Abstract: |
More and more networked applications require security, with keys managed at the end-point. However, traditional Secure Elements have not been designed to be connected. There is thus a need to bridge the gap, and novel kinds of Secure Elements have been introduced in this respect. Connectivity has made it possible for a single chip to implement multiple usages. For instance, in a smart- phone, security is about preventing the device from being rooted, but also about enabling user’s online privacy. Therefore, Secure Elements shall be compatible with multiple requirements for various vertical markets (e.g., payment, contents protection, automotive, etc.). The solution to this versatility is the integration of the Secure Element within the device main chip. Such approach, termed iSE (integrated Secure Element), consists in the implementation of a subsystem, endowed to manage the chip security, within a host System-on-Chip. The iSE offers flexibility in the security deployment. However, natural questions that arise are: how to program security applications using an iSE? How to certify those applications, most likely according to several different schemes? This position paper addresses those questions, and comes up with some key concepts of on-chip security, in terms of iSE secure usage. In particular, we will show in this paper that iSE nowadays shall be designed so that the product it embeds is certifiable in a multiplicity of schemes, and so even before the product is launched on the market. |