desfire8 reader sam; the next generation… -...

DESDESFire8 Reader Fire8 Reader SAMSAM; the next ; the next generation…generation…

CAS - 2006

Philips Semiconductors, BL Identification, Draft V1.01 2confidential

DESFire8DESFire8 SAMSAM--X; what is it?X; what is it?•• Core component to make readers Secure Core component to make readers Secure

•• FireFire–– Up to 1 Up to 1 MbitMbit/s interface speed/s interface speed

* Message Authentication Code

•• SSecure ecure AApplication pplication MModuleodule–– Store and Diversify 3DES/AES/Store and Diversify 3DES/AES/mifaremifare KeysKeys–– Encrypt / Decrypt / calculate MAC* DataEncrypt / Decrypt / calculate MAC* Data

•• SIM Card format, ISO 7816 T=1ProtocolSIM Card format, ISO 7816 T=1Protocol•• 33DES DES calculation in hardwarecalculation in hardware•• AESAES calculation in hardwarecalculation in hardware


DESFire8DESFire8 SAMSAM--X; why do we need it?X; why do we need it?•• MF RC5xx family has no integrated 3DES/AES hardware MF RC5xx family has no integrated 3DES/AES hardware

support as is required for encrypted communication tosupport as is required for encrypted communication toDESFireDESFire

•• MF RC5xx family has no integrated 3DES/AES hardware MF RC5xx family has no integrated 3DES/AES hardware support as is required for encrypted communication tosupport as is required for encrypted communication toDESFireDESFire

•• DESFire8 SAMDESFire8 SAM--X helps toX helps to–– increase transaction security & speedincrease transaction security & speed–– handle keys securely (key download, key usage counter)handle keys securely (key download, key usage counter)–– Implement key diversification (compatible with RC171)Implement key diversification (compatible with RC171)–– easily integrateeasily integrate DESFireDESFire into new terminal designsinto new terminal designs–– add 3DES and AES crypto functionality to existing designsadd 3DES and AES crypto functionality to existing designs


DESFire8DESFire8 SAMSAM--X; use in X; use in Secure Reader

any

8 bi

t par

alle

lµC

ontro

ller i

nter

face

µC

RX

AVSS

TX1

TX2

TVSS

R2

C0

C0Cs

Cp

Cp

Cs

L0

L0

C4

C3VMIDRx1

Tx11

TX22

TVSS

R1

Receiver CircuitEMC-Filter

Cable MatchingCircuit

Coil

1

3

11

12

25

5

6

4

7

8

9

10

32

30

29

31

28

26

2

27

20

19

18

17

15

14

13

16

22

23

24

21

SO32

OSCIN

IRQ

MFIN

MFOUT

TX1

TVDD

TX2

TVSS

NCS

NWR

NRD

DVSS

D0

D1

D2

D3

OSCOUT

RSTPD

VMID

RX

AVSS

AUX

AVDD

DVDD

A2

A1

A0

ALE

D7

D6

D5

D4

Complete PCD Block Diagram

MF RC5xxCL RC632

Hos

t Con

trol

ISO7816UART

DESFireSAM

DESFire8

DESFire

Secure key loading into SAM

Secure data exchange through SAM

DATA

DATA

KEY


•• Latest asynchronous µc designLatest asynchronous µc design

•• Dedicated 3DES/AES/Dedicated 3DES/AES/mifaremifare crypto coprocessorcrypto coprocessor

•• Highest Design Security, Exception sensors Highest Design Security, Exception sensors

•• T=1 ProtocolT=1 Protocol

•• 7816 Standard Data Rates (up to 115200 bps)7816 Standard Data Rates (up to 115200 bps)

•• Allows up to 1 Allows up to 1 MbitMbit/s @ 4 MHz and 8 MHz/s @ 4 MHz and 8 MHz

•• 1 to 8 MHz external clock1 to 8 MHz external clock

DESFire8DESFire8 SAMSAM--X; Hardware DesignX; Hardware Design


•• Key Storage Table with 128 EntriesKey Storage Table with 128 Entries–– Three 3DES or AES orThree 3DES or AES or mifaremifare keys per entrykeys per entry

–– Each key is identified by the key versionEach key is identified by the key version

–– Configuration settings per key entryConfiguration settings per key entry

•• Key Entry 0 is the SAM Master KeyKey Entry 0 is the SAM Master Key

•• 16 Key usage Counters / Key usage Limits16 Key usage Counters / Key usage Limits

DESFire8DESFire8 SAMSAM--X; Memory organisationX; Memory organisation


•• Authenticate HOSTAuthenticate HOST

•• Unlock SAM after Power upUnlock SAM after Power up

•• Secure Key Download into SAMSecure Key Download into SAM

•• Supports 3DES/AES SAM Key DiversificationSupports 3DES/AES SAM Key Diversification

