Preview only show first 10 pages with watermark. For full document please download

Template Company Confidential_16x9

Rating
Date

October 2018
Size

3MB
Views

7,937
Categories

Office Smart card readers

Transcript

SECURITY STANDARDS AND ARM PROCESSORS FOR PAYMENT APPLICATIONS 金融支付系统中的安全规范和处理器技术张小平博士恩智浦半导体 • NXP Semiconductor COMPANY CONFIDENTIAL Connecting ‘Things at the Edge’ to the ‘Cloud’ MCU Energy Sensors RF Edge Nodes PAN/LAN Connectivity Gateway WAN Connectivity Cloud Application/Action BIG Data 1 COMPANY CONFIDENTIAL Internet of Tomorrow  Smart, Connected and Secure Smart Healthcare Smart Hospital Smart Thermostat Smart Home Smart Home Smart City Smart Wearable Smart Health Smart Vehicle Smart Highway V2V & V2I Increasing complexity of data collection, handling & processing for delivering value added information. 2 COMPANY CONFIDENTIAL Security Risk Multipliers Accessibility Firmware updates Increasing value 3 COMPANY CONFIDENTIAL Resource constraints Increased attacker capability NXP’S Security Technology Trust Crypto Anti-Tamper 4 COMPANY CONFIDENTIAL Cryptography • The science of protecting data through encoding and decoding • Symmetric Encryption − DES/DES3, • Asymmetric Encryption − RSA, • AES Crypto ECC Hashing − CRC, MD5, SHA • True Random Number Generation • Security Protocols − SSL, 5 Trust HomeKit, Thread COMPANY CONFIDENTIAL Anti-Tamper Anti-Tamper • Proactive monitoring of physical and environmental system attacks • Tamper Detection − Physical Trust Crypto Enclosure intrusion  Drilling and probing  − Environmental Voltage  Temperature  Frequency  • 6 Secure Storage COMPANY CONFIDENTIAL Anti-Tamper Trust • The assurance that only access from a reliable source will occur • Code I/P Protection − Internal memory protection − External memory protection • • updates − Device verification 7 Crypto Debug Port Protection Authentication − Software • Trust Secure Boot COMPANY CONFIDENTIAL Anti-Tamper Payment Applications BILLIONS of SECURE TRANSACTIONS User Identification Assured Service Confirmation of the parties involved in a transaction Protection against denial of service attacks 8 COMPANY CONFIDENTIAL Secure Communicatio n Encryption and decryption of data Manage Secure Content Ensure data integrity and protection Secure Network Access Network layer security Tamper Resistance Protection against passive or active tamper attacks Payment Terminals Form Factors From low end to feature rich PinPad / mPOS Power Efficient , 9 COMPANY CONFIDENTIAL Portable POS / Smart POS Secure Tablet Smart POS & Connected High End POS Solutions Internet of things From low end to feature rich Smart Plugs Power Efficient , 10 COMPANY CONFIDENTIAL Portable Healthcare Secure Smart Watch & Connected Home Automation Gateway Solutions Payment Application Architectures 11 COMPANY CONFIDENTIAL ARM Cortex-M MCU/RTOS - PinPad, mPOS, Portable POS EMVco Payment Buzzer Battery Thermal Printer PMU (Discrete) I2S RTC Real Time Clock External Memory Nor, NAND, XIP Memory, DDRx SDRAM/ QSPI Timer / PWM Standard Connectivity Bluetooth / Wi-Fi Murata | BRCM4339 Wireless SiP Module LBEH5HMZPC-TEMP USB OTG Secure Microcontroller PCI Compliant SPI / Flex Io SDIO UART / Flex IO Crypto Engine LTC Engine (RSA, ECC, 3DES,ECC,SHA, DPA) DryICE