Infineon Technologies have announced that its SLE 78 family of security controllers received security certification for use in electronic ID documents and chip card applications. The Germany Federal Office for Information Security (BSI) certified the high standard of security achieved by Infineon. Governments and public authorities all over the world use security controllers in ID documents that conform to the international standard Common Criteria EAL5+ (high) security requirements. In Germany, BSI confirms that products conform to this security standard by granting an internationally recognized certificate.
“With our revolutionary ‘Integrity Guard’ security technology and the SLE 78 family, Infineon as an innovation driver is ushering in a new era in hardware-based security. For the first time in the more than 25-year history of chip cards, data is now processed on a CPU itself in encrypted form,” said Dr. Helmut Gassel, President of the Chip Card & Security Division at Infineon Technologies AG. “Integrity Guard represents a huge leap forward compared to conventional security strategies that lack capabilities like end-to-end encryption of the data path, continuous monitoring, and cross-checking between two CPUs. Our new generation of digital security chips offers all of this.”
Designed specifically to deliver exceptionally long-lasting security, the SLE 78 family incorporates a set of state-of-the-art security functions and mechanisms. This makes these security controllers suitable for applications in which stored data needs an especially high level of protection. Such applications include payment cards and security-sensitive government projects – like the electronic IDs in chip card format due to be issued in Germany from November 1, 2010, for example. The new ID cards are to be valid for ten years and, besides serving as a conventional ID with a photograph and printed information on the ID holder, are intended as electronic proof of identity in private and business transactions conducted over the Internet. If required, the cards can also provide a qualified electronic signature. This is the legal equivalent of a handwritten signature and may be used in declarations and applications submitted to public authorities that require a signature in order to be legally binding.
The certified SLE 78CLXxxxP product group, which has contactless and contact-based interfaces and hardware accelerators for advanced cryptographic operations, builds on the Integrity Guard security technology.
Integrity Guard provides a security controller with comprehensive error-detection capabilities and full encryption along the whole of the data path, including the two CPUs, memories (EEPROM, Flash, ROM and RAM), and caches and buses. The chip’s core consists of two central processing units (CPU) that cross-check each other continuously and immediately detect whether arithmetic operations are executed correctly or an attack has been launched. If the security controller detects an error or an attempted attack, it triggers an alarm and immediately aborts the operation.
Another key advance with Integrity Guard is that it enables computations to be carried out using encrypted data. On conventional security controllers available today, data is required to be decrypted for processing, which presents attackers with a target for some attack scenarios. Integrity Guard eliminates this vulnerability because sensitive information remains encrypted during transmission and processing along the entire data path.
The SLE 78 family of security controllers was certified by BSI to Common Criteria Evaluation Assurance Level 5+ (EAL5+) with “high” security mechanism strength. The chips were put through their paces in rigorous technical tests over a period of several months.
Certification to Common Criteria is a standardized and internationally recognized process used to test and verify the security of products. National certification bodies – in Germany’s case, BSI – commission highly qualified, specialized laboratories to perform attack tests on the chips and to rate the resilience of the products they test.
Technical information on the SLE 78 family
The SLE 78 family of security controllers currently comprises 19 members. These devices differ in terms of memory size and offer between 244Kbytes and 288Kbytes of ROM (for operating systems) and between 36Kbytes and 144Kbytes of EEPROM (for data storage, for example). They include specialized co-processors for symmetrical and asymmetrical cryptographic operations, including 3-DES (Triple Data Encryption Standard), AES (Advanced Encryption Standard), RSA (Rivest, Shamir, Adleman) and ECC (Elliptic Curve Cryptography). SLE 78 family members also support a full range of contactless proximity interfaces, such as ISO/IEC 14443 Type B and Type A and ISO 18092 (NFC passive mode).
A short video (length: about 3.5 min) on the security technology „Integrity Guard“ is also available
For information on international security certification to Common Criteria, please visitwww.commoncriteriaportal.org