JR/T 0285-2024
Mobile terminal financial security identity authentication specifications based on digital certificates (English Version)

Standard No.

JR/T 0285-2024

Language

Chinese, Available in English version

Release Date

2024

Published By

Professional Standard - Finance

Latest

JR/T 0285-2024

Introduction

Analysis of Standard Core Architecture

Security Capability Level	Operating Environment	Key Storage Location	Typical Application Scenarios
TEE+SE	REE+TEE+SE Three Environments Collaboration	SE Security Chip	Large Amount Transfer/Cross-border Payment
TEE	REE+TEE Dual Environment	TEE Security Zone	Daily Small Amount Payment

---

Key Technology Implementation Requirements

1. Trusted Execution Environment (TEE)

Must meet GB/T 41388-2022 specifications and have:

• Hardware-level isolation mechanism
• Secure boot verification chain
• Anti-physical detection design

2. Security Unit (SE)

Should comply with JR/T 0098 series testing requirements:

Mainstream solutions such as Huawei Kirin chips must pass:

1. Side channel attack protection test
2. Fault injection attack resistance verification
3. EAL4+ or above security certification

---

Implementation recommendations

Deployment path for financial institutions

Phase	Key tasks	Time nodes
1.Terminal adaptation	Connect with TEE interface of manufacturers such as Xiaomi/OPPO	Q1-Q2
2.CA system transformation	Support mobile certificate issuance/revocation	Q3
3.Risk control system upgrade	Establish transaction behavior analysis model	Q4

Terminal manufacturer compliance points

• Pre-set security domain creation interface
• Implement TUI mandatory display mechanism
• Local encrypted storage of biometric features

---

Analysis of Standard Evolution

Compared with the 2012 version of the mobile payment standard, the main breakthroughs are:

1. Introducing the TEE environment to replace the traditional USB shield
2. Supporting biometric-assisted authentication
3. Establishing a service lifecycle management system

JR/T 0285-2024 Referenced Document

• GB/T 32915-2016 Information security technology.Randomness test methods for binary sequence
• GM/T 0062-2018 Random number detection requirements for cryptographic products
• JR/T 0089.2-2012 China Financial Mobile Payment Security Unit Part 2: Multi-application Management Specifications
• JR/T 0098.2-2012 China financial mobile payment.Test specifications.Part 2: Security chip
• JR/T 0098.5-2012 China Financial Mobile Payment Testing Specifications Part 5: Security Element (SE) Embedded Software Security
• JR/T 0118-2015 Financial electronic certification specifications
• JR/T 0156-2017 Technical specifications for trusted environment for mobile terminal payment

JR/T 0285-2024 history

• 2024 JR/T 0285-2024 Mobile terminal financial security identity authentication specifications based on digital certificates

Topics on standards and specifications

Standard and Specification