Global Sources
EE Times-India
Stay in touch with EE Times India
 
EE Times-India > Networks
 
 
Networks  

Securing PC and network access is the key

Posted: 16 Dec 2003     Print Version  Bookmark and Share

Keywords:Embedded 

/ARTICLES/2003DEC/B/2003DEC16_NTEK_CT_TA.PDF

By Andrew Roberts

Smart-card Products Division

STMicroelectronics

Security is the key to the online

environment where today's

corporate and financial trans-

actions need to be exchanged

over increasingly open net-

works. The growth of Internet,

intra-netandextranethashigh-

lighted the need for secure net-

work access, reliant for its suc-

cess on leading-edge security

functions. Security is an end-

to-end problem. The end-user

identifying to the machine with

a smart-card or token may be

complemented by biometric

means. Similarly, the reverse

needs to be dealt with too, with

the machine identifying itself

to the user. Trust needs to be

built, and the smart-card tech-

nology that has enabled fraud

to be reduced dramatically in

the banking world is now be-

ginning to appear in forms that

are adapted to the PC and net-

work environments.

ICs for security applications

have a long history going back

over 20 years. These circuits

have been shipped in billions,

mainly in the well-known

smart-card or ISO7816-1 for-

mat. These cards were origi-

nallyusedtosecurepayphones.

However, the advent of the

MPU-based card with its se-

cured OS led to an application

explosion with cards finding

themselves in doctors' surger-

ies, STB, parking meters, per-

sonal ID as well as in the ubiq-

uitous mobile devices.

Now, smart-card technology

is unleashing its connectivity

shackles--no longer content to

communicate in the slow but

sure T=0 or T=1 ISO7816 pro-

tocols, but taking on-board

USB, I2

C or low pin count

(LPC) protocols. The smart-

card is also throwing off its card

stigma by appearing in new

packageformats.Thecombina-

tion of new packaging and new

interfaces is opening up a host

of application areas.

Connecting security

The manufacturers' dream of

seeing a smart-card reader inte-

grated into every PC or laptop

may, or may not, come to frui-

tion.Oneofthemajorfactorsin

the proliferation (or not) of the

PC with integrated smart-card

reader will be the success of the

newly arrived security token

withaUSBinterface.Firstofall,

the small plug-and-play nature

of the technology is automati-

cally recognized by the PC, it

canbedynamicallyinstalledand

can then communicate at

speeds from 1.5Mbps today and

12Mbps later. Combine this

with the USB standards' ability

toregroupover100devicesand

you have a cost-effective plat-

formonwhichtobuildPCsecu-

rityeitheronanindividualorat

a network level.

The simplicity of the smart-

card-based USB peripheral, its

ease of installation and low cost

would probably be enough to

conquer many access control

security experts, and yet the

technology has been inno-

vatively combined with the ex-

isting ISO7816-3 smart-card

interface. The USB token may

challengethetraditionalsmart-

cardslotforPC-basedsolutions

andyetmaintainscompatibility

with the existing smart-card in-

frastructure via its ISO7816 in-

terface. To take advantage of

these new components while

maintaining the duality of the

existing solutions, reader

chipset components are con-

verging toward single-chip so-

lutions with both USB and

ISO7816-3 interfaces. This en-

ables PC and other subsystem

manufacturers to support both

solutions.

With secured log-in, e-mail,

digital signatures, intranet,

extranet and remote access all

becoming reality, the applica-

tions are only limited by our

imagination. The portability of

theUSB-baseddeviceallowsus-

ers to carry with them their se-

curedigitalandbiometricsigna-

Securing PC and network access is the key

ture, and use this to identify

themselves securely whether it

be on their home PC, in the of-

fice,ontheroadorinaninternet

cafi.

Tokens and cards

STMicroelectronics has pro-

duced the first secure IC

(ST19XT34)withUSBandstan-

dard smart-card I/O capability

for token/card applications. It

features an enhanced 8bit CPU,

96KB user ROM with partition-

ing, 4KB user RAM with parti-

tioning and 34KB user

EEPROM. ST19XT34 has an

ISO/USB mode detection capa-

bility that allows either USB or

ISO7816topickupthePC/card

reader initiated communica-

tion. The USB interface is com-

patible with the 1.1 standard

andincludesclockrecoveryand

attachment pull-up resistor.

Cryptography is well-catered

for with a hardware DES accel-

erator, 1,088bit modular arith-

metic processor (MAP) and se-

cure hash standard accelerator.

TheDESacceleratorhaslibrary

support for symmetrical algo-

rithms such as DES, triple DES

and DESX computations. The

MAP has software support for

asymmetrical algorithms in-

cluding a software-selectable

operand length of up to

2,176bits. Proven smart-card

security features are fully inte-

grated into the device.

Biometrics

STMicro's TouchChip biomet-

ric subsystem can capture and

match fingerprint templates in

less than one second at a cost

that allows it to be integrated

into a wide range of portable

products. The complementary

Protector Suite OEM software

provides functions such as se-

cure logon and file encryption.

