NXP A71CL Data sheet

1. Introduction

A71CL

Plug & Trust Secure Element

Rev. 3.1 — 10 September 2020 512331

The A71CL is a ready-to-use solution providing a root of trust at the IC level and proven, chip-to-cloud security right out of the box. It is a platform capable of securely storing and provisioning credentials, securely connecting IoT devices to cloud services and performing cryptographic node authentication.

The A71CL solution provides security measures protecting the IC against physical and logical attacks. The solution is meant to be integrated with a host platform and running operating systems adding a chain of trust for a broad range of applications. The product is delivered with a manual and documents to provide guidance on its integration.

Product short data sheet

COMPANY PUBLIC

NXP Semiconductors

2. General description

2.1 A71CL naming conventions

The following table explains the naming conventions of the commercial product name of the A71CL products. Every A71CL product gets assigned such a commercial name, which includes also customer and application specific data.

The A71CL basic type names have the following format.

A71CLxagpp(p)

The ‘A71CL’ is a constant, all other letters are variables, which are explained in Table 1.

Table 1. A71CL commercial name format

Variable Meaning Values Description

x IC hardware specification

a embedded operating

g embedded application

pp(p) package type code

code

system code

firmware (applet) code

dd(d)= Delivery Type, TK2= HVSON8 (4x4)

A71CL

Plug & Trust Secure Element

1 standard operational ambient temperature:

−25 °C to +85 °C I2C interface supported

2 standard operational ambient temperature:

−40 °C to +90 °C I2C interface supported

C Java card operating system

L L is a fixed value = IoT security applet pre

installed

2.2 I2C interface

Depending on the interface pins state at boot, see Section 7 “Pinning information” for more details; the default I2C address after power-on-reset is 0x90 for Write, and 0x91 for Read.

2.3 Security licensing

NXP Semiconductors has obtained a patent license for SPA and DPA countermeasures from Cryptography Research Incorporated (CRI). This license covers both hardware and software countermeasures. It is important to customers that countermeasures within the operation system are covered under this license agreement with CRI. Further details can be obtained on request.

Product short data sheet COMPANY PUBLIC

Rev. 3.1 — 10 September 2020

512331 2 of 24

NXP Semiconductors

3. Features and benefits

3.1 Key benefits

 Secure, zero-touch connectivity  End-to-end security, from chip to edge to cloud  Secure credential injection for IC-level root of trust  Fast design-in with complete product support package  Easy to integrate with different MCU platforms

3.2 Security features

The A71CL security concepts includes many security measures to protect the chip. The A71CL operates fully autonomously based on an integrated Javacard operating

system and applet. Direct memory access is possible by the fixed functionalities of the applet only. With that, the content from the memory is fully isolated from the host system.

Attack protection by integrated design measures in the chip layout, the logic and the functional blocks.

A71CL

Plug & Trust Secure Element

3.3 Cryptography features

 Message digest with SHA1, SHA224, SHA256  Random number generator  Asymmetric key storage type: RSA Standard or RSA CRT  Auto RSA key generator ranges from 512-bit key length to 2048-bit key length. Either

RSA Standard or RSA CRT.

 Symmetric encryption/decryption with DES_CBC_NOPADDING,

DES_ECB_NOPADDING, AES_CBC_NOPADDING, AES_ECB_NOPADDING.

 Symmetric signature/verification with DES_CBC_ISO9797_M1,

DES_CBC_ISO9797_M2, AES_CBC_ISO9797_M1, AES_CBC_ISO9797_M2.

 Asymmetric encryption/decryption with RSA_NOPADDING, RSA_ PKCS1.  Asymmetric signature/verification with RSA_SHA1(PKCS1), RSA_SHA256.  Service data storage: the storage data read and write is protected by SCP.  SCP 02 service with option “i” = ‘55’.

Product short data sheet COMPANY PUBLIC

Rev. 3.1 — 10 September 2020

512331 3 of 24

NXP Semiconductors

3.4 Functional features

 400 kbit/s I2C Fast-mode interface  −40 °C to +90 °C operational ambient temperature (A7102)  On-chip Javacard operating system  40 µA typical sleep mode current with I2C pads in tristate mode  10 µA max deep sleep mode current with I2C pads in tristate mode  High-performance Public Key Infrastructure (PKI)  EEPROM with min 500,000 cycles endurance and min 25 years retention time  HVSON8 package

A71CL

Plug & Trust Secure Element

Product short data sheet COMPANY PUBLIC

Rev. 3.1 — 10 September 2020

512331 4 of 24

NXP Semiconductors

4. Applications

4.1 Use Cases and target applications

 A710xCL EXAMPLE USE CASES

 A710xCL TARGET APPLICATIONS

A71CL

Plug & Trust Secure Element

 Secure connection to public/private clouds, edge computing platforms,

infrastructure

 Secure commissioning  Device-to-device authentication  Proof of origin / anti-counterfeiting  Key storage and data protection

 Connected industrial devices  Sensor networks  IP cameras  Home gateways  Home appliances

Product short data sheet COMPANY PUBLIC

Rev. 3.1 — 10 September 2020

512331 5 of 24

NXP Semiconductors

Plug & Trust Secure Element

5. Ordering information

5.1 Ordering options

Table 2. Ordering information

Type number

A7101agTK2/... HVSON-8 plastic thermal enhanced very thin small outline package; no leads; 8 A7102agTK2/...

