Guidelines for Maintaining the Cybersecurity Level of Security Chip Products
The secure chip incorporates multiple security detection mechanisms. When the chip encounters malicious attacks or abnormal operation, these mechanisms detect anomalies and transition the chip into a secure state. This ensures operation within a protected environment, preventing threats to users' sensitive information.
Secure Chip APIs serve as a bridge between hardware security capabilities and software systems, providing interfaces for interacting with hardware security modules. They deliver operations such as key management, encryption/decryption, secure authentication, data encapsulation and so on. Multiple APIs are provided within the secure chip for user invocation, enabling secure access to the chip's security function
When invoking Secure Chip APIs, users must strictly adhere to the usage methods specified in the API user manuals to ensure security measures effectively protect sensitive information.
Java Card technology implements a hardened runtime environment featuring tamper-resistant hardware integration, certified cryptographic accelerators (AES/RSA/ECC), and its runtime environment ensures secure execution via mandatory bytecode verification, firewalled applet isolation, and atomic transactions for state integrity.
The combined eSE/eUICC product targeting the consumer electronics and mobile market, It is an embedded Secure Element module with NFC functionality integrated into mobile devices.
The combined eSE/eUICC product implements Java Card platform functionalities for secure applet execution and protected data storage, providing core security services to support applications such as eSIM, electronic identity authentication, mobile payment, access control, and transportation.
The product's eSE (embedded Secure Element) and eUICC (embedded UICC) functionalities are isolated logically (via framework mechanisms) and physically (via interfaces/protocols).
The Card Administrator shall control access to card management functions (e.g., applet installation, updates, deletion) and enforce issuer-defined card policies.
The application provider can utilize the API provided by TOE for applet development, downloading, installation, and deletion. This process requires authentication, with successful authentication granting the provider permission to download, install, and delete their own applications. Application Providers must ensure that all keys used within the Applications are securely generated and remain uncompromised.