W/ Tamper Pins TRNG Contactless Reader PN5180 LEDs Display (+ LCD Driver if not in the MCU) COMPANY CONFIDENTIAL User Interface / Pin Entry Optional Magstripe Card Reader Legacy Payment Secure Touch AFE NXP 12 ADC FAC Sensors (for tamper resistance) 3rd Party ISO7816-3 Kinetis: K21, KL81, K81 GPRS/Cellular 4Mbit/s Wireless Connectivity Contact Reader TDA80XX 2 x EMVSIM Wired Interfaces Serial USB PN7462 SAMs (Up to x5) ARM Cortex-A MPU/Linux – mPOS, Portable POS Power & Battery Management EMVco Payment PMIC & Int. Battery Charger PF1550 External Memory Nor, NAND, XIP Memory, DDRx etc. PN7462 Contact Reader Standard Connectivity SAMs (Up to x5) TDA80XX Wired Interfaces Serial USB Bluetooth / Wi-Fi Murata | BRCM4339 Wireless SiP Module LBEH5HMZPC-TEMP USB OTG CTS/RTS SDIO UART / Flex IO Secure Microprocessor PCI Compliant CAAM Engine (RSA, ECC, 3DES,ECC,SHA, DPA) Wireless Connectivity TRNG Sensors (for tamper resistance) CLRC663 PN512 PN5180 i.MX: i.MX6UL Crypto Engine GPRS/Cellular 4Mbit/s Contactless Reader LEDs Etc… Magstripe Card Reader Legacy Payment Display (+ LCD Driver if not in the MCU) NXP 13 COMPANY CONFIDENTIAL User Interface / Pin Entry 3rd Party ARM Cortex-A MPU/Android - Single Chip SmartPOS Power & Battery Management EMVco Payment PMIC & Int. Battery Charger PF1550 External Memory Nor, NAND, XIP Memory, DDRx etc. PN7462 Contact Reader Standard Connectivity SAMs (Up to x5) TDA80XX Wired Interfaces Serial USB Bluetooth / Wi-Fi Murata | BRCM4339 Wireless SiP Module LBEH5HMZPC-TEMP USB OTG CTS/RTS SDIO UART / Flex IO Contactless Reader CLRC663 PN512 PN5180 i.MX: i.MX7Solo/Dual Crypto Engine GPRS/Cellular 4Mbit/s CAAM Engine (RSA, ECC, 3DES,ECC,SHA, DPA) Wireless Connectivity TRNG Sensors (for tamper resistance) 14 Secure Microprocessor PCI Compliant LEDs Etc… Magstripe Card Reader Legacy Payment Display (+ LCD Driver if not in the MCU) NXP COMPANY CONFIDENTIAL User Interface / Pin Entry 3rd Party MPU/Android - Split Architecture Smart POS and Kiosk EMVco Payment Battery Charger BC3770 MC32PBC3770 PMIC PF0100 Thermal Printer RTC Real Time Clock External Memory Nor, NAND, XIP Memory, DDRx etc. PN7462 Contact Reader SAMs (Up to x5) TDA80XX Wired Interfaces Serial USB Ethernet Main Processing Unit Bluetooth / Wi-Fi i.MX: i.MX6DL; D/Q; D/Q+; i.MX8 Murata | BRCM4339 Wireless SiP Module LBEH5HMZPC-TEMP Secure Controller Kinetis: KL81, K81 Contactless Reader CLRC663 PN512 PN5180 Magstripe Card Reader LEDs Display Secure Capacitive Touch Controller Legacy Payment User Interface / Pin Entry NXP/FSL 3rd Party 15 COMPANY CONFIDENTIAL Security Standards for Payment 16 COMPANY CONFIDENTIAL Payment Card Industry Security Standards Council  Managing account data protection is the Payment Card Industry Security Standards Council®.  