Skip to product information
1 of 12

PayPal, credit cards. Download editable-PDF and invoice in 1 second!

GM/T 0050-2016 English PDF (GMT0050-2016)

GM/T 0050-2016 English PDF (GMT0050-2016)

Regular price $165.00 USD
Regular price Sale price $165.00 USD
Sale Sold out
Shipping calculated at checkout.
Quotation: In 1-minute, 24-hr self-service. Click here GM/T 0050-2016 to get it for Purchase Approval, Bank TT...

GM/T 0050-2016: Cryptography Device Management - Specification of Device Management Technology

This Standard is applicable to the study and development of cryptographic device management system, cryptographic device management application, cryptographic machine, and the like cryptographic devices; it can also be used for guiding the inspection of cryptographic device management system and cryptographic device.
GM/T 0050-2016
GM
CRYPTOGRAPHY INDUSTRY STANDARD
OF THE PEOPLE REPUBLIC OF CHINA
ICS 35.040
L 80
Record No.. 58555-2017
Cryptography Device Management ?€?
Specification of Device Management Technology
ISSUED ON. DECEMBER 23, 2016
IMPLEMENTED ON. DECEMBER 23, 2016
Issued by. State Cryptography Administration
Table of Contents
Foreword . 5
Introduction .. 6
1 Scope .. 7
2 Normative references .. 7
3 Terms and definitions .. 7
4 Abbreviation . 9
5 Cryptography device management system .. 9
5.1 The position of cryptography device management in the framework of the cryptographic infrastructure application technology system .. 9
5.2 Cryptography device management platform structure .. 10
5.3 Cryptography device management application system structure .. 11
5.4 Management application layer .. 12
5.5 Device management platform layer .. 12
5.5.1 Structure and function of device management platform .. 12
5.5.2 General center of device management.. 13
5.5.3 Device management information base .. 13
5.5.4 Subcenter of device management . 14
5.6 Cryptography device layer .. 15
5.7 Device certificate management . 16
5.8 Registration process .. 16
5.8.1 Registration requirements .. 16
5.8.2 Registration for subcenter of device management .. 17
5.8.3 Registration of be-managed object .. 17
6 Security tunnel message .. 18
6.1 Security tunnel protocol.. 18
6.2 Security tunnel message .. 18
6.2.1 Definition of format for security tunnel message.. 18
6.2.2 Message format for security tunnel establishment request . 20
6.2.3 Message format for security tunnel establishment response . 21
6.2.4 Message format for security tunnel data sending . 21
6.2.5 Message format to inform the security tunnel to restart . 22
6.3 Opportunity for establishing security tunnel .. 22
6.4 Use of security tunnel.. 23
7 Device management information .. 23
7.1 Definition of device management information .. 23
7.2 Definition of data type . 23
7.3 Hierarchical structure of management information .. 25
7.4 Attribute definition . 27
7.4.1 Basic information group .. 27
7.4.2 Interface group .. 29
7.4.3 Management entity group .. 30
8 Device management message .. 31
8.1 Format definition of device management message . 31
8.2 get operation message .. 33
8.3 Get-next operation message .. 33
8.4 Response operation message .. 33
8.5 Set operation message .. 34
8.6 Get-bulk operation message .. 34
8.7 Inform operation message .. 34
8.8 Trap operation message .. 34
9 Device management platform provides interface for management
application .. 34
9.1 Overview . 35
9.2 System initialization interface . 35
9.2.1 Initialization device management environment .. 35
9.2.2 Exit device management environment. 36
9.3 Device attribute management interface .. 36
9.3.1 Get the total number of device . 36
9.3.2 Get device information as per number. 37
9.3.3 Get device attribute values in batches . 38
9.3.4 Set device attribute value .. 39
9.3.5 Export device certificate .. 39
9.4 Data sending interface .. 40
9.4.1 Use security tunnel to send data . 40
9.5 Alarm information management interface .. 41
9.5.1 Get the number of alarm information and alarm number .. 41
9.5.2 Get one alarm information .. 42
9.5.3 Set alarm information to be processed .. 43
Appendix A (Normative) Error code definition .. 44
Appendix B (Normative) Security tunnel protocol framework .. 45
Bibliography .. 47
Introduction
Cryptographic device management provides application interface of device management to the upper management application; provides device management functions to the upper management applications such as realization of remote key management, device maintenance, device monitoring, device compliance inspection, etc.; convert the management request of the upper management applications into standard message for transferring; establish the security tunnel of application layer through security protocol; realize the message transferring between management application and cryptographic device.
This Standard specifies the application interface, management process, management information structure of the cryptographic device management; confirms the specific requirements for cryptographic device to implement the management agent; realize the irrelevance between device management application and the specific
