πŸ“– eUICC.tech ← All Stories 🏠 Home
Page 1 of 14
πŸ”’

πŸ”’ Factory Secrets

How Keys Stay Safe on the Assembly Line

The factory is a courier, not a custodian: it moves locked boxes but never sees inside

Page 2 of 14
Page 3 of 14
🏭 FACTORY ⚠️ NOT SECURE Workers Computers Robot : None should see keys! Rule GENS09: Plain keys exist ONLY inside the chip Rule GENS10: Factory never gets secret keys The Factory = A Courier, Not a Custodian

πŸ‘€ The Golden Rule: Factory = Untrusted

SGP.41 starts from one blunt principle: factory floors are not secure enough to hold secrets. Assembly line workers, production computers, even the Robot: none should see a real key. Two rules enforce this: plain keys exist only inside the chip, and the factory never gets the secret keys.

Page 4 of 14
Page 5 of 14
Key Maker SAS Vault PLAIN KEY βœ… Safe here ↓ Factory Untrusted πŸ”’ LOCKED ⚠️ Can't read ↓ eSIM Chip PLAIN KEY βœ… Installed! β†’ β†’ Key in plain form at only TWO places: Key Maker vault & eSIM chip

πŸ—ΊοΈ Where the Key Actually Lives

The key exists in plain form at exactly two places: inside the Key Maker's SAS-certified vault, and inside the eSIM chip after installation. At every point in between: in transit, in storage, on the assembly line: it's a locked, scrambled, unreadable package.

Page 6 of 14
Page 7 of 14
1. Born in Secure Vault SAS-UP certified Like hospital with guards β†’ 2. One Lock One Profile Used once Then destroyed No cloning! β†’ 3. Secret Never Leaves Private key buried in chip forever β†’ GONE πŸ›‘οΈ Secret Weapon: One-Time Keys Stealing one locked package reveals nothing about others Each key is unique. Each key is used once. Each key is destroyed.

πŸ”‘ One-Time Keys: The Secret Weapon

The foundation of IFPP security is one-time keys: disposable, single-use padlocks. Born in a SAS-UP certified environment, used for exactly one profile, then destroyed forever. The private part never leaves the chip. Stealing one locked package reveals nothing about any other!

Page 8 of 14
Page 9 of 14
🚫 NOT Needed: SAS Accreditation All security at Key Maker 🚫 NOT Needed: HSM Hardware No secret keys to protect 🏭 Low-cost factory No expensive security certification! Just passes through encrypted packages

🚫 What the Factory Does NOT Need

This is the best part for manufacturers: they don't need SAS accreditation and they don't need an HSM (Hardware Security Module). All security work happens at the Key Maker. A high-volume IoT factory making cheap sensors just passes through encrypted packages: no expensive certification required!

Page 10 of 14
Page 11 of 14
βͺ Perfect Forward Secrecy Even if master key is stolen in the FUTURE... ...all old locked packages from the PAST stay safe! Each binding uses fresh key material: thrown away after use πŸšͺ FPA Services Lock Factory interface on chip deactivates permanently NO back door! πŸ›‘οΈ No Overlap Factory mode and consumer mode can never run at the same time!

βͺ Forward Secrecy & Locking the Door

Perfect Forward Secrecy means even if someone steals the Key Maker's master key in the future, old packages from the past stay safe. Plus, the factory-only interfaces on the chip lock forever after production: no "factory back door" for attackers!

Page 12 of 14
Page 13 of 14
βœ… ❌ One lock. One key. One chip. Try a different chip? It fails instantly!

If someone on the assembly line copied a locked key package and tried to install it on a different chip, it would fail instantly. The one-time key binding means the package is cryptographically tied to one specific chip's private key. It's like a lock that only opens for one specific key in the entire universe!

πŸ“š Keep Exploring!

πŸš— Next: Who Uses Factory Keys? β†’

πŸ“– Back to All Stories

Page 14 of 14
⬆ ⬇