HOME   Cart(0)   Quotation   About-Us Tax PDFs Standard-List Powered by Google www.ChineseStandard.net Database: 189759 (12 Jan 2025)

GM/T 0035.5-2014 PDF English


Search result: GM/T 0035.5-2014_English: PDF (GM/T0035.5-2014)
Standard IDContents [version]USDSTEP2[PDF] delivered inName of Chinese StandardStatus
GM/T 0035.5-2014English150 Add to Cart 0-9 seconds. Auto-delivery. Specifications of cryptographic application for RFID systems. Part 5: Specification for key management Valid
BUY with any currencies (Euro, JPY, GBP, KRW etc.): GM/T 0035.5-2014     Related standards: GM/T 0035.5-2014

PDF Preview: GM/T 0035.5-2014


GM/T 0035.5-2014: PDF in English (GMT 0035.5-2014)

GM/T 0035.5-2014 GM CRYPTOGRAPHY INDUSTRY STANDARD OF THE PEOPLE’S REPUBLIC OF CHINA ICS 35.040 L 80 Record No.. 44640-2014 Specifications of Cryptographic Application for RFID Systems – Part 5. Specification for Key Management ISSUED ON. FEBRUARY 13, 2014 IMPLEMENTED ON. FEBRUARY 13, 2014 Issued by. State Cryptography Administration Table of Contents Foreword ... 3 1 Scope .. 4 2 Normative References ... 4 3 Terms and Definitions ... 4 4 Symbols and Abbreviation .. 4 5 Key Mechanism ... 5 5.1 Symmetric key mechanism .. 5 5.2 Asymmetric key mechanism ... 6 6 Symmetric Key Management Module .. 6 7 General Requirements for Symmetric Key Management ... 8 8 Use Requirements for Symmetric Key ... 8 8.1 ID authentication ... 8 8.2 Access control ... 9 8.3 Confidentiality .. 9 8.4 Integrity ... 9 Appendix A (Informative) Key Management Example of RFID System ... 10 Foreword GM/T 0035 Specifications of Cryptographic Application for RFID Systems can be divided into 5 parts. --- Part 1. Cryptographic Protection Framework and Security Levels; --- Part 2. Specification of Cryptographic Application for RFID tag chip; --- Part 3. Specification of Cryptographic Application for RFID Reader; --- Part 4. Specification of Cryptographic Application for Communication between RFID Tag and Reader; --- Part 5. Specification for Key Management. This Part belongs to Part 5 of GM/T 0035. This Part shall be drafted as per the rules of GB/T 1.1-2009. This Part was proposed and under the jurisdiction of Cryptographic Industry Standardization Technical Committee. Drafting organizations of this Part. Xingtang Communication Technology Co., Ltd., Shanghai Hsic Application System Co., Ltd., Beijing Zhongdian Huada Electronic Design Co., Ltd., Shanghai Fudan Microelectronics Group Co., Ltd., Beijing Tongfang Micro-Electronics Co., Ltd., Fudan University, Aisino Co., Ltd., Shanghai Huahong Integrated Circuit Co., Ltd., and Beijing Huada Zhibao Electronic System Co., Ltd. Chief drafting staffs of this Part. Wang Junfeng, Dong Haoran, Chen Yue, Gu Zhen, Zhou Jiansuo, Liu Lina, Yu Jun, Wu Xingjun, Wang Yunsong, Xu Shumin, Xie Wenlu, Liang Shaofeng, Wang Junyu, Liu Xun, and Wang Huibo. Specifications of Cryptographic Application for RFID Systems – Part 5. Specification for Key Management 1 Scope This Part of GM/T 0035 specifies RFID tag, RFID reader, their communication related key management requirements when RFID system adopts cryptographic mechanism. This Part is applicable to the design, realization and application for the key management of RFID system. 2 Normative References The following documents are essential to the application of this document. For the dated documents, only the versions with the dates indicated are applicable to this document; for the undated documents, only the latest version (including all the amendments) are applicable to this document. GM/T 0035.1-2014 Specifications of Cryptographic Application for RFID Systems. Part 1. Cryptographic Protection Framework and Security Levels 3 Terms and Definitions The terms and definitions stipulated in GM/T 0035.1-2014 are applicable to this document. 4 Symbols and Abbreviation The symbols and abbreviation stipulated in GM/T 0035.1-2014 are applicable to this document. Figure 2 -- Symmetric Key Management Module of RFID System In the Figure 2, key generation system finishes key generation and dispersion in the RFID system; key distribution system finishes distribution and entry of key in RFID tag and reader; key shall be used in the secure cryptographic device, which includes secure access module in RFID reader and RFID tag. 7 General Requirements for Symmetric Key Management The system shall take necessary security protection measures; so that meet the requirements for protecting the key security. The symmetric key stored in the RFID tag shall not be read. The symmetric key stored in the RFID reader shall be stored in the secure access module and shall not be read. The following contents in the key management such as key generation, storage, dispersion, distribution, entry, backup, restoring, verification, use, update, filing, cancellation and destruction, etc. shall meet the relevant requirements for the competent department of national cryptographic management. 