U.S. patent application number 14/091183 was filed with the patent office on 2014-05-29 for method and system of providing authentication of user access to a computer resource via a mobile device using multiple separate security factors.
The applicant listed for this patent is ARNOLD YAU. Invention is credited to ARNOLD YAU.
Application Number | 20140149742 14/091183 |
Document ID | / |
Family ID | 50774377 |
Filed Date | 2014-05-29 |
United States Patent
Application |
20140149742 |
Kind Code |
A1 |
YAU; ARNOLD |
May 29, 2014 |
METHOD AND SYSTEM OF PROVIDING AUTHENTICATION OF USER ACCESS TO A
COMPUTER RESOURCE VIA A MOBILE DEVICE USING MULTIPLE SEPARATE
SECURITY FACTORS
Abstract
A method and system of authenticating a computer resource such
as an application or data on a mobile device uses a contactless
token to provide multi-factor user authentication. User credentials
are stored on the token in the form of private keys, and encrypted
data and passwords are stored on the device. When application user
requires access to the resource an encrypted password is
transmitted to and decrypted on the token using a stored private
key. An unencrypted data encryption key or password is then
transmitted back to the device under the protection of a
cryptographic session key which is generated as a result of strong
mutual authentication between the device and the token.
Inventors: |
YAU; ARNOLD; (LONDON,
GB) |
|
Applicant: |
Name |
City |
State |
Country |
Type |
YAU; ARNOLD |
LONDON |
|
GB |
|
|
Family ID: |
50774377 |
Appl. No.: |
14/091183 |
Filed: |
November 26, 2013 |
Related U.S. Patent Documents
|
|
|
|
|
|
Application
Number |
Filing Date |
Patent Number |
|
|
13706307 |
Dec 5, 2012 |
|
|
|
14091183 |
|
|
|
|
Current U.S.
Class: |
713/159 |
Current CPC
Class: |
H04L 2463/082 20130101;
H04W 12/0609 20190101; H04L 63/083 20130101; H04L 63/18 20130101;
H04L 63/0428 20130101; H04L 63/0807 20130101; H04L 9/3213 20130101;
H04L 9/0637 20130101; H04L 9/3226 20130101; G06F 21/445 20130101;
H04L 63/0869 20130101; G06F 21/34 20130101 |
Class at
Publication: |
713/159 |
International
Class: |
H04L 9/32 20060101
H04L009/32 |
Foreign Application Data
Date |
Code |
Application Number |
Nov 28, 2012 |
GB |
1221433.4 |
Mar 1, 2013 |
GB |
1303677.7 |
Claims
1. A method of authenticating access to a computer resource via a
mobile device comprising: storing an encrypted resource
authorization; transmitting the encrypted authorization to a
separate portable security token; on the token, decrypting the
encrypted authorization and generating at least partially therefrom
an unlock response; securely transmitting the unlock response to
the mobile device; requiring a user to authenticate separately on
the mobile device; unlocking the resource if the required unlock
response and the separate authentication are both valid.
2. A method as claimed in claim 1 in which the unlock response
comprises a plain authorization, obtained by decrypting the
encrypted authorization, or a function of a plain authorization,
obtained by decrypting the encrypted authorization, and additional
information.
3. A method as claimed in claim 1 in which the authorization
comprises a password, a PIN or a cryptographic key.
4. A method as claimed in claim 1 in which the unlock response is
transmitted to the mobile device under the protection of an
encryption key, such as a session key.
5. A method as claimed in claim 1 in which the token stores user
credentials, the decryption on the token being based on the user
credentials.
6. A method as claimed in claim 1 in which the encrypted
authorization is stored on the mobile device.
7. A method as claimed in claim 1 in which the encrypted
authorization is stored in the cloud and is retrieved from the
cloud to the mobile device.
8. A method as claimed in claim 1 which the authentication on the
mobile device is validated on the token before the unlock response
is sent.
9. A method as claimed in claim 1 including running a service on
the mobile device which controls device cryptographic functions and
access to the resource.
10. A method as claimed in claim 1 including running an applet on
the token which provides token cryptographic functions.
11. A method as claimed in claim 5 in which the user credentials
are generated by the token and never leave the token.
12. A method as claimed in claim 1, in which the encrypted
authorization can be decrypted solely with the corresponding user
credentials stored on the token.
13. A method as claimed in claim 1 including verifying integrity on
the token by a message authentication code received from the
device.
14. A method as claimed in claim 1 in which the integrity of the
encrypted authorization is verified on the token prior to
decryption.
15. A method as claimed in claim 1 in which the device and the
token perform cryptographic mutual authentication before
transmission of the encrypted authorization.
16. A method as claimed in claim 1 in which a user secret is passed
from the device to the token and is validated by the token before
the decryption operation takes place.
17. A method as claimed in claim 1 in which the resource comprises
an application running or stored on the mobile device, or
accessible therefrom, or in which the resource comprises data
stored on the mobile device or accessible therefrom.
18. A system of authenticating access to a computer resource via a
mobile device with a portable security token, comprising: a mobile
device; a token including a token communications system and a token
processor providing cryptographic functions; and wherein in use an
encrypted authorization is transmitted by the device communications
system to the token; is decrypted on the token; the token
generating at least partially therefrom an unlock response, the
unlock response being securely transmitted by the token
communications system to the mobile device; requiring a user to
authenticate separately on the mobile device; and unlocking the
resource if the required unlock response and the separate
authentication are both valid.
19. A system as claimed in claim 18 in which the authorization
comprises an application password, a PIN or a cryptographic
key.
20. A system as claimed in claim 18 in which the token comprises a
token storage for storing private user credentials and wherein the
decryption on the token is based on the user credentials.
21. A system as claimed in claim 18 including means for retrieving
the encrypted authorization from the cloud.
22. A system as claimed in claim 18 in which the unlock response is
transmitted by the token communications system to the mobile device
under the protection of an encryption key such as a session
key.
23. A system as claimed in claim 18 in which the token is a
card.
24. A system as claimed in claim 18 in which the device
communications system and the token communications system
communicate over the air, or communicate when the token is placed
in close proximity to or is touched to the device.
25. A system as claimed in claim 18 in which the separate
authentication on the mobile device is validated on the token
before the unlock response is sent.
26. A system as claimed in claim 18 in which the device
communications system sends a user secret to the token which is
validated by the token before the decryption operation takes
place.
27. A system as claimed in claim 18 in which the device
communications system sends a message authentication code (MAC) to
the token, which is validated by the token before the decryption
operation takes place.
28. A system as claimed in claim 18 in which the integrity of the
encrypted authorization is verified on the token prior to
decryption.
29. A system as claimed in claim 18 in which the device and the
token are arranged to perform cryptographic mutual authentication
before transmission of the encrypted authorization.
30. A system as claimed in claim 18 in which the token sends the
unlock response only on positive confirmation by the user, for
example by pressing a button on the token.