[1] a = A or C, g = G, C or A, according to the A71CL type classification see Section 2.1 “A71CL naming conventions”

Table 3. A71CL feature table

Product type

A7101CLpp(p) −25 °C to +85 °C I2C A7102CLpp(p) −40 °C to +90 °C

[1]

Package Name Description Version

terminals; body 4 × 4 × 0.85 mm

Table 3 gives an overview of available A71CL product types.

[1]

Operational ambient temperature Interface option

A71CL

SOT909-1

[1] HN1, according the A71CL type classification see Section 2.1 “A71CL naming conventions”

Table 4. A71CL type description

Orderable type Product type number 12NC Operational

ambient temperature

A7101CLTK2/T0BC2— A7101CLTK2/T0BC27J A7101CLTK2/T0BC27F 935372576118 −25 °C to +85 °C Baidu Cloud credential A7102CLTK2/T0BC2AJ

[1] product can be made available, please consult our sales for more details

[1]

A7101CLTK2/T0BC2BY 935380944118 −25 °C to +85 °C Customer Programmable

[1]

A7102CLTK2/T0BC2XQ 935379153118 −40 °C to +90 °C

Description

5.1.1 Ordering A71CL samples

Samples can be ordered from NXP Semiconductors from the NXP website. Note that NXP Semiconductors can provide up to 5 pieces free of charge. Larger

quantities have to be ordered separately.

[1]

Product short data sheet COMPANY PUBLIC

Rev. 3.1 — 10 September 2020

512331 6 of 24

NXP Semiconductors

6. Functional description

6.1 I2C Interface

The A71CL uses I2C as communication interface as described in the following section. The A71CL commands are wrapped using the Smartcard I2 protocol (SCI2C). The detailed documentation for the A71CL commands in the APDU Specification and SCI2C encapsulation (Ref. 3) is available in NXP DocStore.

The A71CL has an I2C interface in slave mode, supporting data rates up to 400 kbit/s operating in Fast-Mode (FM). The I2C interface is using the Smartcard I2C protocol as defined in Ref. 3 which is based on SMBus. Depending on the interface pins state at boot, see Section 7 for more details. The default I2C address after power-on-reset depends on the bootup condition as shown in Table 5.

6.2 Automatic Communication Mode detection at Power on

The IC configures its interface according to the pin state as shown in the table below. The host system must keep the voltage levels stable at these pins for at least 500 µs after power-on-reset.

A71CL

Plug & Trust Secure Element

Table 5. I2C address

Value at startup I2C address

IF0 IF1 I2C_SCL I2C_SDA Write Read

0 x 0 0 n.a. n.a. 1 0 1 1 0x90 0x91 1 1 1 1 0x92 0x93

6.3 Power-saving modes

The device provides two power-saving operation modes, the SLEEP mode and the DEEP SLEEP mode. These modes are activated via pad RST_N (DEEP SLEEP mode) or by the device.

6.3.1 SLEEP mode

The SLEEP mode has the following properties:

• all internal clocks are frozen,

• CPU enters power saving mode with program execution being stopped,

• CPU registers keep their contents,

• RAM keeps its contents,

The A71CL enters automatically into SLEEP mode and also wakes up automatically from SLEEP mode. In SLEEP mode, all internal clocks are stopped. The IOs hold the logical states they had at the time IDLE was activated. During SLEEP mode security sensors HVS, LVS, LTS, HTS, Light Sensors, Glitch Sensors and Active Shielding are disabled.

There are two ways to exit from the SLEEP mode:

• A reset signal on RST_N

• An External Interrupt edge triggered by a falling edge on I2C_SDA

Product short data sheet COMPANY PUBLIC

Rev. 3.1 — 10 September 2020

512331 7 of 24

NXP Semiconductors

6.3.2 DEEP SLEEP mode

The A71CLx provides a special sleep mode offering maximum power saving. It is reached by pulling RST_N to a logic zero level for more than 500 µs.

While in deep sleep mode the internal power is completely switched off and only the IO pads stay supplied. All digital pads will stay in high-Z mode.

To leave the DEEP SLEEP mode RST_N has to be released and set to a logic „1“ level.

A71CL

Plug & Trust Secure Element

Product short data sheet COMPANY PUBLIC

Rev. 3.1 — 10 September 2020

512331 8 of 24

+ 16 hidden pages

NXP A71CL Data sheet

Specifications and Main Features

Frequently Asked Questions

User Manual