Skip to product information
1 of 12

PayPal, credit cards. Download editable-PDF and invoice in 1 second!

GM/T 0037-2014 English PDF (GMT0037-2014)

GM/T 0037-2014 English PDF (GMT0037-2014)

Regular price $155.00 USD
Regular price Sale price $155.00 USD
Sale Sold out
Shipping calculated at checkout.
Quotation: In 1-minute, 24-hr self-service. Click here GM/T 0037-2014 to get it for Purchase Approval, Bank TT...

GM/T 0037-2014: Certificate authority system test specification

This Standard specifies the test contents and methods of certificate authority system. This standard is applicable to provide electronic authentication service for electronic signature and the inspection of development or building of certificate authentication service operation system in accordance with GM/T 0034-2014. It can also provide reference for the inspection of other certification systems.
GM/T 0037-2014
GM
CRYPTOGRAPHY INDUSTRY STANDARD
OF THE PEOPLE REPUBLIC OF CHINA
ICS 35.040
L 80
File No.. 44642-2014
Certificate authority system test specification
ISSUED ON. FEBRUARY 13, 2014
IMPLEMENTED ON. FEBRUARY 13, 2014
Issued by. State Cryptography Administration
Table of Contents
Foreword ... 4
1 Scope .. 5
2 Normative references ... 5
3 Terms and definitions ... 5
4 Abbreviations .. 6
5 Test object ... 6
6 Test Outline ... 6
7 Test environment .. 6
8 Test content ... 7
8.1 Site .. 7
8.2 Network ... 7
8.3 Post and access management ... 9
8.4 Security management ... 10
8.5 System initialization ... 10
8.6 System functions .. 10
8.7 System performance .. 13
8.8 Data backup and recovery ... 14
8.9 Third-party security products ... 14
8.10 Entry into root .. 15
8.11 Certificate format ... 15
8.12 Certificate chain.. 15
8.13 Algorithm ... 15
8.14 Protocol ... 15
8.15 Documents ... 15
9 Test method .. 15
9.1 Site ... 15
9.2 Network .. 16
9.3 Management of posts and authorization ... 17
9.4 Security management ... 18
9.5 System initialization ... 18
9.6 System functions .. 18
9.7 System performance .. 20
9.8 Data backup and recovery ... 20
9.9 Third-party security products ... 20
9.10 Entry into root .. 21
9.11 Certificate format ... 21
9.12 Certificate chain.. 21
9.13 Algorithm ... 21
9.14 Protocol ... 21
9.15 Documents ... 21
10 Qualification determination ... 21
10.1 Item qualification determination ... 21
10.2 Product qualification determination ... 22
Appendix A ... 23
A.1 Test objective ... 23
A.2 Physical areas and network structure of certificate authority system .. 23 A.3 Hardware and software configuration of certificate authority system ... 23 A.4 Module and function of certificate authority system ... 23
A.5 Test content ... 23
Appendix B ... 31
B.1 The network structure of CA when RA adopts C/S mode ... 31
B.2 the network structure of CA when RA adopts B/S mode .. 31
B.3 The connection between CA and remote RA .. 32
Appendix C ... 33
C.1 Certificate authority system computer room layout ... 33
C.2 Certificate authority system computer room placement diagram ... 33 Foreword
This Standard was drafted in accordance with the rules given in GB/T 1.1-2009. Attention is drawn to the possibility that some of the elements of this Standard may be the subject of patent rights. The issuing authority shall not be held responsible for identifying any or all such patent rights.
This Standard was proposed by and shall be under the jurisdiction of
Cryptography Industry Standardization Technical Committee.
Drafting organizations of this Standard. Changchun Jida Zhengyuan
Information Technology Co., Ltd., Shanghai Gale Software Co., Ltd., National Information Security Engineering Technology Research Center, Beijing Haitai Fangyuan Science and Technology Co., Ltd.
Main drafters of this Standard. Liu Ping, Gao Li, Tian Jingqi, Jiang Yulin, Zhang Baoxin, Li Weiping, Zhao Lili, Zhu Guoxin, Yuan Feng, Tan Wuzheng, an
Xiaojiang, Zhang Wantao, Wu Chenghua.
Certificate authority system test specification
1 Scope
This Standard specifies the test contents and methods of certificate authority system. This standard is applicable to provide electronic authentication service for electronic signature and the inspection of development or building of certificate authentication service operation system in accordance with GM/T 0034-2014. It can also provide reference for the inspection of other certification systems.
2 Normative references
The following referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies. GM/T0014 Digital certificate authentication system cryptography protocol specification
GM/T 0015 Digital certificate format based on SM2 algorithm
GM/T 0034-2014 Specifications of cryptograph and related security technology for certification system based on SM2 cryptographic algorithm
