6.2 Features

  • Secure Subsystem includes protection against both active (invasive) and passive (noninvasive) attacks on the certificates, private and symmetric keys stored within the device. Specific hardware and firmware elements are included in this peripheral to prevent environmental (voltage, temperature and frequency) attacks, emissions attacks, Fault attacks, physical attacks, cloning and many other attack methodologies. All internal memory for private/symmetric keys or other secret data are encrypted.
  • Advanced Crypto Engine (ACE) for Execution of All Cryptography Commands
  • Physical Protection Security Measures, including Voltage Tampers, Temperature Tampers and Active Shield Circuitry
  • Sign/Verify Support:
    • ECDSA – P224, P256, P384 and 256-bit Brainpool elliptic curves
    • ECDSA – SECP256K1 (bitcoin/blockchain) curve
    • RSA 2048-bit signature generation and verification
    • RSA 3072-bit signature verification only
  • ECDH/ECDHE/ECBD Key Agreement Support:
    • Elliptic-Curve Diffie-Hellman (ECDH) support for P224, P256, P384 and 256-bit Brainpool
    • Elliptic-Curve Burmeiseter-Desmedt (ECBD) support for P224 curve
  • Internal Symmetric and Asymmetric Key Generation and Derivation:
    • P224, P256, P384 and 256-Bit Brainpool
    • 2048-bit RSA keys
    • AES 16-byte keys
  • AES and RSA Encryption/Decryption Support:
    • AES ECB/GCM encryption/decryption supported directly
    • RSA 1024-bit and 2048-bit keys encryption/decryption support
  • NIST SP800-90 A/B/C Random Number Generator (RNG)
  • 16 MHz SPI Interface to communicate Security Commands between the core and the Secure Subsystem
  • The Secure Subsystem Advanced Crypto Engine algorithms have achieved JIL HIGH Rating and are certified by FIPS as per Cryptographic Algorithm Validation Program (CAVP)
  • Secure Subsystem with FIPS 140-2 Level 2 with Physical Security Level 3 certification as per Cryptographic Module Validation Program (CMVP) [in progress].