Hardware cryptographic engine

Challenge

The aim of the project was to design, maintain and develop a device for the acquisition and processing of sensitive data with a high-resolution e-paper display. The device is based on a cryptographic micro-controller and was integrated with the proprietary ISO7816 smart-card reader block, with an extended list of APDU commands. The device had to be adapted to high-volume production with regard to testing and safe, firmware programming in post-production. The requirement for the hardware was an appropriate division into modules and integration, taking into account security considerations, such as the prevention of risk factors arising from sensitive communication between individual modules. It was also necessary to take into account the need to fit the hardware part for installation into a dedicated enclosure on account of mechanical issues.

The project included not only the hardware part, but also the preparation of the software of the device, which had to be designed and implemented with the use of advanced, cryptographic techniques and anti-tamper protection, against external access.

“The design was demanding as it assumed the need to integrate multiple functional blocks into the main board of the device. Moreover, the need to ensure high-class security pre-empted the use of advanced and non-trivial solutions, both in the selection of components, PCB design and in the embedded software. The mechanical part was also a challenge. The housing, designed by the external team, required the continuous and effective exchange of information between project teams. Another challenge was the electrical integration of the device modules, in the limited space of the housing. One of the key difficulties was the wide, low-voltage bus of the e-paper high-resolution display, which gave particular importance to the issues of signal integrity (SI) and EM compatibility (EMC). The problem was solved by designing a dedicated flex tape (FPC), onto which parts of the electronic circuits were transferred. Nevertheless, an important achievement of the project was to increase the security of the cryptographic device through the use of individual, post-production testing techniques, such as a digital, binary input signature, while ensuring the adequate efficiency of the production process (DFX)”.

Michał, Senior Hardware Engineer

 

As part of the project, a device consisting of 4 hardware modules was created: a high-resolution e-paper display, a main control board with an integrated ISO7816 smart-card reader and two side modules. The requirements, imposed by the Customer, made it necessary to apply individual solutions in the field of cybersecurity. This applied both to the hardware layer and to the embedded software.

The task of the embedded software was also to process critical data. This was performed in a cryptographic unit and was subject to additional hardware protection against external interference (hw tampers). The binary input was secured with a certificate, generated individually during the post-production programming process, which is FastLogic’s proprietary solution.

Results & Benefits

As part of the project, a unique solution was developed, in order to meet the client’s requirements, both in terms of functionality and in terms of cybersecurity, on account of working with sensitive data. The device, as designed, is modular, which facilitates the further development and maintenance of the project. Previous experience in high-volume manufacturing was used, ensuring that the necessary changes to the DFX were implemented quickly and efficiently.

Key Solutions

  • The design of 2 PCBs and FPCs, with the use of high-resolution e-paper display;
  • Main PCB of the device: 6 layers, BGA components (0.65mm pitch), DFX optimisation;
  • The use of components dedicated to high-security solutions, such as a cryptographic micro-controller with an anti-tamper module
  • Design of a flexible tape (FPC) connecting individual device modules inside the housing
  • Integration of the electronic part with dedicated housing, also in terms of ensuring high-class security, on account of the reaction of the electronics to violation of the housing
  • Development of the firmware of the device, using a set of advanced techniques and cryptographic algorithms;
  • Optimisation of e-paper display control: responsiveness, segment control, power consumption;
  • An additional layer of software authorisation, using certificates generated individually in the post-production, testing process.

Volume and coverage

Target production volume 200-600 thousand pieces. Scope of implementation: worldwide.