Aren't you able to also break the card by failing to open a secure channel to the issuer domain a certain number of times?
On Wed, 2009-06-17 at 12:40 -0400, Michael StJohns wrote: > At 09:12 AM 6/17/2009, Daniel Benoy wrote: > >On Wed, 2009-06-17 at 00:11 -0400, Michael StJohns wrote: > >> At 11:33 PM 6/16/2009, Daniel Benoy wrote: > >> >So the card user could put an applet on the card that used up all the > >> >space, and that would be bad for the card issuer? Are there any other > >> >reasons a business would keep their key secret? > >> > >> Say you insert your card into a hacked machine. Hacked machine erases > >> your company's applet and your keys. Card is useless. Hacked machine > >> "TERMINATES" your card (see GlobalPlatform specs). Card is useless. > >> > >> You start hacking on the card and accidentally delete the company applet > >> and your cert - company has to go through the process of re-issuing which > >> is time and money. > > > >If the card is in your possession, you can render it useless in more > >direct ways. > > Yup - but bending/breaking it is generally more of an acceptable failure mode > and figured into the cost of operations. Having someone come in with a > hacked card tends to be a red flag to most companies - as in why was he > hacking on this and was he trying to break into company systems? > > > >> > >> You claim the card is lost - company reissues you a new one, but you erase > >> and repurpose the card. > > > >I guess that one makes sense. > > > >> > >> 100 unissued cards are stolen from the company locker and erased, sold and > >> repurposed. > > > >Those would probably have the default key on them. > > Go read the Global Platform life cycle discussions. What would generally be > in stock are non-personalized cards with the applets the company had placed > on there by the card provider - a specific card profile if you will. At this > point the card would be locked and the only thing the issuer would be talking > to is the specific applets (rather than the card management applet). So no, > no default key. C.f. the US DOD CAC card for example. Or various smart > cards provided by VARs. > > > >> > >> The keys are a way of locking the card to the issuers purpose. They > >> impose policy on the end user that the end user can't defeat. > > > >I guess that makes sense. > > > _______________________________________________ > Muscle mailing list > [email protected] > http://lists.drizzle.com/mailman/listinfo/muscle
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Muscle mailing list [email protected] http://lists.drizzle.com/mailman/listinfo/muscle
