Embodiments of the invention relate generally to an interface between a near field communications (NFC) controller and a secure element.
In many applications, such as mobile phones, an NFC controller acts as a proxy for communications between a host processor, a secure element, and a contactless front-end. Typically, the interface between the NFC controller and the secure element is either a serial interface that uses the single wire protocol (SWP) or a dual wire interface that operates according to the NFC-wired interface (NFC-WI) protocol or the dual wire protocol (DWP). Although such conventional interfaces support the exchange of data between an NFC controller and a secure element, the interfaces can contribute to undesirable latency and errors.
Embodiments of an interface system for interfacing between an NFC controller and a secure element are disclosed. In one embodiment, an interface system includes an interface memory, an interface controller, an NFC controller interface configured to exchange data between the interface system and an NFC controller, and a secure element interface configured to exchange data between the interface system and a secure element.
In an embodiment, the NFC controller interface includes a parallel bus interface and the secure element interface includes a parallel bus interface. In a further embodiment, the parallel bus interface of the NFC controller interface is at least 8-bits wide and wherein the parallel bus of the secure element interface is at least 8-bits wide.
In an embodiment, the interface memory is a shared memory.
In an embodiment, the interface memory is a first-in first-out (FIFO) memory.
In an embodiment, the interface memory is a random access memory (RAM) with buffer handling.
In an embodiment, the interface memory is a random access memory (RAM) that includes multiple buffers. In an embodiment, the interface controller is a configured to implement traffic prioritization. In an embodiment, the interface controller is a configured to implement traffic pipelining. In an embodiment, the interface controller is a configured to implement multiple logical data channels.
In an embodiment, a secure element integrated circuit (IC) includes the interface system.
In an embodiment, a near field communications (NFC) controller integrated circuit (IC) includes the interface system.
In another embodiment, an interface system includes an interface memory, an interface controller, an NFC controller interface comprising a data bus interface, an address bus interface, and control bus interface, wherein the data bus interface is a parallel interface, and a secure element interface comprising a data bus interface, an address bus interface, and control bus interface, wherein the secure element data interface is a parallel interface.
In an embodiment, the data bus interface of the NFC controller interface is at least 8-bits wide and wherein the data bus of the secure element interface is at least 8-bits wide.
In an embodiment, the interface memory is a shared memory.
In an embodiment, the interface memory is a FIFO memory.
In an embodiment, the interface memory is a RAM with buffer handling.
In an embodiment, the interface memory is a RAM that includes multiple buffers.
In another embodiment, a method for communicating data between an NFC controller and a secure element is disclosed. The method involves receiving data at a secure element interface of an interface system, passing the data from the secure element interface to an interface memory of the interface system, passing the data from the interface memory to an NFC controller interface of the interface system, and passing the data from the NFC controller interface of the interface system to the NFC controller.
Other aspects and advantages of embodiments of the present invention will become apparent from the following detailed description, taken in conjunction with the accompanying drawings, depicted by way of example of the principles of the invention.
Throughout the description, similar reference numbers may be used to identify similar elements.
It will be readily understood that the components of the embodiments as generally described herein and illustrated in the appended figures could be arranged and designed in a wide variety of different configurations. Thus, the following detailed description of various embodiments, as represented in the figures, is not intended to limit the scope of the present disclosure, but is merely representative of various embodiments. While the various aspects of the embodiments are presented in drawings, the drawings are not necessarily drawn to scale unless specifically indicated.
The described embodiments are to be considered in all respects only as illustrative and not restrictive. The scope of the invention is, therefore, indicated by the appended claims rather than by this detailed description. All changes which come within the meaning and range of equivalency of the claims are to be embraced within their scope.
Reference throughout this specification to features, advantages, or similar language does not imply that all of the features and advantages that may be realized with the present invention should be or are in any single embodiment. Rather, language referring to the features and advantages is understood to mean that a specific feature, advantage, or characteristic described in connection with an embodiment is included in at least one embodiment. Thus, discussions of the features and advantages, and similar language, throughout this specification may, but do not necessarily, refer to the same embodiment.
