Debug window
Virtual phone '' initialized
Device certificate:
  Subject DN: CN=Device Type 1AK4, SerialNumber=75035, DC=webpki, DC=org
  Issuer DN: CN=Mobile Device Root CA, DC=webpki, DC=org
  Serial number: 1220970008609
  Validity: 09-SEP-2008 To 09-SEP-2033
  SHA1 hash: F6EFA43B7B2353119974BE9F7511B581D040C79B
Received XML Object: PlatformNegotiationRequest
Sent XML Object: PlatformNegotiationResponse
Received XML Object: KeyOperationRequest
Provisioning session #5 initiated
PUK policy object with value '01234567890123456789' and PUK_ID=7 created
PIN policy object with PIN_ID=7 created
RSA keypair with size '2048' and KEY_ID=15 created
RSA keypair with size '1024' and KEY_ID=16 created
Key with KEY_ID=13 was marked for deletion
Key with KEY_ID=14 was marked for deletion
Sent XML Object: KeyOperationResponse
Received XML Object: CredentialDeploymentRequest
Certificate with fingerprint=BDB5C1E3070281178CEF467B2CCB1D3E62D26A41 deployed to KEY_ID=15
Extension object of type 'Information Card 1.0' deployed to KEY_ID=15
Certificate with fingerprint=AFBACACC334BA417278B1156E73BB7031B216099 deployed to KEY_ID=16
Symmetric key with value '3132333435363738393031323334353637383930' deployed to KEY_ID=16
Property object of type 'HOTP 1.0' deployed to KEY_ID=16
Logotype object of type '' deployed to KEY_ID=16
Keys marked for deletion (2) were deleted
Provisioning session #5 successfully terminated
Sent XML Object: CredentialDeploymentResponse 
To facilitate protocol verification and external input without requiring downloads and software installs, an emulator in the form of a web-application has been developed.
The following "snapshot" of the emulator shows a complete [sample] KeyGen2 protocol round including:
- TPM-inspired "certified" key-generation
- Provisioning of PIN and PUK policy objects
- Provisioning of X.509 certificates
- Provisioning of an Information Card (tied to an X.509 certificate)
- Provisioning of a symmetric key ("piggybacking" on an X.509 certificate)
- Provisioning of a "property bag" for HOTP (RFC 4226) support
- Provisioning of a logotype for usage in an OTP application
- Key life-cycle-management operation
Universal Provisioning is not black magic, it is just a way to reduce costs for platform vendors as well as making on-line provisioning a viable alternative for any kind of activity benefiting from two-factor authentication.
Note that you can click on the blue links to get the actual XML data.