SE050
Plug & Trust Secure Element
Rev. 3.3 — 1 July 2021
504933
1
Product data sheet
Introduction
The SE050 is a ready-to-use IoT secure element solution. It provides a root of trust at the
IC level and it gives an IoT system state-of-the-art, edge-to-cloud security capability right
out of the box.
SE050 allows for securely storing and provisioning credentials and performing
cryptographic operations for security critical communication and control functions. SE050
is versatile in IoT security use cases such as secure connection to public/private clouds,
device-to-device authentication or protection of sensor data.
SE050 has an independent Common Criteria EAL 6+ security certification up to OS level
and supports both RSA & ECC asymmetric cryptographic algorithms with high key length
and future proof ECC curves. The latest security measures protect the IC even against
sophisticated non-invasive and invasive attack scenarios.
The SE050 is a turnkey solution that comes with Java Card operating system and an
applet optimized for IoT security use cases pre-installed. This is complemented by a
comprehensive product support package, enabling fast time to market & easy designin with Plug & Trust middleware for host applications, easy to use development kits,
reference designs, and extensive documentation for product evaluation.
The SE050 is a product platform that comes in several pin-to-pin compatible product
variants, see [4].
Additional information on the integration can be found in several application notes on the
NXP website. Also see [3].
For additional information on guidelines for the usability of SE050 and the security
recommendations for using the module, see [5]
To implement inclusive language, the terms "master/slave" has been replaced by
"controller/target", following the recommendation of MIPI.
1.1 SE050 use cases
•
•
•
•
•
•
•
•
•
Secure connection to public/private clouds, edge computing platforms, infrastructure
Device-to-device authentication
Secure data protection
Secure commissioning support
Secure CL/MIFARE/Wi-Fi interactions
Device ID for blockchain
Secure key storage
Secure provisioning of credentials
Ecosystem protection
SE050
NXP Semiconductors
Plug & Trust Secure Element
1.2 SE050 target applications
•
•
•
•
Smart Industry
Smart Home
Smart Cities
Smart Supply Chains
HOST MCU/MPU
SE050
SENSOR
ACTUATOR
IoT APPLET
PLUG AND TRUSTMW
I2C
JCOPOS
I2C
14443
7816
SDA SCL
LB
SCL SDA LA
CLK IO2: SCL
RST IO:SDA
I2C target
SW I2C controller
NFC DEVICE
READER
14443
aaa-032990
Figure 1. SE050 solution block diagram
Note: SE050 is designed to be used as a part of an IoT system. It works as an auxiliary
security device attached to a host controller. The host controller communicates with
SE050 through an I²C interface (with the host controller being the I²C controller and the
SE050 being the I²C target). Besides the mandatory connection to the host controller, the
SE050 device can optionally be connected to a sensor node or similar element through a
separate I²C interface. In this case, the SE050 device is the I²C controller and the sensor
node the I²C target. Lastly, SE050 has a connection for a native contactless antenna,
providing a wireless interface to an external device like a smartphone.
1.3 SE050 naming convention
The following table explains the naming conventions of the commercial product name
of the SE050 platform. Every SE050 product gets assigned a commercial name, which
includes application specific data.
The SE050 commercial names have the following format.
SE05yagddd/Zrrff
All letters are explained in Table 1 .
Table 1. SE050 commercial name format
Variable
Meaning
Values
y
JCOP version
0
a
Applet Config
A
B
C
D
SE050
Product data sheet
Description
Configuration options with different key provisioning
options, see [4]
All information provided in this document is subject to legal disclaimers.
Rev. 3.3 — 1 July 2021
504933
© NXP B.V. 2021. All rights reserved.
2 / 32
SE050
NXP Semiconductors
Plug & Trust Secure Element
Table 1. SE050 commercial name format...continued
Variable
Meaning
Values
Description
g
Temperature range
1
2
standard operational ambient temperature
1 = -25 °C - 85 °C ,
2 = -40 °C - 105 °C
ddd
Delivery Type
HQ1
HX2QFN20
Letters and
numbers
NXP internal code to identify individual configurations
Zrrff
2
Features and benefits
2.1 Key benefits
• Plug & Trust for fast and easy design with complete product support package
• Easy integration with different MCU & MPU platforms and OS´ (Linux, RTOS, Windows,
Android, etc.)
• Turnkey solution ideal for system-level security without the need to write security code
• Secure credential injection for root of trust at IC level
• Secure, zero-touch connectivity to public & private clouds
• Real end-to-end security, from sensor to cloud
• Ready-to-use example code for each of the key use cases
2.2 Key features
The SE050 is based on NXP's Integral Security Architecture 3.0™ providing a secure
and efficient protection against various security threats. The efficiency of the security
measures is proven by a Common Criteria EAL6+ certification.
The SE050 operates fully autonomously based on an integrated Javacard operating
system and applet. Direct memory access is possible by the fixed functionalities of the
applet only. With that, the content from the memory is fully isolated from the host system.
