Skip to product information
1 of 12

PayPal, credit cards. Download editable-PDF and invoice in 1 second!

GM/T 0021-2012 English PDF (GMT0021-2012)

GM/T 0021-2012 English PDF (GMT0021-2012)

Regular price $345.00 USD
Regular price Sale price $345.00 USD
Sale Sold out
Shipping calculated at checkout.
Quotation: In 1-minute, 24-hr self-service. Click here GM/T 0021-2012 to get it for Purchase Approval, Bank TT...

GM/T 0021-2012: One time password application of cryptography algorithm

This Standard specifies related contents of one time password systems, generation mode of one time password, characteristics of one time password token, authentication system, key management system, etc. This Standard is applicable to the development and production of one time password-related products; and it can also be used to guide the detection of related products.
GM/T 0021-2012
GM
CRYPTOGRAPHY INDUSTRY STANDARD
OF THE PEOPLE REPUBLIC OF CHINA
ICS 35.040
L 80
File No.. 38319-2013
One time password application
of cryptography algorithm
ISSUED ON. NOVEMBER 22, 2012
IMPLEMENTED ON. NOVEMBER 22, 2012
Issued by. State Cryptography Administration
Table of Contents
Foreword ... 4
1 Scope .. 5
2 Normative references ... 5
3 Terms and definitions ... 6
4 Symbols ... 9
5 One time password systems .. 10
5.1 Overview .. 10
5.2 General framework ... 10
5.3 Sketch of basic authentication principle ... 12
6 Generation mode of one time password .. 13
6.1 Overview .. 13
6.2 Instructions for algorithm use .. 14
6.3 Truncation algorithm .. 15
7 Characteristics of one time password token .. 16
7.1 Requirements for password token hardware.. 16
7.2 Password token security characteristics .. 18
8 Authentication system ... 19
8.1 System description ... 19
8.2 Services of authentication system ... 22
8.3 Management functions of authentication system ... 25
8.4 Security requirements .. 26
9 Key management system ... 27
9.1 Overview .. 27
9.2 System architecture .. 28
9.3 Function requirements ... 30
9.4 System security design ... 32
9.5 Instructions for interfaces of hardware encryption device .. 40
Appendix A (Informative) Implementation use cases of one time password
generation algorithm based on C language .. 42
A.1 Use case of one time password generation algorithm based on SM3 ... 42 A.2 Use case of one time password generation algorithm based on SM4 ... 47 Appendix B (Informative) Input and output use cases of one time password generation algorithm calculation .. 54
B.1 Input and output use cases of one time password generation algorithm based on SM3 .. 54
B.2 Input and output use cases of one time password generation algorithm based on SM4 .. 54
Appendix C (Informative) Operation parameters and data description use cases ... 56
Appendix D (Informative) Interfaces of authentication system ... 57
D.1 Format of service message ... 57
D.2 Service identifiers .. 59
D.3 Data identifiers ... 60
D.4 Return codes ... 60
D.5 Application interfaces ... 62
One time password application
of cryptography algorithm
1 Scope
This Standard specifies related contents of one time password systems,
generation mode of one time password, characteristics of one time password token, authentication system, key management system, etc.
This Standard is applicable to the development and production of one time password-related products; and it can also be used to guide the detection of related products.
2 Normative references
The following documents are essential to the application of this document. For the dated references, only the versions with the dates indicated are applicable to this document. For the undated references, the latest version (including all the amendments) are applicable to this document.
GB/T 2423.1-2008 Environmental testing - Part 2. Test methods - Tests A. Cold
GB/T 2423.2-2008 Environmental testing - Part 2. Test methods - Tests B. Dry heat
GB/T 2423.8-1995 Environmental testing for electric and electronic products - Part 2. Test methods - Test Ed. Free fall
GB/T 2423.9-2001 Environmental testing for electric and electronic products - Part 2. Test methods - Test Cb. Damp heat, steady state, primarily for equipment
GB/T 2423.10-2008 Environmental testing for electric and electronic
products - Part 2. Tests methods - Test Fc. Vibration (sinusoidal)
GB/T 2423.21-1991 Basic environmental testing procedures for electric and electronic products - Test M. Low air pressure
GB/T 2423.22-2002 Environmental testing for electric and electronic
products - Part 2. Test methods - Test N. Change of temperature
GB/T 2423.53-2005 Environmental testing for electric and electronic
products - Part 2. Test methods - Test Xb. Abrasion of markings and letterings caused by rubbing of fingers and hands
