JavaCard OS

JavaCardOS - JavaCardForum
http://www.javacardos.com/javacardforum/

secure channel security question

http://www.javacardos.com/javacardforum/viewtopic.php?f=15&t=1194

Page 1 of 1

secure channel security question

Posted: Wed May 24, 2017 11:57 pm
by Christy16
I want to use a secure channel for chaining data from and to the smart card. And I would like to use the global platform secure channel to realize this. In this case, I have to use the GP mutual auth method to init a secure channel. But if i do so, an attacker of the applet would be able to block the whole applet after a couple of bad mutual auth tries, wouldn't he? So does anyone know whether it is possible to use a secure channel without blocking the card?

Re: secure channel security question

Posted: Thu May 25, 2017 6:00 am
by chico0609
Acctually, it's not a good idea to use the global platform secure channel.
If the keys are compromised, an attacker can then manage the card.

So donot use the GP secure channel for application security.
All times are UTC-04:00
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/