Security & Chip Card ICs SLE 66CX162PE
8/16-Bit Security Controller
with enhanced instruction set for large memories in 0.22 µm CMOS Technology
96-Kbytes ROM, 5052 Bytes RAM, 16-Kbytes EEPROM 1100-Bit Advanced Crypto Engine
certified RSA 2048-bit library available
Dual Key Triple DES
Preliminary
Short Product Information 02.04
元器件交易网www.cecb2b.com
SLE 66CX162PE Short Product Information
Ref.: SPI_SLE 66CX162PE_0204
This document contains preliminary information on a new product under development. Details are subject to change without notice. Revision History: Page
Current Version 02.04
Previous Releases: 03.03
Important: Further information is confidential and on request. Please contact:
Infineon Technologies AG in Munich, Germany, Security & Chip Card ICs, Tel +49 - (0)89 234-80000
Fax +49 - (0)89 234-81000
E-Mail: security.chipcard.ics@infineon.com
Edition 2004
Published by Infineon Technologies AG, CC Applications Group St.-Martin-Strasse 53, D-81541 München © Infineon Technologies AG 2002 All Rights Reserved.
Attention please!
The information herein is given to describe certain components and shall not be considered as warranted characteristics.
Terms of delivery and rights to technical change reserved.
We hereby disclaim any and all warranties, including but not limited to warranties of non-infringement, regarding circuits, descriptions and charts stated herein.
Infineon Technologies is an approved CECC manufacturer.
Information
For further information on technology, delivery terms and conditions and prices please contact your nearest Infineon Technologies Office in Germany or our Infineon Technologies Representatives world-wide (see address list).
Warnings
Due to technical requirements components may contain dangerous substances. For information on the types in question please contact your nearest Infineon Technologies Office.
Infineon Technologies Components may only be used in life-support devices or systems with the express written approval of Infineon Technologies, if a failure of such components can reasonably be expected to cause the failure of that life-support device or system, or to affect the safety or effectiveness of that device or system. Life support devices or systems are intended to be implanted in the human body, or to support and/or maintain and sustain and/or protect human life. If they fail, it is reasonable to assume that the health of the user or other persons may be endangered.
元器件交易网www.cecb2b.com
SLE 66CX162PE
16-Bit Security Controller with enhanced instruction set for large memories in 0.22µm CMOS Technology
96-Kbyte ROM, 5052 Bytes RAM, 16-Kbyte EEPROM 1100-Bit ACE and Dual Key Triple DES Accelerator
Features
New • 8/16-bit microcomputer in 0.22 µm CMOS technology • Instruction set opcode compatible with standard
SAB 8051 processor
• Internal Clock with up to 33 MHz: • Adjustable internal frequency according to
available power or required performance
performance
Programmable internal frequency (PLL x1, x2, x3, x4 and free running mode(s)).
New • Downward compatibility to existing SLE 66CxxxP
products for existing masks without using the new features
New New • Increased internal clock frequency for maximum • Internal frequency ist automatically adjusted to
guarantee a given limited power consumption
• Addressable memory up to 16 Mbyte
• Additional enhanced instructions for direct
physical memory access of >64kByte
• Typically saves up to 90 % code space and
increases execution speed up to 80 %
• Dedicated, non-standard architecture with execution
time 6 times faster than standard SAB 8051
processor at same external clock. (Up to 18 times faster using internal frequency PLL x 3 compared to external clock).
• Two 16-bit Autoreload Timer • Power saving sleep mode
• Ext. Clock freq. 1 up to 7.5 MHz for int. Clock up to
33 MHz
• UART for handling serial interface in accordance
with ISO/IEC 7816 part 3 supporting transmission protocols T=1 and T=0
New New • 96 Kbytes User ROM for application programs • 16 Kbytes MicroSlim-EEPROM for increased
memory requirements in mobile applications
• Supply voltage range:1.8 V, 3.0 V, 5.0 V
• Support of current current consumption limits by GSM
/ UICC applications < 10 mA @ 5.5 V < 6 mA @ 3.3 V < 4 mA @ 1.98 V
• 4 Kbytes XRAM, 256 bytes internal RAM, 700 bytes
Crypto RAM.
