HOME   Cart(0)   Quotation   About-Us Tax PDFs Standard-List Powered by Google www.ChineseStandard.net Database: 189759 (15 Sep 2024)

GM/T 0035.4-2014 PDF in English


GM/T 0035.4-2014 (GM/T0035.4-2014, GMT 0035.4-2014, GMT0035.4-2014)
Standard IDContents [version]USDSTEP2[PDF] delivered inName of Chinese StandardStatus
GM/T 0035.4-2014English150 Add to Cart 0-9 seconds. Auto-delivery. Specifications of cryptographic application for RFID systems. Part 4: Specification of cryptographic application for communication between RFID tag and reader Valid
Standards related to: GM/T 0035.4-2014
PDF Preview

GM/T 0035.4-2014: PDF in English (GMT 0035.4-2014)

GM/T 0035.4-2014 GM NATIONAL CRYPTOGRAPHY INDUSTRY STANDARD OF THE PEOPLE’S REPUBLIC OF CHINA ICS 35.040 L 80 Record No.. 44639-2014 Specifications of Cryptographic Application for RFID Systems – Part 4. Specification of Cryptographic Application for Communication between RFID Tag and Reader ISSUED ON. FEBRUARY 13, 2014 IMPLEMENTED ON. FEBRUARY 13, 2014 Issued by. State Cryptography Administration Table of Contents Foreword ... 3 1 Scope .. 4 2 Normative References ... 4 3 Terms and Definitions ... 4 4 Symbols and Abbreviation .. 4 5 Cryptographic Security Factor .. 5 5.1 Confidentiality of transmission information ... 5 5.2 Integrity of transmission information ... 5 5.3 ID authentication ... 5 6 Technical Requirements for Cryptographic Security ... 6 7 Realization Mode for Cryptographic Security of Communication ... 6 7.1 Confidentiality of transmission information ... 6 7.2 Integrity of transmission information ... 8 7.3 ID authentication ... 9 Appendix A (Informative) Two-Way ID Authentication and Stream Encryption Application by Using SM7 Symmetric Block Cryptographic Algorithm .. 14 Appendix B (Informative) Two-Way ID Authentication and Key Negotiation by Using Asymmetric Cryptographic Algorithm .. 16 Foreword GM/T 0035 Specifications of Cryptographic Application for RFID Systems can be divided into 5 parts. --- Part 1. Cryptographic Protection Framework and Security Levels; --- Part 2. Specification of Cryptographic Application for RFID tag chip; --- Part 3. Specification of Cryptographic Application for RFID Reader; --- Part 4. Specification of Cryptographic Application for Communication between RFID Tag and Reader; --- Part 5. Specification for Key Management. This Part belongs to Part 4 of GM/T 0035. This Part shall be drafted as per the rules of GB/T 1.1-2009. This Part was proposed and under the jurisdiction of Cryptographic Industry Standardization Technical Committee. Drafting organizations of this Part. Beijing Tongfang Micro-Electronics Co., Ltd., Xingtang Communication Technology Co., Ltd., Beijing Zhongdian Huada Electronic Design Co., Ltd., Shanghai Fudan Microelectronics Group Co., Ltd., Aisino Co., Ltd., Shanghai Hsic Application System Co., Ltd., Fudan University, Shanghai Huahong Integrated Circuit Co., Ltd., and Beijing Huada Zhibao Electronic System Co., Ltd. Chief drafting staffs of this Part. Wu Xingjun, Dong Haoran, Wang Junfeng, Zhou Jiansuo, Chen Yue, Yu Jun, Liang Shaofeng, Xie Wenlu, Wang Yunsong, Xu Shumin, Gu Zhen, Wang Junyu, Liu Xun, and Wang Huibo. Specifications of Cryptographic Application for RFID Systems – Part 4. Specification of Cryptographic Application for Communication between RFID Tag and Reader 1 Scope This Part of GM/T 0035 specifies the security requirements and realization modes for the ID authentication, confidentiality and integrity of transmission information between RFID tag and reader. This Part is applicable to the security design, realization and application for the communication between RFID tag and reader in the RFID system. 2 Normative References The following documents are essential to the application of this document. For the dated documents, only the versions with the dates indicated are applicable to this document; for the undated documents, only the latest version (including all the amendments) are applicable to this document. GM/T 0035.1-2014 Specifications of Cryptographic Application for RFID Systems. Part 1. Cryptographic Protection Framework and Security Levels GM/T 0035.5-2014 Specifications of Cryptographic Application for RFID Systems - Part 5. Specification for Key Management 3 Terms and Definitions The terms and definitions stipulated in GM/T 0035.1-2014 are applicable to this document. 