1
/
von
11
PayPal, credit cards. Download editable-PDF and invoice in 1 second!
GM/T 0051-2016 English PDF (GMT0051-2016)
GM/T 0051-2016 English PDF (GMT0051-2016)
Normaler Preis
$170.00 USD
Normaler Preis
Verkaufspreis
$170.00 USD
Grundpreis
/
pro
Versand wird beim Checkout berechnet
Verfügbarkeit für Abholungen konnte nicht geladen werden
Delivery: 3 seconds. Download true-PDF + Invoice.
Get QUOTATION in 1-minute: Click GM/T 0051-2016
Historical versions: GM/T 0051-2016
Preview True-PDF (Reload/Scroll if blank)
GM/T 0051-2016: Cryptography device management - Specifications of symmetric key management technology
GM/T 0051-2016
GM
CRYPTOGRAPHY INDUSTRY STANDARD
OF THE PEOPLE’S REPUBLIC OF CHINA
ICS 35.040
L 80
File No.. 58556-2017
Cryptography device management – Specifications
of symmetric key management technology
ISSUED ON. DECEMBER 23, 2016
IMPLEMENTED ON. DECEMBER 23, 2016
Issued by. State Cryptography Administration
Table of Contents
Foreword ... 3
Introduction .. 4
1 Scope .. 5
2 Normative references ... 5
3 Terms and definitions ... 5
4 Abbreviations .. 8
5 Symmetric key management physical security requirements ... 8
5.1 System security requirements ... 8
5.2 Functional security requirements ... 8
6 Symmetric key management system ... 11
6.1 Position in the cryptographic infrastructure technology framework ... 11
6.2 Management scope ... 13
6.3 System technology framework .. 13
6.4 System function structure ... 15
6.5 Function description ... 16
6.6 System design requirements ... 18
7 Symmetric key management application instructions and management
interfaces ... 25
7.1 Basic requirements .. 25
7.2 Application instructions ... 26
7.3 Management interface ... 34
Appendix A (Normative) Error code definition .. 37
Appendix B (Normative) Key format configuration file ... 38
Foreword
This Standard was drafted in accordance with the rules given in GB/T 1.1-2009.
GM/T 0051 “Cryptography device management - Specifications of symmetric
key management technology” is one of the cryptography device management
standards. This type of standard consists of a basic specification and a series
of management application specifications and currently includes.
- Basic specifications. GM/T 0050 Cryptography device management -
Equipment management technical specifications;
- Management application specification. GM/T 0051 Cryptography device
management - Specifications of symmetric key management technology;
- Management application specification. GM/T 0052 Cryptographic device
management - VPN device monitoring management specification;
- Management application specification. GM/T 0053 Cryptographic device
management - Remote monitoring and compliance verification interface
data specification.
Any contents of this standard related to the contents of cryptographic algorithms
are implemented in accordance with relevant national laws and regulations.
This Standard was proposed by and shall be under the jurisdiction of
Cryptography Industry Standardization Technical Committee.
Main drafting organizations of this Standard. Xingtang Communication
Technology Co., Ltd., Wuxi Jiangnan Information Security Engineering
Technology Center, Chengdu Weishitong Information Industry Co., Ltd.,
Shandong De’an Computer Technology Co., Ltd., Shanghai Koal Software Co.,
Ltd., Beijing Haitai Fangyuan Technology Limited company.
Main drafters of this Standard. Wang Nina, Li Yufeng, Xu Qiang, Li Yuanzheng,
Kong Yufan, Tan Wuzheng, Liu Zengshou.
Cryptography device management – Specifications
of symmetric key management technology
1 Scope
This standard specifies key and system-related security technical requirements
for symmetric key management applications, including symmetric key
management security requirements, system architecture and functional
requirements, key management security protocols and interface design
requirements, management center construction, operation, and management
requirements, etc.
This standard applies to the development, construction, operation, and
management of symmetric key management systems.
This standard adopts the security tunnel technology in the “Cryptography
device management - Equipment management technical specifications”, it shall
use the interfaces in clause 6 and clause 9 of the “Cryptography device
management - Equipment management technical specifications”.
2 Normative references
The following documents are essential to the application of this document. For
the dated documents, only the versions with the dates indicated are applicable
to this document; for the undated documents, only the latest version (including
all the amendments) are applicable to this standard.
