P5CN072
Secure Dual Interface PKI Smart Card Controller
Rev. 1.0 — 2005 March 09
107710
Short Form Specification
1. General description
1.1 Description P5CN072 device
x
72 Kbytes EEPROM
x
160 Kbytes User ROM
x
4608 bytes RAM
x
PKI (Public Key Infrastructure) co-processor (RSA, ECC)
x
Dual / Triple key DES-3 co-processor
x
ISO/IEC 7816 contact interface
x
S
2
C interface to enable secure contactless communication via Near Field
Communication (NFC)
x
EEPROM data retention time: 20 years minimum
The P5CN072 is a Secure Dual Interface PKI Smart Card Controller of the SmartMX
platform featuring 160 Kbytes of ROM, 4608 bytes of RAM and 72 Kbytes of EEPROM,
which can be used as data memory and as program memory. The non-volatile memory
consists of high reliability memory cells to guarantee data integrity, which is especially
important when the EEPROM is used as program memory.
Operated both in contact mode (ISO/IEC 7816) and in S
2
C mode the user defines the final
function of the chip with his chip operating system (COS). This allows the same level of
security, functionality and flexibility for the contact interface as well as for S
2
C interface.
The S
2
C interface technology provides reliable digital communication to a member of the
NFC IC family to enable secure contactless communication via NFC enabled devices
such as mobile phones.
The S
2
C interface is connected to the internal ISO14443 CIU. The CIU handles the
demodulation and the modulation of the S
2
C signals that a full contactless communication
via this interface and the NFC IC can be enabled. As the S
2
C interface is connected to the
CIU the power of the P5CN072 has to be supplied via the VDD and VSS pins in S
2
C
mode.
The P5CN072 offers the same features of contactless and contact mode handling as
other members of the Smart MX family.
Connected to the S
2
C interface of a NFC IC the P5CN072 is compatible with existing
MIFARE
®
reader infrastructure and the optional free of charge emulation modes of
MIFARE
®
1K and MIFARE
®
4K enable fast system integration and backward compatibility
of standard MIFARE
®
and ProX family based cards. The communication on the S
2
C
interface support the ISO/IEC14443 A- part 3 and ISO/IEC14443 part 4.
Philips Semiconductors
P5CN072
Secure Dual Interface PKI Smart Card Controller
Bi-directional communication with the contact interface of the device can be performed
through two serial IOs. These IOs are under full control of the application software in order
to allow conditional controlled access to the different internal memories.
The on-chip hardware is software controlled via Special Function Registers (SFRs). Their
function and usage is described in the respective sections of this specification as the
SFRs are correlated to the activities of the CPU, Interrupt, IO, EEPROM, Timers, etc.
The P5CN072 provides two power saving modes with reduced activity: the IDLE and the
SLEEP or CLOCKSTOP Mode. These two modes are activated by software.
The device operates either with a single 1.8V, 3 V or 5 V (voltage classes C, B, A) power
supply at a maximum external clock frequency of 10 MHz supplied by the contact pads
(internally up to 30 MHz).
1.1.1 Different Configurations of the P5CN072
Depending on the application requirements the P5CN072 can be configured according to
options described in the data sheet chapter “ORDER ENTRY FORM”.
There are three different configurations (A, B1 and B4) possible as shown in Table
[1]
. The
MIFARE
®
option configuration has impact on the access conditions for the EEPROM and
influences the User OS development.
Note that the contactless interface can be used in any of the following configurations to
communicate via any protocol (T=CL as specified in ISO/IEC 14443-4 or a self defined
protocol), also concurrently to the MIFARE
®
protocol available in configuration B1 and B4.
1.1.1.1 Configuration A
In configuration
A
all memory resources are available and under full control of the dual
interface User OS. No MIFARE
®
functionality is available.
1.1.1.2 Configuration B1
In configuration
B1
the contactless MIFARE
®
Classic OS provided by Philips is
implemented on the P5CN072. 1 Kbyte of the EEPROM can be accessed by the
MIFARE
®
Classic OS offering the same command set and functionality as a MIFARE
®
1K
hardwired logic chip. The access conditions for the user OS to the MIFARE
®
memory area
can be configured via the so called ACM (Access condition matrix). The MIFARE
®
Classic
OS offers a backward compatibility to support existing infrastructure based on the
MIFARE
®
Classic functionality.
107710
© Koninklijke Philips Electronics N.V. 2005. All rights reserved.
Short Form Specification
Rev. 1.2 — 2005 March 09
2 of 12
Philips Semiconductors
P5CN072
Secure Dual Interface PKI Smart Card Controller
1.1.1.3 Configuration B4
In configuration
B4
the MIFARE
®
Classic OS provided by Philips Semiconductors offers
the same functionality and command set as the MIFARE
®
4K hardwired chip. This
emulation offers the possibility to access 4 Kbytes of EEPROM memory using the
MIFARE
®
command set. Access rights for the user OS and the MIFARE
®
4K emulation on
accessing the EEPROM memory can be configured via the so called ACM (Access
Condition Matrix).
For secure separation of the user OS and the MIFARE
®
OS a dedicated built in hardware
protection controls the access to the EEPROM, RAM and ROM.
