Home Cart Quotation About-Us
www.ChineseStandard.net
SEARCH

GM/T 0034-2014 PDF English

US$360.00 · In stock · Download in 9 seconds
GM/T 0034-2014: Specifications of cryptograph and related security technology for certification system based on SM2 cryptographic algorithm
Delivery: 9 seconds. True-PDF full-copy in English & invoice will be downloaded + auto-delivered via email. See step-by-step procedure
Status: Valid
Standard IDUSDBUY PDFDeliveryStandard Title (Description)Status
GM/T 0034-2014360 Add to Cart Auto, 9 seconds. Specifications of cryptograph and related security technology for certification system based on SM2 cryptographic algorithm Valid

Similar standards

GB/T 15843.1   GA/T 1389   GM/T 0025   

GM/T 0034-2014: Specifications of cryptograph and related security technology for certification system based on SM2 cryptographic algorithm


---This is an excerpt. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.), auto-downloaded/delivered in 9 seconds, can be purchased online: https://www.ChineseStandard.net/PDF.aspx/GMT0034-2014
GM CRYPTOGRAPHY INDUSTRY STANDARD ICS 35.040 L 80 File No.. 44635-2014 Specifications of cryptograph and related security technology for certification system based on SM2 cryptographic algorithm Issued on. FEBRUARY 13, 2014 Implemented on. FEBRUARY 13, 2014 Issued by. State Cryptography Administration

Table of Contents

Foreword... 4 1 Scope... 5 2 Normative references... 5 3 Terms and definitions... 6 4 Abbreviations... 9 5 Certificate authentication system... 9 6 Key management system... 22 7 Cryptography algorithm, cryptography device and interface... 28 8 Certificate authentication center... 31 9 Key management center... 41 10 Certificate authentication center operation and management requirements ... 44 11 Key management center operations management requirements... 51 12 Certificate operation process... 53 Appendix A (Informative) Certificate authentication system network structure ... 58 References... 61

1 Scope

This standard specifies the specifications of cryptograph and related security technology for digital certificate authentication system based on SM2 cryptographic algorithm, including certificate authentication center, key management center, cryptography algorithm, cryptography device and interfaces. This standard applies to guide the construction and detection assessment of the digital certificate authentication system of the third-party authority, standardize the application of cryptograph and related security technology in digital certificate authentication system. The construction, operation and management of the digital certificate authentication system of the non-third- party authority may refer to this standard.

2 Normative references

The following documents are essential to the application of this document. For the dated documents, only the versions with the dates indicated are applicable to this document; for the undated documents, only the latest version (including all the amendments) are applicable to this standard. GB/T 2887 General specification for computer field GB/T 6650 Technical conditions for movable floor of computer room GB/T 9361 Safety requirements for computer field GB 50174 Code for design of electronic information system room GM/T 0014 Digital certificate authentication system cryptography protocol specification GM/T 0015 Digital certificate format based on SM2 algorithm GM/T 0016 Smart token cryptography application interface specification

3 Terms and definitions

3.1 Authority certificate Certificate that is signed and issued to the certificate authentication institute. 3.2 CA certificate A certificate signed by a CA to another CA; a CA may also sign a certificate to itself, which is a self-signed certificate. 3.3 Certificate authentication system A system that manages the entire life cycle of digital certificates such as the issuance, release, update, revocation. 3.4 Certificate policy A specified set of rules that indicates the suitability of a certificate for a specific community and/or application-specific class with general security requirements. For example, a specific certificate policy may indicate the suitability of one type of certificate for the authentication of electronic data processing of the commodity transaction at a certain price range. 3.5 Certificate revocation list; CRL A list of revoked certificates that are signed and issued by the certificate authority (CA).

4 Abbreviations

The following abbreviations apply to this document. KMC. Key Management Center

5 Certificate authentication system

5.1 Overview Certificate authentication system is a security system to perform entire process management of the digital certificate within the life cycle. 5.2 Functional requirements 5.2.1 Overview Certificate authentication system provides the entire process management function of the digital certificates within the life cycle, including user registration management, certificate/certificate revocation list generation and issuance, 5.2.3 Certificate/certificate revocation list generation and issuance system 5.2.3.1 Function The certificate/certificate revocation list generation and issuance system are responsible for generating and issuing digital certificates and certificate revocation lists. The digital certificate of the user is issued by the CA of the system, the digital certificate of the root CA is issued by the root CA itself, and the digital certificate of the subordinate CA is issued by the higher CA. 5.2.5 Certificate status inquiry system The certificate status inquiry system shall provide the certificate status inquiry service for users and application systems, including. 5.2.6 Certificate management system The certificate management system is a management control system which realizes the functions of application, audit, generation, issuance, storage, distribution, revocation and archiving of certificate/certificate revocation list in certificate authentication system.

