Part Two: EU Digital Identity Wallets – Security, Reach & Convenience with Secure Elements
Gil Bernabeu, CTO and Jean-Daniel Aussel, eID Wallet Task Force Chair, of GlobalPlatform.
This blog has been written in collaboration with the GlobalPlatform eID Wallet Task Force to share insight on Secure Elements and their role in EUDI Wallet deployments. For more information, check out:
- Secure Element for EUDI Training, October 8 & 9, Brussels
- eID Wallet Seminar, October 10, Brussels
This blog post is the second in a series of two which aims to educate audiences on why the EU has mandated the use of Secure Elements (SEs) for the deployment of EUDI wallets in devices, typically smart phones. The first blog explained the drivers for the EU mandate and rationalized how the SE can help governments reach as many citizens as possible. This second blog post explains the value SEs can bring, as member states seek to combine both security and convenience to ensure successful EUDI Wallet implementations.
EUDI Wallet Security
SE technologies already meet the requirements for a high level of assurance (LoA) as stated in the eIDAS 2 regulations. They are generally certified to a high level of assurance using certification schemes that differ depending on the relevant market segment, e.g. GSMA eUICC Security Assurance Scheme for embedded UICC, EMVCo for payment cards and SOG-IS for electronic passports and ID documents.
For several market segments, SEs are certified using the Common Criteria (CC) methodology and meet the vulnerability assessment AVA_VAN.5 which certifies for an “advanced methodical vulnerability analysis and resistance against a high attack potential”.
Following the introduction of the EUCC scheme in January 2024, SEs will be certified with the EUCC Certification Scheme when available, and EUCC-Certified SEs have a presumption of conformity in line with the wallet requirements.
In summary, SEs offer the highest level of security and already provide security to mass-market sensitive applications, such as mobile network authentication and contactless payments. A SE is a tamper-resistant platform capable of securely hosting applications and their confidential and cryptographic data,
Ensuring Convenience for EUDI Wallets
While high levels of security can sometimes be associated with user friction, UICCs and/or embedded SEs bring a seamless level of convenience for wallet users. As everything can be downloaded, activated and processed within the citizen’s smartphone, there is no need for them to locate and use additional cumbersome external devices such as ID cards or tokens for every action. They also enable offline cases, where citizens need to provide their identity but there is no network connectivity.
It is important to note that external secure elements were initially included in the Architecture Reference Framework, but the final regulation will only permit the use of external secure elements for a transitional period.[1]
Learn more
GlobalPlatform is hosting a two-day training session in Brussels on October 8th and 9th to support wallet issuers, wallet developers and those otherwise involved in the design, development or deployment of eID wallet schemes.
The first day will enable attendees to develop a foundational understanding of SE, while the second day will explore identity-related technologies for SE, including Secure Application for Mobile (SAM) and Cryptographic Service Provider (CSP).
Following the training, GlobalPlatform is also gathering experts from around the ecosystem for its second eID Wallet Seminar in Brussels on October 10th. The seminar will deep-dive into the technologies available to help member states deploy EUDI Wallets swiftly and securely.
We look forward to welcoming you in Brussels and closely supporting your successful EUDI journey!
[1] Page 6, article 29: https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=OJ:L_202401183