Powered by Google-Search & Google-Books Chinese Standards Shop Database: 169759 (Nov 17, 2019)
 HOME   Quotation   Tax   Examples Standard-List   Contact-Us   View-Cart
  

GM/T 0023-2014

Chinese Standard: 'GM/T 0023-2014'
Standard IDContents [version]USDSTEP2[PDF] delivered inStandard Title (Description)StatusRelated Standard
GM/T 0023-2014English240 Add to Cart 0--15 minutes. Auto immediate delivery. IPSec VPN gateway product specification Valid GM/T 0023-2014
GM/T 0023-2014Chinese20 Add to Cart <=1-day [PDF from Chinese Authority, or Standard Committee, or Publishing House]

 GM/T 0023-2014 -- Click to view the ACTUAL PDF of this standard (Auto-delivered in 0~10 minutes) In 0~10 minutes time, full copy of this English-PDF will be auto-immediately delivered to your email. See samples for translation quality.  
Detail Information of GM/T 0023-2014; GM/T0023-2014
Description (Translated English): National Cryptologic
Sector / Industry: Chinese Industry Standard (Recommended)
Classification of Chinese Standard: L80
Classification of International Standard: 35.040
Word Count Estimation: 18,184
Date of Issue: 2/13/2014
Date of Implementation: 2/13/2014
Quoted Standard: GB/T 2423-2008; GB/T 9813-2000; GB/T 15153.1-1998; GB/T 17964-2008; GM/T 0005; GM/T 0014; GM/T 0015; GM/T 0022
Drafting Organization: Chengdu Westone Information Industry Co., Ltd.
Administrative Organization: Password Industry Standardization Technical Committee
Regulation (derived from): The industry standard for the record Notice 2014 No. 4 (No. 172 overall)
Summary: This standard specifies the IPSec VPN gateway product functional requirements, hardware requirements, software requirements, cryptographic algorithms and key requirements, safety requirements and testing requirements and other relevant content. This stand

