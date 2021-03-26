



Enlarged / Android Ready SE logo.

Google

Now that it’s time to leave the door, make sure you have your phone, keys, and wallet.

There are many items that are convenient to carry around, so what if you just need to bring your mobile phone? After all, keys and wallets are just legacy authentication devices. We were able to replace them completely with phones! This is the future Google is working on to move Android forward with driver’s license and digital khaki support.

Google’s latest announcement details work to standardize the Android Ready SE Alliance, an Android ecosystem centered around hardware and software. This will make all of this work. The “SE” here is a “secure element” that is a hardware component isolated from the rest of the system and is designed to perform only secure computing tasks such as NFC payments. The idea is that phone makers will be able to purchase “Android Ready SE”. From secure element vendors such as NXP, Thales, STMicroelectronics, Giesecke + Devrient, and Kigen, Google said these SE vendors “worked with Google to create a set of open source, validated, ready-to-use SE Apples. I’m doing it. ” “This supports these new use cases.

With this new SE standardization effort, Google wants to support “digital keys” in cars, homes and offices. Mobile driver’s license; national ID, e-passport, and regular tap-and-go payments. Google states that this initiative isn’t just for mobile phones and tablets. Wear OS, Android Automotive and Android TV are also supported. Putting a car key in your watch or a driver’s license in your car’s computer sounds like a great idea, but is it an Android TV? Why do I need a driver’s license on my TV?

Google has shown the full requirements for Android Ready SE.

Select the appropriate verified hardware part from the SE vendor. Initialize the SE from the boot loader and provision the root-of-trust (RoT) parameter via the SPI interface or cryptographic binding. Work with Google to provision SE authentication keys / certificates.Use GA version of StrongBox for factory SE applet and integrate SE compliant HAL code Enable SE upgrade mechanism Run StrongBox CTS / VTS test to ensure correct integration To do

What’s not clear from Google’s announcement is the difference between support for StrongBox, the usual Android standard for tamper-proof hardware security modules, and Android Ready SE certification. The StrongBox module includes its own CPU, secure storage, and a true random number generator that communicates with the rest of the system via the Keymaster HAL. StrongBox has been supported on Qualcomm chips through Qualcomm’s “Secure Processing Unit” (SPU) since Snapdragon 845 in 2018. Currently, it seems that the low end of Qualcomm’s lineup like Snapdragon 460 also includes a Secure Processing Unit.

Isn’t Advertising Qualcomm SPU Enough?

Qualcomm is significantly lacking in Google’s blog post and list of supported chipsets, so the point of this initiative is that the on-die safe element isn’t enough? Google’s Pixel team is certainly moving in that direction with the development of the Titan M security chip on the Pixel 3 and above, and Samsung is now building its own secure element for flagship phones. (Samsung isn’t even mentioned in Google’s blog post.) “Most modern phones include a separate tamper-proof hardware called Secure Element (SE),” he said. This SE offers the best way to introduce these new consumer uses Android case. ”This may make you believe that blog posts are driving a safe element off-die. But if you don’t count Qualcom’s SPUs, it’s not clear how Google can use the word “almost.” We are seeking clarification and will update this report when the company contacts us.

Google isn’t the only one trying to reduce the daily load. Apple is working on digital IDs and car keys for the iPhone, and Samsung is partnering with individual car makers to beat Google on Android. There are also many one-off car key apps from companies such as BMW and Tesla.

For now, Google says it prioritizes mobile driver’s licenses and car keys. The company says it is working with the ecosystem to offer SE applets for these two use cases “in combination with the corresponding Android feature releases.” The Android feature release for mobile driver’s license is the IdentityCredential API released on Android 11. The problem here is that in most cases the local government has to pass the law to approve digital IDs and create a digital ID app. As far as we know, even with Android 12, there is no Android feature release for digital khaki yet. When it’s announced, we hope to support the Car Connectivity Consortium’s digital key standard for Android and iOS in the same car. An important criterion.

We keep an eye out.

