GM/T 0035.2-2014 English PDF (GMT0035.2-2014)

This Part of GM/T 0035 specifies the technical requirements for cryptographic algorithms, security certification, data storage and communication security involved the RFID tag chip using the cryptographic techniques. Appendix A gives the example for RFID tag chip. This Part is applicable to the design, development, manufacture and application of RFID tag chip using cryptographic security technology.

GM/T 0035.2-2014
GM
CRYPTOGRAPHY INDUSTRY STANDARD
OF THE PEOPLE’S REPUBLIC OF CHINA
ICS 35.040
L 80
Record No.. 44637-2014
Specifications of Cryptographic Application
for RFID Systems – Part 2. Specification of
Cryptographic Application for RFID Tag Chip
ISSUED ON. FEBRUARY 13, 2014
IMPLEMENTED ON. FEBRUARY 13, 2014
Issued by. State Cryptography Administration
Table of Contents
Foreword ... 3
1 Scope .. 4
2 Normative References ... 4
3 Terms and Definitions ... 4
4 Symbols and Abbreviations ... 5
5 Cryptographic Security Element .. 5
5.1 Confidentiality .. 5
5.2 Integrity ... 6
5.3 Non-repudiation .. 6
5.4 ID authentication ... 7
5.5 Access control ... 7
5.6 Audit records ... 7
5.7 Cryptographic configuration ... 8
5.8 Other security measures .. 8
6 Technical Requirements for Cryptographic Security ... 8
Appendix A (Informative) Example of RFID Tag Chip .. 10
A.1 RFID tag classification ... 10
A.2 Example of anti-fake RFID tag chip... 10
A.3 Data storage structure ... 12
A.4 Unique identifier instructions ... 13
A.5 Data access control permission instruction ... 14
A.6 Cryptographic algorithm instructions .. 16
A.7 ID authentication and data communication encryption instruction ... 16 A.8 Key management ... 18
A.9 Instruction of all command set ... 18
Foreword
GM/T 0035 Specifications of Cryptographic Application for RFID Systems can be divided into 5 parts.
--- Part 1. Cryptographic Protection Framework and Security Levels;
--- Part 2. Specification of Cryptographic Application for RFID tag chip; --- Part 3. Specification of Cryptographic Application for RFID Reader; --- Part 4. Specification of Cryptographic Application for Communication; --- Part 5. Specification for Key Management.
This Part belongs to Part 2 of GM/T 0035.
This Part shall be drafted as per the rules of GB/T 1.1-2009.
This Part was proposed and under the jurisdiction of Cryptographic Industry Standardization Technical Committee.
Drafting organizations of this Part. Shanghai Fudan Microelectronics Group Co., Ltd., Beijing Zhongdian Huada Electronic Design Co., Ltd., Shanghai Huahong Integrated Circuit Co., Ltd., Beijing Tongfang Micro-Electronics Co., Ltd., Fudan University, Xingtang Communication Technology Co., Ltd., Shanghai HSIC Application System Co., Ltd., Aisino Co., Ltd., and Beijing Huada Zhibao Electronic System Co., Ltd. Chief drafting staffs of this Part. Yu Jun, Dong Haoran, Zhou Jiansuo, Liang Shaofeng, Wu Xingjun, Xie Wenlu, Wang Junyu, Liu Xun, Wang Junfeng, Xu Shumin, Chen Yue, Gu Zhen, Wang Yunsong, and Wang Huibo.
Specifications of Cryptographic Application
for RFID Systems – Part 2. Specification of
Cryptographic Application for RFID Tag Chip
1 Scope
This Part of GM/T 0035 specifies the technical requirements for cryptographic algorithms, security certification, data storage and communication security involved the RFID tag chip using the cryptographic techniques. Appendix A gives the example for RFID tag chip.
This Part is applicable to the design, development, manufacture and application of RFID tag chip using cryptographic security technology.
2 Normative References
The following documents are essential to the application of this document. For the dated documents, only the versions with the dates indicated are applicable to this document; for the undated documents, only the latest version (including all the amendments) are applicable to this document.
