P5CC012XR Secure contact PKI smart card controller
SmartMX family approach
The new CMOS14 SmartMX family members feature a modular set of devices with:
SmartMX family properties
The long-term approved SmartMX family features a significantly enhanced secure smart card IC architecture. Extended instructions for Java and C code, linear addressing, high speed at low power and a universal memory management unit are among many other improvements added to the classic 80C51 core architecture. The technology transfer step from 5-metal-layer 0.18 μm to 5-metal-layer 0.14 μm CMOS technology now offers even more advantages in terms of security features, memory resources, crypto coprocessor calculation speed for RSA and ECC as well as availability of secure hardware support for 2/3-key Data Encryption Standard (DES) operations.
The contact interface availability enables the easy implementation of native or open platform and multi-application operating systems in market segments such as banking, E-passport, ID card, secure access, Java card as well as Trusted Platform Modules (TPM) within extremely tiny SMD packages
Cryptographic hardware coprocessors
FameXE coprocessor
The security hardened and modular FameXE architecture supports the trend of increasing RSA keys with faster execution speeds as well as Elliptic Curve Cryptography (ECC) based on GF(p) or GF(2n) at best performance. FameXE supports RSA with an operand length of up to 8-kbit (up to 4-kbit with intermediate storage in RAM only).
The FameXE PKI coprocessor supports 192-bit ECC key length that offers the same level of security as 2048-bit RSA. An ECC GF(2n) based signature, using a 163-bit key can be executed in less than 30 ms providing a security level comparable to 1024-bit RSA. The operand size for ECC, supported by FameXE, is only limited by the 2.5 KB size of the FXRAM. FameXE is easy to use and the flexible interface provides programmers with the freedom to implement their own cryptography solutions. A secure and CC EAL5+ certified crypto library providing a large range of required functions will be available for all devices in order to support customers in implementing public key-based solutions.
Triple-DES coprocessor
The DES widely used for symmetric encryption is supported by a dedicated, high performance, highly attack-resistant hardware coprocessor. Single DES and Triple-DES, based on two or three DES keys, can be executed within less than 40 μs. Relevant standards (ISO/IEC, ANSI, FIPS) and Message Authentication Code (MAC) are fully supported. A secured and CC EAL5+ certified crypto library will be available for all devices in order to support customers in implementing 3DES based solutions.
SmartMX interface
SmartMX contact interface
Operating in accordance with ISO/IEC 7816, the SmartMX contact interface is supported by a built-in Universal Asynchronous Receiver/Transmitter (UART), which enables data rates of up to 1 Mbit/s allowing for the automatic generation of all typical baud rates and supports transmission protocols T=0 and T=1. An additional IO is available for proprietary use.
Security features
SmartMX incorporates a wide range of both inherent and OS-controlled security features as countermeasure against all types of attacks. NXP Semiconductors apply their extensive knowledge of chip security, combined with handshaking circuit technology, very dense 5-metal layer 0.14 μm technology, glue logic and active shielding methodology for optimum results in CC EAL5+, EMVCo and other third party certifications and approvals.
The SmartMX security features are acknowledged by most of the NXP Semiconductors customers for their outstanding properties. The counter measures against light attacks are regarded as “best-in-class”.
Security evaluation and certificates
Hardware security certification in accordance with CC EAL5+ is attained. Also, third-party approval such as EMVCo (VISA, CAST), ZKA and others, depending on the application requirements, are available.
NXP Semiconductors continues to drive forward third party security evaluations to provide its customers with the relevant information and documentation needed to execute subsequent composite evaluations of implemented applications.
Security licensing
In addition to the various intellectual properties regarding attack resistance of the NXP Semiconductors’ owned SmartMX family, NXP Semiconductors has obtained a patent license for SPA and DPA countermeasures from Cryptography Research Incorporated (CRI). This license covers both hardware and software countermeasures. It is important to customers that countermeasures within the operation system are covered under this license agreement with CRI. Further details can be obtained on request.
