Detail of JR/T 0068-2012

Introduction of JR/T 0068-2012

1 Scope This specification gives the description of Internet banking system, security specification, security management specification and business operation security specification. It is applicable to regulating the building, operation and assessment for Internet banking systems. 2 Normative references The following referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies. GB/T 25069 Information security technology—Glossary 3 Terms and definitions For the purposes of this document, the terms and definitions established in GB/T 25069 and the following apply. 3.1 Internet banking enabling customers of a commercial bank or other financial institutions to conduct online financial transactions through Internet, mobile communication network and other open public network or private network infrastructure 3.2 Internet Internet or other similar form of general-purpose public computer communication network 3.3 sensitive information mainly referring to information such as passwords, keys and sensitive transaction data that affect the security of Internet banking. Passwords include but are not limited to transfer passwords, inquiry passwords, login passwords, PIN of certificates, etc. Keys include but are not limited to those used to ensure communication security, message integrity, etc. Sensitive transaction data include but are not limited to complete track information, validity period, CVN, CVN2, certificate number, etc. 3.4 client program program that enables Internet banking customers to conduct human-machine interaction, and component that provides necessary functions, including but not limited to executables, controls, static link libraries and dynamic link libraries, excluding IE and other Generic Browsers 3.5 USB Key hardware equipment with a USB interface. It has built-in single-chip or smart card chip, which has a certain storage space to store the user's private key and digital certificate. 3.6 USB Key firmware built-in program code in USB Key that affects the security of USB Key 3.7 mobile terminal specifically referring to mobile equipment such as mobile phones and tablet computers, different from the traditional PC mode, that access Internet banking through communication networks 3.8 strong encryption general term used to describe an encryption algorithm that is considered highly resistant to cryptanalysis. The robustness of encryption depends on the cryptographic key used. The effective length of the key shall not be less than the minimum key length required for comparable strength recommendations

Contents of JR/T 0068-2012

Foreword i Introduction ii 1 Scope 2 Normative references 3 Terms and definitions 4 Symbols and abbreviations 5 General 6 Security specification Annex A (Informative) Reference map for basic network protection architecture Annex B (Informative) Reference map for enhanced network protection architecture Annex C (Normative) Physical security Bibliography