Skip to product information
1 of 10

PayPal, credit cards. Download editable-PDF and invoice in 1 second!

GM/T 0045-2016 English PDF (GMT0045-2016)

GM/T 0045-2016 English PDF (GMT0045-2016)

Regular price $175.00 USD
Regular price Sale price $175.00 USD
Sale Sold out
Shipping calculated at checkout.
Quotation: In 1-minute, 24-hr self-service. Click here GM/T 0045-2016 to get it for Purchase Approval, Bank TT...

GM/T 0045-2016: Specifications of financial cryptographic server

This Standard defines relevant terms of financial cryptographic server, specifies functional requirements, interface requirements, hardware requirements, business requirements, security requirements and test requirements for financial cryptographic server.
GM/T 0045-2016
GM
CRYPTOGRAPHY INDUSTRY STANDARD
OF THE PEOPLE REPUBLIC OF CHINA
ICS 35.040
L 80
File No.. 55613-2016
Specifications of financial cryptographic server
ISSUED ON. MARCH 28, 2016
IMPLEMENTED ON. MARCH 28, 2016
Issued by. State Cryptography Administration
Table of Contents
Foreword ... 3
1 Scope .. 4
2 Normative references ... 4
3 Terms and definitions ... 5
4 Abbreviation ... 7
5 Functional requirements .. 8
5.1 Cryptographic algorithm ... 8
5.2 Key management... 9
5.3 Random number ... 11
5.4 Access control ... 12
5.5 Device management ... 13
5.6 Device initialization .. 13
5.7 Self-test .. 14
6 Hardware requirements ... 14
6.1 Physical interface.. 14
6.2 Status indicator .. 14
6.3 Random number generator ... 14
6.4 Environmental adaptability.. 14
6.5 Reliability ... 14
7 Security business requirements ... 15
7.1 Basic requirements .. 15
7.2 Data message interface ... 15
7.3 Business function requirements ... 16
8 Security requirements ... 38
9 Test requirements .. 38
9.1 Function test ... 38
9.2 Performance test .. 40
9.3 Environmental compatibility test .. 43
9.4 Security test ... 43
10 Determination of qualification .. 43
Foreword
This Standard was drafted in accordance with the rules given in GB/T 1.1-2009. Attention is drawn to the possibility that some of the elements of this Standard may be the subject of patent rights. The issuing authority shall not be held responsible for identifying any or all such patent rights.
This Standard was proposed by and shall be under the jurisdiction of Code Industry Standardization Technical Committee.
Main drafting organizations of this Standard. Chengdu Westone Information Industry Joint Stock Company, Wuxi Jiangnan Institute of Computer Technology, Xing Tang Communication Technology Co., Ltd., Shandong De'an Information Technology Co., Ltd., Beijing Sansec Technology Development Company, Ltd., Beijing Jiangnan Tian-An Technology Co., Ltd.
Main drafters of this Standard. Li Yuanzheng, Zhang Shixiong, Huang Jin, Zhang Suocheng, Xu Mingyi, Wang Nina, Zheng Haisen, Gao Zhiquan, Li Guo, Ma Xiaoyan.
Specifications of financial cryptographic server
1 Scope
This Standard defines relevant terms of financial cryptographic server, specifies functional requirements, interface requirements, hardware requirements, business requirements, security requirements and test requirements for
financial cryptographic server.
This Standard is applicable to the development, use of financial cryptographic server. It is also applicable to guide the test of financial cryptographic server. 2 Normative references
The following referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.
GB/T 4943, Safety of information technology equipment
GB/T 9813-2000, Specification for microcomputer
GB/T 17964, Information technology - Security techniques - Modes of
operation for a block cipher
GM/T 0002, SM4 Block Cipher Algorithm
GM/T 0003, Public Key Cryptographic Algorithm SM2 Based on Elliptic
Curves
GM/T 0004, SM3 Password Hashing Algorithm
GM/T 0005, Randomness Test Specification
GM/T 0006, Cryptographic application identifier criterion specification GM/T 0009, SM2 Cryptography Algorithm Application Specification
GM/T 0028, Security Requirements for Cryptographic Modules
JR/T 0025, China Financial Integrated Circuit Card Specifications
use physical means to protect hardware cryptographic device and its keys or sensitive information
3.9 master key; MK
it is at the highest layer in hierarchical key structure, used to protect its lower keys
3.10 secondary master key; SMK
it is at the second layer in hierarchical key structure, used to generate or protect its lower keys
3.11 key separation; KS
ensure that each cryptographic operation uses only the specified key type, for example, the MAC key can only be used to generate a message authentication code
3.12 data key; DK
