24 Nov 2011

INSIDE Secure, a leader in semiconductor solutions for secure transactions and digital identity, introduced the VaultIC150, a low-cost and compact turnkey NFC-based security solution designed for embedding into high-end consumer or luxury products that are often targeted by counterfeiters and cloners.

By incorporating the VaultIC150 in their products, manufacturers of high-end consumer products (handbags, wine, watches, etc.) and consumables can track their products through distribution and retail channels, and allow consumers with NFC-enabled mobile phones to verify that the product is an original and not a counterfeit.

"Counterfeiting and cloning are taking a tremendous toll on makers of popular high-end brands, not only in lost revenues, but also in jobs lost and company reputation," said Christian Fleutelot, general manager, VaultIC, secure microcontroller solutions business unit, at INSIDE Secure. "The VaultIC150 provides these manufacturers with a simple, single-chip solution that provides banking-level security to protect their brands at an attractive price point."

The VaultIC150 solution's wireless NFC interface has a range of several centimetres and is available in several antenna form factors. This means that the chip can be deeply embedded into the product without leaving any visible trace, thus making the protection totally invisible. The chip requires no battery since the NFC interface and embedded antenna collect the RF energy emitted by the reader device to power the security circuitry and communications interface.

The secure portion of the VaultIC150 leverages the same circuitry used in the previously-released VaultIC100. The security engine employs elliptic-curve mutual authentication, a highly-secure and efficient method of protecting the products with banking-level security. The security engine was designed to meet the stringent constraints of the EAL4plus and FIPS 140-2 L3 certification.

The crypto engine supports the use of various FIPS-recommended elliptic curves up to 303 bits. The VaultIC150 also includes its own security to prevent tampering. On the chip are voltage, frequency, and temperature detectors, illegal code execution prevention, tampering monitors and protection against side-channel attacks and probing. The chips can detect tampering attempts and destroy sensitive data on such events, thus avoiding data confidentiality being compromised.

Complementing the NFC interface is a simple software application on the user's mobile phone that INSIDE Secure provides to the product manufacturers. Those manufacturers can then customise the software to their products, branding message and other requirements. The vendor can also create a downloadable version of the application that potential customers can download onto their NFC enabled cell phones. When consumers then go to a store, they can use their cell phones to authenticate the product or even to find out which retail outlet might have the desired product in stock, if the vendor has a product-locator database available.

Authentication

In the simplest case, the NFC-enabled cell phone sends a random challenge message to the product (purse, dress, fine wine, etc.), which contains the embedded VaultIC150, to check if it is a genuine device. The VaultIC150 uses its securely stored private key to compute the elliptic-curve digital signature of the challenge message and send it back to the phone or NFC reader. Using the corresponding public key, the host performs the necessary signature verification. Based on the result, the host decides whether to authenticate the accessory or not.

For even greater security, the VaultIC150 can be employed as part of a public-key infrastructure (PKI). Although more complex to implement, the PKI approach is a more secure way of distributing keys, and completely eliminates the need to store a copy of the secret key in the NFC reader. The public key and its digital certificate can either be embedded in the host or stored in the VaultIC150 contained in the consumer product and retrieved by the phone or reader when needed for authentication. The private key is protected in the VaultIC150.

The advanced security firmware that is included makes it easy to implement fully user-defined, non-volatile storage of sensitive or secret data; set up identity-based authentication with user, administrator and manufacturer roles; perform authentication, digital signature and other advanced cryptographic operations using keys and data from the file system. INSIDE's VaultIC Starter Kit provides an easy path to mastering the cryptographic and secure data storage features of the VaultIC security modules.