Qualcomm’s Snapdragon 855 Mobile Platform powers a number of high-end flagship smartphones that are already shipping in volume at retail, from Samsung’s Galaxy S10 series to the hot, new OnePlus 7 Pro and Google’s latest Pixel 3a series. Today, however, we’re learning that in addition to its high performance processing engines and forward-looking 5G connectivity, on board the Snapdragon 855 platform lies key, previously untapped technology in silicon that will enable a new level of security compliance and features, along with more flexible and convenient multi-carrier connectivity in the future.
Qualcomm Technologies, Inc today announced that the on-die security engine, dubbed the SPU or Secure Processing Unit, of its Snapdragon 855 SoC has received Common Criteria EAL-4+ security certification for smart card hardware security assurance. Also on board Qualcomm’s Snapdragon 855 SoC is iSIM or Integrated SIM technology that is similar to eSIM (Embedded SIM) but is also incorporated in-silicon of the Snapdragon 855 chip itself. Both of these technologies previously required discrete chip solutions but this new level of integration for Qualcomm’s new Snapdragon SoC brings significant BOM (Bill of Materials) cost savings and design simplicity to existing and future generation devices.
“Completing the EAL-4+ security certification is a major milestone in our journey to bring smart card levels of security to our Snapdragon customers and users. Use cases that previously required separate security chips will now be possible fully integrated in Snapdragon 855 powered devices,” said Jesse Seed, senior director, product management, Qualcomm Technologies, Inc. “This certification is a testament to the industry firsts that Snapdragon 855 brings to market and Qualcomm Technologies’ continued leadership in embedded security.”
The company notes examples of current Qualcomm Snapdragon 855 Secure Processing Unit use cases include Android Strongbox Keymaster and Gatekeeper. Meeting Android StrongBox requirements is no trivial task. The technology allows keys to be stored on-chip in its own security engine with local, secure storage and memory, running its own OS and communicating with the primary OS (in this case Android 9) through a secure interface. In short, you could compromise the main OS kernel but not the Trusted Execution Environment (TEE) of the Snapdragon 855’s SPU. This is ideal for applications like integrated payment systems and more convenient, secure credentials management systems.
“Improving security is a top priority for all of our platform releases,” notes Dave Kleidermacher, head of Android security and privacy at Google. “Qualcomm Secure Processing Unit makes it possible for our OEMs to meet the stringent Android StrongBox requirements, and we are looking forward to seeing how partners implement it to take advantage of key StrongBox features, such as improvements to credential and payment security.”
In addition, what’s perhaps even more interesting in the near term for some device manufacturers, carriers and consumers is the Snapdragon 855’s iSIM capability. In addition to these noted security features, the iSIM will enable provisioning of devices on any carrier network, in addition to automatic carrier switching ala Google Fi. Though Qualcomm officials would not comment on any new device announcements, it’s conceivable that the expansion of Google’s short list of “Designed for Fi” phones with carrier switching capabilities could be growing in the future.
Imagine devices like the Samsung Galaxy S10 line, the new OnePlus 7 Pro or others being able to carrier hop like Google’s own Pixel 3 devices, or the Moto G series. This capability alone could motivate some users to switch to Fi, though it would take firmware qualification (and validation from Google) to make this a reality.
Again, since Qualcomm’s Snapdragon 855 is already in production and in-market with tools to enable these features, the company notes ecosystem partners can start taking advantage of the mobile platform’s newly enabled security and connectivity features immediately.