![]() In spring 2016 the FBI paid somebody a lot for a tool that can access recent iOS phone memory, and Apple does not know how it is done. Store files on external memory card of Android, and they are open to everybody.) (Store files on Android internal filesystem, and they are somewhat protected. Other platforms (Blueberry, Windows Phone) are in definite minority and less well known. This general purpose protection does not happen in either Apple iOS, or in Android platforms. Any other security environment requires that a general purpose platform (iOS, Android) is hardened against third parties accessing files and memory of the phone. In addition to SIM card holding the trusted applications, recent developments have been around so called Trusted Execution Environment (TEE) specification by Global Platform. To produce Level of Assurance 4 authentication everything must be tight: Registration method, Identity verification, the security module implementation must be hard (EA元 or higher,) and finally the user interface must be unambiguous. They are somewhat different thing: LoA says about identity, and sets effectively but not explicitly a minimum EAL levels for implementation, plus adds additional requirements on how the registration is done. This is also easy to confuse with Common Criteria Evaluation Assurance Level (EAL). ![]() That is fine, if they have found a way to create a security container that fullfills required Level of Assurance (LoA). Such is trivial for a very low LoA, but highest levels are harder to meet. Some technology vendors are claiming that they can do secure mobile authentication without a SIM. ![]() The “SIM-less” in this context is a collection of all those techniques that do not use a SIM as a secure tamper proof hardware to implement the place for running the secure element function with a precisely known runtime environment.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |