“SE052F combines the flexibility of a secure element with the newest generation of the Federal Information Processing Standard, a US and Canadian federal standard for data security required by NIST for participation in federal projects,” said NXP. “Many industrial IoT device manufacturers are turning to certifications, such as Common Criteria or FIPS, even outside of national or federal contracts, demonstrating advanced security features.”
The IC is part of the SE052 family, where only the …F version is complaint to the FIPS standard, and certified to Common Criteria EAL 6+.
They are based on an integrated Javacard operating system and applets. “With the NXP IoT applet, the content from the memory is fully isolated from the host system,” said NXP, noting: “Updating the applet will make the parts non-FIPS compliant and they will require a FIPS recertification.”
Other features include: ECDSA and ECDH/E cryptography based on NIST and Brainpool curves, RSA up to 4K – including key generation, and authenticated AES encryption modes CCM/GCM.
Remote key management is possible “and follows the Plug & Trust approach [which] ensures a complete product support package and provides example codes for a range of use cases”, said the company.
Protection is included against attacks including power analysis and induced faults, and there is physical metal shielding, end-to-end encryption, memory encryption and tamper detection.
The true random number generator is compliant to NIST SP800-90B, and the deterministic random bit generator to NIST SP800-90A.
100kbyte of memory is available for user data.
Communication is over 3.4 Mbit/s I2C (target, or 400kbit/s controller) and there is an ISO14443-A passive contactless wireless interface.
Operation is over -40 to +105°C, and the device comes in a 4 x 4mm HVQFN20 package.
Find the SE052F on this web page