Description
BENEFIT CLAIM
[0001] This application claims the benefit under 35 U.S.C. 120 as a
Continuation-in-part of application Ser. No. 13/706,307, filed Dec.
5, 2012. This application claims the benefit under 35 U.S.C. 119 of
Great Britain application GB 1221433.4, filed Nov. 28, 2012, and
Great Britain application GB 1303677.7, filed Mar. 1, 2013 and
granted as GB 2496354.
1. INTRODUCTION
[0002] The present application relates to a method and system of
authenticating a user to a computer resource accessed via a mobile
device using a portable security token (for example a contactless
smart card or bracelet), together with a secret that the user can
easily remember (for example a PIN code). This secret provides a
second, separate preferably independent security factor that can
safeguard the computer resource even if the portable security token
and the mobile device are both lost or stolen together. A preferred
embodiment relates to providing data protection and secure access
to applications and stored data accessed via a mobile device (such
as a phone or tablet) using a near-field communication (NFC)
hardware token or a short range Bluetooth token.
[0003] Secure authentication of a user via a mobile device is
becoming important in two different situations, firstly for
authentication of user access to a computer resource on the mobile
device and secondly on a remote server.
[0004] Most existing systems employ the use of a simple password or
PIN to authenticate the user. Despite the ubiquity of
password-based systems, it has many problems. An ideal password
needs to be easily remembered by the user. However, in order for
passwords to be secure, they should be long and hard to predict,
contradictory to the former requirement. This is further
exacerbated by the proliferation of passwords for the multitude of
applications a user typically uses, for which security best
practice recommends different passwords should be used.
[0005] In addition to application access, some mobile users wish to
ensure a high level of security for data (including entire files
and data contained within a file or a data structure) on their
device, against a number of external threat scenarios. For example,
a user may use an app on a tablet or other portable device that
synchronizes files with their desktop PC via an online storage
service (e.g. Dropbox, Box.com [trademarks]). Some of the
downloaded files may contain confidential information such as
business documents. The user wishes to safeguard himself against
the possibility of a data breach in the event of theft of the
device.
[0006] A practical way to achieve this today is to enable device
encryption on the mobile operating system, which uses an encryption
key derived from the device lock screen password. For maximum
security, this password should be long and complex. However using a
long and complex password as the password to unlock the lock screen
is extremely inconvenient for the user.
[0007] Because of this, most users are reluctant to use any
password more complicated than a 4 digit PIN code to unlock the
lock screen. A skilled attacker will be able to decrypt any files
stored on a stolen device with brute force attack methods.
Moreover, the confidential data is decrypted whenever the device
has been unlocked, even when the user is not using the data, which
increases the risk of a data breach unnecessarily.
[0008] Another possible approach to data encryption is for the app
to generate its own encryption key. The problem with this approach
is that the key would either have to be protected by or derived
from a password for security, or has to be stored within the app in
plaintext form for usability. The former approach inherits the same
password complexity issue as the device encryption method above,
while the latter offers little security as the attacker who could
compromise the plaintext data could just as easily read the
plaintext key and decrypt the data. One way to provide an
additional level of security to users of mobile devices is by
requiring that the user also carries a wearable physical token that
communicates with the device using a wireless communication system
e.g. Bluetooth or Bluetooth Low Energy Bluetooth (BLE). The mobile
device constantly checks for the presence of the token. This token,
when present within a range of several metres of the mobile device,
constantly verifies that the user is indeed present. When the user
departs the token and the device lose contact and the device
secures itself against any access until communication with the
token is regained.
[0009] An example of such a system is described by Nicholson,
Corner and Noble in IEEE Transactions on Mobile Computing, Vol 5 No
11 Nov. 2006. There are a number of disadvantages of such a system.
The broadcast based communications channel between the token and
the mobile device is subject to eavesdropping to an attacker who is
within close range of the token and the device. Despite being
encrypted, because of the numerous transient authentication events
that take place between the token and the device, the attacker is
presented with many opportunities to cryptanalyse the
authentication messages, as well as to perform traffic analysis
without even having to attempt an cryptanalytic attack
[0010] A thief who steals the mobile device but still remains
within range of the security token worn by the device owner will be
able to access the resources on the device. Theft of the mobile
device and the token together renders the security system
useless.
[0011] In some other existing systems an additional level of
security has been provided by requiring that an NFC or Bluetooth
capable mobile phone be first authenticated to the mobile network
prior to an application being executed. An NFC/Bluetooth token then
provides an asymmetric key to the phone which in turn authenticates
to a third-party service by performing digital signature within the
phone itself.
[0012] A generic example of such a system is shown in
US-A-2011/0212707. This, however, displays a number of
disadvantages. In particular changing of the application credential
requires re-programming or replacement of the token; the number of
user credentials secured by the system is limited by the (small)
storage capacity of the token; and the loss of the token poses a
direct risk of exposure of the user's credentials. In addition,
applications running on the mobile device and the server are
capable of making use of the described security system only if they
have been specifically programmed to do so. The system described
cannot be used with pre-existing applications.
[0013] Another approach to multi-factor identification is described
in US-A-2008/0289030. Here, a contactless token is, upon
validation, used to allow access to the authentication credentials
secured on the mobile device itself.
[0014] This has a number of serious disadvantages, including the
necessity of using secure storage on the device. This is normally
not available to application developers as it is maintained and
controlled by the manufacturer of the device (e.g. mobile phone) or
the supplier of the underlying operating system or a mobile network
operator. Also, making use solely of a token identifier as a means
of validating the token is likely to be insecure. RFID tokens can
typically be read by any compatible reader, and can easily be
cloned.
[0015] Yet a further approach is described in WO-A-2011/089423.
This describes a system where the presence of a contactless token
is used to authorize execution of a secure function or application,
and is aimed primarily at mobile wallet uses.
[0016] Again, the system described has a number of disadvantages,
primarily that it uses a form of logical control that is relatively
easy to circumvent.
[0017] More generally, in the enterprise environment there exists
significant security risk from allowing users to connect mobile
devices into the network due to increased likelihood of
unauthorized data access (leading to loss of data confidentiality
and/or integrity) resulting from: [0018] Inadvertently disclosed
passcodes such as PINs or alphanumeric codes, e.g. from shoulder
surfing [0019] Easily guessed passcodes [0020] Lost or stolen
devices that are inadequately protected [0021] Unsupervized use of
devices by a third party [0022] The Hoverkey system aims to provide
solutions for applications to counter these threats.
[0023] With the present invention, the user may store a master key
of high cryptographic strength (128 bits or above presently) on the
portable security token, and this key can be used to either
directly protect an app's data encryption key or a long and complex
password, from which a sufficiently long and secure encryption key
can be derived. This allows the user to protect any data stored on
the device with a very strong encryption key. If the device is
stolen, it is then infeasible for any potential attacker to decrypt
the encrypted data on it without the associated token.
