Friday, December 12, 2014

ARM Powered® smartphones with NFC technology

Turing machines, first described by Alan Turing in (Turing 1937), are simple abstract computational devices intended to help investigate the extent and limitations of what can be computed.  - Stanford Encyclopedia of Philosophy
The head and the tape in a turing machine
There are a large number of Near field communication (NFC)-enabled phones (devices) on the consumer market. LG, Huawei, Motorola, Samsung, HTC, Nokia, ZTE, Sony, RIM, Amazon, and Apple manufacture and sell mobile phones with NFC technology.

 There are many common denominators at the hardware and software levels between all of the phones that have NFC technology. First, all mobile phones contain a main (application) processor. If the phone is manufactured by one of the companies listed above, then the application processor is an ARM® microprocessor. There may be one or two exceptions, but if you were to sample 150 current phones across all of these manufacturers then you would find that 99% of the phones contain ARM® technology. Operating systems that run on the ARM Powered® processors contained within phones from these manufacturers are similar in that they support preemptive multitasking.  The majority share of these devices run the Linux operating system or a UNIX-based operating system.

 An ARM Powered® smartphone with NFC technology contains other microprocessors on its printed circuit board (PCB).  These other microprocessors consist of the radio frequency (RF) controller or contactless front end (CLF) and an optional embedded secure element (eSE).    The CLF is responsible for managing contactless communication at 13.56MHz.  The eSE and SE (external UICC-based or microSD card based) are responsible for secure application execution and the secure storage of sensitive payment or identification information. A trusted OS runs on the eSE and/or SE.  A mobile phone may contain both an eSE and a UICC-based or microSD-based SE.  For such a configuration where multiple secure elements exist on the phone, different trusted operating systems may run on the phone's secure elements and different trusted applications (client applications) may run on the trusted operating systems.  One trusted application may be responsible for secure VISA payments and another trusted application may be responsible for electronic identification (eIdentification).

The RF controller and the embedded secure element (eSE) are both soldered directly to the PCB; typically within the same IC package.  The RF controller may exist on the circuit board without the eSE. The eSE is an optional hardware component on a mobile phone that contains NFC technology.  The RF controller and eSE are soldered to the PCB by the phone manufacturer.  Alternatively, the secure element used for NFC may be external.  An external secure element is one that is located on the mobile phone's UICC or microSD card.  When a mobile phone is purchased from a local cell phone store, a UICC card is usually inserted in the phone by the person at the store who you purchased the phone from. If purchased from one of the main operators in the United States, the UICC card contains a secure element.  It is important to note that the existence of an embedded secure element and a UICC-based or microSD-based secure element on the same mobile phone are not mutually exclusive.  The secure elements may serve different purposes.

 As mentioned above, ARM Powered® smartphones with NFC technology may contain a single type of secure element.  Such a phone may only contain a CLF or RF controller.  Mobile phones with a CLF and no secure element may provide emulation of the software running on the secure element via the operating system and application software running on the application processor.  This is called host card emulation (HCE).

There are numerous configurations of NFC technology on mobile phones.  Each of the components described exposes one or more hardware interfaces for communication and interconnection with neighboring components on the printed circuit board.  Hardware bus protocols and software communication protocols run on top of the wires that connect the individual components on the printed circuit board.  These include familiar bus protocols such as I²C, S2C (NFC-WI), SWP, and SPI. (more on this later).  It is important to note that a typical ARM Powered® smartphone with NFC technology has a CLF that is connected to the application processor via both I²C and UART.  This is good because I²C device drivers are not complicated and reading/writing to a tty on an ARM Powered® smartphone is straightforward.  Lastly, the CLF typically contains an optimized 80C51 processor. The CLF may be packaged with a secure element and the secure element may contain an optimized 8051 core or newer RISC based core.  The secure element will also contain dedicated crypto co-processors for performing asymmetric or symmetric cryptographic operations (i.e. FameX).  Custom firmware runs on the CLF and it can usually be updated via the host operating system over UART. 80C51 firmware for the CLF is usually C code. (more on this later).  A trusted OS (e.g. JCOP) and trusted applications (applets) run on the secure element.  Lastly, if the CLF and secure element are contained within a single IC that is soldered on to the PCB, then they are usually connected via S2C (NFC-WI) internally.  As a side note, ARM® designs and manufactures ARM® Keil® development boards.  Arm® Keil® and Ashling are two of the most prevalent companies who sell compilers and development toolkits for embedded microprocessors such as the 80C51.  Ashling sells a nice series of in-circuit emulators (ICE) for debugging SmartMX and SmartMX2 microcontrollers.
secure element IC
The architectural variations of the NFC hardware technology contained within current mobile phones can be summarized as follows. The most common configurations are at the top.  It has come to my attention that several of the card issuers have tested the microSD SE configuration on certain phones. I cannot validate the authenticity of which handsets have the physical S2C or SWP wiring between the microSD card and CLF, so the last column contains a -.

Application ProcessorApplication Processor OSCLFeSEUICC SEmicroSD SE
ARM Powered®AndroidYESYESYES-
ARM Powered®AndroidYESNOYES-
ARM Powered®AndroidYESYESNO-

ARM and Cortex are registered trademarks of ARM Limited (or its subsidiaries) in the EU and/or elsewhere. All rights reserved. ARM and TrustZone are registered trademarks of ARM Limited (or its subsidiaries) in the EU and/or elsewhere. All rights reserved. ARM and SecurCore are registered trademarks of ARM Limited (or its subsidiaries) in the EU and/or elsewhere. All rights reserved. ARM and Keil are registered trademarks of ARM Limited (or its subsidiaries) in the EU and/or elsewhere. All rights reserved.Freescale, the Freescale logo, AltiVec, C-5, CodeTEST, CodeWarrior, ColdFire, ColdFire+, C-Ware, the Energy Efficient Solutions logo, Kinetis, MagniV, mobileGT, PEG, PowerQUICC, Processor Expert, QorIQ, QorIQ Qonverge, Qorivva, Ready Play, SafeAssure, the SafeAssure logo, StarCore, Symphony, VortiQa, Vybrid and Xtrinsic are trademarks of Freescale Semiconductor, Inc., Reg. U.S. Pat. & Tm. Off. SMARTMX is a trademark of NXP B.V. SMARTMX2 is a trademark of NXP B.V. JCOP is a trademark of NXP B.V. Android is a trademark of Google, Inc. QNX and Neutrino are registered trademarks of QNX Software Systems Ltd. IOS is a trademark or registered trademark of Cisco in the U.S. and other countries.

No comments:

Post a Comment