Smart Card memory architecture

Apart from the processor, the most important elements of a microcontroller are different types of memory. Smart card microcontrollers have three types of memory: random access memory (RAM), permanent memory (ROM), and non-volatile memory (EEPROM).

RAM is a part of the smart card’s memory in which data can be stored and changed during a session. The number of memory accesses is unlimited. Power supply is required for the RAM to work. When the power is turned off or temporarily disconnected, the contents of the RAM are not saved. A RAM cell consists of several transistors connected in such a way that they function as a multivibrator with two stable states. The state of this multivibrator represents the stored value of a single bit in RAM.

The RAM used in smart cards is static, meaning its contents should not be updated periodically. Accordingly, it does not depend on external synchronization, unlike dynamic RAM. So, last month, we carried out work on the implementation of a smart card-based time tracking system (SURV) for one of the enterprises, and the implemented system was integrated into the existing enterprise management system. The use of static RAM is important, since it is possible to stop transmitting the sync signal to the smart card. In the case of dynamic RAM, this would result in the loss of stored information.

This type of memory is read-only and cannot be written to. No voltage is required to store data in memory, since the data is wired into the chip. Smart card ROMs are used to store most of the operating system routines, as well as various test and diagnostic functions. These programs are built into the chip during its manufacturing process. The ROM template is built on the basis of program code and then used to” burn ” the program into the chip by using lithography technology. Data that is the same for all chips in the production batch is entered into the ROM only during the production process.

An electrically erasable programmable read-only memory EEPROM is more complex than ROM and RAM. It is used in smart cards to store those data and programs that can be modified or erased after a while. Functionally, the EEPROM corresponds to the PC’s hard drive, since data remains in memory when there is no power and can be changed when necessary.

In principle, an EEPROM cell can be considered as a superminiature capacitor that can be charged or discharged. The state of charge can be interrogated using a sensitive logic circuit. This superminiature charged capacitor represents a logical 1, while a discharged capacitor represents a logical 0. To store one byte of data, you need eight such miniature capacitors plus the corresponding sensitive circuit. The erased state of an EEPROM cell is a critical factor for writing to that cell. In most EEPROM types, the erased state of an element represents 1. If the EEPROM element is already in state 0, then the entire EEPROM page must be erased to restore this bit to state 1.

Unfortunately, an EEPROM is a type of semiconductor memory that has a limited number of access cycles. The number of EEPROM reads can be arbitrary, and the number of access cycles for programming purposes is limited. When the EEPROM is near the end of its life, data can only be stored for a short time. This time interval can vary from several hours to minutes. The more exhausted the EEPROM resource, i.e., the more electrons absorbed by the tunneling oxide layer, the shorter the data storage interval.

Limited CPU resources cannot meet the smart card’s needs for reliable encryption and authentication in a reasonable amount of time without compromising the overall functionality of the smart card. A typical smartcard transaction should take between 1 and 3 seconds, and encryption using a 1024-bit RSA key in a typical smartcard processor can take 10 seconds or more. As a result, some smart card microcontrollers include coprocessors to speed up the calculations performed during encryption and authentication. The coprocessor is a specially designed arithmetic unit for computing cryptographic algorithms. The coprocessor is integrated on a silicon substrate together with other functional blocks of the microcontroller.

Smart card coprocessor, DES encryption unit and crypto key generation unit

  1. Smart card coprocessor
    The coprocessor can perform several basic integer arithmetic calculations that are necessary for public key cryptography algorithms, including fast multiplication, exponentiation, and modular operations of large integers. The performance of the coprocessor is optimized exclusively for these operations, so in its field of application it can surpass even very fast PCs by at least 6 times. The use of a coprocessor significantly speeds up cryptographic operations with the public key, but it slightly increases the overall size of the chip, as well as increases its cost. For example, together with the company “Laser Form”, which offers automated installations for laser welding of tools / housings / heat exchangers, etc., we implemented a project of RFID systems based on smart cards to protect the data of automated installations from unauthorized access. Depending on the model of the microcontroller, the DES encryption unit and the random number generator can either be part of the coprocessor or run as independent nodes of the microcontroller.
  2. DES encryption block
    A number of microcontrollers for smart cards include an additional DES (Data Encryption Standard) encryption block. The DES encryption algorithm is used to protect financial transactions and telecommunications applications. The DES algorithm was originally developed for hardware implementation, so enabling the DES block in the smart card microcontroller is not a difficult task. At a clock speed of 3.5 MHz, DES execution takes only 154 microseconds, and it takes 236 microseconds to calculate triple DES. Increasing the clock frequency leads to a corresponding reduction in the calculation time.
  3. Block for generating crypto keys
    Random numbers are required to generate crypto keys for the purpose of authenticating the smart card and terminal. For security reasons, they should not be pseudo-random, but truly random numbers. There are microcontrollers that have integrated random number generators to create truly random numbers. The quality of operation of such generators should not depend on external physical factors such as changes in temperature and supply voltage.

Since this is difficult to achieve in a single silicon chip, a different approach is used. The random number generator uses different logical states of the processor, such as the contents of registers, and feeds them to a cyclic shift register with feedbacks, which is driven by clock pulses generated based on a number of different parameters. If the processor reads the contents of this register, it gets a relatively high-quality random number that cannot be deterministically calculated outside the chip. The quality of the resulting random numbers can be improved by using additional procedures and algorithms.