The guidelines provided by this council allow developers to understand and implement highly secure devices  17 Compliance to these standards ensures a united front against the growing security threats of attackers COMPANY CONFIDENTIAL https://www.pcisecuritystandards .org/ PCI Security Standards Council: Partitions The PCI SSC partitions their standards into three categories, guidelines for terminal manufacturers, payment application developers and merchants and processors PCI DSS End to end PCI PA PCI PTS 18 COMPANY CONFIDENTIAL • Merchants and Processors • Application Developers • Terminal manufacturers PCI Security Standards Council: Partitions Most relevant for embedded processors are the guidelines put in place for terminal manufacturers. These are the PCI Pin Transaction Standards. PCI DSS End to end PCI PA PCI PTS 19 COMPANY CONFIDENTIAL • Merchants and Processors • Application Developers • Terminal manufacturers PCI PTS Changes over time • Update cycle − These standards are updated every 3 years and if there is a significant threat  − • Whenever retailers purchase new POS devices, they are advised to purchase devices that have passed the latest standard Every 7 years, the standard is retired and retailors are advised to replace the devices PCI security changes over time V1: Independe nt lab evaluation Tamper Evidence 20 COMPANY CONFIDENTIAL V2: Tamper Response (Destructio n of keys) V3: End to End Encryption (SRED) V4: Testing guidelines, Security guidelines, Open Protocols V5: Recently released PCI PTS Documentation Security Requirements & Derived Testing Requirements  Security Requirements − 21 EXAMPLE: The device performs a selftest, which includes integrity and authenticity tests upon start-up and at least once per day to check whether the device is in a compromised state. In the event of a failure, the device and its functionality fail in a secure manner. The device must reinitialize memory at least every 24 hours. COMPANY CONFIDENTIAL  Derived Test Requirements − EXAMPLE GUIDANCE  − Firmware is considered to be any code within the device that provides security protections needed to comply with these requirements…. EXAMPLE TESTING  The tester shall verify that the device performs self-tests upon start upon and on a periodic basis at least once per day to check firmware and security mechanisms for signs of tampering, and whether the device is in a compromised state… PCI PTS Approval Classes • Devices just accepting PINs − Attended and unattended types • Attended devices just accepting cards (No PIN entry) • Unattended devices • Devices just accepting cards without keypad for PIN entry or Screens (SCR) 22 COMPANY CONFIDENTIAL PCI PTS Scope of Certification testing A1 A2 A3 ::: M8 23 X X X COMPANY CONFIDENTIAL X X Implements a TCP/IP stack Protects account data Device is a compound device MSR IC CR Feedback to Cardholder Requirement Keys Within the security requirements documentation, Appendix B of the PCI PTS Security requirements document details which requirements apply based on the functions supported by the device Pin Entry • Conditions PCI PTS Evaluations 24 COMPANY CONFIDENTIAL Security is about protecting data… • • Goal of attacks for payment GET ACCESS TO − − 25 Personal Account Information  Account numbers, expiration date, etc PIN COMPANY CONFIDENTIAL PCI PTS Evaluations • • • PCI PTS is a system level evaluation (incl. housing, form-factor design) Atacks are assessed on an ´attack costing´ − Lab assess/documents security measures − Determines best type of attack and perform all/part of these − Document the attack in logical steps Attack costing is based on a sum of points − Time, Knowledge of device, Expertise, Number and type of sample