NXP Secure Smart Card Controller N7021 VA
NXP Secure Smart Card ControllerN7021 VASecurity Target LiteRev. 2.6 – 2020-08-07FinalBSI-DSZ-CC-0977-V3Evaluation documentationPublicDocument InformationInfoContentKeywordsCC, Security Target Lite, N7021 VAAbstractSecurity Target Lite of the NXP Secure Smart Card ControllerN7021 VA, which is developed and provided by NXP Semiconductors, Business Unit Security & Connectivity according to the Common Criteria for Information Technology Security Evaluation Version3.1 at EAL6 augmented
N7021 VANXP SemiconductorsSecurity Target LitePublicRevDateDescription1.003-April-2017First version1.131-May-2017Minor update after certifier feedback.2.006-September-2018Updated document version numbers in Tab. 1.1. Updated CC conformance to v3.1rev5.2.115-November-2018Updated SP 800-67 reference. Updated delivery information in section 1.4.1.1.2.209-May-2019Removed single-DES and 2-key TDES references.2.306-June-2019Updated Guidance and Operation Manual reference.2.409-April-2020Updated Peripheral Configuration and Use data sheet addendum reference.2.502-July-2020Removal of configuration options with NXP software in Card A.2.607-August-2020Completion of removal of claims regarding Secure User Mode Box in UM Card A.FinalEvaluation documentation NXP N.V. 2020. All rights reserved.Rev. 2.6 – 2020-08-071 of 93
N7021 VANXP SemiconductorsSecurity Target LitePublic1ST IntroductionThis chapter is divided into the following sections: ”ST Reference”, ”TOE Reference”, ”TOE Overview” and ”TOEDescription”.1.1ST ReferenceNXP Secure Smart Card Controller N7021 VA Security Target, 2.6, NXP Semiconductors, 2020-08-07.1.2TOE ReferenceThe TOE is named "NXP Secure Smart Card Controller N7021 VA including IC Dedicated Software". In this document the TOE is abbreviated to NXP Secure Smart Card Controller N7021 VA or to N7021 VA. All componentsof the TOE and their respective version numbers are listed in section 1.4.1.1.1.31.3.1TOE OverviewUsage and Major Security Functionality of the TOEThe TOE is the IC hardware platform NXP Secure Smart Card Controller N7021 VA with IC Dedicated Softwareand documentation describing instruction set and usage of the TOE. The TOE does not include a customerspecific Security IC Embedded Software.The IC hardware is a microcontroller incorporating a central processing unit (CPU), memories accessible via aMemory Management Unit (MMU), cryptographic coprocessors, other security components and several electricalcommunication interfaces. The central processing unit supports a 32-/16-bit instruction set optimized for smartcard applications. The first and in some cases the second byte of an instruction are used for operation encoding.On-chip memories are ROM, RAM and Flash. The Flash can be used as data or program memory. It consists ofhighly reliable memory cells, which are designed to provide data integrity. Flash is optimized for applications thatrequire reliable non-volatile data storage for data and program code. Dedicated security functionality protects thecontents of all memories. Notice, that the Flash is also referred to as Non-Volatile Memory (NVM) in this SecurityTarget.The IC Dedicated Software comprises IC Dedicated Test Software for test purposes and IC Dedicated SupportSoftware. The IC Dedicated Support Software consists of the Boot Software, which controls the boot processof the hardware platform. Furthermore, it provides a Firmware Interface and optionally Shared OS Libraries,simplifying access to the hardware for the Security IC Embedded Software. A System Mode OS is available(optional), offering ready-to-use resource and access management for customer applications that do not want tobe exposed to the more low-level features of the TOE. The Flashloader OS (optional) supports download of codeand data to Flash by the Composite Product Manufacturer before Operational Usage (e.g. during development).The Symmetric Crypto Library (optional) provides simplified access to frequently used symmetric cryptographyalgorithms.FinalEvaluation documentation NXP N.V. 2020. All rights reserved.Rev. 2.6 – 2020-08-072 of 93
