Hi Plamen, Which of those options are appropriate will very much depend on your threat model, i.e. which capabilities you assume your adversaries to have. Are physical adversaries in your thread model? How much (effort/resources) do you assume adversaries may be willing to spend up front and per device/user? Depending on these answers, the solution can be anywhere on the spectrum between fully within the app to strictly requiring certified secure elements. Did you see the requirements for StrongBox (for key storage/handling) in Android Pie? Is this useful for your case?
best regards, Rene On Sat, Sep 29, 2018 at 12:01 AM Plamen Metodiev <plamenm.metod...@gmail.com> wrote: > Hello, > > I want to emulate Mifare Classic 4K card that will have authentication and > it will be used for passing a barrier of a system already in place. With > Android 4.4 Google presented HCE (Host Card Emulation). Now in 2018 what is > better to use HCE or use the embedded secure element in the phone or > somewhere in the cloud? I think that the embedded secure element is still > the most secure approach because it can not be hacked in any way. What are > your suggestions? > > -- > You received this message because you are subscribed to the Google Groups > "Android Security Discussions" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to android-security-discuss+unsubscr...@googlegroups.com. > Visit this group at > https://groups.google.com/group/android-security-discuss. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To unsubscribe from this group and stop receiving emails from it, send an email to android-security-discuss+unsubscr...@googlegroups.com. Visit this group at https://groups.google.com/group/android-security-discuss. For more options, visit https://groups.google.com/d/optout.
