Presentation is loading. Please wait.

Presentation is loading. Please wait.

We leave the world of cryptography for a while.

Published byPerla Dove Modified over 9 years ago

Similar presentations

Presentation on theme: "We leave the world of cryptography for a while."— Presentation transcript:

1 TRUST PROVISIONING Related Hardware Embedded Secure Elements for Mobile Phone applications
We leave the world of cryptography for a while. We understand that where online PKI is not possible, the secret keys must be exchanged and kept secret. A smartcard, or a secure element, are good way of securely storing a secret, like a key. The processor using the key for the computation is in the smartcard as well, as such the key never leaves it’s secure environment. But such keys have to be loaded on the smartcard once. This is how it works generally:

2 Smart Card Initialization & Personalization
Service Provider (bank) Card – Mr Bianchi Card – Mr Bianchi Card – Mr Gallo Card – Mr Gallo Card – Mr Rossi Card – Mr Rossi O.S. Provider ROM Mask, EEPROM Image, Silicon Manufacturer Card Vendor Wafer Testing Pre-perso Personalization Card Mr Bianchi Card Mr Gallo Card Mr Rossi SMART CARD Mr Gallo Flow of Trust Mr Gallo Flow of Hardware Press <space> once!

3 Trust Provisioning Initialization & Personalization
service provider Service Provider(s!) (bank) Trusted Service Manager O.S. Provider ROM Mask, EEPROM Image Silicon Manufacturer Mr. Koch OTA IC Personalization Mr Koch – OTA Diffusion, Wafer Testing, Initialization (1Key4Die),… X Uid..001 Uid..002 Uid..00n Uid..001 Uid..002 Uid..00n 001 002 Non trusted OEM/ODM 00n 001 MNO 00n 002 001 002 Distribution / Retail 00n 001 End

4 How Keys and Certificates are created
Start public Silicon Manufacturer Public/Private Key Pair NXP private key securely stored in NXP HSM private public private Generate IC-specific Public/Private Key Pair Key Generator Secure Key Storage Create Device Certificate Body Signing Hardware Secure Module (HSM) Calculate Hash of Certificate Body Body Signed Hash Example Signature Sign Hash with NXP Private Key Insert Device Certificate + IC-specific Private Key in Embedded SE Chip ESE Chip Ready

5 Offline authentication
HOST (MCU) CLIENT (Authentication Device) Body Public Key Signed HASH Root CA Certificate Body Public Key Signed HASH Device Certificate Body Public Key Signed HASH Device Certificate Request certificate Send certificate Client Certificate is genuine Private Key Validate certificate NOK OK Rnd# Send challenge Sign(Rnd#) Sign challenge Send response Validate response Client knows its private key NOK Continue service OK stop

6 Client-authenticated TLS handshake
ClientHello Certificate ClientKeyExchange CertificateVerify ChangeCipherSpec Finished RNDa+caps ServerHello Certificate CertificateRequest ServerHelloDone ChangeCipherSpecs Finished RNDb+method selection Certificate verification Server certificate+CA sign Client certificate+CA sign Secret key Certificate verification Transaction signature

7 Hands-on: Example of a TLS link Using A70CM

Download ppt "We leave the world of cryptography for a while."

Similar presentations

Gareth Ellis Senior Solutions Consultant Session 5a Key and PIN Management.

Gareth Ellis Senior Solutions Consultant Session 5a Key and PIN Management.
SSL/TLS Protocol Network Security Gene Itkis. Basic paradigmatic application: on-line purchase Client contacts Server (possibly for the first time) Spontaneity.

SSL/TLS Protocol Network Security Gene Itkis. Basic paradigmatic application: on-line purchase Client contacts Server (possibly for the first time) Spontaneity.
Ecosystem Scenarios for Cloud-based NFC Payments

Ecosystem Scenarios for Cloud-based NFC Payments
WPKI available technology diagram and the business model

WPKI available technology diagram and the business model
1 Trusted Systems in Networking Infrastructure Rafael Mantilla Montalvo Cisco Systems June 2013.

1 Trusted Systems in Networking Infrastructure Rafael Mantilla Montalvo Cisco Systems June 2013.
TLS. 14.1 Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.

TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
Kerberized Credential Translation Olga Kornievskaia Peter Honeyman Bill Doster Kevin Coffman Center for Information Technology Integration University of.

Kerberized Credential Translation Olga Kornievskaia Peter Honeyman Bill Doster Kevin Coffman Center for Information Technology Integration University of.
17.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 17 Security at the Transport Layer: SSL and TLS.

17.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 17 Security at the Transport Layer: SSL and TLS.
Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)

Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)
1 SSL/TLS 2 Web security Security requirements Secrecy to prevent eavesdroppers to learn sensitive information Entity authentication Message authentication.

1 SSL/TLS 2 Web security Security requirements Secrecy to prevent eavesdroppers to learn sensitive information Entity authentication Message authentication.
COMP043-Cryptology Week 4 – Certs and Sigs. Digital Signatures Digital signatures provide –Integrity –Authenticity and –Non-repudiation How do they work?

COMP043-Cryptology Week 4 – Certs and Sigs. Digital Signatures Digital signatures provide –Integrity –Authenticity and –Non-repudiation How do they work?
1 GP Confidential ©2013 1 GlobalPlatform’s Value Proposition for Mobile Point of Sale (mPOS)

1 GP Confidential © GlobalPlatform’s Value Proposition for Mobile Point of Sale (mPOS)
Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.

Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.
Cross Platform Single Sign On using client certificates Emmanuel Ormancey, Alberto Pace Internet Services group CERN, Information Technology department.

Cross Platform Single Sign On using client certificates Emmanuel Ormancey, Alberto Pace Internet Services group CERN, Information Technology department.
IETF 76 – Hiroshima Internet Draft : EAP-BIO Pascal URIEN – Telecom ParisTech Christophe KIENNERT – Telecom ParisTech.

IETF 76 – Hiroshima Internet Draft : EAP-BIO Pascal URIEN – Telecom ParisTech Christophe KIENNERT – Telecom ParisTech.
Mar 19, 2002Mårten Trolin1 This lecture On the assignment Certificates and key management SSL/TLS –Introduction –Phases –Commands.

Mar 19, 2002Mårten Trolin1 This lecture On the assignment Certificates and key management SSL/TLS –Introduction –Phases –Commands.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.

Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.
Lesson 12 Cryptography for E-Commerce. Approaches to Network Security Separate Security Protocol--SSL Application-Specific Security--SHTTP Security with.

Lesson 12 Cryptography for E-Commerce. Approaches to Network Security Separate Security Protocol--SSL Application-Specific Security--SHTTP Security with.
WAP Public Key Infrastructure CSCI 5939.02 – Independent Study Fall 2002 Jaleel Syed Presentation No 5.

WAP Public Key Infrastructure CSCI – Independent Study Fall 2002 Jaleel Syed Presentation No 5.

Similar presentations

Ads by Google