[0024] Credentials may be stored either on the mobile device or,
remotely, in the cloud. Cloud storage preferably has the following
features: [0025] Protected credentials are always stored in the
cloud and retrieved from the cloud before use [0026] Transparent
local caching is possible but not meant as permanent
storage--should be wiped after a specified time-out period [0027]
If device or token is lost, credentials may be removed simply by
removing the relevant files from the cloud storage service to avoid
potential misuse [0028] Credential synchronisation is possible
across devices for the same user, obviating the need for manual
entry of the same credentials multiple times.
2. BACKGROUND
2.1 The Invention and Preferable Features Thereof
[0029] According to the present invention there is provided a
method and system of authenticating access to computer resource in
a mobile device as set out in the pre-characterising portions of
the independent claims. An embodiment also may provide a method and
system of authentication an application running on a mobile
device.
[0030] According to a first aspect of the present invention, a
method of authenticating a computer resource on a mobile device
comprises: [0031] storing an encrypted resource authorization;
[0032] transmitting the encrypted authorization to a separate
portable security token; on the token, decrypting the encrypted
authorization and generating at least partially therefrom an unlock
response; [0033] securely transmitting the unlock response to the
mobile device; [0034] requiring a user to authenticate separately
on the mobile device; and [0035] unlocking the resource if the
required unlock response and the separate authentication are both
valid.
[0036] In an embodiment, the encrypted resource authorization may
be on the device. In an embodiment, the requiring step is omitted,
and the unlocking is performed without consideration of separate
authentication.
[0037] The unlock response may comprise a plain authorization,
obtained by decrypting the decrypted authorization
[0038] The unlock response may alternatively comprise a function
(such as a hash) of a plain authorization, obtained by decrypting
the decrypted authorization, and additional information.
[0039] Thus, in one usage mode, the token may verify and decrypt
the encrypted authorization. Then, instead of returning a plain
authorization to the device, protected by a session or other
encryption key, the token may perform some computation on the plain
authorization and possibly some other information (eg token-based
information), and return the result to the device. Examples include
the following: [0040] Example 1: Digital Signature:
computation=digital signature function, plain authorization=private
signing key; parameter=hash of message; output=digital signature on
message hash [0041] Example 2: Key Derivation: computation=key
derivation function; plain authorization=key derivation master
secret; parameters=context information, output length; output=key
derived from master secret [0042] Example 3: Re-encryption:
computation=encryption function; plain authorization=encryption
key; parameter=(another) encryption key; output=the plain
authorization encrypted with a different key
[0043] The authorization may comprise a password, PIN or
cryptographic key.
[0044] The unlock response may be transmitted to the mobile device
under the protection of an encryption key, such as a session
key.
[0045] The token may store user./token ownership credentials, the
decryption on the token being based on the user credentials.
[0046] The method provides two-factor (or multi-factor)
authentication by requiring a user in addition to authenticate
separately on the mobile device, for example by the authentication
on the mobile device being validated on the token before the unlock
code is sent. Preferably, the method requires a proof of knowledge
(eg a PIN) from the device (and ultimately from the user) before
decrypting the authorization. The proof may be provided after
mutual authentication. Alternatively, the device authentication may
be entirely independent of the token authentication.
[0047] In an embodiment, the token may operate in single factor
mode, which decrypts authorization after mutual authentication with
the device.
[0048] A service may be run on the mobile device which controls
device cryptographic functions and access to the resource. An
applet may be run on the token which provides token cryptographic
functions.
[0049] The user credentials may be generated by the token and never
leave the token (or the app running on the token).
[0050] Preferably, the encrypted authorization stored on the mobile
device can be decrypted solely with the corresponding user
credentials stored on the token.
[0051] The method may include verifying integrity on the token by a
message authentication code (MAC) received from the device.
[0052] The method may include verifying the integrity of the
encrypted authorization on the token prior to decryption.
[0053] The device and the token may perform cryptographic mutual
authentication before transmission of the encrypted
authorization.
[0054] The encryption, decryption and/or the mutual authentication
may be provided by symmetric key cryptography
[0055] A user secret may be passed from the device to the token and
may be validated by the token before the decryption operation takes
place.
[0056] The resource may comprise data, or an application running or
stored on the mobile device.
[0057] According to another aspect of the invention there is
provided:
a mobile device; a token including token storage for storing
private user credentials, a token communications system, and a
token processor providing cryptographic functions; and wherein in
use an encrypted authorization is transmitted by the device
communications system to the token; is decrypted on the token using
the user credentials; the token generating at least partially
therefrom an unlock response, the unlock response being securely
transmitted by the token communications system to the mobile
device; requiring a user to authenticate separately on the mobile
device; and unlocking the resource if the required unlock response
and the separate authentication are both valid.
[0058] The device communications system and the token
communications system may communicate over the air, eg by Near
Field Communication (NFC), Bluetooth or BLE. Alternatively, the
device communications system and the token communications system
may communicate only when the token is in contact with the device
via a physical interface.
[0059] The device communications system may send a user secret to
the token which is validated by the token before the decryption
operation takes place.
[0060] The device communications system may send a message
authentication code (MAC) to the token, which is validated by the
token before the decryption operation takes place.
[0061] According to a further aspect of the invention, there is
provided:
a hardware token for authenticating access to a computer resource
via a mobile device, the token comprising: token storage for the
storage of a plurality of user credentials; a token communications
system for communicating with a mobile device; a token processor
providing cryptographic functions; and wherein, in use: on receipt
by the token communications system of an encrypted authorization,
the token processor verifies the integrity and decrypts the
encrypted authorization and generates at least partially therefrom
an unlock response, and wherein the token communications system
securely transmits the unlock response for use by a mobile
device.
[0062] The preferred system of the present invention preferably
comprises: [0063] 1. One or more mobile devices [0064] 2. An NFC,
Bluetooth or BLE token programmed to: [0065] a) Be able to mutually
authenticated with any of the user's devices [0066] b) Respond only
the commands issued by any of the user's devices [0067] c) Perform
encryption and integrity protection of data provided by the device
[0068] d) Return the cryptographically protected data [0069] e)
Perform the decryption and integrity verification on previously
protected data [0070] f) Optionally require validation of a user
PIN prior to performing decryption operations [0071] 3. A password
manager application installed each the mobile device [0072] 4. Any
number of third-party applications secured by the system
[0073] The mobile device may comprise any mobile or portable
hardware device which is capable of running user applications and
handling communication and cryptographic functions. Typical devices
include mobile phones, tablets, laptop computers and the like. The
token may be any portable or mobile hardware token which is capable
of communication (preferably contactless communication) with a
mobile device and which includes storage and an executable system
which is capable of handling communications and cryptographic
functions.
[0074] The protected computer resource may be held in a device
memory or store or (where an application) may be held ready for
execution or may be actually running in an execution environment.
