A secure element is a tamper-resistant hardware component designed to securely store cryptographic keys and perform a limited set of security-critical operations, such as signing or key derivation, without exposing secrets outside the hardware boundary.
A trusted execution environment (TEE), by contrast, is an isolated environment designed to protect sensitive code and data while it is being processed. TEEs enforce hardware-backed isolation from the main operating system and can execute application logic securely, often using cryptographic keys that are stored in a secure element or other hardware-protected storage.
In many modern systems, secure elements and TEEs are used together: the secure element protects long-term secrets, while the TEE performs sensitive computations using those secrets in an isolated environment.
Purpose-built security hardware
Secure elements evolved from the smart card industry, where tamper-resistant chips have protected payment credentials and access cards for decades. The same technology now appears in smartphones, providing dedicated hardware for protecting the most sensitive secrets.
The secure element's single purpose is security. It's designed from the ground up to resist attacks, physical probing, power analysis, fault injection, and other sophisticated techniques that might compromise general-purpose processors. This specialization allows secure elements to achieve security certifications that general-purpose hardware cannot.
Physical tamper resistance
Secure elements include physical protections against hardware attacks. The chip design includes features that detect and respond to tampering attempts. Protective meshes cover sensitive circuits. Sensors detect abnormal conditions, such as voltage fluctuations or temperature extremes, that may indicate an attack. If tampering is detected, the secure element can automatically erase its stored secrets.
These physical protections are crucial because determined attackers with physical access to a device may attempt to extract keys directly from the hardware. General-purpose processors aren't designed to resist such attacks. Secure elements are.
Key storage and operations
The primary function of a secure element is to protect cryptographic keys and perform a limited set of security-critical operations—such as signing or decryption—without ever exposing the keys themselves. When an application needs to sign data, it sends the data to the secure element, which performs the cryptographic operation internally and returns only the result. The private key never leaves the hardware boundary.
While secure elements can perform these specific cryptographic operations, they are not designed to run general-purpose application logic. In many systems, a trusted execution environment is used alongside a secure element: the TEE executes sensitive logic and controls how keys may be used, while the secure element provides strong, tamper-resistant key protection.
Secure elements in smartphones
Modern smartphones include secure elements in various forms. Apple’s Secure Enclave is a dedicated secure coprocessor/subsystem integrated into Apple’s System on a Chip (SoC) that protects keys and performs sensitive operations. Android devices may include separate secure element chips, and many support StrongBox, Google's specification for hardware-backed key storage using dedicated security hardware.
These secure elements protect payment credentials for contactless payments, SIM credentials for mobile network authentication, and, increasingly, identity credentials such as mobile driver's licenses.
Secure elements in digital identity
For mobile driver's licenses, the secure element provides the highest level of key protection available on consumer devices. When a DMV issues an mDL, a device key is generated inside the secure element. The credential is bound to this key, ensuring it can only be used on the specific device where it was issued.
Because the key exists only within tamper-resistant hardware, copying the credential to another device is practically impossible. An attacker would need to physically attack the secure element, defeating its tamper protections, to extract the key. This is an extraordinarily difficult and expensive process, requiring specialized equipment and expertise.
Secure elements also perform the cryptographic operations during credential presentation. When you tap your phone to present an mDL, the secure element signs the presentation data using the device key. The verifier can confirm this signature, knowing it came from the genuine secure element bound to the credential.
Certification and standards
Secure elements can be certified against rigorous security standards. Common Criteria evaluations assess secure element security at various assurance levels, with higher levels requiring increasingly stringent testing and analysis.
These types of certifications provide objective assurance that secure elements deliver the protections they claim to provide. For digital identity systems requiring high assurance, certified secure elements provide a foundation of trust backed by independent evaluation and verification.
The highest bar for key protection
Secure elements generally provide the highest level of hardware-backed key protection available on consumer devices, particularly for high-assurance use cases. While TEEs provide good isolation from the main operating system, secure elements go further with physically separate, purpose-built security hardware designed to resist even sophisticated physical attacks. For high-assurance credentials, such as mobile driver's licenses, secure element storage ensures that device binding is genuinely effective.
Want to keep learning?
Subscribe to our blog.