6 Key management system

6.1 Structure description Key management system consists of key generation, key management, key library management, authentication management, security audit, key recovery and cryptography service modules. The proposed key management system logic structure is shown in Figure 3. 6.2 Functional description 6.2.1 Overview The key management system provides the function of managing the whole process of the encrypted certificate key pair in the life cycle, including key generation, key storage, key distribution, key backup, key update, key revocation, key archiving, key recovery and security management. 6.2.4 Key distribution The asymmetric key pair generated by the key management system, which is distributed to the user certificate carrier through the certificate authentication system. 6.2.7 Key revocation When the certificate expires, the user needs or management agencies are deemed necessary in accordance with the contract, the key management system revokes the key currently used by the user in accordance with the CA request. 6.3 System design 6.3.1 Overview Key management system design includes the overall system design and subsystem design. This standard provides the key management system design principles and the realization of various subsystems, during the specific implementation process, it shall be based on the selected development platform and development environment for detailed design. 6.3.9 Cryptography service module The cryptography service module is responsible for providing cryptography support for various services of the key management system.

7 Cryptography algorithm, cryptography device and interface

7.1 Cryptography algorithm The certificate authentication system uses the symmetric cryptography algorithm, the asymmetric cryptography algorithm and the cryptography hash algorithm to implement various functions of the cryptography service. 7.2 Cryptography device 7.2.1 Overview The cryptography device approved by the national cryptography administration department shall be used, including. 7.2.2 Cryptography device functions The cryptography device must have the following basic functions. 7.2.3 Security requirements for cryptography devices The cryptography device shall meet the following requirements. 7.3 Cryptography service interface The interface of the cryptography device follows GM/T 0018, the interface of the smart token follows GM/T 0016, the interface of the cryptography service follows GM/T 0019 and GM/T 0020.

8 Certificate authentication center

8.1 System 8.1.1 Functional requirements The service functions provided by CA mainly include. 8.1.3 Administrator configuration requirements The following administration and operation staff shall be set up in the CA. 8.2 Security 8.2.1 Overview CA system security includes system security, communication security, key security, certificate management security, security audit, physical security, personnel security and other aspects of security. 8.2.4 Key security 8.2.4.1 Overview The key goal of key security is to secure the keys used in the CA system throughout its lifecycle, including generation, storage, use, update, abolition, archiving, destruction, backup, and recovery. It shall take a variety of security measures such as hardware cryptography device, key management security protocol, key access control, key management operation audit. 8.2.4.3 Root CA key The root CA key security, in addition to meeting basic requirements, shall also satisfy the following requirements. 8.2.6 Security audit 8.2.6.1 Overview CA system involves a large number of mutual calling of functional modules in the operation, as well as a variety of administrator operations, these calls and operations need to be recorded in the form of logs for system error analysis, risk analysis and security audit jobs. 8.6 Personnel management system Personnel management system includes the personnel credibility authentication, job settings and so on.

9 Key management center

9.1 Construction principles Key management center is constructed in accordance with the principles of CA unified planning, organic combination, independent set up, respective management. 9.2 System 9.2.1 Functional requirements Key management center shall provide the following service features. 9.2.2 Performance requirements The performance of the key management center shall meet the following requirements. 9.5 Reliability KMC reliability makes reference to the requirements of clause 8.4. 9.6 Physical security KMC physical security makes reference to the requirements of clause 8.5. 9.7 Personnel management system KMC personnel management system makes reference to the requirements of clause 8.6. GM/T 0034-2014 GM CRYPTOGRAPHY INDUSTRY STANDARD ICS 35.040 L 80 File No.. 44635-2014 Specifications of cryptograph and related security technology for certification system based on SM2 cryptographic algorithm Issued on. FEBRUARY 13, 2014 Implemented on. FEBRUARY 13, 2014 Issued by. State Cryptography Administration

