P5CC008V1A and P5CC012V1A
family
Secure contact PKI smart card controller
Rev. 3 — 22 August 2012
195430
Product short data sheet
COMPANY PUBLIC
1. General description
1.1 SmartMX family approach
The new CMOS14 SmartMX family members feature a modular set of devices with:
•
•
•
•
•
•
•
•
8 KB or 12 KB EEPROM
196 KB user ROM
6144 B RAM
High-performance secured Public Key Infrastructure (PKI) coprocessor (RSA, ECC)
Secure dual/triple-DES coprocessor
ISO/IEC 7816 contact interface
5-metal-layer 0.14
m
CMOS technology
EEPROM with minimum 500 000 cycles endurance and minimum 25 years retention
time
•
Broad spectrum of delivery types
•
Optional certified crypto library (Common criteria version 3.1 EAL5+ in conformance
to BSI-PP-0002 protection profile)
•
Compliant to the EMV ICC Specification for Payment Systems
Common Criteria version 3.1 level EAL5+ in conformance to BSI-PP-0035-2007
protection profile
•
EMVCo security approval
1.2 SmartMX family properties
The long-term approved SmartMX family features a significantly enhanced secure smart
card IC architecture. Extended instructions for Java and C code, linear addressing, high
speed at low power and a universal memory management unit are among many other
improvements added to the classic 80C51 core architecture. The technology transfer step
from 5-metal-layer 0.18
m
to 5-metal-layer 0.14
m
CMOS technology now offers even
more advantages in terms of security features, memory resources, crypto coprocessor
calculation speed for RSA and ECC as well as availability of secure hardware support for
2/3-key Data Encryption Standard (DES) operations.
NXP Semiconductors
P5CC008V1A and P5CC012V1A
Secure contact PKI smart card controller
The contact interface availability enables the easy implementation of native or open
platform and multi-application operating systems in market segments such as banking,
E-passport, ID card, secure access, Java card as well as Trusted Platform Modules (TPM)
within extremely tiny SMD packages.
1.3 Naming conventions
Table 1.
x
Naming conventions
Type of category:
C = PKI controller + Triple-DES coprocessor
S = Triple-DES coprocessor
y
zzz
Interface options:
C = contact interface - ISO/IEC 7816
Amount of non-volatile memory in KB, increasing count for further product options
P5xyzzz SmartMX platform
1.4 Cryptographic hardware coprocessors
1.4.1 FameXE coprocessor
The security hardened and modular FameXE architecture supports the trend of increasing
RSA keys with faster execution speeds as well as Elliptic Curve Cryptography (ECC)
based on GF(p) or GF(2
n
) at best performance. FameXE supports RSA with an operand
length of up to 8-kbit (up to 4-kbit with intermediate storage in RAM only).
The FameXE PKI coprocessor supports 192-bit ECC key length that offers the same level
of security as 2048-bit RSA. An ECC GF(2
n
) based signature, using a 163-bit key can be
executed in less than 30 ms providing a security level comparable to 1024-bit RSA. The
operand size for ECC, supported by FameXE, is only limited by the 2.5 KB size of the
FXRAM. FameXE is easy to use and the flexible interface provides programmers with the
freedom to implement their own cryptography solutions. A secure and CC EAL5+ certified
crypto library providing a large range of required functions will be available for all devices
in order to support customers in implementing public key-based solutions.
1.4.2 Triple-DES coprocessor
The DES widely used for symmetric encryption is supported by a dedicated, high
performance, highly attack-resistant hardware coprocessor. Single DES and Triple-DES,
based on two or three DES keys, can be executed within less than 40
s.
Relevant
standards (ISO/IEC, ANSI, FIPS) and Message Authentication Code (MAC) are fully
supported.A secured and CC EAL5+ certified crypto library will be available for all devices
in order to support customers in implementing 3DES based solutions.
