Presentation is loading. Please wait.

Presentation is loading. Please wait.

TRUST PROVISIONING Related Hardware Embedded Secure Elements for Mobile Phone applications 1.

Similar presentations


Presentation on theme: "TRUST PROVISIONING Related Hardware Embedded Secure Elements for Mobile Phone applications 1."— Presentation transcript:

1 TRUST PROVISIONING Related Hardware Embedded Secure Elements for Mobile Phone applications 1

2 SMART CARD Mr Gallo Silicon Manufacturer Wafer Testing … Card Vendor Pre-perso Personalization Smart Card Initialization & Personalization 2 Mr Gallo Mr Bianchi Mr Rossi Card Card Card Mr Gallo Service Provider (bank) Card – Mr Bianchi Card – Mr Gallo Card – Mr Rossi Flow of Trust Flow of Hardware O.S. Provider ROM Mask, EEPROM Image, Card – Mr Bianchi Card – Mr Gallo Card – Mr Rossi Press once!

3 Trusted Service Manager OTA IC Personalization Uid..001 Uid..002 Uid..00n Diffusion, Wafer Testing, Initialization (1Key4Die),… Trust Provisioning Initialization & Personalization 3 service provider Service Provider(s!) (bank) Silicon Manufacturer Uid..001 Uid..002 Uid..00n n Mr. Koch O.S. Provider ROM Mask, EEPROM Image OTA Non trusted OEM/ODM n MNO Distribution / Retail n 001 Mr Koch – End

4 How Keys and Certificates are created 4 Hardware Secure Module (HSM) Key Generator Key Generator Signing Secure Key Storage Secure Key Storage Start Generate IC-specific Public/Private Key Pair ESE Chip Ready ESE Chip Ready Create Device Certificate Body Calculate Hash of Certificate Body Sign Hash with NXP Private Key Insert Device Certificate + IC-specific Private Key in Embedded SE Chip Insert Device Certificate + IC-specific Private Key in Embedded SE Chip Silicon Manufacturer Public/Private Key Pair NXP private key securely stored in NXP HSM public private Body Signed Hash Example Signature public private

5 Request certificate Request certificate Validate certificate Validate certificate Send challenge Send challenge Validate response Validate response OK Continue service Continue service OK NOK Client Certificate is genuine Client knows its private key HOST (MCU) Send certificate Send certificate Sign challenge Sign challenge Send response Send response CLIENT (Authentication Device) Private Key Body … Public Key … Signed HASH Root CA Certificate Body … Public Key … Signed HASH Device Certificate stop Body … Public Key … Signed HASH Device Certificate Offline authentication 5 Rnd# Sign(Rnd#)

6 Client-authenticated TLS handshake ClientHello Certificate ClientKeyExchange CertificateVerify ChangeCipherSpec Finished ServerHello Certificate CertificateRequest ServerHelloDone ChangeCipherSpecs Finished RNDa+caps RNDb+method selection Server certificate+CA sign Client certificate+CA sign Secret key Transaction signature Certificate verification 6

7 Hands-on: Example of a TLS link Using A70CM 7


Download ppt "TRUST PROVISIONING Related Hardware Embedded Secure Elements for Mobile Phone applications 1."

Similar presentations


Ads by Google