1
/
of
8
PayPal, credit cards. Download editable-PDF and invoice in 1 second!
GM/T 0074-2019 English PDF (GMT0074-2019)
GM/T 0074-2019 English PDF (GMT0074-2019)
Regular price
$190.00 USD
Regular price
Sale price
$190.00 USD
Unit price
/
per
Shipping calculated at checkout.
Couldn't load pickup availability
Delivery: 3 seconds. Download true-PDF + Invoice.
Get QUOTATION in 1-minute: Click GM/T 0074-2019
Historical versions: GM/T 0074-2019
Preview True-PDF (Reload/Scroll if blank)
GM/T 0074-2019: Technical requirements on cryptographic application for internet banking
GM/T 0074-2019
CRYPTOGRAPHIC INDUSTRY STANDARD
OF THE PEOPLE’S REPUBLIC OF CHINA
ICS 35.040
L 80
Technical requirement on cryptographic application
for internet banking
ISSUED ON: JULY 12, 2019
IMPLEMENTED ON: JULY 12, 2019
Issued by: State Cryptography Administration
Table of Contents
Foreword ... 3
Introduction ... 4
1 Scope ... 5
2 Normative references ... 5
3 Terms and definitions ... 7
4 Abbreviations ... 8
5 Overview ... 8
6 Cryptographic application requirements of internet banking ... 9
6.1 Query business ... 9
6.2 Fund change business ... 9
6.3 Contract business ... 10
6.4 Other businesses ... 10
7 Technical requirements for cryptographic application of internet banking ... 11
7.1 Cryptographic function requirements ... 11
7.2 Key management requirements ... 13
7.3 Certificate management requirements ... 14
7.4 Channel security requirements ... 15
7.5 Cryptographic device requirements ... 15
7.6 Digital signature requirements ... 17
Appendix A (Informative) Example of level 3 internet banking system
construction of level protection ... 18
Technical requirement on cryptographic application
for internet banking
1 Scope
This standard specifies relevant requirements for the application of
cryptographic technology in internet banking, including six aspects:
cryptographic algorithms, key management, certificate management, secure
channels, cryptographic device, digital signatures.
This standard is applicable to guide the design, implementation and use of
cryptographic technology-related security functions in internet banking. The
testing and management of cryptographic sub-systems in internet banking
systems may refer to it.
Relevant parts of mobile banking systems can also refer to this standard.
2 Normative references
The following documents are essential to the application of this document. For
the dated documents, only the versions with the dates indicated are applicable
to this document; for the undated documents, only the latest version (including
all the amendments) are applicable to this standard.
GB/T 15843 (All parts) Information technology - Security techniques -
Entity authentication
GB/T 19713 Information technology - Security techniques - Public key
infrastructure - Online certificate status protocol
GB/T 20518 Information security technology - Public key infrastructure -
Digital certificate format
GB/T 28447 Information security technology - Specification on the
operation management of a certificate authority
GB/T 32905 Information security technology SM3 cryptographic hash
algorithm
GB/T 32907 Information security technology - SM4 block cipher algorithm
GB/T 32915 Information security technology - Binary sequence randomness
detection method
GB/T 32918 (all parts) Information security techniques - Elliptic Curve public
- key cryptography
GB/T 35275 Information security technology - SM2 cryptographic algorithm
encrypted signature message syntax specification
GB/T 35276 Information security technology - SM2 cryptography algorithm
usage specification
GM/T 0015 Digital certificate format based on SM2 algorithm
GM/T 0016 Smart token cryptography application interface specification
GM/T 0017 Smart token cryptography application interface data format
specification
GM/T 0018 Interface specifications of cryptography device application
GM/T 0019 Universal cryptography service interface specification
GM/T 0021 One time password application of cryptography algorithm
GM/T 0022 IPSec VPN specification
GM/T 0023 IPSec VPN gateway product specification
GM/T 0024 SSL VPN specification
GM/T 0025 SSL VPN gateway product specification
GM/T 0027 Technique requirements for smart token
GM/T 0028 Security requirements for cryptographic modules
GM/T 0029 Sign and verify server technical specification
GM/T 0030 Cryptographic server technical specification
GM/T 0033 Interface specifications of time stamp
GM/T 0034 Specifications of cryptograph and related security technology for
certification system based on SM2 cryptographic algorithm
GM/T 0037 Certificate authority system test specification
GM/T 0038 Key management of certificate authority system test
specification
3.5
Server
The provider of financial business services in the internet banking system.
