Global Platform Presentation C:\Path - filename - san - 23.10.02 - page 1 Open Platform on Java Card Introduction by Ingeborg Sandow.

Slides:



Advertisements
Similar presentations
Building Portals to access Grid Middleware National Technical University of Athens Konstantinos Dolkas, On behalf of Andreas Menychtas.
Advertisements

Smart Card Security Xufen Gao CS 265 Spring, 2004 San Jose State University.
Windows 2000 Security --Kerberos COSC513 Project Sihua Xu June 13, 2014.
Professional Toolkit V2.0 C:\Presentations - SmartCafe_Prof_V2.0 - bsc page 1 Professional Toolkit 2.0.
Java Card Technology Ch07: Applet Instructors: Fu-Chiung Cheng ( 鄭福炯 ) Associate Professor Computer Science & Engineering Computer Science & Engineering.
SSL Protocol By Oana Dini. Overview Introduction to SSL SSL Architecture SSL Limitations.
1 GP Confidential © GlobalPlatform’s Value Proposition for Mobile Point of Sale (mPOS)
Securing. Agenda  Hard Drive Encryption  User Account Permissions  Root Level Access  Firewall Protection  Malware Protection.
Build /15/2017 © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION.
Building and Deploying Safe and Secure Android Apps for Enterprise Presented by Technology Consulting Group at Endeavour Software Technologies.
LAB#2 JAVA SECURITY OVERVIEW Prepared by: I.Raniah Alghamdi.
Mar 11, 2003Mårten Trolin1 Previous lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.
Edward Tsai – CS 239 – Spring 2003 Strong Security for Active Networks CS 239 – Network Security Edward Tsai Tuesday, May 13, 2003.
Web Servers How do our requests for resources on the Internet get handled? Can they be located anywhere? Global?
5/8/2006 pmarquez/Active Directory 1 Windows Server 2003 Active Directory CS526 Semester Project Spring 2006 Patricia C. Marquez Microsoft.
Muhammad Wasim Raad1 Smart Cards Operating Systems أنظمة التشغيل للبطاقات الذكية By: Dr Muhammad Wasim Raad Computer Engineering Department.
MNO Cloud Use Case 2 Source: Rogers Wireless Contact: Ed O’Leary George Babut 3GPP/SA3-LI#43Tdoc SA3LI11_115.
Key Management Guidelines. 1. Introduction 2. Glossary of Terms and Acronyms 3. Cryptographic Algorithms, Keys and Other Keying Material 4. Key Management.
Java Card Open Platform Combines tomorrow's technology and platforms C:\Presentations - JavaCard_OpenPlatform.ppt - bsc page 1 Programming.
FORESEC Academy FORESEC Academy Security Essentials (II)
Epayment System using Java April, Computer Security and Electronic Payment System Cho won chul Kim Hee Dae Lee Jung Hwan Yoon Won Jung.
Hardware Token Support for the Web Analysis of the W3C Workshop on Authentication, Hardware Tokens and Beyond.
Renesas Electronics America Inc. © 2012 Renesas Electronics America Inc. All rights reserved. Class ID: BL01A - Java & Global Platform Applet Development.
Fayoum University Faculty of Engineering Electrical Engineering Department E-voting system Using Smart Card Under the supervision Of: Dr. Magdy Amer.
Special Publication : Interfaces for Personal Identity Verification Jim Dray NIST NPIVP Workshop March 3, 2006.
Business Seminar - Technical Overview & Roadmap August 21, 2002 – Toronto Marc Kekicheff GlobalPlatform Technical Director August 21, 2002 – Toronto Marc.
1 1 Update: ISO/IEC Identification Cards - Integrated circuit cards programming interfaces Teresa Schwarzhoff, U.S. Department of Commerce Porvoo-12:
MINT Working Group Jan 9-10 at Harris FBC Melbourne, FL.
Designing Authentication for a Microsoft Windows 2000 Network Designing Authentication in a Microsoft Windows 2000 Network Designing Kerberos Authentication.
© Oxford University Press 2011 DISTRIBUTED COMPUTING Sunita Mahajan Sunita Mahajan, Principal, Institute of Computer Science, MET League of Colleges, Mumbai.
