HOME   Cart(0)   Quotation   About-Us Policy PDFs Standard-List
www.ChineseStandard.net Database: 189760 (18 Oct 2025)

GB/T 23695-2009 English PDF

Standard IDContents [version]USDSTEP2[PDF] delivered inStandard Title (Description)StatusPDF
GB/T 23695-2009EnglishRFQ ASK 6 days [Need to translate] Banking -- Secure file transfer (retail) Obsolete GB/T 23695-2009

PDF similar to GB/T 23695-2009


Standard similar to GB/T 23695-2009

JR/T 0197   JR/T 0154   JR/T 0153   GB/T 45249.1   GB/T 23696   GB/T 23697   

Basic data

Standard ID GB/T 23695-2009 (GB/T23695-2009)
Description (Translated English) Banking -- Secure file transfer (retail)
Sector / Industry National Standard (Recommended)
Classification of Chinese Standard A11
Classification of International Standard 35.240.15
Word Count Estimation 32,346
Date of Issue 2009-05-06
Date of Implementation 2009-10-01
Adopted Standard ISO 15668-1999, MOD
Regulation (derived from) Announcement of Newly Approved National Standards No. 6, 2009 (No. 146 overall)
Issuing agency(ies) General Administration of Quality Supervision, Inspection and Quarantine of the People's Republic of China, Standardization Administration of the People's Republic of China
Summary This standard specifies: wholesale banking file transfer is relatively high in safety between hosts a large number of information exchange (large file transfers), contrast, retail banking transfer files to less, download device operating environment characterized by low level of trustworthiness. Such devices can be (but not limited to) electronic point of sale terminals (EPOS), vending machines (AVM), automatic teller machines (ATM) or to communicate with the payment gateway merchant server.

GB/T 23695-2009: Banking -- Secure file transfer (retail)

---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order.
Banking. Secure file transfer (retail) ICS 35.240.15 A11 National Standards of People's Republic of China Banking - Secure file transfer (retail) (ISO 15668.1999, MOD) Posted 2009-05-06 2009-10-01 implementation Administration of Quality Supervision, Inspection and Quarantine of People's Republic of China Standardization Administration of China released

Table of Contents

Introduction Ⅲ Introduction Ⅳ 1 Scope 1 2 Normative references 2 3 Terms and definitions 3 Principle 4 4 5 Application 5 6 differential mechanism 10 Examples Appendix A (informative) mechanism 11 Examples Appendix B (informative) implemented 17 Examples Appendix C (informative) to ensure the integrity of the file transfer acknowledgment 20 Graphics Appendix D (informative) security services Summary Reference 24

