Mobile commerce could move onto a fast, or at least faster, track if Inside Secure has solved the problem of limited access to the secure element in a mobile phone handset.
The French semiconductor technology provider announced its intention last week to soon launch VaultSecure IC, a secure element that allows multiple third parties to install and control their own applications on that chip.
The launch represents Inside Secure’s first venture into the secure element market. If such an option were to enter the mobile payments market space, more mobile commerce companies could have more opportunities to apply applications to handset secure elements.
However, even if Inside Secure is able to address the technology issues around supporting multiple parties sharing a secure element, business issues likely remain since the carriers may not be willing to open the door to allowing rivals to put a competing mobile wallet on their handsets.
Business issues aside, a company like Google Inc. could presumably use Inside Secure's product to change its approach of storing Google Wallet customers’ card data in the cloud.
“Inside Secure is trying to solve the problem Google Wallet is facing,” says David Kaminsky, analyst for emerging payments with Mercator Advisory Group.
“The advantage here would be removing the need for Google, or others, to store credentials in the cloud,” Kaminsky says.
Storing customer payment and identification credentials in the secure element is faster and, in many ways, more secure than in the cloud, Kaminsky says.
“It enables more rapid NFC-based conversation between the device and the terminal,” he adds.
The mobile network operators behind the Isis mobile wallet initiative won’t give Google access to the secure element in their handsets, Kaminsky notes as an example.
“They can do that because the mobile networks own the secure element,” Kaminsky adds. “What Inside Secure is proposing would hypothetically solve this problem [because of other owners on the secure element possibly being open to installing Google’s app, or even Google being a co-owner].”
The key for Inside Secure could be how the company makes the secure element available in the marketplace, Kaminsky says.
“I imagine consumers would be required to purchase this co-owned secure element separately, as I can’t see the mobile network operators providing it,” he adds.
Such a setup might be an issue for consumers because they generally don’t care enough about how a secure element works to purchase one, Kaminsky says.
Assuming the co-owned secure element could contribute to a system that works the way Inside Secure claims it does, “it would be a significant development,” Kaminsky says.
With Inside Secure's new product, smartphone manufacturers, mobile network operators and other trusted third parties would be able to co-own the VaultSecure IC secure element and install, personalize and administer their own open- or closed-loop payment, access control, transit, loyalty or other secure applets, Pierre Garnier, executive vice president of the company’s Near Field Communication and secure payments division, stated in a press release.
A feature called authorized management allows co-ownership of the secure element, allowing two or more security domains in the element, each having its own and independent content management capabilities, the Inside Secure communications department states in an e-mail.
“One security domain can be assigned to the handset maker, and another to the mobile network operator,” Inside Secure says.
Each security domain owner has the entire ownership and control of loading, installing and deleting applets through his own trusted service manager, without any dependency on the other owner, the company states.
Secure element key sets for such an arrangement are distributed through the key exchange protocol proposed by Inside Secure through the Global Platform standard, the company adds.
A secure element chip generally provides advanced encryption, memory and a microprocessor to provide a trusted and secure element for storing applications and payment data or identifying data for credit cards, transit passes, ticketing, or building access.
The chip also comes "with the largest and most comprehensive suite of pre-loaded and certified branded payment, access control and banking applets in the industry," Inside Secure states. These applets include Visa VMPA, MasterCard PayPass Mobile, First Data CertiFlash Mobile, OSPT Cipurse, HID Seos and SecureKey OneTap, the company says.
Inside Secure also provides a toolbox of pre-loaded NFC enablement applets for EMV white label, NFC-ID, coupons, gift and loyalty cards, closed-loop payment, transit fare collection and cryptography.
In addition, Inside Secure introduces Secure Memory Swap technology for what it claims is “virtually unlimited storage” for data and applet libraries at low cost to original equipment manufacturers.
Co-ownership of a secure element presents no extra security concerns, Inside Secure says. Independent Visa and MasterCard security labs audit and test the product as part of its security evaluation, the company adds.
In June, Inside Secure revealed its NFC technology patent-licensing program for manufacturers developing contactless payment, transit, ticketing and loyalty program services using NFC.
In addition, Inside Secure has been amongst those technology companies promoting use of a remote secure element in the cloud for data storage security.