For the secure exchange of critical data (like payment, e-commerce, banking but also handling of sensitive personal data) between a person and an automatic electronic processing system we need not only secure tokens like smart cards for authentication and key management but also as supplement a secure terminal.
Typical terminals for such data exchange are:
- Secure keyboards;
- Online payment terminals;
- Authentication and signature devices.
Common to all this applications is the need for a secure, trustable device which can handle the necessary security protocols, interfacing easily to the communication infrastructure and communicating securely over a network or similar to the central control and processing system Within this Secure Terminal IC (SETIC) project we want to specify, develop and test with two real life application a single chip solution for this purpose. This stand alone single IC will be the readers security supplement to already existing secure smartcards.
Within this proposal we will develop out of a highly secure, advanced smart card processor kernel an universal Secure Terminal IC (SETIC). With this single chip solution it will become possible to develop in a simple and economic way terminals (for smart cards as well as for other security applications) with embedded security features. Specific firmware in the controller part of the module together with cryptographic coprocessors will provide the elementary crypto functions and also the low-level operating system routines. The practical usability together with the system features will be tested by different security applications like secure keyboard and secure on-line payment terminals. The overall security level will be analysed and certified by a Common Criteria evaluation. With SETIC the necessary smart card based security infrastructure of the future can be easily developed and disseminated at low cost into everyone's hands.
For reaching a high security level, we will use an advanced smart card processor kernel (32Bit) as the basic element. This already includes the required smart card security mechanisms for enhanced physical protection. Fast and secure cryptographic coprocessors will be added for fast processing of the necessary cryptographic protocols: DES, AES, universal hashing, PK with RSA or ECC. For easy interfacing to the host system and human interaction we will integrate multiple interfaces: USB-Hub, keyboard matrix, LCD drivers, contact and contact less smart card interfaces, SPI for external memory and an universal GP interface for network connection. For controlling and programming the module we will integrate interface drivers supporting the operating system kernel together with the necessary crypto primitives. This will allow an easy access to the functionalities by the system developers. To provide an easy access from the host system we will define a generic API. This will also allow for a platform independent operation by JAVA and similar techniques. For the testing of the design and of the real life performance we will also realise two typical security applications: secure keyboard and secure on-line payment terminal. To support the intended use in security applications we will demonstrate the quality of our SETIC by certifying the hardware and the low level drivers according to the common criteria EAL5.
M1: Requirements phase finished
M2: Finished specification phase;
M3: Product Implementation/Development finished;
M4: Crypto Coprocessors integrated;
M5: Device and Host driver API developed;
M6: Integration and test of Hardware, Firmware and host software;
M7: User Documentation;
M8: Dissemination, Implementation;
M9: Assessment and Evaluation;
M10: Common Criteria Certification;
M11: Secure Keyboard Application;
M12: Secure Terminal Application;
M13: JAVA XML Application.
Funding SchemeCSC - Cost-sharing contracts