Many Ways to Secure Element

A secure element (SE) is a platform (typically a one chip secure microcontroller) capable of securely hosting applications and their cryptographic and confidential data in accordance with the rules and security requirements set forth by a set of well-identified trusted authorities.

Initially secure element was only in the SIM primarily because of operator control and because the technology/process is almost identical. SIM security and SE security are almost exactly the same. Mobile devices can include some form of a Secure Element (SE), but a 'SIM card' is almost universally present. Basically all SIM cards in use today are programmable and therefore can be used as a SE.

Then secure element, specifically for NFC started showing up in the phone itself - embedded - because the operators were taking too long to get their act together in supporting NFC. Device manufacturers in partnership with OS companies, started putting SE in phones regardless of operator support.

In parallel, some chip manufacturers were working on secure and manageable secure memory as part of the regular memory of the phone - initially called TrustZone, then Trusted Execution Environment (TEE). The TEE is a secure area that resides in the main processor of a mobile device and ensures that sensitive data is stored, processed & protected in a trusted environment. The TEE's ability to offer safe execution of authorized security software, known as 'trusted applications', enables it to provide end-to-end security by enforcing protection, confidentiality, integrity and data access rights. Qualcomm, Broadcom, G&D, ARM, etc. were involved.

Recently a joint venture called Trustonic was formed between ARM, Gemalto and G&D. Trustonic seeks to develop a standard businesses and banks can utilize to offer secure services such as internet shopping and mobile payments on a range of platforms. The venture is based on ARM’s Trustzone technology, a security extension that sits inside the silicon and can be programmed into the hardware of any smart phone. The software in which Trustzone technology can work is provided by G&D and Gemalto.

While the hardware secure credential storage story was being developed, the industry was restless and trying out various software based approaches. The most potent of those which uses the exisitng NFC protocols is Google's HCE, whereby the SE can be managed in the cloud even while the NFC radio is used in the phone.

With the release of Android 4.4, Google introduced a new platform support for secure NFC-based transactions through Host Card Emulation (HCE), for payments, loyalty programs, card access, transit passes, and other custom services. With HCE, any app on an Android 4.4 device can emulate an NFC smart card, letting users tap to initiate transactions with an app of their choice. Apps can also use a new Reader Mode so as to act as readers for HCE cards and other NFC-based transactions.

You can read Lets Talk Payments article on Google says goodbye to carrier based NFC systems, with HCE.