Hello, everyone.
My question is below.
If the smartcard's platform hardware (not card os) has the certification of EAL4+ or EAL5+ level and I implement a security native COS myself, must I do some encryption and decryption for the very important data like a master key?
Thanks.
JavacardOS will not accept order any more, please contact our partner Feitian online Store:
https://ftsafe.en.alibaba.com/index.html
https://ftsafe.en.alibaba.com/index.html
question confused me about key data storage?
Moderator: horse dream
Re: question confused me about key data storage?
Note that there's a difference between chip level certification and COS level certification. If both chip and COS are certified, it is even better.
Regarding sensitive data storage on the COS level, you should be doing encryption of highly sensitive data manually unless the chip specs specially mention of some secure master key storage region on the chip which you can leverage. Otherwise, it is always better to assume the lack of such chip level special features unless specified by the chip manufacturer.
Regarding sensitive data storage on the COS level, you should be doing encryption of highly sensitive data manually unless the chip specs specially mention of some secure master key storage region on the chip which you can leverage. Otherwise, it is always better to assume the lack of such chip level special features unless specified by the chip manufacturer.
Who is online
Users browsing this forum: No registered users and 2 guests