Samsung eSE SDK

Overview

Description of Secure Element

A Secure Element is a tamper-resistant platform (typically a one chip secure microcontroller) capable of securely hosting applications and their confidential and cryptographic data (such as cryptographic keys and sensitive data) in accordance with the rules and security requirements set by well-identified trusted authorities.

There are various form factors of Secure Element :

  • Subscriber Identity Module (SIM)/ Universal Integrated Circuit Card (UICC)

  • embedded Secure Element

  • microSD

Secure Elements offers a separate hardware-backed security so that sensitive information or transaction can be performed independently from other processors (AP, CP, CPU, and etc.) Due to this, Secure Elements have been supporting immense needs of various industries that require additional protections, such as payment cards, e-ID cards, health insurance cards, driver licenses, digital car keys, and door lock keys.

Embedded Secure Element (eSE) chips on Samsung devices have been certified by authorities such as GlobalPlatform, EMVCo and Common Criteria. All of them have at least an EAL5+ (Evaluation Assurance Level), which can provide equal or higher security level as an electronic passport can. Samsung is ready to open eSE for service providers who wants to utilize our products. Our eSE also supports industry standards such as Javacard and GlobalPlatform Card specifications.

Use cases

The following are some use cases for eSE on Samsung devices

  • Transits

  • Payments

  • Digital Key access (Door key, car key, and etc.)

  • Identification / Authentication

  • Secure storage / Certificate Manager

Samsung devices with eSE allow customers to use secure services. In general, certain levels of security are required for services that deal with sensitive information. With a highly secured Samsung device, the service provider can provide their services securely to its customers.

Samsung eSE SDK

Samsung eSE SDK provides the way for the service provider to deploy a service using eSE on Samsung devices. It enables the service provider to manage their own service on each customer’s device. It requires communication between, not only on the client application and eSE, but also the server and device. Hence, there are a few requirements for the service provider to proceed with service development.

You can use Samsung eSE SDK to:

  • Deploy a service on a customer’s device.

  • Communicate with eSE using a client application.

  • Manage service provider’s own storage within eSE.

Requirements for the service provider :

  • Applet development (Resides within eSE)

  • TSM (Trusted Service Manager) server : service provider can choose one of the options below.

    • Service provider TSM server

    • Samsung TSM

    • TSM-less

FAQ

A. The device list will be provided after an NDA (Non-Disclosure Agreement) has been completed between the service provider and Samsung.

A. Yes, Samsung will only provide certain storage within eSE. The service provider shall prepare an applet itself to be loaded / installed within eSE.