New • Enhanced Memory Management and Protection
Unit (MMU) with application and user defined segments
New • Dual Key Triple DES (DDES) • Advanced Crypto Engine:
• Up to 1100 bit RSA calculation in Hardware • Up to 2048 bit RSA calculation in software
• Supports Elliptic Curves over GF[p]
• Operating Temperature range: -25 to +85°C • Storing temperature range: –40° to +125°C • ESD protection larger than 6 kV (HBM)
MicroSlim-EEPROM
New with RSA 2048 crypto library (CC EAL 5+ certified within SLE66CX322P, refer to product brief)
New • Typical Erase + Write time ≤ 2.9 ms
• Enhanced ECC module controlled by OS • Reading and programming byte by byte
• Platform prepared for flash-like erasing of E²-segments
up to 2 kB operation
•
• Flexible page mode for 1 to 64 bytes write/erase • 32 bytes security area (OTP)
• Fast personalization mode ≤ 1.0 ms
• Minimum of 500.000 write/erase cycles @ 25°C per • Typical data retention of 10 years @ 25°C
CC EAL5+ certification according to BSI-PP-0002 planned function
• True Random Number Generator with Firmware test • CRC Module 16-bit Interrupt Module
• Code executions during E²-programming for faster
personalization
page. Maximum of 16.500.000 write/erase cycles per sector
• EEPROM programming voltage generated on chip
Preliminary - Short Product Information 3 / 9 02.04
元器件交易网www.cecb2b.com
Anti Snooping
SLE 66CX162PE
Memory Management and Protection Unit
New • • • • • • • •
Addressable memory of up to 16 Mbyte
Separates OS (system mode) and application (user mode)
System routines called by interrupts
OS can restrict access to peripherals in application mode
Variable application orientated segments defined and controlled by OS
Code execution from XRAM possible Enhanced multi-application support by 16 descriptors for system application mode.
• • • • • • • • •
Automatic randomization smoothing of power profile Effective HW-countermeasures against SEMA/DEMA, SPA/DPA, DFA and Timing-Attacks
Non standard dedicated Smart Card CPU – Core Active Shield with automatic and user controlled attack detection
Hardware countermeasures controlled by True Random Number Generator
New
Targeted Certifications
CC EAL5+ VISA level 3 MULTOS CAST
Security Features
Enhanced sensor concept:
Current control oscillator
Memory Security
New • • •
• • • • • •
Low and high voltage sensors Frequency sensors and filters Light Sensor Glitch Sensors Temperature Sensor
Life Test Function for Sensors (UMSLC)
Support
• HW-& SW-Tools (Emulator, ROM Monitor, Card
Emulator, Simulator, Softmasking)
• Application notes • • • • • • • • •
ISO/IEC 7816 EMV 2000
Supported Standards
Bus confusion
Security reset detection
GSM 11.11, 11.12, 11.18 ETSI TS 102 221
• • • • • • •
Sparkling SFR encryption for DDES and ACE, CRC module and RNG
32 bytes security PROM, hardware protected for batch-, wafer-, die- individual security data. Unique chip identification number for each chip
Additional memory for customer-defined security FabKey on request
MED – memory encryption/decryption device for XRAM, ROM and EEPROM
Security optimized layout and layout scrambling Fast IRAM erase
Document References
Confidential Data Book SLE 66CxxxPE Qualification report
Chip delivery specification for wafer with chip-layout (die size, orientation,...)
Module specification containing description of package, etc.