To that end, the device may include a store, a memory, and a
processor.
[0075] Typically, the token will be a contactless smart card,
although other tokens held by or carried on the person would be
equally possible. Suitable tokens might include a ring to be worn
on the user's finger, a device incorporated into a watch, belt,
spectacles, clothing or anything else normally worn by the user, or
even a device embedded under the user's skin. The token may have
button(s), touch-sensitive area(s) or other means to allow manual
or other user feedback/input via the token.
[0076] The application authentication stored on the device may
comprise an application password or PIN. The user credentials
stored on the token may comprise a private cryptographic key.
[0077] It is preferred that communication between the token and the
mobile device makes use of NFC, although other channels could
equally well be used including Bluetooth, Bluetooth Low Energy
(BLE), or other types of radio frequency communication. Tokens
requiring contact with the mobile device, including swipe cards and
electrical contactcards are also envisaged.
[0078] According to another aspect of the invention, a system of
authenticating access to a computer resource on a mobile device
with a portable security token comprises: [0079] a device including
a computer resource to be protected, a device communications
system, and device storage for storing encrypted resource
authorization; [0080] a token including token storage for storing
private user credentials, a token communications system, and a
token processor providing cryptographic functions; [0081] and
wherein in use the encrypted authorization stored on the device is
transmitted by the device communications system to the token, is
decrypted on the token using the user credentials, the token
generating at least partially therefrom an unlock response, the
unlock response being securely transmitted by the token
communications system to the mobile device, and [0082] the device
being arranged to unlock the resource if the received unlock
response is valid.
[0083] According to a further aspect of the invention, a hardware
token for authenticating a computer resource on a mobile device,
the token comprises: [0084] token storage for the storage of a
plurality of user credentials; [0085] a token communications system
for communicating with a mobile device; [0086] a token processor
providing cryptographic functions; and [0087] wherein, in use:
[0088] on receipt by the token communications system of an
encrypted authorization, the token processor verifies the integrity
and decrypts the encrypted authorization and generates at least
partially therefrom an unlock response, and wherein the token
communications system securely transmits the unlock response for
use by a mobile device.
2.2 Hoverkey Level 1
[0089] In the preferred embodiment the present invention is
preferably embodied within a product called Hoverkey. Hoverkey's
design is optimised for ease of integration with existing mobile
apps and web apps, as well as ease of use. It implements a secure
user credential (e.g. password) storage and retrieval system,
secured using NFC tokens.
[0090] The present application is particularly concerned with an
embodiment that uses a specific security design, referred to in
this description as "level 1". References to Hoverkey level 1 (or
Hoverkey L1) should be understood accordingly.
2.2.1 Security Concept
[0091] The concept behind Hoverkey L1 is designed to work with all
existing applications which authenticate the user using a user name
and password combination, although authentication methods other
than passwords may be used. Typically, without any changes to the
application to be accessed, the technology simply replaces manual
entry of the user's password with a touch of an NFC token. This
embodiment offers the following advantages: [0092] No changes
required for the application server, which allows easy integration
[0093] Changes to any existing application clients can be easily
implemented through the use of a Hoverkey Component. [0094] Better
security by letting technology to "remember" passwords for the
user, which means [0095] The user can choose passwords that are
more secure (longer and more "random") [0096] The user can choose
different password for different accounts without the fear or
inconvenience of forgotten passwords [0097] Eliminates the need for
entering alphanumeric passwords on an onscreen keyboard, especially
when symbols are included, which is slow and error-prone and
subject to shoulder-surfing attacks.
3. OVERVIEW
[0098] The invention may be carried into practice in a number of
ways and one specific embodiment will now be described, by way of
example, with reference to the accompanying drawings, in which:
[0099] FIG. 1 shows the Hoverkey L1 high level architecture;
[0100] FIG. 2 shows the organization of the Java card and the
applets.
[0101] FIG. 3 shows the activation protocol;
[0102] FIG. 4 shows the method of adding a new device to an
activated card;
[0103] FIG. 5a shows the registration protocol for a private app
web app;
[0104] FIG. 5b shows the registration protocol for a public
app;
[0105] FIG. 6 shows the password access protocol;
[0106] FIG. 7 shows the password encryption process;
[0107] FIG. 8 shows password retrieval encryption;
[0108] FIG. 9 shows the key hierarchy; and
[0109] FIG. 10 shows the applet states, and their sequencing.
3.1 DEPLOYMENT MODEL
[0110] At a high level, the preferred Hoverkey deployment model is
summarised below: [0111] Each User has one or more NFC-enabled
mobile device, which may be provided by company or owned by User.
[0112] Each User is issued with a unique NFC security token. [0113]
Each NFC token may be paired with all devices belonging to the same
User.
[0114] The following steps are taken in deploying a Hoverkey:
[0115] Hoverkey purchases blank NFC tokens from resellers [0116]
Upon receipt of trial or purchase order, Hoverkey formats NFC
tokens for the Customer or a partner issuer [0117] Upon receipt of
the NFC token, the User invokes the activation function [0118] The
User then configure their Hoverkey-enabled apps with their
credentials
3.2 ARCHITECTURE
[0119] The high level architecture of Hoverkey L1 is illustrated in
FIG. 1. Each Developer App (App 1, App 2 and App 3 in the diagram)
are embedded with the Hoverkey L1 Component, which allows it to
communicate with the Hoverkey Service via an inter-process
communication (IPC) protocol.
[0120] On each mobile device, there is a single instance of
Hoverkey Service which accepts requests from an App and when a
password is required. Hoverkey Service retrieves the password on
behalf of the App through a series of exchanges with the Java Card
applet via the NFC interface.
[0121] The advantages of using a service include: [0122] Removes
the need share authentication keys (for Applet access) between Apps
[0123] No need for Apps to require NFC permissions [0124]
Centralised, mediated access to Applet which makes it possible to
prevent concurrent access.
[0125] On the Android platform, possible IPC mechanisms include the
Intent method for simple, coarse grained integration, or the Remote
Service method using Android Interface Definition Language (AIDL)
for fine-grained, lower-level integration.
[0126] Hoverkey-protected passwords are encrypted by the card
Applet at registration and stored on the mobile device within the
Hoverkey App. When access is required, the registered App requests
the password via the Hoverkey App, which in turns requests the
password be decrypted by the Applet.
3.3 MAIN SECURITY DESIGN FEATURES
[0127] Activation and Pairing: A Hoverkey token can only be used
with a device with which it has been paired (at activation). Each
mobile device many only be paired with one token. Each token may be
paired with up to four devices. [0128] Registration: To defend
against malicious apps, third-party apps may only use Hoverkey
services after a secure on-device registration process. Subsequent
password access requires proof of previous registration. [0129]
Two-Factor: Each password may additionally protected with a user
chosen PIN to provide a form of two-factor authentication. Three or
more levels of authentication may optionally be provided. [0130]
Cryptographic security: Hoverkey uses industry-standard
cryptographic algorithms and modes for protection of user
passwords, supported by best practices in secure key management.
