帮助
英语(美国) | English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

How to prevent unauthorized object creation on SE05x

取消
开启建议
自动建议可通过在您键入时建议可能的匹配,而快速缩小您的搜索结果范围。
显示结果 
显示  仅  | 搜索替代 
您的意思是: 
已解决
跳至解决方案

How to prevent unauthorized object creation on SE05x

跳至解决方案
‎05-25-2021 08:34 AM
2,060 次查看
fus
Contributor II

I think I understand how authentication objects and policies work, but I am still unsure how an unauthorized user can be prevented from creating secure objects on the SE05x as objects can be created even without Platform SCP and Applet Level SCP. Is the only possibility to set SCP_REQUIRED? But that would mean that I always need to use Platform SCP and use/store the same keys wherever I want to access the SE05x.

At first I was thinking about simply using multiple AESKey or ECKey Authetication Objects for different purposes with matching policies for all objects and the RESERVED_ID_FACTORY_RESET to be able to delete everything I provisioned. Is it possible to do this in a secure way without using Platform SCP everywhere (and enabling SCP_REQUIRED)? Is there no applet level mechanism?

标签 (1)
标签
0 项奖励
回复
1 解答

跳至解决方案
‎05-26-2021 07:55 PM
2,039 次查看
Kan_Li
NXP TechSupport
NXP TechSupport

Hi @fus ,

 

on SE050 in addition to using mandated PlatformSCP the only other way to prevent unauthorized user object creation is to fill the whole memory with dummy objects which contain a access policy. These then would need to be deleted via an authorized user to make space for new objects.

On SE051 a new command got introduced "Disable Object Creation" to turn off object creation.

 

Have a great day,
Kan


-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

在原帖中查看解决方案

回复
1 回复

跳至解决方案
‎05-26-2021 07:55 PM
2,040 次查看
Kan_Li
NXP TechSupport
NXP TechSupport

Hi @fus ,

 

on SE050 in addition to using mandated PlatformSCP the only other way to prevent unauthorized user object creation is to fill the whole memory with dummy objects which contain a access policy. These then would need to be deleted via an authorized user to make space for new objects.

On SE051 a new command got introduced "Disable Object Creation" to turn off object creation.

 

Have a great day,
Kan


-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

回复