Trust Hub Enablement

Each Trust Hub dongle is shipped in a factory locked state. Before applications can be loaded to it, it must be enabled by loading MULTOS security data, supplied by the MULTOS Key Management Authority (KMA), to the chip.

This security data (called an MSM) is specific to each MULTOS chip’s serial number (its mcd-id) and identifies the device-owner (the issuer-id) and contains the unique RSA keys used to manage (load and delete) the apps on the device.

There are two choices for enablement as detailed below. Both rely upon the SmartDeck SDK for Windows having been downloaded and installed. Example commands:

• To read the mcd-id and append it to the named mcd-id list file
  hterm -serial COM5:i2c -mid mcd-id-list.mid
• To enable a dongle using an MSM file (can only be done once!)
  hterm -serial COM5:i2c -msm enablement_batch1.msm
• To get the mcd-id of the device
  hterm -serial COM5:i2c -manufacturer

Using the Developer Community issuer-id

This provides a convenient, quick start approach for using Trust Hub dongles in a development setting. There is no need to register with the KMA immediately because:

• Enablement data and device certificates have already been generated and are available to download.
• Application certificates to use with the application template and Developer Community issuer-id have already been generated. See the Application template section.

Using your own issuer-id

Typically you do this when deploying a fully tested application to dongles that are going to be used outside of a development or closed environment, e.g. to authenticate remote users.

By registering as an issuer with the KMA you can request your own enablement data and application certificates giving you total, guaranteed, control of the contents of your MULTOS devices. For details of how to register and use the KMA, see the StepXpress User Manual.