Comments on: Google’s vision of Secure Elements http://javacard.vetilles.com/2011/12/30/googles-vision-of-secure-elements/ A weblog on Java Card, security, and other things personal Thu, 18 May 2017 07:26:32 +0000 hourly 1 https://wordpress.org/?v=4.0.32 By: Eric Vétillard http://javacard.vetilles.com/2011/12/30/googles-vision-of-secure-elements/#comment-4454 Tue, 14 Feb 2012 11:04:08 +0000 http://javacard.vetilles.com/?p=776#comment-4454 From the business point of view, I am sure that Google will have to deal with MNOs in a way or another. However, from the technical point of view, I doubt that the use of the UICC will make things easier.

Just one simple remark: An embedded SE can be controlled, directly or indirectly, by Google or another wallet provider. By itself, this simplifies the security situation, because there are less actors to deal with.

There is one point for which the UICC is better, though: Total failure. It is possible (and expensive) to replace a UICC altogether if a flaw is found in the depth of the UICC. For an embedded SE, the only solution is to disable it or to replace the device, which is even more expensive.

About the PIN attack, I will comment on a separate thread, because some remarks in some articles are very surprising.

]]> By: Manuel http://javacard.vetilles.com/2011/12/30/googles-vision-of-secure-elements/#comment-4453 Tue, 14 Feb 2012 09:37:11 +0000 http://javacard.vetilles.com/?p=776#comment-4453 Hi, Thanks for your answer! My understanding is that European countries and France particularly are strongly pushing for the use as UICC as the secure element.
I have the feeling that the UICC would prevent some vulnerability like the PIN exposure that has been discovered lately.
Google will have difficulties to develop their standard in europe if they are not following the global stream !

]]> By: Eric Vétillard http://javacard.vetilles.com/2011/12/30/googles-vision-of-secure-elements/#comment-4452 Tue, 14 Feb 2012 09:17:58 +0000 http://javacard.vetilles.com/?p=776#comment-4452 Google is using an embedded secure element, i.e., a smart card chip soldered in the device itself.

There is no UICC in the plan, because this would mean that Google would have to negotiate individually with each MNO to deploy its wallet. Of course, in application to the “no free lunch” rule, there is a problem associated to that: In countries where MNOs have a lot of power (in particular where they subsidize the phone), Google will not be able to deploy their wallet. For instance, this seems to be the situation in France (although this initial situation may of course evolve, for instance if/when one of the MNOs accepts to launch the wallet…).

]]> By: Manuel http://javacard.vetilles.com/2011/12/30/googles-vision-of-secure-elements/#comment-4451 Tue, 14 Feb 2012 09:02:48 +0000 http://javacard.vetilles.com/?p=776#comment-4451 Hi, Do you know if this secure element is the UICC, or another card ?

]]> By: lexdabear http://javacard.vetilles.com/2011/12/30/googles-vision-of-secure-elements/#comment-4422 Mon, 02 Jan 2012 12:27:04 +0000 http://javacard.vetilles.com/?p=776#comment-4422 Maybe one of your first visits should be to Google? Of course if you don’t have same dilemma as with Gemalto regarding IP :).

]]>