preliminary Security & Chip Card ICs SLE 66CX642P 16-Bit Security Controller with Memory Management and Protection Unit in 0.22 µm CMOS Technology 208-Kbytes ROM, 5052 bytes RAM, 64-Kbytes EEPROM 1100-Bit Advanced Crypto Engine and 112-Bit / 192-Bit DDES-EC2 Accelerator Short Product Information 11.02 SLE 66CX642P Short Product Information Ref.: SPI_SLE 66CX642P_1102.doc This document contains preliminary information on a new product under development. Details are subject to change without notice. Revision History: Current Version 11.02 Previous Releases: 04.02 Page 3,6 Important: Further information is confidential and on request. Please contact: Infineon Technologies AG in Munich, Germany, Security & Chip Card ICs, Tel +49 - (0)89 234-80000 Fax +49 - (0)89 234-81000 E-Mail: [email protected] Edition 2002 Published by Infineon Technologies AG, CC Applications Group St.-Martin-Strasse 53, D-81541 München © Infineon Technologies AG 2001 All Rights Reserved. Attention please! The information herein is given to describe certain components and shall not be considered as warranted characteristics. Terms of delivery and rights to technical change reserved. We hereby disclaim any and all warranties, including but not limited to warranties of non-infringement, regarding circuits, descriptions and charts stated herein. Infineon Technologies is an approved CECC manufacturer. Information For further information on technology, delivery terms and conditions and prices please contact your nearest Infineon Technologies Office in Germany or our Infineon Technologies Representatives world-wide (see address list). Warnings Due to technical requirements components may contain dangerous substances. For information on the types in question please contact your nearest Infineon Technologies Office. Infineon Technologies Components may only be used in life-support devices or systems with the express written approval of Infineon Technologies, if a failure of such components can reasonably be expected to cause the failure of that life-support device or system, or to affect the safety or effectiveness of that device or system. Life support devices or systems are intended to be implanted in the human body, or to support and/or maintain and sustain and/or protect human life. If they fail, it is reasonable to assume that the health of the user or other persons may be endangered. SLE 66CX642P 16-Bit Security Controller with MMU in 0.22µm CMOS Technology 208-Kbytes ROM, 5052 bytes RAM, 64-Kbytes EEPROM 1100-Bit ACE and 112-Bit / 112-Bit / 192-Bit DDES-EC2 Accelerator • • Supply voltage range: 1.62 V to 5.5 V Current consumption < 10mA @ 5.5 V < 6 mA @ 3.3 V < 4 mA @ 1.98 V • Temperature range: -25 to +85°C • ESD protection larger than 6 kV Features • • • • • • • • • • • • • • • • • • • • • 16-bit microcomputer in 0.22 µm CMOS technology Instruction set opcode compatible with standard SAB 8051 processor Enhanced 16-bit arithmetic Additional powerful instructions optimized for chip card applications Dedicated, non-standard architecture with execution time 6 times faster (18 times by PLLmax) than standard SAB 8051 processor at same external clock 206 Kbytes User ROM for application programs Additional 2 Kbytes reserved ROM for Resource Management System (RMS+ Superslim) with intelligent EEPROM write/erase routines 64 Kbytes Superslim-EEPROM 4 Kbytes XRAM, 256 (+ 700) Bytes IRAM Memory Management and Protection Unit (MMU) Dual Key Triple DES (DDES) and EC2 GF (2n ) Accelerator Advanced Crypto Engine for up to 2048 bit RSA computation Certified RSA 2048 library available (refer to product brief) CRC Module Interrupt Module Two 16-bit Autoreload Timer PLL up to 15 MHz Power saving sleep mode Ext. Clock freq. 1 to 7.5 MHz for int. Clock ≤ 15 MHz @ 2.7V-5.5V Ext. Clock freq. 1 to 5 MHz for int. Clock ≤ 11 MHz @ 1.62V-5.5V UART for handling serial interface in accordance with