Powered by Google www.ChineseStandard.net Database: 189759 (21 Apr 2024)

GM/T 0037-2014 (GMT0037-2014)

GM/T 0037-2014_English: PDF (GMT 0037-2014, GMT0037-2014)
Standard IDContents [version]USDSTEP2[PDF] delivered inStandard Title (Description)StatusPDF
GM/T 0037-2014English160 Add to Cart 0--9 seconds. Auto-delivery Certificate authority system test specification Valid GM/T 0037-2014

BASIC DATA
Standard ID GM/T 0037-2014 (GM/T0037-2014)
Description (Translated English) Certificate authority system test specification
Sector / Industry Chinese Industry Standard (Recommended)
Classification of Chinese Standard L80
Classification of International Standard 35.040
Word Count Estimation 28,215
Date of Issue 2014/2/13
Date of Implementation 2014/2/13
Quoted Standard GM/T 0014; GM/T 0015; GM/T 0034-2014
Drafting Organization Changchun Jida ZhengYuan IT Co.
Administrative Organization Password Industry Standardization Technical Committee
Regulation (derived from) The industry standard for the record Notice 2014 No. 4 (No. 172 overall)
Summary This standard specifies the test content and test methods certificate authentication system. This standard applies to provide electronic certification services for electronic signature, according to the detection of GM/T 0034-2014 development or construct