GM/T 0023-2014
GM
CRYPTOGRAPHIC INDUSTRY STANDARD
OF THE PEOPLE’S REPUBLIC OF CHINA
ICS 35.040
L 80
Record No.. 44624-2014
IPSec VPN Gateway Product Specification
IPSec VPN 网关产品规范
ISSUED ON. FEBRUARY 13, 2014
IMPLEMENTED ON. FEBRUARY 13, 2014
Issued by. State Cryptography Administration
Table of Contents
Foreword ... 3
1 Scope ... 4
2 Normative References ... 4
3 Terms, Definitions and Abbreviations ... 4
4 Cryptographic Algorithms and Key Types ... 7
4.1 Algorithm requirements ... 7
4.2 Key types ... 8
5 IPSec VPN Gateway Product Requirements ... 8
5.1 Product function requirements ... 8
5.2 Product performance parameters ... 10
5.3 Security requirements ... 11
5.4 Management function requirements ... 12
5.5 Hardware requirements ... 16
5.6 Parameter configurable capability requirements ... 19
5.7 Process protection ... 19
6 IPSec VPN Gateway Product Inspection ... 19
6.1 Product function inspection... 19
6.2 Product performance inspection ... 21
6.3 Security inspection ... 22
6.4 Management function inspection ... 22
6.5 Hardware inspection ... 23
6.6 Parameter configurable capability inspection ... 23
6.7 Process protection inspection ... 24
7 Qualification Judgment ... 24
Foreword
This Standard was drafted as per the rules specified in GB/T 1.1-2009.
Please note that some contents of this documents may involve patents. The issuing
agency of this document doesn’t assume the responsibility for identifying these patents.
This Standard was proposed by and under the jurisdiction of National
Technical Committee for Standardization of Cipher Industry.
Drafting organizations of this Standard. Chengdu Westone Information Industry Inc.,
Ltd., Shanghai Koal Software Co., Ltd., Wuxi South-China Information Security
Engineering Technology Center, Xingtang Communication Technology Co., Ltd., and
Shandong De’an Computer Technology Co., Ltd.
Chief drafting staffs of this Standard. Luo Jun, Li Yuanzheng, Tan Wuzheng, Xu Qiang,
Wang Nina, and Kong Fanyu.
IPSec VPN Gateway Product Specification
1 Scope
This Standard specifies the function requirements, hardware requirements, software
requirements, cryptographic algorithm, key requirements, security requirements,
inspection requirements, and the like contents of IPSec VPN gateway product.
This Standard is applicable to the research, inspection, use and management of IPSec
VPN gateway product.
2 Normative References
The following documents are essential to the application of this document. For the
dated documents, only the versions with the dates indicated are applicable to this
document; for the undated documents, only the latest version (including all the
amendments) are applicable to this document.
GB/T 2423-2008 Environmental Testing for Electric and Electronic Products (All
Part)
GB/T 9813-2000 Specification for Microcomputer
GB/T 15153.1-1998 Telecontrol Equipment and Systems - Part 2. Operating
Conditions - Section 1. Power Supply and Electromagnetic Compatibility
GB/T 17964-2008 Information Technology - Security Techniques - Modes of
Operation for a Block Cipher
GM/T 0005 Randomness Test Specification
GM/T 0014 Protocol Specification for Authentication System Password of Digital
Certificate
GM/T 0015 Digital Certificate Format based on SM2 Algorithm
GM/T 0022 IPSec VPN Specification
3 Terms, Definitions and Abbreviations
3.1 Terms and definitions
3.1.1 Cryptographic algorithm
Describing the calculation rules during the cipher processing period.
3.1.2 Cryptographic hash algorithm
It is also called hash algorithm, or cipher hash algorithm. Such algorithm maps an
arbitrary-length bit string to a fixed-length bit string, and satisfy the following three
characteristics.
a) It is computationally difficult to find an input that can be mapped to the definite
output;
b) It is computationally difficult to find another input that can be mapped to the
same output with a given input;
c) It is computationally difficult to find different inputs that can be mapped to the
same output.
3.1.3 Asymmetric cryptographic algorithm/public key cryptographic algorithm
Cryptographic algorithm that the encryption and decryption using different keys.
Thereof, one key (public key) can be public, while the other key (private key) must be
kept secret; and the computer is infeasible to solve the private key with the public key.
3.1.4 Symmetric cryptographic algorithm
Cryptographic algorithm that the encryption and decryption using the same keys.
3.1.5 Block cipher algorithm
A symmetric cryptographic algorithm that divide the input data into fixed-length packet
for encryption and decryption.
3.1.6 SM1 algorithm
A block cipher algorithm with packet length of 128 bits, and key length of 128 bits.
3.17 SM2 algorithm
An elliptic curve public key cryptographic algorithm, its key length is 256 bits.
3.1.8 SM3 algorithm
A cryptographic hash algorithm, its output is 256 bits.
3.1.9 SM4 algorithm
A block cipher algorithm with packet length of 128 bits, and key length of 128 bits.
A protocol that is part of IPSec, which is used for providing the data confidentiality of
IP data packet, data integrity, data source authentication, and anti-replay attack
functions.
3.1.18 Virtual private network, VPN
The technology using cryptography to build secure channel in the communication
networks.
3.2 Abbreviations
The following abbreviations are applicable to this document.
AH. Authentication Header
CBC. Cipher Block Chaining
ESP. Encapsulating Security Payload
HMAC. Keyed-HASH Message Authentication Code
IPSec. Internet Protocol Security
IV. Initialization Vector
NAT. Network Address Translation
SA. Security Association
VPN. Virtual Private Network
4 Cryptographic Algorithms and Key Types
4.1 Algorithm requirements
IPSec VPN uses asymmetric cryptographic algorithm, symmetric cryptographic
algorithm, cryptographic hash algorithm, and random number generator algorithm
approved by State Cryptography Administration Authority. The algorithm use
requirements are as follows.
--- Asymmetric cryptographic algorithm is used for authentication, digital signature
and digital envelop, etc.
--- Symmetric cryptographic algorithm uses block cipher algorithm, which is used
for encryption protection for key exchange data, and encryption protection for
message data. The algorithm operating mode uses CBC mode, and shall meet
the requirements of GB/T 17964-2008.
The security message encapsulation protocol can be divided into AH protocol and ESP
protocol.
The AH protocol shall be nested with the ESP protocol, in which case the
authentication operation in the ESP protocol is not enabled.
The ESP protocol can be used alone, in which case the authentication operation in the
ESP protocol shall be enabled.
The security message encapsulation protocol shall meet the requirements of 5.2 in
GM/T 0022.
5.1.5 NAT traversal
IPSec VPN gateway product shall support ESP traversal when ESP is used alone.
NAT traversal protocol shall meet the requirements of 5.1.3 in GM/T 0022.
5.1.6 Authentication mode
IPSec VPN gateway product shall have the entity authentication function, the
authentication mode shall adopt digital certificate. The digital certifi......
Related standard:   GM/T 0022-2014  GM/T 0024-2014
   
 
Privacy   ···   Product Quality   ···   About Us   ···   Refund Policy   ···   Fair Trading   ···   Quick Response
Field Test Asia Limited | Taxed in Singapore: 201302277C | Copyright 2012-2019