Presentation is loading. Please wait.

Presentation is loading. Please wait.

Global Platform Presentation C:\Path - filename - san - 23.10.02 - page 1 Open Platform on Java Card Introduction by Ingeborg Sandow.

Published byHollie Bond Modified over 9 years ago

Similar presentations

Presentation on theme: "Global Platform Presentation C:\Path - filename - san - 23.10.02 - page 1 Open Platform on Java Card Introduction by Ingeborg Sandow."— Presentation transcript:

1 Global Platform Presentation C:\Path - filename - san - 23.10.02 - page 1 Open Platform on Java Card Introduction by Ingeborg Sandow

2 Global Platform Presentation C:\Path - filename - san - 23.10.02 - page 2 Content Specifications Overview Card Architecture Card Manager Tasks Security Domain Tasks Functionality of Provider Security Domains Life Cycle Models APDU-Interface Card Manager OP API

3 Global Platform Presentation C:\Path - filename - san - 23.10.02 - page 3 Specifications Open Platform Card Specification Version 2.0.1’ GlobalPlatform Card Specification Version 2.1 available at: www.visa.com www.globalplatform.org

4 Global Platform Presentation C:\Path - filename - san - 23.10.02 - page 4 Overview

5 Global Platform Presentation C:\Path - filename - san - 23.10.02 - page 5 Card Architecture

6 Global Platform Presentation C:\Path - filename - san - 23.10.02 - page 6 Card Manager Tasks Loading, installation and deletion of applications Realization of the Card Issuers security with the support of a security domain Performing access checks on card global data Check of application privileges Administration of life cycles

7 Global Platform Presentation C:\Path - filename - san - 23.10.02 - page 7 Security Domain Tasks Realization of the cryptographic functionality Key administration Methods for the personalization of the Card Manager i.e. loading of keys Cryptographic Support for Load File DAPs for Secure Messaging for the loading of keys

8 Global Platform Presentation C:\Path - filename - san - 23.10.02 - page 8 Functionality of Provider Securtiy Domains Standard Provider Security Domain Methods supporting the loading of keys Implementation of the Secure Messaging Provider Security Domain with DAP verification privilege Performing the verification of the Load File Data Block Data Authentication Pattern(s) Provider Security Domains with Delegated Management privilege Security domains with the privilege to load, install and delete applications

9 Global Platform Presentation C:\Path - filename - san - 23.10.02 - page 9 Life Cycle Models (1) Card Manager Life Cycle OP_READY INITIALIZED SECURED TERMINATEDCM_LOCKED

10 Global Platform Presentation C:\Path - filename - san - 23.10.02 - page 10 Life Cycle Models (2) Load File Life Cycle LOADED DELETED (logically or physically)

11 Global Platform Presentation C:\Path - filename - san - 23.10.02 - page 11 Life Cycle Models (3) Application Life Cycle INSTALLED SELECTABLE PERSONALIZED LOCKEDBLOCKEDDELETED (logically or physically)

12 Global Platform Presentation C:\Path - filename - san - 23.10.02 - page 12 APDU-Interface Card Manager Administrative: –SELECT Secure Channel: –INITIALIZE UPDATE –EXTERNAL AUTHENTICATE Card Content Management: –DELETE –GET DATA –PUT DATA –GET STATUS –INSTALL –LOAD –PUT KEY PIN: –PIN CHANGE/UNBLOCK

13 Global Platform Presentation C:\Path - filename - san - 23.10.02 - page 13 OP API OPSystem (1) Life Cycle administration The Card Manager Life Cycle can be accessed by applications with special privileges. Therefore the application can use the methods getCardManagerState(), lockCardManager() and terminateCardManager(). The application can get/modify its own state via getCardContentState() and setCardContentState(). ATR The historical bytes of the Answer To Reset (ATR) can be changed with setATRHistBytes().

14 Global Platform Presentation C:\Path - filename - san - 23.10.02 - page 14 OP API OPSystem (2) PIN check The card global PIN inside the Card Manager is addressed by getTriesRemaining(), setPin() and verifyPin(). Access a ProviderSecurityDomain An application can grant access on its (Provider) SecurityDomain using the method getSecurityDomain().

15 Global Platform Presentation C:\Path - filename - san - 23.10.02 - page 15 OP API ProviderSecurityDomain (1) Authentication An external authentication can be verified with the method verifyExternalAuthenticate() which uses the APDU buffer for the input parameters. Key management Key loading is supported by the method decryptVerifyKey(). The key(s) contained in a PUT_KEY APDU is/are encrypted and the key verification value is checked. If the check was successful, true is returned.

16 Global Platform Presentation C:\Path - filename - san - 23.10.02 - page 16 OP API ProviderSecurityDomain (2) Secure Messaging 1. The secure session starts by setting up a secure channel via openSecureChannel(). 2. Encrypted APDUs are decrypted by the method unwrap(). 3. At the end the derived secure messaging keys are discarded inside the method closeSecureChannel().

Download ppt "Global Platform Presentation C:\Path - filename - san - 23.10.02 - page 1 Open Platform on Java Card Introduction by Ingeborg Sandow."

