[KEYPROV] Invention disclosure: VSD (Virtual Security Domain) for Key Management
Anders Rundgren <anders.rundgren@telia.com> Sun, 31 October 2010 09:33 UTC
Return-Path: <anders.rundgren@telia.com>
X-Original-To: keyprov@core3.amsl.com
Delivered-To: keyprov@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 123AD3A6849 for <keyprov@core3.amsl.com>; Sun, 31 Oct 2010 02:33:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.826
X-Spam-Level:
X-Spam-Status: No, score=-1.826 tagged_above=-999 required=5 tests=[AWL=1.773, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8FjURP+Xt1Ze for <keyprov@core3.amsl.com>; Sun, 31 Oct 2010 02:33:38 -0700 (PDT)
Received: from smtp-out11.han.skanova.net (smtp-out11.han.skanova.net [195.67.226.200]) by core3.amsl.com (Postfix) with ESMTP id 18EC63A6991 for <keyprov@ietf.org>; Sun, 31 Oct 2010 02:32:44 -0700 (PDT)
Received: from [192.168.0.201] (81.232.45.215) by smtp-out11.han.skanova.net (8.5.124.10) (authenticated as u36408181) id 4C7E1270017D4716 for keyprov@ietf.org; Sun, 31 Oct 2010 10:33:35 +0100
Message-ID: <4CCD37EE.6060209@telia.com>
Date: Sun, 31 Oct 2010 10:33:34 +0100
From: Anders Rundgren <anders.rundgren@telia.com>
User-Agent: Thunderbird 2.0.0.23 (X11/20090817)
MIME-Version: 1.0
To: KEYPROV <keyprov@ietf.org>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Subject: [KEYPROV] Invention disclosure: VSD (Virtual Security Domain) for Key Management
X-BeenThere: keyprov@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "Provisioning of Symmetric Keys \(keyprov\)" <keyprov.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/keyprov>, <mailto:keyprov-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/keyprov>
List-Post: <mailto:keyprov@ietf.org>
List-Help: <mailto:keyprov-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/keyprov>, <mailto:keyprov-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 31 Oct 2010 09:33:42 -0000
In GP (GlobalPlatform) an SE (Security Element) may have predefined security domains in the form of cryptographic keys allowing multiple parties securely sharing the SE. The invention described here extends this notion by optionally allowing each issuer during a provisioning session associate provisioned data with a public key, coined KMK (Key Management Key). I.e. there are no predefined security domains; they are created dynamically as needed by the issuers which is primarily of interest in mobile phones where owner- ship to a built-in SE would be difficult to determine in advance. Subsequent (post provisioning) operations must include a fresh signature using the KMK's private key over a MAC or hash of the target object to be managed. This is performed in an E2ES (End to End Secured) procedure between the issuer and SE. The very same KMK can also be used to perform secure remote lookups of keys in a container which improves the robustness of the KM process. Detailed information is available in: http://webpki.org/papers/keygen2/sks-api-arch.pdf This invention is hereby put in the public domain. Anders
- [KEYPROV] Invention disclosure: VSD (Virtual Secu… Anders Rundgren