4 Abbreviations
The following abbreviations apply to this document.
CSP: Cryptographic Service Provider
IPSEC: Internet Protocol Security
OTP: One Time Password
PKCS: Public Key Cryptography Standards
SSL: Secure Socket Layer
TLS: Transfer Layer Secure
VPN: Virtual Private Network
WTLS: Wireless Transport Layer Security
5 Overview
The cryptographic application technology system of Internet banking is a
security service system based on cryptographic technology. It uses
cryptographic technology to support features such as authenticity,
confidentiality, integrity, non-repudiation, to form a secure support for internet
banking systems and services, so as to protect its application security and
secure operation. Cryptographic devices based on cryptographic algorithms,
key management, digital certificates, secure channels, digital signatures and
other cryptographic technologies provide security guarantees for internet
banking systems, thus support the secure deployment of internet banking
business. The support of cryptographic application technology for internet
banking is as shown in Figure 1.
them, when using the cryptographic algorithm of GB/T 32918, it shall follow the
requirements of GB/T 35275 or GB/T 35276.
7.1.3 Data integrity requirements
The data exchanged between the customer and the internet banking system
shall be checked for integrity, to prevent third party modification. The data that
needs to be checked for integrity include, but are not limited to: the login data,
transaction application data, and contract data sent by the customer from the
local bank to the internet banking system; as well as the login results, query
results, transaction results, contract results as sent from the online banking
system to the client.
In order to ensure the integrity of the data, it shall be digitally signed, hashed,
or other similarly processed. According to the application scenario, use the
cryptographic algorithm of GB/T 32918, GB/T 32905, GB/T 32907, or as
approved by the national cryptographic authority. Among them, when using the
cryptographic algorithm of GB/T 32918, it shall follow the requirements of GB/T
35275 or GB/T 35276.
7.1.4 Non-repudiation requirements
The transactions and contracting activities performed by customers after
logging in to the internet banking system require that both the bank and the
customer cannot be denied: the customer cannot deny the finished transfer
records or contract records, etc.; the bank cannot deny the finished transfer,
contract, and other operations.
In order to ensure the non-repudiation of the actions of both parties, it shall
make digital signature of the action information. According to the application
scenario, use a cryptographic algorithm approved by GB/T 32918 or the
national cryptographic authority.
7.1.5 Verification audit requirements
Verification audit mainly includes two aspects: in-process verification audit and
post-process verification audit. In-process verification audit is to verify or audit
whether the client's identity and autho...
Get QUOTATION in 1-minute: Click GM/T 0074-2019
Historical versions: GM/T 0074-2019
Preview True-PDF (Reload/Scroll if blank)
GM/T 0074-2019: Technical requirements on cryptographic application for internet banking
GM/T 0074-2019
CRYPTOGRAPHIC INDUSTRY STANDARD
OF THE PEOPLE’S REPUBLIC OF CHINA
ICS 35.040
L 80
Technical requirement on cryptographic application
for internet banking
ISSUED ON: JULY 12, 2019
IMPLEMENTED ON: JULY 12, 2019
Issued by: State Cryptography Administration
Table of Contents
Foreword ... 3
Introduction ... 4
1 Scope ... 5
2 Normative references ... 5
3 Terms and definitions ... 7
4 Abbreviations ... 8
5 Overview ... 8
6 Cryptographic application requirements of internet banking ... 9
6.1 Query business ... 9
6.2 Fund change business ... 9
6.3 Contract business ... 10
6.4 Other businesses ... 10
7 Technical requirements for cryptographic application of internet banking ... 11
7.1 Cryptographic function requirements ... 11
7.2 Key management requirements ... 13
7.3 Certificate management requirements ... 14
7.4 Channel security requirements ... 15
7.5 Cryptographic device requirements ... 15
7.6 Digital signature requirements ... 17
Appendix A (Informative) Example of level 3 internet banking system
construction of level protection ... 18
Technical requirement on cryptographic application
for internet banking
1 Scope
This standard specifies relevant requirements for the application of
cryptographic technology in internet banking, including six aspects:
cryptographic algorithms, key management, certificate management, secure
channels, cryptographic device, digital signatures.
This standard is applicable to guide the design, implementation and use of
cryptographic technology-related security functions in internet banking. The
testing and management of cryptographic sub-systems in internet banking
systems may refer to it.
Relevant parts of mobile banking systems can also refer to this standard.