[0131] Token Security: Hoverkey token are security-managed
throughout their lifecycle to ensure the risks are minimized at all
stages.
3.4 USING HOVERKEY L1
[0132] To use Hoverkey L1, the following steps are followed: [0133]
1. New Customer organization orders Hoverkey L1 Cards for their
mobile users [0134] 2. Hoverkey (or Partner) generates an OrgID for
the customer. [0135] a) Optionally, a RegKey is generated for the
customer if they intend to develop their own private Apps, which is
delivered the Customer or Developer for embedding into their Apps.
[0136] 3. Hoverkey formats the required number of cards with OrgID,
MasterAPIKey, Admin Key, User Authentication Key and PUKs, and send
them to Customer or Developer. [0137] 4. Customer development team
embeds Hoverkey Component into their own App(s) and configure them
with their OrgID and RegKey during development [0138] 5. User
installs Customer or Developer App(s) and Hoverkey App (from Google
Play Store) [0139] 6. User receives (formatted) token from Sys
Admin and activation email (containing an activation URL) [0140] 7.
User activates token from within Hoverkey App and sets a PIN [0141]
a) The Hoverkey App downloads a configuration profile file [0142]
b) User is reminded to delete activation email when activation
completes [0143] 8. Third-party Apps register themselves with
Hoverkey App (typically with a user name and password--once for
each Customer or Developer App) [0144] 9. User starts to use
Hoverkey-enabled mobile Apps [0145] 10. User may pair additional
devices to the token up to four devices. [0146] a) If a Hoverkey
server is used, App data may be synchronized from the server [0147]
b) All Hoverkey-enabled Apps must be re-registered on the new
device (as per Step 8).
4. SYSTEM COMPONENTS
4.1 Mobile Device
[0148] Hoverkey L1 is preferably supported on NFC-enabled Android
smartphones, although other platforms are of course equally
possible.
4.2 Hoverkey L1 App
[0149] The following subsections summaries the functions provided
by the Hoverkey L1 App.Token activation [0150] a) Pairing of NFC
token with mobile device [0151] b) PIN settingToken management
[0152] c) PIN changing [0153] d) PIN unblocking [0154] e) Revoking
a token [0155] 2. App registration--setting user name and password
[0156] 3. App management [0157] a) Changing password [0158] b)
De-register an App
4.3 Third-Party Mobile Apps
[0158] [0159] Embed Hoverkey L1 Component according to
implementation guidelines
4.4 NFC Token
[0160] FIG. 2 shows the organization of the Java cord and the
applets.
[0161] The NFC token is a contactless token which supports Java
Card and GlobalPlatform specifications. The token preferably has a
high level of security approval under the Common Criteria and/or
FIPS schemes. The initial product is implemented in the ISO 7810
(credit card) form factor.
[0162] The token is designed to support multiple Java Card applets.
The Hoverkey system require one applet to be installed, leaving
space on the card for third-party applets.
4.5 Cloud-Based Data Storage Service
[0163] Hoverkey supports on-demand credential retrieval and
synchronisation using a cloud base storage service. There are many
possible implementations of a cloud service using a variety of
protocols and indeed many already exist. At the minimum, a suitable
service preferably supports the following functions:
1. Identifying a user with a unique identifier 2. Storage of
arbitrary data on the server in an arbitrarily named file and
directory 3. Retrieval of previously stored data
[0164] A more preferable implementation of a Hoverkey credential
storage service also provides:
1. Strong authentication of the user 2. Communication with the user
device over a secure channel 3. High availability measures 4.
Secure facilities management
[0165] In practice, Hoverkey can support popular cloud services
such as DropBox or may provide its own bespoke service for Hoverkey
users.
4.5.1 Hoverkey L1 Applet
[0166] The applet implements: [0167] The activation process (also
known as "personalization" in common smart card terminology) which
includes: [0168] Device/token pairing [0169] Password Encryption
Key (PEK) generation [0170] Initial User PIN setting [0171]
Password encryption/decryption functions [0172] The cryptographic
mutual authentication protocol
[0173] The Hoverkey Applet stores and manages the following data
objects:
TABLE-US-00001 Name/Label Description TokenID A unique identifier
for each applet installation DeviceIDs A list of (up to 4)
DeviceIDs associated with this card - the ID should support ASCII
text e.g. "GalaxyS3- 894579", "DavesTablet-9792234" (so that when
the IDs are listed, user can tell which ID corresponds to which
device). Password Derived from random values, the keys for
encrypting Encryption and decrypting User's App passwords, as well
as their Key (PEK) integrity protection and verification User PIN
The User's PIN used for accessing passwords. It is always set
during activation, but each App may decide whether if a PIN is
required. The PIN has an associated PIN Tries Remaining counter.
User PUKs The User's PIN Unblock Keys. There is also a single
Unlock Tries Remaining counter. Logs Activity logs for recent
auditable events OrgID A unique identifier for Customer or
Developer organization MasterAPIKey A unique key associated with
the OrgID for authentication of private third-party Apps
4.5.2 Token Lifecycle
[0174] The following outlines the lifecycle of an NFC token: [0175]
1. Reseller supplies cards to Hoverkey [0176] 2. Card formatting
[0177] a) Low-volume deployments: Hoverkey formats cards and
supplies to Customer or Developer. [0178] b) High-volume
deployments: Hoverkey provides to a trusted third party card
printer: [0179] Card overlay graphics [0180] OrgID, MasterAPIKey
and AdminKey [0181] Set of Authentication keys and PUKs [0182] 3.
User activates card [0183] 4. Activated token is: [0184] a) Revoked
and replaced when lost or stolen [0185] b) Returned and replaced if
becomes defective [0186] c) Returned when User leaves Customer
organization [0187] d) Updated or replaced when a new applet or a
new version of the existing applet are available for the User
5. HIGH LEVEL SECURITY DESIGN
5.1 Overview
[0188] The Hoverkey L1 App may be downloaded by the User from the
Google Play Store and therefore does not have any Customer specific
information at installation.
[0189] NFC tokens are formatted by Hoverkey which includes loading
of Customer data. Upon activation, this data is transferred across
to the Hoverkey L1 App to allow Developer Apps to be
registered.
[0190] Developer Apps need to be registered with the Hoverkey
Service (part of the Hoverkey L1 App) prior to becoming
NFC-enabled. Registration involves securing the user's password
with his (activated) NFC token.
5.2 Password Encryption
[0191] The core function of Hoverkey L1 is to provide secure
password storage and retrieval. The password is encrypted and
integrity protected alongside its metadata. When the password is
required, the PEK stored in the NFC token is used to verify decrypt
the protected passwords.
