Upload File

derived piv credentials token form factors …...nist presentation 03/04/2015 page 8 secure java...

  • Home
  • Documents
  • Derived PIV Credentials Token Form Factors …...NIST Presentation 03/04/2015 Page 8 Secure Java Platforms: Sm@rtCafé Expert Java Card Classic 3.0.4 GlobalPlatform 2.2.1 FIPS 140-2,
16
Derived PIV Credentials Token Form Factors Giesecke & Devrient’s Activities FIPS 201-2 Supporting Special Publications Workshop NIST, Gaithersburg March 3rd & 4th, 2015 Werner Ness

Upload: others

Post on 14-Jul-2020

2 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: Derived PIV Credentials Token Form Factors …...NIST Presentation 03/04/2015 Page 8 Secure Java Platforms: Sm@rtCafé Expert Java Card Classic 3.0.4 GlobalPlatform 2.2.1 FIPS 140-2,

Derived PIV Credentials Token Form Factors –

Giesecke & Devrient’s ActivitiesFIPS 201-2 Supporting Special Publications Workshop

NIST, Gaithersburg

March 3rd & 4th, 2015

Werner Ness

Page 2: Derived PIV Credentials Token Form Factors …...NIST Presentation 03/04/2015 Page 8 Secure Java Platforms: Sm@rtCafé Expert Java Card Classic 3.0.4 GlobalPlatform 2.2.1 FIPS 140-2,

NIST Presentation

03/04/2015 Page 2

Agenda

Introduction

G&D Products

G&D Activities

Conclusion

Page 3: Derived PIV Credentials Token Form Factors …...NIST Presentation 03/04/2015 Page 8 Secure Java Platforms: Sm@rtCafé Expert Java Card Classic 3.0.4 GlobalPlatform 2.2.1 FIPS 140-2,

NIST Presentation

03/04/2015 Page 3

Introduction1

Page 4: Derived PIV Credentials Token Form Factors …...NIST Presentation 03/04/2015 Page 8 Secure Java Platforms: Sm@rtCafé Expert Java Card Classic 3.0.4 GlobalPlatform 2.2.1 FIPS 140-2,

NIST Presentation

03/04/2015 Page 4

Concept of Derived PIV Credentials Tokens

Software

Key Store

Trusted Execution

Environment

PIV Card

Secure

micro SD

UICC

Hardware based

USB-Token

eSE

Software based

Page 5: Derived PIV Credentials Token Form Factors …...NIST Presentation 03/04/2015 Page 8 Secure Java Platforms: Sm@rtCafé Expert Java Card Classic 3.0.4 GlobalPlatform 2.2.1 FIPS 140-2,

NIST Presentation

03/04/2015 Page 5

Purpose and Scope

Federal Network

HSDP-12

Access IT-

Resources via

Mobile Device

PIV Card credential

management

PIV Derived Credential in

hardware or software token

Life Cycle

Synchronisation

PIV Card

Derived PIV credential

management

Identity proofing and vetting process not

needed for PIV derived credential

=> Applicant can prove his/her identity via

already issued PIV Card

Page 6: Derived PIV Credentials Token Form Factors …...NIST Presentation 03/04/2015 Page 8 Secure Java Platforms: Sm@rtCafé Expert Java Card Classic 3.0.4 GlobalPlatform 2.2.1 FIPS 140-2,

NIST Presentation

03/04/2015 Page 6

Use Cases with Derived PIV Credentials

Logical Access

Physical Access

or

Secure Mail

Communication

Secure Cloud

Storage

Secure Web

Authentication

Possible Use Cases:

Card with PIN for Physical Access

Secure OS Logon

Secure E-mail

Secure Web Authentication

File Decryption

VPN

Any other PKI-/Smart-Card-Application

Digital

Signature

Proposal of

NIST SP800-157, Guidelines for Personal Identity

Verification (PIV) Derived Credentials

Page 7: Derived PIV Credentials Token Form Factors …...NIST Presentation 03/04/2015 Page 8 Secure Java Platforms: Sm@rtCafé Expert Java Card Classic 3.0.4 GlobalPlatform 2.2.1 FIPS 140-2,

