1
/
de
9
PayPal, credit cards. Download editable-PDF and invoice in 1 second!
GM/T 0107-2021 English PDF (GMT0107-2021)
GM/T 0107-2021 English PDF (GMT0107-2021)
Prix habituel
$260.00 USD
Prix habituel
Prix promotionnel
$260.00 USD
Prix unitaire
/
par
Frais d'expédition calculés à l'étape de paiement.
Impossible de charger la disponibilité du service de retrait
Delivery: 3 seconds. Download true-PDF + Invoice.
Get QUOTATION in 1-minute: Click GM/T 0107-2021
Historical versions: GM/T 0107-2021
Preview True-PDF (Reload/Scroll if blank)
GM/T 0107-2021: Smart IC card key management system basic technical requirements
GM/T 0107-2021
GM
CRYPTOGRAPHIC INDUSTRY STANDARD
OF THE PEOPLE’S REPUBLIC OF CHINA
ICS 35.030
CCS L 80
Smart IC card key management system basic technical
requirements
ISSUED ON: OCTOBER 18, 2021
IMPLEMENTED ON: MAY 01, 2022
Issued by: State Cryptography Administration
Table of Contents
Foreword ... 3
1 Scope ... 4
2 Normative references ... 4
3 Terms and definitions ... 5
4 Symbols and abbreviations ... 6
4.1 Symbols ... 6
4.2 Abbreviations ... 6
5 Application architecture and key system ... 7
5.1 Application Architecture ... 7
5.2 Key system ... 8
6 Functional requirements ... 13
6.1 Overview ... 13
6.2 System management function ... 13
6.3 Symmetric key management function ... 13
6.4 Asymmetric key management function ... 14
6.5 Audit management function ... 15
6.6 Interface service function ... 16
7 Key security mechanism ... 16
7.1 Symmetric key security mechanism ... 16
7.2 Asymmetric key security mechanism ... 18
8 System security requirements ... 19
8.1 Construction Principles ... 19
8.2 Cryptographic application requirements ... 19
Appendix A (Informative) Description of diversify factors and diversify process ... 22
Appendix B (Informative) Key distribution mechanism (using key master card and
authentication card) ... 23
References ... 25
Smart IC card key management system basic technical
requirements
1 Scope
This document specifies the application architecture and key system, functional
requirements, key security mechanism, system security requirements, etc. of the smart
IC card key management system.
This document is applicable to the design, development, testing, use of the smart IC
card key management system.
2 Normative references
The contents of the following documents constitute the essential terms of this document
through normative references in the text. Among them, for dated references, only the
version corresponding to that date is applicable to this document; for undated references,
the latest version (including all amendments) is applicable to this document.
GB/T 32905 Information security techniques - SM3 cryptographic hash algorithm
GB/T 32907 Information security technology - SM4 block cipher algorithm
GB/T 32915 Information security technology - Randomness test methods for binary
sequence
GB/T 32918 Information security technology - Public key cryptographic algorithm
SM2 based on elliptic curves
GB/T 36322 Information security technology - Cryptographic device application
interface specifications
GB/T 39786 Information security technology - Baseline for information system
cryptography application
GM/T 0044 SM9 identification cryptographic algorithm
GM/T 0045 Specifications of financial cryptographic server
GM/T 0051 Cryptography device management - Specifications of symmetric key
management technology
- Smart IC card key management system on the issuer side: responsible for importing
certificates and keys from superior institutions, generating and managing smart IC
card business keys and institution certificates of this level, providing key services
for smart IC card issuance and transactions;
- Smart IC card acceptance terminal: a terminal that processes smart IC card
transactions (including POS, ATM, gate, on-board terminal, etc.). The acceptance
terminal imports the smart IC card business root public key certificate or the PSAM
card containing the smart IC card consumer key root key; completes offline
authentication with the smart IC card through these certificates or public keys;
- Smart IC card management system: a system that manages smart IC card business
data; provides services for smart IC card issuance and transactions. The smart IC
card management system deploys smart IC card transaction keys (electronic wallet
keys or electronic cash keys); completes online authentication with smart IC cards
through these keys;
- Smart IC card clearing and settlement system: a system that handles the clearing
and settlement of smart IC card transactions. The smart IC card clearing and
settlement system deploys smart IC card settlement keys; completes transaction
authentication during smart IC card clearing and settlement through these keys;
- Data preparation system: process the business data and security data required for
smart IC card issuance; form the final card making file. The data preparation
system contains information such as smart IC card certificates and smart IC card
keys;
- SAM card issuance system: execute the SAM card issuance process; safely load
relevant keys and files into the SAM card after security authentication. The smart
IC card consumption root key and SAM card management key are deployed in the
SAM card issuance system;
- User card issuance system: execute the user card issuance process; securely load
relevant keys and files into the user card after security authentication; deploy the
user card business key in the user card issuance system.