Table of Contents

Foreword... 4 1 Scope... 5 2 Normative references... 5 3 Terms and definitions... 6 4 Abbreviations... 9 5 Certificate authentication system... 9 6 Key management system... 22 7 Cryptography algorithm, cryptography device and interface... 28 8 Certificate authentication center... 31 9 Key management center... 41 10 Certificate authentication center operation and management requirements ... 44 11 Key management center operations management requirements... 51 12 Certificate operation process... 53 Appendix A (Informative) Certificate authentication system network structure ... 58 References... 61

1 Scope

This standard specifies the specifications of cryptograph and related security technology for digital certificate authentication system based on SM2 cryptographic algorithm, including certificate authentication center, key management center, cryptography algorithm, cryptography device and interfaces. This standard applies to guide the construction and detection assessment of the digital certificate authentication system of the third-party authority, standardize the application of cryptograph and related security technology in digital certificate authentication system. The construction, operation and management of the digital certificate authentication system of the non-third- party authority may refer to this standard.

2 Normative references

The following documents are essential to the application of this document. For the dated documents, only the versions with the dates indicated are applicable to this document; for the undated documents, only the latest version (including all the amendments) are applicable to this standard. GB/T 2887 General specification for computer field GB/T 6650 Technical conditions for movable floor of computer room GB/T 9361 Safety requirements for computer field GB 50174 Code for design of electronic information system room GM/T 0014 Digital certificate authentication system cryptography protocol specification GM/T 0015 Digital certificate format based on SM2 algorithm GM/T 0016 Smart token cryptography application interface specification

3 Terms and definitions

3.1 Authority certificate Certificate that is signed and issued to the certificate authentication institute. 3.2 CA certificate A certificate signed by a CA to another CA; a CA may also sign a certificate to itself, which is a self-signed certificate. 3.3 Certificate authentication system A system that manages the entire life cycle of digital certificates such as the issuance, release, update, revocation. 3.4 Certificate policy A specified set of rules that indicates the suitability of a certificate for a specific community and/or application-specific class with general security requirements. For example, a specific certificate policy may indicate the suitability of one type of certificate for the authentication of electronic data processing of the commodity transaction at a certain price range. 3.5 Certificate revocation list; CRL A list of revoked certificates that are signed and issued by the certificate authority (CA).

4 Abbreviations

The following abbreviations apply to this document. KMC. Key Management Center

5 Certificate authentication system

5.1 Overview Certificate authentication system is a security system to perform entire process management of the digital certificate within the life cycle. 5.2 Functional requirements 5.2.1 Overview Certificate authentication system provides the entire process management function of the digital certificates within the life cycle, including user registration management, certificate/certificate revocation list generation and issuance, 5.2.3 Certificate/certificate revocation list generation and issuance system 5.2.3.1 Function The certificate/certificate revocation list generation and issuance system are responsible for generating and issuing digital certificates and certificate revocation lists. The digital certificate of the user is issued by the CA of the system, the digital certificate of the root CA is issued by the root CA itself, and the digital certificate of the subordinate CA is issued by the higher CA. 5.2.5 Certificate status inquiry system The certificate status inquiry system shall provide the certificate status inquiry service for users and application systems, including. 5.2.6 Certificate management system The certificate management system is a management control system which realizes the functions of application, audit, generation, issuance, storage, distribution, revocation and archiving of certificate/certificate revocation list in certificate authentication system.

6 Key management system

6.1 Structure description Key management system consists of key generation, key management, key library management, authentication management, security audit, key recovery and cryptography service modules. The proposed key management system logic structure is shown in Figure 3. 6.2 Functional description 6.2.1 Overview The key management system provides the function of managing the whole process of the encrypted certificate key pair in the life cycle, including key generation, key storage, key distribution, key backup, key update, key revocation, key archiving, key recovery and security management. 6.2.4 Key distribution The asymmetric key pair generated by the key management system, which is distributed to the user certificate carrier through the certificate authentication system. 6.2.7 Key revocation When the certificate expires, the user needs or management agencies are deemed necessary in accordance with the contract, the key management system revokes the key currently used by the user in accordance with the CA request. 6.3 System design 6.3.1 Overview Key management system design includes the overall system design and subsystem design. This standard provides the key management system design principles and the realization of various subsystems, during the specific implementation process, it shall be based on the selected development platform and development environment for detailed design. 6.3.9 Cryptography service module The cryptography service module is responsible for providing cryptography support for various services of the key management system.

