Infineon Technologies Provides Qualified Electronic Signature: Receives ITSEC E4 High Certificate for Chip Card Controller with 64 Kbytes EEPROM
This certification, which is equivalent to the evaluation assurance level 5 (EAL5) of the international standard Common Criteria, verifies that the Infineon chip card controller provides the highest available level of security evaluation for components in chip card applications and meets all requirements for a qualified electronic signature. For example, in mobile communication throughout Europe the controller allows the legal electronic purchasing, because the qualified electronic signature is equivalent to a personal signature by hand.
Infineon now supplies two chip card controllers in its 66Plus series, the SLE66CX640P and the SLE66CX320P, that fulfil the extremely strict security requirements for the realization of digital signatures defined by the German Digital Signature Act (Deutsches Signaturgesetz). In comparison to other international laws, the German law makes the strictest demands on digital signature cards and even exceeds the guidelines of the European Union.
In the ITSEC E4 security evaluation process, which lasts several months, the independent evaluation body TÜViT (TÜV Informationstechnik GmbH, Essen, Germany) evaluated the SLE66CX640P chip card controller under standard and extreme conditions. The device successfully passed all product evaluation tests performed by TÜViT, including thorough tests of the central processing unit, the crypto-coprocessor, the true random number generator (RNG), and additional security logic. Results obtained by TÜViT confirm Infineons outstanding high security competence. The ITSEC E4 high certificate is issued in Germany by the German Information Security Agency (Bundesamt für Sicherheit in der Informationstechnik, BSI) and its legalized certification bodies.
The IT Security Certificate will be presented from TÜViT to Infineon on occasion of CeBIT 2001 on March 26, 2001.
Extensive Security Features of the Chip Card Controller SLE66CX640P
The SLE66CX640P is a member of Infineons leading edge 66Plus series of 16-bit chip card controllers. It integrates extensive data security features, including a CPU core developed specially for chip cards, and hardware implemented encryption functionality. The devices security features include a Memory Management and Protection Unit (MMU), physical security mechanisms, sensors and filters and a true random number generator with a high level of confidence (99.97 percent). This level of confidence means that from 1,000 bits effectively 999 bits can be used for the encryption. Powerful encryption modules provide the calculation of DES (Data Encryption Standard) and Triple-DES algorithms, elliptic curves, and asymmetric algorithms like RSA (Rivest, Shamir, Adleman). The devices crypto-coprocessor processes RSA algorithms with key lengths of up to 2,048 bits in less than one second.
The controller also offers a Phase Locked Loop (PLL) for higher internal clock frequency, a cyclic redundancy check (CRC) module for higher data security, two 16-bit auto reload timers and an interrupt logic for real-time execution of applications. In addition to 64 Kbytes of EEPROM, the controller offers 136 Kbytes of ROM and 4 Kbytes of RAM. Infineon produces the SLE66CX640P in 0.25 micron process technology.
The SLE66CX640P and the SLE66CX320P are available in volume quantities.
Further product information at www.infineon.com/security_and_chipcard_ics
About Information Technology Security Evaluation Criteria (ITSEC)
ITSEC is a standard for security evaluations according to a worldwide acknowledged evaluation scheme, agreed upon by eleven European states. A testing result of E4 indicates both the degree of product information to be provided to the evaluation body and the degree to which evaluation tests have to be performed. Today, E4 is the highest grade for chips and equals the evaluation assurance level 5 of Common Criteria, the international standard for security certification.
The formulation with effectiveness level high designates the protection level and thus the security level of the product. It signifies that even experts with extensive knowledge of the product and professional equipment do not succeed to surmount the products evaluated security features within a one-year timeframe.
Information about TÜV Informationstechnik GmbH, Essen (TÜViT)
The certification body of TÜViT awards the German IT Security Certificate (Deutsches IT-Sicherheitszertifikat) pursuant to successful evaluation under ITSEC or Common Criteria to products or systems related to information technologies. TÜViT is accredited by the German Information Security Agency (BSI). Based on BSIs European and international agreements, TÜViTs security certificates are approved all over the world. Further information at www.tuvit.de
Infineon Technologies AG, Munich, Germany, offers semiconductor and system solutions for applications in the wired and wireless communications markets, for security systems and smartcards, for the automotive and industrial sectors, as well as memory products. With a global presence, Infineon operates in the US from San Jose, CA, in the Asia-Pacific region from Singapore and in Japan from Tokyo. In the fiscal year 2000 (ending September), the company achieved sales of Euro 7.28 billion with about 29,000 employees worldwide. Infineon is listed on the DAX index of the Frankfurt Stock Exchange and on the New York Stock Exchange (ticker symbol: IFX). Further information is available at www.infineon.com