LONDON All of a sudden, the major semiconductor companies are announcing 32-bit processors or cores for next-generation smart cards. The common features are the ability to run Java and enough computing performance for encryption both seen as necessary to handle future demands for card-based security.
But while trying to maintain market share or break into the market for smart card silicon the companies have a difficult task: to provide that high performance at minimum power consumption and minimum cost.
At the Cartes 2001 exhibition in Paris last week, Hitachi and Infineon Technologies AG (Munich Germany) launched 32-bit smart card controllers that offer Java acceleration without going as far as implementing Java operations directly in silicon. But ARM Holdings plc (Cambridge, England) has decided to put direct Java support into its forthcoming SC200 core.
Infineon has developed a new 32-bit architecture, the 88 series, to su pport operating systems such as JavaCard. It adds instructions for virtual machines that depend on a stack architecture but does not work as a hardware bytecode interpreter. Both JavaCard and Microsoft's Windows-for-Smart cards depend on a virtual machine where all calculations are performed on a stack.
For the 32-bit AE-5 processor, Hitachi has widened the data bus of its existing AE-4 16-bit architecture and added instructions to suit virtual machines.
"There are some common things that a CPU should do if you have a virtual machine operating system on it. We have analyzed what is required very deeply and have instructions that are not translations of the Java bytecodes but are close to what some of them do," said Christopher Koch, smart card product marketing manager for Hitachi.
"One example is that, if you are dealing with the Java stack, you often have two pointers to two different memory areas. With a conventional architecture, you have to load something into a general-purpose register, modify the value and then write it back to another location."The AE-5 includes instructions with two pointers and increment them or decrement them together," he said. "They let the CPU operate in two different memory areas without loading into registers."
Bernd Meier, marketing director for Infineon's security and smart card chips, said the company's 88 series microcontroller has "instructions to accelerate stack handling. There are instructions to fetch the right stack address for the next bytecode and then do all the necessary calculations [for data on the stack]. It is much more flexible than a [hardware] interpreter."
In addition to adding instructions, Infineon has made other changes to try to boost the performance of an operating system such as JavaCard.
"JavaCard makes lots of reads and writes to E2 [EEPROM]. So we added data and instruction caches," said Meier.
ARM has kept the same basic design as its original Jazelle accelerator for its JavaCard engine. Richard York, secure core product manager for ARM, said that despite some changes it is likely to take up the same amount of die area, 12,000 gates, as the version for full Java. "JavaCard is a different bytecode deck and it is a 16-bit native virtual machine on a 32-bit native machine. We also had to make changes for security."
Infineon has added a memory management unit (MMU) to protect the software packages used by applets. It works alongside an existing memory encryption engine.
"With the protection unit, we have different encryption keys for each area of memory, so there is no plain data in memory," said Meier. "The architecture uses a virtual memory system with a huge linear address space of 4 Gbytes. The MMU uses a package-based concept with different access rights for different areas of memory. There is a slight overhead in terms of silicon but we decided to go for a high-security device."
ARM and Hitachi have gone for simpler memory protection units. They are designed to protect applets from access ing each other's data.
"It is a memory protection unit. A full MMU is still too expensive. Even at 7000 gates, people are still concerned about die cost," said York.
Infineon's decision to implement a triple-DES [Data Encryption Standard] coprocessor in hardware was driven by security concerns. The coprocessor is designed to resist analysis by differential power analysis (DPA) and simple power analysis (SPA), in which hackers use measurements of activity in the device to narrow the range of decryption keys they need to try to break the encryption.
"We could do triple-DES on the CPU in software but not in a DPA-resistant way," said Meier.
The company has implemented Rivest, Shamir, Adleman (RSA) and elliptic curve algorithms in hardware but has decided to keep the code for Advanced Encryption Standard (AES), the new symmetric encryption system in software, at least for now.
Hitachi has implemented support for AES in hardware and has allowed for key sizes of up to 2,112 bits for asymme tric encryption systems such as RSA.
ARM's crypto accelerator, which is still at the drawing board stage, will support both primitive operations and pre-canned algorithms. Because the full algorithms can take thousands of cycles to complete, the accelerator will act as a coprocessor and is likely to have a direct path to memory so that it can work independently of the main processor. But York said that aspect of the design has not been settled as yet.
Infineon has built the first device in the 88 family, which has 80 kbytes of EEPROM, using its 0.22-micron flash-memory process. The memory cell uses a conventional EEPROM structure.
"But we are working on new memory concepts to reduce the cell size," said Meier.
Hitachi has put its first 32-bit smart card processor onto a 0.18-micron process, using a specialized form of EEPROM cell to get around the problems caused by trying scale down the nonvolatile memory cell.
"We are using a different memory technology, called Monos [metal oxide, nitride oxide] E2," Koch said. "It does not have the same difficulties in scaling down to smaller sizes."
Koch said the cell has an ultrathin nitride-oxide layer, between 10 and 20 angstroms thick, to cut leakage and improve reliability.
"It determines the number of read-write cycles and does not need to be scaled [as geometries reduce]. We do not see a limit down to 0.15 micron. We may then consider other memory technologies," said Koch.
ARM is aiming at 0.18- and 0.25-micron processes which York expects to be mainstream for smart-card chips by the end of 2003.
"I can't see smaller processes being used: E2 doesn't scale very well," said York.
The main processor core in the SC200 will use a five-stage pipeline, up from the three in the existing SC100.
"It makes it a bit more balanced frequency-wise. The three-stage pipeline was our lowest-cost way of getting into the smart-card space," said York.
Chris Edwards is editor of Electronics Times, EE Time s' sister publication in the United Kingdom.