Secure Element (SE) is a chip that is by design protected from unauthorized access and used to run a limited set of applications, as well as store confidential and cryptographic data.
Smartphones and tablets, hardware cryptowallets, and other devices use Secure Element. The chip can store and process information such as PIN codes, passwords, fingerprints, payment information, and much more.
Secure Element security
Restricted access to the chip ensures Secure Element’s strong protection. First, no programs can be installed on it (all of its software is preinstalled). Second, only trusted applications (for example, digital wallets) and devices (for example, POS terminals) have read and/or write access to the chip. Secure Element is also designed to counter many known attacks, in particular side-channel attacks.
Secure Element technology provides the following features at the hardware level:
- Detection of hacking and modification attempts;
- Creation of a Root of Trust (RoT) platform for encryption systems;
- Provision of secure memory for storing private encryption keys, bank card details, and other information;
- Cryptographically secure generation of random numbers;
- Generation of keys — for example, pairs of private and public keys for asymmetric encryption.
Secure Element applications
Secure Element has uses in various areas where data security is crucial.
- Authentication. Access to online services can be protected not only by a username and password, but by strong authentication based on credentials that are stored and processed inside the chip. Secure Element authentication can be applied for logging in to critical services, such as a VPN or corporate e-mail.
- Digital signature. Secure Element can store keys for digitally signing documents or other data, as well as generate a signature. What’s more, the key is not sent anywhere, so it cannot be intercepted by malicious programs.
- Contactless payments. Secure Element can be used for contactless payments with your mobile device. All payment information is stored on the secure chip, which uses NFC technology to communicate directly with payment terminals.
- Cryptocurrency wallets. Using a so-called cold wallet based on a specialized device with a Secure Element chip is the most reliable way to store public and private cryptographic keys.
- Biometric data storage. Secure Element is also used in biometric passports. The secure chip ensures the safe storage of sensitive data.
Secure Element types
Secure Element can be implemented in one of several ways:
- As a removable device:
- In a universal integrated circuit card (UICC)
- In a Micro SD card
- As an embedded SE (eSE);
- As a cloud service.
Cloud Secure Element and Host Card Emulation technology
In developing payment platforms, both Google and Microsoft have encountered trouble because not all devices on which their operating systems are installed have a Secure Element chip, which is required for NFC-based payments. For that reason, Google initiated the creation of a cloud-based Secure Element.
The technology for hosting a secure storage in the cloud and interfacing it with mobile devices is called Host Card Emulation (HCE). It can considerably cut the cost and complexity of managing the secure storage without significantly compromising security.
HCE functionality was first implemented in Android KitKat 4.4 as part of the Google Pay (formerly Android Pay) payment service.