NIST Presentation

03/04/2015 Page 7

G&D Products geared towards Derived PIV Credentials2

Page 8: Derived PIV Credentials Token Form Factors …...NIST Presentation 03/04/2015 Page 8 Secure Java Platforms: Sm@rtCafé Expert Java Card Classic 3.0.4 GlobalPlatform 2.2.1 FIPS 140-2,

NIST Presentation

03/04/2015 Page 8

Secure Java Platforms: Sm@rtCafé Expert

Java Card Classic 3.0.4

GlobalPlatform 2.2.1

FIPS 140-2, level 3 certified: “Security

Requirements for Cryptographic Modules”

CC certified according to EAL 5+

Dual Interface with communication speeds,

Contact up to 223 kbit/s

Contactless up to 848 kbit/s

Encryption:

AES up to 256 bits

RSA up to 3072 bits

ECC up to 521 bits

Hash up to SHA-512

On-Board RSA and ECC Key Generation

Page 9: Derived PIV Credentials Token Form Factors …...NIST Presentation 03/04/2015 Page 8 Secure Java Platforms: Sm@rtCafé Expert Java Card Classic 3.0.4 GlobalPlatform 2.2.1 FIPS 140-2,

NIST Presentation

03/04/2015 Page 9

SkySIM CX: G&D UICC for High-End SIMs/eSE

SkySIM is a highly efficient and configurable Java

Card platform

Operating system usable regardless of the mobile

network (GSM, UMTS, CDMA or LTE)

Certification: CC-certified (EAL 4+)

Mobile ID Solution in use: Vodafone Secure SIM

Supports Secure Login

Supports Secure Data

Portfolio of applets for UICC available

E.g. Mobile Payment, Identity, Transit, Access

Aspects of FIPS140-2 for an UICC, e.g.

performance, algorithms and application

management, being analysed

Page 10: Derived PIV Credentials Token Form Factors …...NIST Presentation 03/04/2015 Page 8 Secure Java Platforms: Sm@rtCafé Expert Java Card Classic 3.0.4 GlobalPlatform 2.2.1 FIPS 140-2,

NIST Presentation

03/04/2015 Page 10

StarSign Crypto USB Token

Token OS Sm@rtCafé Expert

FIPS 140-2, level 3 certified

Supports several USB standards

Interfaces include CCID and PC/SC

Solution depends on smart card chip

technology

Page 11: Derived PIV Credentials Token Form Factors …...NIST Presentation 03/04/2015 Page 8 Secure Java Platforms: Sm@rtCafé Expert Java Card Classic 3.0.4 GlobalPlatform 2.2.1 FIPS 140-2,

NIST Presentation

03/04/2015 Page 11

Secure Micro-SD-Card

Availability

Micro-SD card is physically supported in

most handsets.

Management

requires Admin Agent Apps on mobiles

Communication over TCP/IP

Driver

Some Handset OS‘s need additional

driver support

FIPS/CC-certified

Page 12: Derived PIV Credentials Token Form Factors …...NIST Presentation 03/04/2015 Page 8 Secure Java Platforms: Sm@rtCafé Expert Java Card Classic 3.0.4 GlobalPlatform 2.2.1 FIPS 140-2,

NIST Presentation

03/04/2015 Page 12

G&D Activities3

Page 13: Derived PIV Credentials Token Form Factors …...NIST Presentation 03/04/2015 Page 8 Secure Java Platforms: Sm@rtCafé Expert Java Card Classic 3.0.4 GlobalPlatform 2.2.1 FIPS 140-2,

NIST Presentation

03/04/2015 Page 13

G&D‘s Activities for usage of derived PIV credentials

• Support of standardisation of the SIMalliance Open Mobile API.

• As a Member of GSMA Mobile ID Task Force to define anddescribe an architecture and solution together with US MNOs and other UICC manufacturers.

SupportingStandardisation

• Providing Open Source implementation of Open Mobile API (SEEK).

• Providing Mobile ID solutions with UICC in severalcustomer and technology projects (e.g. Vodavone Secure SIM).

• Token combination based on TEE with eSE. Applicationcan be loaded remotely.

• Proof of concepts for implementation of DerivedCredential Technologies.