5.3 Secure Messaging Over NFC
[0192] The Global Platform (GP) specification supports secure
exchange of APDU messages between the card and the terminal. GP
supports three levels of messaging security: [0193] 1. Entity
authentication only [0194] 2. (1) above plus integrity protection
[0195] 3. (2) above plus confidentiality protection.
[0196] Hoverkey L1 supports at secure level 3 messaging using the
GP Secure Channel Protocol version 2 (SCP02).
5.4 PIN
[0197] In order to support an enhanced level of security, Hoverkey
L1 supports the additional use of a PIN which is shared by all
third-party Apps (as it is a PIN validated within token applet).
The user is required to set up a PIN at activation, but each
third-party App may have their own policy on where a PIN is
required for access.
[0198] The Sys Admin can enforce the requirement for a user PIN
code (for all Apps) at activation via the configuration
process.
6. SECURITY PROTOCOLS AND PROCEDURES
6.1 Activation
[0199] FIG. 3 shows the activation protocol
Pre-Conditions
[0200] AuthKey (plain or obfuscated) obtained from activation URL
[0201] Configuration data downloaded to Hoverkey Service via
activation URL including: PIN requirement policies [0202]
Co-branding data [0203] Report configuration [0204] Applet is
formatted with OrgID and MasterAPIKey and has not been activated
Goals [0205] Establish a shared authentication (pairing) key
between Applet and Hoverkey Service [0206] Generate and store
Password Encryption Key (PEK) on token [0207] Initialize User PIN
[0208] Transfer OrgID and MasterAPIKey to Hoverkey Service (for
validation of Developer Apps)
[0209] Steps (referring to the corresponding numbers set out in
FIG. 3). [0210] 1. Hoverkey Service queries token for TokenID
[0211] 2. The AuthKey may be supplied in plaintext, or, for
enhanced security, obfuscated with the TokenID. [0212] a) If
obfuscated, Hoverkey Service de-obfuscates (decrypts) AuthKey with
TokenID (as shown in FIG. 3) [0213] b) If in plaintext, Step 1 is
omitted and Step 2 will only need to store the (plaintext) AuthKey
[0214] 3. Service and Applet perform mutual authentication [0215]
4. Service sends activation request, supplying a random number, PIN
and DeviceID [0216] 5. Applet stores PIN and DeviceID, and derives
PEK from Random [0217] 6. Applet returns TokenID, OrgID and
MasterAPIKey. These are stored by Hoverkey Service, along with
RegKey after deriving from MasterAPIKey. [0218] 7. Service returns
OK [0219] 8. Applet updates its status to Activated [0220] 9. Upon
activation success, if the user has no more devices to pair with
his token, he should delete the activation email (and any copies)
from his mail account.
6.2 Adding a New Device
[0221] FIG. 4 shows the method of adding a new device to an
activated token.
Pre-Conditions
[0222] Applet has already been activated (by another device)
Goal
[0222] [0223] Transfer OrgID and APIKey to Hoverkey Service
[0224] Steps (referring to the corresponding numbers set out in
FIG. 4) [0225] 1. Hoverkey Service retrieves AuthKey from link
provided by activation email [0226] 2. Service mutually
authenticates with (already activated) Applet [0227] 3. Service
supplies a PIN to authenticate to Applet, along with its own
DeviceID to be added [0228] 4. Applet validates PIN, stores
DeviceID [0229] 5. Applet returns OrgID, MasterAPIKey and TokenID
[0230] 6. Service stores OrgID and APIKey, along with RegKey after
deriving from MasterAPIKey. [0231] 7. Upon activation success, if
the user has no more devices to add to (pair with) his token, he
should delete the activation email (and any copies) from his mail
account.
6.3 App Registration
[0232] The purpose of registration is for the third-party app to
authenticate itself to the Hoverkey App, and at the same time to
provide Hoverkey App with the user credentials for their secure
storage.
[0233] Upon successful registration, Hoverkey issues the
third-party app with its unique random APIKey for its subsequent
Hoverkey API access (i.e. an APIKey even if compromised will be
invalid on a different device).
[0234] There are two methods for app registration: [0235] 1.
Asymmetric key method, primarily for public apps, i.e. those
available from the App stores. [0236] 2. Symmetric key method,
primarily for private apps, i.e. those developed in-house and
distributed by non-public means.
Asymmetric Key Method
[0237] A public app developer wishing to integrate Hoverkey into
their app must obtain a Registration Key (RegKey) in the form a
certificate, which is embedded into the app prior to its public
release. The certificate is issued by Hoverkey and signed with the
Hoverkey private key. The corresponding public key is embedded in
the Hoverkey App for verification of the app certificate. The idea
is that the certificate attests to various attributes of the app
(which need to be independently obtainable from the OS), thereby
making it difficult for a malicious app to masquerade as
genuine.
[0238] Attributes to be certified include (for Android app): [0239]
Its unique AppID (Package Name on Android whose uniqueness is
guaranteed if downloaded from Play Store)
Symmetric Key Method
[0240] A private app, i.e. one not deployed through the public app
store will employ a different registration scheme. Since the app
developer may want to deploy their apps privately without Hoverkey
involvement, we employ an alternative method which allows the
developer to generate their own RegKey (based on symmetric
keys).
[0241] FIG. 5 shows the registration protocol. FIG. 5a illustrates
registration for a private app web app, and FIG. 5b illustrates
registration for a public app. The same reference number apply to
each.
Precondition
[0242] NFC Token has been successfully activated (if not activation
will be invoked at Step 2)
Goals
[0242] [0243] Set up Hoverkey Service for use with this App [0244]
Create NFC-token-protected password with for use with Hoverkey
Service Steps (referring to the numbers set out in FIGS. 5a and 5b)
[0245] 1. App registers itself with OrgID (private app only),
APIKey, AppID, Policy and the User's password. In the case of a
public app, the RegKey will be a digitally signed certificate. For
a private app, the RegKey will be a pseudorandom byte string.
Currently supported policies include: [0246] a) Whether PIN
required for this App [0247] 2. Hoverkey Service checks whether it
has been activated. If activated, it validates the RegKey supplied
by the app. For a public app, the RegKey is validated by the
Hovkery App Reg Public Key. For a private app, the provided OrgID
is checked and RegKey validated against that derived from
MasterAPIKey. [0248] 3. Service performs mutual authentication with
Applet. In addition, Applet validates the DeviceID supplied by
Service. [0249] 4. Service sends request for password to be
encrypted, along with policy and PIN for validation. [0250] 5.
Applet validates PIN and encrypts the password and policy with the
PEK [0251] 6. In order to validate successful encryption, Service
sends a decryption request with the encrypted password, supplying a
the Session PEKs (Session PEK_ENC and Session PEK_MAC) and
optionally a PIN (as per policy). [0252] 7. Applet decrypts and
returns the plaintext password, encrypted under the SessionPEK.