Web Security : Secure Socket Layer Secure Electronic Transaction.
Module 9: Fundamentals of Securing Network Communication.
Kerberos Named after a mythological three-headed dog that guards the underworld of Hades, Kerberos is a network authentication protocol that was designed.
Advanced Windows 8 Apps Using JavaScript Jump Start Exam Prep M5: Data, Files, and Encryption Michael Palermo Microsoft Technical Evangelist Jeremy.
Electronic data collection system eSTAT in Statistics Estonia: functionality, authentication and further developments issues 4th June 2007 Maia Ennok,
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED.
SSL/TLS How to send your credit card number securely over the internet.
Security Protection on Trust Delegated Medical Data in Public Mobile Networks Dasun Weerasinghe, Muttukrishnan Rajarajan and Veselin Rakocevic Mobile Networks.
Extending ISA/IAG beyond the limit. AGAT Security suite - introduction AGAT Security suite is a set of unique components that allow extending ISA / IAG.
GOAL User Interactive Web Interface Update Pages by Club Officers Two Level of Authentication.
1 Network Security Lecture 7 Overview of Authentication Systems Waleed Ejaz
Network Security & Accounting
1 Session 3 Module 4: Java Security Module 5: Cryptography.
1 Proposal for a specification of Demoney in Coq. Jean Duprat LIP, ENS-Lyon.
Copyright ©2015 WatchGuard Technologies, Inc. All Rights Reserved WatchGuard Training WatchGuard XCS What’s New in version 10.1.
User Authentication Modules Leland Wallace Sr. Engineer AppleShare Leland Wallace Sr. Engineer AppleShare.
Computer Science and Engineering Computer System Security CSE 5339/7339 Lecture 14 October 5, 2004.
Java Card Technology Ch08: Working with APDUs
Database Security Cmpe 226 Fall 2015 By Akanksha Jain Jerry Mengyuan Zheng.
The Diagnostic Pathfinder System Introduction Getting Started.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
1 Session 4 Module 6: Digital signatures. Digital Signatures / Session4 / 2 of 18 Module 4, 5 - Review (1)  Java 2 security model provides a consistent.
CSC 2720 Building Web Applications Basic Frameworks for Building Dynamic Web Sites / Web Applications.
SSL(HandShake) Protocol By J.STEPHY GRAFF IIM.SC(C.S)
Active Directory. Computers in organizations Computers are linked together for communication and sharing of resources There is always a need to administer.
Advanced Authentication Campus-Booster ID: Copyright © SUPINFO. All rights reserved Kerberos.
11/18/2003 Smart Card Authentication Mechanism Tim W. Baldridge, CISSP Marshall Space Flight Center Office of the Chief Information Officer.
Proctor Caching Overview. 2 Proctor Caching Diagram.
1 Inside Module 3 Working with Eloquence Page n Commands to access Eloquence databases2 n Opening and closing a database3 n Eloquence and Base Command4.
Mar 18, 2003Mårten Trolin1 Agenda Parts that need to be secured Card authentication Key management.
M IND Q S YSTEMS Leaders in Training /7, 2nd Floor, Srinivasa Nagar Colony (W) Above HDFC Bank, S.R.Nagar Hyderabad
WEB TESTING
PV204 Security technologies LABS
0_kit End to End encryption in your app
What is REST API ? A REST (Representational State Transfer) Server simply provides access to resources and the REST client accesses and presents the.
Operation System Program 4
DISTRIBUTED SYSTEMS Principles and Paradigms Second Edition ANDREW S
X-Road as a Platform to Exchange MyData
Eric Mazzocco, Jake Smith, Ian Anderson
Presentation transcript:

Global Platform Presentation C:\Path - filename - san page 1 Open Platform on Java Card Introduction by Ingeborg Sandow

