Samsung says it will offer its secure element for storing passwords on the Galaxy S20 series smartphones to other smartphone vendors.
The secure element consists of Samsung’s S3K250AF chip, a microcontroller, hardware-level protection and a locked-down operating system. The technology is designed to store users’ secrets, including PINs, passwords, and cryptocurrency details in a way that’s isolated from the mobile device’s embedded Flash memory.
The security chip is based on the secure element found in Samsung’s newest Galaxy S20, S20 Plus and S20 Ultra 5G smartphones.
According to Samsung, the S3K250AF is Common Criteria Evaluation Assurance Level (CC EAL) 5+ certified. It bills the secure element as a “dedicated tamper-resistant strongbox”.
Samsung argues that the security chip is an additional defense against tampering to help fend off reverse engineering, power glitches and laser attacks. It should make it “extremely” hard for attackers to access or copy stored confidential data from a mobile device, according to Samsung.
Samsung says the secure element also prevents replay attacks by accepting only the latest authentication request as a valid one.
The secure element in Samsung’s flagship Galaxy phones is a key piece of SamsungPay, which uses a similar approach to Apple’s use of a ‘secure enclave’ in the iPhone to protect credentials, payment tokens, and biometric data for payments using Apple Pay. Apple’s secure enclave is found in the iPhone, iPad, Macs, Apple TV, Apple Watch, and HomePod.
In Samsung’s case, the secure element is where credit-card payment tokens are generated and stored.
Samsung says its secure element system on chip is being mass-produced now