Google forms alliance to accelerate adoption of new Android use cases like digital keys

Google on Thursday announced the formation of the Android Ready SE Alliance to drive the adoption of new consumer use cases in Android.

According to Google, most modern phones now include discrete tamper-resistant hardware called a Secure Element (SE) which is an important requirement for emerging user features such as:

• Digital keys for home, office, car or other automobiles
• identity credentials like Mobile Driver's License (mDL), National IDs, ePassports
• eMoney solutions like a digital wallet

Previously, Google Pixel 3 had a new tamper-resistant hardware enclave called Titan M that enabled tamper-resistant key storage for Android Apps using StrongBox.

"StrongBox is an implementation of the Keymaster HAL that resides in a hardware security module. It is an important security enhancement for Android devices and paved the way for us to consider features that were previously not possible," Google said.

Now, Google is launching the General Availability (GA) version of StrongBox for SE, an open-source, validated, and ready-to-use applet by the company's OEM partners. The applet is currently available from Giesecke+Devrient, Kigen, NXP, STMicroelectronics, and Thales.

StrongBox is not only applicable to phones and tablets but also to WearOS, Android Auto Embedded, and Android TV.

Google said that several Android OEMs are already adopting Android Ready SE for their devices, adding that it is working with its ecosystem to prioritize and deliver Mobile driver's license and Identity Credentials and Digital car keys applets in conjunction with corresponding Android feature releases.

For OEMs to use the Android Ready SE, they will need to meet the following requirements:

• Pick the appropriate, validated hardware part from their SE vendor
• Enable SE to be initialized from the bootloader and provision the root-of-trust (RoT) parameters through the SPI interface or cryptographic binding
• Work with Google to provision Attestation Keys/Certificates in the SE factory
• Use the GA version of the StrongBox for the SE applet, adapted to your SE
• Integrate HAL code
• Enable an SE upgrade mechanism
• Run CTS/VTS tests for StrongBox to verify that the integration is done correctly