1 Scope
This part specifies the test contents and judgment criteria of trusted service manager (hereinafter referred to as the "TSM system") for mobile payment, including the test requirements, test items and judgment criteria for four test items (function, performance, security and document review) of trusted service manager.
This part is applicable to guiding the test organization to formulate test schemes about the conformance to the technical standards and the security of trusted service manager for mobile payment as well as to carry out tests and judge the conformance of test results.
2 Normative References
The following referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.
GB/T 22239 Information Security Technology - Baseline for Classified Protection of Information System Security
JR/T 0025.7 China Financial Integrated Circuit (IC) Card Specifications - Part 7: Debit/Credit Application Security Specification
3 General Provisions
3.1 Test aims
The aims of the test are to test the four test items (function, performance, security and documents) of trusted service manager on the basis of definite system version, to objectively and fairly assess whether the system meets the requirements for conformance to the technical standards and security of trusted service manager as stated by the People's Bank of China, and to ensure the secure and stable operation of mobile payment business facilities in China.
3.2 Start criteria
a) The tested version of business system submitted by the organization is consistent with the production version;
b) The organization has finished the internal test of business system;
c) The relevant documents such as system requirement instructions, system design instructions, user's manual and installation manual have been well prepared;
d) The test environment has been well prepared, specifically including:
1) The test environment is consistent or basically consistent with the production environment; thereinto the tests of network security, host security, data security and operation and maintenance security shall be carried out in production environment as much as possible;
2) For the tested version of business system as well as other relevant peripheral systems and equipment, their deployment has been completed and their configuration is correct;
3) The basic data used for function and performance tests have been well prepared;
4) The machines used for the test are properly put in place, and the system and software installation has been completed;
5) The network configuration of test environment is correct, the connection is smooth, and the test environment can meet the test requirements.
3.3 Relevant requirements of test
a) See Annex A for the relevant test operation specifications;
b) See Annex B for the relevant test judgment criteria.
Foreword II
Introduction IV
1 Scope
2 Normative References
3 General Provisions
4 Lists of Test Items
5 Test Contents
Annex A (Normative) Operation Specifications
Annex B (Normative) Judgment Criteria
