Google Wallet, your Android becomes your wallet/ID/tickets/offers and more, but does it use ARM TrustZone yet?

Posted by Charbax – May 27, 2011

Google wants to replace your wallet, your passport, your ID, to be used for ticketing, for local offers, coupons, deals and more. But is it secure yet?

We need this pin code mode and it needs to be fully 100% secure. But is it yet secure in this first implementation with NFC on the Nexus S 4G? Does Google yet use some type of deep hardware level security like the ARM TrustZone Mobile Payments platform?

We need this pin code screen to show up full screen, and there needs to be some kind of light diode indicator confirming that you are in 100% secure mode. That kind of pin code screen needs to come up to confirm every login, every payment, every money transfer. If they can do that in the way ARM is suggesting with TrustZone, this should make of this system a fully secured way to replace wallets, ID, Passports, tickets, coupons and more.

I want to login to my Google Account using my phone's pin code security system. I want this system to replace all login username/passwords on the web. This system needs to become the new interface for a new type of OpenID system. Google released in February an SMS based secure login service that they offer to all Google Account holders today. But SMS is not seamless, it's not really usable, the pin code screen needs to popup on your smartphone right there as you are trying to login, authenticate your access or to pay for something. That pin code authentication mechanism could perhaps be replaced by some kind of bio-metric authentication, or a kind of screen lock mechanism. Think of it like that calculator that you use for your security for your net banking, it needs to be the same integrated right into your phone.

Here's the 1-hour video of this Google Wallet announcement, embedded to start at time-code 22 minutes (you can rewind and watch the whole thing if you want) where Rob von Behren talks about the NXP PN65 based Secure Element solution, which sounds like this is true hardware based security!

  • Pingback: Google Wallet è sicuro Certamente lo sarebbe se… « highlightsaber()

  • I’d like to know:
    1. Is Google Wallet compatible with ARM TrustZone or is that NXP N65 the only secure element implementation that is going to be used?
    2. At which point is the secure pin code entry being used? Is it for each payment? Is it only once for each time you add $100 from one of your accounts to your wallet?
    3. Can we use this secure element also for logins all over the web, be it to login to our Google Account, as a replacement to the 2-step verification process that currently uses SMS? I’d like to have this secure pin code show up automatically every time I login to any website. Make this kind of a secure openID system, and make it replace all usernames and passwords on the Internet, 100% secure and easy.
    4. Does this work for net banking? Does this replace the physical calculator thing some people have to use for net banking?
    5. How can you be sure you have activated the secure element pin code mode, and that the screen has not “simply” been hi-jacked by a keylogger app that logs your pin code and proceed imediately to empty all your bank accounts? Shouldn’t the phone have a secure mode light diode that should light up next to the screen to confirm that you are in fact in secure element pin code mode and that you can 100% trust what is on the screen is secure?6. Can other verification systems be used than the basic pin code? Could there be bio-metric verification, or some of those screen pattern verification systems like the ones some use for unlocking the screen?7. Can you explain how Visa and other credit cards can currently be used? Is it correct that any credit card including Visa can be used to add funds to your pre-paid Google CreditCard?8. Any plans to add net banking integration or some other forms of funds so that no payment fees need to be paid by the consumer like there is some kind of 2% or so transaction fee when paying with a credit card? How do we escape paying those transaction fees? Could there be some kind of integration to something like Dwolla.com?9. What’s going to happen with user to user payments?10. Could all websites that take credit card payments send the user to authenticate on the phone to process the payment instead, without having to manually enter credit card details on every website?

  • Marc

    This is fantastic if well implemented. I am concerned of my privacy, I don’t want Google tracking me even when I buy toilet paper. (as an advertasing company, temptation could be too much for Google).

  • Anonymous

    The 1 hour Google Wallet Product Launch is showing up as private…

    This version should work… http://www.youtube.com/watch?v=am8t6iZ7up0#t=22m00s

  • Pingback: Google Wallet should use ARM TrustZone for 100% security – ARMdevices.net()

  • Pingback: Highlights of 2011 on ARMdevices.net – ARMdevices.net()