GB/T 32915 Information security technology - Binary sequence randomness
detection method
GM/T 0006 Cryptographic application identifier criterion specification
GM/T 0015 Digital certificate format based on SM2 algorithm
GM/T 0050-2016 Cryptography device management - Equipment
management technical specifications
3 Terms and definitions
The following terms and definitions apply to this document.
5.2.2 Key storage and backup
Key storage shall ensure confidentiality and integrity and prevent the leakage
and replacement of unauthorized keys.
Specific storage requirements for different types of keys are as follows.
- Plaintext key
The plaintext key that needs to be stored for a long time shall be stored in
the physical security module of the security cryptographic device. When the
physical security module fails, the stored plaintext key immediately expires.
- Key component
The key components shall be stored in different media during the life cycle
and held by different administrators.
- Ciphertext key
It can be stored in a cryptographic device or it can be stored outside a
cryptographic device. If stored outside the cryptographic device, it shall
ensure that it is authorized for access.
Key backups shall also ensure confidentiality and integrity, the specific
requirements are consistent with key storage.
5.2.3 Key distribution and loading
Key distribution and loading can be performed manually, loaded directly by a
removable storage medium, loaded by a specific key delivery device, or by
network distribution.
Specific distribution requirements are as follows.
- Plaintext key
When a plaintext key is passed between two secure cryptographic devices,
component delivery, password protection, or other methods shall be used
to prevent the key from being compromised, tampered, or replaced.
- Key component
The key component distribution process shall not reveal any part of the key
component to an unauthorized person.
- Ciphertext key
Ciphertext keys can be distributed and loaded over the network. Ciphertext
key distribution shall prevent key tampering or key replacement.
5.2.4 Key usage
- A key shall specify an attribute or control vector to prevent the key from
being used without authorization;
- The key can only be used for the specified application;
- The key can only be used for a specified purpose or function;
- When the known key is leaked, its use shall be stopped;
- When it suspects that the key is compromised, it can stop using it actively.
5.2.5 Key update
The key management system shall set key update policies for be-managed
systems and the be-managed equipment.
When the key exceeds the lifespan, has been exposed, or suspected of
insecurity, it shall be able to be replaced in accordance with the corresponding
update policy. If the compromised or suspected key is a key encryption key or
a root key, all keys or subkeys encrypted by the key shall be replaced.
The decryption and re-encryption of application data due to key exchange is
not the responsibility of the key management center.
Specific requirements are as follows.
- A strict update in accordance with the key update policy;
- New key cannot irreversibly derive the old key;
- It cannot increase the risk of leakage of other key...
Get QUOTATION in 1-minute: Click GM/T 0051-2016
Historical versions: GM/T 0051-2016
Preview True-PDF (Reload/Scroll if blank)
GM/T 0051-2016: Cryptography device management - Specifications of symmetric key management technology
GM/T 0051-2016
GM
CRYPTOGRAPHY INDUSTRY STANDARD
OF THE PEOPLE’S REPUBLIC OF CHINA
ICS 35.040
L 80
File No.. 58556-2017
Cryptography device management – Specifications
of symmetric key management technology
ISSUED ON. DECEMBER 23, 2016
IMPLEMENTED ON. DECEMBER 23, 2016
Issued by. State Cryptography Administration
Table of Contents
Foreword ... 3
Introduction .. 4
1 Scope .. 5
2 Normative references ... 5
3 Terms and definitions ... 5
4 Abbreviations .. 8
5 Symmetric key management physical security requirements ... 8
5.1 System security requirements ... 8
5.2 Functional security requirements ... 8
6 Symmetric key management system ... 11
6.1 Position in the cryptographic infrastructure technology framework ... 11
6.2 Management scope ... 13
6.3 System technology framework .. 13
6.4 System function structure ... 15
6.5 Function description ... 16
6.6 System design requirements ... 18
7 Symmetric key management application instructions and management
interfaces ... 25
7.1 Basic requirements .. 25
7.2 Application instructions ... 26
7.3 Management interface ... 34
Appendix A (Normative) Error code definition .. 37
Appendix B (Normative) Key format configuration file ... 38
Foreword
This Standard was drafted in accordance with the rules given in GB/T 1.1-2009.
GM/T 0051 “Cryptography device management - Specifications of symmetric
key management technology” is one of the cryptography device management
standards. This type of standard consists of a basic specification and a series
of management application specifications and currently includes.
