Mastercard Incorporated
Cryptographic system management

Abstract:

A method of refreshing key material is described for use in a trusted execution environment logically protected from a regular execution environment. The trusted execution environment further comprises a key identifier. New key material is received at the trusted execution environment to replace existing key material. The key identifier is set to a new value to indicate that new key material is present. The new value of the key identifier is provided directly or indirectly to other parties in association with cryptographic outputs provided by the trusted execution environment using the refreshed key material. This approach is described in connection with an application executing securely on a mobile device.