HOME   Cart(0)   Quotation   About-Us Tax PDFs Standard-List Powered by Google www.ChineseStandard.net Database: 189759 (3 Nov 2024)

GM/T 0025-2014 English PDF (GM/T 0025-2023 Newer Version)

GM/T 0025-2014 (GM/T0025-2014, GMT 0025-2014, GMT0025-2014)
Standard IDContents [version]USDSTEP2[PDF] delivered inStandard Title (Description)StatusPDF
GM/T 0025-2023EnglishRFQ ASK 3 days [Need to translate] (SSL VPN Gateway Product Specifications) Valid GM/T 0025-2023
GM/T 0025-2014English150 Add to Cart 0--9 seconds. Auto-delivery SSL VPN gateway product specification Valid GM/T 0025-2014
Preview PDF: GM/T 0025-2014    Standards related to: GM/T 0025-2014

BASIC DATA
Standard ID GM/T 0025-2014 (GM/T0025-2014)
Description (Translated English) SSL VPN gateway product specification
Sector / Industry Chinese Industry Standard (Recommended)
Classification of Chinese Standard L80
Classification of International Standard 35.040
Word Count Estimation 16,122
Date of Issue 2014/2/13
Date of Implementation 2014/2/13
Quoted Standard GB/T 9813-2000; GB/T 15153.1-1998; GB/T 17964; GM/T 0005; GM/T 0014; GM/T 0015; GM/T 0024
Drafting Organization Shanghai Koal Software Co.
Administrative Organization Password Industry Standardization Technical Committee
Regulation (derived from) The industry standard for the record Notice 2014 No. 4 (No. 172 overall)
Summary This standard specifies the SSL VPN gateway product functional requirements, hardware requirements, software requirements, safety requirements and testing requirements and other relevant content. This standard applies to the development, testing, use and


