Standard No.:	GM/T 0104-2021
English Name:	Specifications of cloud host cryptographic server
Chinese Name:	云服务器密码机技术规范
Chinese Classification:	L80    Data encryption
Professional Classification:	GM
Source Content Issued by:	Office of Security Commercial Code Administration
Issued on:	2021-10-18
Implemented on:	2022-5-1
Status:	valid
Target Language:	English
File Format:	PDF
Word Count:	15500 words
Translation Price(USD):	465.0
Delivery:	via email in 1 business day

GM/T 0104-2021 Specifications of cloud host cryptographic server 1 Scope This document defines the terms related to cloud host cryptographic server and specifies the general structure, functional requirements, hardware requirements, software requirements, security requirements, test requirements and other related contents of cloud host cryptographic server. This document is applicable to the development and use of cloud host cryptographic server, and can also be used to guide the test of cloud host cryptographic server. 2 Normative references The following documents contain provisions which, through reference in this text, constitute provisions of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies. GB/T 9813.3-2017 General specification for computer - Part 3: Server GB/T 31168-2014 Information security technology - Security capability requirements of cloud computing services GB/T 32915-2016 Information security technology - Randomness test methods for binary sequence GB/T 35293-2017 Information technology - Cloud computing - General technical requirements of virtual machine management GB/T 36322-2018 Information security technology - Cryptographic device application interface specifications GB/T 37092-2018 Information security technology - Security requirements for cryptographic modules GB/T 36968-2018 Information security technology - IPSec VPN technical specification GB/T 38636-2020 Information security technology - Transport layer cryptography protocol (TLCP) GB/T 38625-2020 Information security technology - Security test requirements for cryptographic modules GM/T 0030-2014 Cryptographic server technical specification GM/T 0062-2018 Random number test requirements for cryptographic modules GM/T 0088-2020 Cloud cryptographic server management interface specification GM/Z 4001 Cryptology terminology 3 Terms and definitions For the purposes of this document, the terms and definitions given in GM/Z 4001 and the following apply. 3.1 cloud computing mode of accessing an extensible and flexible physical or virtual resource pool through the network, and obtaining and managing resources on demand 3.2 cloud-hosted hardware security module(CHSM)/cloud host cryptographic server cryptographic server that uses virtualization technology to provide cryptographic services to the application systems of multiple tenants in the form of a network in the cloud computing environment 3.3 host physical equipment that provides operational environment and hardware resources for virtual security module. Multiple virtual security modules in the same host share cryptographic operation resources and key storage resources in the host 3.4 single root I/O virtualization; SRIOV specification that enables single PCIE physical device under a single port to appear as multiple separate virtual PCIE equipment (VF) to the administrative procedure or guest operating system. 3.5 private key access password password used to verify private key usage permission 3.6 virtual security module; VSM password service instance created using virtualization technology on a cloud host cryptographic server that provides similar physical security module services 3.7 VSM data image including the configuration, keys and sensitive information related to users in the virtual security module. The security of VSM data image is protected by encryption and signature mechanism It is used for the virtual security module drift process.

GM/T 0104-2021 Specifications of cloud host cryptographic server Foreword i 1 Scope 2 Normative references 3 Terms and definitions 4 Abbreviations 5 Functional requirements 5.1 Equipment form 5.2 Equipment management 5.3 Cryptographic operation 5.4 Log audit 5.5 Equipment self-test 5.6 Use of equipment 5.7 Virtualization 6 Security requirements 6.1 Key management 6.2 Access control and identity authentication 6.3 Random number generation and inspection 6.4 Hardware security 6.5 Software security 6.6 Virtual machine security 6.7 Security isolation 6.8 Secure drift 6.9 Equipment state 7 Hardware requirements 7.1 External interfaces 7.2 Random number generator 7.3 Environmental adaptability 7.4 Reliability 8 Software requirements 8.1 Basic requirements 8.2 Management tools 9 Interface specification 9.1 Service interface 9.2 Management interface 10 Test requirements 10.1 Test description 10.2 Appearance and structure inspection 10.3 Inspection of submitted documents 10.4 Functional tests 10.5 Performance test 10.6 Environmental adaptability test 11 Qualification judgment Annex A (Informative) Message syntax of CHSM Web service interface