GM/T 0021-2012 PDF in English
GM/T 0021-2012 (GM/T0021-2012, GMT 0021-2012, GMT0021-2012)
Standard ID | Contents [version] | USD | STEP2 | [PDF] delivered in | Name of Chinese Standard | Status |
GM/T 0021-2012 | English | 350 |
Add to Cart
|
0-9 seconds. Auto-delivery.
|
One time password application of cryptography algorithm
| Valid |
GM/T 0021-2023 | English | 579 |
Add to Cart
|
5 days
|
(Dynamic password password application technical specifications)
| Valid |
Newer version: GM/T 0021-2023 Standards related to: GM/T 0021-2023
PDF Preview
GM/T 0021-2012: PDF in English (GMT 0021-2012) GM/T 0021-2012
GM
CRYPTOGRAPHY INDUSTRY STANDARD
OF THE PEOPLE’S REPUBLIC OF CHINA
ICS 35.040
L 80
File No.. 38319-2013
One time password application
of cryptography algorithm
ISSUED ON. NOVEMBER 22, 2012
IMPLEMENTED ON. NOVEMBER 22, 2012
Issued by. State Cryptography Administration
Table of Contents
Foreword ... 4
1 Scope .. 5
2 Normative references ... 5
3 Terms and definitions ... 6
4 Symbols ... 9
5 One time password systems .. 10
5.1 Overview .. 10
5.2 General framework ... 10
5.3 Sketch of basic authentication principle ... 12
6 Generation mode of one time password .. 13
6.1 Overview .. 13
6.2 Instructions for algorithm use .. 14
6.3 Truncation algorithm .. 15
7 Characteristics of one time password token .. 16
7.1 Requirements for password token hardware.. 16
7.2 Password token security characteristics .. 18
8 Authentication system ... 19
8.1 System description ... 19
8.2 Services of authentication system ... 22
8.3 Management functions of authentication system ... 25
8.4 Security requirements .. 26
9 Key management system ... 27
9.1 Overview .. 27
9.2 System architecture .. 28
9.3 Function requirements ... 30
9.4 System security design ... 32
9.5 Instructions for interfaces of hardware encryption device .. 40
Appendix A (Informative) Implementation use cases of one time password
generation algorithm based on C language .. 42
A.1 Use case of one time password generation algorithm based on SM3 ... 42
A.2 Use case of one time password generation algorithm based on SM4 ... 47
Appendix B (Informative) Input and output use cases of one time password
generation algorithm calculation .. 54
B.1 Input and output use cases of one time password generation algorithm based
on SM3 .. 54
B.2 Input and output use cases of one time password generation algorithm based
on SM4 .. 54
Appendix C (Informative) Operation parameters and data description use cases
... 56
Appendix D (Informative) Interfaces of authentication system ... 57
D.1 Format of service message ... 57
D.2 Service identifiers .. 59
D.3 Data identifiers ... 60
D.4 Return codes ... 60
D.5 Application interfaces ... 62
One time password application
of cryptography algorithm
1 Scope
This Standard specifies related contents of one time password systems,
generation mode of one time password, characteristics of one time password
token, authentication system, key management system, etc.
This Standard is applicable to the development and production of one time
password-related products; and it can also be used to guide the detection of
related products.
2 Normative references
The following documents are essential to the application of this document. For
the dated references, only the versions with the dates indicated are applicable
to this document. For the undated references, the latest version (including all
the amendments) are applicable to this document.
GB/T 2423.1-2008 Environmental testing - Part 2. Test methods - Tests A.
Cold
GB/T 2423.2-2008 Environmental testing - Part 2. Test methods - Tests B.
