Samsung eSE SDK
Overview
Description of Secure Element
A Secure Element is a tamper-resistant platform (typically a one chip secure microcontroller) capable of securely hosting applications and their confidential and cryptographic data (such as cryptographic keys and sensitive data) in accordance with the rules and security requirements set by well-identified trusted authorities.
There are various form factors of Secure Element :
-
Subscriber Identity Module (SIM)/ Universal Integrated Circuit Card (UICC)
-
embedded Secure Element
-
microSD
Secure Elements offers a separate hardware-backed security so that sensitive information or transaction can be performed independently from other processors (AP, CP, CPU, and etc.) Due to this, Secure Elements have been supporting immense needs of various industries that require additional protections, such as payment cards, e-ID cards, health insurance cards, driver licenses, digital car keys, and door lock keys.
Embedded Secure Element (eSE) chips on Samsung devices have been certified by authorities such as GlobalPlatform, EMVCo and Common Criteria. All of them have at least an EAL5+ (Evaluation Assurance Level), which can provide equal or higher security level as an electronic passport can. Samsung is ready to open eSE for service providers who wants to utilize our products. Our eSE also supports industry standards such as Javacard and GlobalPlatform Card specifications.
Use cases
The following are some use cases for eSE on Samsung devices
-
Transits
-
Payments
-
Digital Key access (Door key, car key, and etc.)
-
Identification / Authentication
-
Secure storage / Certificate Manager
Samsung devices with eSE allow customers to use secure services. In general, certain levels of security are required for services that deal with sensitive information. With a highly secured Samsung device, the service provider can provide their services securely to its customers.
Samsung eSE SDK
Samsung eSE SDK provides the way for the service provider to deploy a service using eSE on Samsung devices. It enables the service provider to manage their own service on each customer’s device. It requires communication between, not only on the client application and eSE, but also the server and device. Hence, there are a few requirements for the service provider to proceed with service development.
You can use Samsung eSE SDK to:
-
Deploy a service on a customer’s device.
-
Communicate with eSE using a client application.
-
Manage service provider’s own storage within eSE.
Requirements for the service provider :
-
Applet development (Resides within eSE)
-
TSM (Trusted Service Manager) server : service provider can choose one of the options below.
-
Service provider TSM server
-
Samsung TSM
-
TSM-less
-
How to request partnership
To use the Samsung eSE SDK, you must become a Samsung partner. To request partnership:
- Open the Partnership request form. If prompted, log in to your Samsung Account. If you do not already have a Samsung Account, create one.
- Enter your company and developer information. Your name, email address, and country are filled in for you.
- Enter information about the application for which you are applying to use the Samsung eSE SDK. Provide the name and description for the application, and attach documents that detail the application features and use cases.
- When you are ready to submit the request, click “Submit.” Your partnership request will be reviewed. When it is approved, you will receive confirmation letter.
- NDA(Non-disclosure Agreement) shall be established between Samsung and Service Provider after confirmation letter.
- Samsung eSE SDK can be accessed under NDA.
FAQ
A. The device list will be provided after an NDA (Non-Disclosure Agreement) has been completed between the service provider and Samsung.
A. Yes, Samsung will only provide certain storage within eSE. The service provider shall prepare an applet itself to be loaded / installed within eSE.
A. Samsung intends to provide service opportunities for 3rd parties who can manage secure service stable for a valuable customer. However Individual developer can't apply partnership for Samsung eSE SDK.