Android™ Keystore V2

A forward-looking description of this project in the making could be something like
 
using Android as the vehicle that will eventually thwart the current userid/password explosion on the Internet
 
but there are several other useful, more short-term and down-to-earth targets as well, including OTP (One Time Password) generation and secure key storage.
 
Secure key storage will be launched in a two-stage process; first it is about creating a user keystore running as a native Linux service, while the end goal is enhancing the service by introducing "trusted hardware" while still relying on the same architecture for unlimited secure storage, "execution" and management of user keys: http://keycenter.webpki.org/javadoc/keystore/org/webpki/jce/crypto/VirtualSE.html
 
To reach the level of functionality required to qualify as "universal", the keystore is complemented by a matching key-provisioning and management protocol coined KeyGen2: http://keycenter.webpki.org
 
KeyGen2 Highlights:
- Browser-extension scheme
- Symmetric and asymmetric key support
- Information Card add-on
- PIN and PUK options
- TPM "light" operation (http://webpki.org/papers/keygen2/keygen2-fips140-2.pdf)
- "Cryptographic isolation" facilitates secure multi-issuer key-management
- Mobile phones and consumers as primary target
- Anticipated deployment through open source implementations
 
A web-based proof-of-concept emulator is currently available for those who want to get a hands-on feeling of this project:
1. Enroll at http://keycenter.webpki.org
2. Then select "Phone Emulator"
3. In the Phone Emulator issue "Quick Run"
 
Related projects in the SVN "trunk" include WASP and WebAuth which are soaped-up versions of browser PKI clients extensively used in the EU: http://webpki.org/WASP-tutorial.pdf
 
Anders Rundgren, February 2009

Trademarks: Android is a trademark of Google Inc.