Qualification report module
Development Tools Overview
Enhanced Error correction unit (ECU)
Testmode
• • • • •
Short Product Information Software Development Kit SDK CC
Short Product Information Card Emulator CE66PE Short Product Information ROM Monitor RM66PE Short Product Information Emulator ET66PE Hitex or ET66PE KSC
Short Product Information Smart Mask Package
• Irreversible Lock - Out of test-mode
Preliminary - Short Product Information 4 / 9 02.04
元器件交易网www.cecb2b.com
SLE 66CX162PE
Performance Advanced Crypto Engine (typical values, based on internal test results) Operation Modulus Exponent 5MHz Modular Exponentiation 1024 bit RSA Encrypt / RSA Signature Verify 2048 bit Modular Exponentiation RSA Decrypt / RSA Signature Generate Modular Exponentiation using CRT RSA Decrypt / RSA Signature Generate DSA Signature Generate DSA Signature Verify DSA Signature Generate DSA Signature Verify * preliminary values
Performance DDES- Accelerator (typical values, based on internal test results) Operation Data Block Encryption Time for an Length 8-Byte Block incl. Data Transfer New 5 MHz 15 MHz 33 MHz* 56-bit Single DES Encryption 112-bit Triple DES Encryption * preliminary values
64 bit 64 bit 23 µs 8 µs 35 µs 12 µs 3.5 µs 5.3 µs 1024 bit 17 bit 17 bit 1024 bit 20 ms 630 ms 820 ms Calculation Time New 15 MHz 7 ms 210 ms 273 ms 33 MHz* 3 ms 96 ms 124 ms eq.1024 bit eq.1024 bit 250 ms eq.2048 bit eq.2048 bit 1840 ms 512 bit 512 bit 1024 bit 1024 bit 160 bit 160 bit 160 bit 160 bit 97ms 117 ms 438 ms 711 ms 83 ms 614 ms 32 ms 39 ms 146 ms 237 ms 38 ms 279 ms 15 ms 18 ms 66 ms 108 ms Preliminary - Short Product Information 5 / 9 02.04
元器件交易网www.cecb2b.com
SLE 66CX162PE
Ordering Information
Type
Package
1
Voltage Range
Temperature
Range
Frequency Range (int. clock frequency Frequency Range (ext. clock frequency) 1 MHz - 5 MHz
SLE 66CX162PE C
Die (sawn, unsawn) M5.1
1.8 V; 3.0 V; 5.0 V
or 3.0 V; 5.0 V
– 25°C to + 70°C
or
– 25°C to + 85°C
Up to 33 MHz
or
1 MHz - 7.5 MHz
SLE 66CX162PE M5
For ordering information please refer to the databook and contact your sales representative.
Production sites for SLE 66CX162PE:
•
Dresden (Germany), UMC (Taiwan), Altis (France).
1
available as wire-bonded module (M5) for embedding in plastic cards or as die (C) for customer packaging
Preliminary - Short Product Information 6 / 9 02.04
元器件交易网www.cecb2b.com
SLE 66CX162PE
Pin Configuration
VCCGNDCLKRSTI/O Figure 1: Pin Configuration Pin Definitions and Functions
SLE66CX162PESymbol
VCC RST CLK GND I/O
Function
Operating voltage Reset input
Processor clock input Ground
Bi-directional data port
Preliminary - Short Product Information 7 / 9 02.04
元器件交易网www.cecb2b.com
SLE 66CX162PE
General Description
The SLE66CX162PE is a member of the improved 66PE-series of Infineon Technologies. This high performance security crypto controller is manufactured in advanced 0.22 µm CMOS technology. It is downward compatible to existing 66P controller derivatives. The well known ECO2000 8/16 bit CPU provides the high efficiency of the SAB 8051 instruction set extended by additional powerful instructions together with enhanced performance, memory sizes and security features compared to existing 66P derivatives.
Performance: The internal clock frequency can be adjusted to a level up to 33 MHz either as a multiple of 1,2,3,4 to the external frequency or independent of the clock rate of the terminal with the help of the internal clock. It is adjustable according to either available power requirements or required performance: •
Increased internal clock frequency for maximum performance, e.g. for high performance with max. frequency in payment applications or crypto operations.
New • Automatically adjusted frequency for a max. given power consumption, e.g. by GSM or UMTS requirements.
