App Instance Security
From MgmtWiki
Full Title or Meme
Description of the measures that can be taken to secure an application that has access to keys protected by a device's operating system with Threat Model issues.
Context
Problems
- How can we be sure that the app is who it says it is?
- How can we be sure that the hardware protection is secure and is used by the app?
Solutions
Native apps that want to be able to attest to their access to a secure place to store an instance ID and key will immediately forward a CSR and acquire a key certificate prior to performing any secure operation.
References
[Category: Security]]