device, equipment, parts used in the attack EVALUATION LOGICAL SECURITY PROTECTIONS 26 COMPANY CONFIDENTIAL PHYSICAL SECURITY PROTECTIONS Attack Costing • • 2 stages − Identification – discovering and testing attack − Exploitation – performing the attack Up to 3 minimum requirements to meet − Total points (sum of Identification and Exploitation) − Point score of the exploitation phase − Time taken for the exploitation phase Factor Range Attack Time 1hr to beyond 0 to 5.5 160hrs Expertise Layman to Expert COMPANY CONFIDENTIAL 0 to 4 Knowledge of Public to Device Sensitive 0 to3 Access Mechanical Sample to Production 0 to 4 Equipment for attack None to Chip Level 0 to 7 Specific Parts None to (tools) Bespoke 27 ID Phase Exploitation Phase 0 to 5 Evaluation Criteria per function  PCI Requirements: (Total/Explotation) EMVco Payment Buzzer Battery PMU (Discre te) I2 S Therm al Print er RTC Real Time Clock External Memory Nor, NAND, XIP Memory, DDRx SDRAM/ QSPI Timer / PWM Standard Connectivity Wired Interfaces Murata | BRCM4339 Wireless SiP Module GPRS/Cellular LBEH5HMZPC-TEMP 4Mbit/s Wireless Connectivity USB OTG Secure Microcontroller PCI Compliant SPI / Flex Io SDIO UAR T/ Flex IO Kinetis: K21, KL81, K81 SAM s (Up to x5)  DTR A6 Determining key analysis (35/15)  DTR A1 Tamper detection mechanisms (26/13)  DTR D1 Penetration protection (20/10)  DTR A7 Physical Security of display prompts (18/9)  DTR K1.1 Account Data protection (16/8) ISO7816-3 Contactl ess Reader PN5180 Crypto Engine LTC Engine (RSA, ECC, 3DES,ECC,SHA, DPA) TRNG FAC AD C DryICE W/ Tamper Pins Sensors (for tamper resistan ce) Secur e Touch AFE LEDs 28 Contact Reader TDA80X X 2 x EMVSIM Serial USB Bluetooth / Wi-Fi PN7462 COMPANY CONFIDENTIAL Display (+ LCD Driver if not in the MCU) Optional Magstripe Card Reader Legacy Payment Evaluation Criteria per function PCI Firmware/ secret keys Buzzer Battery PMU (Discre te) Therm al Print er Contact ICCR RTC Real Time Clock External Memory Nor, NAND, XIP Memory, DDRx PN7462 Contact Reader TDA80X X MSR I2 S SDRAM/ QSPI Timer / PWM Standard Connectivity Wired Interfaces Serial USB Bluetooth / Wi-Fi Display Murata | BRCM4339 Wireless SiP Module GPRS/Cellular LBEH5HMZPC-TEMP 4Mbit/s Wireless Connectivity PCI Requirements: (Total/Exploitation) SAM s (Up to x5)  DTR A6 Determining key analysis (35/15)  DTR A1 Tamper detection mechanisms (26/13)  DTR D1 Penetration protection (20/10)  DTR A7 Physical Security of display prompts (18/9)  DTR K1.1 Account Data protection (16/8) ISO7816-3 2 x EMVSIM USB OTG Secure Microcontroller PCI Compliant Kinetis: K21, KL81, K81 Security processor SPI / Flex Io SDIO UAR T/ Flex IO Contactless ICCR^ Contactl ess Reader PN5180 Crypto Engine LTC Engine (RSA, ECC, 3DES,ECC,SHA, DPA) TRNG FAC AD C DryICE W/ Tamper Pins Sensors (for tamper resistan ce) Secur e Touch AFE Keypad LEDs 29  EMVco Payment COMPANY CONFIDENTIAL Display (+ LCD Driver if not in the MCU) Optional Magstripe Card Reader Legacy Payment Flash / public keys / Applications execution Secure Processor Technology 30 COMPANY CONFIDENTIAL NXP Secure Processors and Interface ICs From low end to feature rich Portable POS / Smart POS PinPad / mPOS TDA8026/ TDA8034/TDA8035 PN5180 / PN7462 Power Efficient , 31 COMPANY CONFIDENTIAL