Furthermore, the described features, advantages, and characteristics of the invention may be combined in any suitable manner in one or more embodiments. One skilled in the relevant art will recognize, in light of the description herein, that the invention can be practiced without one or more of the specific features or advantages of a particular embodiment. In other instances, additional features and advantages may be recognized in certain embodiments that may not be present in all embodiments of the invention.
Reference throughout this specification to “one embodiment,” “an embodiment,” or similar language means that a particular feature, structure, or characteristic described in connection with the indicated embodiment is included in at least one embodiment. Thus, the phrases “in one embodiment,” “in an embodiment,” and similar language throughout this specification may, but do not necessarily, all refer to the same embodiment.
As depicted in
In the illustrated embodiment of
As is known in the field of NFC, a secure element is a module that includes embedded security functionality. For example, a secure element (sometime referred to as an “SE”) includes embedded technologies, including hardware, software, and/or firmware, that protect assets such as data, security keys, and applications, from physical and/or software attacks. A secure element may be embodied as a smart card, an application processor, an SD card, a USB token, secure memory devices (e.g., flash or EEPROM), and UICCs. In an embodiment, a secure element includes a crypto-engine that is able to implement a cryptographic algorithm, such as an Advanced Encryption Standard (AES) algorithm. In an embodiment, the secure element is “secure” in the sense that the secure element is a highly tamper resistant device that provides a secure execution environment isolated from the host processor. In an embodiment, the secure element is tamper resistant in that the element can resist software and hardware attacks, either remotely or locally, e.g., the secure element is resistant against side channel analysis. In an embodiment, a secure element is a stand-alone IC device and in other embodiments the secure element is integrated on an IC with other functional elements or the secure element is a stand-alone IC packaged together with another IC, such as the NFC controller 100. In the embodiment of
In an embodiment, the UICC 106 includes a subscriber identity/identification module (SIM) 112 that stores subscriber identity information that is used to identify and authenticate the subscriber that uses the wireless service provider network. In an embodiment, the UICC is a secure element as is known in the field of NFC. The integrated use of NFC and a UICC is defined by the European Telecommunications Standards Institute (ETSI). For example, ETSI has published the standards:
ETSI TS 102 622, Smart Cards; UICC—Contactless Front-end (CLF) interface; Host Controller Interface (HCI); and
ETSI TS 102 613, Smart Cards; UICC—Contactless Front-end (CLF) Interface; Part 1: Physical and data link layer characteristics.
The reader 12 includes a coil 113 to generate a local RF electromagnetic field to interrogate a device, such as the mobile communication device 10, in its near field. The reader may be used in a smart card reader, for example, where the mobile communication device 10 acts as a smart card. In another embodiment, the reader 12 is part of another device, such as another smartphone with an NFC interface, a peripheral connected to a payment system, or a peripheral of a computer.
In an embodiment, the NFC controller 100 of the mobile communication device 10 can be configured for use in a battery-less operation mode of the device, e.g., operation wherein the NFC controller receives at least part of its power supply from an electromagnetic field provided by the reader 12 instead of from a battery of the mobile communication device. Interrogation by the reader 12 may be used to exchange messages with the NFC controller 100. Such messages may be used, for example, in access control, with the mobile communication device 10 acting as an electronic key, or to perform electronic payments, with the mobile communication device 10 acting like a debit card, or to share information. The NFC controller 100 may execute a transaction involving communication with the reader 12, which may include exchanging messages using the NFC antenna 102, for example, to read and/or write data from/to the secure element 108. In an embodiment, the NFC controller includes a CPU, ROM, RAM, EEPROM, and I/O interfaces. An example of the NFC controller is the NFC controller, PN544 or PN547, by NXP SEMICONDUCTORS.
As shown in
A low-power alternative to SWP uses an extra wire. This extra wire produces a two wire protocol that is referred to herein as the Dual Wire Protocol (DWP). At the expense of one extra wire, DWP can reduce the NFC IC's current requirement to almost zero, while enabling higher transmission rates (e.g., quadruple or higher) as compared to SWP.
Another two wire protocol used to connect an NFC IC and a secure element is known as the NFC Wired Interface (NFC-WI), which is described by the European Computer Manufacturers Association (ECMA) in specification ECMA-373. NFC-WI uses two wires, SIGIN (signal-in) and SIGOUT (signal-out), and has three modes of operation: off, wired, and virtual mode. In off mode, there is no communication with the secure element. In wired mode, the secure element is visible to the NFC IC and in virtual mode, the secure element is visible to external RF readers.
