Do you know what SIM, ESE and SD have in common?

All these items can be used as a secure element for NFC or other applications requiring security such as payments, ID, security & access control and ticketing. In fact, following our post around NFC and security, several questions rose around Secure Elements. It seems that acronyms and concepts remain fuzzy and that it is not obvious to appreciate pro’s and con’s for each of them.

Let’s have a closer look:

Secure Element (SE) to protect high value applications

If there is no secure element, the door is open to fraud. The role of the secure element is to store sensitive information of an NFC application and credentials, while offering a secure execution environment. On top of that, the GlobalPlatform has released Secure Element Access Control specifications to ensure that only authorised applications access the SE.

Pro’s and con’s of the different form factors

The Micro SD allows SP (service providers) to be completely independent from both mobile network operators and handset manufacturers. However, SPs are usually limited to one NFC application per SD card. Additionally, SD cards are the most expensive option for secure element hosting. As most mobile devices usually have only 1 SD slot - if they have one - mobile phone users will want to keep it  for the storage of photos, music or any other additional data.

The ESE (Embedded Secure Element) – makes the SP dependent on the device manufacturer, but remains independent from the MNO.  When the SE is embedded, all aspects of NFC service enabling are in the device and can therefore not be removed. An ESE will therefore have the same lifespan as the phone it is built in and in case of a security breach, there is no way for either the operator or the device manufacturer to replace the secure element. Furthermore, when users change device, all the NFC applications need to be recreated for the new device.

The Universal Integrated Circuit Card (UICC), also commonly known as the SIM card as secure element, is the optimal choice from both a security and a usability point of view.  There is a SIM card in any GSM mobile phone and it is removable and easily exchangeable if new security requirements appear. It leaves the SD slot free for photo, music and other applications.  Although SPs are reliant on MNOs and handset manufacturers, they can benefit from the fact that the supply chain is fully mastered.

Who chooses what?

The ability to generate revenue from NFC and other secure applications implies having the control and ownership of the SE. Therefore it becomes understandable that mobile operators usually opt for the SIM card as the secure element while other players such as Google, banks and other service providers are going for ESE or Micro SD. In the future we may see Smartphones with 2 security chips, so that NFC services can be offered both by the operator and third parties.