GB/T 21079.1-2007
Banking- Secure cryptographic devices (retail) Part 1: Concepts, requirements and evaluation methods

2012-02
Standard No.
GB/T 21079.1-2007
Language
Chinese
Release Date
2007
Published By
General Administration of Quality Supervision, Inspection and Quarantine of the People‘s Republic of China
Replace By
GB/T 21079.1-2011
Lastest
GB/T 21079.1-2022
Scope
This part of GB/T 21079 specifies the requirements for secure encryption devices (hereinafter referred to as SCD), which include the cryptographic procedures defined in ISO 9564, ISO 9807:1991 and ISO 11568. This standard has the following two main purposes: a) to specify the operational characteristics of SCD and the requirements for the management of the entire life cycle of SCD; b) to standardize the method of checking the conformity of these requirements. Cryptographic devices should have suitable characteristics to ensure proper operability and provide adequate protection for internal data. Proper device management is necessary to ensure the legitimacy of devices, i.e. devices cannot be altered by unauthorized methods (such as installing "listening devices", etc.), and sensitive data in devices cannot be leaked or tampered with. Absolute security is practically unattainable. Cryptographic security relies on a secure cryptographic device life cycle at every stage, and an effective combination of both proper device management procedures and secure cryptographic features. The hypervisor can take precautions to reduce the possibility of a device security breach. These safeguards are designed to increase the likelihood of uncovering unauthorized access to sensitive or classified data when the device itself cannot prevent or detect security attacks. Appendix A provides a description of the security levels described in this section when applied to secure encryption devices. This section does not address issues raised by SCD denial of service. The requirements for the characteristics and management of specific types of SCDs used in retail banking are described in ISO 11568-2.

GB/T 21079.1-2007 history

  • 2022 GB/T 21079.1-2022 Financial services—Secure cryptographic devices(retail)—Part 1:Concepts, requirements and evaluation methods
  • 2011 GB/T 21079.1-2011 Banking.Secure cryptographic devices (retail).Part 1: Concepts, requirements and evaluation methods
  • 2007 GB/T 21079.1-2007 Banking- Secure cryptographic devices (retail) Part 1: Concepts, requirements and evaluation methods

GB/T 21079.1-2007 -All Parts

GB/T 21079.1-2022 Financial services—Secure cryptographic devices(retail)—Part 1:Concepts, requirements and evaluation methods GB/T 21079.2-2022 Financial services—Secure cryptographic devices (retail) —Part 2:Security comliance checklists for devices used in financial transactions


Copyright ©2007-2023 ANTPEDIA, All Rights Reserved