Version 1: Release Note 28 November 2014


Device Security Credentials



Download 4.8 Mb.
Page23/258
Date03.04.2021
Size4.8 Mb.
1   ...   19   20   21   22   23   24   25   26   ...   258

Device Security Credentials


Where a Device is of deviceType that is gSME, eSME, communicationsHubCommunicationsHubFunction, or communicationsHubGasProxyFunction, that Device shall have the capacity to store and use securely four private keys:

  • for Key Agreement, a Current Private Key and a Pending Private Key; and

  • for Digital Signing, a Current Private Key and a Pending Private Key.

Where a Device is of deviceType that is type1HANConnectedAuxiliaryLoadControlSwitch or type1PrepaymentInterfaceDevice, that Device shall have the capacity to store and use securely two private keys:

These stores shall be referred to as Private Key Cells.

Wherever one of a Device’s Private Keys is required to be used by a GBCS Cryptographic Protection process, only the relevant Current Private Key shall be used. A Device shall not use any Pending Private Key in any GBCS Cryptographic Protection.

Where a Device holds a Private Key that is to be used for Key Agreement, the corresponding Public-Private Key Pair shall have been generated according to the NSA’s ‘Suite B Implementer’s Guide to NIST SP 800-56Ar2’ using the ‘Key Pair Generation Using Extra Random Bits’ method.

Where a Device holds a Private Key that is to be used for Digital Signing, the corresponding Key Pair shall have been generated according to the NSA’s ‘Suite B Implementer’s Guide to FIPS 186-3 (ECDSA), February 3, 2010’7 using the ‘ECC Key Pair Generation Using Extra Random Bits’ method.

Where a Device supports the processing of Remote Party Messages, the Device shall:


  • have two Trust Anchor Cells to store two Device Certificates relating to itself, with one Trust Anchor Cell for storing Device Certificates where keyUsage = keyAgreement and one for Device Certificates where keyUsage = digitalSignature;

  • where those two Trust Anchor Cells are populated, ensure the Device Certificates have the following attributes:

        • both Device Certificates meet the requirements specified at Section 13;

        • both Device Certificates’ hwSerialNum fields have a value the same as the Devices’ Entity Identifier; and

        • each Device Certificate’s keyUsage field has the same value as the Trust Anchor Cell in which it is placed.

        1. Directory: government -> uploads -> system -> uploads -> attachment data -> file
          file -> Remove this if sending to pagerunnerr Page Title Light Rail Security Recommended Best Practice
          file -> 8 Section 1 : Sport
          file -> Notice of exercise of additional powers of seizure under Sections 50 or 51 of the Criminal Justice and Police Act 2001
          file -> Home office circular 004/2014 Powers to search for and seize invalid travel documents in Schedule 8 to the Anti-social Behaviour, Crime and Policing Act 2014
          file -> Consultation on the Royal Parks and Other Open Spaces (Amendment) (No. 2) Regulations 2012
          file -> Crown copyright 2012
          file -> This is the Report to Government by the Film Policy Review Panel The brief
          file -> Impact Assessment (IA)
          file -> Dcms/Wolfson Museums and Galleries Improvement Fund a public-Private Partnership (2002-2010)


          Share with your friends:
1   ...   19   20   21   22   23   24   25   26   ...   258




The database is protected by copyright ©essaydocs.org 2020
send message

    Main page