- Basic specifications. GM/T 0050 Cryptography device management -
Equipment management technical specifications;
- Management application specification. GM/T 0051 Cryptography device
management - Specifications of symmetric key management technology;
- Management application specification. GM/T 0052 Cryptographic device
management - VPN device monitoring management specification;
- Management application specification. GM/T 0053 Cryptographic device
management - Remote monitoring and compliance verification interface
data specification.
Any contents of this standard related to the contents of cryptographic algorithms
are implemented in accordance with relevant national laws and regulations.
This Standard was proposed by and shall be under the jurisdiction of
Cryptography Industry Standardization Technical Committee.
Main drafting organizations of this Standard. Xingtang Communication
Technology Co., Ltd., Wuxi Jiangnan Information Security Engineering
Technology Center, Chengdu Weishitong Information Industry Co., Ltd.,
Shandong De’an Computer Technology Co., Ltd., Shanghai Koal Software Co.,
Ltd., Beijing Haitai Fangyuan Technology Limited company.
Main drafters of this Standard. Wang Nina, Li Yufeng, Xu Qiang, Li Yuanzheng,
Kong Yufan, Tan Wuzheng, Liu Zengshou.
Cryptography device management – Specifications
of symmetric key management technology
1 Scope
This standard specifies key and system-related security technical requirements
for symmetric key management applications, including symmetric key
management security requirements, system architecture and functional
requirements, key management security protocols and interface design
requirements, management center construction, operation, and management
requirements, etc.
This standard applies to the development, construction, operation, and
management of symmetric key management systems.
This standard adopts the security tunnel technology in the “Cryptography
device management - Equipment management technical specifications”, it shall
use the interfaces in clause 6 and clause 9 of the “Cryptography device
management - Equipment management technical specifications”.
2 Normative references
The following documents are essential to the application of this document. For
the dated documents, only the versions with the dates indicated are applicable
to this document; for the undated documents, only the latest version (including
all the amendments) are applicable to this standard.
GB/T 32915 Information security technology - Binary sequence randomness
detection method
GM/T 0006 Cryptographic application identifier criterion specification
GM/T 0015 Digital certificate format based on SM2 algorithm
GM/T 0050-2016 Cryptography device management - Equipment
management technical specifications
3 Terms and definitions
The following terms and definitions apply to this document.
5.2.2 Key storage and backup
Key storage shall ensure confidentiality and integrity and prevent the leakage
and replacement of unauthorized keys.
Specific storage requirements for different types of keys are as follows.
- Plaintext key
The plaintext key that needs to be stored for a long time shall be stored in
the physical security module of the security cryptographic device. When the
physical security module fails, the stored plaintext key immediately expires.
- Key component
The key components shall be stored in different media during the life cycle
and held by different administrators.
- Ciphertext key
It can be stored in a cryptographic device or it can be stored outside a
cryptographic device. If stored outside the cryptographic device, it shall
ensure that it is authorized for access.
Key backups shall also ensure confidentiality and integrity, the specific
requirements are consistent with key storage.
5.2.3 Key distribution and loading
Key distribution and loading can be performed manually, loaded directly by a
removable storage medium, loaded by a specific key delivery device, or by
network distribution.
Specific distribution requirements are as follows.
- Plaintext key
When a plaintext key is passed between two secure cryptographic devices,
component delivery, password protection, or other methods shall be used
to prevent the key from being compromised, tampered, or replaced.
- Key component
The key component distribution process shall not reveal any part of the key
component to an unauthorized person.
- Ciphertext key
Ciphertext keys can be distributed and loaded over the network. Ciphertext
key distribution shall prevent key tampering or key replacement.
5.2.4 Key usage
- A key shall specify an attribute or control vector to prevent the key from
being used without authorization;
- The key can only be used for the specified application;
- The key can only be used for a specified purpose or function;
- When the known key is leaked, its use shall be stopped;
- When it suspects that the key is compromised, it can stop using it actively.
5.2.5 Key update
The key management system shall set key update policies for be-managed
systems and the be-managed equipment.
When the key exceeds the lifespan, has been exposed, or suspected of
insecurity, it shall be able to be replaced in accordance with the corresponding
update policy. If the compromised or suspected key is a key encryption key or
a root key, all keys or subkeys encrypted by the key shall be replaced.
The decryption and re-encryption of application data due to key exchange is
not the responsibility of the key management center.
Specific requirements are as follows.
- A strict update in accordance with the key update policy;
- New key cannot irreversibly derive the old key;
- It cannot increase the risk of leakage of other key...
Share