Providing Solutions

Page 14: Derived PIV Credentials Token Form Factors …...NIST Presentation 03/04/2015 Page 8 Secure Java Platforms: Sm@rtCafé Expert Java Card Classic 3.0.4 GlobalPlatform 2.2.1 FIPS 140-2,

NIST Presentation

03/04/2015 Page 14

Conclusion4

Page 15: Derived PIV Credentials Token Form Factors …...NIST Presentation 03/04/2015 Page 8 Secure Java Platforms: Sm@rtCafé Expert Java Card Classic 3.0.4 GlobalPlatform 2.2.1 FIPS 140-2,

NIST Presentation

03/04/2015 Page 15

Conclusion

SP 800-157 defines Derived PIV Credential Hardware Form Factors

Token operating systems are similiar to PIV-Cards.

Application can be derived from PIV.

APIs and interfaces in mobiles available (e.g. GP).

Technology of tokens available and deployed.

Certification is the same as for a PIV-Card.

Open Questions

Additional Driver for specific tokens has to be provided (e.g. µSD)

Several interfaces are required to establish the eco-system

Requirements for existing technologies like UICC may be in

contradiction to FIPS 140-2 (e.g. POST)

Page 16: Derived PIV Credentials Token Form Factors …...NIST Presentation 03/04/2015 Page 8 Secure Java Platforms: Sm@rtCafé Expert Java Card Classic 3.0.4 GlobalPlatform 2.2.1 FIPS 140-2,

NIST Presentation

03/04/2015 Page 16

Contact:

Jatin Deshpande [email protected]

Werner Ness [email protected]


Security Target Lite Sm@rtCafé® Expert 7.0 C3Machine (JCVM), the Java Card API, the on-card installer, the applet deletion manager and the smart card OS. 4. The Card Manager is the

Maps API for JavaScript - Heredocumentation.developer.here.com/pdf/maps_js_html5_nlp/3.0.4/Maps... · Maps API for JavaScript Migration ... it works only in browsers that support

List of Products supported by ESAP 3.0.4 for PCS 8.2Rx ... · G Data AntiVirus ( 25.x ) :..... 154

Sm@rtCafé® Expert 7.0 C3 - Common Criteria...DIN EN ISO/IEC 17065 standard BSI certification: Scheme documentation describing the certification process (CC-Produkte) [3] BSI certification:

Introduction to Java. Overview History of Java Java Releases - Evolution Java Features Java White Paper Buzzwords Java & Internet

Anwenderhandbuch f r xt:Commerce 3.0.4 [SP2.1] · Anwenderhandbuch für xt:Commerce 3.0.4 (SP2.1) Version 2.10 Seite 7 von 141 Vorwort Diese Dokumentation bezieht sich ausschließlich

Java, Java, Java

Java的开发环境 · Java Magazine Overview Downloads Documentation Java SDKs and Tools Java SE Java EE and Glassfish Java ME Java Card NetBeans IDE Java Mission Control Java Resources

Tenable Network Security, Inc. Tenable Security Center 3.2 ... · Correlation Engine 2.0.2 (LCE); Passive Vulnerability Scanner 3.0 (PVS); and, Nessus Scanner 3.0.4 (Nessus). The

Sm@rtCafé Professional Toolkit 2.0

Mondrian Technical Guide - SourceForgejasperserver.sourceforge.net/.../Mondrian-3.0-Technical-Guide.pdf · Mondrian 3.0.4 . Technical Guide . Developing OLAP solutions with Mondrian/JasperAnalysis

xtCommerce 3.0.4 SP2.1 – Anwenderhandbuch€¦ · Die während der Installation angegebenen Daten für die Email-Adresse und das zugehörige Passwort werden nun verwendet, um sich

vOneCloud Documentationdocs.vonecloud.today/pdf/vOneCloud-3.0.4.pdf · 2017-12-14 · •onedb change body should not include volatile AR parameters. •onedb purge history only works

NXP JAVA OS1 ChipDoc v1.0 SSCD - Common Criteria · 2015. 10. 20. · JAVA OS1 is a GlobalPlatform 2.2.1 and Java Card 3.0.4 compliant Operating System that provides applets with

