March 29, 2021
Google recently formed the Android Ready SE Alliance with the goal of enabling the speedier distribution of Secure Element (SE) technology for digital wallets and digital car and home keys among other products. In Google’s Pixel phones, the SE is a Titan M chip which, separate from the phone’s processor, stores encryption keys and validates the operating system. The Android Ready SE Alliance’s device manufacturers and SE sellers hope to speed up the timeline to bring a variety of these digital products to market.
Engadget reports that members of the Alliance, which will “work together to create a collection of open source and ready-to-use applets for SE chips,” have debuted StrongBox, its applet that is a “tool for storing cryptographic keys.”
StrongBox is “also available on WearOS, Android Auto and Android TV devices.” Initially, “the Alliance will focus on use cases like digital car keys and mobile driver’s licenses.” With regards to the former, “Google is playing catch-up to Apple.”
Engadget notes that although “Google doesn’t mention digital vaccine passports … that’s another potential use case for the tech.” Google stated that “several Android manufacturers [are already] adopting Android Ready SE for their devices.”
According to 9to5Google, what’s required is “tamper-resistant hardware, like the Pixel’s Titan M chip, which makes possible tamper-resistant key storage for Android apps (to store data) called StrongBox.” Together, those technologies will enable “digital keys, mobile driver’s license (mDL), national ID, ePassports, and eMoney solutions (wallets).” Most phones already include “discrete tamper-resistant hardware called a Secure Element (SE),” which Google has identified as “the best path for introducing these new consumer use cases in Android.”
Other members of the Android Ready SE Alliance include Giesecke+Devrient, Kigen, NXP, STMicroelectronics, and Thales. The General Availability (GA) version of the StrongBox for SE applet is “qualified and ready for use by our OEM partners,” said the Alliance.
The Android Ready SE Alliance process was detailed as: “pick the appropriate, validated hardware part from their SE vendor; enable SE to be initialized from the bootloader and provision the root-of-trust (RoT) parameters through the SPI interface or cryptographic binding; work with Google to provision Attestation Keys/Certificates in the SE factory; use the GA version of the StrongBox for the SE applet, adapted to your SE; integrate HAL code; enable an SE upgrade mechanism; and run CTS/VTS tests for StrongBox to verify that the integration is done correctly.”
More information on the Android Ready SE Alliance can be found here.