A7005CGHN1: Secure authentication microcontroller

The A700x family is a tamper resistant secure Micro Controller Unit (MCU) family using a dedicated security hardened MX51CPU. NXP® Semiconductors has a long track record in security MCUs. NXP ICs have been used in all types of security applications such as bank cards, health insurance cards, electronic passports, and pay-TV cards. They have also been used as embedded secure element in mobile phones. The A700x family features a significantly enhanced secure microcontroller architecture. Extended instructions for Java and C code, linear addressing and high speed at low power are among many other improvements added to the classic 80C51 core architecture.

The A700x family supports the following features:

The A700x family runs a Java Card Open Platform operating system called JCOP based on independent, third party specifications, i.e. by Oracle, Global Platform consortium, International Organization for Standards (ISO), EMV (Europay, MasterCard and VISA) and others. The Java Card and GlobalPlatform industry standards together ensure ease of application development and application interoperability for developers.

The A700x family key benefits are:

For more detailed information refer to following documentation:

User manual JCOP 2.4.2 Revision 0.9, JCOP V2.4.2 Revision 0.9 secure MCU operating system, Document Number 2108xx.

The User manual describes JCOP for the applet developer. It outlines the features available through the Java Card API. Also it explains any additional functionality at the Java layer. Also, this User manual contains the information on how to order A700x family products.

Full data sheet, A700x family, secure authentication microcontroller, Document Number 2066xx.

The Full data sheet explains the details of the A700x family product from a hardware point of view. It outlines figures like pinning diagram and power consumption.

Application note, Device Authentication APDU Specification, Document Number 2118xx.

The applet user manual contains a detailed description of the authentication application on the A700x family product. It outlines the interface description including the APDU description and a description how to use the applet.

The following table explains the naming conventions of the commercial product name of the A700x family products. Every A700x family product gets assigned such a commercial name, which includes also customer and application specific data.

The A700x family commercial names have the following format.

A700xagpp(p)/mvsrrff

The ‘A700’ is a constant, all other letters are variables.

Variable

Meaning

Values

Description

IC hardware specification code

a

embedded operating system code

A

JCOP V2.4.2 R0.9

C

JCOP V2.4.2 R1

g

G

Generic, no application layer firmware (i.e. JCOP applets) pre-installed

C

Customized, customer Applet pre-installed in ROM or EEPROM

A

Application firmware implementing generic X509 based client authentication

pp(p)

package type code

m

Manufacturing Site Code

T

v

Silicon Version Code

0

s

Silicon Version Subcode

B

rr

ROM Code ID

ff

FabKey ID

In addition to the A700x family secure MCU and the Java Card Open Platform operating system, the total solution includes an X.509 certificate based client authentication application.

The A700x family is delivered with pre-programmed, die-specific keys and certificates which are being generated and programmed in a certified (Common Criteria) secure NXP internal environment. The master keys are securely stored in HSMs (Hardware Secure Modules). Additional authentication software for the host (host-MCU or remote server) can also be included as part of the solution.

NXP Semiconductors offers a pre-personalizations service where customer-specific initialization data can be preprogrammed. This data can be die-individual card manager keys, symmetric DES-or AES keys, random data, X509 certificates, RSA signing keys or any other constant data like application code.

JCOP provides extended support for several industry specific requirements. This support is given with the JCOPX API that comprises following functionality:

More details about the JCOPX API can be found in JCOP User Manual.

The A700x family security concept is combining a comprehensive portfolio of NXP security measures which is protecting the chip against all types of attacks. Summarizing, there are more than 100 security features in an NXP security chip to protect against attacks from outside. NXP Semiconductors apply their extensive knowledge of chip security to harden the chip against any kinds of attacks.

The following features provide the highest level of attack resilience, which is unique in the market:

Secure Fetch Technology significantly enhances the chip hardware security for a certain class of light and laser attacks to the chip hardware. More specifically, Secure Fetch offers increased protection against attacks with higher spatial resolution. It also protects against attacks with both shorter and longer light pulses, and with both single and multiple pulses. It protects both the device memory and code fetching operations from ROM, RAM and EEPROM, greatly increasing the probability that fault injection attacks are detected. This unique security technology offers increased protection against future attack scenarios with light and laser sources, facilitating the development of highly secure software applications for customers.

The A700x family security concept includes dedicated HW measures to protect against any kind of leakage attacks. The Triple-DES coprocessor provides a high level of leak-resistance to first-order DPA, thus equally resilient against all kinds of leakage attacks.

The A700x family incorporates inherent and OS controlled security features:

NXP Semiconductors has obtained a patent license for SPA and DPA countermeasures from Cryptography Research Incorporated (CRI). This license covers both hardware and software countermeasures. It is important to customers that countermeasures within the operation system are covered under this license agreement with CRI. Further details can be obtained on request.

Outline 3d SOT617-3

The A700x family is a complete embedded security platform for mobile phones, portable devices, computing and consumer electronic devices, and embedded systems where a strong security infrastructure is required. The A700x family provides an outstanding level of security, while overcoming the challenges of performance, power consumption and solution footprint. Its flexible architecture offers brand owners and device manufacturers a robust solution that can be tailored to meet the demanding embedded security requirements of today. The A700x family can be used in various host platforms and host operating systems to secure a broad range of applications.

The A700x family is offered as a turnkey solution that provides customers easy integration of authentication solutions into their end products. Minimal impact on the performance of end-products is achieved through high-speed, low power consumption ICs that feature the industry standard I²C interface.

The flexibility of the A700x family solution allows for fast and convenient customization of specific solutions or implementations.

Data Sheets (1)
Name/DescriptionModified Date
Secure authentication microcontroller (REV 3.0) PDF (283.0 kB) A700X_FAM_SDS05 Jul 2013
Package Information (1)
Name/DescriptionModified Date
DFN5050-32: plastic thermal enhanced very thin quad flat package; no leads; 32 terminals; body 5 x 5 x 0.85 mm (REV 1.1) PDF (219.0 kB) SOT617-308 Jun 2016