PLA 3.0.4 and Biological Assays Package 26 - cdn.bioassay.decdn.bioassay.de/PLA 3.0.4 SR6 (build 762) Release Notes incl Bioassay Package 26.pdf · STEGMANN SYSTEMS GmbH | Raiffeisenstr

Release 3.0.4 Mark Pilgrim, Dan Blanchard, Ian Cordasco · chardet Documentation Release 3.0.4 Mark Pilgrim, Dan Blanchard, Ian Cordasco Aug 08, 2018

TSHARC Linux Driver 3.0.4 Setup and Users Manual …ww1.microchip.com/downloads/en/DeviceDoc/LinuxDriverUserManual_… · Hampshire Company, Inc. 4 General Installation Notes Hampshire

Система очистки дождевых (ливневых) стоков BioSTORM 3.0.4 Комплект документации на русском языке 1 Основные

Installation Manual OneTrack - videowavevideowave.ca/documentation/OneTrack Installation EN.pdf · Installation Manual OneTrack Version 3.0.4, ... (refer to user guide) ... This is

PLA 3.0.4 AND BIOLOGICAL ASSAYS PACKAGE 25cdn.bioassay.de/PLA 3.0.4 SR6 (build 762) Release Notes...Basic Bioassay Protocol ..... 31 Control Charts ..... 31 Biological assay Package

Introduzione a Java. Argomenti Cenni di storia di Java Perché Java? Java Vs C++ Caratteristiche fondamentali di Java Installiamo Java

Mondrian Technical Guide - SourceForgejasperserver.sourceforge.net/docs/3-7-0/Mondrian-3.0-Technical... · Mondrian 3.0.4 . Technical Guide . Developing OLAP solutions with Mondrian/JasperAnalysis

Plot Pack Manual - ComponentSource · 2017-02-20 · Plot Pack Manual Version 3.0.4 Version 3.0.4 [August 28, 2003] Authors Patrick Carroll, Joe Castoro Technical Reviewers Todd Oster

Java applets. Outline What is Java? Java Applications Java Applets Java Applets Securities Summary

Instrucciones Guía general de uso y configuracióndeim.urv.cat/~ajuda.deim/recerca/impressores/manuals/fotodeim1/... · E-mail de informe de recepción ... Samba(Ver 3.0.4).....312

Sun Java TrainingsSun Java Trainings Certifications · Sun Java TrainingsSun Java Trainings & Certifications ... Sun Java TrainingsSun Java Trainings & Certifications. ... SL‐314,

Sm@rtCafé Expert FIPS 64 with ActivCard Applet v2 · PDF file6.1.3 Applet Life Cycle Security Rules ... State transitions between states of the life cycle involve well defines sequences

Firebird 3.0.4 Release Notes · Firebird 3.0.4 Release Notes Helen Borrie (Collator/Editor) 3 October 2018 - Document v.0304-03 - for Firebird 3.0.4 Release

Dragon Dictate 3.0.4. for Mac Review - The power of the word, from my blog

INTEGRA 9505 Installation Guide - files.microscan.com · INTEGRA 9505 Installation Guide, Version 3.0.4, 26 Dec 2007 INTEGRA 9505 Installation Guide -4- Installation Follow the steps

Secrets of Successful Java Testing · Java Test Tools Run Anywhere Java Apps Java Tool JVM Java OS Java Apps Java Tool Java Chip Java Apps Java Tool JVM Native Apps Native OS Pure

Security Target Lite Sm@rtCafé® Expert 7.0 EAL 6+ C1 · 2020. 8. 4. · 1 Introduction Security Target Lite Sm@rtCafé® Expert 7.0 EAL 6+ C1/Version 4.7/Status 18.05.2020 Page

Release 3.1.1 Performance Co-Pilot - grafana-pcp 3.0.4

xt:Commerce 3.0.4 (SP2.1) Anwenderhandbuch€¦ · B. Aufbau und Funktion des Onlineshops ... 4.4 Zuweisen von Produktoptionen für einzelne Artikel ... Zahlungssysteme: Ein guter

Sm@rtCafé Expert 3.2 by Giesecke & Devrient with ... · More information is available specifically on the Smart Card Sm@rtCafé Expert 3.2 from the following sources: ... Table 1