Optional crypto library
NXP Semiconductors offer an optional crypto library for all family types:
- Various algorithms
- DES and Triple-DES encryption and decryption using the DES coprocessor
- RSA encryption and decryption, signature generation and verification for straightforward and CRT keys up to 5024 bits
- RSA key generation
- ECC over GF(p) signature generation and verification (ECDSA) and Diffie-Hellman key exchange for keys up to 544 bits
- ECC over GF(p) key generation
- ECC over GF(2n) signature generation and verification (ECDSA) and Diffie-Hellman key exchange for keys up to 544 bits
- ECC over GF(2n) key generation
- SHA-1, SHA-224 and SHA-256 hash algorithm
- Pseudo-Random Number Generator (PRNG)
- Easy to use API for all algorithms
- Latest built-in security features to avoid power (SPA/DPA), timing and fault attacks (DFA)
- Common criteria version 3.1 EAL5+ certification available (except ECC over GF(2n)) in conformance to BSI-PP-0035-2007 protection profile
产品特点 Features
Standard family features
- EEPROM: choice of 8 KB or 12 KB
- Data retention time: 25 years
- Endurance: 500000 cycles
- ROM: 196 KB
- RAM: 6144 B
- 256 B IRAM + 3.25 KB Standard RAM usable for CPU
- 2560 B FXRAM shared memory for FameXE and CPU
- Dedicated Secure_MX51 Smart Card CPU (Memory eXtended/enhanced 80C51)
- 5-metal layer 0.14 μm CMOS technology
- Operating in Contact mode
- Featuring a 24-bit universal memory space, 24-bit program counter
- Combined universal program/data linear address range up to 16 MB
- Additional instructions to improve
- pointer operations
- performance
- code density of both C and Java source code
- ISO/IEC 7816 contact interface
- PKI coprocessor FameXE
- High speed Triple-DES coprocessor (64-bit parallel processing DES engine)
- Two or three keys loadable
- Triple-DES calculation time < 40 μs
- Low power and low voltage design using NXP Semiconductors’ handshaking technology
- Multiple source vectorized interrupt system with four priority levels
- Watch exception provides software debugging facility
- Multiple source RESET system
- Two 16-bit timers
- High reliable EEPROM for both data storage and program execution
- Bytewise EEPROM programming and read access
- Versatile EEPROM programming of 1 B to 64 B at a time
- Typical EEPROM page erasing time: 1.7 ms
- Typical EEPROM page programming time: 1.0 ms
- Power-saving Idle mode
- Wake-up from Idle mode by RESET or any activated interrupt
- Power-saving Sleep or Clockstop mode
- Wake-up from Sleep or Clockstop mode by RESET or external interrupt
- Contact configuration and serial interface according to ISO/IEC 7816: GND, VCC, CLK, RST, I/O
- ISO/IEC 7816 UART supporting standard protocols T=0 and T=1 as well as high speed personalization up to 1 Mbit/s
- Support of major Public Key Cryptography (PKC) systems like RSA, Elgamel, DSS, Diffie-Hellman, Guillou-Quisquater, Fiat-Shamir and Elliptic Curves
- 8192 bits maximum key length for RSA with randomly chosen modulus
- 4096 bits maximum key length for calculation within RAM
- 32-bit operand input/output interface
- Boolean operations for acceleration of standard, symmetric cipher algorithms
- Externally or internally generated configurable CPU clock
- 1 MHz to 10 MHz operating external clock frequency range
- Internal clocking independent of externally applied frequency
- High speed 16-bit CRC engine according to ITU-T polynomial definition
- Low power Random Number Generator (RNG) in hardware, AIS-31 compliant
- 1.62 V to 5.5 V operating voltage range for Class C, B and A
- Optional extended Class B operation mode (2.2 V to 3.3 V targeted for battery supplied applications)
- -25 °C to +85 °C ambient temperature
- Broad spectrum of delivery types
|
应用
- Banking
- Java cards
- E-Government
- Contact ID cards
- Secure access control
- Trusted platform modules
- Pay-TV
- Authentication
Security features
- Enhanced security sensors
- Low and high clock frequency sensor
- Low and high temperature sensor
- Low and high supply voltage sensor
- Single Fault Injection (SFI) attack detection
- Light sensors (included integrated memory light sensor functionality)
- Electronic fuses for safeguarded mode control
- Active Shielding
- Unique ID for each die
- Clock input filter for protection against spikes
- Power-up / Power-down reset
- Optional programmable card disable feature
- Memory security (encryption and physical measures) for RAM, EEPROM and ROM
- Optional disabling of ROM read instructions by code executed in EEPROM
- Optional disabling of any code execution out of RAM
- EEPROM programming:
- No external clock
- Hardware sequencer controlled
- On-chip high voltage generation
- Enhanced error correction mechanism
- 64 B EEPROM for customer-defined Security FabKey, featuring batch-, wafer- or die-individual security data, included encrypted diversification features on request`
- 14 B user write protected security area in EEPROM (byte access, inhibit functionality per byte)
- 32 B write-once security area in EEPROM (bit access)
- 32 B user-read only area in EEPROM (byte access)
- Customer specific EEPROM initialization available
Design-in support
- Approved development tool chain
- Keil PK51 development tool package inclusive μVision3/dScope C51 simulator, additional specific hardware drivers inclusive ISO/IEC 7816 card interface board. A SmartMX DBox allows software debugging and integration tests.
- Ashling Ultra-Emulator platform, stand alone ROM prototyping boards and ISO/IEC 7816 card interface board. Code coverage and performance measurement software tools for real time software testing.
- Tutorial C source libraries for
- EEPROM read/write routines
- T=1 communication according to ISO/IEC 7816, Part 3
|
P5CC012XR 技术支持
档案名称 |
标题 |
类型 |
格式 |
P5CC012XR |
Secure contact PKI smart card controller |
Data sheet |
pdf |
130830 |
AN10834 MIFARE ISO/IEC 14443 PICC Selection
|
Application note |
pdf |
AN10927 |
MIFARE and handling of UIDs
|
Application note |
pdf |
AN10787 |
AN10787 MIFARE Application Directory (MAD)
|
Application note |
pdf |
AN1305 |
MIFARE Classic as NFC Type MIFARE Classic Tag
|
Application note |
pdf |
AN1304 |
NFC Type MIFARE Classic Tag Operation
|
Application note |
pdf |
AN10833 |
MIFARE Type Identification Procedure
|
Application note |
pdf |