Some disadvantages of using SWP to connect the NFC controller 100 and the secure element 108 are the need to serialize the payload and the need to encapsulate the data according to ETSI-Host Controller Interface (HCI) specification. Such operations can add latency to data transfers between the NFC controller and the secure element. Additionally, there is an overhead cost to software layers that are responsible for the encapsulation of data for use with SWP, NFC-WI, or DWP. Further, the operations required to implement SWP, NFC-WI, or DWP are vulnerable to errors that may cause communications problems.
In accordance with an embodiment of the invention, an interface system for interfacing between an NFC controller and a secure element is disclosed. In an embodiment, the interface system includes an interface memory, an interface controller, an NFC controller interface configured to exchange data between the interface system and an NFC controller, and a secure element interface configured to exchange data between the interface system and a secure element. In an embodiment, the interface system is configured to support parallel data communications (e.g., 8-bits wide) between the interface system and the NFC controller and between the interface system and the secure element. In an embodiment, the interface memory is a shared memory. Using such an interface system between an NFC controller and a secure element enables data to be communicated between the NFC controller and the secure element at higher data rates and with more flexibility than with the conventional interfaces.
The interface memory 230 of the interface system 220 may be random access memory (RAM). Other types of memory, e.g., Flash, Phase Change Memory, static RAM (SRAM), and non-volatile RAM (NV-RAM) may be used for the interface memory. The memory may be implemented as, for example, a shared memory, a first-in first-out (FIFO) memory, a dual-ported RAM. In an embodiment, the interface memory is able to store, for example, 256 bytes, 500 bytes, or 1 kbytes, and/or the size of the interface memory may be a multiple of a message size that is used to communicate between the NFC controller 200 and the secure element 208.
The NFC controller interface 232 of the interface system 220 provides an interface between the bus, Bus_NFCC, on the NFC controller side of the interface system and the interface memory 230. The NFC controller interface includes circuits such as, for example, converters, comparators, flip-flops, inverters, multiplexers, switches, latches, and/or registers that capture and manage the signals on the bus lines. The NFC controller interface also includes a bus interface (BI) 242 that provides a physical interface to the bus, Bus_NFCC. The bus, Bus_NFCC, may be a serial bus or a parallel bus. In the case of a parallel bus, the bus may include multiple bus lines for data (e.g., 8-bit, 16-bit, 32-bit parallel data lines), a bus line or bus lines for memory address information, a bus line or bus lines for control information, and/or a bus line or bus lines for clock information. Examples of different configurations of the bus, Bus_NFCC, are described below. In an embodiment where the bus, Bus_NFCC, connects two different ICs (e.g., see
The secure element interface 234 of the interface system 220 provides an interface between the bus, Bus_SE, on the secure element side of the interface system and the interface memory 230. The secure element controller interface includes circuits such as, for example, converters, comparators, flip-flops, inverters, multiplexers, switches, latches, and/or registers that capture and manage the signals on the bus lines. The secure element interface also includes a bus interface (BI) 244 that provides a physical interface to the bus, Bus_SE. The bus, Bus_SE, may be a serial bus or a parallel bus. In the case of a parallel bus, the bus may include multiple bus lines for data (e.g., 8-bit, 16-bit, 32-bit parallel data lines), a bus line or bus lines for memory address information, a bus line or bus lines for control information, and/or a bus line or bus lines for clock information. Examples of different configurations of the bus, Bus_SE, are described below. In an embodiment where the bus, Bus_SE, connects two different ICs (e.g., see
The interface controller 236 of the interface system 220 manages the exchange of data within the interface system and/or between the NFC controller 230 and the secure element 208. Example operations implemented by the interface controller include managing hardware handshakes, managing interrupts, implementing a wake-up in either direction (e.g., wake-up of the NFC controller, wake-up of the secure element, or wake-up of the interface system), buffer management (e.g., buffer availability, watermark level management, control to clear buffers, etc).