Foreword

This revised standard adopts ISO 15668.1999 "Banking Secure file transfer (retail)" (in English). This standard is based on ISO 15668.1999 redrafted, and ISO 15668.1999 technical differences and the reasons are. --- Delete "2 Normative references" in reference to this file. ISO 8731-1. 1987 "approved by the Banking packets Kam Do algorithms - Part 1. DEA ", because the standard algorithm does not comply with the relevant provisions of password management, and the ISO 2005 standard was abolished Nian. --- Delete "2 Normative references" in reference to this file. ISO 11568 (all parts) "Banking Key Management (Retail), "because the standard algorithm does not comply with the relevant provisions of password management. --- Delete "Figure 1 terminal software representation (schematic)," the numeral 8, reference numeral as described in Figure 8 are not shown in Note 1, and According to the original found numeral 8 refers to the boot program (reference 7) runtime environment or other support programs, and the standard is mentioned in the guide Program (ie, layer a) security is not within the scope of this standard, its operating environment and support for the program is marked gray. Without affecting the understanding of the case, delete the figure is not an explanation of the numeral 8. --- 5.1.2.3 of "key management technology should meet the requirements of ISO 11568", read. "Our key management techniques should be followed password Relevant provisions of the administration. " --- "6 differential mechanism" and "A.1 authentication mechanism", the "approved algorithm reference ISO 11568" read. "approved algorithm We should follow the regulations of the country. " --- Deleting A. 3, last sentence. "ISO 9807 gives a list of algorithm has been used to calculate the MAC approved, which ISO 8731-1 algorithm described in cipher block chain mode of operation using the DEA, it is like when = 64, m1 = 32, ISO /IEC 9797 is a special case. "Because the ISO 8731 in our algorithm does not comply with the relevant password administration Provisions. --- Deleting A. 2 last sentence. "--- ISO /IEC 10118-2, Appendix A, shows a use state = 64, 56 = length of hash DES method. " --- Deleting A. 2.3 For example, as cited in the DSA, RSA, does not comply with the provisions of password management. --- Deleting data Appendix B, as cited in the DEA, do not comply with the provisions of password management. --- C. 4.3.3 "MAC key should follow ISO 11568", to "MAC key should follow our password management related Provisions. " For ease of use, this standard made the following editorial changes. --- Use the "standard" instead of "this International Standard"; --- Delete international standards preface; --- Modify Figs. 1 and 2 in the printing error. The Standard Appendix A, Appendix B, Appendix C and Appendix D is an informative annex. The standard proposed by the People's Bank of China. This standard by the National Standardization Technical Committee on Finance. This standard is drafted by. China Financial Computerization Corporation, Pan Pacific collar when the Science and Technology (Beijing) Co., Ltd. Participated in the drafting of this standard. People's Bank of China, Industrial and Commercial Bank of China, Agricultural Bank of China, China Construction Bank, Bank of Communications, China UnionPay Co., Ltd., North China Institute of Computing Technology, Beijing Technology and Business University. The main drafters of this standard. baby Ping, Li Shuguang, Lu Yi, Yang Yingli, Bao Yuequn, Wan Liang Jun, forest, Zhang Qirui, Zhong Zhihui, King Yun, Liu Yun, Qian Xiang-long, Zhao Jinbo, Cao, and Li Jinsong, Xian, Zhouyi Peng, Wang Wei.

Introduction

This standard describes in the retail banking business environment How to protect file transfers. A typical example of such use is in the card file transfer access Between the receiving device and the acquirer, or between acquirers and issuers file transfer. Banking - Secure file transfer (retail)

1 Scope

Wholesale Banking file transfer between security is relatively high host a lot of exchange of information (large file transfers); and Compared to this, the retail banking business with less file transfer, the trustworthiness download equipment operating environment characterized by lower. Such apparatus may be (But not limited to) electronic point-of-sale (EPOS), vending machines (AVM), automated teller machines (ATM) or communication with payment gateway Merchant Server. Suppose a pre-established relationship between the entities involved in the security file transfer already exists, particularly in relation to liability and file transfer Legal and commercial aspects. This standard applies to retail banking in different types of file transfer, but does not include ISO 8583 involved in the transaction messages. File transfer must require timeliness, and at least one of the requirements meet the following security services. --- Message source identification; --- Identification of the recipient; --- Integrity; --- Confidentiality; --- Repudiation of information sources; --- Received repudiation; --- Auditability. Assuming the correctness and legality before initiating transmission side transfer all the data has been confirmed. Different types of file transfer may include. ---software; --- Has been executed and registered retail transactions (upload); --- Technical data (access parameter) (download) and acquirer-related; --- Application data associated with the Acquirer (BIN list, blacklist) (download). Class file transfer features. Data of type a) can be transmitted. --- Non-confidential data (collection of retail transactions, the technology data and application data); --- Confidential data. b) the number of entities can receive the data. ---One; --- More than one (or even broadcast to thousands of recipients). c) communications path may include one or all of the following. --- Telecom. public network, private network. d) transmission mode such that. --- Direct connection, real-time transmission (circuit switched); --- Store and forward transmission (packet switching). Note. This standard takes into account the transmission process of security service requirements. Ensure that the requirements when the file transfer is not changed is not the scope of this standard within.