Security of embedded integrated circuits needs to be top-notch, and cryptographic accelerators are an essential security technology for STMicroelectronics. Bruno Batut, Head of Banking and ID business line, Secure MCUs Division, STMicroelectronics shares with Electronicsforu.com Network the technical upgrades and features of their new next-gen payment system-on-chip (SoC).
Q) What kind of improvements in payments will customers experience with this new SoC? Who is your prime customer base?
The main advantages of this platform are:
From the hardware side, it takes advantage of the superior security, design, and process technology offered by the ST31P secure MCU, implemented in a 40nm CMOS process. These advantages include best-in-class RF performance at low power, which delivers greater user convenience (longer battery life and more robust data transfers. We also offer a wide choice of packaging solution so the card vendor can choose whatever is most convenient.
From the software side, the new SoC can work with a wide range of international or domestic certified banking applications, as well as transportation applications like Calypso and Mifare.
The primary customer base for the STPay-Topaz platform is the same as the existing STPay product family customers — ie mainly regional EMV certified card manufacturers looking for the complete range of state-of-the-art EMV products from an independent IC supplier, offering “ready-to-go” affordable, high performance and a reliable solution to address the migration to the Dual-IF banking market. Concretely, although we can’t be specific, STPay-Topaz already has multiple design wins in Europe, South Asia, and the Americas.
Q) How much did the RISC architecture contribute in the transition to 40nm technology? What benefits do you see it bringing?
STPay-Topaz is based on 40nm ST31P, a new generation of the well-known ST31 platform introduced in 2013. The ST31 product family is based on the Arm SC000 32-bit RISC secure core. This core is widely used in the industry and offers excellent (low) power consumption and strong RF performance.
Historically, ST31 was the first commercial product family to leverage the Arm SC000 32-bit RISC secure core. The 40nm ST31P is the 3rd generation of ST31: we launched the ST31Z in 90nm ROM/EE, and then ST31G in 80nm with Secure Paged-Flash.
Further, to embed the latest security countermeasures and to take advantage of ST’s optimized 40nm eNVM technology, the ST31P is the first smartcard IC to embed RF IP from the ams NFC team that ST acquired in 2016. This IP has already been used in NFC solutions for multiple smartphones (NFC controller or NFC + eSE/eSIM SiP), to uniquely boost RF performance.
Q) Can you explain how the integration of cryptographic accelerators will improve the security of these systems further? What other security elements are you adopting alongside?
Banking Cards require a Secure IC to embed cryptographic accelerators. They need these accelerators to support either symmetric cryptography (such as 3DES or AES to support SDA (Static Data Authentication for on-line markets)) or asymmetric cryptography (such as RSA, which today is up to 1024 or 2048 bits). Asymmetric cryptography is necessary to support DDA (Dynamic Data Authentication) to enabling secure off-line transactions / authentications.
The ST31P offers best-in-class cryptographic solutions & performance for both symmetric crypto (DES / 3DES / AES: Hardware modules integrated into the IC) and asymmetric crypto (RSA up to 4096 bits / Elliptic Curve). While Elliptic Curve technology is not used in banking applications today, it may become relevant over time. We also include a Nescript hardware cryptographic processor in the ST31P IC; this comes with the ST-certified crypto library Neslib).
STPay-Topaz also offers a unique fast-transaction time for a standard Mastercard EMV transaction (200 msec. vs the 300 msec. required by MasterCard), demonstrating this solution could easily comply with longer crypto keys that are to be supported in the future and/or even more complex crypto algorithms that would need to be supported (such as ECC: Elliptic Curves).
Also note that ST31P has received its EMVCo HW certificate (in Sept 2019), which means any Visa card issued based on the STPay-Topaz platform, can get an expiry date through Sept. 2031, i.e. 12 years from now.
So STPay-Topaz allows customers to start with state-of-the-art security and performance platform from now, and continue to use that platform as the technology advances, for many years.
Q) How easy are these chips to install and deploy? Do you allow the option of customizing functionalities of these systems to your customers?
The STPay-Topaz product family is a “plug-and-play” solution, which means ST offers an end-to-end service to facilitate customer enablement on the product. Our services range from personalization-script enablement to delta-certification support.
STPay-Topaz also offers the capability for customers to load code within their manufacturing flow, to further optimize their supply chain.
The Flash technology on which the ST31P is based ST31P and the Secure loader functionality included in the product assures full flexibility. Of course, the combination of applets loaded onto the final product must have the proper certification from all involved payment schemes.
ST has been part of the Entrust Datacard (EDC) partner program since 2015. EDC is a global leader of personalization equipment for smartcards and has developed standard personalization scripts that work on STPay-Topaz, so ST customers can easily build a complete end-to-end solution so they can deliver a finished product to their customers.
Q) When will we see these chips live in action (i.e. in smartphones in the market)?
The 40nm ST31P SoC is qualified and fully certified and it is now in mass production.
STPay-Topaz, which is based on ST31P, is qualified and going through final certification with various certification labs selected by Visa, MasterCard, and other payment schemes. We’re expecting final certifications for initial product from the family this month; November 2019. First volume shipments of STPay-Topaz to already identified and committed customers are planned in December 2019. With this timetable, STPay-Topaz will be in live environments, in real commercial banking cards in customers’ hands, by Q1’20.