4 Replies Latest reply on Apr 19, 2013 5:17 PM by Vivien

    [security] access control on data in Applet

    Vivien
      Hi,

      I am wondering how data is protected on the card, or in an Applet.

      Suppose that we have this private final RSAPrivateKey privateKey defined. And it is initialized in the private constructor/installer. How does the JC protect the memory of this variable? By the access modifier? i.e. private/public/..?

      I would like to know how does GSM achieve the protection of its card authentication key. We know that the key is never readable. The only way that you use it is through APDU "RUN_GSM_ALGORITHM". So how can we do the same through JavaCard??

      Thanks,
      Vivian

      Edited by: 934624 on Mar 25, 2013 3:47 AM
        • 1. Re: [security] access control on data in Applet
          safarmer
          Suppose that we have this private final RSAPrivateKey privateKey defined. And it is initialized in the private constructor/installer. How does the JC protect the memory of this variable? By the access modifier? i.e. private/public/..?
          The chip will most likely store the key in the crypto co-processor (this is up to the implementation though) which has higher tamper resistance etc. The applet firewall will logically protect the data in that no other applet context can access that memory. The visibility of the field will prevent other classes accessing it.
          I would like to know how does GSM achieve the protection of its card authentication key. We know that the key is never readable. The only way that you use it is through APDU "RUN_GSM_ALGORITHM". So how can we do the same through JavaCard??
          By not implementing a command that exposes the key. If you never return the bytes of the key and only expose methods/commands to use the key then no one can get your private key.

          - Shane
          • 2. Re: [security] access control on data in Applet
            Vivien
            Hi Shane,

            So do you mean that if we use a Key object and not allow the read API, it can achieve the same security than GSM authentication key protection?

            Thanks
            • 3. Re: [security] access control on data in Applet
              safarmer
              So do you mean that if we use a Key object and not allow the read API, it can achieve the same security than GSM authentication key protection?
              Correct. Unless your applet directly exposes the key (which you would have to implement yourself) then the key can be considered secure and will not be available outside your code.

              - Shane
              1 person found this helpful
              • 4. Re: [security] access control on data in Applet
                Vivien
                Got it! Thanks a lot :) !!