1.3 Cryptographic Operation

The ECC204 device implements a complete asymmetric (public/private) key cryptographic signature solution based upon Elliptic Curve Cryptography and the ECDSA signature protocol. The device features hardware acceleration for the NIST standard P-256 prime curve and supports high-quality private key generation and ECDSA signature generation.

The hardware accelerator can implement asymmetric cryptographic operations faster than software running on standard microcontrollers without the usual high risk of key exposure, which is endemic to standard microcontrollers.

The ECC204 also implements SHA-256 and its derivative HMAC hash. SHA-256 can be used to facilitate message hashing for ECDSA signature generation. The device is designed to securely store a private key along with its associated public keys and certificates. Random private key generation is done internally within the device to ensure that the private key can never be known outside of the device. The public key corresponding to a stored private key is always returned when the key is generated and can also be requested at a future point in time.

The ECC204 can generate high-quality random numbers using its internal physical random number generator. This sophisticated function includes run-time health testing designed to ensure that values generated from the internal noise source contain sufficient entropy at the time of use. The RNG is designed to meet the requirements documented in the NIST SP800-90A, SP800-90B and SP800-90C documents.

These random numbers can be employed for any purpose, including for use as part of the device’s cryptographic protocols. Each random number is assured to be essentially unique from all numbers ever generated on this or any other device; therefore, their inclusion in the protocol calculation ensures that replay attacks (i.e., re-transmitting a previously-successful transaction) will always fail.