Memory: The SLE66CX162PE offers 96 Kbytes of User-ROM, 256 byte internal RAM, 4096 byte XRAM and 12 Kbytes MicroSlim-EEPROM, to fulfill the requirements mainly for DDA payment and ID applications. The large ROM size allows to place applications in the ROM-mask and to keep the E²PROM free for customer data. In addition it saves mask development costs, as one mask may be used for different customer projects.
The enhanced Memory Management and Protection Unit allows a secure separation of the operating system and different applications. It allows to separate the memories in application orientated segments, which can be controlled by the OS. Furthermore, the MMU makes a secure downloading of applications possible even after personalization of a card. These new features suit the requirements of the next generation of multi application operating systems. VoltageClockResetROM96 KbyteXRAM4 KbyteEEPROM16 KbyteDESAcceleratorAdvancedCrypto Engine16-Bit CPU withMMU& ECO 2000Instruction SetAddress-/Data BusSleep Mode LogicSensors/FiltersVoltage RegulatorInterrupttwo16-bitTimerCRCRandomNumberGeneratorUARTClockgenerated Figure 2: Block Diagram SLE 66CX162PE
The new platform is designed to address up to 16Mbyte. However this feature is only available upon request and will clearly require a change in the existing tool environment.
In addition, new instructions have been implemented in the design for an efficient direct access of physical memory >64KByte up to 16 MByte.
Preliminary - Short Product Information 8 / 9 02.04
元器件交易网www.cecb2b.com
SLE 66CX162PE
Security features:
Since the very beginning, security is an integrated part of Infineons product development, as proved by various certificates (ITSEC, CC, Proton, VISA, ZKA, Mondex). The so called “integral security concept” for the 66P series ensures:
• • •
A secret storage of any confidential code, data and keys
Protection against side channel attacks such as: Simple Power Analysis (SPA) , Differential Power Analysis (DPA), Protection against Differential Fault Analysis (DFA), Electromagnetic Emanation Attack (EMA) and other possible HW or SW attacks
Peripherals: The CRC module allows the easy generation of checksums according to ISO/IEC 3309 (16-Bit-CRC). To minimize the overall power consumption, the chip card controller IC offers a sleep mode. The UART supports the half-duplex transmission protocols T=0 and T=1 according to ISO/IEC 7816-3. All relevant transmission parameters can be adjusted by software, as e.g. the clock division factor, direct/inverse convention and the number of stop bits. Additionally, the I/O port can be driven by communication routines realized in software.
The Advanced Crypto Engine (ACE) is equipped with its own RAM of 700 bytes and supports all of today known public-key algorithms based on large integer modular arithmetic. It allows fast and efficient calculation either in HW or supported by software of e.g. RSA operations and EC (Elliptic Curves) algorithms for key lengths up to 2048-bit.
For all of it’s crypto controller using the ACE, Infineon offers a tailor made RSA 2048-bit library. This library is a powerful multifunctional crypto library for the SLE 66CXxxP family. It provides arithmetic functions for easy programming the Advanced Crypto Engine (ACE). In addition it provides a full implementation of RSA Sign, Verify and Key generation including powerful SPA/DPA and DFA counter measures. It supports RSA up to 2048 bit key length. These RSA functionality has already been certified according to Common Criteria EAL5+ on an existing crypto controller, the SLE66CX322P.
The HW-DES module supports symmetric crypto algorithms according to the Data Encryption Standard in the Electronic Code Book Mode.
The random number generator (RNG) is able to supply the CPU with true random numbers on all conditions.
The advanced sensor concept includes various sensors for any kind of attack scenarios and even more important a “Life Test ” for sensors.
As an important feature, the chip provides an on-chip security, which fulfills the strong security requirements of a Common Criteria evaluation at an EAL5+ level.
In conclusion, the SLE 66CX162PE fulfills all the requirements of today's chip card applications, and is especially designed for DDA payment, PayTV and ID applications incl. digital signatures.
The SLE66CX162PE integrates outstanding memory sizes, with enhanced performance and optimized power consumption on a minimized die size.
Preliminary - Short Product Information 9 / 9 02.04
因篇幅问题不能全部显示,请点此查看更多更全内容