Presentation is loading. Please wait.

Presentation is loading. Please wait.

A Profile Of PKCS #11 V2.11 For Mobile Devices Magnus Nyström PKCS Workshop 2002.

Published byBryanna Notley Modified over 10 years ago

Similar presentations

Presentation on theme: "A Profile Of PKCS #11 V2.11 For Mobile Devices Magnus Nyström PKCS Workshop 2002."— Presentation transcript:

1 A Profile Of PKCS #11 V2.11 For Mobile Devices Magnus Nyström PKCS Workshop 2002

2 Motivation Given that mobile devices (PDAs, SmartPhones, Cellular phones, pagers, etc.) : 1.increasingly needs access to security services such as Digital rights management Secure communication Transaction security, 2.runs on a wide variety of OS platforms, 3.to a high degree supports or will support cryptographic tokens such as smart cards secure multimedia cards…

3 Motivation …there is an increased need to offer a standardized interface to tokens in this environment Why not just PKCS #11 v2.11? Too large Too flexible A profile of PKCS #11 seems suitable!

4 Previous Work PKCS #11 v2.10 Conformance Profile Specification Contains 4 profiles: RSA acceleration (clearly not suited) D-H acceleration (clearly not suited) RSA asymmetric client (too constrained) Large Application Profile (lacks certain features)

5 Proposal Make a profile based on PKCS #11 v2.11 Fastest way forward, will (hopefully) be possible to incorporate PKCS #11 advancements later on

6 Profile: Mechanisms CKM_RSA_KEY_PAIR_GEN, CKM_RSA_PKCS, CKM_RSA_X509 (MUST support at least 1024-bit keys), CKM_MD5_RSA_PKCS, CKM_SHA1_RSA_PKCS, CKM_SHA_1_HMAC, CKM_CMS_SIG, CKM_SHA_1, CKM_MD5, and possibly a selection of symmetric mechanisms - RC4, 3DES, RC5 (?), AES, and - possibly - TLS/SSL mechanisms (not used frequently by browsers). Comparison with LAP: LAP only supports CKM_RSA_X509 and CKM_RSA_PKCS My view is that LAP is too constrained (but the list above may well be too long)

7 Profile: Functions Basically the same as is in LAP with the following additions: C_SeedRandom(), C_GetRandom() Reason: Tokens used by these devices normally supports this operation C_VerifyInit, C_Verify() Reason: As above

8 Profile: Thread Handling Suggest that library must be able to handle option 4 in Section 6.5.2 of PKCS #11 v2.11: Library must be prepared to us native OS primitives for concurrent accesses or application-supplied callback primitives Reason: Most flexible solution, yet should be achievable on all platforms

9 Profile: Sessions My suggestion is similar as for the LAP: 10 simultaneous R/O, 1 R/W.

10 Profile: Templates Similar to LAP, but: Changed MUST to MUST be able to, in a number of places, e.g. some applications may prefer to generate short-lived keys in software and not have them as token objects.

11 For Discussion Compound Call: Find slot, token, initiate session, login user? Simplifies client code Level of detail Suggest higher level of detail than for existing profiles Increases chance of interop Reduce risk of confusion (?) Timeline

Download ppt "A Profile Of PKCS #11 V2.11 For Mobile Devices Magnus Nyström PKCS Workshop 2002."

Similar presentations

1 IETF KEYPROV WG Protocol Basis and Characteristics IEEE P1619.3 April 11, 2007 Andrea Doherty.

1 IETF KEYPROV WG Protocol Basis and Characteristics IEEE P April 11, 2007 Andrea Doherty.
.NET Technology. Introduction Overview of.NET What.NET means for Developers, Users and Businesses Two.NET Research Projects:.NET Generics AsmL.

.NET Technology. Introduction Overview of.NET What.NET means for Developers, Users and Businesses Two.NET Research Projects:.NET Generics AsmL.
Technical Presentation AIAC 2010-2011 Group 11. System Rationale System Architecture Secure Channel Establishment Username/Password Cartão Cidadão Digital.

Technical Presentation AIAC Group 11. System Rationale System Architecture Secure Channel Establishment Username/Password Cartão Cidadão Digital.
© Copyrights 1998 Algorithmic Research Ltd. All rights Reserved D a t a S e c u r i t y A c r o s s t h e E n t e r p r i s e Algorithmic Research a company.

© Copyrights 1998 Algorithmic Research Ltd. All rights Reserved D a t a S e c u r i t y A c r o s s t h e E n t e r p r i s e Algorithmic Research a company.
FIPS 201 Framework: Special Pubs 800-73,76,78 Jim Dray HSPD-12 Workshop May 4/5, 2005.

FIPS 201 Framework: Special Pubs ,76,78 Jim Dray HSPD-12 Workshop May 4/5, 2005.
Mobile Communication MMS.

Mobile Communication MMS.
310KM M-Commerce Application Selection of Mobile Platform Group 4 Choy Chun Lung, Lawrence Hui Yiu Ting, Eddy Chan Ki Yin, CKY Liu Tsz Ping, Scott.

310KM M-Commerce Application Selection of Mobile Platform Group 4 Choy Chun Lung, Lawrence Hui Yiu Ting, Eddy Chan Ki Yin, CKY Liu Tsz Ping, Scott.
CT-KIP Magnus Nyström, RSA Security 23 May 2005. Overview A client-server protocol for initialization (and configuration) of cryptographic tokens —Intended.

CT-KIP Magnus Nyström, RSA Security 23 May Overview A client-server protocol for initialization (and configuration) of cryptographic tokens —Intended.
CT-KIP Magnus Nyström, RSA Security OTPS Workshop, October 2005.

CT-KIP Magnus Nyström, RSA Security OTPS Workshop, October 2005.
Chapter 17: WEB COMPONENTS

Chapter 17: WEB COMPONENTS
Cryptography and Network Security Chapter 16

Cryptography and Network Security Chapter 16
PKCS #15 v1.1 Magnus Nyström RSA Laboratories PKCS Workshop, 1999.

PKCS #15 v1.1 Magnus Nyström RSA Laboratories PKCS Workshop, 1999.
Network Security: Lab#2 J. H. Wang Apr. 28, 2011.

Network Security: Lab#2 J. H. Wang Apr. 28, 2011.
Identity and Access IDPrime MD 8840 and IDCore 8030 MicroSD cards

Identity and Access IDPrime MD 8840 and IDCore 8030 MicroSD cards
SSL Implementation Guide Onno W. Purbo

SSL Implementation Guide Onno W. Purbo
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
Cryptography and Network Security

Cryptography and Network Security
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, I've Got You under My Skin“ by Cole Porter.

7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, "I've Got You under My Skin“ by Cole Porter.
Hardware Cryptographic Coprocessor Peter R. Wihl Security in Software.

Hardware Cryptographic Coprocessor Peter R. Wihl Security in Software.

Similar presentations

Ads by Google