Global Platform Presentation C:\Path - filename - san page 2 Content Specifications Overview Card Architecture Card Manager Tasks Security Domain Tasks Functionality of Provider Security Domains Life Cycle Models APDU-Interface Card Manager OP API

Global Platform Presentation C:\Path - filename - san page 3 Specifications Open Platform Card Specification Version 2.0.1’ GlobalPlatform Card Specification Version 2.1 available at:

Global Platform Presentation C:\Path - filename - san page 4 Overview

Global Platform Presentation C:\Path - filename - san page 5 Card Architecture

Global Platform Presentation C:\Path - filename - san page 6 Card Manager Tasks Loading, installation and deletion of applications Realization of the Card Issuers security with the support of a security domain Performing access checks on card global data Check of application privileges Administration of life cycles

Global Platform Presentation C:\Path - filename - san page 7 Security Domain Tasks Realization of the cryptographic functionality Key administration Methods for the personalization of the Card Manager i.e. loading of keys Cryptographic Support for Load File DAPs for Secure Messaging for the loading of keys

Global Platform Presentation C:\Path - filename - san page 8 Functionality of Provider Securtiy Domains Standard Provider Security Domain Methods supporting the loading of keys Implementation of the Secure Messaging Provider Security Domain with DAP verification privilege Performing the verification of the Load File Data Block Data Authentication Pattern(s) Provider Security Domains with Delegated Management privilege Security domains with the privilege to load, install and delete applications

Global Platform Presentation C:\Path - filename - san page 9 Life Cycle Models (1) Card Manager Life Cycle OP_READY INITIALIZED SECURED TERMINATEDCM_LOCKED

Global Platform Presentation C:\Path - filename - san page 10 Life Cycle Models (2) Load File Life Cycle LOADED DELETED (logically or physically)

Global Platform Presentation C:\Path - filename - san page 11 Life Cycle Models (3) Application Life Cycle INSTALLED SELECTABLE PERSONALIZED LOCKEDBLOCKEDDELETED (logically or physically)

Global Platform Presentation C:\Path - filename - san page 12 APDU-Interface Card Manager Administrative: –SELECT Secure Channel: –INITIALIZE UPDATE –EXTERNAL AUTHENTICATE Card Content Management: –DELETE –GET DATA –PUT DATA –GET STATUS –INSTALL –LOAD –PUT KEY PIN: –PIN CHANGE/UNBLOCK

Global Platform Presentation C:\Path - filename - san page 13 OP API OPSystem (1) Life Cycle administration The Card Manager Life Cycle can be accessed by applications with special privileges. Therefore the application can use the methods getCardManagerState(), lockCardManager() and terminateCardManager(). The application can get/modify its own state via getCardContentState() and setCardContentState(). ATR The historical bytes of the Answer To Reset (ATR) can be changed with setATRHistBytes().

Global Platform Presentation C:\Path - filename - san page 14 OP API OPSystem (2) PIN check The card global PIN inside the Card Manager is addressed by getTriesRemaining(), setPin() and verifyPin(). Access a ProviderSecurityDomain An application can grant access on its (Provider) SecurityDomain using the method getSecurityDomain().

Global Platform Presentation C:\Path - filename - san page 15 OP API ProviderSecurityDomain (1) Authentication An external authentication can be verified with the method verifyExternalAuthenticate() which uses the APDU buffer for the input parameters. Key management Key loading is supported by the method decryptVerifyKey(). The key(s) contained in a PUT_KEY APDU is/are encrypted and the key verification value is checked. If the check was successful, true is returned.

Global Platform Presentation C:\Path - filename - san page 16 OP API ProviderSecurityDomain (2) Secure Messaging 1. The secure session starts by setting up a secure channel via openSecureChannel(). 2. Encrypted APDUs are decrypted by the method unwrap(). 3. At the end the derived secure messaging keys are discarded inside the method closeSecureChannel().

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.