Standards related to: GM/T 0037-2014

GM/T 0037-2014
GM
CRYPTOGRAPHY INDUSTRY STANDARD
OF THE PEOPLE’S REPUBLIC OF CHINA
ICS 35.040
L 80
File No.. 44642-2014
Certificate authority system test specification
ISSUED ON. FEBRUARY 13, 2014
IMPLEMENTED ON. FEBRUARY 13, 2014
Issued by. State Cryptography Administration
Table of Contents
Foreword ... 4 
1 Scope .. 5 
2 Normative references ... 5 
3 Terms and definitions ... 5 
4 Abbreviations .. 6 
5 Test object ... 6 
6 Test Outline ... 6 
7 Test environment .. 6 
8 Test content ... 7 
8.1 Site .. 7 
8.2 Network ... 7 
8.3 Post and access management ... 9 
8.4 Security management ... 10 
8.5 System initialization ... 10 
8.6 System functions .. 10 
8.7 System performance .. 13 
8.8 Data backup and recovery ... 14 
8.9 Third-party security products ... 14 
8.10 Entry into root .. 15 
8.11 Certificate format ... 15 
8.12 Certificate chain.. 15 
8.13 Algorithm ... 15 
8.14 Protocol ... 15 
8.15 Documents ... 15 
9 Test method .. 15 
9.1 Site ... 15 
9.2 Network .. 16 
9.3 Management of posts and authorization ... 17 
9.4 Security management ... 18 
9.5 System initialization ... 18 
9.6 System functions .. 18 
9.7 System performance .. 20 
9.8 Data backup and recovery ... 20 
9.9 Third-party security products ... 20 
9.10 Entry into root .. 21 
9.11 Certificate format ... 21 
9.12 Certificate chain.. 21 
9.13 Algorithm ... 21 
9.14 Protocol ... 21 
9.15 Documents ... 21 
10 Qualification determination ... 21 
10.1 Item qualification determination ... 21 
10.2 Product qualification determination ... 22 
Appendix A ... 23 
A.1 Test objective ... 23 
A.2 Physical areas and network structure of certificate authority system .. 23 
A.3 Hardware and software configuration of certificate authority system ... 23 
A.4 Module and function of certificate authority system ... 23 
A.5 Test content ... 23 
Appendix B ... 31 
B.1 The network structure of CA when RA adopts C/S mode ... 31 
B.2 the network structure of CA when RA adopts B/S mode .. 31 
B.3 The connection between CA and remote RA .. 32 
Appendix C ... 33 
C.1 Certificate authority system computer room layout ... 33 
C.2 Certificate authority system computer room placement diagram ... 33 
Foreword
This Standard was drafted in accordance with the rules given in GB/T 1.1-2009.
Attention is drawn to the possibility that some of the elements of this Standard
may be the subject of patent rights. The issuing authority shall not be held
responsible for identifying any or all such patent rights.
This Standard was proposed by and shall be under the jurisdiction of
Cryptography Industry Standardization Technical Committee.
Drafting organizations of this Standard. Changchun Jida Zhengyuan
Information Technology Co., Ltd., Shanghai Gale Software Co., Ltd., National
Information Security Engineering Technology Research Center, Beijing Haitai
Fangyuan Science and Technology Co., Ltd.
Main drafters of this Standard. Liu Ping, Gao Li, Tian Jingqi, Jiang Yulin, Zhang
Baoxin, Li Weiping, Zhao Lili, Zhu Guoxin, Yuan Feng, Tan Wuzheng, an
Xiaojiang, Zhang Wantao, Wu Chenghua.
Certificate authority system test specification
1 Scope
This Standard specifies the test contents and methods of certificate authority system.
This standard is applicable to provide electronic authentication service for electronic
signature and the inspection of development or building of certificate authentication
service operation system in accordance with GM/T 0034-2014. It can also provide
reference for the inspection of other certification systems.
2 Normative references
The following referenced documents are indispensable for the application of this
document. For dated references, only the edition cited applies. For undated references,
the latest edition of the referenced document (including any amendments) applies.
GM/T0014 Digital certificate authentication system cryptography protocol
specification
GM/T 0015 Digital certificate format based on SM2 algorithm
GM/T 0034-2014 Specifications of cryptograph and related security technology for
certification system based on SM2 cryptographic algorithm
3 Terms and definitions
The following terms and definitions apply to this document.
3.1 Certificate authentication system; CA
A system that manages the entire life cycle of digital certificates such as issuing,
distributing, updating, and revoking them.
3.2 Registration authority; RA
The main function of registration authority that manages the entire process of digital
certificate registration. It is also known as registration system.
3.3 CA certificate
A certificate issued to a CA. It can be issued by the CA to itself or by another CA.
The item test environment is the actual environment of the certificate authority system.
8 Test content
8.1 Site
8.1.1 Engineering construction
Engineering construction shall meet the requirements of physical security in 8.5 of
GM/T 0034-2014.
8.1.2 Physical areas
The physical area of certificate authority system shall be divided into public area,
service area, management area and core area.
The storage and distribution server of certificate/ certificate logoff list, the LDAP / OCSP
query server (if there is an OCSP query server) and the connected cryptographic
machine, the registration management server and the connected cryptographic
machine, intrusion detection or intrusion prevention detection equipment, vulnerability
scanning equipment shall be located in server area; registration management terminal,
registration audit terminal, certificate/ certificate logoff list generation and issuance
management terminal, intrusion detection or intrusion prevention management
console shall be located in the management area; the generation and issuance server
of certificate/ certificate logoff list and the connected cryptographic machine, database
server, the safe-box keeping key backup materials and media shall be placed in the
core area; Firewall shall be placed between each of the areas. See Appendix C.
The core area shall be the shielded computer room. The shielding effect shall meet the
requirements of 8.5.2.5 in GM/T0034-2014.
The sequence of entering each area is. the management area, service area, core area.
The device's name in the system shall be labeled at a prominent location on the
devices placed in each area, such as issuance server, registration server, etc.
Monitoring probe, fire probe and access control system shall be set up in each area;
and monitor room shall be set up to monitor each area in real time.
This article applies to item test only.
8.2 Network
8.2.1 Network structure
b) There shall be corresponding response strategies for security events detected by
vulnerability scanning;
c) The vulnerability repository shall be updated in a timely manner.
8.2.2.4 Virus control
The main security strategies for the virus control configured for the system are.
a) Deploy antivirus products to key servers and operations, management terminals;
b) There shall be corresponding response strategies for security events detected by
antivirus products;
c) The virus repository shall be updated in a timely manner.
8.2.2.5 Cryptographic machine
The cryptographic machine shall be connected to the server via an independent
physical port.
The cryptographic machine shall be the product approved by the national
cryptographic management department.
8.3 Post and access management
8.3.1 Issuance system
8.3.1.1 Super administrator
The super administrator shall be set up, which is generated when the system is
initialized and is responsible for the strategy management of the system and the
management of the business administrators of the system.
8.3.1.2 Audit administrator
The audit administrator shall be set up, which is generated when the system is
initialized and is responsible for the auditor management of the system.
8.3.1.3 Business administrator
The business administrator shall be set up and authorized by the super administrator.
It is responsible for the management of business operators.
8.3.1.4 Business operator
The business operator shall be set up and authorized by the business administrator It
is responsible for user certificate repository management, data backup/ recovery, etc.
8.6.1.1 Input of application information
It shall be able to provide the interface to input and modify the certificate application
information. It shall be able to select the key type and length of the application digital
certificate AND support the import of a batch of certificate application information. The
system shall enable the operators to sign their actions automatically.
8.6.1.2 Review of application information
It shall be able to provide an interface for the review of the application information. It ...
...