3 Terms and definitions
The following terms and definitions apply to this document.
3.1 Certificate authentication system; CA
A system that manages the entire life cycle of digital certificates such as issuing, distributing, updating, and revoking them.
3.2 Registration authority; RA
The main function of registration authority that manages the entire process of digital certificate registration. It is also known as registration system.
3.3 CA certificate
A certificate issued to a CA. It can be issued by the CA to itself or by another CA. The item test environment is the actual environment of the certificate authority system. 8 Test content
8.1 Site
8.1.1 Engineering construction
Engineering construction shall meet the requirements of physical security in 8.5 of GM/T 0034-2014.
8.1.2 Physical areas
The physical area of certificate authority system shall be divided into public area, service area, management area and core area.
The storage and distribution server of certificate/ certificate logoff list, the LDAP / OCSP query server (if there is an OCSP query server) and the connected cryptographic machine, the registration management server and the connected cryptographic machine, intrusion detection or intrusion prevention detection equipment, vulnerability scanning equipment shall be located in server area; registration management terminal, registration audit terminal, certificate/ certificate logoff list generation and issuance management terminal, intrusion detection or intrusion prevention management console shall be located in the management area; the generation and issuance server of certificate/ certificate logoff list and the connected cryptographic machine, database server, the safe-box keeping key backup materials and media shall be placed in the core area; Firewall shall be placed between each of the areas. See Appendix C. The core area shall be the shielded computer room. The shielding effect shall meet the requirements of 8.5.2.5 in GM/T0034-2014.
The sequence of entering each area is. the management area, service area, core area. The device's name in the system shall be labeled at a prominent location on the devices placed in each area, such as issuance server, registration server, etc. Monitoring probe, fire probe and access control system shall be set up in each area; and monitor room shall be set up to monitor each area in real time.
This article applies to item test only.
8.2 Network
8.2.1 Network structure
b) There shall be corresponding response strategies for security events detected by vulnerability scanning;
c) The vulnerability repository shall be updated in a timely manner.
8.2.2.4 Virus control
The main security strategies for the virus control configured for the system are. a) Deploy antivirus products to key servers and operations, management terminals; b) There shall be corresponding response strategies for security events detected by antivirus products;
c) The virus repository shall be updated in a timely manner.
8.2.2.5 Cryptographic machine
The cryptographic machine shall be connected to the server via an independent physical port.
The cryptographic machine shall be the product approved by the national cryptographic management department.
8.3 Post and access management
8.3.1 Issuance system
8.3.1.1 Super administrator
The super administrator shall be set up, which is generated when the system is initialized and is responsible for the strategy management of the system and the management of the business administrators of the system.
8.3.1.2 Audit administrator
The audit administrator shall be set up, which is generated when the system is initialized and is responsible for the auditor management of the system. 8.3.1.3 Business administrator
The business administrator shall be set up and authorized by the super administrator. It is responsible for the management of business operators.
8.3.1.4 Business operator
The business operator shall be set up and authorized by the business administrator It is responsible for user certificate repository management, data backup/ recovery, etc. 8.6.1.1 Input of application information
It shall be able to provide the interface to input and modify the certificate application information. It shall be able to select the key type and length of the application digital certificate AND support the import of a batch of certificate application information. The system shall enable the operators to sign their actions automatically.
8.6.1.2 Review of application information
It shall be able to provide an interface for the review of the application information. It ...

View full details