are there any details on how exactly the secure chip is implemented?
only says that it “doesnt run code” and that it “protects your PIN (without learning it”.
is there perhaps a diagram that shows what exactly is done, also on notably how that secret itself is protected from just being read out when the only thing the secure chip does is “release a secret”, also if the code makes sure that even a worst case Secure element cannot make it worse than if the secure element wasnt there.
a competitor has a pretty neat way including a nice diagram, where they basically have 3 things interacting.
the PIN, a seed value on the main chip, and a KDF with a key on the Secure Chip and restricted by a lifetime counter, which nukes the secure chip after around a million uses, which should last a few centuries in normal use but aint gonna help with bruteforce.
the rundown is basically as follows
- hash the seed and the PIN together
- throw the result into the KDF, which givey a new “strengthened” result
- that strengthened result gets hashed with the seed and PIN once again to arrive at the decryption key for the encrypted seed.
that way both the seed cannot learn the user PIN, nor could the Secure chip throw a wrench into the whole process as the PIN and seed are applied at both ends of the equation.