ISO/IEC 7816 part 3 supporting transmission protocols T=1 and T=0 I/O routines realized in software executable Short Product Information Superslim-EEPROM • • • • • • • • Reading and programming byte by byte Flexible page mode for 1 to 64 bytes write/erase operation 32 bytes security area (OTP) Fast personalization mode 0.63 ms @15MHz Erase + Write time < 4.0 ms @15MHz Minimum of 500.000 write/erase cycles at 25°C Data retention for a minimum of 10 years EEPROM programming voltage generated on chip Memory Management and Protection Unit • • • • • Addressable memory up to 1 Mbyte Separates OS (system) and application (user) System routines called by traps OS can restrict access to peripherals in application mode Code execution from XRAM possible Security Features Operation state monitoring mechanism • • • • • • 3 / 11 Low and high voltage sensors Frequency sensors and filters Light Sensor Glitch Sensor Temperature Sensor Life Test Function for Sensors 11.02 SLE 66CX642P Testmode Memory Security • • Irreversible Lock - Out of testmode Anti Snooping • • • • • • HW-countermeasures against SPA/DPA-, Timing- and DFA-attacks (differential fault analysis – DFA) CRC – Module Non standard dedicated Smart Card CPU – Core Active Shield with automatic and user controlled attack detection • • Document References • • • Support • • HW-& SW-Tools (Emulator, ROM Monitor, Card Emulator, Simulator, Softmasking) Application notes • • Supported Standards • • • • ISO/IEC 7816 EMV 2000 GSM 11.11, 11.12, 11.18 ETS I TS 102 221 Confidential Data Book SLE66CxxxP Qualification report Chip delivery specification for wafer with chip-layout (die size, orientation, ...) Module specification containing description of package, etc. Qualification report module Development Tools Overview • • • • • Short Product Information 16 bytes security PROM, hardware protected Unique chip identification number for each chip MED - memory encryption/decryption device for XRAM, ROM and EEPROM True Random Number Generator with Firmware test function Security optimised layout and layout scrambling 4 / 11 Short Product Info Software Development Kit SDK CC Short Product Info Card Emulator CE66P Short Product Info ROM Monitor RM66P Short Product Info Emulator ET66P Hitex or ET66P KSC Short Product Info Smart Mask Package 11.02 SLE 66CX642P Performance Advanced Crypto Engine Operation Modulus Exponent Calculation Time 5MHz 10 MHz 15 MHz Modular Exponentiation RSA Encrypt / RSA Signature Verify 1024 bit 2048 bit 17 bit 17 bit 20 ms 630 ms 11 ms 315 ms 7 ms 210 ms Modular Exponentiation RSA Decrypt / RSA Signature Generate 1024 bit 1024 bit 820 ms 410 ms 273 ms Modular Exponentiation using CRT RSA Decrypt / RSA Signature Generate eq.1024 bit eq.1024 bit 250 ms eq.2048 bit eq.2048 bit 1840 ms 125 ms 920 ms 83 ms 614 ms DSA Signature Generate 512 bit 160 bit 97ms 49 ms 32 ms DSA Signature Verify 512 bit 160 bit 117 ms 59 ms 39 ms DSA Signature Generate 1024 bit 160 bit 438 ms 219 ms 146 ms DSA Signature Verify 1024 bit 160 bit 711 ms 356 ms 237 ms Performance DDES-EC2 Accelerator Operation Data Block Length Encryption Time for an 8-Byte Block incl. Data Transfer 5 MHz 10 MHz 15 MHz 56-bit Single DES Encryption 64 bit 23 µs 11 µs 8 µs 112-bit Triple DES Encryption 64 bit 35 µs 17 µs 12 µs Operand Length Calculation Time Elliptic Curves GF(2n) EC-DSA Signature Generate 192 bit 285 ms 142 ms 95 ms Elliptic Curves GF(2n) EC-DSA Signature Verify 192 bit 540 ms 270 ms 180 ms Short Product Information 5 / 11 5 MHz 10MHz 15 MHz 11.02 SLE 66CX642P Ordering Information Type Package 1 Voltage Range SLE 66CX642P M5 M5 SLE 66CX642P C Die Temperature Range 2.7 V - 5.5 V – 25°C to + 70°C or or 1.62 V – 5.5 V – 25°C to + 85°C Frequency Range (ext. clock frequency) 1 MHz - 5 MHz or 1 MHz - 7.5 MHz For ordering information please refer to the databook and contact your sales representative. Production sites: • Dresden (Germany) SLE 66CxxxP • UMC (Taiwan) SLE 66CxxxPU • Altis (France) SLE 66CxxxPA 1 available as wire-bonded module (M5) for embedding in plastic cards or as die (C) for customer packaging Short Product Information 6 / 11 11.02 SLE 66CX642P Pin Configuration VCC GND CLK RST SLE 66CX642P I/O Figure 1: Pin Configuration Pin Definitions and Functions Symbol Function VCC Operating voltage RST Reset input CLK Processor clock input GND Ground I/O Bi-directional data port Short Product Information 7 / 11 11.02 SLE 66CX642P General Description SLE 66CX642P is a member of Infineon Technologies high end security controller family in advanced 0.22 µm CMOS technology. The CPU provides the high efficiency of the SAB 8051 instruction set extended by additional powerful instructions together with enhanced performance, memory sizes and security features. The internal clock frequency can be adjusted up to 15 MHz independent of the clock rate of the terminal with the help of the PLL. The controller IC offers 206 Kbytes of User-ROM, 256 byte internal RAM, 4096 byte XRAM and 64 Kbytes Superslim-EEPROM. The Memory Management and Protection Unit allows a secure separation of the operating system and the applications. Furthermore the MMU makes a secure downloading of applications possible after the personalization of a card. These new features suit the requirements of the next generation of multi application operating systems. For code compatibility to the SLE 66CxxS family, a transparent mode for the MMU is established which allows to keep the memory mapping of the SLE 66CxxS products. Voltage Clock Reset ROM ROM 208 Kbyte 200 Kbyte XRAM 4 Kbyte 16-Bit CPU with MMU & ECO 2000 Instruction Set Sleep Mode Logic Sensors/Filters EEPROM 64 Kbyte DES-EC2 Accelerator Advanced Crypto Engine Address-/Data Bus Interrupt Voltage Regulator two 16-bit Timer CRC Random Number Generator UART PLL Figure 2: Block Diagram SLE 66CX642P The CRC module allows the easy generation of checksums according to ISO/IEC 3309 (16-BitCRC). To minimize the overall power consumption, the chip card controller IC offers a sleep mode. The UART supports the half-duplex transmission protocols T=0 and T=1 according to ISO/IEC 7816-3. All relevant transmission parameters can be adjusted by software, as e.g. the clock division factor, direct/inverse convention and the number of stop bits. Additionally, the I/O port can be driven by communication routines realized in software. The Advanced Crypto Engine is equipped with its own RAM of 700 bytes and supports all of today known public-key algorithms based on large integer modular arithmetic. It allows fast and efficient calculation of e.g. RSA operations with key lengths up to 2048 bit. The DDES-EC2 accelerator consists of two modules. The DES module supports symmetrical crypto algorithms according to the Data Encryption Standard in the Electronic Code Book Mode. The EC2 module accelerates the multiplication in GF(2n) and therefore the operations for elliptic curve cryptography. The random number generator (RNG) is able to supply the CPU with true random numbers on all conditions. As an important feature, the chip provides a new and enhanced level of on-chip security, which fulfills the strong security requirements of a Common Criteria evaluation at an EAL5 level. Short Product Information 8 / 11 11.02 SLE 66CX642P In conclusion, the SLE 66CX642P fulfills the requirements of today's chip card applications, such as payment, GSM, UMTS, Pay TV, security access and digital signature and offers a powerful platform for future multi application cards. The SLE 66CX642P integrates outstanding memory sizes, additional peripherals in combination with enhanced performance and optimized power consumption on a minimized die size. Therefore, the SLE 66CX642P offers the basis for a generation of new chip card applications. Short Product Information 9 / 11 11.02