i.MX 7Dual; i.MX 8Xseries i.MX 6DL/D/Q + K81/KL81 i.MX 6 UL-3 i.MX7 Solo K21/K81/KL81 TDA8034/TDA8035 PN5180 / PN7462 Tablet Smart POS Secure & High End POS i.MX6 DQ Plus; i.MX 8Xseries; 8series + K81/KL81/A70CM TDA8026/ TDA8034/TDA8035 PN5180 / PN7462 Connected Solutions Security Function blocks Crypto Acceleration − ‘mmCAU’, for low-end Kinetis − ‘LTC’, for high-end Kinetis − ‘CAAM’ for i.MX Trusted Execution − ARM TrustZone® − ‘HAB’ (Secure boot) − ‘RTIC’ (Runtime Integrity Checker) − Secure debug − Secure storage − Resource domain isolation (MPU, FAC) Tamper Resistance 32 − Erases secrets at tamper detect − Active and passive tampers COMPANY CONFIDENTIAL Trusted Execution Crypto Acceleration Tamperresistance Secure Microcontrollers ARM Cortex-M Class devices 33 COMPANY CONFIDENTIAL NXP’s Breadth in Microcontrollers Kinetis + LPC = Powerhouse Portfolio 34 COMPANY CONFIDENTIAL 218 part numbers with high level of security integration LPC Security MCU: LPC43(S)00 Series FLASH (0-512 kB) ARM Cortex-M4F 204 MHz RAM (104-282 kB) ARM Cortex-M0 204 MHz System PLL USB PLL FLASH (0-512 kB) High performance, high-speed connectivity, advanced peripherals, dual-cores, DSP functionality • EEPROM (0-16 kB) − Up to 1 MB dual-bank Flash; 282 kB RAM − Flashless + XIP from QSPI via SPIFI ROM (ROM Drivers) Audio PLL MEMORY Clock Generation Unit 12 MHz, 1-24 MHz System OSC SYSTEM SCTimer/PWM 32-bit (4) MCPWM QEI WWDT RTC Alarm OTP Key Storage SPIFI SDIO GPDMA − FS/HS USB w/on-chip FS/HS PHY, dual-host capabilities Graphic LCD Ethernet MAC − Graphic LCD, free emWin graphic libraries CAN 2.0B (2) UART (4) − SCTimer/PWM, SGPIO SSP/SPI (3) I2C (2) I2S (2) GPIO (49-164) • COMPANY CONFIDENTIAL High-speed connectivity, display, timing Security features (LPC43Sxx), including − Hardware AES-128 encryption engine − Two 128-bit non-volatile OTP memories − True random number generator − INTERFACES ADC (2-3) • DAC ANALOG 35 • SGPIO AES Engine SECURITY Signal processing capabilities EMC HS USB (2x HS Host/Device) TIMERS TRNG − Multilayer Bus Matrix Power Management Unit Power saving modes, BOD, POR 204 MHz Cortex-M4F processor and Cortex-M0 co-processor Code Data protection Pin compatible with LPC18/18S Kinetis K81 ARM CORTEX-M4F Core ARM Cortex-M4 - MPU Up to 150 MHz with HSRUN DSP Interrupt Controller Floating Point Unit (sFPU) 8KB I/D Cache 8KB Sys Cache Security Analog Flash Security and Access Control 16-bit SAR ADC Cyclic Redundancy Check Low-Leakage Wakeup Unit Bit Manipulate Engine High Speed Analog Comparator 12-bit DAC Low-power Trusted Cryptographic engine AES128/192/256 DES/3DES with DPA RSA2048/ECC 1.2V Internal Voltage Reference QSPI With OTF Memory Protection Unit SDRAM Controller 4x FlexTimer 2x Low Power Timer 4ch Periodic Interrupt Timers 4x Low Power UART Cryptographic Acceleration 2x ISO7816EMVSIM COMPANY CONFIDENTIAL 2xI2S Carrier Modulator Transmitter Boot ROM 32KB 2KB Secure RAM Internal Reference Clocks 48MHz/4MHz/32KHz Low Power Clock 1KHz PLL/FLL Human Machine Interface Crystal-less USB FS Device/OTG 3x SPI 4x I2C Packages 121MAPBGA 8x8x1.4/0.65mm 100LQFP 14x14x1.4/0.5mm Temperature Communication Interfaces Real Time Clock Programmable Delay Block Low & High Frequency Oscillators SRAM 256KB External Bus