Skip to product information
1 of 12

PayPal, credit cards. Download editable-PDF and invoice in 1 second!

GM/T 0053-2016 English PDF (GMT0053-2016)

GM/T 0053-2016 English PDF (GMT0053-2016)

Regular price $145.00 USD
Regular price Sale price $145.00 USD
Sale Sold out
Shipping calculated at checkout.
Quotation: In 1-minute, 24-hr self-service. Click here GM/T 0053-2016 to get it for Purchase Approval, Bank TT...

GM/T 0053-2016: Cryptography device management - Data interface specification of remote monitoring and compliance testing

This standard specifies interface data of such management applications as remote monitoring and compliance testing of the cryptography device, defines the message transmission format between management applications and cryptography devices. This standard applies to the development and application of management agents in cryptography devices, it can also guide the detection of such cryptography device-managed agents.
GM/T 0053-2016
GM
CRYPTOGRAPHY INDUSTRY STANDARD
OF THE PEOPLE REPUBLIC OF CHINA
ICS 35.040
L 80
File No.. 58558-2017
Cryptography device management ?€?
Data interface specification of
remote monitoring and compliance testing
ISSUED ON. DECEMBER 23, 2016
IMPLEMENTED ON. DECEMBER 23, 2016
Issued by. State Cryptography Administration
Table of Contents
Foreword ... 3
Introduction .. 4
1 Scope .. 5
2 Normative references ... 5
3 Terms and definitions ... 5
4 Abbreviations .. 7
5 Cryptography device management application system ... 7
5.1 Architecture ... 7
5.2 Basic requirements for cryptography device ... 8
5.3 Basic requirements for management agents .. 9
5.4 Basic requirements for security tunnels ... 9
6 Interface data for remote monitoring and compliance testing of cryptography device ... 9
6.1 Cryptography device remote monitoring ... 10
6.1.1 Remote monitoring message format ... 10
6.1.2 Message format of request monitoring information ... 11
6.1.3 Message format of returned monitoring information .. 11
6.2 Device compliance testing .. 13
6.2.1 Overview of device compliance testing .. 13
6.2.2 Device compliance testing message format ... 13
6.2.3 Algorithm validation verification ... 14
6.2.4 Device self-test ... 36
Foreword
This Standard was drafted in accordance with the rules given in GB/T 1.1-2009. GM/T 0053 Cryptography device management - Remote monitoring and
compliance verification interface data specification is one of the cryptography device management standards. This type of standard consists of a basic
specification and a series of management application specifications and currently includes.
- Basic specifications. GM/T 0050 Cryptography device management -
Device management technical specifications;
- Management application specification. GM/T 0051 Cryptography device
management - Specifications of symmetric key management technology;
- Management application specification. GM/T 0052 Cryptography device
management - VPN device monitoring management specification;
- Management application specification. GM/T 0053 Cryptography device
management - Remote monitoring and compliance verification interface
data specification.
Any contents of this standard related to the contents of cryptographic algorithms are implemented in accordance with relevant national laws and regulations. This Standard was proposed by and shall be under the jurisdiction of
Cryptography Industry Standardization Technical Committee.
Main drafting organizations of this Standard. Shanghai Information Security Engineering Technology Research Center, Shanghai Xinhao Information
Technology Co., Ltd., Weishitong Information Industry Co., Ltd., Shanghai Jiaotong University School of Information Security, Shanghai Pengyue
Jinghong Information Technology Development Co., Ltd., Shanghai
Tianrongxin Network Security Technology Co., Ltd., Shanghai Huatang
Network Co., Ltd.
Main drafters of this Standard. Wang Hao, Yuan Feng, Li Gaojian, Tian Li, Huang Zhirong, Liao Ye, Zou Ru, Pan Shuyuan, Yao Le, Lu Mingzhong, Wang Hegang, Wang Shanyi, Zhang Yuanchen, Zhou Zhihong, Li Junshan, Pan Limin. Cryptography device management ?€?
Data interface specification of
remote monitoring and compliance testing
1 Scope
This standard specifies interface data of such management applications as remote monitoring and compliance testing of the cryptography device, defines the message transmission format between management applications and
cryptography devices.
This standard applies to the development and application of management
agents in cryptography devices, it can also guide the detection of such cryptography device-managed agents.
2 Normative references
The following documents are essential to the application of this document. For the dated documents, only the versions with the dates indicated are applicable to this document; for the undated documents, only the latest version (including all the amendments) are applicable to this standard.
