The Future of Smart Cards: Bigger, Faster and More Secure Joerg Borchert, Vice President, Secure Mobile Solutions July 16, 2003 Page 1 N e v e r s t o p t h i n k i n g.
Infineon Technologies: Overview Business Groups Applications Wireline Communication Broadband and Carrier Access, high speed line cards for metro and long-haul optical networks Secure Mobile Solutions Automotive & Industrial Secure mobile applications and systems: communication, payment, identification, computing, entertainment, wide area wireless and local area wireless networks, personal area wireless networks, GPS Car Electronics (power train, body, convenience, safety, vehicle dynamics, infotainment), industrial drives, automation and control systems, power supplies Customers Page 2 Memory Products PC and notebooks, PC-upgrades, workstations, infrastructure (servers and networking), PDA s, SMART phones, computer peripherals
Full Spectrum Security IC Knowledge Security Strong cryptology expertise Leading edge security memories/controllers Strong security features (sensor protection, shielding layers,...) International certification Non Volatile Memories Leading edge technology (0.22µ) Highest quality embedded memory in the market (EEPROM) Page 3
What Makes a Card Smart Intelligence of the credential chip Memory: Store unique serial number and support locking of memory to allow write access only with password protection Memory + Wired logic: Use dedicated, fixed circuitry for authentication by readers Microcontroller: Encryption/authentication supported in software/ firmware Page 4 Level of card integration Hybrid: Contain multiple technologies to support existing and emerging authentication methods Dual-interface: Single-chip featuring both contact and contactless interface Hybrid/Dual-interface: Pathway to the true multi-application card
Security Measures Threats: Unauthorized access and/or altering of data Unwanted identification/authentication Duplication or simulation of cards Protection: Cryptography to protect against unauthorized access to data Card design and microcontroller design, including separation of highlysecure data via hardware firewalls System design to balance multiple levels of authentication with user convenience Page 5
Smart Card Chip Trends Security PKI Digital Signature High Security Offline Transactions Strong encryption Flexibility for the Future Application update in the field Multi-ApplicationCards Performance and Memory-hungry Applications High speed data exchange Security in the background system Virtual Languages Java, Multos 32-bit 0.22 / 0.13µm Page 6 Single Applications Simple implementations no flexibility 8 / 16-bit 0.6µm 8-bit 0.6µm GSM Phase 2+ Low cost GSM Phase 2 Electronic Purse Healthcare Loyalty, gambling Pay TV, metering Banking E-Purse Multifunction cards Identification 8 / 16-bit 0.25 / 0.22µm Multifunction cards GSM Phase 2,2.5 - UMTS Security Access Healthcare Pay TV Multifunction cards UMTS Banking Performance Functionality Memory size
Security controller technology roadmap 1 st Generation 1997 0,8 µm 2 ML, 3-5 V 8 kb EEPROM 1998 0,6 µm 3 ML, 3-5 V 32 kb EEPROM 2 nd nd Generation 2000 0,25 µm 4 ML, 3-5 V 100 MHz Logic 64 kb EEPROM 2001 0,22 µm 5 ML, 1.8-3 V 128 kb EEPROM Page 7 3 rd rd Generation 2003 0,13 µm > 5ML, 1.2-3 V > 200 MHz Logic > 512 kb NVM Code Flash
Smart Card Applications Types of Smart ID cards and required security level quantity high Transportation Access card National ID card medium low Healthcare and social security card Building Access Card Network Access Card Drivers License International Travel Documents Access Card Transport / Payment card Page 8 -driven Industry-driven low medium high security level
Technical Maturity Triggering Wide Adoption Turn-key solution high volume market al Mature technology small projects / pilots Social Security New technology first projects Page 9 Yesterday Today Tomorrow
Smart Card ID: Applications, Formats and Data Source: G&D National eid card (NeID) edriving Licence Application National ID (population) and/or immigration International travel documents Healthcare Driving licences & permits Social security Ministry access Welfare & pension Formats ID 1 Format 54.0 mm x 85.6 mm Thickness 0.25 mm to 1.25 mm ID 2 Format 74.0 mm x 105.0 mm Thickness 0.25 mm to 1.25 mm ID 3 (booklet) Passport - Standard: ISO / IEC 7810 - Standard: nationality, surname, first name, date and place of birth, sex, serial number, national number, passport picture, address etc. Future trends: digital signature, biometric reference templates of certain anatomical features, current status and others. Page 10 eid card Data
Next Steps: International Standardization International Travel Documents International Civil Aviation Organization (ICAO), in cooperation with: ISO International Air Transport Association Airports Council International INTERPOL International Drivers License International ID Cards (ISO) Page 11 Source: Trüb
Security Verification and U.S. Standards Common Criteria standard (ISO/IEC 15408) specifies security requirement framework verified by independent labs ISO/IEC 14443 standard contactless systems using microcontroller technology meet Common Criteria standards FIPS140-2 defines cryptographic security requirements for systems used by U.S. government and affiliated agencies No contactless technology certified today and FIPS certification plans are not published at this time Page 12 Smart Card Interoperability Specification (GSC-IS) Will define interoperability of contactless and contact technologies through NIST
Evolution to Contactless Cards Cards/readers requiring direct physical contact lack flexibility in many applications Dual Interface addresses need for user convenience with security Single chip on card supports access and data I/O via a contact port or RF signal Implementation can be transparent to end user System designs balance convenience with security by incorporating a combination of contact and contactless reader technologies Multi-interface and multi-protocol readers increasingly cost-effective High-security poitns (facilities, computer networks) can remain accessible only through contact port readers, with additional second/third level authentication as needed Page 13
Integrated Components of 32-bit Security Controllers Integral Security Concept Integral Memory Management and Protection Unit Peripherals: USB, contactless, Customization Dedicated 32-bit Smart Card Core Advanced Crypto Engine DES Accelerator HW-Acceleration of Java, MULTOS, WPSC,... Large on-chip Memories Page 14
Where We Go From Here: Innovation Techniques Flexible ICs Silicon chips less than < 25 micron thick achieve paperlike behavior Additional developments in polymer-based chips promise new types of low-power, ubiquitous computing ability Page 15 Chip Stacking Technology New method to combine two or more chips in one package for reduced cost without sacrificing integration Allows combination of secure memories and controllers as one system