Single-purpose devices such as point-and-shoot cameras and MP3 players have already been replaced by smartphones. The Android Ready SE Alliance was launched today by Google to ensure that new phones have the necessary hardware to potentially replace car keys and wallets.
Digital keys, mobile driver’s license (mDL), national IDs, ePassports, and eMoney solutions (wallets) are examples of “emerging user features.” The first is tamper-resistant hardware, such as the Pixel’s Titan M chip, which allows StrongBox, which is a tamper-resistant key storage device for Android apps (to store data).
All these features need to run on tamper-resistant hardware to protect the integrity of the application executables and a user’s data, keys, wallet, and more. Most modern phones now include discrete tamper-resistant hardware called a Secure Element (SE).
“SE provides the best route for implementing these new consumer use cases in Android,” according to Google. To “accelerate the adoption”, the company and its partners (Giesecke+Devrient, Kigen, NXP, STMicroelectronics, and Thales) announced today Android Ready SE Alliance.
SE vendors are joining hands with Google to create a set of open-source, validated, and ready-to-use SE Applets. Today, we are launching the General Availability (GA) version of StrongBox for SE. This applet is qualified and ready for use by our OEM partners.
StrongBox is also available for Wear OS, Android Auto Embedded, and Android TV. Google is currently working on digital car keys, electronic driver’s licenses, and other identification credentials, with unidentified “Android OEMs embracing Android Ready SE for their smartphones,” according to the company. The Android Ready SE Alliance mechanism entails the following steps:
- Choose a suitable, certified hardware component from their SE manufacturer.
- Allow SE to be initialized from the bootloader and provision the root-of-trust (RoT) parameters through the SPI interface or cryptographic binding.
- Collaborate with Google to set up Attestation Keys/Certificates in the SE factory.
- Use the GA version of the StrongBox for the SE applet, adapted to your SE.
- Integrate HAL code.
- Enable an SE upgrade mechanism.
- Run CTS/VTS tests on StrongBox to ensure that the integration is complete.