1
/
of
12
PayPal, credit cards. Download editable-PDF and invoice in 1 second!
GM/T 0021-2012 English PDF (GMT0021-2012)
GM/T 0021-2012 English PDF (GMT0021-2012)
Regular price
$350.00 USD
Regular price
Sale price
$350.00 USD
Unit price
/
per
Shipping calculated at checkout.
Couldn't load pickup availability
Delivery: 3 seconds. Download true-PDF + Invoice.
Get QUOTATION in 1-minute: Click GM/T 0021-2012
Historical versions: GM/T 0021-2012
Preview True-PDF (Reload/Scroll if blank)
GM/T 0021-2012: One time password application of cryptography algorithm
GM/T 0021-2012
GM
CRYPTOGRAPHY INDUSTRY STANDARD
OF THE PEOPLE’S REPUBLIC OF CHINA
ICS 35.040
L 80
File No.. 38319-2013
One time password application
of cryptography algorithm
ISSUED ON. NOVEMBER 22, 2012
IMPLEMENTED ON. NOVEMBER 22, 2012
Issued by. State Cryptography Administration
Table of Contents
Foreword ... 4
1 Scope .. 5
2 Normative references ... 5
3 Terms and definitions ... 6
4 Symbols ... 9
5 One time password systems .. 10
5.1 Overview .. 10
5.2 General framework ... 10
5.3 Sketch of basic authentication principle ... 12
6 Generation mode of one time password .. 13
6.1 Overview .. 13
6.2 Instructions for algorithm use .. 14
6.3 Truncation algorithm .. 15
7 Characteristics of one time password token .. 16
7.1 Requirements for password token hardware.. 16
7.2 Password token security characteristics .. 18
8 Authentication system ... 19
8.1 System description ... 19
8.2 Services of authentication system ... 22
8.3 Management functions of authentication system ... 25
8.4 Security requirements .. 26
9 Key management system ... 27
9.1 Overview .. 27
9.2 System architecture .. 28
9.3 Function requirements ... 30
9.4 System security design ... 32
9.5 Instructions for interfaces of hardware encryption device .. 40
Appendix A (Informative) Implementation use cases of one time password
generation algorithm based on C language .. 42
A.1 Use case of one time password generation algorithm based on SM3 ... 42
A.2 Use case of one time password generation algorithm based on SM4 ... 47
Appendix B (Informative) Input and output use cases of one time password
generation algorithm calculation .. 54
B.1 Input and output use cases of one time password generation algorithm based
on SM3 .. 54
B.2 Input and output use cases of one time password generation algorithm based
on SM4 .. 54
Appendix C (Informative) Operation parameters and data description use cases
... 56
Appendix D (Informative) Interfaces of authentication system ... 57
D.1 Format of service message ... 57
D.2 Service identifiers .. 59
D.3 Data identifiers ... 60
D.4 Return codes ... 60
D.5 Application interfaces ... 62
One time password application
of cryptography algorithm
1 Scope
This Standard specifies related contents of one time password systems,
generation mode of one time password, characteristics of one time password
token, authentication system, key management system, etc.
This Standard is applicable to the development and production of one time
password-related products; and it can also be used to guide the detection of
related products.
2 Normative references
The following documents are essential to the application of this document. For
the dated references, only the versions with the dates indicated are applicable
to this document. For the undated references, the latest version (including all
the amendments) are applicable to this document.
GB/T 2423.1-2008 Environmental testing - Part 2. Test methods - Tests A.
Cold
GB/T 2423.2-2008 Environmental testing - Part 2. Test methods - Tests B.
Dry heat
GB/T 2423.8-1995 Environmental testing for electric and electronic products
- Part 2. Test methods - Test Ed. Free fall
GB/T 2423.9-2001 Environmental testing for electric and electronic products
- Part 2. Test methods - Test Cb. Damp heat, steady state, primarily for
equipment
GB/T 2423.10-2008 Environmental testing for electric and electronic
products - Part 2. Tests methods - Test Fc. Vibration (sinusoidal)
GB/T 2423.21-1991 Basic environmental testing procedures for electric and
electronic products - Test M. Low air pressure
GB/T 2423.22-2002 Environmental testing for electric and electronic
products - Part 2. Test methods - Test N. Change of temperature
GB/T 2423.53-2005 Environmental testing for electric and electronic
products - Part 2. Test methods - Test Xb. Abrasion of markings and letterings
caused by rubbing of fingers and hands
GB/T 4208-2008 Degrees of protection provided by enclosure (IP code)
GB/T 17626.2-2006 Electromagnetic compatibility (EMC) - Testing and
measurement techniques - Electrostatic discharge immunity test
GB/T 18336.1-2008 Information technology - Security techniques -
Evaluation criteria for IT security - Part 1. Introduction and general model
GB/T 18336.2-2008 Information technology - Security techniques -
Evaluation criteria for IT security - Part 2. Security functional requirements
GB/T 18336.3-2008 Information Technology - Security Techniques -
Evaluation criteria for IT security - Part 3. Security assurance requirements
GB/T 21079.1-2007 Banking - Secure cryptographic devices (retail) - Part 1.