N7021 VANXP SemiconductorsSecurity Target LitePublicThe documentation includes a Product Data Sheet with several addenda, an Instruction Set Manual, a Guidanceand Operation Manual, Symmetric Crypto Library User Manuals and a Wafer and Delivery Specification. Thisdocumentation comprises a description of the architecture, the secure configuration and usage of the IC hardwareplatform and the IC Dedicated Support Software by the Security IC Embedded Software.The security functionality of the TOE is designed to act as an integral part of a complete security system in orderto strengthen the design as a whole. Several security mechanisms are completely implemented in and controlledby the TOE. Other security mechanisms allow for configuration by or even require support of the Security ICEmbedded Software.N7021 VA provides high security for smartcard applications and in particular for being used in the banking andfinance market, in electronic commerce or in governmental applications. Hence, N7021 VA shall maintain the integrity and the confidentiality of code and data stored in its memories, the different TOE modes with the related capabilities for configuration and memory access and the integrity, the correct operation and the confidentiality of security functionality provided by the TOE.This is ensured by the construction of the TOE and its security functionality.NXP Secure Smart Card Controller N7021 VA basically provides a hardware platform for an implementation of asmart card application with functionality to calculate Data Encryption Standard (Triple-DES) with up to three keys, hardware to calculate Advanced Encryption Standard (AES) with different key lengths, support for large integer arithmetic operations like multiplication, addition and logical operations, which aresuitable for public key cryptography and elliptic curve cryptography, a True Random Number Generator, a Hybrid Deterministic Random Number Generator, a Hybrid Physical Random Number Generator, memory management control, cyclic redundancy check (CRC) calculation, ISO/IEC 7816 contact interface with UART, ISO/IEC14443A contactless interface.In addition, several security mechanisms are implemented to ensure proper operation as well as integrity andconfidentiality of stored data. For example, this includes security mechanisms for memory protection and securityexceptions as well as sensors, which allow operation under specified conditions only. Memory encryption is usedfor memory protection and chip shielding is added to the chip.FinalEvaluation documentation NXP N.V. 2020. All rights reserved.Rev. 2.6 – 2020-08-073 of 93
N7021 VANXP SemiconductorsSecurity Target LitePublicNote:Large integer arithmetic operations are intended to be used for calculation of asymmetric cryptographicalgorithms. Any asymmetric cryptographic algorithm utilizing the support for large integer arithmetic operations has to be implemented in the Security IC Embedded Software. The support for large integer arithmeticoperations does not provide security functionality like cryptography. The Security IC Embedded Softwarethat implements an asymmetric cryptographic algorithm is not included in this Security Target, but the support for large integer arithmetic operations is a security relevant component of the TOE, which resists to theattacks mentioned in this Security Target and operates correctly as specified in the data sheet. The samescope is applied to the CRC calculation. Similarly, even though single DES and two-key version of TDESare supported, they are not within the scope of evaluation.1.3.2TOE TypeThe TOE NXP Secure Smart Card Controller N7021 VA is provided as IC hardware platform with IC DedicatedSoftware for various operating systems and applications with high security requirements.1.3.3Required non-TOE Hardware/Software/FirmwareNone1.41.4.1TOE DescriptionPhysical Scope of TOEN7021 VA is manufactured in 90nm CMOS technology. A block diagram of the IC hardware is depicted in Figure1.1.FinalEvaluation documentation NXP N.V. 2020. All rights reserved.Rev. 2.6 – 2020-08-074 of 93
N7021 VANXP SemiconductorsSecurity Target LitePublicLALBRFINTERFACEup to 320 KBup to 188 KBPROGRAM MEMORYI/O 1IO1RAMFLASHROMCIUISO 1444310 KBUARTISO 7816MEMORY MANAGEMENT UNIT (MMU)POROSCILLATORCLOCKFILTERCLOCKGENERATIONSECURE SmartMX3 P71 CPUCLKCOPROCESSORSSECURITY SENSORSRESET GENERATIONRST NVOLTAGE REGULATORVDDCRC8-bit,16-bitor 32-bitTRNGWATCHDOGTIMERDESAES128-bit/192-bitor 256-bitPKC (PUBLICKEY CRYPTO)COPROCESSORe.g. RSA, ECCVSSFig. 