GM/T 0035.1-2014 Specification of Cryptographic Application for RFID Systems – Part 1. Cryptographic Protection Framework and Security Levels
GM/T 0035.4-2014 Specifications of Cryptographic Application for RFID Systems - Part 4. Specification of Cryptographic Application for Communication between RFID Tag and Reader
GM/T 0035.5-2014 Specifications of Cryptographic Application for RFID Systems - Part 5. Specification for Key Management
3 Terms and Definitions
The terms and definitions stipulated in GM/T 0035.1-2014 are applicable to this document.
4 Symbols and Abbreviations
The symbols and abbreviations stipulated in GM/T 0035.1-2014 are applicable to this document.
5 Cryptographic Security Element
5.1 Confidentiality
5.1.1 Confidentiality of storage information
The RFID tag performs encryption protection against the sensitive information stored in the RFID tag by using cryptographic algorithms; ensures that any reader other than the legitimate reader can’t obtain such data.
The confidentiality of stored information shall be encrypted by using cryptographic algorithm.
When adopting block encryption mode of symmetric cryptographic algorithm, use LD to express the length of plaintext data; add new data block generated by LD before the plaintext data; such data block shall be grouped according to the block length of cryptographic algorithm; if the length of final block of data is less than the cryptographic algorithm block length, then fill to supplement. The filling mode is fill a byte of hexadecimal ‘80’ after the final block of data; if it is still less than the cryptographic algorithm block length, then fill ‘00’ to the block length. After the data is grouped, adopt the cryptographic algorithm and encrypted keys to encrypt then store such data group by group. When reading such data, adopt the same cryptographic algorithm and encrypted key to decrypt the stored ciphertext data; the plaintext data shall be obtained through cutting the plaintext data length LD.
5.1.2 Confidentiality of transmission information
When RFID tag communicates with reader, the RFID tag adopts the cryptographic algorithm to perform the encryption protection against the transmitted sensitive information; which is used for ensuring the such transmitted data can’t obtain the plaintext data after being intercepted; so that meet the confidentiality requirements for data transmission.
The confidentiality protection of transmission information shall be finished through encrypting the transmitted plaintext data; the stream encryption or packet encryption is adopted.
The realization process of transmission information confidentiality can refer to GM/T 0035.4-2014.
When the RFID tag has the non-repudiation of reader function, the RFID tag shall verify the digital signature generated by the reader; meet the requirements for non- repudiation of reader.
5.4 ID authentication
5.4.1 Unique identifier authentication
The unique identifier authentication uses the authentication mode of check code relevant to the unique identifier of the RFID tag.
The unique identifier needs to store UID and check code (MAC) into the electronic signature; such MAC is generated by adopting the cryptographic algorithm after association between the UID and relevant application information; it is written into when issuing the RFID tag.
The realization mode of unique identifier authentication shall refer to GM/T 0035.4- 2014.
5.4.2 RFID tag’s challenge response authentication against reader
The realization mode of RFID tag’s challenge response authentication against reader shall refer to GM/T 0035.4-2014.
5.4.3 Reader’s challenge response authentication against RFID tag
The realization mode of reader’s challenge response authentication against RFID tag shall refer to GM/T 0035.4-2014.
5.5 Access control
The RFID tag data access control adopts cryptographic algorithm to set control permission against the data reading and writing, key storage, key update, and increasing and decreasing of numerical data. Different permission shall be set different key to perform access control; prevent the unauthorized access.
When the user applies, the reader can only operate the RFID tag according to the access control permission set when the RFID tag is issued.
5.6 Audit records
The RFID tag records and stores the data involved security and relevant operation; the contents shall at least include use subject, use time, implementation operation, etc.; used for application system audit recorded data and operation safety.
Appendix A
(Informative)
Example of RFID Tag Chip
A.1 RFID tag classification
A.1.1 Identification class
It has readable information, which is used for identifying the unique RFID tag of such tag. Such kind of RFID tag doesn’t have cryptographic technology protection function, which can be used for logistics tracking and item identification, and the like application. Generally, such tags are applicable to RFID system with Class-1 security levels. A.1.2 Anti-fake class
It has the identification RFID tag function; adopt the cryptographic technology to prevent the anti-fake characteristics of RFID tag such as to be duplicated, the tag storage information to be tampered, etc.; it can be used for elec...