Secure Provisioning Protocols (SCP03 & Wireless Key Fob Standards) # Secure Provisioning Protocols ## SCP03 — Secure Channel Protocol '03' SCP03 is a GlobalPlatform standard for establishing a secure, encrypted channel between a host (server/smartphone) and a secure element (smart card, eSE). It provides: - **Mutual Authentication** — both host and card verify identity - **Data Integrity** — MACs ensure no tampering - **Data Confidentiality** — AES encryption prevents eavesdropping ### SCP02 vs SCP03 Comparison | Feature | SCP02 | SCP03 | |---|---|---| | Core Algorithm | Triple DES (3DES) | AES | | Encryption Mode | CBC with fixed IV (all zeros) | CBC with random IV | | MAC Method | Encrypt-and-MAC | Encrypt-then-MAC | | Modern Key Support | Cannot securely load RSA >2048-bit or ECC | Supports AES, ECC | ### How SCP03 Works Session keys are derived from pre-shared master keys. The protocol follows: 1. Mutual authentication using card and host keys 2. Key derivation to produce session keys (ENC, MAC, RMAC) 3. Secure command/response exchange using APDUs ### SCP03 Amendments - **Amendment D v1.2** (Apr 2020) — introduces S8/S16 modes, extends class byte values. Current standard. - Part of **GlobalPlatform Card Specification v2.3.1** (Mar 2018) ### Key Resources - [GlobalPlatform SCP03 Amendment D v1.2](https://globalplatform.org/specs-library/) - [GlobalPlatform Card Specification v2.3.1](https://globalplatform.org/specs-library/) - Yubico Technical Manual — real-world SCP03/SCP11 implementation in YubiKeys - Samsung Technical Blog — SCP03/SCP11 overview with setup diagrams - [SCP02 vs SCP03 comparison article](https://globalplatform.org/) ### Related: SCP11 (Asymmetric Successor) SCP11 uses ECC for key agreement and is the asymmetric evolution of SCP03. Used for scenarios where pre-shared symmetric keys are impractical. --- ## Smart Card & Secure Element Provisioning Standards | Standard | Body | Use Case | Key Mechanism | |---|---|---|---| | GlobalPlatform Card Spec | GlobalPlatform | Multi-application smart cards (payment, transit, ID) | SCP03/SCP10/SCP11 — secure post-issuance management | | GSMA eSIM (RSP) | GSMA | Mobile devices (Consumer, M2M, IoT) | Remote SIM Provisioning (SGP.22, SGP.02, SGP.32) | | ISO/IEC 7816 | ISO/IEC | Basic smart card communication | T=0, T=1 transmission protocols (APDU framework) | | PCI Card Production | PCI SSC | Payment card manufacturing | Physical & logical security standards | | GlobalPlatform SERAM | GlobalPlatform | Secure Elements in devices (smartphones) | HTTP REST binding for remote app management | ### GlobalPlatform Card Specification The cornerstone for managing applications on multi-function smart cards after issuance: - Card Content Management (CCM) model — install, update, delete apps on deployed cards - Secure Channel Protocols (SCP03, SCP10, SCP11) for confidential/authenticated sessions - Typical flow: mutual auth → secure key exchange → APDU commands ### GSMA eSIM Remote SIM Provisioning - **SGP.22 (Consumer)** — QR code triggers profile download from SM-DP+ server - **SGP.02 (M2M)** — server-driven pull model for machine-to-machine - **SGP.32 (IoT)** — bulk remote provisioning, simplified architecture - Security: TLS mandatory, eSIM Security Assurance (eSA) certification scheme --- ## Wireless Provisioning Protocols for Key Fobs Beyond automotive CCC Digital Key, these are the main standard wireless provisioning protocols: | Protocol | Technology | Use Case | Security Feature | Provisioning Method | |---|---|---|---|---| | Bluetooth Mesh Provisioning | BLE | Smart Home & Building Automation | Certificate-Based Provisioning (CBP) | Wireless via provisioner device | | Zigbee Commissioning | IEEE 802.15.4 | Smart Home & IoT | Install codes, QR codes | Wireless, QR scan or manual | | UWB Digital Key (Aliro) | Ultra-Wideband | Automotive & Secure Access | Secure ranging & cryptography | Wireless, proximity-based | | Android Remote Key Provisioning | Bluetooth/NFC | Mobile Device Management | Secure element binding | Remote, server-initiated | ### Bluetooth Mesh Provisioning - Unprovisioned device broadcasts UUID → Provisioner discovers and initiates secure procedure - Authentication step prevents MITM attacks - **Mesh 1.1 CBP**: Devices issued manufacturer digital certificates → automatic identity verification without user interaction. Enables large-scale deployments. ### Zigbee Commissioning - Multiple commissioning modes including remote procedure - QR code on device/packaging contains install code for secure link establishment - Out-of-band authentication ensures only authorized devices join ### UWB / Aliro - Ultra-Wideband enables secure ranging (precise distance measurement) - Fundamental for preventing relay attacks - Aliro standard defines provisioning phase for key exchange between vehicle and device ### Domain Context - **Automotive Key Fobs**: CCC Digital Key (BLE/NFC/UWB) or proprietary OEM protocols - **Smart Home/IoT**: Bluetooth Mesh or Zigbee commissioning - **Convergence**: UWB becoming cornerstone for next-gen digital keys across standards ### Relevance to SCP03 SCP03 could potentially apply to secure element provisioning in key fobs that contain a secure element chip (e.g., for automotive digital keys). The secure channel would protect the loading of cryptographic credentials onto the fob's secure element during manufacturing or personalization. However, the wireless provisioning protocols above operate at a different layer — they handle the transport/session establishment, while SCP03 would handle the secure channel to the embedded secure element within the fob. id: aad716f0e06a49cc9128dee650b02a79 parent_id: 6babd84074504358ba664996756055a4 created_time: 2026-06-08T08:14:53.159Z updated_time: 2026-06-08T08:14:53.159Z is_conflict: 0 latitude: 0.00000000 longitude: 0.00000000 altitude: 0.0000 author: source_url: is_todo: 0 todo_due: 0 todo_completed: 0 source: joplin-desktop source_application: net.cozic.joplin-desktop application_data: order: 1780906493159 user_created_time: 2026-06-08T08:14:53.159Z user_updated_time: 2026-06-08T08:14:53.159Z encryption_cipher_text: encryption_applied: 0 markup_language: 1 is_shared: 0 share_id: conflict_original_id: master_key_id: user_data: deleted_time: 0 type_: 1