Secure Element access control is used in addition to existing protection mechanisms (such as permissions or security OS policy limiting access to sensitive APIs). The access control is designed to prevent unauthorized access to resources in the Secure Elements and typically to prevent denial of services attacks (PIN blocking, selection of non multi-selectable applets, etc.).
This version includes corrections and clarifications, adds support for SHA‑256 to derive DeviceAppIDs from the certificate of the device Application Provider (deprecated SHA‑1), and adds support for SHA‑256 in Access Rule Files.
Previous Version(s)
The Secure Element access control, defined in this specification, is used in addition to existing protection mechanisms (such as permissions or security OS policy limiting access to sensitive APIs). The access control is designed to prevent unauthorized access to resources in the Secure Elements and typically to prevent denial of services attacks (PIN blocking, selection of non multi-selectable applets, etc.). This access control mechanism is transparent to client applications running in the device and is enforced within the device operating system itself. This document specifies how the access policy is stored in the Secure Element, and how it can be accessed and applied by the device.
