中文 English
GB/T 21079.1-2011 Replaced National standards

GB/T 21079.1-2011 Banking—Secure cryptographic devices (retail)—Part 1:Concepts,requirements and evaluation methods

GB/T 21079.1-2011 Banking—Secure cryptographic devices (retail)—Part 1:Concepts,requirements and evaluation methods

Publish Date: 2011-12-30 Implement Date: 2012-02-01 For services related to genuine standard inquiry, procurement, translation, and other related services in China, please Contact Us

Basic Information

Standard Code: GB/T 21079.1-2011
Standard Type: National standards
Standard Status: Replaced
is_force_gb: no
CCS Name: Finance, insurance
ICS Name: The application of information technology in banks
Publish Date: 2011-12-30
Implement Date: 2012-02-01
Pages: 28 pages

Scope

This part of GB/T 21079 is based on the cryptographic methods defined in ISO 9564, ISO 16609, and ISO 11568, and specifies the requirements for secure cryptographic devices (hereinafter referred to as SCDs).
This part has the following two main purposes:
a) To specify the operational requirements of SCDs and their management requirements throughout their lifecycle;
b) To standardize the methods for checking compliance with the above-mentioned requirements.
SCDs should have appropriate device characteristics and undergo proper device management. The former ensures the operational performance of SCDs and provides sufficient protection for their internal data; the latter ensures the legitimacy of SCDs, meaning that SCDs will not be modified in an unauthorized manner (such as by installing "listening devices", etc.) and that any sensitive data (such as encryption keys) in them will not be leaked or tampered with.
Absolute security is actually unattainable. The security of SCDs relies on the organic combination of appropriate management and secure cryptographic features at every stage of their lifecycle. Management procedures can reduce the likelihood of SCD security breaches through preventive measures, with the aim of increasing the possibility of detecting illegal access to sensitive or confidential data when the device's own characteristics cannot prevent or detect security attacks.
Appendix A describes the concepts applicable to SCD security levels mentioned in this part in the form of informative information.
This part does not address issues caused by SCD denial of service, nor does it address the specific requirements of different SCDs in terms of device characteristics and management in financial retail businesses. For these parts, please refer to ISO 13491-2.
This part applies to the safe management of secure cryptographic devices in financial retail businesses.

Development Information

Word Count: 53 Thousand words Pages: 28 pages

Replace the following standards

GB/T 21079.1-2007 Banking—Secure cryptographic devices(retail)—Part 1:Concepts,requirements and evaluation methods

Superseded by the following standards

GB/T 21079.1-2022 Financial services—Secure cryptographic devices(retail)—Part 1:Concepts,requirements and evaluation methods

Referenced Standards

ISO 11568-1 ISO 11568-2:2005 ISO 11568-4 ISO 13491-2

Adopt standards

ISO 13491-1:2007

Related Standards

GB/T 14504-1993 Abolished

GB/T 14504-1993 Bank cards

Publish Date: 1993-07-05
GB/T 15733-1995 Active

GB/T 15733-1995 The basic terminology of financial computerization

Publish Date: 1995-11-03
GB/T 15935-1995 Replaced

GB/T 15935-1995 Magnetic stripes on savingsbooks

Publish Date: 1995-12-21
GB/T 15948.1-1995 Replaced

GB/T 15948.1-1995 Bank telecommunication—Funds transfer message—Part 1:Vocabulary and data elements

Publish Date: 1995-12-21
GB/T 18789-2002 Replaced

GB/T 18789-2002 General specification for automated teller machine (ATM)

Publish Date: 2002-07-18
GB/T 18240.1-2003 Active

GB/T 18240.1-2003 Fiscal cash register Part 1:Specification of device

Publish Date: 2003-06-25
Contact Us