1
/
of
12
PayPal, credit cards. Download editable-PDF and invoice in 1 second!
GM/T 0053-2016 English PDF (GM/T0053-2016)
GM/T 0053-2016 English PDF (GM/T0053-2016)
Regular price
$150.00
Regular price
Sale price
$150.00
Unit price
/
per
Shipping calculated at checkout.
Couldn't load pickup availability
GM/T 0053-2016: Cryptography device management - Data interface specification of remote monitoring and compliance testing
Delivery: 9 seconds. Download (& Email) true-PDF + Invoice.
Get Quotation: Click GM/T 0053-2016 (Self-service in 1-minute)
Historical versions (Master-website): GM/T 0053-2016
Preview True-PDF (Reload/Scroll-down if blank)
GM/T 0053-2016
GM
CRYPTOGRAPHY INDUSTRY STANDARD
OF THE PEOPLE’S REPUBLIC OF CHINA
ICS 35.040
L 80
File No.. 58558-2017
Cryptography device management –
Data interface specification of
remote monitoring and compliance testing
ISSUED ON. DECEMBER 23, 2016
IMPLEMENTED ON. DECEMBER 23, 2016
Issued by. State Cryptography Administration
Table of Contents
Foreword ... 3
Introduction .. 4
1 Scope .. 5
2 Normative references ... 5
3 Terms and definitions ... 5
4 Abbreviations .. 7
5 Cryptography device management application system ... 7
5.1 Architecture ... 7
5.2 Basic requirements for cryptography device ... 8
5.3 Basic requirements for management agents .. 9
5.4 Basic requirements for security tunnels ... 9
6 Interface data for remote monitoring and compliance testing of cryptography
device ... 9
6.1 Cryptography device remote monitoring ... 10
6.1.1 Remote monitoring message format ... 10
6.1.2 Message format of request monitoring information ... 11
6.1.3 Message format of returned monitoring information .. 11
6.2 Device compliance testing .. 13
6.2.1 Overview of device compliance testing .. 13
6.2.2 Device compliance testing message format ... 13
6.2.3 Algorithm validation verification ... 14
6.2.4 Device self-test ... 36
Foreword
This Standard was drafted in accordance with the rules given in GB/T 1.1-2009.
GM/T 0053 Cryptography device management - Remote monitoring and
compliance verification interface data specification is one of the cryptography
device management standards. This type of standard consists of a basic
specification and a series of management application specifications and
currently includes.
- Basic specifications. GM/T 0050 Cryptography device management -
Device management technical specifications;
- Management application specification. GM/T 0051 Cryptography device
management - Specifications of symmetric key management technology;
- Management application specification. GM/T 0052 Cryptography device
management - VPN device monitoring management specification;
- Management application specification. GM/T 0053 Cryptography device
management - Remote monitoring and compliance verification interface
data specification.
Any contents of this standard related to the contents of cryptographic algorithms
are implemented in accordance with relevant national laws and regulations.
This Standard was proposed by and shall be under the jurisdiction of
Cryptography Industry Standardization Technical Committee.
Main drafting organizations of this Standard. Shanghai Information Security
Engineering Technology Research Center, Shanghai Xinhao Information
Technology Co., Ltd., Weishitong Information Industry Co., Ltd., Shanghai
Jiaotong University School of Information Security, Shanghai Pengyue
Jinghong Information Technology Development Co., Ltd., Shanghai
Tianrongxin Network Security Technology Co., Ltd., Shanghai Huatang
Network Co., Ltd.
Main drafters of this Standard. Wang Hao, Yuan Feng, Li Gaojian, Tian Li,
Huang Zhirong, Liao Ye, Zou Ru, Pan Shuyuan, Yao Le, Lu Mingzhong, Wang
Hegang, Wang Shanyi, Zhang Yuanchen, Zhou Zhihong, Li Junshan, Pan Limin.
Cryptography device management –
Data interface specification of
remote monitoring and compliance testing
1 Scope
This standard specifies interface data of such management applications as
remote monitoring and compliance testing of the cryptography device, defines
the message transmission format between management applications and
cryptography devices.