Similar presentations

Building Portals to access Grid Middleware National Technical University of Athens Konstantinos Dolkas, On behalf of Andreas Menychtas.

Building Portals to access Grid Middleware National Technical University of Athens Konstantinos Dolkas, On behalf of Andreas Menychtas.
Smart Card Security Xufen Gao CS 265 Spring, 2004 San Jose State University.

Smart Card Security Xufen Gao CS 265 Spring, 2004 San Jose State University.
Windows 2000 Security --Kerberos COSC513 Project Sihua Xu June 13, 2014.

Windows 2000 Security --Kerberos COSC513 Project Sihua Xu June 13, 2014.
Professional Toolkit V2.0 C:\Presentations - SmartCafe_Prof_V2.0 - bsc - 22.02.01 - page 1 Professional Toolkit 2.0.

Professional Toolkit V2.0 C:\Presentations - SmartCafe_Prof_V2.0 - bsc page 1 Professional Toolkit 2.0.
Java Card Technology Ch07: Applet Instructors: Fu-Chiung Cheng ( 鄭福炯 ) Associate Professor Computer Science & Engineering Computer Science & Engineering.

Java Card Technology Ch07: Applet Instructors: Fu-Chiung Cheng ( 鄭福炯 ) Associate Professor Computer Science & Engineering Computer Science & Engineering.
SSL Protocol By Oana Dini. Overview Introduction to SSL SSL Architecture SSL Limitations.

SSL Protocol By Oana Dini. Overview Introduction to SSL SSL Architecture SSL Limitations.
1 GP Confidential ©2013 1 GlobalPlatform’s Value Proposition for Mobile Point of Sale (mPOS)

1 GP Confidential © GlobalPlatform’s Value Proposition for Mobile Point of Sale (mPOS)
Securing. Agenda  Hard Drive Encryption  User Account Permissions  Root Level Access  Firewall Protection  Malware Protection.

Securing. Agenda  Hard Drive Encryption  User Account Permissions  Root Level Access  Firewall Protection  Malware Protection.
Build 2015 4/15/2017 © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION.

Build /15/2017 © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION.
Building and Deploying Safe and Secure Android Apps for Enterprise Presented by Technology Consulting Group at Endeavour Software Technologies.

Building and Deploying Safe and Secure Android Apps for Enterprise Presented by Technology Consulting Group at Endeavour Software Technologies.
LAB#2 JAVA SECURITY OVERVIEW Prepared by: I.Raniah Alghamdi.

LAB#2 JAVA SECURITY OVERVIEW Prepared by: I.Raniah Alghamdi.
Mar 11, 2003Mårten Trolin1 Previous lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.

Mar 11, 2003Mårten Trolin1 Previous lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.
Edward Tsai – CS 239 – Spring 2003 Strong Security for Active Networks CS 239 – Network Security Edward Tsai Tuesday, May 13, 2003.

Edward Tsai – CS 239 – Spring 2003 Strong Security for Active Networks CS 239 – Network Security Edward Tsai Tuesday, May 13, 2003.
Web Servers How do our requests for resources on the Internet get handled? Can they be located anywhere? Global?

Web Servers How do our requests for resources on the Internet get handled? Can they be located anywhere? Global?
5/8/2006 pmarquez/Active Directory 1 Windows Server 2003 Active Directory CS526 Semester Project Spring 2006 Patricia C. Marquez Microsoft.

5/8/2006 pmarquez/Active Directory 1 Windows Server 2003 Active Directory CS526 Semester Project Spring 2006 Patricia C. Marquez Microsoft.
Muhammad Wasim Raad1 Smart Cards Operating Systems أنظمة التشغيل للبطاقات الذكية By: Dr Muhammad Wasim Raad Computer Engineering Department.

Muhammad Wasim Raad1 Smart Cards Operating Systems أنظمة التشغيل للبطاقات الذكية By: Dr Muhammad Wasim Raad Computer Engineering Department.
MNO Cloud Use Case 2 Source: Rogers Wireless Contact: Ed O’Leary George Babut 3GPP/SA3-LI#43Tdoc SA3LI11_115.

MNO Cloud Use Case 2 Source: Rogers Wireless Contact: Ed O’Leary George Babut 3GPP/SA3-LI#43Tdoc SA3LI11_115.
Key Management Guidelines. 1. Introduction 2. Glossary of Terms and Acronyms 3. Cryptographic Algorithms, Keys and Other Keying Material 4. Key Management.

Key Management Guidelines. 1. Introduction 2. Glossary of Terms and Acronyms 3. Cryptographic Algorithms, Keys and Other Keying Material 4. Key Management.
Java Card Open Platform Combines tomorrow's technology and platforms C:\Presentations - JavaCard_OpenPlatform.ppt - bsc - 26.02.02 - page 1 Programming.

Java Card Open Platform Combines tomorrow's technology and platforms C:\Presentations - JavaCard_OpenPlatform.ppt - bsc page 1 Programming.
FORESEC Academy FORESEC Academy Security Essentials (II)

FORESEC Academy FORESEC Academy Security Essentials (II)

Similar presentations

Ads by Google