a key that is to protect PIN and calculate MAC, including MAC key (MAK) and PIN key (PINK), also known as working key
3.13 key check value; KCV
through the result value calculated by irreversible algorithm, it is used to for integrity inspection; the check value usually uses irreversible algorithm to calculate the result of any string under the key
3.14 personal identification number; PIN
in financial business, a digital ID that authorizes a cardholder in a request for authorization message; PIN only contains decimal number; when logging in, it can support numbers, uppercase and lowercase letters, punctuation
3.15 key loading; KL
a process of transferring keys to cryptographic server manually or electronically 3.16 manual key distribution; MKD
a method of using non-electronic means such as cryptography envelope for key distribution
3.17 manual key entry; MKE
inject keys with keyboard into financial cryptographic server
5 Functional requirements
5.1 Cryptographic algorithm
5.1.1 Symmetric cryptographic algorithm
The financial cryptographic server shall be equipped with SM4 symmetric cryptographic algorithm. The realization of SM4 cryptographic algorithm shall follow GM/T 0002.
In order to meet the requirement of compatibility with the original system or the interconnection with other systems (for example, the external card system), the international standard DES/3DES/AES cryptographic algorithm and other
algorithms approved by the national cryptography management department
may also be supported.
The operation mode of symmetric cryptographic algorithm shall follow GB/T 17694, at least containing ECB and CBC modes.
The symmetric cryptographic algorithm is mainly used for PIN encryption, PIN trans-encryption, MAC calculation, data encryption and decryption, key
protection.
5.1.2 Public key algorithm
The financial cryptographic server shall be equipped with SM2 asymmetric cryptographic algorithm. The realization of SM2 cryptographic algorithm shall follow GM/T 0003. The use of algorithm shall follow GM/T 0009.
In order to meet the requirement of compatibility with the original system or the interconnection with other systems (for example, the external card system), the international standard RSA cryptographic algorithm and other algorithms approved by the national cryptography management department may also be supported. RSA cryptographic algorithm module length shall meet the length that is proposed and recommended by the international bank card organization. And it can be extended.
The asymmetric cryptographic algorithm is mainly sued for digital signature and signature verification, cryptography envelope, key distribution.
5.1.3 Hash algorithm
The financial cryptographic server shall be equipped with SM3 hash algorithm. The realization of SM3 hash algorithm shall follow GM/T 0004. In addition, when SM2 cryptographic algorithm is used for digital signature verification and calculation of message authentication code, the algorithm is required to equip with SM3 hash algorithm. The realization of SM3 hash algorithm used in SM2 information is not leaked.
The key in plaintext form that requires manual entry shall use segment
transmission, storage and entry. Different key components shall be saved separately by different authorized administrators. During key entry, it shall be completed together by at least more than 2 authorized administrators on the entry site.
5.2.5 Key backup / restore
The financial cryptographic server shall have backup / restore function for master key, secondary master key. The backup data generated by the backup operation shall be stored in ciphertext on the storage medium. The key to encrypt the backup data shall have a security mechanism to ensure its security. The backup key can be restored to the financial cryptographic server. Different models of financial cryptographic server of same manufacturer shall be able to backup and restore each other. The key restore can be only performed in the financial cryptographic server.
5.3 Random number
The financial cryptographic server shall use random numbers generated by no less than two hardware physical noise sources. The generated random
numbers shall meet the requirements of GM/T 0005.
The random number generator equipped for financial cryptographic server shall pass four phrases of random number tests. sample sending test, exit-factory test, power-on test and use test.
a) Sample sending test
Carry out sample sending test of random number according to GM/T 0005
requirements.
b) Exit-factory test
?€? test quantity. collect 50??106 bit random numbe...

View full details