LONDON – Inside Secure SA, a fabless supplier of near field communication (NFC) chips, has announced it is sampling the VaultIC150, an NFC-based security IC designed for embedding into consumer or luxury products that are targeted by counterfeiters and cloners.
Such products might include luxury brand watches, handbags, wine and other consumables, Inside (Aix-en-Provence, France) said. Manufacturers can track their products through distribution and retail channels and allow customers with NFC-enabled mobile phones to verify products as original.
The VaultIC150 has a range of several centimeters and is available in several antenna form factors. The chip requires no battery since the NFC interface and embedded antenna collect the RF energy emitted by the reader device to power the security circuitry and communications interface.
The secure portion of the VaultIC150 leverages the same circuitry used in the previously-released VaultIC100. The security engine employs elliptic-curve mutual authentication. The security engine was designed to meet the EAL4plus and FIPS 140-2 L3 certification standards.
Inside Secure did not identify what differences there are between the VaultIC150 and its predecessor, the VaultIC100, which was announced in April 2011. Or indeed what process technologies the chips use.
In terms of operation; in the simplest case, the NFC-enabled cell phone sends a random challenge message to the product, which contains the embedded VaultIC150, to check if it is a genuine device. The VaultIC150 uses its securely-stored private key to compute the elliptic-curve digital signature of the challenge message and send it back to the phone or NFC reader. Using the corresponding public key, the host performs the necessary signature verification.
For even greater security, the VaultIC150 can be employed as part of a public-key infrastructure (PKI).
The crypto engine supports the use of various FIPS-recommended elliptic curves of up to 303-bits complexity. The VaultIC150 also includes its own security to prevent tampering. On the chip are voltage, frequency, and temperature detectors, illegal code execution prevention, tampering monitors and protection against side-channel attacks and probing. The chips can detect tampering attempts and destroy sensitive data on such events, thus avoiding data confidentiality being compromised.
Complementing the NFC interface is a simple software application that runs on the user's mobile phone that Inside Secure provides to the product manufacturers. Those manufacturers can customize the software to their products, branding message and other requirements.
The vendor can also create a downloadable version of the application that potential customers can download onto their NFC–enabled cell phones. When consumers then go to a store, they can use their cell phones to authenticate the product or even to find out which retail outlet might have the desired product in stock, if the vendor has a product-locator database available.
"The VaultIC150 provides these manufacturers with a simple, single-chip solution that provides banking-level security to protect their brands at an attractive price point," said Christian Fleutelot, general manager, VaultIC, secure microcontroller solutions business unit, at Inside Secure. Related links and articles:
We also need a means to ensure that the NFC-enabled mobile phones have authentic and secure components inside. If counterfeit (or hacked) NFC-enabled mobile phones get into the market, they could compromise consumer security.