The Next Guy
JCHJava Community | Help. Code. Learn.
•Created by The Next Guy on 4/5/2025 in #java-help
Thoughts about my Security Implementation
So the basic idea is that I have a device that's able to connect to WiFi and talk to a server that I have. The overall goal is to have the device be able to authenticate a user while offline using signed access file of two levels.
When a connection is requested, if the device detects its RTC to be out of date or compromised, it attempts to connect to WiFi, the my server to obtain a signed Timestamp (also contains some noise). If it can't connect to the server, it prompts the user for valid wifi credentials.
The devices contain the public Root OEM key in their program memory (later implementations may use a permanent data chip and a secure EC crypto chip) that they use to verify access 1, which contains another public key, the intermediate key, along with some parameters like expiration, permissions, and noise signed by the OEM key. Access 2 is signed by the intermediate key, and is formatted the same except contains the connecting user's public key.
The permissions are then validated (intermediate cannot provide permissions in access 2 not given in access 1), and a challenge is sent to the device encrypted by the user public key. The user must then send the challenge back in plain text, but signed by the user private key. If all goes well, the user is then given secure access.
9 replies