NXP Semiconductors
P5Cx012/02x/40/73/80/144 family
Secure dual interface and contact PKI smart card controller
1.6 Security features
SmartMX incorporates a big range of both inherent and OS controlled security features as
counter measure against all types of attacks. NXP Semiconductors has used the deep
knowledge of chip security, combined with the used handshaking circuit technology, the
very dense 5-metal-layer 0.14 µm technology, glue logic and active shielding methodology
for optimum results in CC EAL5+, EMVCo and other third party certifications and
approvals.
SmartMX Memory Management Unit (MMU), designed to define various memory
segments and assign security attributes accordingly, supports a strong firewall concept
that keeps different applications separate from each other. Only the System mode has full
access privileges to all memory space and on-chip peripherals, while the User mode only
has privileges defined upon card personalization and executed under the control of the
System mode.
1.7 Security evaluation and certificates
The reached target of the certification is CC EAL5+. Also third party approvals like e.g.
EMVCo (Visa, CAST), ZKA and others, depending on the application requirements, are
available.
NXP Semiconductors continues to drive forward third party security evaluations to provide
its customers with the relevant information and documentation needed to execute
subsequent composite evaluations of implemented applications.
1.8 Optional crypto library
NXP Semiconductors will offer for all family types an optional crypto library:
• Various algorithms
– AES encryption and decryption using the AES coprocessor
– DES and Triple-DES encryption and decryption using the DES coprocessor
– RSA encryption and decryption, signature generation and verification for
straightforward and CRT keys up to 5024 bits
– RSA key generation
– ECC over GF(p) signature generation and verification (ECDSA) and Diffie-Hellman
key exchange for keys up to 544 bits
– ECC over GF(p) key generation
– ECC over GF(2n) signature generation and verification (ECDSA) and
Diffie-Hellman key exchange for keys up to 571 bits
– ECC over GF(2n) key generation
– SHA-1, SHA-224 and SHA-256 hash algorithm
– Pseudo-Random Number Generator (PRNG)
• Easy to use API for all algorithms
• Secure operation in contact as well as in the contactless mode
• Latest built-in security features to avoid power (SPA/DPA), timing and fault attacks
(DFA)
P5CX012_02X_40_73_80_144_FAM_SDS_3
Objective short data sheet
Rev. 03 — 24 January 2008
© NXP B.V. 2008. All rights reserved.
4 of 18