7 Cryptography algorithm, cryptography device and interface

7.1 Cryptography algorithm The certificate authentication system uses the symmetric cryptography algorithm, the asymmetric cryptography algorithm and the cryptography hash algorithm to implement various functions of the cryptography service. 7.2 Cryptography device 7.2.1 Overview The cryptography device approved by the national cryptography administration department shall be used, including. 7.2.2 Cryptography device functions The cryptography device must have the following basic functions. 7.2.3 Security requirements for cryptography devices The cryptography device shall meet the following requirements. 7.3 Cryptography service interface The interface of the cryptography device follows GM/T 0018, the interface of the smart token follows GM/T 0016, the interface of the cryptography service follows GM/T 0019 and GM/T 0020.

8 Certificate authentication center

8.1 System 8.1.1 Functional requirements The service functions provided by CA mainly include. 8.1.3 Administrator configuration requirements The following administration and operation staff shall be set up in the CA. 8.2 Security 8.2.1 Overview CA system security includes system security, communication security, key security, certificate management security, security audit, physical security, personnel security and other aspects of security. 8.2.4 Key security 8.2.4.1 Overview The key goal of key security is to secure the keys used in the CA system throughout its lifecycle, including generation, storage, use, update, abolition, archiving, destruction, backup, and recovery. It shall take a variety of security measures such as hardware cryptography device, key management security protocol, key access control, key management operation audit. 8.2.4.3 Root CA key The root CA key security, in addition to meeting basic requirements, shall also satisfy the following requirements. 8.2.6 Security audit 8.2.6.1 Overview CA system involves a large number of mutual calling of functional modules in the operation, as well as a variety of administrator operations, these calls and operations need to be recorded in the form of logs for system error analysis, risk analysis and security audit jobs. 8.6 Personnel management system Personnel management system includes the personnel credibility authentication, job settings and so on.

9 Key management center

9.1 Construction principles Key management center is constructed in accordance with the principles of CA unified planning, organic combination, independent set up, respective management. 9.2 System 9.2.1 Functional requirements Key management center shall provide the following service features. 9.2.2 Performance requirements The performance of the key management center shall meet the following requirements. 9.5 Reliability KMC reliability makes reference to the requirements of clause 8.4. 9.6 Physical security KMC physical security makes reference to the requirements of clause 8.5. 9.7 Personnel management system KMC personnel management system makes reference to the requirements of clause 8.6. ......
Source: Above contents are excerpted from the full-copy PDF -- translated/reviewed by: www.ChineseStandard.net / Wayne Zheng et al.
Image 1     Image 2     Image 3     

Tips & Frequently Asked Questions:

Question 1: How long will the true-PDF of English version of GM/T 0034-2014 be delivered?Answer: The full copy PDF of English version of GM/T 0034-2014 can be downloaded in 9 seconds, and it will also be emailed to you in 9 seconds (double mechanisms to ensure the delivery reliably), with PDF-invoice.

Question 2: Can I share the purchased PDF of GM/T 0034-2014_English with my colleagues?Answer: Yes. The purchased PDF of GM/T 0034-2014_English will be deemed to be sold to your employer/organization who actually paid for it, including your colleagues and your employer's intranet.

Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countries

Question 4: Do you accept my currency other than USD?Answer: Yes. www.ChineseStandard.us -- GM/T 0034-2014 -- Click this link and select your country/currency to pay, the exact amount in your currency will be printed on the invoice. Full PDF will also be downloaded/emailed in 9 seconds.

How to buy and download a true PDF of English version of GM/T 0034-2014?

A step-by-step guide to download PDF of GM/T 0034-2014_EnglishStep 1: Visit website https://www.ChineseStandard.net (Pay in USD), or https://www.ChineseStandard.us (Pay in any currencies such as Euro, KRW, JPY, AUD).
Step 2: Search keyword "GM/T 0034-2014".
Step 3: Click "Add to Cart". If multiple PDFs are required, repeat steps 2 and 3 to add up to 12 PDFs to cart.
Step 4: Select payment option (Via payment agents Stripe or PayPal).
Step 5: Customize Tax Invoice -- Fill up your email etc.
Step 6: Click "Checkout".
Step 7: Make payment by credit card, PayPal, Google Pay etc. After the payment is completed and in 9 seconds, you will receive 2 emails attached with the purchased PDFs and PDF-invoice, respectively.
Step 8: Optional -- Go to download PDF.
Step 9: Optional -- Click Open/Download PDF to download PDFs and invoice.
See screenshots for above steps: Steps 1~3    Steps 4~6    Step 7    Step 8    Step 9