This standard applies to the development and application of management
agents in cryptography devices, it can also guide the detection of such
cryptography device-managed agents.
2 Normative references
The following documents are essential to the application of this document. For
the dated documents, only the versions with the dates indicated are applicable
to this document; for the undated documents, only the latest version (including
all the amendments) are applicable to this standard.
GM/T 0006-2012 Cryptography application identity specification
GM/T 0050 Cryptography device management - Device management
technical specifications
3 Terms and definitions
The terms and definitions of GM/T 0050-2016 and the following terms and
definitions apply to this document.
3.1
Cryptography device
Cryptography devices that can accept device management operations, such
as network cryptography machines, application cryptography
machines/cards, excluding component-level devices such as smart
cryptography terminals and cryptography chips.
3.6
Cryptography device management platform
A management system that establishes remote security tunnels with the be-
managed objects for management applications.
[GM/T 0050-2016, Definition 3.9]
3.7
Key desynchronization
It refers to the case of failing to make correct encryption and decryption for
the communication message due to communication message
incompleteness and key inconsistency between the both parties for the
encrypted communication. Generally, it requires the cryptography device to
obtain the key from the key management center or the both parties of mutual
communication re-negotiate the key.
3.8
Tunnel connectivity
Communication and connection between cryptography devices and other
devices that need to be interconnected.
4 Abbreviations
The following abbreviations apply to this document.
PDU. Package Data Unit
VID. Device be-managed attribute identifier (Value ID)
5 Cryptography device management application
system
5.1 Architecture
For the cryptography device management architecture, please refer to clause
5.3 of GM/T 0050-2016, and the structure diagram is shown in Figure 1 (The
solid line refers to the physical connection and the dotted line refers to the
logical connection). The management system is divided into three layers in
accordance with functions. management application layer, management
G 32-byte H 1-byte
I 1-byte J 2-byte
K Version number L Security mode
M Reserved N Message ID
O PDU length P Destination ID
Q Sender ID R Operation type
S Device compliance identifier T Device compliance testing message
U Signature length V Signature value/HMAC
W Message header X Message PDU
Y Message tail
Figure 4 -- Device compliance testing message format definition
Where.
• The operation type sends a message for the security tunnel, the identifier
is 0xA3.
• The management application identifier of the device compliance testing is
0xC4.
• This clause regulates the device compliance testing message PDU behind
the management application identifier 0xC4.
• The 0x93 command is used to send data between the management
application layer and the management agent, and the 0x94 command is
used to receive data.
• Management application layer to send standard data (such as symmetric
algorithm ID, algorithm length, plaintext, key, ciphertext) to the
management agent, management agent receives 0x93 data packets,
parses the standard data in accordance with the defined message format,
calculates the corresponding returned value in accordance with the relevant
algorithm, seals it using the message format as defined by the application
layer and sends it to the application layer. The application layer verifies the
returned data with the standard data.
6.2.3 Algorithm validation verification
6.2.3.1 Sending data
6.2.3.1.1 Message format
The format of the sending data message defines the message format of the
cryptography device algorithm validity verification instruction, as shown in Table
3.
Table 7 -- Asymmetric algorithm encryption, public key and plaintext
1-byte 32-byte 1-byte 4-byte 4-byte 4-byte 4-byte 4-byte
Packet
type
0x93
Request
device
ID
Data
direction
0x00
Scheme
number
Scheme
length
Algorithm
identifier
Public
key
length
Public
key
value
Ciphertext
length Ciphertext
0x01000000 RSA
0x01010000 SM2
Where.
• Type 0x93 is the identifier of the sent data;
• The request device ID is the device uniqueness identifier obtained from
the device management platform layer when requesting the device to
register;
• The data direction 0x00 indicates that the management application layer
sends data to the management agent;
• The scheme number identifies two asymmetric algorithms for encryption;
• The scheme length indicates the number of bytes of the following
scheme content. The scheme content includes the algorithm identifier,
public key length, public key value, plaintext length, and plaintext
content;
• The cryptographic algorithm identifier follows GM/T 0006-2012;
• The public key length indicates the number of bytes of public key values;
• The public key is the standard data of the publ...