5.2 Key system
5.2.1 Overview
The keys involved in the smart IC card key management system can be divided into
smart IC card business keys and system protection keys, according to the key purpose
or key source.
Smart IC card business keys are defined by the smart IC card application specification.
6 Functional requirements
6.1 Overview
The smart IC card key management system mainly generates and manages the root key
and corresponding certificates of smart IC card services; provides key service functions
for other smart IC card related systems, which shall at least include system management,
symmetric key management, asymmetric key management, audit management,
interface service and other functions.
6.2 System management function
The system management function shall be responsible for user role authority
management, operator management, system configuration management, device
management functions.
a) Role authority management: It shall include authority resource management and
user management; it shall be used to add, delete, modify, check, set permissions
and other operations to assign appropriate permissions to the corresponding roles.
b) Operator management: Users with different permissions shall be divided
according to roles; different roles shall be assigned to operators. It is used to add,
delete, modify, check system operators; assign corresponding roles to operators
when creating operators.
c) System configuration management: It shall implement various system
configurations for managing the smart IC card key management system,
including various basic information and business information configurations.
d) Equipment management: It shall implement encryption machine management of
the smart IC card key management system, including the maintenance of
encryption machine resource information, reasonable grouping management of
encryption machine resources, monitoring and management functions of
encryption machines. It shall support the addition, modification, viewing,
deletion and other operations of encryption machines to complete the
configuration management of encryption machines.
6.3 Symmetric key management function
The symmetric key management function shall support the generation, storage, use,
destruction of various symmetric key types, including the security management of keys
stored in encryption machines and keys stored in databases; support the management
of key attributes and key status of symmetric...
Get QUOTATION in 1-minute: Click GM/T 0107-2021
Historical versions: GM/T 0107-2021
Preview True-PDF (Reload/Scroll if blank)
GM/T 0107-2021: Smart IC card key management system basic technical requirements
GM/T 0107-2021
GM
CRYPTOGRAPHIC INDUSTRY STANDARD
OF THE PEOPLE’S REPUBLIC OF CHINA
ICS 35.030
CCS L 80
Smart IC card key management system basic technical
requirements
ISSUED ON: OCTOBER 18, 2021
IMPLEMENTED ON: MAY 01, 2022
Issued by: State Cryptography Administration
Table of Contents
Foreword ... 3
1 Scope ... 4
2 Normative references ... 4
3 Terms and definitions ... 5
4 Symbols and abbreviations ... 6
4.1 Symbols ... 6
4.2 Abbreviations ... 6
5 Application architecture and key system ... 7
5.1 Application Architecture ... 7
5.2 Key system ... 8
6 Functional requirements ... 13
6.1 Overview ... 13
6.2 System management function ... 13
6.3 Symmetric key management function ... 13
6.4 Asymmetric key management function ... 14
6.5 Audit management function ... 15
6.6 Interface service function ... 16
7 Key security mechanism ... 16
7.1 Symmetric key security mechanism ... 16
7.2 Asymmetric key security mechanism ... 18
8 System security requirements ... 19
8.1 Construction Principles ... 19
8.2 Cryptographic application requirements ... 19
Appendix A (Informative) Description of diversify factors and diversify process ... 22
Appendix B (Informative) Key distribution mechanism (using key master card and
authentication card) ... 23
References ... 25
Smart IC card key management system basic technical
requirements
1 Scope
This document specifies the application architecture and key system, functional
requirements, key security mechanism, system security requirements, etc. of the smart
IC card key management system.
