A secure element (SE) is a secure operating system (OS) in a tamper-resistant processor chip or secure component. It can protect assets (root of trust, sensitive data, keys, certificates, applications) against high-level software and hardware attacks. Applications that process this sensitive data on an SE are isolated and so operate within a controlled environment not affected by software (including possible malware) found elsewhere on the OS.[1][2]

The hardware and embedded software meet the requirements of the Security IC Platform Protection Profile [PP 0084] including resistance to physical tampering scenarios described within it.[3] More than 96 billion secure elements were produced and shipped between 2010 and 2021.[4]

SEs exist in various form factors, as devices such as smart cards, UICCs, or smart microSD cards,[5] or embedded, or integrated, as parts of larger devices.[6][7] SEs are an evolution of the chips in earlier smart cards, which have been adapted to suit the needs of numerous use cases, such as smartphones, tablets, set-top boxes, wearables, connected cars, and other internet of things (IoT) devices. The technology is widely used by technology firms such as Oracle,[8] Apple[9] and Samsung.[10]

SEs provide secure isolation, storage and processing for applications (called applets) they host while being isolated from the external world (e.g. rich OS and application processor when embedded in a smartphone) and from other applications running on the SE. Java Card and MULTOS are the most deployed standardized multi-application operating systems currently used to develop applications running on SEs.[8]

Since 1999, GlobalPlatform has been the body responsible for standardizing secure element technologies to support a dynamic model of application management in a multi-actor model. GlobalPlatform also runs Functional and Security Certification programmes for secure elements, and hosts a list of Functional Certified and Security Certified products. GlobalPlatform technology is also embedded in other standards such as ETSI SCP (now SET) since release 7.[11] A Common Criteria Secure Element Protection Profile has been released targeting EAL4+ level with ALC_DVS.2 and AVA_VAN.5 extension to standardize the security features of a secure element across markets.[12]

References

edit
  1. ^ Bertrand, Cambou. "Enhancing Secure Elements - Technology and Architecture" (PDF). Northern Arizona University.
  2. ^ "What is Secure Element?". Kaspersky.
  3. ^ "Security IC Platform Protection Profile with Augmentation Packages" (PDF). Common Criteria.
  4. ^ "Worldwide Market of Secure Elements Confirms its Resiliency in 2021". Eurosmart.
  5. ^ Lee, Nicole (June 6, 2013). "SD Association adds secure NFC support to its smartSD memory cards". Engadget.
  6. ^ Mehta, Tushar (April 4, 2022). "What is Integrated SIM (iSIM)? How is it better than eSIM?". Digital Trends.
  7. ^ Page, Carly (October 5, 2021). "Yubico's new hardware key features a fingerprint reader for passwordless logins". TechCrunch.
  8. ^ a b "The Open Application Platform for Secure Elements" (PDF). Oracle.
  9. ^ "How Apple Pay keeps users' purchases protected". Apple.
  10. ^ "Samsung Elevates Data Protection for Mobile Devices with New Security Chip Solution". Samsung. May 26, 2020.
  11. ^ "Smart Cards; Remote APDU structure for UICC based applications (Release 12)" (PDF). ETSI.
  12. ^ "GlobalPlatform Technology Secure Element Protection Profile Version 1.0" (PDF). Common Criteria.