|
US$1959.00 · In stock
Delivery: <= 13 days. True-PDF full-copy in English will be manually translated and delivered via email.
GB/T 31502-2015: Information security technology -- Security protect framework of electronic payment system
Status: Valid
| Standard ID | Contents [version] | USD | STEP2 | [PDF] delivered in | Standard Title (Description) | Status | PDF |
| GB/T 31502-2015 | English | 1959 |
Add to Cart
|
13 days [Need to translate]
|
Information security technology -- Security protect framework of electronic payment system
| Valid |
GB/T 31502-2015
|
PDF similar to GB/T 31502-2015
Basic data | Standard ID | GB/T 31502-2015 (GB/T31502-2015) | | Description (Translated English) | Information security technology -- Security protect framework of electronic payment system | | Sector / Industry | National Standard (Recommended) | | Classification of Chinese Standard | L80 | | Classification of International Standard | 35.040 | | Word Count Estimation | 93,920 | | Date of Issue | 2015-05-15 | | Date of Implementation | 2016-01-01 | | Quoted Standard | GB/T 18336.1; GB/T 18336.2; GB/T 18336.3 | | Regulation (derived from) | National Standard Announcement 2015 No. 15 | | Issuing agency(ies) | General Administration of Quality Supervision, Inspection and Quarantine of the People's Republic of China, Standardization Administration of the People's Republic of China | | Summary | The standard provides a common framework, including the security problem definition, security objectives, security functional requirements and security needs. This standard applies to safe construction, operation of public electronic payment system. | GB/T 31502-2015: Information security technology -- Security protect framework of electronic payment system
---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order.
Information security technology - Security protect framework of electronic payment system
ICS 35.040
L80
National Standards of People's Republic of China
Information Security Technology
Electronic Payment System Security Framework
Issued on. 2015-05-15
2016-01-01 implementation
Administration of Quality Supervision, Inspection and Quarantine of People's Republic of China
Standardization Administration of China released
Table of Contents
Introduction Ⅲ
Introduction Ⅳ
1 Scope 1
2 Normative references 1
3 Terms and definitions
4 Symbols and Abbreviations 2
4.1 notation 2
4.2 Acronyms 3
Description 3 5 Electronic Payment System
5.1 Electronic Payment System Model 3
5.2 electronic payment system working mode 7
Protected assets 8 5.3
6 Security Problem Definition 10
6.1 Overview 10
6.2 Threat 10
6.3 The Organization for Security Policy (SOP) 14
6.4 Suppose (SAS) 17
6.5 Security Problem Definition 17 reasons
7 security purposes 17
7.1 Overview 17
7.2 For the evaluation objects [TOE] security purposes (OET) 18
7.3 For the evaluation objects [TOE] safety purpose operating environment (OTE) 18
8 19 Security functional requirements
8.1 Overview 19
8.2 Security Audit (FAU class) 19
8.3 Communication (FCO class) 32
8.4 Cryptographic Support (FCS class) 35
8.5 User Data Protection (FDP class) 35
8.6 Identification and authentication (FIA class) 40
8.7 Security Management (FMT class) 40
8.8 TSF protection (FPT class) 42
9 Security assurance requirements 43
10 national standards Part 43 compliance analysis
11 Organization for Security Policy Example 43
Behavior model in Appendix A (informative) electronic payment systems 44
Appendix B (normative) definition of security reasons 69
Annex C (normative) reasons for security purposes 74
Annex D (normative) Security assurance requirements 78
Appendix E (normative) to the relevant national standards compliance analysis section 80
Annex F (informative) Organization for Security Policy Example. Warning Rule 82 suspicious transactions
References 87
Foreword
This standard was drafted in accordance with GB/T 1.1-2009 given rules.
Please note that some of the content of this document may involve patents. Release mechanism of the present document does not assume responsibility for the identification of these patents.
This standard by the National Safety Standardization Technical Committee (SAC/TC260) and focal points.