Interface Timers Clocks Flash 256KB Watchdog 2x Timer/PWM True Random Number Generator 36 Direct Memory Access - 16ch Power Management Controller Debug Interfaces DryICE with 8 tamper pins Memories System GPIOs 32-ch FlexIO USB Voltage Regulator USB Device Charger Detect Secure Digital Host Controller (SDHC) Touch Sensing Interface -40-105C Features Highlight Cortex-M4 with 8KB I/D-Cache FPU and MPU , BME up to 256KB Flash, up to 256KB SRAM QSPI Flash interface QSPI Flash interface with OTF True Random Number Generator Crypto acceleration MMCAU 160B(32B+128B) Secure RAM for Key storage Enc. Engine (DES/3DES/AES/RSA) • RSA2048 support • (3 decrypt and 1 encrypt <750ms) • ECC: ECDSA and ECDH for up to P256 • DES/3DES with HW DPA • AES256/192/128 with DPA Up to 8 Tamper Pins Independent Real-Time Clock (RTC) 2x EMV compatible ISO7816-3 interfaces Crystal-less USB Device 32-ch FlexIO Kinetis Secure MCU’s – Product Lineup Key Features KL81 K81F K21D K21F K63F K65F Flash 128 KB 256 KB 512 KB 1MB 1 MB 2 MB RAM 96 KB 256 KB 64 KB 128 KB 128 KB 256 KB 72 MHz 150 MHz 50 MHz 120 MHz 120 MHz 180 MHz Core M0+ M4F M4 M4F M4F M4F RNG TRNG TRNG Yes Yes Yes Yes 32 Bit + 128 Bit 32 Bit + 128 Bit 32 Bit 32 Bit 32 Bit + 128 Bit 32 Bit +128 Bit N/A 2 KB N/A N/A N/A N/A 8 8 3 6 6 8 Yes Yes Yes Yes Yes Yes LTC Enc. Engine DPA LTC Enc. Engine DPA MMCAU MMCAU MMCAU MMCAU RSA/ECC LTC Enc. Engine LTC Enc. Engine MMCAU MMCAU MMCAU MMCAU SHA LTC Enc. Engine MMCAU MMCAU MMCAU MMCAU MMCAU N/A Y(QSPI) N/A N/A N/A N/A EMVSIM EMVSIM UART UART UART UART - - - - Ethernet Ethernet 121MBGA/80LQFP 121 Thin MBGA /100LQFP 121 MBGA/80LQFP 144MBGA/144LQFP /121 MBGA 144 MBGA 169MBGA Now Now Rev1.x: Now, Rev2.0:Now Rev1.x: Now, Rev2.1: Now Now Now Max Freq DRYICE Secure Memory Secure RAM No. of Tamper Pins Frequency, Voltage, Temperature Tamper DES/3DES/AES Protection on External Storage ISO7816-3 / EMV Others Package Available Date Sample/MP) 37 COMPANY CONFIDENTIAL TWR-POS-K21F and TWR-POS-K81 (PIN PAD) TWR-POS-K21F TWR-POS-K81 Seeking same PCI PTS certification leveraging similar physical and logical security features 38 COMPANY CONFIDENTIAL TWR-POS-K21F and TWR-POS-K81 (PIN PAD) New K81 MCU Features PCI PTS INFORMATION Approval Number 4-10199 Approval Class PED Version 4.X PIN Support Online Key Management DUKPT Functions Display, PIN Entry 39 COMPANY CONFIDENTIAL Cryptographic Acceleration Additional accelerator (LTC) to perform DES, AES and Public Key Cryptographic acceleration. AES designed with side channel protections Random Number Generator 512 bits of entropy *(Under test) Tamper 8 total tamper pins (2 more) CPU and Memory 256KB total SRAM, CPU Cache, XIP Serial NOR (AES128), SDRAM I/O FlexIO for Camera/Display TSI – touch sense interface ROM 32KB ROM with routines to facilitate firmware updates Secure Processors ARM Cortex-A Class devices 40 COMPANY CONFIDENTIAL i.MX Secure MPU – Product Lineup Feature i.MX 6UL i.MX 7Solo i.MX 7Dual Core Cortex-A7 @ 528 MHz Cortex-A7 @800 MHz Dual Cortex-A7 @1GHz L2 Cache 128KB 512KB 512KB RAM 128KB 256KB 256KB 2nd Core - Cortex-M4 Cortex-M4 Flash Interface SLC/MLC/Managed NAND Flash w/ 40-bit BCH SLC/MLC/Managed NAND Flash 60-bit BCH, 8bit RS SLC/MLC/Managed NAND Flash 60-bit BCH, 8-bit RS DRAM