The NFC controller 200 connects to the interface system 220 via the bus, Bus_NFCC, and includes an NFC controller main memory 250 and an NFC controller bus interface 252. The NFC controller bus interface provides an interface to the bus, Bus_NFCC, which may include internal conductive connections or external conductive connections (e.g., conductive pads or landings) depending on the type of bus (e.g., internal or external) that is between the NFC controller and the interface system. The NFC controller bus interface includes an NFC controller interface memory 254 that provides a memory (e.g., RAM) that is separated from the NFC controller main memory 250 by an internal bus 256. The NFC controller interface memory insulates the NFC controller main memory from the bus, Bus_NFCC.
The secure element 208 connects to the interface system 220 via the bus, Bus_SE, and includes the secure element main memory 260 and a secure element bus interface 262. The secure element bus interface provides an interface to the bus, Bus_SE, which may include internal conductive connections or external conductive connections (e.g., conductive pads or landings) depending on the type of bus (e.g., internal or external) that is between the secure element and the interface system. The secure element bus interface includes a secure element interface memory 264 that provides a memory (e.g., RAM) that is separated from the secure element main memory by an internal bus 266. The secure element interface memory insulates the secure element main memory from the bus, Bus_SE.
In operation, the interface system 220 manages communications between the NFC controller 200 and the secure element 208. For example, a communication of data from the NFC controller to the secure element passes over the bus, Bus_NFCC, to and through the interface system and then over the bus, Bus_SE, to the secure element. When passing through the interface system, the data is received at the NFC controller interface 232, passed to the interface memory 230, passed to the secure element interface 234, and then transmitted to the secure element. Various different techniques can be applied to manage the data that passes through the interface system. For example, various techniques of data flow management can be applied to the data. In an embodiment, the interface memory of the interface system is implemented as dual-ported RAM or as single ported RAM. Additionally, the RAM can include a buffer or buffers 270 that are managed to avoid collisions on the buses. For example, buffers can be managed using a priority scheme such as a round-robin or weighted round-robin scheme that is implemented by the interface controller 236. In another embodiment, multiple buffers are allocated in the interface memory for communications in one or both directions. Providing multiple buffers enables the implementation of priority-based handling of traffic between the NFC controller and the secure element. In an embodiment, multiple buffers in the interface memory are used to implement data pipelining to speed up the data transfer rate, e.g., for long data transfer sequences. In another embodiment, multiple parallel buffers are implemented in the interface memory to enable handling of multiple logical data channels, which enables traffic isolation, fine granular traffic management, and/or traffic prioritization.
The interface system 220 as shown in
With reference to the NFC controller side, the data bus, Data_NFCC, is a parallel bus (e.g., 8-bits, 16-bits, or 32-bits wide) that is used to carry data (e.g., the payload) between the NFC controller 300 and the interface system 320. For example, the data may be the payload data that is being transferred between the NFC controller and the secure element 308. In an embodiment, the width of the data bus, Data_NFCC, matches a bit width of another bus within the mobile communications device 10 and/or matches a higher-level communications protocol used in the mobile communications device.
The address bus, Address_NFCC, is a parallel bus that is used to carry address information although the address bus could be a serial bus. For example, the address information may include the memory addresses associated with the payload data. In an embodiment, the width of a parallel address bus depends on the memory depth and memory size. For example, the interface memory may be on the order of 1 kbytes organized in a width of 1, 2, or 4 bytes, which may be served by a parallel address bus having an 8-bit width.
The control bus, Control_NFCC, is a serial bus that is used to carry control information. For example, the control information may include control information such as an Interrupt Request (IRQ) and status information regarding data status (e.g., a “DataReady” signal), wake up status (e.g., a “WakeUp” signal), buffer status (e.g., “BufferStatus,” BufferOverflow,” and/or “WatermarkLevel” signals).
With reference to the secure element side, the data bus, Data_SE, is a parallel bus (e.g., 8-bits, 16-bits, or 32-bits wide) that is used to carry data (e.g., the payload) between the secure element 308 and the interface system 320. For example, the data may be the payload data that is being transferred between NFC controller 300 and the secure element 308. In an embodiment, the width of the data bus, Data_SE, matches a bit width of another bus within the mobile communications device 10 and/or matches a higher-level communications protocol used in the mobile communications device. In an embodiment, the width of the data bus, Data_NFCC, matches the width of the data bus, Data_SE.
