GlobalPlatform's scheme for key/applet access control

If you look at the section "How does it work" in:

it seems that the core idea that it is the resource itself that declares which applications that are allowed to access it.  The applications are recognized by their digital signature.

That is, this is a possible scheme for pre-provisioned keys which is independent of web origins.

It is possible that it is difficult translating this scheme to web but it might be worth investigating this anyway since the scheme will likely be a part of future devices.

The net result would be a unified API for performing cryptographic operations on keys but with two distinct methods for key discovery.


Received on Monday, 26 November 2012 15:35:08 UTC