This standard was drafted. Beijing Dauth Technology Industrial Park Co., Ltd., Agricultural Bank of China, China Financial Computerization Corporation, National letter
Information Security Engineering Research Center, the Eastern bloc Network Information Security Technology Co., Ltd., Beijing Great Qin Xingyu Electronics Co., Ltd., Beijing days
Wang Yi Network Technology Co., Ltd., Beijing Branch of the Blue Software Systems Ltd., Great Wall Riverstone (Beijing) Technology Co., Ltd., Bank of Chongqing, Nanchong City
commercial Bank.
The main drafters of this standard. Liu Dali, Li Kuan, Chen Minfeng, Hanlin Lin, WU Yi Zhang, Wu Zheng, Liu Yun, Hui Wenzhong, Shen Xin Li, Hong Wei, Zhang Lei,
In respect of new, Cuixin Jie, Rayong, Xiapeng Xuan, such as Yan Feng, Chen Huiwu, Wang Yuan, left wavelet, Qiu Yan, Zhang Chunyang, Huang Guangwei, Xingcheng Li, Yan-fang high,
Wang state capital.
Introduction
The criteria for IT security evaluation based on internationally accepted standards, combining the characteristics of the present stage of electronic payment systems, according to
China's relevant laws, regulations and decrees requirements to the principle of self-control, to provide a public information security Public class electronic payment systems
Common framework; is an important step to further improve the relevant national standards and industry standards; to build and run public electronic payment systems, provided
support.
Information Security Technology
Electronic Payment System Security Framework
1 Scope
On the basis of this standard given in electronic payment systems model for the information security of public electronic payment system provides a common frame
Planes, including the security problem definition, security objectives, security functional requirements and security needs.
This standard applies to safe construction, operation of public electronic payment system.
2 Normative references
The following documents for the application of this document is essential. For dated references, only the dated version suitable for use herein
Member. For undated references, the latest edition (including any amendments) applies to this document.
GB/T 18336.1 Information technology - Security techniques - Evaluation criteria for IT security - Part 1. Introduction and general model
GB/T 18336.2 Information technology - Security techniques - Evaluation criteria for IT security Part 2. Security functional components
GB/T 18336.3 Information technology - Security techniques - Evaluation criteria for IT security - Part 3. Security Component
3 Terms and Definitions
GB/T 18336.1 defined and the following terms and definitions apply to this document.
3.1
Electronic Payment electronicpayment
The digitization, with the support of electronic terminals, information transmission channel and related systems, the behavioral payments.
3.2
Payment channel transactionchannel
Electronic payment transaction process, realize information transfer between electronic payment credentials and payment terminals and payment terminals and pre-payment security
Ways to lose.
3.3
Public network channel publicnetworkchannel
Support for electronic payment transactions public network infrastructure. In the field of electronic payment is usually referred to as the network.
3.4
Contact channel contactchannel
Support for electronic payment transactions entities direct connection.
3.5
Electronic payment credentials electronicpaymentcredential
In the electronic payment process to finalize payment of the relevant account credentials.
Electronic payment credentials there may be a carrier, it may be unsupported, the same electronic payment credentials may be described in different vectors.
3.6
Electronic payment credentials carrier electronicpaymentcredentialscarrier
According to electronic payment media credentials. Different electronic payment credentials carrier, its security is different.
Tips & Frequently Asked Questions:Question 1: How long will the true-PDF of GB/T 31502-2015_English be delivered?Answer: Upon your order, we will start to translate GB/T 31502-2015_English as soon as possible, and keep you informed of the progress. The lead time is typically 9 ~ 13 working days. The lengthier the document the longer the lead time. Question 2: Can I share the purchased PDF of GB/T 31502-2015_English with my colleagues?Answer: Yes. The purchased PDF of GB/T 31502-2015_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet. Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countriesQuestion 4: Do you accept my currency other than USD?Answer: Yes. If you need your currency to be printed on the invoice, please write an email to [email protected]. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay.
|