•• Modify Key usage Counters / LimitsModify Key usage Counters / Limits

•• Generate / Verify MACGenerate / Verify MAC

•• Encipher / Decipher data (optional) Encipher / Decipher data (optional)

DESFire8DESFire8 SAMSAM--X; Host Communication X; Host Communication ModeMode


•• AuthenticateAuthenticate DESFireDESFire

•• Secure key load intoSecure key load into DESFireDESFire cardcard

•• Supports 3DES Card Key DiversificationSupports 3DES Card Key Diversification


•• Encipher / Decipher data (optional) Encipher / Decipher data (optional)

DESFire8DESFire8 SAMSAM--X; OperatingX; Operating DESFireDESFire cardcard


•• Authenticate DESFire8Authenticate DESFire8

•• Secure key load in DESFire8 cardSecure key load in DESFire8 card

•• Supports 3DES/AES Card Key DiversificationSupports 3DES/AES Card Key Diversification


•• Encipher / Decipher data (optional)Encipher / Decipher data (optional)

DESFire8DESFire8 SAMSAM--X; Operating DESFire8 cardX; Operating DESFire8 card


•• Supports fullSupports full mifaremifare 1k/4k command set1k/4k command set–– AuthenticateAuthenticate

–– Read/WriteRead/Write

–– Increment/Decrement/Transfer/RestoreIncrement/Decrement/Transfer/Restore

–– MacroMacro--Commands (Authenticate+Read…)Commands (Authenticate+Read…)

•• Supports 3DES/AES Card Key DiversificationSupports 3DES/AES Card Key Diversification–– MFRC171 compatibleMFRC171 compatible

DESFire8DESFire8 SAMSAM--X; OperatingX; Operating mifaremifare 1k/4k 1k/4k cardcard


•• Dump Session KeyDump Session Key–– SAM is only used for AuthenticationSAM is only used for Authentication

–– Reader µC to handles crypto towards PICCReader µC to handles crypto towards PICC

•• Crypto with Secret KeyCrypto with Secret Key–– Prepare secured data packages for offline transmissionPrepare secured data packages for offline transmission

•• Load Init Vector into 3DES/AES HardwareLoad Init Vector into 3DES/AES Hardware–– Allow different Init Vector than 0x00Allow different Init Vector than 0x00

•• Direct control of MFRC522 or MFRC523 reader ICDirect control of MFRC522 or MFRC523 reader IC–– via dedicated pins of module (IO4, IO6) via dedicated pins of module (IO4, IO6)

DESFire8DESFire8 SAMSAM--X; Additional FeaturesX; Additional Features


DESFireDESFireSAMSAM; Use with MF RC5xx reader IC; Use with MF RC5xx reader IC

Host

DFSAM

MF RC5xx

DESSAM

Parallel, I2C, SPI,RS232

T=1 Mifare crypto not supported

Mifare crypto not supported MIF


DESFire8DESFire8 SAMSAM--X; Use with RC5xx reader ICX; Use with RC5xx reader IC

Host

DF8SAM

MF RC5xx

DESSAM AESMIF

Parallel, I2C, SPI,RS232

T=1Also secure for mifare !!

Also secure for mifare !! MIF


DESFire8DESFire8 SAMSAM--X; Control of RC52x reader X; Control of RC52x reader ICIC

Host DF8SAM-X MFRC52x

DESSAM AESMIF

I2C, SPI,serial

T=1

Cont

SW


•• DESFire8 SAMDESFire8 SAM--XX

–– Type: t.b.d.Type: t.b.d.

–– 12NC: t.b.d.12NC: t.b.d.

–– Full Functionality Product (crypto + MAC)Full Functionality Product (crypto + MAC)

–– Export controlledExport controlled

•• DESFire8 SAMDESFire8 SAM--X MACX MAC

–– Type: t.b.d.Type: t.b.d.

–– 12NC: t.b.d.12NC: t.b.d.

–– MACingMACing only; Enonly; En-- & Decrypt Data Disabled& Decrypt Data Disabled

–– NOT Export controlledNOT Export controlled

DESFire8DESFire8 SAMSAM--X; Order DetailsX; Order Details

•• Delivery typeDelivery type

–– Standard contact PCM 1.1 moduleStandard contact PCM 1.1 module


• Q4/ '05: DF8SAM-X Prototypes are available

• Q1/ '06: Qualified DF8SAM-X

• Wk 612: Design-in samples DF8SAM-X module

• Wk 625: Qualified DF8SAM-X module

DESFire8DESFire8 SAMSAM--X; ScheduleX; Schedule

desfire8 reader sam; the next generation… -...

Documents