4.2.1.2 HardwareSecureDeviceManager Interface

Question

4.2.1.2 HardwareSecureDeviceManager Interface

Closed this issue 8 years ago · 8 comments

"The notion of presence is important because an hardware secure device MAY not always be stucked in the same environment (like an embedded secure element, a TEE...) but MAY be shared with severals (like with a Smartcard, an NFC card...)."
Change to
"The notion of presence is important because a hardware secure device may not always be fixed in the same hardware environment as the user agent (e.g. an embedded secure element or a TEE); some hardware secure devices may be shared with several user agents (e.g. smart cards or NFC cards)."

Change "hardware secure element" to "hardware secure device"

This assumes we prefer the terminology "hardware secure device". In Section 1.1 "Secure Element" is defined but "hardware secure device" is not. I think we need a consistent name to refer to the secure element throughout this document. How about we replace "Secure Element" and "hardware secure device" by "Hardware Secure Element" throughout?

Answer 1 · 2016-07-26T12:43:28.000Z

Fix for correction 1 and 2. Need to discuss on the call today about the third point.

Answer 2 · 2016-07-26T14:30:52.000Z

Initial definition

Hardware Secure Device => include Secure Element + TrustedUI

Answer 3 · 2016-07-26T14:53:40.000Z

So I propose to:

use Hardware Secure Device for the addition of Secure Element and TrustedUI
use Trusted UI only when identifying the display part
use Secure Element or Secure Credential Storage to identify the storage and processing unit

Answer 4 · 2016-07-28T14:08:07.000Z

I support that suggestion. Please review the terminology used throughout the document to make sure it is consistent with the above.

Answer 5 · 2016-08-18T10:48:17.000Z

@sbahloul @mark-orz seems like a consensus, lets commit that consistency check and close the issue....

Answer 6 · 2016-08-29T23:23:21.000Z

I go through the different sections and change the consistency. If you can have a quick look again, it would be perfect

Answer 7 · 2016-08-31T13:54:52.000Z

The use of "Secure Credential Storage" to refer to both the use-case and the actual hardware device ("A secure credential storage is a tamper proof device, providing a secure storage and execution environment for sensitive data and processing") is confusing. Can we use "Secure Element" to refer to the tamper proof device, in the context of both Transaction Confirmation and Secure Credential Storage, and reserve "Secure Credential Storage" for the use-case, not the hardware?

This would involve changing "Secure Credential Storage" to "Secure Element" in sections:
1.1 Terminology
5.1 Attestations
5.3.1 Generic mobile environments

Other than that, I have reviewed the document for consistency and am content to close the issue.

Answer 8 · 2016-08-31T15:27:30.000Z

Ok, I agree, let's change it this way