Methods, systems, and apparatus for providing secure communication. The device includes a secure element for generating application key pairs. The device includes a trusted environment that is physically or logically isolated from an untrusted environment. The trusted environment includes one or more processors configured to perform operations of an application. The operations include generating an application key pair. The application key pair includes a secure element private key and a secure element public key. The operations include sending an application authentication request including one or more device identifiers and the secure element public key to a server. The operations include obtaining a digital certificate that includes the secure element public key and the one or more device identifiers. The operations include providing the digital certificate to a second device and establishing a secure communication channel between the device and the second device using the digital certificate.