|
US$739.00 ยท In stock
Delivery: <= 5 days. True-PDF full-copy in English will be manually translated and delivered via email.
GB/T 22186-2016: Information security techniques -- Security technical requirements for IC card chip with CPU
Status: Valid GB/T 22186: Evolution and historical versions
| Standard ID | Contents [version] | USD | STEP2 | [PDF] delivered in | Standard Title (Description) | Status | PDF |
| GB/T 22186-2016 | English | 739 |
Add to Cart
|
5 days [Need to translate]
|
Information security techniques -- Security technical requirements for IC card chip with CPU
| Valid |
GB/T 22186-2016
|
| GB/T 22186-2008 | English | RFQ |
ASK
|
7 days [Need to translate]
|
Information Security techniques -- Security technical requirements for IC card chip with CPU (EAL4+)
| Obsolete |
GB/T 22186-2008
|
PDF similar to GB/T 22186-2016
Basic data | Standard ID | GB/T 22186-2016 (GB/T22186-2016) | | Description (Translated English) | Information security techniques -- Security technical requirements for IC card chip with CPU | | Sector / Industry | National Standard (Recommended) | | Classification of Chinese Standard | L80 | | Classification of International Standard | 35.040 | | Word Count Estimation | 37,351 | | Date of Issue | 2008-07-16 | | Date of Implementation | 2017-03-01 | | Regulation (derived from) | National Standard Notice No. 14 of 2016 | | Issuing agency(ies) | General Administration of Quality Supervision, Inspection and Quarantine of the People's Republic of China, Standardization Administration of the People's Republic of China | GB/T 22186-2016: Information security techniques -- Security technical requirements for IC card chip with CPU
---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order.
Information security techniques - Security technical requirements for IC card chip with CPU
ICS 35.040
L80
National Standards of People's Republic of China
Replacing GB/T 22186-2008
Information Security Technology
IC card chip with central processor security
skills requirement
2016-08-29 released
2017-03-01 implementation
General Administration of Quality Supervision, Inspection and Quarantine of the People 's Republic of China
China National Standardization Management Committee released
Directory
Preface III
Introduction IV
1 Scope 1
2 normative reference document 1
3 terms and definitions, abbreviations 1
3.1 Terms and definitions 1
3.2 Abbreviations 2
4 IC card chip description 2
5 Definition of security issues 3
5.1 Assets 3
5.2 Threats 3
5.3 Organizational Security Strategy 4
5.4 hypothesis 5
6 safety purpose 5
6.1 IC card chip security purposes 5
6.2 Environmental Safety Purpose 6
7 Expand the component definition 6
Group 1 FMT_LIM Definition 6
7.2 family FPT_TST definition 7
8 Safety requirements 8
8.1 Safety function requirements 8
8.2 security requirements 12
9 Fundamentals 28
Basic principles of safety purposes 28
Basic Principles of Safety Requirements 29
9.3 Component Dependencies Fundamentals 31
Reference 33
Foreword
This standard is drafted in accordance with the rules given in GB/T 1.1-2009.
This standard replaces GB/T 22186-2008 "Information security technology Integrated circuit (IC) card chip with central processing unit
Technical requirements (assessment assurance level 4 enhanced level) ". This standard compared with GB/T 22186-2008, the main changes are as follows.
--- standard name changed to "information security technology with the central processing unit IC card chip security technical requirements";
- Chapter 3 updates the term;
- Chapter 4 reinterprets the structure of the IC card chip and makes a clearer definition of the TOE scope;
- Chapter 5 defines and simplifies the definition of security issues, defining six threats, two organizational security policies, and two
Hypothesis
- Chapter 6 updates the description of TOE security objectives in accordance with the new security issue definition;
- Chapter 7 describes two extended families FMT_LIM and FPT_TST, which are used to handle the limited availability of TOE and
Self-test related to the safety function requirements, in order to more reasonable description of IC card chip security;
- Chapter 8 adjusts the safety function requirements to refine the new safety purpose description, clearly indicating EAL4, EAL5 and
EAL6 should meet the safety function requirements; and security requirements have been adjusted to increase the EAL5 and
EAL6 required safeguards components;
- Chapter 9 Correspondence between new security issues and security objectives, safety objectives and safety requirements Basics
Updated the description, and analyzed the dependencies between components.
