Powered by Google-Search & Google-Books www.ChineseStandard.net Database: 169760 (May 8, 2021)
HOME   Quotation   Tax   Examples Standard-List   Contact-Us   Cart

GM/T 0025-2014 (GMT 0025-2014)

Chinese Standard: 'GM/T 0025-2014'
Standard IDContents [version]USDSTEP2[PDF] delivered inStandard Title (Description)Related StandardStatusGoogle Book
GM/T 0025-2014English150 Add to Cart 0--10 minutes. Auto-delivered. SSL VPN gateway product specification GM/T 0025-2014 Valid GM/T 0025-2014
GM/T 0025-2014Chinese20 Add to Cart <=1-day [PDF from Chinese Authority, or Standard Committee, or Publishing House]

  In 0~10 minutes time, full copy of this English-PDF will be auto-delivered to your email. See samples for translation quality.  

Standard ID GM/T 0025-2014 (GM/T0025-2014)
Description (Translated English) SSL VPN gateway product specification
Sector / Industry Chinese Industry Standard (Recommended)
Classification of Chinese Standard L80
Classification of International Standard 35.040
Word Count Estimation 16,122
Date of Issue 2014/2/13
Date of Implementation 2014/2/13
Quoted Standard GB/T 9813-2000; GB/T 15153.1-1998; GB/T 17964; GM/T 0005; GM/T 0014; GM/T 0015; GM/T 0024
Drafting Organization Shanghai Koal Software Co.
Administrative Organization Password Industry Standardization Technical Committee
Regulation (derived from) The industry standard for the record Notice 2014 No. 4 (No. 172 overall)
Summary This standard specifies the SSL VPN gateway product functional requirements, hardware requirements, software requirements, safety requirements and testing requirements and other relevant content. This standard applies to the development, testing, use and

