Embedded Secure Element - eSE

Compliant with the GlobalPlatform Card Secure Element Configuration standard, Version 1.0

Certified by major payment schemes (EMVCo, Visacard, Mastercard, AMEX, China UnionPay)

Integrating all latest features gained in embedded OS, NFC ecosystem and multi-services markets thanks to Gemalto's number one position

Available in various form factors : die or surface mounted device (SMD)

Unrivalled application offer

Rich application catalogue gathering certified payment, transport, biometrics, enterprise, ID, government apps, both proprietary and with established partners

Unique expertise for local application development and support

A unique Trusted Service Hub (TSH) offer to quickly and easily deploy services worldwide

Strong local technical teams (Field Application Engineers and Technical Consultants) dedicated to support consumer electronics manufacturers

Recognized expertise in end-to-end fully deployed NFC projects

Established relationships with key players in the industry

Silicon vendors, combo makers, Contactless Front End (CLF) makers, device manufacturers, certification bodies, payment schemes​

Before shipment, the eSE is loaded with a secure, tamper-resistant Operating System (OS) and a set of secure applications selected by the device manufacturer according to his target market(s).

In addition, each unit of eSE is loaded with uniquely diversified keys, identifiers and data files, some of them being specific to the secure applications.

The creation of this data and its loading into the chip are executed in sites and environments that have been certified to comply with stringent security requirements from e.g. the banking community.
At the end of the loading process, and before it exits the factory, each eSE is logically locked so that only the eSE owner is allowed to amend it.

When an end-user purchases a device that embeds a secure element, he or she has to activate the eSE and then can download and personalize any application in a secure way.

Various players are involved to make this scheme successful. The eSE owner is responsible for activating and administrating the eSE via the Secure Element Issuer Trusted Service Manager (SEI TSM). He can create a security domain for each service provider (SP) who can administrate his application in the eSE once provisioned either through his own Service Provider Trusted Service Manager (SP TSM) or through the aggregator's one. The aggregator role is optional and can be provided by Gemalto.

Gemalto provides the Trusted Services Hub (TSH ) that includes both SEI TSM and SP TSM functionalities, in addition to the aggregator role. Furthermore, our TSH can be connected to any existing SEI TSM or SP TSM.

Gemalto proposes are very flexible approach based on various business models in order to best meet consumer electronics manufacturers' requirements. The benefits of our TSH are multiple:

Generate new revenue for device manufacturers when connecting to our hub

Facilitate service deployment in the eSE anywhere in the world with a "plug and play" solution

Technical: A single entry point to connect just once to enrich your service portfolio

Commercial: Simple to connect to numerous service providers (banks, transport operators, etc.) to already existing commercial agreements.