Concepts requirements and evaluation methods
GM/T 0002-2012 SM4 Block Cipher Algorithm
GM/T 0004-2012 SM3 Password Hashing Algorithm
GM/T 0005-2012 Randomness Test Specification
3 Terms and definitions
The following terms and definitions are applicable to this document.
3.1 Dynamic password token; one time password token
The carrier which generates and displays one time password.
3.2 Dynamic password; one time password
The one time password generated by the seed key and other data through a
particular algorithm.
3.3 Static password
The password set by the user which will not change unless the user actively
modifies it.
3.4 Challenge code
3.14 Automatically unlock
After the password token is locked, over a certain period of time, the system
will unlock the password token.
3.15 Key management
According to security policy, for key generation, registration, authentication,
write-off, distribution, installation, storage, archiving, revocation, derivation,
destruction, and other operations, DEVELOP and IMPLEMENT a set of
established rules.
3.16 Hardware encryption device
A hardware carrier for key management, encryption and decryption operations,
and other functions.
3.17 Key
The key information or parameter which controls the operation of cryptographic
transformation.
3.18 Service list
The statistical statement provided by the system on the corresponding states
and results of password token and system in different time periods.
3.19 Interface
The part where two different systems (or subroutines) intersect, and through
which they interact with each other.
3.20 Large window
The window which is used to synchronize the time of password token with the
system time. The size of the window shall not exceed ±10.
3.21 Middle window
The window which is used to synchronize the time of password token with the
system time. The size of the window shall not exceed ±5.
3.22 Small window
The window which is used to synchronize the time of password token with the
system time. The size of the window shall not exceed ±2.
3.23 Encryption key for seed key
F() - Algorithmic function
OD - Output result
Truncate() - Truncation function
N - The number of bits of the password displayed by password token or other
terminals
Km - Main key
Kt - Transmission key
Kp - Main key for manufacturer production
Ks - Encryption key for seed key
Λ - Power operator, namely, 2Λn stands for n-power of 2
% - Complementation operation, namely, 5% 3 =2
< < - Symbol of ring shift left
| - The connector which splices two sets of data according to left and right orders
⊞ - Arithmetic plus symbol, not-carry
Get QUOTATION in 1-minute: Click GM/T 0021-2012
Historical versions: GM/T 0021-2012
Preview True-PDF (Reload/Scroll if blank)
GM/T 0021-2012: One time password application of cryptography algorithm
GM/T 0021-2012
GM
CRYPTOGRAPHY INDUSTRY STANDARD
OF THE PEOPLE’S REPUBLIC OF CHINA
ICS 35.040
L 80
File No.. 38319-2013
One time password application
of cryptography algorithm
ISSUED ON. NOVEMBER 22, 2012
IMPLEMENTED ON. NOVEMBER 22, 2012
Issued by. State Cryptography Administration
Table of Contents
Foreword ... 4
1 Scope .. 5
2 Normative references ... 5
3 Terms and definitions ... 6
4 Symbols ... 9
5 One time password systems .. 10
5.1 Overview .. 10
5.2 General framework ... 10
5.3 Sketch of basic authentication principle ... 12
6 Generation mode of one time password .. 13
6.1 Overview .. 13
6.2 Instructions for algorithm use .. 14
6.3 Truncation algorithm .. 15
7 Characteristics of one time password token .. 16
7.1 Requirements for password token hardware.. 16
7.2 Password token security characteristics .. 18
8 Authentication system ... 19
8.1 System description ... 19
8.2 Services of authentication system ... 22
8.3 Management functions of authentication system ... 25
8.4 Security requirements .. 26
9 Key management system ... 27
9.1 Overview .. 27
9.2 System architecture .. 28
9.3 Function requirements ... 30
9.4 System security design ... 32
9.5 Instructions for interfaces of hardware encryption device .. 40
Appendix A (Informative) Implementation use cases of one time password
generation algorithm based on C language .. 42
A.1 Use case of one time password generation algorithm based on SM3 ... 42
A.2 Use case of one time password generation algorithm based on SM4 ... 47
Appendix B (Informative) Input and output use cases of one time password
generation algorithm calculation .. 54
B.1 Input and output use cases of one time password generation algorithm based
on SM3 .. 54
B.2 Input and output use cases of one time password generation algorithm based
on SM4 .. 54
Appendix C (Informative) Operation parameters and data description use cases
... 56
Appendix D (Informative) Interfaces of authentication system ... 57
D.1 Format of service message ... 57
D.2 Service identifiers .. 59
D.3 Data identifiers ... 60
D.4 Return codes ... 60
D.5 Application interfaces ... 62
One time password application
of cryptography algorithm
1 Scope
This Standard specifies related contents of one time password systems,
generation mode of one time password, characteristics of one time password
token, authentication system, key management system, etc.
