LinuxDevices.com Archive Index (1999-2012) | 2013-current at LinuxGizmos.com | About  

Linux ported to secure POS SoC

Sep 27, 2005 — by LinuxDevices Staff — from the LinuxDevices Archive

A French fabless chip house has ported Linux to its flagship SoC (system-on-chip) for secure smartcard readers and PIN-entry pads used in point-of-sale (POS) applications. Innova-Card's MIPS32-based USIP Professional IC features on-chip memory, storage, and cypto, and is available with a Linux-based software… stack, reference designs, and professional services. This SoC is packed with peripheral interfaces.

(Click for larger view of USIP development kit)

Innova is a three-year-old startup that has brought in 1.6M and 3.5M Euros, respectively, in its first two rounds of financing. The company was founded with the mission of creating chips for secure payment applications.

Innova-Card calls its USIP chip “the most secure and integrated SoC for smart card devices.” The SoC is based on a MIPS32 4KSd CPU core clocked at 96MHz, and said to deliver 1.35 MIPS/MHz. The processor supports the Smart MIPS crytographic instruction set, and has 8KB each of instruction and data cache, a 5-stage pipeline, and 16-bit code compression via the MIPS16e ASE (application-specific extension).


The USIP integrates on-chip memory with lots of I/O

On-chip memory resources include 128KB of SRAM, 128KB of ROM meant for a HAL (hardware abstraction layer) and secure AES-authenticated bootloader, 256KB of Flash with “locked features,” and 256KB of OTP (one-time programmable) storage. The USIP additionally supports 1.8V and 3.3V external memory, including up to four 32MB SRAM or Flash chips, plus up to 32MB of SDRAM. Data bound for external memory storage are encrypted on the fly using NIST FIPS-197 AES, Innova-Card says.

On-chip peripheral interfaces include three smart-card controllers, three channels of F/2F decoding for magnetic stripe readers, a thermal printer interface, battery-backed RTC (real-time clock), 12 x 12 matrix keyboard controller, an LCD interface, and a DMA controller. Additional I/O interfaces include USB OTG 2.0, UARTs, IrDA/UART, SPI master/slave, I2C master/slave, a parallel port, and a PS/2 keyboard/mouse port. The chip also provides 32 general purpose digital I/O lines, and has 2 PWMs (pulse-width modulators), four times/counters, six ADC inputs with 10-bit resolution, and a watchdog timer.

Innova-Card lists other security features in the USIP as follows:

  • Secure MMU (memory management unit)
  • Unique chip serial number (USN)
  • Firewall for USB access
  • Protected storage area
  • Physical countermeasures
    • tamper protection
    • internal sensors (voltage, frequency, temperature, active metal shield)
    • external sensors

  • True RNG (random number generator)
  • AES crypto processor
  • Secure bootloader

Innova-Card offers a development kit for its USIP chip (pictured at top-of-page) that includes MIPS's free SDE Lite IDE, along with a development board, HAL, and JTAG debugger. An application stack (diagram) that runs on “Linux, eCos, and a wide range of commercial RTOSes” is also available, as is a crypto library licensed under NDA. The company also offers reference designs and development services for EFT (electronic funds transfer) POS devices (diagram), PIN pads (diagram), and FINREAD devices (diagram) based on the USIP chip.

An editorial yesterday in CIO Insight highlights a growing need for more stringent security in POS devices, which are increasingly complex and interconnected (for example, check out this Linux-based multimedia POS device).


 
This article was originally published on LinuxDevices.com and has been donated to the open source community by QuinStreet Inc. Please visit LinuxToday.com for up-to-date news and articles about Linux and open source.



Comments are closed.