GM/T 0025-2014 GM CRYPTOGRAPHIC INDUSTRY STANDARD OF THE PEOPLE’S REPUBLIC OF CHINA ICS 35.040 L 80 Reference No.. 44626-2014 SSL VPN gateway product specification ISSUED ON. FEBRUARY 13, 2014 IMPLEMENTED ON. FEBRUARY 13, 2014 Issued by. State Cryptography Administration Table of Contents Foreword ... 3  Introduction ... 4  1 Scope ... 5  2 Normative references ... 5  3 Terms, definitions and abbreviations ... 5  4 Cryptographic algorithm and key type ... 7  5 SSL VPN gateway products requirements ... 9  6 SSL VPN gateway product inspection ... 17  7 Qualification determination... 21  Foreword This Standard was drafted in accordance with the rules given in GB/T 1.1-2009. Attention is drawn to the possibility that some of the elements of this Standard may be the subject of patent rights. The issuing authority shall not be held responsible for identifying any or all such patent rights. This Standard was proposed by and shall be under the jurisdiction of Cryptography Industry Standardization Technical Committee. Main drafting organizations of this Standard. Shanghai Geer Software Co., Ltd., Wuxi Jiangnan Information Security Engineering Technology Center, Shandong Dean Computer Technology Co., Ltd., Chengdu Guardian Information Industry Co., Ltd., Shanghai Digital Certificate Certification Center Co., Ltd., Xingtang Communication Technology Co., Ltd., Beijing Digital Certified Co., Ltd. Main drafters of this Standard. Tan Wuzheng, Kong Fanyu, Li Yuanzheng, Liu Cheng, Li Shusheng, Wang Nina, Han Lin. SSL VPN gateway product specification 1 Scope This Standard specifies the functional requirements, hardware requirements, software requirements, safety requirements and inspection requirements of SSL VPN gateway products. This Standard is applicable to guide the development, inspection, use and management of SSL VPN gateway products. 2 Normative references The following referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies. GB/T 9813-2000, Generic specification for microcomputers GB/T 15153.1-1998, Telecontrol equipment and systems -- Part 2. Operating conditions Section 1 Power supply and electromagnetic compatibility GB/T 17964, Information technology - Security Techniques - Modes of operation for a block cipher GM/T 0005, Randomness testing specification GM/T 0014, Digital Certificate Authentication System Password Protocol Specification GM/T 0015, Digital certificate format specification based on SM2 kiln code algorithm GM/T 0024, SSL VPN technical specification 3 Terms, definitions and abbreviations 3.1 Terms and definitions The following terms and definitions apply to this document. 3.1.1 cryptographic algorithm calculation rules of cryptography processing 3.1.2 cryptographic hash algorithm It is also known as hash algorithm, cryptographic hash algorithm or hash algorithm; this algorithm maps an arbitrary long bit string to a fixed long bit string and satisfies the following three characteristics. (1) it is computationally difficult to find an input that can be mapped to the output for a given output; (2) finding another input that can be mapped to the same output for a given input is computationally difficult; (3) it is computationally difficult to find that different inputs mapped to the same output. 3.1.3 asymmetric cryptographic algorithm / public key cryptographic algorithm cryptographic algorithm for different keys used by encryption and decryption; one of the keys (public key) can be public, another key (private key) must be kept secret, and the calculation for the private key by the public key is not feasible. 3.1.4 symmetric cryptographic algorithm cryptographic algorithm of same keys used by encryption and decryption. 3.1.5 block cipher algorithm a class of symmetric cipher algorithm for dividing the input data into fixed-length packets for encryption and decryption 3.1.6 cipher block chaining operation mode; CBC a working mode of block cipher algorithm of which the characteristics is that the current cipher text grouping is obtained by the current plaintext grouping is grouped with the previous cipher text via XOR operation and encryption 3.1.7 initialization vector / initialization value; IV initial data used for data transformation and introduced to increase security or synchronize cryptographic devices during cryptography conversion 3.1.8 digital certificate It is also known as public key certificate; a data structure containing public key owner information, public key, issuer information, expiration date, and extended information signed by certificate authority; it can be divided into personal certificate, institutional certificate and equipment certificate according to category OR signature certificate and encryption certificate according to use 3.1.9 secure sockets layer protocol; SSL a transport layer security protocol used to build a safe passage between client and server 3.1.10 virtual private network; VPN a technology of using cryptographic technique to build a safe passage in the communication network 3.1.11 SM2 algorithm an elliptic curve public key cryptography algorithm with a key length of 256 bits 3.2 Abbreviations The following abbreviations apply to this document. CBC. Cipher Block Chaining IV. Initialization Vector SSL. Secure Sockets Layer VPN. Virtual Private Network 4 Cryptographic algorithm and key type 4.1 Algorithm requirements SSL VPN uses asymmetric cryptographic algorithm, symmetric cryptographic algorithm, cryptographic hash algorithm, random number generation algorithm approved by state code management department. Algorithm and use are as follows. • asymmetric cryptographic algorithm is used for authentication, digital signatures and digital envelopes, etc.; • symmetric cryptographic algorithm uses block cipher algorithm used for encryption protection of key exchange data and encryption protection of 5 SSL VPN gateway products requirements 5.1 Product functional requirements 5.1.1 Random number generation SSL VPN gateway products shall have random number generation. The random number should be generated by multiple hardware noise sources. 5.1.2 Work mode SSL VPN gateway products work mode is divided into client-server mode and gateway-gateway mode. The client-server mode is a prerequisite mode while the gateway-gateway mode is optional. 5.1.3 Key exchange SSL VPN gateway products shall have key exchange function to generate a work key by negotiation. Key exchange shall be carried out according to the requirements of GM/T 0024. 5.1.4 Secure packet transmission SSL VPN gateway products shall have secure packet transmission function to endure secure transmission of data. Secure packet transmission shall be in accordance with requirements of GM/T 0024. 5.1.5 Identification SSL VPN gateway products shall have the function of entity authentication. The identification method uses digital certificate. Digital certificate format shall meet requirements of GM/T 0015. The identification of the server is a prerequisite function, and the identification of the client is optional. It shall support digital certificate (RSA or SM2) or supervision mechanism based on identification algorithm. Any identification method shall ensure the completeness and effectiveness of identification. 5.1.6 Access control SSL VPN gateway products shall have fine-grain access control function, based on effective control of user or user group on resources. At least the network access should be controlled to IP addresses, ports and protocols. The access to the web resource should be controlled at least to the URL and 5.2 Product performance parameters 5.2.1 Maximum number of concurrent users It refers to the maximum number of simultaneously online users. This indicator reflects the maximum number of users who can deliver the product at the same time. 5.2.2 Maximum number of concurrent connections It refers to the maximum number of simultaneously online SSL connections. This indicator reflects the maximum number of SSL connections of which a product can handle at the same time. 5.2.3 Number of new connections per second The maximum number of SSL connections that can be created per second. This indicator reflects the ability of the product to access new SSL connections per second. 5.2.4 Throughput rate In the case of packet loss rate of 0, the bidirectional data maximum flow reached by server products on internal network port 5.3 Security requirements 5.3.1 Key security 5.3.1.1 Server end key The server end signing key pair is generated by the SSL VPN gateway product itself. Its public key should be exported. A signature certificate is issued by an external certification authority. The server encryption key pair is generated by an external key authority and is issued by an external authentication authority... ......