2 Normative references
The following documents are essential to the application of this document. For
the dated documents, only the versions with the dates indicated are applicable
to this document; for the undated documents, only the latest version (including
all the amendments) are applicable to this standard.
GB/T 15843 (All parts) Information technology - Security techniques -
Entity authentication
GB/T 19713 Information technology - Security techniques - Public key
infrastructure - Online certificate status protocol
GB/T 20518 Information security technology - Public key infrastructure -
Digital certificate format
GB/T 28447 Information security technology - Specification on the
operation management of a certificate authority
GB/T 32905 Information security technology SM3 cryptographic hash
algorithm
GB/T 32907 Information security technology - SM4 block cipher algorithm
GB/T 32915 Information security technology - Binary sequence randomness
detection method
GB/T 32918 (all parts) Information security techniques - Elliptic Curve public
- key cryptography
GB/T 35275 Information security technology - SM2 cryptographic algorithm
encrypted signature message syntax specification
GB/T 35276 Information security technology - SM2 cryptography algorithm
usage specification
GM/T 0015 Digital certificate format based on SM2 algorithm
GM/T 0016 Smart token cryptography application interface specification
GM/T 0017 Smart token cryptography application interface data format
specification
GM/T 0018 Interface specifications of cryptography device application
GM/T 0019 Universal cryptography service interface specification
GM/T 0021 One time password application of cryptography algorithm
GM/T 0022 IPSec VPN specification
GM/T 0023 IPSec VPN gateway product specification
GM/T 0024 SSL VPN specification
GM/T 0025 SSL VPN gateway product specification
GM/T 0027 Technique requirements for smart token
GM/T 0028 Security requirements for cryptographic modules
GM/T 0029 Sign and verify server technical specification
GM/T 0030 Cryptographic server technical specification
GM/T 0033 Interface specifications of time stamp
GM/T 0034 Specifications of cryptograph and related security technology for
certification system based on SM2 cryptographic algorithm
GM/T 0037 Certificate authority system test specification
GM/T 0038 Key management of certificate authority system test
specification
3.5
Server
The provider of financial business services in the internet banking system.
4 Abbreviations
The following abbreviations apply to this document.
CSP: Cryptographic Service Provider
IPSEC: Internet Protocol Security
OTP: One Time Password
PKCS: Public Key Cryptography Standards
SSL: Secure Socket Layer
TLS: Transfer Layer Secure
VPN: Virtual Private Network
WTLS: Wireless Transport Layer Security
5 Overview
The cryptographic application technology system of Internet banking is a
security service system based on cryptographic technology. It uses
cryptographic technology to support features such as authenticity,
confidentiality, integrity, non-repudiation, to form a secure support for internet
banking systems and services, so as to protect its application security and
secure operation. Cryptographic devices based on cryptographic algorithms,
key management, digital certificates, secure channels, digital signatures and
other cryptographic technologies provide security guarantees for internet
banking systems, thus support the secure deployment of internet banking
business. The support of cryptographic application technology for internet
banking is as shown in Figure 1.
them, when using the cryptographic algorithm of GB/T 32918, it shall follow the
requirements of GB/T 35275 or GB/T 35276.
7.1.3 Data integrity requirements
The data exchanged between the customer and the internet banking system
shall be checked for integrity, to prevent third party modification. The data that
needs to be checked for integrity include, but are not limited to: the login data,
transaction application data, and contract data sent by the customer from the
local bank to the internet banking system; as well as the login results, query
results, transaction results, contract results as sent from the online banking
system to the client.
In order to ensure the integrity of the data, it shall be digitally signed, hashed,
or other similarly processed. According to the application scenario, use the
cryptographic algorithm of GB/T 32918, GB/T 32905, GB/T 32907, or as
approved by the national cryptographic authority. Among them, when using the
cryptographic algorithm of GB/T 32918, it shall follow the requirements of GB/T
35275 or GB/T 35276.
7.1.4 Non-repudiation requirements
The transactions and contracting activities performed by customers after
logging in to the internet banking system require that both the bank and the
customer cannot be denied: the customer cannot deny the finished transfer
records or contract records, etc.; the bank cannot deny the finished transfer,
contract, and other operations.
In order to ensure the non-repudiation of the actions of both parties, it shall
make digital signature of the action information. According to the application
scenario, use a cryptographic algorithm approved by GB/T 32918 or the
national cryptographic authority.
7.1.5 Verification audit requirements
Verification audit mainly includes two aspects: in-process verification audit and
post-process verification audit. In-process verification audit is to verify or audit
whether the client's identity and autho...
Share
