Google is pushing ahead with plans to incorporate the Secure Elements chip in future Android phones that will enable the use of digital car keys, mobile driver’s licenses, and maybe ePassports and even digital vaccine passports later. The Secure Element (SE) validates the Android phone’s operating system and also stores encryption keys among other things.
Google’s Pixel phones manufactured in 2018 contain the Titan M processor which is a form of Secure Element chip. The SE will be different from the processors in the mobile device and will function optimally for identity cards and car operations among other things. To promote the actualization and deployment of the proposed SE, Google initiated the Android Ready SE Alliance which is made up of SE vendors and phone manufacturers.
Some of the identified Android Ready SE Alliance includes NXP, Thales, STMicroelectronics, Giesecke+Devrient, and Kigen; but Google omitted to mention Samsung and even Qualcomm as part of the chipmakers for the SE. The alliance will ensure that the vendors and device manufacturers create the new SE features in new Android phones through open-source and ready-to-use applets for SE processors.
The alliance has also gone ahead to launch the StrongBox, the first applet which is designed for securing cryptographic keys. StrongBox will also be available for WearOS, Android Auto, and Android TV devices among other major devices that will be launching in the near future.
Google revealed that the SE will provide the best avenue for bringing “new consumer use cases in Android” to mobile phone users to enable them to digitize car keys and driver licenses among other user-specific needs. It is also possible that the SE digital keys be used for unlocking residences and corporate offices as well as facilitating digital payments in the future.
To this end, users will no longer need to carry car keys or wallets around since everything they need to unlock their cars or make financial payments as well as create digital identity cards.
According to Google, the requirements for Android Ready SE to function are that users must choose the right validated hardware from an approved SE vendor and then activate the SE for initialization through a bootloader and RoT specifics through SPI or cryptographic binding. The user will then have to use Google to obtain Attestation Keys or certificates in the SE factory which will then be used with the GA version of StrongBox appropriate for the user’s SE applet. The HAL code must also be integrated and the SE mechanism upgraded before the CTS/VTS tests for StrongBox are carried to ensure that the necessary integrations have been done the right way.