GM/T 0053-2016
GM
CRYPTOGRAPHY INDUSTRY STANDARD
OF THE PEOPLE’S REPUBLIC OF CHINA
ICS 35.040
L 80
File No.. 58558-2017
Cryptography device management –
Data interface specification of
remote monitoring and compliance testing
ISSUED ON. DECEMBER 23, 2016
IMPLEMENTED ON. DECEMBER 23, 2016
Issued by. State Cryptography Administration
Table of Contents
Foreword ... 3
Introduction .. 4
1 Scope .. 5
2 Normative references ... 5
3 Terms and definitions ... 5
4 Abbreviations .. 7
5 Cryptography device management application system ... 7
5.1 Architecture ... 7
5.2 Basic requirements for cryptography device ... 8
5.3 Basic requirements for management agents .. 9
5.4 Basic requirements for security tunnels ... 9
6 Interface data for remote monitoring and compliance testing of cryptography
device ... 9
6.1 Cryptography device remote monitoring ... 10
6.1.1 Remote monitoring message format ... 10
6.1.2 Message format of request monitoring information ... 11
6.1.3 Message format of returned monitoring information .. 11
6.2 Device compliance testing .. 13
6.2.1 Overview of device compliance testing .. 13
6.2.2 Device compliance testing message format ... 13
6.2.3 Algorithm validation verification ... 14
6.2.4 Device self-test ... 36
Foreword
This Standard was drafted in accordance with the rules given in GB/T 1.1-2009.
GM/T 0053 Cryptography device management - Remote monitoring and
compliance verification interface data specification is one of the cryptography
device management standards. This type of standard consists of a basic
specification and a series of management application specifications and
currently includes.
- Basic specifications. GM/T 0050 Cryptography device management -
Device management technical specifications;
- Management application specification. GM/T 0051 Cryptography device
management - Specifications of symmetric key management technology;
- Management application specification. GM/T 0052 Cryptography device
management - VPN device monitoring management specification;
- Management application specification. GM/T 0053 Cryptography device
management - Remote monitoring and compliance verification interface
data specification.
Any contents of this standard related to the contents of cryptographic algorithms
are implemented in accordance with relevant national laws and regulations.
This Standard was proposed by and shall be under the jurisdiction of
Cryptography Industry Standardization Technical Committee.
Main drafting organizations of this Standard. Shanghai Information Security
Engineering Technology Research Center, Shanghai Xinhao Information
Technology Co., Ltd., Weishitong Information Industry Co., Ltd., Shanghai
Jiaotong University School of Information Security, Shanghai Pengyue
Jinghong Information Technology Development Co., Ltd., Shanghai
Tianrongxin Network Security Technology Co., Ltd., Shanghai Huatang
Network Co., Ltd.
Main drafters of this Standard. Wang Hao, Yuan Feng, Li Gaojian, Tian Li,
Huang Zhirong, Liao Ye, Zou Ru, Pan Shuyuan, Yao Le, Lu Mingzhong, Wang
Hegang, Wang Shanyi, Zhang Yuanchen, Zhou Zhihong, Li Junshan, Pan Limin.
Cryptography device management –
Data interface specification of
remote monitoring and compliance testing
1 Scope
This standard specifies interface data of such management applications as
remote monitoring and compliance testing of the cryptography device, defines
the message transmission format between management applications and
cryptography devices.
This standard applies to the development and application of management
agents in cryptography devices, it can also guide the detection of such
cryptography device-managed agents.
2 Normative references
The following documents are essential to the application of this document. For
the dated documents, only the versions with the dates indicated are applicable
to this document; for the undated documents, only the latest version (including
all the amendments) are applicable to this standard.
GM/T 0006-2012 Cryptography application identity specification
GM/T 0050 Cryptography device management - Device management
technical specifications
3 Terms and definitions
The terms and definitions of GM/T 0050-2016 and the following terms and
definitions apply to this document.
3.1
Cryptography device
Cryptography devices that can accept device management operations, such
as network cryptography machines, application cryptography
machines/cards, excluding component-level devices such as smart
cryptography terminals and cryptography chips.