GB/T 4208-2008 Degrees of protection provided by enclosure (IP code)
GB/T 17626.2-2006 Electromagnetic compatibility (EMC) - Testing and
measurement techniques - Electrostatic discharge immunity test
GB/T 18336.1-2008 Information technology - Security techniques -
Evaluation criteria for IT security - Part 1. Introduction and general model GB/T 18336.2-2008 Information technology - Security techniques -
Evaluation criteria for IT security - Part 2. Security functional requirements GB/T 18336.3-2008 Information Technology - Security Techniques -
Evaluation criteria for IT security - Part 3. Security assurance requirements GB/T 21079.1-2007 Banking - Secure cryptographic devices (retail) - Part 1. Concepts requirements and evaluation methods
GM/T 0002-2012 SM4 Block Cipher Algorithm
GM/T 0004-2012 SM3 Password Hashing Algorithm
GM/T 0005-2012 Randomness Test Specification
3 Terms and definitions
The following terms and definitions are applicable to this document.
3.1 Dynamic password token; one time password token
The carrier which generates and displays one time password.
3.2 Dynamic password; one time password
The one time password generated by the seed key and other data through a particular algorithm.
3.3 Static password
The password set by the user which will not change unless the user actively modifies it.
3.4 Challenge code
3.14 Automatically unlock
After the password token is locked, over a certain period of time, the system will unlock the password token.
3.15 Key management
According to security policy, for key generation, registration, authentication, write-off, distribution, installation, storage, archiving, revocation, derivation, destruction, and other operations, DEVELOP and IMPLEMENT a set of
established rules.
3.16 Hardware encryption device
A hardware carrier for key management, encryption and decryption operations, and other functions.
3.17 Key
The key information or parameter which controls the operation of cryptographic transformation.
3.18 Service list
The statistical statement provided by the system on the corresponding states and results of password token and system in different time periods.
3.19 Interface
The part where two different systems (or subroutines) intersect, and through which they interact with each other.
3.20 Large window
The window which is used to synchronize the time of password token with the system time. The size of the window shall not exceed ??10.
3.21 Middle window
The window which is used to synchronize the time of password token with the system time. The size of the window shall not exceed ??5.
3.22 Small window
The window which is used to synchronize the time of password token with the system time. The size of the window shall not exceed ??2.
3.23 Encryption key for seed key
F() - Algorithmic function
OD - Output result
Truncate() - Truncation function
N - The number of bits of the password displayed by password token or other terminals
Km - Main key
Kt - Transmission key
Kp - Main key for manufacturer production
Ks - Encryption key for seed key
?? - Power operator, namely, 2??n stands for n-power of 2
% - Complementation operation, namely, 5% 3 =2
< < - Symbol of ring shift left
| - The connector which splices two sets of data according to left and right orders ??? - Arithmetic plus symbol, not-carry
5 One time password systems
5.1 Overview
One time password systems include the system of one time password token and authentication of one time password token, which can provide
authentication services of one time password for application system. The systems of authentication of one time password token consist of authentication system and key management system.
5.2 General framework
One time password token is responsible for generating one time password; the authentication system is responsible for verifying the correctness of the one time password; the key management system is responsible for the key
management of the one time password token; the application system is
responsible for, according to the specified protocol, sending the one time password (message) to the authentication system for authentication. The architecture of one time password systems is shown in Figure 1.
the next parameter. If ID is made up of T and Q, then the data assembly method is T|Q. If ID is made up of C and Q, then the data assembly method is C|Q. If the data which make up ID are less than 128 bits, then the data terminal of ID is filled with 0 to 128 bits.
K is a seed key with no less than 128 bits in length, is only held by authentication parties. F() is an algorithmic function, that is, SM4 or SM3, SEE GM/T 0002- 2012 and GM/T 0004-2012.
S is the output result of the algorithmic function. The length of output result of SM4 algorithm i...

View full details