martes, 12 de diciembre de 2017

Ficha del recurso:

Fuente:

Vínculo original en securitydocumentworld.com

Fecha de publicación:

jueves, 24 de septiembre de 2009

Última actualización:

viernes, 25 de septiembre de 2009

Entrada en el observatorio:

viernes, 25 de septiembre de 2009

Idioma:

Inglés

Archivado en:


GlobalPlatform launches Secure Channel Protocol 03

GlobalPlatform says it has taken the first step towards migrating its secure framework technology to the Advanced Encryption Standard (AES) with the launch of the Secure Channel Protocol 03.  The specification body says this latest royalty-free document from the association aligns its technology to the cryptographic standard increasingly being stipulated by many organisations, including the US Government.

According to GlobalPlatform, the Secure Channel Protocol 03 - published as Amendment D to Card Specification v2.2 - defines a new set of cryptographic methods based on AES for the communication between a smart card and an external entity, which enables GlobalPlatform technology to be compliant with requirements for AES-based security.  It says: “This allows GlobalPlatform cards to migrate from the Data Encryption Standard (DES) to AES, which was developed as a joint initiative between the US Government and private industry to strengthen cryptography and increase the length of keys.”

The Secure Channel Protocol 03 references recommendations from the US National Institute of Standards and Technology (NIST) and the US Department of Defence (DoD).  GlobalPlatform says this ensures that the security mechanisms of GlobalPlatform cards conform to the Federal Information Processing Standard (FIPS) 201 and NIST Special Publication (SP) 800-57.  The technology also aligns with the 2010 mandate of the NIST SP 800-78. 

Karl Eglof Hartel, GlobalPlatform’s Card Committee chair and project manager for New Technologies in Giesecke & Devrient’s Telecom Division, comments: “The request to align GlobalPlatform’s card technology to AES came from GlobalPlatform’s Government Task Force.  Through its market specific activities, it recognised that some parties no longer considered DES adequate for high security applications, and have begun to mandate the adoption of AES.  It was important to ensure GlobalPlatform technology supported this market transition.”

GlobalPlatform says that in addition to the resources invested by its Card Committee to complete the required work, NIST and the US DoD also provided feedback to the document.  “The US Federal Government FIPS 201 requires higher cryptographic protocols for secure channel transport in its Personal Identity Verification (PIV) cards,” says Lynne Prince, deputy chief, Authentication and Access Division, at the DoD. “The GlobalPlatform Secure Channel Protocol 03 allows the DoD and other US Federal Agencies using GlobalPlatform in their PIV programs to meet the more advanced cryptographic standards.”

“This level of support has significantly improved the final product,” says Eglof. “For example, the modes on how cryptographic algorithms are used for providing authentication and confidentiality are based entirely on NIST recommendations.”

He adds: “Although the government sector has been the driving force behind this migration, the Secure Chanel Protocol 03 is a versatile solution which can bring many benefits to other markets.  This is becoming particularly important as sectors converge and technology such as NFC greatly increases partnership opportunities within the market.”

The document can be downloaded from GlobalPlatform’s website.