3.6
Cryptography device management platform
A management system that establishes remote security tunnels with the be-
managed objects for management applications.
[GM/T 0050-2016, Definition 3.9]
3.7
Key desynchronization
It refers to the case of failing to make correct encryption and decryption for
the communication message due to communication message
incom...
Delivery: 9 seconds. Download (& Email) true-PDF + Invoice.
Get Quotation: Click GM/T 0053-2016 (Self-service in 1-minute)
Historical versions (Master-website): GM/T 0053-2016
Preview True-PDF (Reload/Scroll-down if blank)
GM/T 0053-2016
GM
CRYPTOGRAPHY INDUSTRY STANDARD
OF THE PEOPLE’S REPUBLIC OF CHINA
ICS 35.040
L 80
File No.. 58558-2017
Cryptography device management –
Data interface specification of
remote monitoring and compliance testing
ISSUED ON. DECEMBER 23, 2016
IMPLEMENTED ON. DECEMBER 23, 2016
Issued by. State Cryptography Administration
Table of Contents
Foreword ... 3
Introduction .. 4
1 Scope .. 5
2 Normative references ... 5
3 Terms and definitions ... 5
4 Abbreviations .. 7
5 Cryptography device management application system ... 7
5.1 Architecture ... 7
5.2 Basic requirements for cryptography device ... 8
5.3 Basic requirements for management agents .. 9
5.4 Basic requirements for security tunnels ... 9
6 Interface data for remote monitoring and compliance testing of cryptography
device ... 9
6.1 Cryptography device remote monitoring ... 10
6.1.1 Remote monitoring message format ... 10
6.1.2 Message format of request monitoring information ... 11
6.1.3 Message format of returned monitoring information .. 11
6.2 Device compliance testing .. 13
6.2.1 Overview of device compliance testing .. 13
6.2.2 Device compliance testing message format ... 13
6.2.3 Algorithm validation verification ... 14
6.2.4 Device self-test ... 36
Foreword
This Standard was drafted in accordance with the rules given in GB/T 1.1-2009.
GM/T 0053 Cryptography device management - Remote monitoring and
compliance verification interface data specification is one of the cryptography
device management standards. This type of standard consists of a basic
specification and a series of management application specifications and
currently includes.
- Basic specifications. GM/T 0050 Cryptography device management -
Device management technical specifications;
- Management application specification. GM/T 0051 Cryptography device
management - Specifications of symmetric key management technology;
- Management application specification. GM/T 0052 Cryptography device
management - VPN device monitoring management specification;
- Management application specification. GM/T 0053 Cryptography device
management - Remote monitoring and compliance verification interface
data specification.
Any contents of this standard related to the contents of cryptographic algorithms
are implemented in accordance with relevant national laws and regulations.
This Standard was proposed by and shall be under the jurisdiction of
Cryptography Industry Standardization Technical Committee.
Main drafting organizations of this Standard. Shanghai Information Security
Engineering Technology Research Center, Shanghai Xinhao Information
Technology Co., Ltd., Weishitong Information Industry Co., Ltd., Shanghai
Jiaotong University School of Information Security, Shanghai Pengyue
Jinghong Information Technology Development Co., Ltd., Shanghai
Tianrongxin Network Security Technology Co., Ltd., Shanghai Huatang
Network Co., Ltd.
Main drafters of this Standard. Wang Hao, Yuan Feng, Li Gaojian, Tian Li,
Huang Zhirong, Liao Ye, Zou Ru, Pan Shuyuan, Yao Le, Lu Mingzhong, Wang
Hegang, Wang Shanyi, Zhang Yuanchen, Zhou Zhihong, Li Junshan, Pan Limin.
Cryptography device management –
Data interface specification of
remote monitoring and compliance testing
1 Scope
This standard specifies interface data of such management applications as
remote monitoring and compliance testing of the cryptography device, defines
the message transmission format between management applications and
cryptography devices.
This standard applies to the development and application of management
agents in cryptography devices, it can also guide the detection of such
cryptography device-managed agents.
2 Normative references
The following documents are essential to the application of this document. For
the dated documents, only the versions with the dates indicated are applicable
to this document; for the undated documents, only the latest version (including
all the amendments) are applicable to this standard.
