User's Manual

On this key a good part of data is assigned to an eeprom memory which, even if external to the processor, is encrypted

with a key contained in the processor internal memory space. This makes reading the eeprom memory useless as the

cryptography key is not revealed. It is also impossible to clone it because each WebIdentity3P device has a

cryptography key which resides on the processor-internal memory partition and is different for each device.

5.2 WebIdentity contents

Three essential items of information are stored securely within the microchip memory, both for WebIdentityDL and for

WebIdentity3P:

1. the Label is inserted in the initialization phase and exclusively used for identifying the WebIdentity token

on the USB bus. It is represented by a string that usually identifies the web service.

2. The User-Identifier (User-Id

) generated the initialization phase and dependent on the key personal data ad

univocal data. The personal data can be made up by any information which might represent the user, for

instance, name and surname; the univocal data is represented by the Token Serial Number (univocal serial

number assigned to each WebIdentity device).

3. The AES 256 key (3DES per WebIdentity3P) generated in the initialization phase, dependent on the Server

Secret (illustrated in the following charter, which can be considered as the generator of all token keys) and on

the User-Id; it is stored in the write-only memory partition; the AES key is the symmetric key.

The computation of the AES key is obtained by means of a hashing and AES cryptography procedure. hashing of User-

Id and AES computation using the Server Secret as a key. A brief introduction to the hashing algorithm is present in

appendix Errore. L'origine riferimento non è stata trovata..

The token secret (dependent on the Server Secret) is therefore given by the AES-Key (symmetric key) used in the

challenge/response operations and stored in the write-only memory of the microchip itself. Its computation typology

ensures the Server Secret and consequently the integrity of the whole service.

In other words if the key entered in the token was recognized, it would not be possible to trace the Server Secret any

way.

The key of the token cannot be accessed as long as one the following events occurs at least:

1. AES is fully violated

2. The whole content of the WebIdentity chip memory is violated

The former case appears highly improbable. The latter case might happen only by using extremely expensive devices.

In the latter case a large economic investment might bring to the violation of a single device, not of the whole system,

therefore the Server key is secure as long as AES is not fully violated.

Figure 5.2 describes the information contained in the WebIdentity token and their connections.

Also named PIN.