This standard is proposed by the National Information Security Standardization Technical Committee (SAC/TC260).
The drafting of this standard. China Information Security Evaluation Center, Beijing Duo Si Technology Industrial Park Co., Ltd., Tsinghua University, Jilin Information
Safety Assessment Center.
The main drafters of this standard. Yang Yongsheng, Zhang Chongbin, Shi Hongsong, Gao Jinping, Wang Yuhang, Li Hexin, Jia Wei, Cao Chunchun, Shen Minfeng,
Zhang Xiangmin, Tang Xiqing, Wen Ming, Chang Yanwei, Fang Xin.
This standard replaced the previous version of the standard release.
--- GB/T 22186-2008.
Introduction
IC card chip applications and the expansion of the application of the complexity of the environment, requiring IC card chip has a stronger ability to protect data.
The EAL4 of this standard is based on EAL4 to enhance AVA_VAN.3 to AVA_VAN.4; EAL5 is
EAL5 based on the ALC_DVS.1 enhanced to ALC_DVS.2, AVA_VAN.4 enhanced to AVA_VAN.5; EAL6 is
Add ALC_FLR.1 based on EAL6.
Information Security Technology
IC card chip with central processor security
skills requirement
1 Scope
This standard specifies the IC card chip with the central processor to meet the EAL4, EAL5, EAL6 required security work
Requirements and security requirements, covering security issues, security objectives, extended component definitions, security requirements, basic principles and so on.
This standard applies to IC card chip product testing, evaluation and procurement, can also be used to guide the development and development of such products.
2 normative reference documents
The following documents are indispensable for the application of this document. For dated references, only the dated edition applies to this article
Pieces. For undated references, the latest edition (including all modifications) applies to this document.
GB/T 18336 (all parts) Information technology Security technology Information technology safety assessment criteria
Information security technical terminology GB/T 25069-2010
3 terms and definitions, abbreviations
3.1 Terms and definitions
GB/T 25069-2010 and GB/T 18336.1 and the following terms and definitions apply to this document.
3.1.1
IC application software ICdedicatedsoftware
Developed by IC card chip designers, and exists in the IC card integrated circuit in the special software. These proprietary software is usually in the production process
For testing, can also be used to provide additional services for hardware use, in which part of the dedicated test software features only limited to specific
Stage use.
3.1.2
Initialize the data initializationdata
Defined by the IC card chip maker, used to identify the chip in order to track the production process and the life cycle of the data, such as IC card chip
Unique identification number.
3.1.3
Pre-personalization data
The data written by the manufacturer in the nonvolatile memory during the IC chip chip manufacturing phase so that the subsequent life cycle phase traces the IC card
Chip manufacturing process.
3.1.4
IC card embedded software ICcardembeddedsoftware
Is stored in a nonvolatile memory (e.g., ROM, EEPROM or Flash, etc.) of an IC card having a central processing unit,
Chip running software. The software is used to manage the chip hardware resources and data, through the chip communication interface and IC card terminal equipment exchange
Information, in response to user-initiated data encryption, data signing and authentication applications such as authentication requests to achieve the support of the application function.
Tips & Frequently Asked Questions:Question 1: How long will the true-PDF of GB/T 22186-2016_English be delivered?Answer: Upon your order, we will start to translate GB/T 22186-2016_English as soon as possible, and keep you informed of the progress. The lead time is typically 3 ~ 5 working days. The lengthier the document the longer the lead time. Question 2: Can I share the purchased PDF of GB/T 22186-2016_English with my colleagues?Answer: Yes. The purchased PDF of GB/T 22186-2016_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet. Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countriesQuestion 4: Do you accept my currency other than USD?Answer: Yes. If you need your currency to be printed on the invoice, please write an email to [email protected]. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay. Question 5: Should I purchase the latest version GB/T 22186-2016?Answer: Yes. Unless special scenarios such as technical constraints or academic study, you should always prioritize to purchase the latest version GB/T 22186-2016 even if the enforcement date is in future. Complying with the latest version means that, by default, it also complies with all the earlier versions, technically.
|