GlobalPlatform made simple guide: Secure Element
What is a secure element and what are the form factors?
A secure element (SE) is a tamper-resistant platform (typically a one chip secure microcontroller) capable of securely hosting applications and their confidential and cryptographic data (e.g. key management) in accordance with the rules and security requirements set forth by a set of well-identified trusted authorities.
There are three different form factors of SE: Universal Integrated Circuit Card (UICC), embedded SE and microSD. Both the UICC and microSD are removable. Each form factor links to a different business implementation and satisfies a different market need.
Does GlobalPlatform see one form factor dominating the market?
It is not within the remit of GlobalPlatform to make a choice between the different form factors. GlobalPlatform is form factor agnostic and, as such, is working to standardize all three SE technologies. Selection of an SE is a business choice that will be made by the service provider or end user. GlobalPlatform's concern lies with standardization and interoperability of application management within an SE, whatever the form factor.
Work to standardize all three form factors is to the benefit of the market. Service providers and application developers can have confidence in the standards of SEs when developing their products. Broader development and deployment reduces costs and time to market. With standardization and interoperability across the marketplace, developers will only need to make one application, where they once needed to create three.
Who created SEs and why are they necessary?
SEs are an evolution of existing secure technology. The chip that resides in credit and debit cards has been adapted to suit the needs of the mobile world. With multiple applications now being stored and their processes executed in the same device, it is essential to be able to house trusted applications and their associated credentials in a secure environment.
The presence of an SE is essential to the deployment of value added services (VAS). Authentication, identification, signatures and PIN management are all central to the deployment of VAS and all require a protected environment to operate securely. Taking a payment application as an example, it is important that the user's credentials do not become visible. The tamper resistant security of the SE is ideal for this task. The SE controls interactions between trusted sources (a bank), the trusted application (a mobile payment application) stored on the SE and third parties (a company the user is making a payment to). The secure domain protects the user's credentials and processes the payment transaction in a trusted environment, ensuring the safety of the user's data.
Why is GlobalPlatform involved?
As a technical organization, GlobalPlatform is concerned with the management of multiple applications on secure chip technology, across different markets.
Since its inception, GlobalPlatform has sought to create a standardized infrastructure to reduce the cost, and simplify the deployment, of VAS.
The success of GlobalPlatform's deployment across different markets gives assurance to issuers that a compliant GlobalPlatform SE will be able to host a multitude of services.
GlobalPlatform's experience in standardization will ensure interoperability across the ecosystem allowing the execution of numerous applications from multiple markets and different actors, all on a single device.
At what stage is GlobalPlatform in the standardization of SEs?
GlobalPlatform is currently completing a cycle to support the three form factors of SEs in the contactless environment. GlobalPlatform has been working on this technology since 1999 and the technology is therefore extremely stable. It is important to remember that SEs are about more than just payment, they have applications in ID, transport and mobile TV to name just a few. Soon, as most people now have a secure chip in their wallet in the form of their debit card, they will also have one in their mobile devices.
The GlobalPlatform Compliance Program is currently focused on the UICC (in the standardization arena) and financial cards but is being advanced to support embedded SEs and microSDs. GlobalPlatform is seeking to create a standardized, mature environment for SE functionality centered around security, interoperability and functionality.
Visit the GlobalPlatform Specifications webpages to download the SE Configurations.