Which security object is best to be used as PIN to secure the files on se050 smart card?

priyanka_priyad · ‎10-21-2020

I have written some binary files on the NXP smartcard se050 and I want to protect these files using a PIN. Also, I must be able to change this PIN using the same PIN.

I tried to use UserID object to secure my Binary files and it works but I am not able to change the PIN value of this UserID. Is there any way we can change the PIN Value of this UserID?

If not, which Secure object shall I use to Secure the files on se050 which can also be changed or updated?

Thank you so much!

Priyanka

Kan_Li · ‎10-27-2020

Hi @priyanka_priyad ,

Indeed the PIN Value of the UserID can not be updated according to the spec, and for the Secure objects used to Secure the files on se050, I am guessing you are referring to the auth objects, right? if so, the AESKey and ECKey pair can be updated after creation.

Have a great day,
Kan

-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

priyanka_priyad · ‎10-28-2020

@Kan_Li Thank you so much for your reply.

I tried using AESKey, but it looks like it is some kind of encryption technique to encrypt my secret data.

But I tell you what exactly I want to do:

1. I have some binary files stored on my smart card se050. I have put the read policy on them using the PIN (userID)

2. I want to use a simple PIN (just like we have in our phones, to unlock the phone), to unlock the card. And after unlocking, the user can read the binary files.

3. On the PIN (userID), i also used the MAX_ATTEMPS policy to limit the number of attempts. and once this limit is reached the PIN is locked.

4. Now, according to our requirement, the PIN(userID) should be unlocked again using PUK(userID).

And the PUK must also be used to change the PIN. (if user wants to change the PIN).

5. But, because we can't change the PIN, so we thought a work around, that we can delete a PIN, and then recreate a new PIN with the same identifier. (And this works fine)

6. Now, the problem is, if someone deletes the PIN, and then the power goes off. and then the unauthorized person access our device, and by any chance he creates the PIN with the same identifier. then he would be able to read our binary files.

Now, what should be the possible approach to implement this thing. If you can help, I shall be very thankful.

Have a great day!

Priyanka

Kan_Li · ‎11-05-2020

Hi @priyanka_priyad ,

In terms of tearing (so suddenly turning off power during execution) the exact effect always depends on the time when the tearing itself happens. The object after the POR can still be there or not depending on the timing, you can only be sure the object is deleted after you got a success message from the secure element.

Hope that makes sense,

Have a great day,
Kan

-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

Which security object is best to be used as PIN to secure the files on se050 smart card?

Which security object is best to be used as PIN to secure the files on se050 smart card?

SE050