 English |
|
|
|
|
|
|
|
| ATVAULTIC460 Datasheet, PDF (3/30 Pages) ATMEL Corporation – Public Key Pair Generation | |||
| |||
| ◁ |
ATVaultIC460
1. Overview
1.1 Tampering resistance
The proven technology used in ATVaultIC460 security modules is already widespread and used
in national ID/health cards, e-passports, bank cards (storing user Personal Identification Num-
ber, account numbers and authentication keys among others), pay-TV access control and cell
phone SIM cards (allowing the storage of subscribersâ unique ID, PIN code, and authentication
to the network), where cloning must definitely be prevented. More than one billion of Secure
Microcontrollers addressing all these applications have been already sold by Atmel and suc-
cessfully implemented in many secure systems.
Atmelâs security modules will advantageously replace complex and expensive proprietary anti-
tampering protection system. Their advantages include low cost, ease of integration, higher
security and proven technology.
They are designed to keep contents secure and avoid leaking information during code execu-
tion. While on regular microcontrollers, measuring current consumption, radio emissions and
other side channels attacks may give precious information on the processed data or allow the
manipulation of the data. Atmelâs secure microcontrollersâ security features include voltage, fre-
quency and temperature detectors, illegal code execution prevention, tampering monitors and
protection against side channel attacks and probing. The chips can detect tampering attempts
and destroy sensitive data on such events, thus avoiding data confidentiality being
compromised.
These features make cryptographic computations secure in comparison with regular microcon-
trollers whose memories can be easily duplicated. It is much safer to delegate cryptographic
operations and storage of secret data (keys, identifiers, etc.) to an Atmel secure microcontroller.
1.2 Authentication capability
The methods to authenticate humans are generally classified into three cases: physical attribute
(e.g. fingerprint, retinal pattern, facial scan, etc.), security device (e.g. ID card, security token,
software token or cell phone) and something the user knows (e.g. a password/passphrase or a
personal identification number).
To fight against identity theft, the multi-factor authentication is a stronger alternative to the clas-
sical login/password authentication (called weak authentication). It combines two or more
authentication methods (often a password combined with a security token). Two-factor systems
greatly reduce the likelihood of fraud by requiring the presence of a physical device used
together with a password. If the physical device is lost or the password is compromised, security
is still intact. NISTâs authentication guideline [1] can be referred to for further details.
Multi-factor authentication requires a strong authentication. Anticloning is safely implemented
through one-way or mutual strong authentication. Various authentication protocols exist (as
specified in ISO9798-2 [3] or FIPS196 [4]), but the main method is the challenge response
authentication:
1. The authenticator sends a challenge (e.g. a random number) to the equipment that must be
authenticated (âthe claimantâ).
2. The claimant computes a digital signature of the combination of this challenge with an
optional identifier, using a private or secret key. The requested signature is then returned to
the authenticator.
3
TPR0441BXâSMSâ09/09
|
▷ |
German
Russian
Spanish
Italian
Polish
Chinese
Japanese
Korean
French
Portuguese