Qualcomm Snapdragon 855 now certified for use as secure zone for offline payments, encryption and eSIM

News
By Andrew Martonik
published

What you need to know

  • Snapdragon 855 SoC is now EAL-4+ certified as a secure zone for encryption, payments, eSIM and more.
  • Companies can now eliminate dedicated security chips from phone, simplify design and reduce costs.
  • Certification retroactively applies to all Snapdragon 855 devices.

Qualcomm's current top-end SoC (system on chip), the Snapdragon 855, has received Common Criteria EAL-4+ certification, making it the first SoC to be recognized as offering smart card-level security. The certification allows manufacturers to use the Snapdragon 855 as the only secure storage area for applications such as payment IDs, encryption keys and eSIM management, removing the need for a a separate security chip.

Phone makers are always looking for ways to simplify the chip layout and internal designs.

Prior to this sort of certification, phone makers would need to include a separate security chip in the phone to act as a trusted and secure area for holding sensitive data such as payment IDs and encryption keys, as well as comply with Google's most stringent security requirements in Gatekeeper and StrongBox. The possibilities expand beyond those current use-cases as well. The Snapdragon 855 can now theoretically be used as a secure storage container for applications like transit passes, Trusted Platform Modules (TPM), crypto wallets and more.

Now with this certification, companies can theoretically just use the Snapdragon 855 SoC and not have to include any separate chip purely for security reasons. That's saves the company money on the overall build of materials, but also frees up just a little bit of space in the phone — and any amount of complexity that can be removed from the internal design of a phone is a win. And while this isn't a huge win for devices that already shipped with the 855 and a separate security chip (though the certification does apply retroactively), it's a huge deal for new 855 devices and future phones running on the next-generation Snapdragon 800-series chip that will presumably go through the same certification again.

Press release:

Qualcomm Snapdragon 855 Becomes First Mobile SoC to Receive Smart Card Equivalent Security Certification

—Secure Processing Unit can run High Assurance Applications Previously Only Performed by External Security Chips, Saving OEMs Bill of Materials Cost—

SAN DIEGO — June 25, 2019 — Qualcomm Technologies, Inc., a subsidiary of Qualcomm Incorporated (NASDAQ: QCOM), announced the Qualcomm® Secure Processing Unit, an on- die secure element recently launched as part of the Qualcomm® SnapdragonTM 855 Mobile Platform, has received Common Criteria EAL-4+ security certification, the gold standard for smart card hardware security assurance and testing. The internationally recognized certification makes the Snapdragon 855 the first mobile SoC (System on Chip) to attain smart card levels of security assurance. The integrated Qualcomm Secure Processing Unit enables Qualcomm Technologies' OEM customers to save on Bill of Materials (BOM) cost without sacrificing security and offers the performance and power improvements that come with integration into the leading process node.

Examples of current Qualcomm Secure Processing Unit use cases include Android Strongbox Keymaster and Gatekeeper. On demonstration at Qualcomm Technologies' exhibit at MWC Shanghai this week is another example of the certified Qualcomm Secure Processing Unit's capabilities: an integrated SIM (iSIM) demo by Qualcomm Technologies and Gemalto, a Thales company. In the future, capabilities like offline payment, trusted platform module (TPM) functions, transit, electronic ID, and crypto wallets will be possible, all without the need of a discrete security chip.

"Completing the EAL-4+ security certification is a major milestone in our journey to bring smart card levels of security to our Snapdragon customers and users. Use cases that previously required separate security chips will now be possible fully integrated in Snapdragon 855 powered devices," said Jesse Seed, senior director, product management, Qualcomm Technologies, Inc. "This certification is a testament to the industry firsts that Snapdragon 855 brings to market and Qualcomm Technologies' continued leadership in embedded security."

The certification of the Qualcomm Secure Processing Unit has been approved by BSI (Bundesamt für Sicherheit in der Informationstechnik), the German Federal Office for Information Security. BSI's certification program is known to be very rigorous and globally recognized.

"As the national certification authority, the BSI has shown with this certification that Common Criteria (ISO/IEC 15408) is the first choice to ensure high security for complex products like SoCs. The certification, which uses international and transparent standards, is an important contribution to strengthen the users' confidence in the security of IT products. Information security is a prerequisite for a successful digitization," said Arne Schönbohm, president, German Federal Office for Information Security.

"Improving security is a top priority for all of our platform releases," said Dave Kleidermacher, head of Android security and privacy, Google. "Qualcomm Secure Processing Unit makes it possible for our OEMs to meet the stringent Android StrongBox requirements, and we are looking forward to seeing how partners implement it to take advantage of key StrongBox features, such as improvements to credential and payment security."

"We are committed to advanced built-in security with the Qualcomm Secure Processing Unit for accelerating the adoption of embedded SIM (eSIM)-based cellular connectivity among a wide variety of consumer connected devices," said Jean-Francois Rubon, director of strategy, mobile communications solutions, Thales.

"This innovation, based on the GSMA global eSIM specification, will be a great enabler for all sorts of exciting products across all markets," said Jean-Christophe Tisseuil, head of SIM, GSMA. "Industry recognized assurance of the security within this work is critical and we congratulate Qualcomm Technologies on achieving this significant level of certification in an innovative product."

Already in production, Snapdragon 855 with the Qualcomm Secure Processing Unit offers improved power and performance characteristics, in addition to industry-leading security features. It has launched in flagship devices globally and is the industry's first commercial mobile platform supporting multi-gigabit 5G, on-device AI and immersive extended reality (XR) collectively, ushering in a new decade of revolutionary mobile devices.

About Qualcomm

Qualcomm invents breakthrough technologies that transform how the world computes, connects and communicates. When we connected the phone to the Internet, the mobile revolution was born. Today, our inventions are the foundation for life-changing products, experiences, and industries. As we lead the world to 5G, we envision this next big change in cellular technology spurring a new era of intelligent, connected devices and enabling new opportunities in connected cars, remote delivery of health care services, and the IoT — including smart cities, smart homes, and wearables. Qualcomm Incorporated includes our licensing business, QTL, and the vast majority of our patent portfolio. Qualcomm Technologies, Inc., a subsidiary of Qualcomm Incorporated, operates, along with its subsidiaries, substantially all of our engineering, research and development functions, and substantially all of our products and services businesses, including, the QCT semiconductor business. For more information, visit Qualcomm's website, OnQ blog, Twitter and Facebook pages.

Andrew Martonik
Andrew Martonik

Andrew was an Executive Editor, U.S. at Android Central between 2012 and 2020.