GM/T 0046-2024 (GM/T 0046-2016) PDF EnglishUS$150.00 · In stock · Download in 9 seconds
GM/T 0046-2016: Test specification for financial cryptographic server Delivery: 9 seconds. True-PDF full-copy in English & invoice will be downloaded + auto-delivered via email. See step-by-step procedure Status: Valid GM/T 0046: Historical versions
Similar standardsGM/T 0046-2016: Test specification for financial cryptographic server---This is an excerpt. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.), auto-downloaded/delivered in 9 seconds, can be purchased online: https://www.ChineseStandard.net/PDF.aspx/GMT0046-2016GM CRYPTOGRAPHY INDUSTRY STANDARD ICS 35.040 L 80 File No.. 58551-2017 Test specification for financial cryptographic server Issued on: DECEMBER 23, 2016 Implemented on: DECEMBER 23, 2016 Issued by. State Cryptography Administration Table of ContentsForeword... 4 1 Scope.. 5 2 Normative references... 5 3 Terms and definitions... 5 4 Abbreviation... 8 5 Requirements for test environment... 8 6 Test content and test methods.. 9 6.1 Test items.. 9 6.2 Appearance and structure inspection... 9 6.3 Function test... 10 6.3.1 Initialization test... 10 6.3.2 Cryptographic operation test... 11 6.3.3 Key management test... 13 6.3.4 Random number test.. 14 6.3.5 Access control test... 14 6.3.6 Device management test... 15 6.3.7 Log audit test... 15 6.3.8 Device self-test... 16 6.3.9 Data message interface detection... 16 6.4 Performance test... 17 6.4.1 Calculation method of performance indicator... 17 6.4.2 PIN encryption performance test... 18 6.4.3 PIN trans-encryption performance test.. 18 6.4.4 MAC calculation performance test... 18 6.4.5 ARQC verification performance test... 18 6.4.6 Encryption and decryption performance test of symmetric cryptographic algorithm.. 18 6.4.7 Encryption and decryption performance test of asymmetric cryptographic algorithm.. 19 6.4.8 Data hash algorithm performance test... 19 6.4.9 Random number generator performance test... 19 6.4.10 Asymmetric key generation performance test... 20 6.4.11 Asymmetric algorithm signature, signature verification performance tests. 20 6.5 Other test... 20 6.5.1 Security test of device.. 20 6.5.2 Environmental suitability test... 20 6.5.3 Reliability test... 20 7 Requirements for submitted technical document... 20 8 Conditions for qualification determination... 21 Annex A (normative) Test item list... 22 Bibliography... 28ForewordThis Standard was drafted in accordance with the rules given in GB/T 1.1-2009. Attention is drawn to the possibility that some of the elements of this Standard may be the subject of patent rights. The issuing authority shall not be held responsible for identifying any or all such patent rights. This Standard was proposed by and shall be under the jurisdiction of Code Industry Standardization Technical Committee. The drafting organizations of this Standard. Wuxi Jiangnan Information Security Engineering Technology Center, State Cryptography Administration Commercial Cryptography Detection Center, Westone Information Industry Company Limited, Xing Tang Communication Technology Co., Ltd., Shandong De'an Information Technology Co., Ltd. Main drafters of this Standard. Zhang Suocheng, Qi Chuanbing, Li Dawei, Deng Kaiyong, Luo Peng, Li Guoyou, Liu Chang, Xiao Qiulin, Ding Yuquan, Liu Xianxaing, Li Yuanzheng, Wang Nina, Kong Fanyu. Test specification for financial cryptographic server 1 Scope This Standard specifies the test requirements and test methods for financial cryptographic server. This Standard is applicable to the detection of financial cryptographic server as well as the development of this type of cryptographic device.2 Normative referencesThe following referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies. GB/T 32915, Information security technology - Binary sequence randomness detection method GM/T 0028, Security Requirements for Cryptographic Modules GM/T 0039, Security Test Requirements for Cryptographic Modules GM/T 0045-2016, Specifications of financial cryptographic server GM/T 0050, Code device management - Device management technical specification3 Terms and definitionsFor the purposes of this document, the following terms and definitions apply. 