how to create Supplementary Security Domain
240 views
Skip to first unread message
Pu Yongming
May 1, 2017, 9:34:55 PM5/1/17
to seek-for-android
Hi,
any one knows how to create supplemetary security domains, I searched a lot and still don't know how. the iso7816 standard didn't tell us how.
Eduard Karel Jong de
May 2, 2017, 7:02:01 AM5/2/17
to seek-for...@googlegroups.com
Security domains are
defined by Global Platform. It is not an ISO 7816 feature. Fundamentally
an SD is just a Java Card(TM) Applet with a
bunch of keys in it.
The Card Management Applet can create one, and you will need the secret card management keys to do so. The card management keys are 'known' to the card issuer.
To create an additional security domain you need the active support from the issuer. They can use their keys to create the Security Domain and initialise it with your secret domain management keys.
Without that support It won't be possible to create an SD.
In my opinion the whole SD concept is rather cumbersome, it was hastily conceived in the context of VISA Open Platform, the precourspr to Open Platform, without full appreciation of the Java card security concept: peer-to-peer security with strict separation between applets by a firewall, without the need for a super-user. Commercial need to release Java Card 2.0 in time prevented a timely correction of this misconception. The rest is history.
Cheers
Eduard de Jong
p.s.
I was there at the time of the creation of the Java Card 2.0 specs.
--
Eduard
Pu Yongming wrote:
The Card Management Applet can create one, and you will need the secret card management keys to do so. The card management keys are 'known' to the card issuer.
To create an additional security domain you need the active support from the issuer. They can use their keys to create the Security Domain and initialise it with your secret domain management keys.
Without that support It won't be possible to create an SD.
In my opinion the whole SD concept is rather cumbersome, it was hastily conceived in the context of VISA Open Platform, the precourspr to Open Platform, without full appreciation of the Java card security concept: peer-to-peer security with strict separation between applets by a firewall, without the need for a super-user. Commercial need to release Java Card 2.0 in time prevented a timely correction of this misconception. The rest is history.
Cheers
Eduard de Jong
p.s.
I was there at the time of the creation of the Java Card 2.0 specs.
--
Eduard
Pu Yongming wrote:
Hi,any one knows how to create supplemetary security domains, I searched a lot and still don't know how. the iso7816 standard didn't tell us how.
--
---
You received this message because you are subscribed to the Google Groups "seek-for-android" group.
To unsubscribe from this group and stop receiving emails from it, send an email to seek-for-andro...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages