FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

How to prevent unauthorized object creation on SE05x

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED
Jump to solution

How to prevent unauthorized object creation on SE05x

Jump to solution
‎05-25-2021 08:34 AM
1,261 Views
fus
Contributor I

I think I understand how authentication objects and policies work, but I am still unsure how an unauthorized user can be prevented from creating secure objects on the SE05x as objects can be created even without Platform SCP and Applet Level SCP. Is the only possibility to set SCP_REQUIRED? But that would mean that I always need to use Platform SCP and use/store the same keys wherever I want to access the SE05x.

At first I was thinking about simply using multiple AESKey or ECKey Authetication Objects for different purposes with matching policies for all objects and the RESERVED_ID_FACTORY_RESET to be able to delete everything I provisioned. Is it possible to do this in a secure way without using Platform SCP everywhere (and enabling SCP_REQUIRED)? Is there no applet level mechanism?

Labels (1)
Labels
0 Kudos
Reply
1 Solution

Jump to solution
‎05-26-2021 07:55 PM
1,240 Views
Kan_Li
NXP TechSupport
NXP TechSupport

Hi @fus ,

 

on SE050 in addition to using mandated PlatformSCP the only other way to prevent unauthorized user object creation is to fill the whole memory with dummy objects which contain a access policy. These then would need to be deleted via an authorized user to make space for new objects.

On SE051 a new command got introduced "Disable Object Creation" to turn off object creation.

 

Have a great day,
Kan


-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

View solution in original post

Reply
1 Reply

Jump to solution
‎05-26-2021 07:55 PM
1,241 Views
Kan_Li
NXP TechSupport
NXP TechSupport

Hi @fus ,

 

on SE050 in addition to using mandated PlatformSCP the only other way to prevent unauthorized user object creation is to fill the whole memory with dummy objects which contain a access policy. These then would need to be deleted via an authorized user to make space for new objects.

On SE051 a new command got introduced "Disable Object Creation" to turn off object creation.

 

Have a great day,
Kan


-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

Reply