3.1 financial cryptographic server a cryptographic device that is used in finance field to protect financial data security, mainly for PIN encryption, PIN trans-encryption, MAC generation and check, data encryption and decryption, signature verification as well as key management and other cryptographic services 3.2 symmetric cryptographic algorithm a cryptographic algorithm that encryption and decryption use same key a hash algorithm with its output of 256 bits 3.11 SM4 algorithm a block cryptographic algorithm with group length of 128 bits, key length of 128 bits 3.12 physical secure environment; PSE an environment with access control mechanisms or other security mechanisms; it is designed to prevent partial or total leakage of key, or leakage of other private data stored in the environment, such as any unauthorized access, for example, room or security entity with uninterrupted access control, physical security protection and monitoring 3.13 physical protection; PP physically secure the hardware cryptographic device and its keys or sensitive information, for example, using prying resistance means to prevent the cryptographic server being unauthorized opened 3.14 master key; MK in the hierarchy of the key encryption key and the transmission key, the highest- level key encryption key is called a master key, also known as master file key or local master key 3.15 key separation; KS ensure that each cryptographic operation uses only the specified key type, for example, the MAC key can only be used to generate a message authentication code 3.16 data key; DK a key that is to protect PIN and calculate MAC, including MAC key (MAK) and PIN key (PINK), also known as working key 3.17 check value; CV through the result value calculated by irreversible algorithm, the check value usually transforms a random string of results under a key; in the case of an unknown key, it is not feasible to calculate the correct check value, and a key cannot be determined by the check value 3.18 personal identification number; PIN in financial business, a digital ID that authorizes a cardholder in a request for authorization message; PIN only contains decimal number b) with power indicator light; c) with state indicator light; d) with failure indicator light; e) with at least one service port; f) with at least one management port; g) if the key storage uses micro-protection memory, it shall have a key self- destruction mechanism. The financial cryptographic server shall have the following components or ports. a) one printing port is preferred; b) if the key is used in plaintext in the financial cryptographic server memory, it shall have a memory cleaning mechanism; c) a chassis shell grounding device is preferred; d) redundant power supply is preferred; e) IC card socket is preferred; f) USB port is preferred; g) human-computer interaction component is preferred. 6.3 Function test 6.3.1 Initialization test The financial cryptographic server shall have initialization function to realize the switching between initial state to working state of the device. The initial operation of the financial cryptographic server mainly includes initial system configuration, initializing the administrator or operator, initial key generation (or recovery) and installation. The financial cryptographic server provides cryptographic services only after the initialization operation is completed. After initial configuration of the financial cryptographic server, it can automatically enter the working state to provide cryptography service. If the initial configuration is not performed, when the financial cryptographic server starts up, it shall alarm via indicator light and sound to prompt user to initialize. At this moment, the financial cryptographic server cannot provide cryptography service. k) SM2 key agreement. The test methods for cryptographic operation of financial cryptographic server. a) SM4 ECB encryption. encrypt the given key and plaintext through ECB mode, the result shall be exactly same with the given ciphertext; b) SM4 ECB decryption. decrypt the given key and ciphertext through ECB mode, the result shall be exactly same with the given plaintext; c) SM4 CBC encryption. encrypt the given IV, key and plaintext through CBC mode, the result shall be exactly same with the given ciphertext; d) SM4 CBC decryption. decrypt the given IV, key and plaintext through CBC mode, the result shall be exactly same with the given plaintext; e) SM3 hash. call SM3 algorithm for given information to calculate the hash value, the result shall be exactly same with the given hash value; f) SM2 key generation. call financial cryptographic server to generate a SM1 key pair, then use its private key pair to sign the designa... ......Source: Above contents are excerpted from the full-copy PDF -- translated/reviewed by: www.ChineseStandard.net / Wayne Zheng et al. |