Interface 400 MHz 16-bit DDR3/L, LPDDR2 533 MHz 32-bit DDR3/L, LPDDR2, LPDDR3 533 MHz 32-bit DDR3/L, LPDDR2, LPDDR3 Display 24-bit Parallel RGB-1366x768 24-bit Parallel RGB-1920x1080 MIPI-DSI (2 lane) 1.5Gbps 24-bit Parallel RGB-1920x1080 MIPI-DSI (2 lane) 1.5Gbps EPDC Imaging PXP – Scaling, Alpha Blending, CSC, Dithering PXP – Scaling, Alpha Blending, CSC, Dithering. PXP – Scaling, Alpha Blending, CSC, Dithering Camera Interface Parallel Camera I/F Parallel Camera I/F, MIPI-CSI Parallel Camera I/F, MIPI-CSI CAN x2 x2 x2 Ethernet Dual 10/100 Single 1Gb (AVB) Dual 1Gb (AVB) Audio I2S, S/PDIF MQS, I2S MQS, I2S USB OTG with PHY x2 OTG with PHY x1 HOST with HSIC OTG with PHY x2 Host with HSIC SIM x2 x2 x2 PCIe - - Yes Security Secure Boot/HAB, PRNG, AES/3DES/Elliptical Curve/RSA, DPA protection, Up to 10 Tamper Pins, OTF Secure Boot/HAB, PRNG, AES/3DES/Elliptical Curve/RSA, DPA protection, Up to 10 Tamper Pins, Secure Boot/HAB, PRNG, AES/3DES/Elliptical Curve/RSA, DPA protection, Up to 10 Tamper Pins, Software & Security feature Compatible Pin-to-pin Compatible 41 COMPANY CONFIDENTIAL A Solution of Security Point of Sale Reference Design 42 COMPANY CONFIDENTIAL SLN-POS-RDR – Secure Card Reader Solution 43 COMPANY CONFIDENTIAL Traditional Point of Sale Terminal Engineering Challenges • PCI Certification • Tamper Detection • NFC Antenna Design • Larger QVGA Display • EMVCo Certification 44 COMPANY CONFIDENTIAL Secure Card Reader Block diagram NXP KSDK NXP App NXP NFC Cardtek Cirque Acquirer Host Simulator – PC Application 3rd party (open source) Payment Application (L3) (L3) Payment Application CardTek EMV L2 UI CardTek L2 HAL (Shim) Free RTOS eGU I LEDs Buzze r Segme nt Display Tampe r Mesh CST File System Virtual Com Port Pin Pad USB CDC MP U NXP L2 HAL NFC RdLib (CL) EMV L1 (CT) Date & Time KSDK 2.0 LCD COLOR TWR-LCD 45 COMPANY CONFIDENTIAL Buzzer LEDs Segment LCD Tamper Mesh TWR-POS-K81 Cirque SecureSense AFE SPI Flash TDA8035 PN-5180 TWR-POS-PN5180 Conclusions 46 COMPANY CONFIDENTIAL What we can learn from Payment Security Lessons from PCI PTS security standards • Security architectures must be maintained over time, they are not static • Third party lab evaluation improves the security of the system • Identify what data needs to be protected and protect it • Evaluation of security is based on the types of functions provided by the deice • Use strong cryptographic standards and Random number generation techniques, refer to PCI/NIST standards for advice • Once a device has been compromised, the barrier for future attacks is lowered as the attack methods will be available • And many more… 47 COMPANY CONFIDENTIAL NXP UNIQUELY POSITIONED TO DELIVER SECURE SMART CONNECTED SOLUTIONS Security Technology Application Identification Device Identification Certification Compliance Cryptography Acceleration Network Security NFC RFID Secure Boot Secure Keys Secure Memory Secure Update Trusted Execution Environments Unique Chip Identity Smart Connected SMART HOME SMART INDUSTRY SMART INFRASTRUCTURE Security Expertise WEARABLES E-Passport 48 Mobile Transactions Banking COMPANY CONFIDENTIAL SMART HEALTHCARE

Template Company Confidential_16x9

Rating

Date

Size

Views

Categories

Share

Transcript

Forgot your password?.