This Standard is applicable to the development and production of one time
password-related products; and it can also be used to guide the detection of
related products.
2 Normative references
The following documents are essential to the application of this document. For
the dated references, only the versions with the dates indicated are applicable
to this document. For the undated references, the latest version (including all
the amendments) are applicable to this document.
GB/T 2423.1-2008 Environmental testing - Part 2. Test methods - Tests A.
Cold
GB/T 2423.2-2008 Environmental testing - Part 2. Test methods - Tests B.
Dry heat
GB/T 2423.8-1995 Environmental testing for electric and electronic products
- Part 2. Test methods - Test Ed. Free fall
GB/T 2423.9-2001 Environmental testing for electric and electronic products
- Part 2. Test methods - Test Cb. Damp heat, steady state, primarily for
equipment
GB/T 2423.10-2008 Environmental testing for electric and electronic
products - Part 2. Tests methods - Test Fc. Vibration (sinusoidal)
GB/T 2423.21-1991 Basic environmental testing procedures for electric and
electronic products - Test M. Low air pressure
GB/T 2423.22-2002 Environmental testing for electric and electronic
products - Part 2. Test methods - Test N. Change of temperature
GB/T 2423.53-2005 Environmental testing for electric and electronic
products - Part 2. Test methods - Test Xb. Abrasion of markings and letterings
caused by rubbing of fingers and hands
GB/T 4208-2008 Degrees of protection provided by enclosure (IP code)
GB/T 17626.2-2006 Electromagnetic compatibility (EMC) - Testing and
measurement techniques - Electrostatic discharge immunity test
GB/T 18336.1-2008 Information technology - Security techniques -
Evaluation criteria for IT security - Part 1. Introduction and general model
GB/T 18336.2-2008 Information technology - Security techniques -
Evaluation criteria for IT security - Part 2. Security functional requirements
GB/T 18336.3-2008 Information Technology - Security Techniques -
Evaluation criteria for IT security - Part 3. Security assurance requirements
GB/T 21079.1-2007 Banking - Secure cryptographic devices (retail) - Part 1.
Concepts requirements and evaluation methods
GM/T 0002-2012 SM4 Block Cipher Algorithm
GM/T 0004-2012 SM3 Password Hashing Algorithm
GM/T 0005-2012 Randomness Test Specification
3 Terms and definitions
The following terms and definitions are applicable to this document.
3.1 Dynamic password token; one time password token
The carrier which generates and displays one time password.
3.2 Dynamic password; one time password
The one time password generated by the seed key and other data through a
particular algorithm.
3.3 Static password
The password set by the user which will not change unless the user actively
modifies it.
3.4 Challenge code
3.14 Automatically unlock
After the password token is locked, over a certain period of time, the system
will unlock the password token.
3.15 Key management
According to security policy, for key generation, registration, authentication,
write-off, distribution, installation, storage, archiving, revocation, derivation,
destruction, and other operations, DEVELOP and IMPLEMENT a set of
established rules.
3.16 Hardware encryption device
A hardware carrier for key management, encryption and decryption operations,
and other functions.
3.17 Key
The key information or parameter which controls the operation of cryptographic
transformation.
3.18 Service list
The statistical statement provided by the system on the corresponding states
and results of password token and system in different time periods.
3.19 Interface
The part where two different systems (or subroutines) intersect, and through
which they interact with each other.
3.20 Large window
The window which is used to synchronize the time of password token with the
system time. The size of the window shall not exceed ±10.
3.21 Middle window
The window which is used to synchronize the time of password token with the
system time. The size of the window shall not exceed ±5.
3.22 Small window
The window which is used to synchronize the time of password token with the
system time. The size of the window shall not exceed ±2.
3.23 Encryption key for seed key
F() - Algorithmic function
OD - Output result
Truncate() - Truncation function
N - The number of bits of the password displayed by password token or other
terminals
Km - Main key
Kt - Transmission key
Kp - Main key for manufacturer production
Ks - Encryption key for seed key
Λ - Power operator, namely, 2Λn stands for n-power of 2
% - Complementation operation, namely, 5% 3 =2
< < - Symbol of ring shift left
| - The connector which splices two sets of data according to left and right orders
⊞ - Arithmetic plus symbol, not-carry
Share