This document is applicable to the design, development, testing, use of the smart IC
card key management system.
2 Normative references
The contents of the following documents constitute the essential terms of this document
through normative references in the text. Among them, for dated references, only the
version corresponding to that date is applicable to this document; for undated references,
the latest version (including all amendments) is applicable to this document.
GB/T 32905 Information security techniques - SM3 cryptographic hash algorithm
GB/T 32907 Information security technology - SM4 block cipher algorithm
GB/T 32915 Information security technology - Randomness test methods for binary
sequence
GB/T 32918 Information security technology - Public key cryptographic algorithm
SM2 based on elliptic curves
GB/T 36322 Information security technology - Cryptographic device application
interface specifications
GB/T 39786 Information security technology - Baseline for information system
cryptography application
GM/T 0044 SM9 identification cryptographic algorithm
GM/T 0045 Specifications of financial cryptographic server
GM/T 0051 Cryptography device management - Specifications of symmetric key
management technology
- Smart IC card key management system on the issuer side: responsible for importing
certificates and keys from superior institutions, generating and managing smart IC
card business keys and institution certificates of this level, providing key services
for smart IC card issuance and transactions;
- Smart IC card acceptance terminal: a terminal that processes smart IC card
transactions (including POS, ATM, gate, on-board terminal, etc.). The acceptance
terminal imports the smart IC card business root public key certificate or the PSAM
card containing the smart IC card consumer key root key; completes offline
authentication with the smart IC card through these certificates or public keys;
- Smart IC card management system: a system that manages smart IC card business
data; provides services for smart IC card issuance and transactions. The smart IC
card management system deploys smart IC card transaction keys (electronic wallet
keys or electronic cash keys); completes online authentication with smart IC cards
through these keys;
- Smart IC card clearing and settlement system: a system that handles the clearing
and settlement of smart IC card transactions. The smart IC card clearing and
settlement system deploys smart IC card settlement keys; completes transaction
authentication during smart IC card clearing and settlement through these keys;
- Data preparation system: process the business data and security data required for
smart IC card issuance; form the final card making file. The data preparation
system contains information such as smart IC card certificates and smart IC card
keys;
- SAM card issuance system: execute the SAM card issuance process; safely load
relevant keys and files into the SAM card after security authentication. The smart
IC card consumption root key and SAM card management key are deployed in the
SAM card issuance system;
- User card issuance system: execute the user card issuance process; securely load
relevant keys and files into the user card after security authentication; deploy the
user card business key in the user card issuance system.
5.2 Key system
5.2.1 Overview
The keys involved in the smart IC card key management system can be divided into
smart IC card business keys and system protection keys, according to the key purpose
or key source.
Smart IC card business keys are defined by the smart IC card application specification.
6 Functional requirements
6.1 Overview
The smart IC card key management system mainly generates and manages the root key
and corresponding certificates of smart IC card services; provides key service functions
for other smart IC card related systems, which shall at least include system management,
symmetric key management, asymmetric key management, audit management,
interface service and other functions.
6.2 System management function
The system management function shall be responsible for user role authority
management, operator management, system configuration management, device
management functions.
a) Role authority management: It shall include authority resource management and
user management; it shall be used to add, delete, modify, check, set permissions
and other operations to assign appropriate permissions to the corresponding roles.
b) Operator management: Users with different permissions shall be divided
according to roles; different roles shall be assigned to operators. It is used to add,
delete, modify, check system operators; assign corresponding roles to operators
when creating operators.
c) System configuration management: It shall implement various system
configurations for managing the smart IC card key management system,
including various basic information and business information configurations.
d) Equipment management: It shall implement encryption machine management of
the smart IC card key management system, including the maintenance of
encryption machine resource information, reasonable grouping management of
encryption machine resources, monitoring and management functions of
encryption machines. It shall support the addition, modification, viewing,
deletion and other operations of encryption machines to complete the
configuration management of encryption machines.
6.3 Symmetric key management function
The symmetric key management function shall support the generation, storage, use,
destruction of various symmetric key types, including the security management of keys
stored in encryption machines and keys stored in databases; support the management
of key attributes and key status of symmetric...
Share