For detailed explanation of MIFARE
®
1K and MIFARE
®
4K functionality please refer also
to the following documents:
•
MIFARE
®
MF RC500 Product Specification
•
MIFARE
®
Standard IC MF1 ICS50 Functional Specification
•
MIFARE
®
Standard 4 Kbytes Card IC MF1 ICS70
Table 1:
A
B1
B4
Configurations of the P5CN072
EEPROM
72 Kbytes for access with user OS
35 Kbytes for access with user OS via EEPROM SFR
1 Kbyte for access with MIFARE
®
Classic OS and user OS
32 Kbytes for access with user OS via EEPROM SFR
4 Kbytes for access with MMIFARE
®
Classic OS and user OS
[1]
In configuration B1 and B4 the MIFARE
®
OS allocates 128 bytes of the RAM.
[1]
[1]
Configuration
CONFIGURATION A
CONFIGURATION B
CONFIGURATION B4
RAM
4608 bytes
RAM
4480 bytes
128 bytes MIFARE
®
OS
EEPROM
RAM
4480 bytes
128 bytes MIFARE
®
OS
EEPROM
68 Kbytes
4 Kbytes
MIFARE
®
OS
EEPROM
72 Kbytes
71 Kbytes
1 Kbytes
MIFARE
®
OS
ROM
160 Kbytes
ROM
160 Kbytes
ROM
160 Kbytes
Fig 1. Configurations of the P5CN072.
107710
© Koninklijke Philips Electronics N.V. 2005. All rights reserved.
Short Form Specification
Rev. 1.2 — 2005 March 09
3 of 12
Philips Semiconductors
P5CN072
Secure Dual Interface PKI Smart Card Controller
2. Features
2.1 Product Specific Features
s
72 Kbytes EEPROM (including 192 bytes reserved manufacturer/security area)
s
160 Kbytes User ROM
s
4608 bytes RAM
x
256 bytes + 3 Kbytes CXRAM
x
1280 bytes FXRAM usable for FameXE
s
Memory Management and Protection Unit
(MMU)
x
for more details see 2.2. Security Features
s
S
2
C Interface Unit
x
compatible with ISO/IEC14443A-3 via a NFC IC
x
fully supports the T=CL protocol acc. ISO/IEC14443-4
x
Data Transfer rates supported (106 Kbit/s)
s
High speed DES-3 co-processor
(64 bit parallel processing DES engine)
s
PKI Co-processor
FameXE
x
The major Public Key Cryptosystems like RSA, El’Gamal, DSS, Diffie-Hellmann,
Guillou-Quisquater, Fiat-Shamir and Elliptic Curve are supported
x
4096 bits maximum key length for RSA with randomly chosen modulus
x
32-bit interface
x
Boolean operations for acceleration of standard, symmetric cipher algorithms
x
Performance example:
RSA Modular Exponentation (Straight forward) < 35 ms
(2048 bit key length and 17 bit exponent)
s
Optional free of charge MIFARE
®
1K and MIFARE
®
4K functionality
supported by
the S
2
C interface
s
1 additional IO port IO2 for full-duplex serial data communication
107710
© Koninklijke Philips Electronics N.V. 2005. All rights reserved.
Short Form Specification
Rev. 1.2 — 2005 March 09
4 of 12
Philips Semiconductors
P5CN072
Secure Dual Interface PKI Smart Card Controller
2.2 Security Features
s
Enhanced Security Sensors
x
Low / high clock frequency sensor
x
Low / high temperature sensor
x
Single Fault Injection (SFI) attack detection
x
Light sensors
s
Electronic fuses
for safeguarded mode control
s
Unique ID for each die
s
Clock Input Filter for protection against spikes
s
Power-up / Power-down reset
s
Optional programmable “Card Disable” feature
s
Memory Security
(encryption and physical measures) for RAM, EEPROM and ROM
s
Memory Management and Protection Unit (MMU)
x
Secure multi application operating systems via two different operation modes
- System Mode and Application Mode
x
OS controlled access restriction mechanism to pheripherals in Application Mode
x
Memory mapping up to 8 Mbytes Code memory
x
Memory mapping up to 8 Mbytes (-64K) Data memory
s
Optional disabling of ROM read instructions by code executed in EEPROM
s
Optional disabling of any code execution out of RAM
s
EEPROM
programming:
x
No external clock
x
Hardware sequencer controlled
x
On-chip high voltage generation
x
Enhanced error correction mechanism
s
64 or 128 EEPROM bytes for customer-defined Security FabKey.
Featuring batch-,
wafer- or die-individual security data, incl. encrypted diversification features on request
s
14 bytes User Write Protected Security area in EEPROM
(byte access, inhibit
functionality per byte)
s
32 bytes Write Once Security area in EEPROM
(bit access)
s
32 bytes User Read Only area in EEPROM
(byte access)
s
Customer specific EEPROM initialization
optional
107710
© Koninklijke Philips Electronics N.V. 2005. All rights reserved.
Short Form Specification
Rev. 1.2 — 2005 March 09
5 of 12
京公网安备 11010802033920号
EEWORLD