4 Symbols and Abbreviation The symbols and abbreviation stipulated in GM/T 0035.1-2014 are applicable to this When adopting the stream encryption mode, the data sender and receiver have the common cipher stream generator; such cipher stream generator shall be initialized by the transmission encryption key KTR and the random number of RR and RT generated by both parties. When adopting OFB mode to generate the cipher stream, and the cipher stream shall be used in order without discarding. The sender uses cipher stream to perform linear operation against the plaintext data bit-by-bit (such as bit exclusive- or operation), then the ciphertext data for transmission is generated. After the receiver receives such ciphertext data, use the same linear operation bit-by-bit as the sender to restore the original plaintext data. 7.2 Integrity of transmission information 7.2.1 Use verification method for integrity of CBC-MAC During the communication process between RFID tag and reader, before sender sends the sensitive information, the RFID reader reads the UID of the RFID tag; use such UID to disperse the derivation key and obtain the personalized key K1 of RFID tag. During the communication process between the two parties, use the MAC mode to perform the verification of integrity; the specific process is as follows. a) The sender uses the personalized key K1 to compute the MAC value of the to-be- sent information M. MAC1 = MAC (M, K1); attaches the MAC1 after the information M; sends Token 1 = (M II MAC1) to the receiver. b) After receiver receives the Token 1, use the personalized key K1 to compute the MAC value of received information M. MAC2 = MAC (M, K1); compare the MAC1 with MAC2, it they are equal, then the integrity verification is passed. The computing process of MAC is as follows. a) The information M is divided into data blocks M1, M2, . Mj with length of n bits. If the length of Mj is insufficient, it shall be supplemented behind; the supplementing mode shall be specified by the specific application; If the length of Mj is just n bits; then supplement one data block behind it. b) Compute C1 = Enc (M1, K1). c) When j>1, compute ; thereof, i =2, 3, . j. d) MAC = Cj. 7.2.2 Use verification method for the integrity of HMAC During the communication process between RFID tag and reader, before sender sends the sensitive information, the RFID reader reads the UID of the RFID tag; use such UID to disperse the derivation key and obtain the personalized key K1 of RFID tag. RFID tag through comparing whether the MAC is consistent with MAC’. 7.3.2 One-way ID authentication 7.3.2.1 RFID tag’s challenge response authentication against RFID reader The RFID tag identifies the authenticity of RFID reader’s ID. Before authentication, the RFID reader reads the UID of RFID tag; use such UID (or other parameters with unique characteristic) to disperse the derivation key, obtain derived key K1 that is consistent with the personalized key stored in the RFID tag. The generation process of derived key shall refer to GM/T 0035.5-2014. The authentication process is as follows. a) The RFID reader sends the command of “ID authentication” to the RFID tag; one random number of RT is generated in the RFID tag; and send it to the RFID reader. The RFID tag use the Key K1 to encrypt the random number RT; and calculate the RT’ = Enc (RT, K1). b) The RFID reader sue the Key K1 to encrypt the random number RT; then calculate the RT’’ = Enc (RT, K1); send RT’’ to the RFID tag. c) Compare RT’ with RT’’ received by the RFID tag. If RT’ = RT’’, then the authentication against the RFID reader is passed. 7.3.2.2 RFID reader’s challenge response authentication against RFID tag The RFID reader identifies the authenticity of RFID tag’s ID. Before authentication, the RFID reader reads the UID of RFID tag; use such UID (or other parameters with the unique characteristic) to disperse the derivation key and obtain the derived key K1 that is consistent with the personalized key stored in the RFID tag. The generation process of derived key shall refer to GM/T 0035.5-2014. Authentication process is as follows. a) The RFID reader generates random number RR, sends it to the RIFD tag. The RFID reader uses Key K1 to encrypt the RR, calculate the RR’ = Enc (RR, K1). b) The RFID tag use Key K1 to encrypt the RR, calculate the RR’’ = Enc (RR, K1), send RR’’ to the RFID reader. c) The RFID reader compares RR’ with RR’’. If RR’’ = RR’, then the authentication against the RFID tag is passed. 7.3.3 Two-way ID authentication Appendix A (Informative) Two-Way ID Authentication and Stream Encryption Application by Using SM7 Symmetric Block Cryptographic Algorithm A.1 Overview This Appendix gives a two-way ID authentication mode by using SM7 symmetric block cryptographic algorithm, the initial vector generated in the two-way ID authentication process and used for the generation of stream encryp... ......
 
Source: Above contents are excerpted from the PDF -- translated/reviewed by: www.chinesestandard.net / Wayne Zheng et al.