Infineon Technologies have announced that its SLE 78 family of security controllers received security certification for use in electronic ID documents and chip card applications. The Germany Federal Office for Information Security (BSI) certified the high standard of security achieved by Infineon. Governments and public authorities all over the world use security controllers in ID documents that conform to the international standard Common Criteria EAL5+ (high) security requirements. In Germany, BSI confirms that products conform to this security standard by granting an internationally recognized certificate.
“With our revolutionary ‘Integrity Guard’ security technology and the SLE 78 family, Infineon as an innovation driver is ushering in a new era in hardware-based security. For the first time in the more than 25-year history of chip cards, data is now processed on a CPU itself in encrypted form,” said Dr. Helmut Gassel, President of the Chip Card & Security Division at Infineon Technologies AG. “Integrity Guard represents a huge leap forward compared to conventional security strategies that lack capabilities like end-to-end encryption of the data path, continuous monitoring, and cross-checking between two CPUs. Our new generation of digital security chips offers all of this.”
Designed specifically to deliver exceptionally long-lasting security, the SLE 78 family incorporates a set of state-of-the-art security functions and mechanisms. This makes these security controllers suitable for applications in which stored data needs an especially high level of protection. Such applications include payment cards and security-sensitive government projects – like the electronic IDs in chip card format due to be issued in Germany from November 1, 2010, for example. The new ID cards are to be valid for ten years and, besides serving as a conventional ID with a photograph and printed information on the ID holder, are intended as electronic proof of identity in private and business transactions conducted over the Internet. If required, the cards can also provide a qualified electronic signature. This is the legal equivalent of a handwritten signature and may be used in declarations and applications submitted to public authorities that require a signature in order to be legally binding.
The certified SLE 78CLXxxxP product group, which has contactless and contact-based interfaces and hardware accelerators for advanced cryptographic operations, builds on the Integrity Guard security technology.
Integrity Guard provides a security controller with comprehensive error-detection capabilities and full encryption along the whole of the data path, including the two CPUs, memories (EEPROM, Flash, ROM and RAM), and caches and buses. The chip’s core consists of two central processing units (CPU) that cross-check each other continuously and immediately detect whether arithmetic operations are executed correctly or an attack has been launched. If the security controller detects an error or an attempted attack, it triggers an alarm and immediately aborts the operation.
Another key advance with Integrity Guard is that it enables computations to be carried out using encrypted data. On conventional security controllers available today, data is required to be decrypted for processing, which presents attackers with a target for some attack scenarios. Integrity Guard eliminates this vulnerability because sensitive information remains encrypted during transmission and processing along the entire data path.
The SLE 78 family of security controllers was certified by BSI to Common Criteria Evaluation Assurance Level 5+ (EAL5+) with “high” security mechanism strength. The chips were put through their paces in rigorous technical tests over a period of several months.
Certification to Common Criteria is a standardized and internationally recognized process used to test and verify the security of products. National certification bodies – in Germany’s case, BSI – commission highly qualified, specialized laboratories to perform attack tests on the chips and to rate the resilience of the products they test.
Technical information on the SLE 78 family
The SLE 78 family of security controllers currently comprises 19 members. These devices differ in terms of memory size and offer between 244Kbytes and 288Kbytes of ROM (for operating systems) and between 36Kbytes and 144Kbytes of EEPROM (for data storage, for example). They include specialized co-processors for symmetrical and asymmetrical cryptographic operations, including 3-DES (Triple Data Encryption Standard), AES (Advanced Encryption Standard), RSA (Rivest, Shamir, Adleman) and ECC (Elliptic Curve Cryptography). SLE 78 family members also support a full range of contactless proximity interfaces, such as ISO/IEC 14443 Type B and Type A and ISO 18092 (NFC passive mode).
Further information
Information on Infineon’s product portfolio for chip card and security applications and the SLE 78 family of security controllers is available at www.infineon.com/security and www.infineon.com/SLE78
A short video (length: about 3.5 min) on the security technology „Integrity Guard“ is also available
For information on international security certification to Common Criteria, please visitwww.commoncriteriaportal.org
K R O W N E 
I’m really intrigued with the Infineon Integrity Guard’s capability to perform CPU operations on encrypted data. I haven’t been able to find out how they do that. To my knowledge it’s mostly theory right now with limited practical implementation. Am I wrong? Please say yes. Other confusing statements in the product literature is that each CPU uses different crypto keys but then how do they compare each others output for fault detection? If anyone can point me to a good explanation I would really appreciate it.
Dan – I will pass your comments on to our contacts in Infineon who look after this area and will ask them them to reply to you directly. They should be able to help. Thanks.
Krowne, I’d like to know too. Can you add me for the info?
Will do, Randy…
This answer came directly from Infineon this morning.
Answer:
It’s reality. There are already products in the market that incorporate the “Integrity Guard”, e.g. the SLE 78 series. The SLE 78 includes a Dual-CPU that is performing operations on encrypted data. At the trade show “CARTES 2008”, the first products were shown, and this year, 19 members of the SLE 78 family received a certificate according to Common Criteria EAL5+(high). So the “Integrity Guard” has now, after several years of development, become reality and is readily available in the market.
The keys that are used inside the CPU are dynamic and can be changed every clock cycle. Each part of the Dual-CPU utilizes different dynamic keys. Operations are performed directly on encrypted data WITHOUT bringing them to cleartext first. The outputs and internal signals inside the Dual-CPU core are compared by mathematical operations without using clear data. This mechanism was part of the evaluation and certification process, too – the evaluation lab and the certification bodies had full access to the design and concept of the encrypted Dual-CPU. During the evaluation and certification, the encryption methods over the complete datapath were checked and approved.
The mathematical measures that are utilized in the “Integrity Guard” require very deep internal design measures and therefore cannot simply be done on the basis of a “standard CPU”. But, in principle, it is possible to turn other microprocessor’s basic architectures into the “Integrity Guard” security concept, too – of course this can be achieved only by deep changes of the core’s internals.
Please also refer to http://www.infineon.com/sle78
I hope this is of some help those who commented.