8 Use Requirements for Symmetric Key 8.1 ID authentication 8.1.1 UID authentication The RFID tag shall store the check code jointly established by UID of RFID tag and relevant application information; while the RFID reader shall store the key for generating such check code. 8.1.2 Challenge response authentication The key used for the challenge response authentication must have the uniqueness. The key used for the challenge response authentication and stored in RFID tag shall be generated through the dispersion of derivation key and UID of RFID tag. The RFID reader shall store the derivation key used for challenge response authentication; can dispersedly generate the key consistent with the key used for the challenge response authentication through reading the UID of the RFID tag; it is stored Appendix A (Informative) Key Management Example of RFID System This Appendix describes a key management example, which is applicable to the RFID system with security level of Level-3. A.1 Application requirements of system The key management requirements of this application are based on the following basic conditions. a) The system involves several RFID tag issuers (referring to the originators of the RFID tag information); each issuer has a unique code to distinguish (manufacturer ID); b) When leaving the factory, each RFID tag has a UID (chip UID); c) Perform secure access control to the two information memory areas (distinguished by tag information area 1 and tag information 2) in the RFID tag; each information memory area shall have independent access control permission; distinguish the writing from reading; d) The RFID tag has the special key memory area, which shall be written into once rather than being rewritten; e) The data stored in the information memory area of the RFID tag shall use special key to encrypt; f) The algorithm in the reader has. 1) The symmetric cryptographic algorithm SM7 is used for information encryption of two-way ID authentication with RFID tag, access control and transmission process; 2) The symmetric cryptographic algorithm SM1/SM4 is used for information storage encryption and key dispersion; 3) The asymmetric cryptographic algorithm SM2 is used for generating the digital signature of information, verifying the signature; 4) The cryptographic hash function SM3 is used for generating information summary. SKi) of the RFID reader itself. Such key pairs are generated in the RFID reader; the generated private key is securely stored in the RFID reader; the public key is uploaded to the cryptographic device of the key management center; the public key certificate is obtained by signifying the derivation private key; then enter into the RFID reader; namely, the form storage of the public key certificate (PubCerti) of the RFID reader. A.2.2 Key dispersion Adopt the key dispersion method to generate the whole keys entered into the RFID tag and partial key (with the writing permission) entered into the RFID reader. Since KW1 and KW2 respectively have writing permissions against RFID tag information area 1 and information area 2; the use of the writing permission is only limited to each tag’s issuer; thus, the two keys must be dispersed in two stages. The first-stage dispersion is performed in the key management center; use the manufacturer ID to disperse the derivation key; the dispersed key shall be distributed to each RFID tag’s issuer. The second-stage dispersion is performed when each tag’s issuer writes the key into RFID tag; use the chip UID to re-disperse the key after first-stage dispersion and generate the personalized key of the RFID tag; write it into the key area of the RFID tag. Since the user can read the RFID tag information issued by any tag’s issuer; thus, for KR1, KR2 and KD, they can use chip UID to disperse the derivation key once. Adopt SM1/SM4 cryptographic algorithm to perform key dispersion. Once dispersion method is as follows. KW1’ = Enc (manufacturer ID, KW1); KW2’ = Enc (manufacturer ID, KW2); KR1’ = Enc (tag UID, KR1); KR2’ = Enc (tag UID, KR2); KD’ = Enc (tag UID, KD). The KW1’ and KW2’ needs to perform the second dispersion, the method of which is as follows. KW1’’ = Enc (tag UID, KW1’); KW2’’ = Enc (tag UID, KW2’). Thereof, take manufacturer ID or chip UID for distinguishing the UID of manufacturer or chip as the dispersion factor; the l... ......
 
Source: Above contents are excerpted from the PDF -- translated/reviewed by: www.chinesestandard.net / Wayne Zheng et al.