https://community.nxp.com/t5/Secure-Authentication/Restriction-of-access-Manager/m-p/1573832#M1029 <P>Hello,</P> <P>a "broken connection" would happen when e.g. the access manager creates a secure session (PlatformSCP authentication) and then another process circumvents the access manager and sends a command to the SE. This would break the established secure channel (all commands are cryptographically chained) and the following communication would not succeed until a new authentication happens. Restarting the access manager re-authenticates the IC.</P> <P>If there is a chance seen for accesses outside the access manager which may break the secure channel, then a client service which periodically tries to communicate over the access manager with the SE can detect any secure channel breakdown.&nbsp;</P> <P>Kind regards,<BR />Michael</P> Thu, 22 Dec 2022 16:40:13 GMT michaelsalfer 2022-12-22T16:40:13Z https://community.nxp.com/t5/Secure-Authentication/Restriction-of-access-Manager/m-p/1572893#M1027 <P>Hi,<BR /><BR />While going through&nbsp;Restrictions of Access manager, we need help to understand more on below restriction of access manager.<BR /><BR /><EM>"The Access Manager does not attempt to re-establish a broken connection to the SE05x. To recognize and recover from a broken connection, a system integrator must monitor failure to communicate to the Secure Element by the client processes. As and if required the Access Manager must be restarted and the affected client processes must reconnect to the Access Manager."</EM></P><P>1.<EM>&nbsp;"Broken connection":</EM> what are&nbsp;scenarios this could happen?</P><P><EM>2. "system integrator " does&nbsp;</EM><I>it mean</I>&nbsp;we need have separate daemon just to monitor&nbsp;communication&nbsp;failures of&nbsp;clients?<I><BR /><BR />3."<EM>Access Manager must be restarted"&nbsp;</EM></I>what is guarantee that restarting access Manager will fix the broken connection?</P><P>&nbsp;</P> Wed, 21 Dec 2022 05:32:46 GMT https://community.nxp.com/t5/Secure-Authentication/Restriction-of-access-Manager/m-p/1572893#M1027 vishwanchandapu 2022-12-21T05:32:46Z https://community.nxp.com/t5/Secure-Authentication/Restriction-of-access-Manager/m-p/1573832#M1029 <P>Hello,</P> <P>a "broken connection" would happen when e.g. the access manager creates a secure session (PlatformSCP authentication) and then another process circumvents the access manager and sends a command to the SE. This would break the established secure channel (all commands are cryptographically chained) and the following communication would not succeed until a new authentication happens. Restarting the access manager re-authenticates the IC.</P> <P>If there is a chance seen for accesses outside the access manager which may break the secure channel, then a client service which periodically tries to communicate over the access manager with the SE can detect any secure channel breakdown.&nbsp;</P> <P>Kind regards,<BR />Michael</P> Thu, 22 Dec 2022 16:40:13 GMT https://community.nxp.com/t5/Secure-Authentication/Restriction-of-access-Manager/m-p/1573832#M1029 michaelsalfer 2022-12-22T16:40:13Z https://community.nxp.com/t5/Secure-Authentication/Restriction-of-access-Manager/m-p/1575978#M1079 <P>Hi&nbsp;<a href="https://community.nxp.com/t5/user/viewprofilepage/user-id/165803">@michaelsalfer</a>&nbsp;<BR /><BR />Thanks for the reply,<BR /><BR />Thats means as long as if we&nbsp;restrict access of secure element only through " Access Manager" chances for communication breakdown is less.?<BR /><BR />Regards</P><P>Vishwa</P> Mon, 02 Jan 2023 07:20:08 GMT https://community.nxp.com/t5/Secure-Authentication/Restriction-of-access-Manager/m-p/1575978#M1079 vishwanchandapu 2023-01-02T07:20:08Z https://community.nxp.com/t5/Secure-Authentication/Restriction-of-access-Manager/m-p/1579138#M1103 <P>Hello&nbsp;<a href="https://community.nxp.com/t5/user/viewprofilepage/user-id/155293">@vishwanchandapu</a>&nbsp;,</P> <P>&nbsp;</P> <P>Yes, your understanding is correct!&nbsp;<SPAN>When using the AM then, yes, the chance for breakdown for sure is much lower - as the AM was designed to prevent that.</SPAN></P> <P>&nbsp;</P> <P>Have a great day,<BR />Kan</P> <P><BR />-------------------------------------------------------------------------------<BR />Note:<BR />- If this post answers your question, please click the "Mark Correct" button. Thank you!<BR />- We are following threads for 7 weeks after the last post, later replies are ignored<BR />Please open a new thread and refer to the closed one, if you have a related question at a later point in time.<BR />-------------------------------------------------------------------------------</P> Mon, 09 Jan 2023 08:51:00 GMT https://community.nxp.com/t5/Secure-Authentication/Restriction-of-access-Manager/m-p/1579138#M1103 Kan_Li 2023-01-09T08:51:00Z