In this blog, I am joined by my colleagues Stéphane Quetglas, Marketing Director, Embedded Products and Jean-François Rubon, Strategy and Partnership, as well as Sudhi Herle, Head of AndroidTM Platform Security at Google, to discuss the latest innovation in embedded secure element (eSE).
Could you explain the recent announcement about eSE?
Jean-François Rubon (JFR): Google, Thales and other Secure Element (SE) vendors have announced the creation of the Android Ready SE Alliance.
The increased digitalisation of services, along with a rise in cyberattacks and emergence of stringent data protection regulations, mean that end-users today require trust in order to confidently use digital services. This is where embedded systems can help. The foundation for hardware security relies on the physical chip hardware in which can be built embedded security features, such as the eSE.
This alliance is all about bringing the eSE-powered trust promise to Android the world’s most popular mobile operating system (OS) among connected consumer devices; Android, represents 84% of the worldwide smartphone shipment OS market in 2021 (source: IDC). Android is also available for the tablets, smart TV, connected cars and wearable markets.
What are the main characteristics and benefits of eSE for OEMs?
Stéphane Quetglas (SQ): The eSE is an autonomous, tamper resistant hardware made of a dedicated chip, a secure OS and applications. It ensures secure storage of data, granting access to information only to authorised applications and users, and executes cryptographic operations such as authentication and encryption.
The eSE is certified according to industry standards to achieve the highest security assurance levels (e.g. MIFARE and FeliCa for ticketing applications, EMV, Visacard and MTPS for mobile payment).
In mobile devices like smartphones and smart watches, the eSE is typically combined with the NFC and UWB capabilities of the device. This allows the OEM to provide secure contactless services such as payments, couponing, transport/transit ticketing, access control, etc… Another important benefit for OEMs is that it protects the device against hacking by ensuring a secure boot.
What does the Android Ready SE Alliance represent?
JFR: Under this alliance, Google and the SE Vendors aim to offer a portfolio of tested open source implementations of hardware-backed security applets for existing and new use cases such as strongbox (hardware-backed attestation for premium apps, secure provisioning of Android keys), digital keys (cars, homes), identity credentials national ID, driving license), and e-money solutions (digital wallet, e-money solutions).
What are the benefits of the Android Ready SE Alliance for OEMs?
SQ: The Android Ready SE initiative intends to make the use of eSE easier for device makers. They can now leverage a pre-packaged and validated solution that includes an eSE, a set of security applets and native support by Android. It drastically reduces the required investment to equip devices with an eSE. Being able to increase the security level into their devices, OEMs can now more easily position themselves on new high-value end-user services.
According to Eurosmart, the Secure Element market will grow by 5-8% in 2021 after a flat 2020 due to the pandemic that strongly impacted the sales of smartphones. Today more smartphones and wearable devices are being equipped with an eSE and we believe this growth will accelerate further, boosted by the Android Ready SE Alliance.
“Thales is thrilled to be part of
the Android Ready SE Alliance”
Why is the Alliance important for Thales?
JFR: New smartphone applications such as payment, identity and digital car key services require strong security and trust to be engaged by consumers.
As a member of the Android SE Ready Alliance, we’re excited to help broaden the scope and adoption of tamper-resistant, secure elements that can be seen as roots of trust in the Android ecosystem. For example, we closely collaborate with Samsung to equip their flagship smartphones with advanced eSE.
Thales is uniquely placed to be a strong partner in this field due to its longstanding experience in hardware security technologies, as well as extensive relationships with OEMs and other service providers, including mobile operators, financial institutions, transport providers, automotive makers and governments.
Sudhi Herle: We are delighted to partner with Thales to further strengthen the security of Android through StrongBox via Secure Element (SE). We look forward to enthusiastic and widespread adoption by our OEM partners and developers and the entire Android ecosystem.
As an OEM, what’s your view here? Let us know your thoughts and feedback by tweeting to us at @ThalesDigiSec or leaving a comment below.
You can also read our other related resources on embedded Secure Element here:
- Blog: What the world’s first smartphones equipped with single-chip eSIM / embedded Secure element means for OEMs
- Blog: Four questions OEMs should ask embedded Secure Element manufacturers
- Press Release: Thales’ next generation single-chip solution embedded in Samsung’s latest flagship smartphone
Android is a trademark of Google LLC.