GM/T 0025-2014
ICS 35.040
L 80
Reference No.. 44626-2014
SSL VPN gateway product specification
SSL VPN网关产品规范
Issued by. State Cryptography Administration
Table of Contents
Foreword ... 3 
Introduction ... 4 
1 Scope ... 5 
2 Normative references ... 5 
3 Terms, definitions and abbreviations ... 5 
4 Cryptographic algorithm and key type ... 7 
5 SSL VPN gateway products requirements ... 9 
6 SSL VPN gateway product inspection ... 17 
7 Qualification determination... 21 
This Standard was drafted in accordance with the rules given in GB/T
Attention is drawn to the possibility that some of the elements of this Standard
may be the subject of patent rights. The issuing authority shall not be held
responsible for identifying any or all such patent rights.
This Standard was proposed by and shall be under the jurisdiction of
Cryptography Industry Standardization Technical Committee.
Main drafting organizations of this Standard. Shanghai Geer Software Co.,
Ltd., Wuxi Jiangnan Information Security Engineering Technology Center,
Shandong Dean Computer Technology Co., Ltd., Chengdu Guardian
Information Industry Co., Ltd., Shanghai Digital Certificate Certification Center
Co., Ltd., Xingtang Communication Technology Co., Ltd., Beijing Digital
Certified Co., Ltd.
Main drafters of this Standard. Tan Wuzheng, Kong Fanyu, Li Yuanzheng, Liu
Cheng, Li Shusheng, Wang Nina, Han Lin.
SSL VPN gateway product specification
1 Scope
This Standard specifies the functional requirements, hardware requirements,
software requirements, safety requirements and inspection requirements of
SSL VPN gateway products.
This Standard is applicable to guide the development, inspection, use and
management of SSL VPN gateway products.
2 Normative references
The following referenced documents are indispensable for the application of
this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including
any amendments) applies.
GB/T 9813-2000, Generic specification for microcomputers
GB/T 15153.1-1998, Telecontrol equipment and systems -- Part 2.
Operating conditions Section 1 Power supply and electromagnetic
GB/T 17964, Information technology - Security Techniques - Modes of
operation for a block cipher
GM/T 0005, Randomness testing specification
GM/T 0014, Digital Certificate Authentication System Password Protocol
GM/T 0015, Digital certificate format specification based on SM2 kiln code
GM/T 0024, SSL VPN technical specification
3 Terms, definitions and abbreviations
3.1 Terms and definitions
The following terms and definitions apply to this document.
3.1.1 cryptographic algorithm
calculation rules of cryptography processing
3.1.2 cryptographic hash algorithm
It is also known as hash algorithm, cryptographic hash algorithm or hash
algorithm; this algorithm maps an arbitrary long bit string to a fixed long bit
string and satisfies the following three characteristics.
(1) it is computationally difficult to find an input that can be mapped to the
output for a given output;
(2) finding another input that can be mapped to the same output for a given
input is computationally difficult;
(3) it is computationally difficult to find that different inputs mapped to the
same output.
3.1.3 asymmetric cryptographic algorithm / public key cryptographic
cryptographic algorithm for different keys used by encryption and decryption;
one of the keys (public key) can be public, another key (private key) must be
kept secret, and the calculation for the private key by the public key is not
3.1.4 symmetric cryptographic algorithm
cryptographic algorithm of same keys used by encryption and decryption.
3.1.5 block cipher algorithm
a class of symmetric cipher algorithm for dividing the input data into
fixed-length packets for encryption and decryption
3.1.6 cipher block chaining operation mode; CBC
a working mode of block cipher algorithm of which the characteristics is that
the current cipher text grouping is obtained by the current plaintext grouping
is grouped with the previous cipher text via XOR operation and encryption
3.1.7 initialization vector / initialization value; IV
initial data used for data transformation and introduced to increase security or
synchronize cryptographic devices during cryptography conversion
3.1.8 digital certificate
It is also known as public key certificate; a data structure containing public
key owner information, public key, issuer information, expiration date, and
extended information signed by certificate authority; it can be divided into
personal certificate, institutional certificate and equipment certificate
according to category OR signature certificate and encryption certificate
according to use
3.1.9 secure sockets layer protocol; SSL
a transport layer security protocol used to build a safe passage between
client and server
3.1.10 virtual private network; VPN
a technology of using cryptographic technique to build a safe passage in the
communication network
3.1.11 SM2 algorithm
an elliptic curve public key cryptography algorithm with a key length of 256
3.2 Abbreviations
The following abbreviations apply to this document.
CBC. Cipher Block Chaining
IV. Initialization Vector
SSL. Secure Sockets Layer
VPN. Virtual Private Network
4 Cryptographic algorithm and key type
4.1 Algorithm requirements
SSL VPN uses asymmetric cryptographic algorithm, symmetric cryptographic
algorithm, cryptographic hash algorithm, random number generation
algorithm approved by state code management department. Algorithm and
use are as follows.
• asymmetric cryptographic algorithm is used for authentication, digital
signatures and digital envelopes, etc.;
• symmetric cryptographic algorithm uses block cipher algorithm used for
encryption protection of key exchange data and encryption protection of
5 SSL VPN gateway products requirements
5.1 Product functional requirements
5.1.1 Random number generation
SSL VPN gateway products shall have random number generation. The
random number should be generated by multiple hardware noise sources.
5.1.2 Work mode
SSL VPN gateway products work mode is divided into client-server mode and
gateway-gateway mode. The client-server mode is a prerequisite mode while
the gateway-gateway mode is optional.
5.1.3 Key exchange
SSL VPN gateway products shall have key exchange function to generate a
work key by negotiation.
Key exchange shall be carried out according to the requirements of GM/T
5.1.4 Secure packet transmission
SSL VPN gateway products shall have secure packet transmission function to
endure secure transmission of data.
Secure packet transmission shall be in accordance with requirements of
GM/T 0024.
5.1.5 Identification
SSL VPN gateway products shall have the function of entity authentication.
The identification method uses digital certificate. Digital certificate format shall
meet requirements of GM/T 0015. The identification of the server is a
prerequisite function, and the identification of the client is optional. It shall
support digital certificate (RSA or SM2) or supervision mechanism based on
identification algorithm. Any identification method shall ensure the
completeness and effectiveness of identification.
5.1.6 Access control
SSL VPN gateway products shall have fine-grain access control function,
based on effective control of user or user group on resources. At least the
network access should be controlled to IP addresses, ports and protocols.
The access to the web resource should be controlled at least to the URL and
5.2 Product performance parameters
5.2.1 Maximum number of concurrent users
It refers to the maximum number of simultaneously online users. This
indicator reflects the maximum number of users who can deliver the product
at the same time.
5.2.2 Maximum number of concurrent connections
It refers to the maximum numb......
Related standard: GM/T 0022-2014    GM/T 0023-2014
Related PDF sample: GM/T 0015-2012    GM/T 0016-2012