GM/T 0006-2012 Cryptography application identity specification
GM/T 0050 Cryptography device management - Device management
technical specifications
3 Terms and definitions
The terms and definitions of GM/T 0050-2016 and the following terms and
definitions apply to this document.
3.1
Cryptography device
Cryptography devices that can accept device management operations, such
as network cryptography machines, application cryptography
machines/cards, excluding component-level devices such as smart
cryptography terminals and cryptography chips.
3.6
Cryptography device management platform
A management system that establishes remote security tunnels with the be-
managed objects for management applications.
[GM/T 0050-2016, Definition 3.9]
3.7
Key desynchronization
It refers to the case of failing to make correct encryption and decryption for
the communication message due to communication message
incompleteness and key inconsistency between the both parties for the
encrypted communication. Generally, it requires the cryptography device to
obtain the key from the key management center or the both parties of mutual
communication re-negotiate the key.
3.8
Tunnel connectivity
Communication and connection between cryptography devices and other
devices that need to be interconnected.
4 Abbreviations
The following abbreviations apply to this document.
PDU. Package Data Unit
VID. Device be-managed attribute identifier (Value ID)
5 Cryptography device management application
system
5.1 Architecture
For the cryptography device management architecture, please refer to clause
5.3 of GM/T 0050-2016, and the structure diagram is shown in Figure 1 (The
solid line refers to the physical connection and the dotted line refers to the
logical connection). The management system is divided into three layers in
accordance with functions. management application layer, management
G 32-byte H 1-byte
I 1-byte J 2-byte
K Version number L Security mode
M Reserved N Message ID
O PDU length P Destination ID
Q Sender ID R Operation type
S Device compliance identifier T Device compliance testing message
U Signature length V Signature value/HMAC
W Message header X Message PDU
Y Message tail
Figure 4 -- Device compliance testing message format definition
Where.
• The operation type sends a message for the security tunnel, the identifier
is 0xA3.
• The management application identifier of the device compliance testing is
0xC4.
• This clause regulates the device compliance testing message PDU behind
the management application identifier 0xC4.
• The 0x93 command is used to send data between the management
application layer and the management agent, and the 0x94 command is
used to receive data.
• Management application layer to send standard data (such as symmetric
algorithm ID, algorithm length, plaintext, key, ciphertext) to the
management agent, management agent receives 0x93 data packets,
parses the standard data in accordance with the defined message format,
calculates the corresponding returned value in accordance with the relevant
algorithm, seals it using the message format as defined by the application
layer and sends it to the application layer. The application layer verifies the
returned data with the standard data.
6.2.3 Algorithm validation verification
6.2.3.1 Sending data
6.2.3.1.1 Message format
The format of the sending data message defines the message format of the
cryptography device algorithm validity verification instruction, as shown in Table
3.
Table 7 -- Asymmetric algorithm encryption, public key and plaintext
1-byte 32-byte 1-byte 4-byte 4-byte 4-byte 4-byte 4-byte
Packet
type
0x93
Request
device
ID
Data
direction
0x00
Scheme
number
Scheme
length
Algorithm
identifier
Public
key
length
Public
key
value
Ciphertext
length Ciphertext
0x01000000 RSA
0x01010000 SM2
Where.
• Type 0x93 is the identifier of the sent data;
• The request device ID is the device uniqueness identifier obtained from
the device management platform layer when requesting the device to
register;
• The data direction 0x00 indicates that the management application layer
sends data to the management agent;
• The scheme number identifies two asymmetric algorithms for encryption;
• The scheme length indicates the number of bytes of the following
scheme content. The scheme content includes the algorithm identifier,
public key length, public key value, plaintext length, and plaintext
content;
• The cryptographic algorithm identifier follows GM/T 0006-2012;
• The public key length indicates the number of bytes of public key values;
• The public key is the standard data of the publ...