1.5 SmartMX interface
1.5.1 SmartMX contact interface
Operating in accordance with ISO/IEC 7816, the SmartMX contact interface is supported
by a built-in Universal Asynchronous Receiver/Transmitter (UART), which enables data
rates of up to 1 Mbit/s allowing for the automatic generation of all typical baud rates and
supports transmission protocols T=0 and T=1. An additional IO is available for proprietary
use.
P5CC008V1A_P5CC012V1A_FAM_SDS
All information provided in this document is subject to legal disclaimers.
© NXP B.V. 2012. All rights reserved.
Product short data sheet
COMPANY PUBLIC
Rev. 3 — 22 August 2012
195430
2 of 15
NXP Semiconductors
P5CC008V1A and P5CC012V1A
Secure contact PKI smart card controller
1.6 Security features
SmartMX incorporates a wide range of both inherent and OS-controlled security features
as countermeasure against all types of attacks. NXP Semiconductors apply their
extensive knowledge of chip security, combined with handshaking circuit technology, very
dense 5-metal layer 0.14
m
technology, glue logic and active shielding methodology for
optimum results in CC EAL5+, EMVCo and other third party certifications and approvals.
The SmartMX security features are acknowledged by most of the NXP Semiconductors
customers for their outstanding properties. The counter measures against light attacks are
regarded as “best-in-class”.
1.7 Security evaluation and certificates
Hardware security certification in accordance with CC EAL5+ is attained. Also, third-party
approval such as EMVCo (VISA, CAST), ZKA and others, depending on the application
requirements, are available.
NXP Semiconductors continues to drive forward third party security evaluations to provide
its customers with the relevant information and documentation needed to execute
subsequent composite evaluations of implemented applications.
1.8 Security licensing
In addition to the various intellectual properties regarding attack resistance of the NXP
Semiconductors’ owned SmartMX family, NXP Semiconductors has obtained a patent
license for SPA and DPA countermeasures from Cryptography Research Incorporated
(CRI). This license covers both hardware and software countermeasures. It is important to
customers that countermeasures within the operation system are covered under this
license agreement with CRI. Further details can be obtained on request.
1.9 Optional crypto library
NXP Semiconductors offer an optional crypto library for all family types:
•
Various algorithms
–
DES and Triple-DES encryption and decryption using the DES coprocessor
–
RSA encryption and decryption, signature generation and verification for
straightforward and CRT keys up to 5024 bits
–
RSA key generation
–
ECC over GF(p) signature generation and verification (ECDSA) and Diffie-Hellman
key exchange for keys up to 544 bits
–
ECC over GF(p) key generation
–
ECC over GF(2
n
) signature generation and verification (ECDSA) and
Diffie-Hellman key exchange for keys up to 544 bits
–
ECC over GF(2
n
) key generation
–
SHA-1, SHA-224 and SHA-256 hash algorithm
–
Pseudo-Random Number Generator (PRNG)
•
Easy to use API for all algorithms
P5CC008V1A_P5CC012V1A_FAM_SDS
All information provided in this document is subject to legal disclaimers.
© NXP B.V. 2012. All rights reserved.
