HOME   Cart(0)   Quotation   About-Us Tax PDFs Standard-List Powered by Google www.ChineseStandard.net Database: 189760 (14 Sep 2024)

GM/T 0021-2012 PDF in English


GM/T 0021-2012 (GM/T0021-2012, GMT 0021-2012, GMT0021-2012)
Standard IDContents [version]USDSTEP2[PDF] delivered inName of Chinese StandardStatus
GM/T 0021-2012English350 Add to Cart 0-9 seconds. Auto-delivery. One time password application of cryptography algorithm Valid
GM/T 0021-2023English579 Add to Cart 5 days (Dynamic password password application technical specifications) Valid
Newer version: GM/T 0021-2023    Standards related to: GM/T 0021-2023
PDF Preview

GM/T 0021-2012: PDF in English (GMT 0021-2012)

GM/T 0021-2012 GM CRYPTOGRAPHY INDUSTRY STANDARD OF THE PEOPLE’S REPUBLIC OF CHINA ICS 35.040 L 80 File No.. 38319-2013 One time password application of cryptography algorithm ISSUED ON. NOVEMBER 22, 2012 IMPLEMENTED ON. NOVEMBER 22, 2012 Issued by. State Cryptography Administration Table of Contents Foreword ... 4  1 Scope .. 5  2 Normative references ... 5  3 Terms and definitions ... 6  4 Symbols ... 9  5 One time password systems .. 10  5.1 Overview .. 10  5.2 General framework ... 10  5.3 Sketch of basic authentication principle ... 12  6 Generation mode of one time password .. 13  6.1 Overview .. 13  6.2 Instructions for algorithm use .. 14  6.3 Truncation algorithm .. 15  7 Characteristics of one time password token .. 16  7.1 Requirements for password token hardware.. 16  7.2 Password token security characteristics .. 18  8 Authentication system ... 19  8.1 System description ... 19  8.2 Services of authentication system ... 22  8.3 Management functions of authentication system ... 25  8.4 Security requirements .. 26  9 Key management system ... 27  9.1 Overview .. 27  9.2 System architecture .. 28  9.3 Function requirements ... 30  9.4 System security design ... 32  9.5 Instructions for interfaces of hardware encryption device .. 40  Appendix A (Informative) Implementation use cases of one time password generation algorithm based on C language .. 42  A.1 Use case of one time password generation algorithm based on SM3 ... 42  A.2 Use case of one time password generation algorithm based on SM4 ... 47  Appendix B (Informative) Input and output use cases of one time password generation algorithm calculation .. 54  B.1 Input and output use cases of one time password generation algorithm based on SM3 .. 54  B.2 Input and output use cases of one time password generation algorithm based on SM4 .. 54  Appendix C (Informative) Operation parameters and data description use cases ... 56  Appendix D (Informative) Interfaces of authentication system ... 57  D.1 Format of service message ... 57  D.2 Service identifiers .. 59  D.3 Data identifiers ... 60  D.4 Return codes ... 60  D.5 Application interfaces ... 62  One time password application of cryptography algorithm 1 Scope This Standard specifies related contents of one time password systems, generation mode of one time password, characteristics of one time password token, authentication system, key management system, etc. This Standard is applicable to the development and production of one time password-related products; and it can also be used to guide the detection of related products. 2 Normative references The following documents are essential to the application of this document. For the dated references, only the versions with the dates indicated are applicable to this document. For the undated references, the latest version (including all the amendments) are applicable to this document. GB/T 2423.1-2008 Environmental testing - Part 2. Test methods - Tests A. Cold GB/T 2423.2-2008 Environmental testing - Part 2. Test methods - Tests B. Dry heat GB/T 2423.8-1995 Environmental testing for electric and electronic products - Part 2. Test methods - Test Ed. Free fall GB/T 2423.9-2001 Environmental testing for electric and electronic products - Part 2. Test methods - Test Cb. Damp heat, steady state, primarily for equipment GB/T 2423.10-2008 Environmental testing for electric and electronic products - Part 2. Tests methods - Test Fc. Vibration (sinusoidal) GB/T 2423.21-1991 Basic environmental testing procedures for electric and electronic products - Test M. Low air pressure GB/T 2423.22-2002 Environmental testing for electric and electronic products - Part 2. Test methods - Test N. Change of temperature GB/T 2423.53-2005 Environmental testing for electric and electronic products - Part 2. Test methods - Test Xb. Abrasion of markings and letterings caused by rubbing of fingers and hands GB/T 4208-2008 Degrees of protection provided by enclosure (IP code) GB/T 17626.2-2006 Electromagnetic compatibility (EMC) - Testing and