GOOGLE PROPRIETARY AND CONFIDENTIAL
● Device attestation: Google is deploying, to all Android devices with the Google Apps
suite, a software-based attestation API which deeply inspects the hardware and software
of the device to determine:
○ If the device is real, meaning not an emulator
○ If the device is of a type (hardware and system software) that is known to
Google, which implies knowledge of whether the device has passed Google’s
Compatibility Test Suite (CTS)
■ Passing CTS increases assurances that the device has not been modified
in ways known to break the Android security model (i.e. rooted, modified
system image, unlocked bootloader)
5.3 Limited-Use Key Storage Approach
We store both the relatively long-lived token (tokenized PAN) and limited-use keys encrypted in
persistent application storage. The LUKs will be encrypted at rest using symmetric AES
encryption. When a user first provisions a token to her wallet, Google servers will generate a
Device Encryption Key (DEK). This key will be used to encrypt and decrypt the LUKs on the
device. The DEK is stored on Google’s servers, and a copy is kept in the device’s memory. On
devices that support TEEs, an additional copy is kept in the TEE. When the device reboots, the
copy in memory is lost and the device must either restore the DEK from the TEE or by making a
call to Google’s servers.
When the service layer connects to Google servers to request the LUK encryption key or
additional LUKs, the server will request a device attestation. The attestation software will report
the state and identity of the device to Google, which will validate the CTS compatibility of the
device. See Section 8.0 Device Attestation API for more details on attestation.
Upon receipt of limited-use credentials from Google's server, the Tap-and-Pay service layer will
ensure that it has the decryption key for the LUKs stored in RAM. The limited-use key material
retrieved from the server will be encrypted using the DEK, and stored in the service layer’s sqlite
database.
When performing a transaction, the Android device will use the in-memory key to decrypt the
data retrieved from the service layer’s app database, and then use it to generate the transaction
cryptograms required by the contactless payment protocol.
If the on-device key is lost the device will request the decryption key from Google servers,
requiring device attestation.
Should a key rotation be necessary, the next time the device contacts the server to retrieve the
key, the server will generate a new key and provide both the old and new keys to the device so
that the device can rewrap its data and switch to the new key.