Dry heat
GB/T 2423.8-1995 Environmental testing for electric and electronic products
- Part 2. Test methods - Test Ed. Free fall
GB/T 2423.9-2001 Environmental testing for electric and electronic products
- Part 2. Test methods - Test Cb. Damp heat, steady state, primarily for
equipment
GB/T 2423.10-2008 Environmental testing for electric and electronic
products - Part 2. Tests methods - Test Fc. Vibration (sinusoidal)
GB/T 2423.21-1991 Basic environmental testing procedures for electric and
electronic products - Test M. Low air pressure
GB/T 2423.22-2002 Environmental testing for electric and electronic
products - Part 2. Test methods - Test N. Change of temperature
GB/T 2423.53-2005 Environmental testing for electric and electronic
products - Part 2. Test methods - Test Xb. Abrasion of markings and letterings
caused by rubbing of fingers and hands
GB/T 4208-2008 Degrees of protection provided by enclosure (IP code)
GB/T 17626.2-2006 Electromagnetic compatibility (EMC) - Testing and
measurement techniques - Electrostatic discharge immunity test
GB/T 18336.1-2008 Information technology - Security techniques -
Evaluation criteria for IT security - Part 1. Introduction and general model
GB/T 18336.2-2008 Information technology - Security techniques -
Evaluation criteria for IT security - Part 2. Security functional requirements
GB/T 18336.3-2008 Information Technology - Security Techniques -
Evaluation criteria for IT security - Part 3. Security assurance requirements
GB/T 21079.1-2007 Banking - Secure cryptographic devices (retail) - Part 1.
Concepts requirements and evaluation methods
GM/T 0002-2012 SM4 Block Cipher Algorithm
GM/T 0004-2012 SM3 Password Hashing Algorithm
GM/T 0005-2012 Randomness Test Specification
3 Terms and definitions
The following terms and definitions are applicable to this document.
3.1 Dynamic password token; one time password token
The carrier which generates and displays one time password.
3.2 Dynamic password; one time password
The one time password generated by the seed key and other data through a
particular algorithm.
3.3 Static password
The password set by the user which will not change unless the user actively
modifies it.
3.4 Challenge code
3.14 Automatically unlock
After the password token is locked, over a certain period of time, the system
will unlock the password token.
3.15 Key management
According to security policy, for key generation, registration, authentication,
write-off, distribution, installation, storage, archiving, revocation, derivation,
destruction, and other operations, DEVELOP and IMPLEMENT a set of
established rules.
3.16 Hardware encryption device
A hardware carrier for key management, encryption and decryption operations,
and other functions.
3.17 Key
The key information or parameter which controls the operation of cryptographic
transformation.
3.18 Service list
The statistical statement provided by the system on the corresponding states
and results of password token and system in different time periods.
3.19 Interface
The part where two different systems (or subroutines) intersect, and through
which they interact with each other.
3.20 Large window
The window which is used to synchronize the time of password token with the
system time. The size of the window shall not exceed ±10.
3.21 Middle window
The window which is used to synchronize the time of password token with the
system time. The size of the window shall not exceed ±5.
3.22 Small window
The window which is used to synchronize the time of password token with the
system time. The size of the window shall not exceed ±2.
3.23 Encryption key for seed key
F() - Algorithmic function
OD - Output result
Truncate() - Truncation function
N - The number of bits of the password displayed by password token or other
terminals
Km - Main key
Kt - Transmission key
Kp - Main key for manufacturer production
Ks - Encryption key for seed key
Λ - Power operator, namely, 2Λn stands for n-power of 2
% - Complementation operation, namely, 5% 3 =2
< < - Symbol of ring shift left
| - The connector which splices two sets of data according to left and right orders
⊞ - Arithmetic plus symbol, not-carry
5 One time password systems
5.1 Overview
One time password systems include the system of one time password token
and authentication of one time password token, which can provide
authentication services of one time password for application system. The
systems of authentication of one time password token consist of authentication
system and key management system.
5.2 General framework
One time password token is responsible for generating one time password; the
authentication system is responsible for verifying the correctness of the one
time password; the key management system is responsible for the key
management of the one time password token; the application system is
responsible for, according to the specified protocol, sending the one time
password (message) to the authentication system for authentication. The
architecture of one time password systems is shown in Figure 1.
the next parameter. If ID is made up of T and Q, then the data assembly method
is T|Q. If ID is made up of C and Q, then the data assembly method is C|Q. If
the data which make up ID are less than 128 bits, then the data terminal of ID
is filled with 0 to 128 bits.
K is a seed key with no less than 128 bits in length, is only held by authentication
parties. F() is an algorithmic function, that is, SM4 or SM3, SEE GM/T 0002-
2012 and GM/T 0004-2012.
S is the output result of the algorithmic function. The length of output result of
SM4 algorithm i...
...... Source: Above contents are excerpted from the PDF -- translated/reviewed by: www.chinesestandard.net / Wayne Zheng et al.
|