Secure Element
SecurityA tamper-resistant hardware component that provides secure storage and execution environment for sensitive data and cryptographic operations.
Secure Element
A Secure ElementSecure ElementSecurityTamper-resistant hardware for secure operations.Click to view → (SE) is a tamper-resistant hardware platform capable of securely hosting applications and storing confidential data such as cryptographic keys, certificates, and biometric templates. It provides an isolated execution environment that protects sensitive operations even when the host device is compromised. Secure Elements are the core trust anchor in smart cards, eSIMs, payment tokens, and hardware security keys.
Architecture
A typical Secure Element integrates several protective layers on a single silicon die:
| Component | Function |
|---|---|
| CPU (8/16/32-bit) | Executes OS and application code |
| Crypto coprocessor | Hardware-accelerated RSA, ECC, AES |
| EEPROM / Flash | Non-volatile storage for keys and data |
| ROM | Immutable operating system code |
| Tamper sensors | Voltage, frequency, temperature, and light monitors |
| Active shield | Metal mesh detecting physical probing attempts |
| Memory encryption | Runtime encryption of bus and memory contents |
These countermeasures defend against both side-channel attacks (power analysis, electromagnetic emanation) and physical attacks (fault injection, micro-probing). A certified SE typically holds a Common Criteria EAL 5+ or 6+ rating.
SE vs TEE vs HSM
| Attribute | Secure Element | TEE | HSM |
|---|---|---|---|
| Form factor | Chip (card, embedded, SoC) | Software partition in main CPU | Rack-mount or PCIe device |
| Tamper resistance | Hardware (active shield, sensors) | Software isolation (ARM TrustZone) | Hardware (FIPS 140FIPS 140ComplianceUS government cryptographic module security standard.Click to view →-3 Level 3+) |
| Key storage capacity | 10s of keys | 100s of keys | 1000s of keys |
| Throughput | Low-moderate (card-grade CPU) | High (shares main CPU) | Very high (dedicated accelerators) |
| Certification | CC EAL5+/6+ | CC EAL2-4 | FIPS 140-3, CC EAL4+ |
| Use case | Per-device identity | Mobile DRM, biometrics | Data center key management |
SE Form Factors
Secure Elements ship in multiple physical packages. The traditional smart card SE is the contact pad module in ID-1 cards. The eSIM (eUICCeUICCProvisioningReprogrammable SIMSIMApplicationSmart card for mobile network authentication.Click to view → chip supporting remote profile switching.Click to view →) is an SE in MFF2 or wafer-level packaging soldered onto IoT devices. The iSIM integrates SE functionality directly into the device SoC, reducing size and cost for massive IoT deployments. USB security keys (FIDO2FIDO2StandardPasswordless authentication standard.Click to view →) also contain an SE die.
Related Content
Smart Card Fundamentals
Getting Started…I/O Contact pad / RF antenna Communicate with reader The secure element (SE) is the hardware boundary that enforces isolation:…
Contact vs Contactless vs Dual-Interface
Getting Started…approach with application family identifiers. The secure element inside a contactless card still processes APDU commands —…
Smart Card Form Factors Explained
Getting Started…Personalisation Embossing, laser engraving, UV print The secure element chip is mounted in a module — a pre-packaged die on a lead…
ISO 14443 Deep Dive
Standards & Protocols…card emulation (HCE — Host Card Emulation) or embedded secure element transactions possible with the same card-side APDU logic.…
EMV Payment Card Architecture
Standards & Protocols…by moving cryptographic verification onto the card's secure element . Use the APDU Builder to construct and inspect EMV…
GlobalPlatform Card Management
Standards & Protocols…Authority grants an exception via a signed token. Secure Element and TEE Interaction On devices with a TEE (Trusted…
FIDO2 and Smart Cards
Standards & Protocols…/ NFC / BLE) v Smart Card Authenticator | ISO 7816 APDU v Secure Element (FIDO2 applet) — Key pair generation (P-256 / Ed25519) —…
Secure Channel Protocols (SCP02/SCP03)
Standards & Protocols常见问题
The smart card glossary is a comprehensive reference of technical terms, acronyms, and concepts used in smart card technology. It covers protocols (APDU, T=0, T=1), security (Common Criteria, EAL, HSM), hardware (SE, EEPROM, contact pad), and applications (EMV, ePassport, eSIM). It serves developers, product managers, and engineers.
Yes. SmartCardFYI provides glossary definitions in 15 languages including English, Korean, Japanese, Chinese, Spanish, Portuguese, Hindi, Arabic, French, Russian, German, Turkish, Vietnamese, Indonesian, and Thai.