The address bus, Address_SE, is a parallel bus that is used to carry address information although the address bus could be a serial bus. For example, the address information may include the memory addresses associated with the payload data. In an embodiment, the width of a parallel address bus depends on the memory depth and memory size. For example, the interface memory may be on the order of 1 kbytes organized in a width of 1, 2, or 4 bytes, which may be served by a parallel address bus having an 8-bit width.
The control bus, Control_SE, is a serial bus that is used to carry control information. For example, the control information may include control information such as an Interrupt Request (IRQ) and status information regarding data status (e.g., a “DataReady” signal), wake up status (e.g., a “WakeUp” signal), buffer status (e.g., “BufferStatus,” BufferOverflow,” and/or “WatermarkLevel” signals).
In some case, it may be beneficial to integrate the interface system 220 onto the same IC as the secure element 208.
In an embodiment, the interface memory of the interface system is implemented using FIFO memory. Because a FIFO memory is organized as a queue, using a FIFO memory in the interface system can eliminate the need to track the addresses used for storing and reading data words.
In an embodiment, it may be desirable for the interface system to utilize clock information from the NFC controller and/or from the secure element. For example, it may be desirable to access the interface system on the clock of the NFC controller or the clock of the secure element. It may also be desirable to provide synchronization between different clock domains, e.g., between the clock domain of the NFC controller and the clock domain of the secure element.
In an embodiment, data can be communicated between an NFC controller and a secure element using an interface system as described with reference to
Although the operations of the method herein are shown and described in a particular order, the order of the operations of the method may be altered so that certain operations may be performed in an inverse order or so that certain operations may be performed, at least in part, concurrently with other operations. In another embodiment, instructions or sub-operations of distinct operations may be implemented in an intermittent and/or alternating manner.
In addition, although specific embodiments of the invention that have been described or depicted include several components described or depicted herein, other embodiments of the invention may include fewer or more components to implement less or more features.
Furthermore, although specific embodiments of the invention have been described and depicted, the invention is not to be limited to the specific forms or arrangements of parts so described and depicted. The scope of the invention is to be defined by the claims appended hereto and their equivalents.
Number | Name | Date | Kind |
---|---|---|---|
8351854 | Moosavi | Jan 2013 | B2 |
8811896 | Katz et al. | Aug 2014 | B2 |
9087227 | Kulkarni | Jul 2015 | B2 |
9224013 | Buer et al. | Dec 2015 | B2 |
20080121687 | Sklovsky et al. | May 2008 | A1 |
20090103732 | Benteo et al. | Apr 2009 | A1 |
20090247077 | Sklovsky et al. | Oct 2009 | A1 |
20140022060 | Boehler | Jan 2014 | A1 |
20140156872 | Buer et al. | Jun 2014 | A1 |
20140233732 | Buer et al. | Aug 2014 | A1 |
20140344945 | Buer et al. | Nov 2014 | A1 |
20150319273 | Trost | Nov 2015 | A1 |
20160099752 | Lee et al. | Apr 2016 | A1 |
20160309285 | Charles | Oct 2016 | A1 |
20170142159 | Li | May 2017 | A1 |
Number | Date | Country |
---|---|---|
2 738 671 | Jun 2014 | EP |
Entry |
---|
Smart Cards; UICC—Terminal interface; Physical and Logical characteristics (Release 12); ETSI TS 102 221 v12.0.0 (Dec. 2014); 64 pages. |
Smart Cards; UICC—Contactless Front-end (CLF) Interface; Part 1: Physical and data link layer characteristics (Release 11); ETSI TS 102 613 v11.0.0 (Sep. 2012); 57 pages. |
Smart Cards; UICC—Contactless Front-end (CLF) Interface; Host Controller Interface (HCI) (Release 12); ETSI TS 102 622 v12.1.0 (Oct. 2014); 64 pages. |
Near Field Communication Wired Interface (NFC-WI), ECMA-373, 1st Edition / Jun. 2006; 25 pages. |
Extended European Search Report for Patent Appln. No. 18176116.4 (dated Nov. 7, 2018). |
Number | Date | Country | |
---|---|---|---|
20190005284 A1 | Jan 2019 | US |