Skip to product information
1 of 10

PayPal, credit cards. Download editable-PDF and invoice in 1 second!

GM/T 0097-2020 English PDF (GMT0097-2020)

GM/T 0097-2020 English PDF (GMT0097-2020)

Regular price $335.00 USD
Regular price Sale price $335.00 USD
Sale Sold out
Shipping calculated at checkout.
Delivery: 3 seconds. Download true-PDF + Invoice.
Get QUOTATION in 1-minute: Click GM/T 0097-2020
Historical versions: GM/T 0097-2020
Preview True-PDF (Reload/Scroll if blank)

GM/T 0097-2020: Security technical specifications for unified name resolution service of RFID
GM/T 0097-2020
GM
CRYPTOGRAPHY INDUSTRY STANDARD
OF THE PEOPLE’S REPUBLIC OF CHINA
ICS 35.040
L 80
Security Technical Specifications for Unified Name
Resolution Service of RFID
ISSUED ON: DECEMBER 28, 2020
IMPLEMENTED ON: JULY 1, 2021
Issued by: State Cryptography Administration
Table of Contents
Foreword ... 4 
1 Scope ... 5 
2 Normative References ... 5 
3 Terms and Definitions ... 5 
4 Symbols and Abbreviations ... 6 
4.1 Symbols ... 6 
4.2 Abbreviations ... 7 
5 Coding of Electronic Tags ... 8 
6 ONS System Architecture ... 8 
7 Key Business Process of ONS System ... 9 
7.1 ONS Server Registration ... 9 
7.2 Security Query Processing ... 10 
8 Security Requirements ... 11 
8.1 Cryptographic Algorithm ... 11 
8.2 Random Number Security ... 11 
8.3 Key Management Security ... 11 
8.3.1 General requirements ... 11 
8.3.2 Types and purposes of keys ... 11 
8.3.3 Key structure ... 12 
8.3.4 Key generation ... 13 
8.3.5 Key distribution ... 13 
8.3.6 Key storage ... 13 
8.3.7 Key update ... 13 
8.3.8 Key backup and recovery ... 14 
8.3.9 Key destruction ... 14 
8.4 Hardware Security ... 14 
8.5 Software Security ... 14 
Appendix A (informative) Unified Coding Rules of RFID Electronic Tags ... 15 
Appendix B (normative) ONS Server Registration Process ... 16 
Appendix C (normative) Message Protocol Specifications ... 18 
Appendix D (normative) Processing Process of Security Query ... 24 
Security Technical Specifications for Unified Name
Resolution Service of RFID
1 Scope
This Standard specifies the system architecture, key business process and security
requirements for unified name resolution service of RFID; defines the registration
process of name resolution server, the security query process of electronic product
code and corresponding information message format.
This Standard is applicable to the development and application of unified name
resolution service system of RFID.
2 Normative References
The following documents are indispensable to the application of this document. In
terms of references with a specified date, only versions with a specified date are
applicable to this document. In terms of references without a specified date, the latest
version (including all the modifications) is applicable to this document.
GB/T 17901.1 Information Technology - Security Techniques - Key Management - Part
1: Framework
GB/T 32905 Information Security Techniques - SM3 Cryptographic Hash Algorithm
GB/T 32907 Information Security Technology - SM4 Block Cipher Algorithm
GB/T 32915 Information Security Technology - Randomness Test Methods for Binary
Sequence
GB/T 32918 (all parts) Information Security Technology - Public Key Cryptographic
Algorithm SM2 Based on Elliptic Curves
GB/T 35276-2017 Information Security Technology - SM2 Cryptographic Algorithm
Usage Specification
GM/Z 4001-2013 Cryptology Terminology (TRANSLATOR NOTE: it should be GM/Z
0001-2013)
3 Terms and Definitions
What is defined in GM/Z 4001-2013 (TRANSLATOR NOTE: it should be GM/Z 0001-
ip_A: address of server A
ip_EPCIS: address of EPCIS server
k_AB: session key of server A and server B
k1_AB: session key of symmetric encryption of server A and server B
k2_AB: session key of message authentication code verification of server A and server
MAC_A: message authentication code generated by server A
PCODE: electronic product code
pri_A: device private key of server A
prf(): key derivation function
prf(msg): key derivation function to perform data digest operation on message msg
pub_A: device public key of server A
rand_A: random number generated by server A
SIG_A: signature data generated by server A
SM2_Enc (pub_key, msg): use SM2 asymmetric algorithm; use pub_key as private key
to encrypt input message msg
SM2_Sign (pri_key, msg): use SM2 asymmetric algorithm; use pri_key as private key
to digitally sign msg
SM4_Enc (key, msg): use SM4 symmetric algorithm (CBC pattern); use key as private
key to encrypt message msg
u_AB: work key of server A and server B
u1_AB: work key of symmetric encryption of server A and server B
u2_AB: work key of message authentication code verification of server A and server B
[x]: x is optional
xy: x and y are concatenated
4.2 Abbreviations
The following abbreviations are applicable to this document.
ONS server. Meanwhile, this key uses the session key generated through negotiation
during the registration of the inferior ONS server for encryption and protection, and
queries and distributes messages through the local ONS server to the inferior ONS
server. During the communication between the local ONS server and the inferior ONS
server, this key (including the key used for data encryption and the key used to
calculate message authentication code) is used to perform security protection of the
confidentiality, integrity and data source validity verification for ONS query messages.
The interactive process of query messages is shown in Appendix D. The
communication protocol is shown in Appendix C.
8 Security Requirements
8.1 Cryptographic Algorithm
The cryptographic algorithm used by the ONS system shall comply with the
requirements of national and industry standards on cryptography.
The public key cryptographic algorithm adopts public key cryptographic algorithm SM2
based on elliptic curves, which shall comply with GB/T 32918.
The symmetric cryptographic algorithm adopts SM4 block cipher algorithm, which shall
comply with GB/T 32907.
The cryptographic hash algorithm adopts SM3 cryptographic hash algorithm, which
shall comply with GB/T 32905.
8.2 Random Number Security
The random number used by the ONS system shall comply with the requirements of
national and industry standards on cryptography.
The inspection of random number shall comply with the requirements of GB/T 32915.
8.3 Key Management Security
8.3.1 General requirements
The ONS system shall be equipped with complete key management measures. The
contents of key generation, storage, distribution, backup, update and destruction shall
comply with the relevant requirements of GB/T 17901.1.
8.3.2 Types and purposes of keys
The ONS system shall comply with the principle “exclusive keys for exclusive
purposes”. In accordance with the types and purposes, keys are divided into device
keys, session keys and work keys. The types of keys are shown in Table 1.
8.3.4 Key generation
The device key, which is generated by each ONS server itself, includes device private
key and device certificate.
The session key is generated through negotiation during the registration of ONS server.
See the negotiation process in Appendix B.
The work key is generated by the superior ONS server. See the generation process in
Appendix D.
8.3.5 Key distribution
The device public key of the ONS servers at all levels shall be able to be exported. It
is imported into the device after the key management system issues the device
certificate. The device private key does not need to be distributed.
After the session key is generated, there is no need to distribute it.
After the work key is generated by the superior ONS server, it is protected by the
session key of the inferior ONS server and distributed to the inferior ONS server and
the local ONS server. The distribution process is shown in Appendix D.
8.3.6 Key storage
The device key shall be st...
View full details