1.1: Block DiagramN7021 VA consists of the IC hardware and IC Dedicated Software. The IC Dedicated Software is composed of ICDedicated Test Software for test purposes and IC Dedicated Support Software. The IC Dedicated Test Softwarecontains the Test Software, the IC Dedicated Support Software is composed of the Boot Software, the FirmwareInterface, the Shared OS Libraries, the Symmetric Crypto Library, the System Mode OS and the Flashloader OS.All other software is called Security IC Embedded Software. The Security IC Embedded Software is not part ofthe TOE. All components of the TOE are listed in section 1.4.1.1.1.4.1.1TOE componentsTypeNameVersionForm of DeliveryN7021VAWafer, modules andTestTest Software20.0On-chip softwareIC Dedicated SupportBoot Software20.0On-chip softwareSoftwareFirmware Interface20.0On-chip softwareDocumentSmartMX3 family P71D320 Overview, pinning and electri-3.1PDF via NXP Doc-All configurationsIC HardwarepackageICDedicatedSoftwarecal characteristics, Product Data Sheet [25]DocumentSmartMX3 N7021 Instruction Set Manual, Product DataSheet addendum [16]PDF via NXP DocStoreFinalEvaluation documentationStore1.4 NXP N.V. 2020. All rights reserved.Rev. 2.6 – 2020-08-075 of 93
N7021 VANXP SemiconductorsSecurity Target LitePublicTypeNameVersionForm of DeliveryDocumentSmartMX3 family N7021 Wafer and delivery specification,1.3PDF via NXP Doc-Data Sheet addendum [24]DocumentSmartMX3 N7021 Post Delivery Configuration Post Deliv-Store1.1ery Configuration, Data Sheet addendum [21]DocumentSmartMX3 N7021 Chip Health Mode, Data Sheet adden-Store1.0dum [14]Document1.51.5SmartMX3 N7021 Inter-Card Communication, Data SheetPDF via NXP DocStoreSmartMX3 N7021 NVM Operate Function, Data Sheet1.0addendum [19]DocumentPDF via NXP DocStore1.1addendum [17]DocumentPDF via NXP DocStoreSmartMX3 N7021 MMU configuration & FW interface,Data Sheet addendum [18]DocumentPDF via NXP DocStoreSmartMX3 N7021 Peripheral Configuration and Use, DataSheet addendum [20]DocumentPDF via NXP Doc-PDF via NXP DocStoreNXP Secure Smart Card Controller N7021 Information on1.4Guidance and Operation, Guidance and Operation Man-PDF via NXP DocStoreual [13]Deliverables of the Flashloader OSIC Dedicated SupportFlashloader OS20.0SmartMX3 N7021 FlashLoader, Product Data Sheet ad-1.3On-chip softwareSoftwareDocumentdendum [15]PDF via NXP DocStoreDeliverables of the Shared OS LibrariesIC Dedicated SupportShared OS Libraries20.0On-chip softwareSoftwareLibrary FilelibCommSDK installer via NXPLibrary FilelibCrcLibrary FilelibMemLibrary FilelibFLDocumentSmartMX3 N7021 Shared OS libraries, Data Sheet ad-DocStoreSDK installer via NXPDocStoreSDK installer via NXPDocStoreSDK installer via NXPDocStore1.2dendum [22]PDF via NXP DocStoreDeliverables of the System Mode OSIC Dedicated SupportSystem Mode OS20.0On-chip softwareSoftwareFinalEvaluation documentation NXP N.V. 2020. All rights reserved.Rev. 2.6 – 2020-08-076 of 93
N7021 VANXP SemiconductorsSecurity Target LitePublicTypeNameVersionForm of DeliveryDocumentSmartMX3 N7021 NXP System Mode OS Interface, Data1.6PDF via NXP Doc-Sheet addendum [23]StoreDeliverables of the Symmetric Crypto LibraryIC Dedicated SupportCrypto Library Iron2.0.6-01Crypto Library Iron2.0.6-01On-chip softwareSoftwareLibrary FilesSDK installer via NXPDocStoreDocumentCrypto Library V1.0 on N7021 VA, Symmetric Cipher Li-1.2brary (SymCfg), User manual [28]DocumentN7021 Crypto Library, RNG Library, User manual [27]PDF via NXP DocStore1.3PDF via NXP DocStoreDocumentN7021 Crypto Library, Utils Library, User manual [29]1.1PDF via NXP DocStoreDocumentCrypto Library Iron on N7021 VA, Information on Guid-2.1ance and Operation, Guidance and Operation Manual [7]PDF via NXP DocStoreTab. 1.1: Components of the TOEThe IC Hardware is delivered to the customer by secure transport in parcels sealed with special tape. Thecustomer can examine the tape sealing to make sure that the TOE has not been manipulated during transport.The documentation can be downloaded by the customer from the NXP DocStore website after registration. Libraryfiles (object files, header files and linker scripts) are also made available to the customer via NXP DocStore, aspart of a downloadable and installable SDK.The logical dependencies of the TOE components are given in Section 1.4.3.2.The IC Hardware is identified by a nameplate that is located in the layout of the chip (see [24] how to inspect thenameplate). The IC Dedicated Software is identified by ’IC Dedicated Software version’, which can be read out bythe Security IC Embedded Software via a GetVersion command as described in [14].1.4.2Evaluated ConfigurationsThe N7021 VA can be delivered with various configuration options as described in this section. The configuration options are divided into two groups: major configuration options according to section 1.4.2.1 and minorconfiguration options according to section 1.4.2.2.1.4.2.1Major configuration optionsThree major configurations can be chosen by the customer during the ordering process: Configuration based on 320 kBytes of Flash memory as code space Configuration based on 240 kBytes of Flash memory as code space Configuration based on 144 kBytes of ROM memory as code spaceFinalEvaluation documentation NXP N.V. 2020. All rights reserved.Rev. 2.6 – 2020-08-077 of 93
