Whenever the hardware industry comes up with innovation, after a while, some brilliant minds want to change thing and turn hardware into software. This has worked in many occurrences, and one may even consider the emergence of the online economy as an occurrence of the hardware towards software evolution.
In our industry, hardware has been resisting since the very beginning of secure transactions as the only means to provide the necessary security level.
In a recent blog post, Jürgen Spaenkuch, VP and GM Platform Security of the Chip Card & Security Division at Infineon Technologies, elaborates on the necessity of hardware in the NFC environment. Also, hardware is necessary every time a system (like a mobile communication network, a payment system, an ePassport or an enterprise security solution) needs strong security. As smart card chips typically bear their own security, they are the only method that ensures the security token cannot be copied or duplicated. To be general, this is the definition of a Secure Element, than can be embodied in a SIM card, a banking card, a passport, or in many other shapes and flavors.
Smart Card Alliance describes a Secure Element as “a secure microprocessor (a smart card chip) that includes a cryptographic processor to facilitate transaction authentication and security, and provide secure memory for storing payment applications”, and adds “SEs can also support other types of secure transactions, such as transit payment and ticketing, building access, or secure identification”. In an NFC context, the SE is typically in the SIM, in a microSD card, or embedded in the baseband processor.
The Secure Element definition can be seen as a definition of our industry as a whole.