Matching biometric data taken

at PC level with a personal ID

datastoredonportabletokenor

card provides the highest level

of access control security avail-

able today.

Reader solutions

ST has developed a single-chip

USB solution for EMV-certified

card readers. The chip, an 8bit

application-specific device

known as the ST7SCR, is aimed

Frame buffer

AGP

I2C (SMBus)

ATA/66

USB

USB

PCI

DDR

SDRAM

5T/5CR based

card reader

LID switch

Aux control

Status polling

GPI

3D graphics

CPU

North bridge

South bridge

M50LPWxx

LPC flash

POV EEPROM

Fan/temp sense

Audio codec

Modem codec

ST19XP18LPC

Trusted platform module

TouchChip

biometric sensor

Super

I/O

IDE

The addition of a secure hardware component at motherboard level provides a trusted `root' on which BIOS and OS security may be built.

at products including stand-

alone USB smart-card readers

orkeyboardswithanintegrated

smart-card interface. It pro-

vides a high level of security vs.

costforsecuringInternettrans-

actions in the PC environment.

ST7SCRperipheralsincludean

ISO7816 UART and a power

supply management unit to en-

sure compatibility with all

smart-card voltage types (5V,

3V and 1.8V), thus making it

possible to build a low-cost

EMV-certified solution.

In addition, the device fea-

tures a USB interface, 16KB of

flash, 512bytes of RAM, timer,

watchdog and low-voltage de-

tector. It is available in both

TQFP64andSO24packages.A

third-party supplier has devel-

oped EMV firmware and soft-

ware environment for the

ST7SCR, and a complete solu-

tion can be supplied.

Security on board

Removing the lingering secu-

rity concerns that surround e-

commerce has been a battle

played in the minds of the po-

tential e-consumer. In the PC

domain, the trusted computer

platform alliance (TCPA) ini-

tiative is working to enhance

security at the BIOS, OS and

platform hardware levels by

complementary security fea-

tures that will ensure end-

to-end security.

One element is the addition

of a secure hardware compo-

nent at motherboard level,

which provides a trusted `root'

on which BIOS and OS security

may be built. The alliance will

also look into digital signa-

tures, encryption key genera-

tion and secure information

storage. The new motherboard

security component must mini-

mally perturb the PC boot /ex-

ecution model.

Thenewcomponents,which

are set to transform the system-

level security of PCs and net-

works, come ready to use at

board level with I2

C, LPC,

ISO7816 and GPIO connectiv-

ity. Ease of integration is com-

bined with high-powered cryp-

tographic capability with asyn-

chronous and synchronous al-

gorithm co-processors that

have been proven in the smart-

card domain. Combined with

thecommoncriteriaISO15408

methodology and evaluation

EAL4, these components add a

potent arm to the PC system in

its war against the hacker.

The ST19XP18 chip is the

first of the new breed of secure

ICs destined for the PC

motherboardmarket.Thesecu-

rity technology that has been

tried and tested in the financial

and mobile commerce markets

includes an enhanced 8bit

CPU,96KBuserROMwithpar-

titioning, 4KB user RAM with

partitioning and 18KB user

EEPROM. The high-level secu-

rity features include EEPROM

flash programming and clock

management, as well as secu-

rity firewalls for memories,

modular arithmetic processor

and DES accelerator. The cryp-

tographiccapabilitiesarebased

around a hardware DES accel-

erator with library support for

symmetricalalgorithmssuchas

DES,tripleDES,DESXcompu-

tations, CBC chaining mode, a

1,088bit modular arithmetic

processor with library support

for asymmetrical algorithms

including a software selectable

operand length up to 2,176bits

and finally, a secure hash stan-

dard accelerator (sha-1). Con-

nectivity is ensured by an LPC

interface (communication at

33MHz PCI clock) including

2KB of memory buffers, an I2

C

businterface(slave,singlemas-

ter, multi-master configurable)

supporting slow and fast mode,

eight GPIOs configurable by

software, and a serial access

ISO7816-3 compatible smart-

card I/O.

PCmotherboardsarenotthe

onlysubsystemstobenefitfrom

the ST19XP18's unique combi-

nation of cryptographic pro-

cessing, security features and

connectivity. The component

can be integrated into STBs,

PDAsandanysubsystemrequir-

ing secured access.

For e-commerce to take off,

consumer trust is essential. For

corporateaccesstobusiness-to-

businesssystems,trustisessen-

tial. The new developments in

PC and network security will

help create this trust. Secured

login, e-mail, digital signa-

tures, intranet, data encryp-

tion, sure extranet/intranet/

remote access are all elements

that will benefit from these

developments.





Comment on "Securing PC and network access is th..."
Comments:  
*  You can enter [0] more charecters.
*Verify code:
 
 
Webinars

Seminars

Visit Asia Webinars to learn about the latest in technology and get practical design tips.

 

Go to top             Connect on Facebook      Follow us on Twitter      Follow us on Orkut

 
Back to Top