NXP Semiconductors
P5CD016/021/041/051 and P5Cx081
Secure dual interface and contact PKI smart card controller
1.7 Security evaluation and certificates
Hardware security certification in accordance with CC EAL5+ is attained. Also, third-party
approval such as EMVCo (VISA, CAST), ZKA and others, depending on the application
requirements, are available.
NXP Semiconductors continues to drive forward third-party security evaluations to provide
its customers with the relevant information and documentation needed to execute
subsequent composite evaluations of implemented applications.
1.8 Security licensing
In addition to the various intellectual properties regarding attack resistance of the NXP
Semiconductors’ owned SmartMX family, NXP Semiconductors has obtained a patent
license for SPA and DPA countermeasures from Cryptography Research Incorporated.
(CRI). This license covers both hardware and software countermeasures. It is important to
customers that countermeasures within the operating system are covered under this
license agreement with CRI. Further details are available on request.
1.9 Optional crypto library
NXP Semiconductors offer an optional crypto library for all family types:
• Various algorithms
– AES encryption and decryption using the AES coprocessor
– DES and triple-DES encryption and decryption using the DES coprocessor
– RSA encryption and decryption, signature generation and verification for
straightforward and CRT keys up to 5024 bits
– RSA key generation
– ECC over GF(p) signature generation and verification (ECDSA) and Diffie-Hellman
key exchange for keys up to 544 bits
– ECC over GF(p) key generation
– ECC over GF(2n) signature generation and verification (ECDSA) and
Diffie-Hellman key exchange for keys up to 571 bits
– ECC over GF(2n) key generation
– SHA-1, SHA-224 and SHA-256 hash algorithm
– Pseudo-Random Number Generator (PRNG)
• Easy to use API for all algorithms
• Secure operation in contact as well as in the contactless mode
• Latest built-in security features to avoid power (SPA/DPA), timing and fault attacks
(DFA)
• Common criteria CC EAL5+ certification available [except ECC over GF(2n)] in
accordance with BSI-PP-0002 protection profile
P5CD016_021_041_51_Cx081_FAM_SDS
Product short data sheet
PUBLIC
All information provided in this document is subject to legal disclaimers.
Rev. 3.2 — 14 March 2011
150332
© NXP B.V. 2011. All rights reserved.
5 of 20