What is a Secure Element?

This entry was posted on Wednesday, April 18th, 2018.

This blog was originally posted on May 22, 2014 and was last updated on April 18, 2018

As smartphones become ubiquitous, demand for killer mobile applications across payments, ticketing and identification has never been higher.

Secure element

Alongside an exceptional user experience, robust security is key to driving consumer adoption. To deliver secure services, application issuers need to store user credentials in an environment called the secure element (SE).

What is an SE?

An SE is a tamper-resistant hardware platform, capable of securely hosting applications and storing confidential and cryptographic data.

The highly-secure environment provided by the SE protects the user’s credentials. In the finance industry for example, SEs are used to host personalized card applications and the cryptographic keys required to perform financial (EMV) transactions at a point-of-sale (POS) terminal. SEs used in the identity market may hold biometric data or certificates which can be used for signing documents.

Different SE form factors

It is important to note that SEs come in different form factors. Universal integrated circuit cards (UICCs) and microSD cards are removable, whereas embedded SEs (eSEs) and embedded UICCs (eUICCS) are directly bonded on the device motherboard.

Another form factor is the cloud-based SE.

Managing complexity with cloud-based SEs

Historically, it has been difficult to integrate with a physical SE on a mobile device due to the complex business models and interdependencies required to establish the relationships between the many stakeholders involved in the ecosystem.

For this reason, the industry started to explore remote or cloud-based SEs.

By moving the SE to a remote environment (the cloud), the cost and complexity of managing a physical SE can be reduced significantly, ensuring a consistent user experience yet maintaining the security features of the conventional, physical SEs.

Host card emulation (HCE) – the missing link

Even with cloud-based SEs, challenges remained in driving uptake of mobile services.

Enter HCE.  Since Google moved to incorporate HCE functionality into Android KitKat 4.4, the technology has played a key role in facilitating the widespread adoption of contactless NFC mobile payments, for example.

This is because HCE provides the bridge between the POS terminal, the remote SE and issuing banks. Importantly, HCE does not require any changes to acquiring infrastructure nor optimization to support NFC.

Rambus Host Card Emulation