On 2012-09-22 08:58, Andreas Jellinghaus wrote: > > Am 20.09.2012 21:06 schrieb "Anders Rundgren" <anders.rundg...@telia.com > <mailto:anders.rundg...@telia.com>>: >> >> http://nelenkov.blogspot.se/2012/08/accessing-embedded-secure-element-in.html >> >> Very interesting IMHO. > > Agree, thanks for sharing. >> >> According to the author SD-slots are becoming exceptions also for Android so >> this is >> probably what most people will be dealing with. > > I think he is also over optimistic with multi applications on a Java card SE, > but we will see. Indeed. I even wonder if the SE needs to host "applications" at all. IMO, it would be enough if the SE hosts keys and associated attributes while the applications either rather run at OS-level as trusted processes like PIN input etc. or as standard applications. As far as I understand the Wallet is just an Android "App" that is trusted by the SE.
In my mind keys could optionally contain application-oriented ACL telling which applications they trust so that even if you install a "bad" App, it would for example not be able to use your bank or eID-key in the background. Here is a write-up of a possible ACL-scheme that is intended for the Web and "App": http://webpki.org/papers/PKI/pki-webcrypto.pdf Anders > > The NFC chip should be similar to what can be used with libnfc, so porting > all the mifare copy clone and fake tools would be awesome... > > Andreas >> >> Anders >> >> _______________________________________________ >> opensc-devel mailing list >> opensc-devel@lists.opensc-project.org >> <mailto:opensc-devel@lists.opensc-project.org> >> http://www.opensc-project.org/mailman/listinfo/opensc-devel > _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
