Skip to product information
1 of 10

PayPal, credit cards. Download editable-PDF & invoice in 1 second!

GM/T 0049-2016 English PDF (GMT0049-2016)

GM/T 0049-2016 English PDF (GMT0049-2016)

Regular price $150.00 USD
Regular price Sale price $150.00 USD
Sale Sold out
Shipping calculated at checkout.
Delivery: 3 seconds. Download true-PDF + Invoice.
Get QUOTATION in 1-minute: Click GM/T 0049-2016
Historical versions: GM/T 0049-2016
Preview True-PDF (Reload/Scroll if blank)

GM/T 0049-2016: Cryptography test specification for EPP
GM/T 0049-2016
GM
CRYPTOGRAPHY INDUSTRY STANDARD
OF THE PEOPLE’S REPUBLIC OF CHINA
ICS 35.040
L 80
File No.. 58554-2017
Cryptography test specification for EPP
ISSUED ON. DECEMBER 23, 2016
IMPLEMENTED ON. DECEMBER 23, 2016
Issued by. State Cryptography Administration
Table of Contents
Foreword . 3 
1 Scope .. 4 
2 Normative references .. 4 
3 Terms and definitions .. 4 
4 Abbreviations .. 7 
5 PIN pad security level .. 7 
6 Test content and test method . 7 
6.1 Security management function test .. 7 
6.2 Cryptographic algorithm test .. 12 
6.3 Key primality test (optional) . 16 
6.4 Random quality test.. 16 
6.5 Environmental failure protection test .. 16 
6.6 Cryptography stability test .. 17 
6.7 Algorithm performance test . 21 
6.8 Equipment security test .. 25 
6.9 Security requirement test . 25 
6.10 Requirements for submission of technical documents for inspection .. 33 
7 Qualification determination.. 34 
Appendix A (Informative) PIN block filling format . 35 
Appendix B (Informative) CBC-MAC calculation method .. 37 
Appendix C (Informative) Monte Carlo test method .. 38 
Cryptography test specification for EPP
1 Scope
This standard specifies the security classification, test content and test method,
qualification determination rules of encrypting PIN Pad products.
This standard is suitable for cryptography test, inspection and classification of
encrypting PIN Pad products.
2 Normative references
The following referenced documents are indispensable for the application of this
document. For dated references, only the edition cited applies. For undated references,
the latest edition of the referenced document (including any amendments) applies.
GB/T 21078.1-2007 Banking. Personal Identification Number management and
security - Part 1. Basic principles and requirements for online PIN handling in ATM
and POS systems
GB/T 32915-2016 Information security technology - Randomness test methods for
binary sequence
GB/T 32918.3-2016 Information security technology - Public key cryptographic
algorithm SM2 based on elliptic curves - Part 3. Key exchange protocol
GM/Z 0001 Cryptographic terms
GM/T 0008-2012 Cryptography test criteria for security IC
GM/T 0028-2014 Security requirements for cryptographic modules
GM/T 0039 Security test requirements for cryptographic modules
ISO/IEC 18032.2005 Information technology - Security techniques - Prime number
generation
3 Terms and definitions
The terms and definitions defined by GB/T 21078.1-2007, GM/T 0028-2014, GM/Z
0001 AND the following terms and definitions apply to this document.
3.10 Hash algorithm compression test
Test the function correctness of hash algorithm in the PIN pad.
3.11 Key management test
Test the function correctness of key dispersion, key primality and key agreement in the
PIN pad.
3.12 Random quality test
Test the quality of random numbers generated by the PIN pad.
3.13 Environmental failure protection test
Test the requirements and specifications of PIN pad environmental failure.
Note. Rewrite GM/T 0028-2014, Definition 3.26.
3.14 Cryptographic algorithm stability test
Test the function stability of symmetric cryptographic algorithm, asymmetric
cryptographic algorithm and hash algorithm in the PIN pad.
3.15 Monte Carlo test
The method of repeatedly test the cryptographic algorithm by the principle of repeated
random sampling.
3.16 Algorithm performance test
Test the performance of symmetric cryptographic algorithm, asymmetric cryptographic
algorithm and hash algorithm in the PIN pad.
3.17 Security function test
A mechanism used to determine the level of physical security of a PIN pad.
3.18 Key security test
Test the security level of key storage, key input and output, and key zero-setting in the
PIN pad.
3.19 Fault induction
A technique that uses transient voltage, radiation, laser, or clock offset techniques to
cause changes in operating behavior in hardware.
3.20 Operational environment
b) The examiner confirms that the submitting agency has submitted the source code
for key function self-test;
c) Through the examination of source code and documents, the examiner confirms
whether the key function self-test realized by the source code is consistent with
the document description;
d) If consistent, the key function self-test is passed.
6.1.2.2 Conditional self-test
6.1.2.2.1 Symmetric cryptographic algorithm self-test
The test steps are as follows.
a) The examiner confirms that the submitting agency has submitted the self-test
documents of the symmetric cryptographic algorithm (including encryption and
decryption of symmetric algorithm) and the self-test source code of the
symmetric cryptographic algorithm;
b) Through the examination of source code and documents, the examiner confirms
whether the symmetry algorithm realized by the source code is consistent with
the document description;
c) If consistent, the symmetry algorithm self-test is passed.
6.1.2.2.2 Asymmetric cryptographic algorithm self-test (optional)
Asymmetric cryptographic algorithm self-test is an optional test item according to the
product support for this algorithm. The test steps are as follows.
a) The examiner confirms that the submitting agency has submitted the asymmetric
algorithm (including asymmetric encryption / decryption and asymmetric
signature verification), self-test documents and asymmetric cryptography
algorithm self-test source code;
b) Through the examination of source code and documents, the examiner confirms
whether the asymmetric algorithm self-test realized by source code and the
document description are consistent;
c) If consistent, asymmetric algorithm self-test is passed.
6.1.2.2.3 Hash algorithm self-test (optional)
Hash algorithm self-test is an optional test item according to the product support for
this algorithm. The test steps are as follows.
d) If the result of the plaintext is correct, the test is passed.
6.2.4 Hash algorithm compression test (optional)
Hash algorithm data compression test is an optional test item according to the product
support for this algorithm. Test steps are as follows.
a) The testing institution provides the test data to the PIN pad;
b) The PIN pad uses hash algorithm to calculate the test data and the PIN pad
returns the result;
c) Compare the result returned by the PIN pad with the result from the testing
institution;
d) if the results are consistent, the hash algorithm data compression test is passed.
6.3 Key primality test (optional)
The key primality test is to test if the cypher parameter of asymmetric cryptographic
algorithm is prime. It is only required when the product contents algorithm that has
requirements of the key primality.
The key primality test method shall be as per ISO/IEC 18032. 2005.
6.4 Random quality test
The test steps are as follows.
a) Generate random numbers with the PIN pad until 128MB is collected;
b) Test the random number by the method specified in GB/T 32915-2016 and
determine whether the test is passed.
6.5 Environmental failure protection test
6.5.1 General requirements for environmental failure protection
The general requirements for environmental failure protection are as follows.
a) For PIN pad of security level 1, level 2, it is not required to have environmental
failure protection (EFP) characteristic test or environmental failure ...
View full details