Hi Raveendranath,
in general, you can implement own OCPersistentStorage functions using the hardware security features that you need: such as trust zone, secure element, secure storage, etc. But this will provide only a basic security level, sensitive data will be available in RAM..
If you need a strong security protection using the trust zone - you should integrate it by yourself at the cryptographic library level(mbedtls) also.
Best regards,
Aleksey Volkov
--------- Original Message ---------
Sender : Raveendranath Kondrakunta <raveendranath.kondraku...@gmail.com>
Date : 2018-02-27 12:50 (GMT+2)
Title : [dev] Trust Zone related
Hi,
For the purpose of demonstrations, the certificates related information(public and private keys) is shown in the Resource svr db(oic_svr_client.json, oic_svr_server.json etc)
In the real world, application it is expected to read from them from secure place, like TrustZone.
Noted mentioned in wiki
Note : it will be sample or test purpose, as for the commercial version, this resource may be refering to security element such as TZ or eSE.(you can see TZ wrapper guide document in iotivity)
Where can I find more information, on TZ Wrapper guide?
-Ravee
_______________________________________________ iotivity-dev mailing list iotivity-dev@lists.iotivity.org https://lists.iotivity.org/mailman/listinfo/iotivity-dev
|
|
_______________________________________________ iotivity-dev mailing list iotivity-dev@lists.iotivity.org https://lists.iotivity.org/mailman/listinfo/iotivity-dev
