GlobalPlatform made simple guide: Secure Element
What is a Secure Element and what are the form factors?
A Secure Element (SE) is a tamper-resistant platform (typically a one chip secure
microcontroller) capable of securely hosting applications and their confidential and
cryptographic data (e.g. key management) in accordance with the rules and security
requirements set forth by a set of well-identified trusted authorities.
There are three different form factors of SE: Universal Integrated Circuit Card (UICC),
embedded SE and microSD. Both the UICC and microSD are removable. Each form factor
links to a different business implementation and satisfies a different market need.
Does GlobalPlatform see one form factor dominating the market?
It is not within the remit of GlobalPlatform to make a choice between the different form
factors. GlobalPlatform is form factor agnostic and, as such, is working to standardize all
three SE technologies. Selection of an SE is a business choice that will be made by the
service provider or end user. GlobalPlatform's concern lies with standardization and
interoperability of application management within an SE, whatever the form factor.
Work to standardize all three form factors is to the benefit of the market. Service
providers and application developers can have confidence in the standards of SEs when
developing their products. Broader development and deployment reduces costs and time
to market. With standardization and interoperability across the marketplace, developers
will only need to make one application, where they once needed to create three.
Who created SEs and why are they necessary?
SEs are an evolution of existing secure technology. The chip that resides in credit and
debit cards has been adapted to suit the needs of the mobile world. With multiple
applications now being stored and their processes executed in the same device, it is
essential to be able to house trusted applications and their associated credentials in a
The presence of an SE is essential to the deployment of value added services (VAS).
Authentication, identification, signatures and PIN management are all central to the
deployment of VAS and all require a protected environment to operate securely. Taking a
payment application as an example, it is important that the user's credentials do not
become visible. The tamper resistant security of the SE is ideal for this task. The SE
controls interactions between trusted sources (a bank), the trusted application (a mobile
payment application) stored on the SE and third parties (a company the user is making a
payment to). The secure domain protects the user's credentials and processes the
payment transaction in a trusted environment, ensuring the safety of the user's data.
Why is GlobalPlatform involved?
As a technical organization, GlobalPlatform is concerned with the management of
multiple applications on secure chip technology, across different markets.
Since its inception, GlobalPlatform has sought to create a standardized infrastructure to
reduce the cost, and simplify the deployment, of VAS.
The success of GlobalPlatform's deployment across different markets gives assurance
to issuers that a compliant GlobalPlatform SE will be able to host a multitude of services.
GlobalPlatform's experience in standardization will ensure interoperability across the
ecosystem allowing the execution of numerous applications from multiple markets and
different actors, all on a single device.
At what stage is GlobalPlatform in the standardization of SEs?
GlobalPlatform conservatively estimates that a total of 17.7 billion SEs based on
GlobalPlatform Specifications were deployed globally between 2010 and 2015. This figure
represents 41% of all SE shipments, as reported by Eurosmart, in the same period.
GlobalPlatform is currently completing a cycle to support the three form factors of SEs
in the contactless environment. GlobalPlatform has been working on this technology
since 1999 and the technology is therefore extremely stable. GlobalPlatform technology
is implemented across a wide range of markets worldwide, such as government and
enterprise (for secure ID and access), transit, healthcare, digital rights management and
content protection, connected cars, IoT and consumer wearables. Soon, as most people
now have a secure chip in their wallet in the form of their debit card, they will also have
one in their mobile devices.
Compliance Program is currently focused on the UICC (in the standardization arena)
and financial cards but is being advanced to support embedded SEs and microSDs.
GlobalPlatform is seeking to create a standardized, mature environment for SE
functionality centered around security, interoperability and functionality.
Visit the GlobalPlatform
Specifications webpages to download the SE Configurations.