[0253] 8. Service decrypts and verifies the plaintext password
returned and returns success to the App. [0254] 9. Service saves
the UserID, Policy and the encrypted password on the cloud storage
server as AppID/DeviceID/credentials.dat.
6.4 Password Retrieval
[0255] FIG. 6 shows the password access protocol.
Precondition
[0256] App has registered itself with the Hoverkey Service and set
up an encrypted password [0257] The Applet is in Activated
state
Goal
[0257] [0258] Retrieves the specified password that has been
protected by the NFC token [0259] Optionally, retrieves user ID (if
stored)
[0260] Steps (referring to the number set out in FIG. 6) [0261] 1.
App sends request password command, supplying APIKey, AppID. [0262]
2. Hoverkey Service validates the request [0263] 3. Service obtains
the App's UserID, Policy and encrypted password by retrieving the
file AppID/DeviceID/credentials.dat from the cloud storage, then
requests a PIN from user if required by Policy. [0264] 4. Service
mutually authenticates with Applet. In addition, Applet validates
the DeviceID supplied by Service. [0265] 5. Service sends the
encrypted password to Applet for decryption, supplying session keys
(Session PEK_ENC and Session PEK_MAC), and optionally a PIN (as per
policy). [0266] 6. Applet authenticates and decrypts the input, and
validates the PIN if required. [0267] 7. Applet returns the
plaintext password encrypted under the Session PEK and integrity
protected with Session PEK_MAC [0268] 8. The password is decrypted
and returned to the App.
6.5 Changing Password for App
[0269] To change the password for an App, Hoverkey services simply
replaces the existing encrypted password with a new one, with the
following steps: [0270] 1. Mutual authentication, Applet validates
DeviceID [0271] 2. Requires PIN [0272] 3. Service sends new
password and policy [0273] 4. Applet returns encrypted password
6.6 Changing PIN
[0274] To change the token PIN, the following steps are followed:
[0275] 1. Mutual authentication, Applet validates DeviceID [0276]
2. Requires old PIN, [0277] 3. User enters new PIN (twice) [0278]
4. Applet stores new PIN
6.7 Deregister App
[0279] Remove the following information for the App:
[0280] (Hoverkey token not required) [0281] 1. AppID [0282] 2. Any
encrypted password(s) [0283] 3. Any saved user name(s) [0284] 4.
Policy
6.8 Revoking NFC Token
[0285] If the token is lost, perform once by each associated
device:
[0286] (The Hoverkey token not required) [0287] Wipe authentication
key from Hoverkey App [0288] Wipe all encrypted passwords [0289]
Reset Hoverkey app to pre-activated state
[0290] The Hoverkey App also downloads a list of revoked Token IDs
periodically, which allows it to revoke the token if an entry
matches the one that it is paired with.
6.9 List Devices
[0291] Can be performed [0292] by any paired device [0293] mutual
auth, Applet validates DeviceID, or mutual auth with Admin Key
[0294] Or after mutual auth with Admin Key [0295] No PIN required
[0296] Applet returns list of associated Device IDs
6.10 Revoking a Device
[0297] Usually takes place after List Devices--as Hoverkey App is
not expected to remember the device ID list [0298] Can be performed
from any paired device [0299] Mutual auth, Applet validates
DeviceID [0300] Requires PIN [0301] Removes DeviceID from
Applet
6.11 PIN Blocking
[0301] [0302] Within the Applet, the User PIN has an associated PIN
Tries Remaining (PTR) value, initialized to a specified number.
[0303] The Applet also has a fixed number (5) Personal Unblocking
Keys (PUK) of 8 digits, labelled PUK1, PUK2 etc, which are randomly
generated and loaded at formatting. A copy of the PUKs for each
token is provided to the Sys Admin The Applet maintains a single
Unblocking Tries Remaining (UTR) value, initialized to a specified
number. [0304] Each time the PIN is successfully validated, PTR is
reset to its initial value. [0305] Each time an incorrect PIN is
detected, PTR is decremented by one. [0306] If PTR reaches zero,
the User PIN is blocked. The Applet also returns to the Service
which PUK the user should use to unblock the PIN, and tries
remaining for that PUK. [0307] In order to unblock and reset the
PIN, the user must request his PUK code from SysAdmin as indicated
by within PIN blocked UI or by retrieving applet status (see
Section 0). If this is the first time the User unblocks the PIN, he
will request the PUK1 code; the second time will require PUK2 etc.,
i.e. each PUK code can only be used once. [0308] If the User's PUK
codes are exhausted, as soon as PTR reaches zero again, the Applet
is blocked. The NFC token must be replaced. [0309] Each time a PUK
is entered incorrectly, the UTR is decremented. If UTR reaches
zero, the Applet is blocked. The NFC token must be replaced.
6.12 Get Applet Status
[0309] [0310] Can be performed from any device [0311] If not
authenticated [0312] Applet returns TokenID, Applet State [0313] If
authenticated (with Auth Key or Admin Key) [0314] If in Formatted
State: returns TokenID, Applet State, PIN Tries Remaining
Counter=Max, current PUK index, current PUK Tries Remaining
counter. (this may not be max since applet may have been reset to
formatted, which does not reset PUK status, i.e. used PUKs remains
used). The current PUK index is the index of the PUK code the use
should ask for if the current PIN becomes blocked. [0315] If in
Activated State: returns TokenID, Applet State, PIN Tries Remaining
Counter, current PUK index, PUK Tries Remaining counter=Max [0316]
If in PIN Blocked State: returns TokenID, Applet State, PIN Tries
Remaining Counter=0, current PUK index, PUK Tries Remaining counter
[0317] If in Blocked State: returns TokenID=0, Applet State
6.13 Admin Functions
[0318] All functions within this section require mutual
authentication with Admin Key.
6.13.1 Reformat token
[0319] In order to re-format the token (e.g. for issuing to a new
user) [0320] Mutual auth with Admin Key [0321] Send reformat
command to: [0322] Remove existing User PIN (and reset retry
counter) [0323] Remove existing password protection keys PEK_ENC,
PEK_MAC [0324] Reset applet to FORMATTED state [0325] (Does not
reset PUKs--used PUKs remains used)
6.13.2 PIN Reset
[0326] In order for the Sys Admin to reset the PIN, [0327] Mutual
auth with Admin Key [0328] Send PIN reset command with the user's
new PIN [0329] (Does not require PUK)
6.14 Emergency Access
6.14.1 Lost/Defective NFC Token
[0330] For emergency online access, the user may simply login
manually with his password. If the user does not know/remember his
password (due to the use of a complex password, for example), the
applications password reset facility may be used to set a new
password (and also change the Hoverkey protected password).
