

## Chip Card & Security ICs

SLE 76CF5120P

504 kBytes E<sup>2</sup>PROM 12 kBytes RAM

16-bit ROM-less security controller optimized for mobile communication applications in 0.13 µm CMOS technology

**Short Product Information 03.07** 

| SLE 76CF                                                                                                                          | 5120P Sh | Ref.: SPI_SLE76CF5120P_0307 |  |  |  |
|-----------------------------------------------------------------------------------------------------------------------------------|----------|-----------------------------|--|--|--|
| This document contains preliminary information on a new product under development.  Details are subject to change without notice. |          |                             |  |  |  |
| Revision History:                                                                                                                 |          | Current Version 03.07       |  |  |  |
| Previous R                                                                                                                        | eleases: |                             |  |  |  |
| Page                                                                                                                              |          |                             |  |  |  |
|                                                                                                                                   |          |                             |  |  |  |

**Important**: Further information is confidential and on request. Please contact:

Infineon Technologies AG in Munich, Germany,

Chip Card & Security ICs,

E-Mail: <a href="mailto:security.chipcard.ics@infineon.com">security.chipcard.ics@infineon.com</a>

www.infineon.com/security

#### Edition 2007

Published by Infineon Technologies AG, AIM CC 81726 Munich, Germany
© Infineon Technologies AG 2007
All Rights Reserved.

#### Attention please!

The information herein is given to describe certain components and shall not be considered as warranted characteristics.

Terms of delivery and rights to technical change reserved.

We hereby disclaim any and all warranties, including but not limited to warranties of non-infringement, regarding circuits, descriptions and charts stated herein.

Infineon Technologies is an approved CECC manufacturer.

#### Information

For further information on technology, delivery terms and conditions and prices please contact your nearest Infineon Technologies Office in Germany or our Infineon Technologies Representatives world-wide (see address list).

#### Warnings

Due to technical requirements components may contain dangerous substances. For information on the types in question please contact your nearest Infineon Technologies Office.

Infineon Technologies Components may only be used in life-support devices or systems with the express written approval of Infineon Technologies, if a failure of such components can reasonably be expected to cause the failure of that life-support device or system, or to affect the safety or effectiveness of that device or system. Life support devices or systems are intended to be implanted in the human body, or to support and/or maintain and sustain and/or protect human life. If they fail, it is reasonable to assume that the health of the user or other persons may be endangered.



## 16-bit security controller optimized for mobile communication applications with enhanced instruction set for large memories in 0.13 µm CMOS technology, 12 kBytes RAM and 504 kBytes E<sup>2</sup>PROM

### General Features

- 16-bit microcomputer in 0.13 µm CMOS technology with 24-bit linear addressing
- Highly efficient instruction set based on an 80251 type architecture
- Up to 16 Mbytes linear address space
- 44 bytes register file with 11 double word, 16 word and 16 byte registers
- Defined migration path from SLE 66C(L)xxxPE products with minimized customer effort based on an adapted tool set
- Dedicated, 80251-based architecture implementation with an execution time faster than a standard 80251
- 504 kBytes E<sup>2</sup>PROM with full E<sup>2</sup>PROM functionality and free partitioning between code and data
- 12 kBytes RAM
- 1 kByte unified cache for code and data
- Symmetric Crypto Processor (SCP) for triple-key, triple-DES and AES acceleration (128, 192 and 256bit)
- External Clock frequency 1 up to 10 MHz
- Internal Clock with up to 33 MHz: Programmable internal frequency (PLL x1...x8 and free running mode.
- Adjustable internal frequency according to available power or required performance
  - Increased internal frequency for maximum performance
  - Internal frequency is automatically adjusted to keep a given power limit
- Two 16-bit Autoreload Timers and Watch Dog Timer
- Power-saving sleep mode
- Enhanced UART for handling serial interface in accordance with ISO/IEC 7816 part 3 supporting transmission protocols T=1 and T=0 (support of clock division factor of 8)
- Improved CRC module with loadable initialization vector (developed according to ISO/IEC 3309 supporting CCIT v.41 & HDLC X25)
- Supply voltage range: 1.62 V to 5.5 V

- Support of current consumption limits required by GSM applications
  - < 10 mA @ 5.5 V
  - < 6 mA @ 3.3 V
  - < 4 mA @ 1.98 V
- Operating temperature range: -25 to +85°C
- Storing temperature range: 40° to +125°C
- ESD protection larger than 4 kV (HBM)