GM/T 0053-2016
GM
CRYPTOGRAPHY INDUSTRY STANDARD
OF THE PEOPLE’S REPUBLIC OF CHINA
ICS 35.040
L 80
File No.. 58558-2017
Cryptography device management –
Data interface specification of
remote monitoring and compliance testing
ISSUED ON. DECEMBER 23, 2016
IMPLEMENTED ON. DECEMBER 23, 2016
Issued by. State Cryptography Administration
Table of Contents
Foreword ... 3
Introduction .. 4
1 Scope .. 5
2 Normative references ... 5
3 Terms and definitions ... 5
4 Abbreviations .. 7
5 Cryptography device management application system ... 7
5.1 Architecture ... 7
5.2 Basic requirements for cryptography device ... 8
5.3 Basic requirements for management agents .. 9
5.4 Basic requirements for security tunnels ... 9
6 Interface data for remote monitoring and compliance testing of cryptography
device ... 9
6.1 Cryptography device remote monitoring ... 10
6.1.1 Remote monitoring message format ... 10
6.1.2 Message format of request monitoring information ... 11
6.1.3 Message format of returned monitoring information .. 11
6.2 Device compliance testing .. 13
6.2.1 Overview of device compliance testing .. 13
6.2.2 Device compliance testing message format ... 13
6.2.3 Algorithm validation verification ... 14
6.2.4 Device self-test ... 36
Foreword
This Standard was drafted in accordance with the rules given in GB/T 1.1-2009.
GM/T 0053 Cryptography device management - Remote monitoring and
compliance verification interface data specification is one of the cryptography
device management standards. This type of standard consists of a basic
specification and a series of management application specifications and
currently includes.
- Basic specifications. GM/T 0050 Cryptography device management -
Device management technical specifications;
- Management application specification. GM/T 0051 Cryptography device
management - Specifications of symmetric key management technology;
- Management application specification. GM/T 0052 Cryptography device
management - VPN device monitoring management specification;
- Management application specification. GM/T 0053 Cryptography device
management - Remote monitoring and compliance verification interface
data specification.
Any contents of this standard related to the contents of cryptographic algorithms
are implemented in accordance with relevant national laws and regulations.
This Standard was proposed by and shall be under the jurisdiction of
Cryptography Industry Standardization Technical Committee.
Main drafting organizations of this Standard. Shanghai Information Security
Engineering Technology Research Center, Shanghai Xinhao Information
Technology Co., Ltd., Weishitong Information Industry Co., Ltd., Shanghai
Jiaotong University School of Information Security, Shanghai Pengyue
Jinghong Information Technology Development Co., Ltd., Shanghai
Tianrongxin Network Security Technology Co., Ltd., Shanghai Huatang
Network Co., Ltd.
Main drafters of this Standard. Wang Hao, Yuan Feng, Li Gaojian, Tian Li,
Huang Zhirong, Liao Ye, Zou Ru, Pan Shuyuan, Yao Le, Lu Mingzhong, Wang
Hegang, Wang Shanyi, Zhang Yuanchen, Zhou Zhihong, Li Junshan, Pan Limin.
Cryptography device management –
Data interface specification of
remote monitoring and compliance testing
1 Scope
This standard specifies interface data of such management applications as
remote monitoring and compliance testing of the cryptography device, defines
the message transmission format between management applications and
cryptography devices.
This standard applies to the development and application of management
agents in cryptography devices, it can also guide the detection of such
cryptography device-managed agents.
2 Normative references
The following documents are essential to the application of this document. For
the dated documents, only the versions with the dates indicated are applicable
to this document; for the undated documents, only the latest version (including
all the amendments) are applicable to this standard.
GM/T 0006-2012 Cryptography application identity specification
GM/T 0050 Cryptography device management - Device management
technical specifications
3 Terms and definitions
The terms and definitions of GM/T 0050-2016 and the following terms and
definitions apply to this document.
3.1
Cryptography device
Cryptography devices that can accept device management operations, such
as network cryptography machines, application cryptography
machines/cards, excluding component-level devices such as smart
cryptography terminals and cryptography chips.
3.6
Cryptography device management platform
A management system that establishes remote security tunnels with the be-
managed objects for management applications.
[GM/T 0050-2016, Definition 3.9]
3.7
Key desynchronization
It refers to the case of failing to make correct encryption and decryption for
the communication message due to communication message
incom...
Share