GM/T 0006-2012 Cryptography application identity specification
GM/T 0050 Cryptography device management - Device management
technical specifications
3 Terms and definitions
The terms and definitions of GM/T 0050-2016 and the following terms and definitions apply to this document.
3.1
Cryptography device
Cryptography devices that can accept device management operations, such as network cryptography machines, application cryptography
machines/cards, excluding component-level devices such as smart
cryptography terminals and cryptography chips.
3.6
Cryptography device management platform
A management system that establishes remote security tunnels with the be- managed objects for management applications.
[GM/T 0050-2016, Definition 3.9]
3.7
Key desynchronization
It refers to the case of failing to make correct encryption and decryption for the communication message due to communication message
incompleteness and key inconsistency between the both parties for the
encrypted communication. Generally, it requires the cryptography device to obtain the key from the key management center or the both parties of mutual communication re-negotiate the key.
3.8
Tunnel connectivity
Communication and connection between cryptography devices and other
devices that need to be interconnected.
4 Abbreviations
The following abbreviations apply to this document.
PDU. Package Data Unit
VID. Device be-managed attribute identifier (Value ID)
5 Cryptography device management application
system
5.1 Architecture
For the cryptography device management architecture, please refer to clause 5.3 of GM/T 0050-2016, and the structure diagram is shown in Figure 1 (The solid line refers to the physical connection and the dotted line refers to the logical connection). The management system is divided into three layers in accordance with functions. management application layer, management
G 32-byte H 1-byte
I 1-byte J 2-byte
K Version number L Security mode
M Reserved N Message ID
O PDU length P Destination ID
Q Sender ID R Operation type
S Device compliance identifier T Device compliance testing message
U Signature length V Signature value/HMAC
W Message header X Message PDU
Y Message tail
Figure 4 -- Device compliance testing message format definition
Where.
?€? The operation type sends a message for the security tunnel, the identifier is 0xA3.
?€? The management application identifier of the device compliance testing is 0xC4.
?€? This clause regulates the device compliance testing message PDU behind the management application identifier 0xC4.
?€? The 0x93 command is used to send data between the management
application layer and the management agent, and the 0x94 command is
used to receive data.
?€? Management application layer to send standard data (such as symmetric algorithm ID, algorithm length, plaintext, key, ciphertext) to the
management agent, management agent receives 0x93 data packets,
parses the standard data in accordance with the defined message format, calculates the corresponding returned value in accordance with the relevant algorithm, seals it using the message format as defined by the application layer and sends it to the application layer. The application layer verifies the returned data with the standard data.
6.2.3 Algorithm validation verification
6.2.3.1 Sending data
6.2.3.1.1 Message format
The format of the sending data message defines the message format of the cryptography device algorithm validity verification instruction, as shown in Table 3.
Table 7 -- Asymmetric algorithm encryption, public key and plaintext
1-byte 32-byte 1-byte 4-byte 4-byte 4-byte 4-byte 4-byte
Packet
type
0x93
Request
device
ID
Data
direction
0x00
Scheme
number
Scheme
length
Algorithm
identifier
Public
key
length
Public
key
value
Ciphertext
length Ciphertext
0x01000000 RSA
0x01010000 SM2
Where.
?€? Type 0x93 is the identifier of the sent data;
?€? The request device ID is the device uniqueness identifier obtained from the device management platform layer when requesting the device to
register;
?€? The data direction 0x00 indicates that the management application layer sends data to the management agent;
?€? The scheme number identifies two asymmetric algorithms for encryption; ?€? The scheme length indicates the number of bytes of the following
scheme content. The scheme content includes the algorithm identifier,
public key length, public key value, plaintext length, and plaintext
content;
?€? The cryptographic algorithm identifier follows GM/T 0006-2012;
?€? The public key length indicates the number of bytes of public key values; ?€? The public key is the standard data of the publ...

View full details