Background information: Security and the Smartcard Market

The issue of security is becoming increasingly important in the smartcard market, from applications such as bank and health cards, where a very high level of data security is an absolute requisite, down to relatively simple applications such as prepayment cards for telephones, parking or vending machines, where there could be profitable black markets in forged cards.

Security is a general term that has several components. The overall security of a complex system is made up from many parts and software programs. There is a need for formal evaluation of the complete system against defined security targets and for security certification by independent authorities. Of great importance also are the security features offered by the smartcard IC itself. Two of the important smartcard security features are the technology and design of the chip itself and the security of any data encryption scheme employed. For the semiconductor manufacturer, there is much to gain from participating in formal, independent security evaluations and certification, such as ITSEC, in partnership with the smartcard system developers and operators. This type of on-going certification is made possible by total dedication to security throughout design, manufacturing and product delivery, and the development of proprietary chips and matching firmware that together provide sophisticated protection features and include data encryption to internationally accepted standards.

To date, two ITSEC certifications have been achieved, by smartcard products. Both have been achieved by SGS-THOMSON, with the ST16601 product for the french banking card and with the ST16SF48 for the Viaccess pay-TV application. An additional security certification, not using ITSEC norms, has been achieved with the ST16SF48 for the german banking card.

The security of the smartcard chip is no longer a major issue; SGS-THOMSON's ST16XYZ family of MCU-based smartcard ICs includes an unrivaled array of built-in physical and logical security mechanisms that effectively prohibit unauthorized access to the chip and its stored data. However, all smartcard applications involve some kind of communication with the outside world and this is potentially a weak link. The same problem occurs in many other situations where data must be transmitted over open or insecure channels such as airwaves or telephone lines.

In applications such as prepaid telephone cards, relatively simple security mechanisms such as fuses, transport codes and simple signature generation are usually acceptable but applications such as bank, pay TV and health cards require levels of security that can only be achieved by the use of cryptography, the science of encoding and decoding messages.

Cryptographic schemes fall into two distinct groups which are usually known as the Secret Key and the Public Key methods. Although Secret Key schemes such as DES have been implemented using microprocessors for more than 20 years, Public Key cryptography offers major advantages in many applications and is becoming increasingly favored.

Public Key systems employ two different keys, one for encryption and the other for decryption. These keys are mathematically related but it is possible to devise algorithms (such as the popular RSA algorithm) where the encryption key can be made public but the decryption key remains secret. To send an encrypted message using such a system, the sender looks up the recipient's encryption key in a public directory and uses this to encrypt the message. He can then send the cipher text using an insecure communications method such as the public telephone system. The recipient decodes the message using his secret decryption key.

Public key systems have two very important benefits. The first is that the only key anyone ever has to remember is his own secret decryption key. The second is that it offers the possibility of implementing 'electronic signatures', using a two-stage encryption process. Because the first step in creating a signed message is to encode with the sender's secret key, a third party can only send a message purporting to be from the sender if he knows the sender's secret key. Similarly, the sender cannot subsequently deny sending the message because a message that decodes successfully using his public key must have been originally encoded with his secret key - which nobody else knows.

By using hash functions and adding date/time data to messages before encrypting, additional protection can be provided against threats such as accidental or deliberate modifications to the message. Public Key systems therefore satisfy all of the major cryptographic requirements and the technique has been accepted by many organizations, including the US National Institute of Standard Technologies, the American Bankers Association and the French Banking Association.

In the past, Secret Key systems have tended to dominate by virtue of their simpler algorithms and consequent lower implementation costs. Public Key algorithms involve more complex arithmetic processing, which used to imply long execution times or expensive hardware.

This is no longer a significant problem, thanks to the development of co-processors that perform the specialized computations at high speed. SGS-THOMSON offers a family of chips featuring a cost-effective Modular Arithmetic coProcessor (MAP) that can perform a typical 512-bit signature calculation in milliseconds.

The first member of this family is the ST16CF54, intended for use in smartcards. The ST16CF54 contains 16Kbyte of user ROM, 4Kbytes of system ROM for the function library, 480 bytes of user SRAM (plus 192 bytes of dedicated SRAM for the MAP) and 4Kbytes of partitionable very high performance EEPROM, as well as two built-in random number generators and a full range of on-chip security mechanisms.

The ST16CF54's system ROM contains an embedded cryptographic firmware library that provides all of the necessary primitive functions: access to the MAP registers, mathematical functions such as Montgomery constant calculation, modular exponentiation, multiplication and real random number generation, as well as the basic RSA Algorithm functions for secret key generation, RSA signature and RSA authentication. All of these primitives can be called from the ST16CF54's user ROM, with message and parameter passing via the ST16CF54's RAM, but the unique ST16XYZ architecture and SGS-THOMSON's proprietary Access Control Matrix provide full and secure protection against internal or external memory dumps. The use of the embedded crypto-library ensures that the chip's hardware resources are accessed in a correct and secure way.

In 1997 the new ST19CF68 cryptocontroller will be available, first product of the new ST19 family in 0.6um technology, featuring 8kbytes EEPROM, 24kbytes user ROM, 960bytes user RAM and 1024bit public key capability.

The first major applications for the Cryptocomputer Smartcards are in Banking, Pay TV and Social Health Cards, but with the power and security of these chips they are generating significant interest for future use in other financial transaction and network security fields such as sales over the Internet.

According to a detailed study made by SGS-THOMSON in 1996, the number of Smartcards issued will rise from 730 million in 1996 to over 3.6 billion in the year 2000, giving a market for Smartcard ICs of $450 million in 1996 rising to $3.6 billion in 2000. The main growth area is for Microcomputer and Cryptocomputer products with high security features. Similar figures are given by Dataquest: from $473 million in 1996 to $2.9 billion in 2001.

SGS-THOMSON is an industry leader in non-volatile memory technology and is the only semiconductor manufacturer that offers EPROM, FLASH, EEPROM and smartcard process technologies. Current developments are based on 0.6 micron technology derived from the company's proprietary flash technology. SGS-THOMSON is also able to guarantee supply through internal dual sourcing from plants in Rousset, near Aix-en-Provence, France, and Agrate Brianza, Italy.

February 1997

Top