N7021 VANXP SemiconductorsSecurity Target LitePublicEach major configuration is provided with several minor configuration options, which are introduced in Section1.4.2.2. Each major configuration also provides customers with several options for reconfiguration (Post DeliveryConfiguration), which are described in Section 1.4.2.3 in detail.1.4.2.2Minor configuration optionsMinor configurations are chosen by the customer during the ordering process as detailed in Table 1.2.Product optionChoicesDescriptionCustomer TypeSystem Mode Customer, UserSelect the hierarchical interaction model of the Security ICMode CustomerEmbedded Software.Use Flash LoaderYes, NoIf selected, allow the download of an arbitrary card image intoUID Option7B UID, 4B FNUID, 10B UIDDetermines the UID setting.Enable ContactlessEnabled, DisabledIf enabled, the contactless interface is activated in the productlogical card B using the Flashloader.InterfaceInput Capacitanceconfiguration.17pF, 56pF, 70pFNominal input capacitance for ISO/IEC 14443 contactless interface.Data RateAll, 106kbps, 106-848kbps, 106-Set the available data rates.848kbps and VHBR rates up to3.2MbpsEnable Contact In-Enabled, DisabledIf enabled, the contact interface is activated in the productterfaceconfiguration.PUF optionEnabled, DisabledIf enabled, the device supports the PUF security functionality.Enable Chip HealthEnabled, DisabledEnable the availability of Chip Health Mode (CHM).ModeTab. 1.2: Evaluated minor configuration optionsRegardless of the minor configuration options selected, the TOE will always remain in a certified configuration.1.4.2.3Post Delivery ConfigurationPost Delivery Configuration (PDC) can be used by the customer after the TOE has been delivered by NXP. Theseoptions can be used to tailor the TOE to specific customer requirements. The Post Delivery Configuration settingscan be changed multiple times but must be set permanently by the customer before the TOE is delivered to phase7 of the life-cycle.Table 1.3 lists those configuration parameters that can be set by PDC in the NXP Secure Smart Card ControllerN7021 VA.PDC optionDescriptionTotal requested Flash sizeDefine the total number of customer available Flash pages. PDC can only reduce this value.FinalEvaluation documentation NXP N.V. 2020. All rights reserved.Rev. 2.6 – 2020-08-078 of 93
N7021 VANXP SemiconductorsSecurity Target LitePublicPDC optionDescriptionContact/contactless/dual operationDefine the operation mode which can be either "contact only", "contactlessmodeonly", or "dual". Interfaces can only be deactivated by PDC if they were selected during ordering.Disable cryptographic functionsDefine the available cryptographic options. Each of the three functions (DES,AES, PKCC) can be independently disabled.Outside Anti-Wear partition sizeDefines the outside anti-wear partition flash size available for logical card B.Card BInside Anti-Wear partition size CardDefines the inside anti-wear partition flash page size of logical card B and theB and Free Page Pool (FPP) sizenumber of additional Free Page Pool pages. Wear-levelling increases FlashDefault OSDefine which operating system (either OS 1 or OS 2) should be launched afterendurance.finishing the boot sequence of the selected logical card.Card A/Card B RAM partition splitDefine how the RAM is split between Card A and Card B. Note that the factorydefined minimum value of Card A RAM size with 0x40 bytes is needed whensharing libraries from Card A. It is anyhow not possible to configure a lowervalue with PDC.Basic control setting and codebaseSet the codebase (memory offset) and options for OS1 in Card B.for OS1 in Card BBasic control setting and codebaseSet the codebase (memory offset) and options for OS2 in Card B.for OS2 in Card BTab. 1.3: Post Delivery ConfigurationAs indicated in the description of the PDC options, they can only be used to downgrade some configurations,it is not possible to enable functionality. The Post Delivery Configuration can be accessed using chip healthmode functionality in combination with the ISO/IEC 7816 contact interface. PDC configures the availability ofTSF. Deactivating TSF is identical to not utilizing the functionality and therefore the TOE will remain in a certifiedconfiguration. For