measurement techniques - Electrostatic discharge immunity test GB/T 18336.1-2008 Information technology - Security techniques - Evaluation criteria for IT security - Part 1. Introduction and general model GB/T 18336.2-2008 Information technology - Security techniques - Evaluation criteria for IT security - Part 2. Security functional requirements GB/T 18336.3-2008 Information Technology - Security Techniques - Evaluation criteria for IT security - Part 3. Security assurance requirements GB/T 21079.1-2007 Banking - Secure cryptographic devices (retail) - Part 1. Concepts requirements and evaluation methods GM/T 0002-2012 SM4 Block Cipher Algorithm GM/T 0004-2012 SM3 Password Hashing Algorithm GM/T 0005-2012 Randomness Test Specification 3 Terms and definitions The following terms and definitions are applicable to this document. 3.1 Dynamic password token; one time password token The carrier which generates and displays one time password. 3.2 Dynamic password; one time password The one time password generated by the seed key and other data through a particular algorithm. 3.3 Static password The password set by the user which will not change unless the user actively modifies it. 3.4 Challenge code 3.14 Automatically unlock After the password token is locked, over a certain period of time, the system will unlock the password token. 3.15 Key management According to security policy, for key generation, registration, authentication, write-off, distribution, installation, storage, archiving, revocation, derivation, destruction, and other operations, DEVELOP and IMPLEMENT a set of established rules. 3.16 Hardware encryption device A hardware carrier for key management, encryption and decryption operations, and other functions. 3.17 Key The key information or parameter which controls the operation of cryptographic transformation. 3.18 Service list The statistical statement provided by the system on the corresponding states and results of password token and system in different time periods. 3.19 Interface The part where two different systems (or subroutines) intersect, and through which they interact with each other. 3.20 Large window The window which is used to synchronize the time of password token with the system time. The size of the window shall not exceed ±10. 3.21 Middle window The window which is used to synchronize the time of password token with the system time. The size of the window shall not exceed ±5. 3.22 Small window The window which is used to synchronize the time of password token with the system time. The size of the window shall not exceed ±2. 3.23 Encryption key for seed key F() - Algorithmic function OD - Output result Truncate() - Truncation function N - The number of bits of the password displayed by password token or other terminals Km - Main key Kt - Transmission key Kp - Main key for manufacturer production Ks - Encryption key for seed key Λ - Power operator, namely, 2Λn stands for n-power of 2 % - Complementation operation, namely, 5% 3 =2 < < - Symbol of ring shift left | - The connector which splices two sets of data according to left and right orders ⊞ - Arithmetic plus symbol, not-carry 5 One time password systems 5.1 Overview One time password systems include the system of one time password token and authentication of one time password token, which can provide authentication services of one time password for application system. The systems of authentication of one time password token consist of authentication system and key management system. 5.2 General framework One time password token is responsible for generating one time password; the authentication system is responsible for verifying the correctness of the one time password; the key management system is responsible for the key management of the one time password token; the application system is responsible for, according to the specified protocol, sending the one time password (message) to the authentication system for authentication. The architecture of one time password systems is shown in Figure 1. the next parameter. If ID is made up of T and Q, then the data assembly method is T|Q. If ID is made up of C and Q, then the data assembly method is C|Q. If the data which make up ID are less than 128 bits, then the data terminal of ID is filled with 0 to 128 bits. K is a seed key with no less than 128 bits in length, is only held by authentication parties. F() is an algorithmic function, that is, SM4 or SM3, SEE GM/T 0002- 2012 and GM/T 0004-2012. S is the output result of the algorithmic function. The length of output result of SM4 algorithm i... ......
 
Source: Above contents are excerpted from the PDF -- translated/reviewed by: www.chinesestandard.net / Wayne Zheng et al.