#### E<sup>2</sup>PROM Technology

- Typical programming time (erase & write) = 2.3 ms without firmware
- Fast personalization mode = 1 ms per page without firmware
- Flexible page mode for 1 to 128 bytes write/erase operation for the whole NVM size
- 32 bits security area (PROM)
- Minimum of 500.000 write/erase cycles @ 25°C per page
- Typical data retention of 10 years @ 25°C
- E<sup>2</sup>PROM programming voltage generated on chip
- Flash Loader concept
  - High speed flash download for fast personalization (10s / 512k)
  - Flash upload service by Infineon (optional)

# Security features tailored for mobile communication applications

- Light sensor
- Special Function Register (SFR) encryption
- User mode Security Life Control (UmSLC)
- Pseudo Random Number Generator (PRNG)
- Interrupt and Peripheral Event Channel Controller (ITP)
  - Interrupt module for I/O interface and peripherals
  - Enabling fast data transfer through peripheral event channels (PEC)
- Watchdog Timer (WDT) incl. check point register for runtime check
- Address and data scrambling of memories



#### **Memory Security**

- Memory Management and Protection Unit (MMU)
  - Addressable memory up to 16 MBytes
  - Code execution from RAM possible
- 32 bits security PROM
- Unique chip identification number for each chip
- MED memory encryption/decryption device for RAM, ROM, and NVM in code or data areas

#### **Anti Snooping**

- Basic countermeasures against side-channel attacks
- Dedicated smart card controller micro-architecture

#### **Document References**

- Confidential Hardware and Programmer Reference Manual
- Chip qualification report
- Chip delivery specification for wafer with chip-layout (die size, orientation, step size)
- Module specification containing description of package
- Module qualification report

#### **Development Tools Overview**

- Software Development Kit, SDK 70 (based on the Keil PK251 kit)
- FPGA based emulator ET70
- Worldwide application engineer team & customer dedicated Field Application Engineers
- Regular customer trainings on hardware & software tools
- On-site trainings available on request

## **Supported Standards**

- ISO/IEC 7816
- GSM 11.11, 11.12, 11.18
- ETSI TS 102 221



## **Ordering Information**

| Туре                               | Package <sup>1</sup> | Voltage<br>Range | Temperature<br>Range | Frequency Range<br>(ext. clock frequency) |
|------------------------------------|----------------------|------------------|----------------------|-------------------------------------------|
| SLE 76CF5120P C Die (sawn, unsawn) |                      | 1.62 V - 5.5 V   | – 25°C to + 85°C     | 1 MHz - 10 MHz                            |
| SLE 76CF5120P MXXX                 | M5.X<br>MFCX.X       | 1.02 V - 3.3 V   | - 23 0 10 + 03 0     | 1 WHIZ 10 WHIZ                            |

Flash initialization/personalization available upon request.

For ordering information please refer to the Hardware Reference Manual and contact your sales representative.

## **Pin Description & Module**



Figure 1: Pin Configuration

#### **Pin Definitions and Functions**

| Symbol | Function                 |  |
|--------|--------------------------|--|
| VCC    | Operating voltage        |  |
| RST    | Reset input              |  |
| CLK    | Processor clock input    |  |
| GND    | Ground                   |  |
| I/O    | Bi-directional data port |  |

<sup>&</sup>lt;sup>1</sup> available as flip chip module (MFC), wire-bonded module (M5) or as die (C) for customer packaging

Short Product Information 5 / 9 03.2007



#### **General Description**

The SLE 76CF5120P is a member of the streamlined SLE 76P-series of Infineon Technologies optimized for mobile communication applications. This security controller is manufactured in advanced 0.13  $\mu$ m CMOS technology. It has a defined migration path from existing SLE 66C(L)xxxPE products with minimized customer effort to migrate the OS and is based on the same tool set.

**ROM-less concept:** The unique NVM combines the advantages of a high speed code Flash with the flexibility and reliability of a true E<sup>2</sup>PROM with regard to bytewise addressable pages and data retention.

#### **Performance**

The internal clock frequency can be adjusted to a level of up to 33 MHz either as a multiple of 1 to 8 of the external frequency or independent of the clock rate of the terminal with the help of the internal clock. It is adjustable according to either available power requirements or required performance:

- Increased internal clock frequency for maximum performance, e.g. for high performance with max. frequency.
- Automatically adjusted frequency to keep a given maximum power consumption, for GSM requirements.