further details regarding PDC refer to [21].1.4.2.4Dependencies on minor configuration and PDCDepending on the minor configuration options chosen during the ordering process, and on the changes madeusing PDC, some of the security functionality mentioned in this ST is no longer available. Table 1.4 below liststhese dependencies.OptionFeatureSFRs commentUse Flash LoaderSS.LoaderSFRs are still in place to ensure correct blocking of functionality.Chip Health ModeSS.RECONFIGFeature CHM is not available, SS.RECONFIG itself is still available. PDCDisable DESSS.HW TDES,also available via System Mode API.Related SFRs are deactivated. (SF.Object Reuse is still available)SS.SW DESFinalEvaluation documentation NXP N.V. 2020. All rights reserved.Rev. 2.6 – 2020-08-079 of 93
N7021 VANXP SemiconductorsSecurity Target LitePublicOptionFeatureSFRs commentDisable AESSS.HW AES,Related SFRs are deactivated. AES functionality is mandatory for SF.PUF.SS.SW AES,SS.RECONFIG needs AES for PDC configuration and CHM authentication.SF.PUF,(SF.Object Reuse is still available)SS.RECONFIGPUF optionSF.PUFRelated SFRs are deactivated.Tab. 1.4: Dependencies on minor configuration and PDC1.4.2.5Evaluated package typesThe commercial types are named according to the format P7nxeeeypp(p)/mvrrff(o).The characters in the above format are coded as described in Table 1.5 and Table 1.6. The commercial type nameis composed of fixed symbols, which are detailed in Table 1.5, and variable entries, which are filled in accordingto the rules in Table 1.6.VariableDescriptionValuesEvaluated Optionsnindicates ROM or Flash productnumeric’0’ for ROM, ’1’ for FlashxInterface and Feature Configurationalpha numeric’D’ for Dual InterfaceeeeIndication of Flash or ROM Size, dependingalpha numeric
NXP Semiconductors N7021 VA Security Target Lite Public The documentation includes a Product Data Sheet with several addenda, an Instruction Set Manual, a Guidance and Operation Manual,Symmetric Crypto LibraryUser Manuals and a Wafer and Delivery Specification. This
packages assembled at NXP and NXP's assembly and test vendors. Refer to Section Downloading package information from NXP website of this application note for step by step instructions for retrieving package information. For more details about NXP products, visit www.nxp.com or contact the appropriate product application team.
Smart Card Talk A quarterly newsletter for members and friends of the Smart Card Alliance February 2015 Smart Card Alliance Events 14th Annual Smart Card Alliance Government Conference June 9-10, 2015 Walter E. Washington Convention Center, Washington, DC Smart Card Alliance Member Meeting October 4-6, 2015 Arizona Grand Resort, Phoenix
Orbit B-hyve Smart Indoor/Outdoor Sprinkler Controller, 12 Station 94550 Orbit B-hyve Smart Indoor/Outdoor Sprinkler Controller, 6 Station 94870 Orbit B-hyve Smart Indoor/Outdoor Sprinkler Controller, 12 Station 94872 Orbit B-hyve Smart Indoor Sprinkler Controller, 4 Station 94915 Orbit B-hyve Smart Indoor Sprinkler Controller, 8 Station 94925
Cards on KSU 64 If card is a Loop card 64 If card is a T1 card 64 If card is a PRI card 65 If card is an ETSI PRI card 66 If card is a DID card 66 If card is an E&M card 66 If card is a BRI-U2, BRI-U4 or BRI-ST card 66 If
system comprising a first and second mobile device, a Smart card reader, and a Smart card. FIG. 2 is a schematic diagram of a wireless Smart card system comprising two connecting devices, a Smart card reader, and a Smart card. 10 15 25 30 35 40 45 50 55 60 65 2 FIG. 3 is a block diagram of the connecting devices and Smart card reader of FIG. 2.
3. Insert a Smart Card Orient the compatible smart card with its face up so that the gold end of the card is nearest to the smart card reader slot. Then, insert the gold end of the card into the smart card reader slot. The smart card indicator light b
a speci c, commonly used, case of secure computation. To implement secure computation and secure key storage on mobile platforms hardware solutions were invented. One commonly used solution for secure computation and secure key storage is the Secure Element [28]. This is a smart card like tamper resistant
PUBLIC 2 NXP's SOLUTIONS ORGANIZATION Cross Business Line organization within NXP Application specific expertise and focus Work at system level, bringing together cross-NXP hardware and software to develop and support complete solutions For wireless power, this is Qi certified transmitters and receivers, that contain NXP application software, libraries, controllers, NFC .