cryptographic device; to achieve the purposes of the cryptographic device designed and developed according to this Standard shall be uniformly managed and configured by the management system developed as per this Standard. The establishment and operation requirements for the cryptographic device management system can refer to the relevant standards of CA management system; this Standard shall not define additionally. This Standard provides guidance and basis for the study and development of cryptographic device and upper management application.
This Standard stipulates a set of cryptographic device management application interfaces, confirms the specific requirements for the cryptographic device to implement the management agent; realizes the irrelevance between device management application and specific cryptographic device; so that achieve the purpose that the cryptographic device designed and developed as per this Standard can be uniformly managed and configured.
The Clause 5, 6, 7, 8, 9 of this Standard shall be used by the developer of the cryptographic device management system.
The Clause 5, 6, 7, 8 of this Standard shall be used by the cryptographic device manufacturer.
The Clause 5, 9 of this Standard shall be used by the management application manufacturer.
The preparation of this Standard has been guided by the overall working group of National Commercial Cryptographic Application System.
Cryptography Device Management ?€?
Specification of Device Management Technology
1 Scope
This Standard specifies the system structure, management process, security tunnel protocol, management information structure, application interface and standard management message format of cryptographic device management.
Provide guidance and basis for the study and development of cryptographic device within the technical system framework and the upper management application. This Standard is applicable to the study and development of cryptographic device management system, cryptographic device management application, cryptographic machine, and the like cryptographic devices; it can also be used for guiding the inspection of cryptographic device management system and cryptographic device. 2 Normative references
The following documents are essential to the application of this document. For the dated documents, only the versions with the dates indicated are applicable to this document; for the undated documents, only the latest version (including all the amendments) are applicable to this document.
GM/T 0006 Cryptographic Application Identifier Criterion Specification
GM/T 0009 SM2 Cryptography Algorithm Application Specification
GM/T 0015 Digital Certificate Format based on SM2 Algorithm
GM/T 0018 Interface Specifications of Cryptography Device Application
3 Terms and definitions
The following terms and definitions are applicable to this document.
3.1 Cryptography device
The device that provides secure storage for key and the secret information, provides cryptographic security service basis on the secret information. In this Standard, it refers specially to the cryptographic device that can accept the device management operations, it mainly includes network cipher machine, application cipher machine/card; however, it excludes intelligent cryptographic end, cryptographic chip, and the like component-level devices.
3.2 Device certificate
The digital information that can identify the cryptography device ID includes the basic information of cryptography device, device public key information, and other supplement information, etc. The device certificate can be issued by special CA system, but also can be issued by device management platform.
3.3 Security tunnels
The application layer security connection established through the data interaction security protocol between device management center and cryptography device- managed agent; it aims to provide confidentiality and integrity protection for application layer information interaction between device management network and cryptography device.
3.4 Device key pair
The asymmetric key pair for device management stored inside the device, it includes signature key pair and encryption key pair.
3.5 Be-managed object
The cryptography device that accepts the management, it becomes the be-managed object through device-managed agent.
3.6 Device-managed agent
The device-managed device is a logic entity that implements the establishment of security tunnels, analysis of device management message; it processes the message command issued by the device management center, the processed results shall be returned to the device management center. Each device-managed agent corresponds to one cryptography device; the device-managed agent can be realized within the cryptography device or realized by the external host computer of the cryptography device. If it is realized externally, the security connection between external device agent and agent cryptography device.
3.7 Security tunnels message
The initialization protocol message that the cryptography device management platform establishes and maintains secure session connection between the managed device be divided into three layers as per the function, namely. management application layer, management platform layer and cryptography device layer. The management application lay...

View full details