Product short data sheet
COMPANY PUBLIC
Rev. 3 — 22 August 2012
195430
3 of 15
NXP Semiconductors
P5CC008V1A and P5CC012V1A
Secure contact PKI smart card controller
•
Latest built-in security features to avoid power (SPA/DPA), timing and fault attacks
(DFA)
•
Common criteria version 3.1 EAL5+ certification available (except ECC over GF(2
n
))
in conformance to BSI-PP-0035-2007 protection profile
2. Features and benefits
2.1 Standard family features
EEPROM: choice of 8 KB or 12 KB
Data retention time: 25 years
Endurance: 500000 cycles
ROM: 196 KB
RAM: 6144 B
256 B IRAM + 3.25 KB Standard RAM usable for CPU
2560 B FXRAM shared memory for FameXE and CPU
Dedicated Secure_MX51 Smart Card CPU (Memory eXtended/enhanced 80C51)
5-metal layer 0.14
m
CMOS technology
Operating in Contact mode
Featuring a 24-bit universal memory space, 24-bit program counter
Combined universal program/data linear address range up to 16 MB
Additional instructions to improve
- pointer operations
- performance
- code density of both C and Java source code
ISO/IEC 7816 contact interface
PKI coprocessor FameXE
High speed Triple-DES coprocessor (64-bit parallel processing DES engine)
Two or three keys loadable
Triple-DES calculation time < 40
s
Low power and low voltage design using NXP Semiconductors’ handshaking
technology
Multiple source vectorized interrupt system with four priority levels
Watch exception provides software debugging facility
Multiple source RESET system
Two 16-bit timers
High reliable EEPROM for both data storage and program execution
Bytewise EEPROM programming and read access
Versatile EEPROM programming of 1 B to 64 B at a time
Typical EEPROM page erasing time: 1.7 ms
Typical EEPROM page programming time: 1.0 ms
Power-saving Idle mode
Wake-up from Idle mode by RESET or any activated interrupt
Power-saving Sleep or Clockstop mode
Wake-up from Sleep or Clockstop mode by RESET or external interrupt
P5CC008V1A_P5CC012V1A_FAM_SDS
All information provided in this document is subject to legal disclaimers.
© NXP B.V. 2012. All rights reserved.
Product short data sheet
COMPANY PUBLIC
Rev. 3 — 22 August 2012
195430
4 of 15
NXP Semiconductors
P5CC008V1A and P5CC012V1A
Secure contact PKI smart card controller
Contact configuration and serial interface according to ISO/IEC 7816: GND, VCC,
CLK, RST, I/O
ISO/IEC 7816 UART supporting standard protocols T=0 and T=1 as well as high
speed personalization up to 1 Mbit/s
Support of major Public Key Cryptography (PKC) systems like RSA, Elgamel, DSS,
Diffie-Hellman, Guillou-Quisquater, Fiat-Shamir and Elliptic Curves
8192 bits maximum key length for RSA with randomly chosen modulus
4096 bits maximum key length for calculation within RAM
32-bit operand input/output interface
Boolean operations for acceleration of standard, symmetric cipher algorithms
Externally or internally generated configurable CPU clock
1 MHz to 10 MHz operating external clock frequency range
Internal clocking independent of externally applied frequency
High speed 16-bit CRC engine according to ITU-T polynomial definition
Low power Random Number Generator (RNG) in hardware, AIS-31 compliant
1.62 V to 5.5 V operating voltage range for Class C, B and A
Optional extended Class B operation mode (2.2 V to 3.3 V targeted for battery
supplied applications)
25 C
to +85
C
ambient temperature
Broad spectrum of delivery types
Wafers
Modules
2.2 Security features
Enhanced security sensors
Low and high clock frequency sensor
Low and high temperature sensor
Low and high supply voltage sensor
Single Fault Injection (SFI) attack detection
Light sensors (included integrated memory light sensor functionality)
Electronic fuses for safeguarded mode control
Active Shielding
Unique ID for each die
Clock input filter for protection against spikes
Power-up / Power-down reset
Optional programmable card disable feature
Memory security (encryption and physical measures) for RAM, EEPROM and ROM
Optional disabling of ROM read instructions by code executed in EEPROM
Optional disabling of any code execution out of RAM
EEPROM programming:
No external clock
Hardware sequencer controlled
On-chip high voltage generation
Enhanced error correction mechanism
P5CC008V1A_P5CC012V1A_FAM_SDS
All information provided in this document is subject to legal disclaimers.
© NXP B.V. 2012. All rights reserved.
Product short data sheet
COMPANY PUBLIC
Rev. 3 — 22 August 2012
195430
5 of 15
京公网安备 11010802033920号
EEWORLD
