Smartphones have probably been the biggest invention in human history, as it’s the most-used gadget in our daily lives. They’ve replaced everything from digital cameras to dedicated music players, and now in the process of replacing the wallet. Now, technology giant Google has announced the formation of a new initiative called Android Ready SE Alliance that aims to accelerate the adoption of digital keys, driver’s licenses, and IDs.
Google writes in its blog post that the Android Ready SE Alliance is formed to accelerate the adoption of these new Android use cases and to “create a set of open-source, validated, and ready-to-use SE Applets.” Here SE stands for Secure Element and the company is prioritizing making Applets to enable the use of identity credentials (such as mobile driver’s license, national ID, passports) and digital car keys. The tech giant is now working on standardizing how these credentials are stored and accessed on secure and tamper-resistant hardware.
Digital Car Keys and IDs on Android
With the release of Android 11, Google introduced the Identity Credential API that allows the phone to securely store mobile driver’s license and other credentials. Apart from the Android APIs and support libraries, Google wants to standardize how the credentials are stored on tamper-resistant and secure hardware, which Google confirms is present in most modern smartphones. The tech giant previously developed Titan M, the company’s tamper-resistant hardware enclave for software and firmware. Google says, “It also enabled tamper-resistant key storage for Android apps using StrongBox,” and was present in the Google Pixel 3.
Now, the company is launching the General Availability (GA) version of StrongBox for SE Applet, which is qualified and ready for use by Google’s OEM partners. The Applet is currently available from vendors including Kigen, NXO, Giesecke+Devrient, STMicroelectronics, and Thales. It’s worth noting that features are not just limited to phones and tablets, but StrongBox is also applicable to WearOS, Android Auto Embedded, and Android TV.
OEMs who want to use the Android Ready SE in their devices require:
1. Pick the appropriate, validated hardware part from their SE vendor
2. Enable SE to be initialized from the bootloader and provision the root-of-trust (RoT) parameters through the SPI interface or cryptographic binding
3. Work with Google to provision Attestation Keys/Certificates in the SE factory
4. Use the GA version of the StrongBox for the SE applet, adapted to your SE
5. Integrate HAL code
6. Enable an SE upgrade mechanism
7. Run CTS/VTS tests for StrongBox to verify that the integration is done correctly
According to Google, several OEMs are already adopting the Android Ready SE, however, the software giant didn’t reveal the names. But for more information related to the new alliance, you can visit the dedicated Android Security and Privacy page of Google Developers here.