6.14.2 Forgotten/Blocked PIN
[0331] If an App's policy requires a PIN which the User does not
remember, he could: [0332] Try different PINs until PIN Blocked (if
not already) and request a PUK from the Sys Admin to Unblock and
reset the PIN, [0333] Log in manually if he remembers the user ID
and password (although he will have to either recall or reset the
PIN eventually to continue using Hoverkey L1).
6.15 Synchronising Credentials Between Devices
Preconditions:
[0333] [0334] User has devices with IDs DeviceA and DeviceB
respectively [0335] The user's token has been activated and ready
for use for both devices [0336] The user has registered an app with
an ID AppX on DeviceA [0337] AppX has not been registered on
DeviceB Goal: [0338] AppX credentials for the user becomes
available for use on DeviceB
[0339] Steps
1. On DeviceB, AppX registers itself with Hoverkey Service using
either the symmetric key or asymmetric key method, but without
supplying the user's credentials. 2. Service retrieves the file
AppX/DeviceA/credentials.dat from the cloud storage 3. Service
uploads the same file, unaltered, as AppX/DeviceB/credentials.dat
4. The credentials are now ready for use on DeviceB
7. CRYPTOGRAPHIC SPECIFICATION
7.1 Key Management
[0340] For security purposes, keys used for encrypting and
integrity-protecting user passwords for storage (generated by the
applet at activation) never leave the applet (nor the physical
token). Session keys are also used (generated by the Hoverkey App)
for encrypting and integrity-protecting passwords over NFC after
decryption. These are wiped immediately after use.
7.2 Password Storage Encryption Process
[0341] FIG. 7 shows the password encryption process.
[0342] Encrypting password for storage, to be performed by the
applet. [0343] a) Combine policy, length of password and password
itself received from device, apply padding to align with encryption
block length [0344] 2. Generate a random Initialization Vector (IV)
of encryption cipher block length [0345] 3. Encrypt block generated
in Step 1 in CBC mode using IV from Step 2, using Key PEK_ENC
[0346] 4. Encrypt the IV with PEK_ENC in ECB mode [0347] 5.
Calculate a MAC on (output from Step 4+output from Step 3) using a
hash based MAC (HMAC) with the key PEK_MAC [0348] 6. (Output from
Step 5+output from Step 3+MAC from step 4) is returned to device
for storage
7.3 Password Retrieval (Session) Encryption Process
[0349] FIG. 8 shows password retrieval encryption.
[0350] To be performed by applet, after verification of the MAC,
decryption of the encrypted object supplied by device, and
validation of the policy field. [0351] 1. The plaintext password is
left padded with a two-byte length field, and right padded with
random bytes to make the largest allowable block (fits within an
R-APDU) whose size is a multiple of the cipher block length [0352]
2. Steps 2-5 as per the Password Storage Encryption Process, except
that Session_PEK_ENC and Session_PEK_MAC are used for encryption
and integrity protection instead.
7.4 App Registration Key Derivation Hierarchy (Symmetric Key)
[0353] FIG. 9 shows the key hierarchy. Keys are derived using the
HMAC-Based KDF with as described in NIST Special Publication
800-108, [: L. Chen, Recommendation for Key Derivation Using
Pseudorandom Functions (Revised), NIST SP 800-108, October 2009,
available from
http://csrc.nist.gov/publications/nistpubs/800-108/sp800-108.pdf.
This document is incorporated by reference.
Issuer Keys
[0354] IssuerMasterKey=Random bytes generated by secure RNG
Org Keys
[0355] OrgID=Assigned unique OrgID AppID=(globally) unique app
identifier
8. HOVERKEY APPLET STATUS
[0356] FIG. 10 illustrates the applet statuses, and their
sequencing.
TABLE-US-00002 State Description Installed Applet is installed but
not yet selectable Selectable Applet is now selectable and now
ready to be personalized. Formatted Personalization step 1:
Hoverkey (or a trusted third-party) has generated and loaded OrgID,
APIKey, Auth Key, Admin Key and PUKs. Admin may reset activated
cards to this state. All data objects are reset except for any PUKs
that have been used. Activated Personalization step 2: Token
delivered to User who has also received his personalized activation
email. He has followed the instructions to activate the token and
set the PIN. The Applet is now ready to be used operationally.
Additional devices may be added at this point. PIN If the User's
PIN tries remaining counter reaches zero (with Blocked at least one
unused PUK remaining), the Applet enters this state and will not
perform the core functions until it's unblocked with a PUK Blocked
If PUK tries counter reaches zero or PIN tries counter reaches zero
with no more PUK remaining, the Applet becomes locked. The token
must be revoked, then it may be destroyed or sent back to
Hoverkey
9. GLOSSARY
TABLE-US-00003 [0357] Term Definition Applet Software program
running on a smart card supporting Global Platform and card (e.g.
Java Card) specifications Application Protocol Data Basic
communication messages between a smart card and the Unit (APDU)
terminal (reader) App Registration Validation of a third party app
by Hoverkey at first use and issuance of API key for subsequent
access Bluetooth/BLE A set of wireless communication standards
designed for short- range data exchange between devices. Typically
used by small personal devices to create a Personal Area Network.
Bluetooth Low Energy (BLE) is a Bluetooth standard which allows
low- power devices which only communicate intermittently to consume
a fraction of the power required by normal Bluetooth. Customers The
person or organization responsible for day-to-day management of
Hoverkey tokens. In particular, they are responsible for sending
out activation emails and, when a user requires PIN unblocking,
authenticating the user and issuing PUK codes. When selling
directly to End Users, Hoverkey will in effect play the role of the
Customer. Developers Developers of mobile applications, especially
those who embed Hoverkey functions into their apps DeviceID A
unique identifier for a mobile device (or one that is highly likely
to be unique) Developer Apps Developers may enhance the security of
their existing mobile applications by creating a Developer App,
using the Hoverkey iOS and Android or other types of code
libraries. End User (or User) A members of a Customer organization
who uses Hoverkey- enabled applications Emergency Access An
optional service which allows access to Hoverkey-protected services
without a functioning NFC token using a pre-specified back-up
authentication method. Global Platform An organization responsible
for specifying standards for smart card application (i.e. applet)
management Hoverkey L1 App An application installed and run on the
User's mobile device providing Hoverkey Service and management
functions Hoverkey Component Software component provided by
Hoverkey for integration into third-party Apps Issuer Partner An
organization with an established relationship with Hoverkey to
issue Hoverkey tokens to their Customer Personal Identification A
sequence of digits which is kept secret by the user for Number
(PIN) authentication to the NFC Token System Administrator (Sys
Typically the person in the Customer organization who is Admin)
responsible for implementing IT security policies and will have
influence over any security product that may be selected by the
organization. They have a technical skillset. They may also take
the role of User Administrator (see below) in small deployments.
Token Activation The process by which an End User sets up the first
use of his NFC token Token Formatting The process by which blank
smart cards are prepared for the Customer User Admins This is the
person in the Customer organization who is responsible for the
operating the IT security systems.
* * * * *
References