The GlobalPlatform Specification facilitates secure and interoperable management of applications on secure chips, including those embedded in smart cards, USB tokens and other secure elements. It is intended to protect valuable information such as encryption keys and sensitive data from theft or attack by an adversary. It applies to all platforms by defining application independent, hardware neutral and operating system neutral card components and interfaces and includes virtually every industry such as financial, education and commerce, as well as virtually every capable device type, such as smartphones, tablet computing devices, laptop computers, and so forth.
A secure element defined by the Global Platform Specification contains various security domains including an Issuer Security Domain, a Controlling Authority Security Domain and Supplemental Security Domain. The Issuer Security Domain has privileges for managing card content, card life cycle and application life cycle. Each of these security domains holds a set of symmetric and/or asymmetric encryption keys facilitating secure communication with a server. Processes with access to cryptographic keys for particular domains have access to the respective security domains.
Traditionally, cryptographic keys stored in an Issuer Security Domain are inserted at a vendor and subsequently provided to a trusted services manager (TSM) server. The TSM server then updates the cryptographic keys on the Issuer Security Domain. However the original cryptographic keys created by the vendor are used to encrypt new cryptographic keys. Encrypting new cryptographic keys with the original cryptographic keys known by the vendor is a potential security flaw within the GlobalPlatform Specification, in which an untrusted vendor could access the new cryptographic keys.
Currently, no cryptographic key management scheme exists which involves only a client such as a smart phone and a server for the Issuer Security Domain under the GlobalPlatform Specification.