#### **Memory**

The SLE 76CF5120P offers 12 kBytes RAM and 504 kBytes E²PROM to fulfill the increased requirements of mobile communication applications. 504 kBytes of E²PROM, with full E²PROM functionality and free partitioning between code and data thus allow to include SIM Application Toolkit, Wireless Application Protocol (WAP), WML-Browser and JavaCard API implementations into the NVM.



Figure 1: Block Diagram SLE 76CF5120P

The new platform is designed to address up to 16 Mbytes of memory.

## Security

The set of security features has been tailored to fit the requirements of mobile communication applications purposes combined with enhanced reliability for these applications.

- Encrypted storage of any confidential code, data and keys is supported.
- Basic protection against side channel attacks such as: Simple Power Analysis (SPA), Differential Power Analysis (DPA).
- Basic protection against Differential Fault Analysis (DFA) / Fault Induction Attacks.
- A customer specific transport key combined with a unique loader concept secures the logistic flow until card issuing.



#### **Peripherals**

The SCP (Symmetric Crypto Processor) module supports symmetrical crypto algorithms according to the Data Encryption Standard (DES) in the Electronic Code Book Mode, as well as Cipher Block Chaining, while the AES (Advanced Encryption Standard) component of the SCP module performs AES-compliant operations for three different key lengths.

The Interrupt and Peripheral Event Channel Controller (ITP) can process interrupt requests from different sources to run an interrupt service routine (ISR). Data can be directly transferred between memory locations with a minimum of CPU activity for fast interaction with peripherals using so-called Peripheral Event Channels (PECs). The channels can be assigned individually to peripherals or chained together to enable continuous transfer without handover delay between the channels.

The enhanced CRC module allows the easy generation of checksums according to ISO/IEC 3309 (16-Bit-CRC) and offers a loadable initialization vector for a better Java support.

To minimize the overall power consumption, the chip card controller IC offers a sleep mode.

The improved UART supports the half-duplex transmission protocols T=0 and T=1 according to ISO/IEC 7816-3 as well as a larger FIFO and a clock division factor of 8. All relevant transmission parameters can be adjusted by software, as e.g. the clock division factor, direct/inverse convention and the number of stop bits. Additionally, the I/O port can be driven by communication routines realized in software.

The pseudo random number generator (PRNG) is able to supply random numbers.

The watchdog timer (WDT) is a circuit that monitors controller operation by automatically initiating a security reset if a specified period without an adequate response elapses after occurrence of a hardware or software irregularity.

In conclusion, the SLE 76CF5120P fulfills all requirements of today's mobile communication smart card applications. In addition, it offers a powerful platform for multi application cards based on Java.

The SLE 76CF5120P integrates outstanding memory sizes and peripherals in combination with enhanced performance and optimized power consumption on a minimized die size.



#### **Glossary**

CLK Clock

CRC Cyclic Redundancy Check
CPU Central Processing Unit

CMOS Complementary Metal-Oxide Semiconductor (technology used to manufacture most of today's chips)

E<sup>2</sup>PROM Electrically Erasable Programmable Read-Only Memory (equivalent to NVM) ESD Electrostatic Discharge, release of static electricity that can damage a chip

ETSI European Telecommunication Standards Institute

FIFO First In, First Out

FPGA Field Programmable Gate Array

GND Ground

GSM Global System for Mobile Communication

HBM Human Body Model

ISO/IEC International Organization for Standardization/International Electrotechnical Commission

ITP Interrupt and Peripheral event channel controller

MED Memory Encryption Decryption unit

MMU Memory Management Unit
NVM Non Volatile Memory
OS Operating System
OTP One Time Programmable
PEC Peripheral Event Channel

PROM Programmable Read-Only Memory PRNG Pseudo Random Number Generator

RAM Random Access Memory RMS Resource Management System

ROM Read-Only Memory

RST Reset

SCP Symmetric Crypto Processor

SDK CC Software Development Kit Chip Card

T=0, T=1 Communication Protocols defined in ISO 7816 standard UART Universal Asynchronous Receiver/Transmitter

Vcc External Voltage (common-collector voltage)

PLL Phase-Locked Loop WDT Watch Dog Timer

#### Sales code name

