http://www.globalplatform.org/specifications/review/GPD_SE_Access_Control_v0_10_0.pdf
By adding ACL information to keys during enrollment you can limit key "misuse" by bad apps. Although GP specifies a generic scheme not limited to SEs, the lack of developments by the vendors of "connected" SEs (Smart Cards), does in practice limit such features to embedded SEs like the one supplied for the Google Wallet. In SKS/KeyGen2 I have taken this concept one step further by allowing an issuer to specify that a PIN is only allowed through a GUI running in a TEE (Trusted Execution Environment). That is, if somebody spoofs a PIN dialog it won't give them SE access "in the background". If the OS is broken nothing of this helps but that doesn't seem to be the case with mobile trojans. They are mainly just bad apps. Anders _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