• Built on NXP Integral Security Architecture 3.0 ™
• Uses advanced 40 nm silicon foundry technology
• CC EAL 6+ and SESIP4 certified HW and OS as environment to run NXP IoT
applications, supporting fully encrypted communications and secured lifecycle
management
• FIPS 140-2 certified platform with Security Level 3 for OS and Applet, and Security
Level 4 related to Physical Security of the HW
– Disclaimer: FIPS certification require a specific product type. For more information,
refer to [4].
• Effective protection against advanced attacks, including Power Analysis and Fault
Attacks of various kinds
• Multiple logical and physical protection layers, including metal shielding, end-to-end
encryption, memory encryption, tamper detection
• Support for RSA and ECC asymmetric cryptography algorithms, future proof curves
and high key length, e.g. Brainpool, Edwards and Montgomery curves
• Support for AES and DES symmetric cryptographic algorithms for encryption and
decryption
SE050
Product data sheet
All information provided in this document is subject to legal disclaimers.
Rev. 3.3 — 1 July 2021
504933
© NXP B.V. 2021. All rights reserved.
3 / 32
SE050
NXP Semiconductors
Plug & Trust Secure Element
• Support for AES Modes: CBC, ECB, CTR
• HMAC, CMAC, SHA-1, SHA-224/256/384/512 operations
• Various options for key derivation functions, including HKDF, MIFARE KDF, PRF (TLSPSK)
• Optional extended temperature range for industrial applications (-40 °C to +105 °C)
• Small footprint HX2QFN20 package (3x3 mm)
2
2
• Standard physical interface I C target (High-speed mode, 3.4 Mbps), I C controller
(Fast mode, 400 kbps). Both can be active at the same time
• Dedicated CL wireless interface for IoT use cases simplifying configuration set-up,
maintenance in the field and late stage configuration
• Secured user flash memory up to 50 kB for secure data or key storage
• Support for SCP03 protocol (bus encryption and encrypted credential injection) to
securely bind the host with the secure element
• Support for applet level secure messaging channels to allow end-to-end encrypted
communication in multi-tenant ecosystems
2.3 Features in detail
Table 2. Feature Overview
Categories
Subcategory
Value
Standards
Security certification
CC EAL6+ (HW+JCOP), FIPS 140-2
L3, SESIP4
JavaCard version
3.0.5
GlobalPlatform specification version
GP 2.3.1
ECC
ECDSA, ECDH, ECDHE, ECDAA,
EdDSA
MAC
HMAC, secure HMAC, CMAC
Hash
SHA-1, SHA-224, SHA-256, SHA-384,
SHA-512
Key derivation
HKDF, PBKDF2, PRF (TLS-PSK),
MIFARE-AES-KDF
AES
AES (128, 192, 256)
AES Modes
CBC, ECB, CTR
3DES
2K, 3K
RSA
RSA cipher for de-/encryption (up to
4096 bit)
ECC
ECC NIST (192 to 521 bit)
Cryptography
Crypto curves
Brainpool (160 to 512 bit)
Twisted Edwards Ed25519 /
Montgomery Curve25519
Koblitz (192 to 256 bit)
Barreto-Naehrig Curve 256 bit
50 kB
User memory
up to 100 Mio write cycles / 25 years
Memory reliability
Interfaces
SE050
Product data sheet
2
I C Target
All information provided in this document is subject to legal disclaimers.
Rev. 3.3 — 1 July 2021
504933
High-speed mode (3.4 Mbps)
© NXP B.V. 2021. All rights reserved.
4 / 32
SE050
NXP Semiconductors
Plug & Trust Secure Element
Table 2. Feature Overview...continued
Categories
Subcategory
2
Power saving modes
Temperature
Packaging
SE050
Product data sheet
Value
I C Controller
Fast Mode (400 kbit/s)
Contactless
ISO14443-A PICC
Power-Down (with state retention)
< 500µA
Deep Power-Down (no state retention)
VIN, Vcc
Vesd_hbm
electrostatic discharge voltage
(Human Body Model)
pads VCC, VSS, RST_N,
2
2
I C_SDA, I C_SCL, IO1, IO2,
CLK
[2]
Vesd_cdm
electrostatic discharge voltage
(Charge Device Model)
pads VCC, VSS, RST_N,
2
2
I C_SDA, I C_SCL, IO1, IO2,
CLK
[3]
Ptot
Total power dissipation
Tstg
Storage temperature
[2]
[3]
[4]
Max
2
IO
[1]
Min
[4]
100
mA
± 2.0
kV
± 500
V
-
600
mW
-55
+125
°C
Maximum supported supply voltage is 6 V. The SE050 is characterized for the specified operating supply voltage range of 1.62 V to 3.6 V. In case of
supply voltages above 3.6 V, Deep Power-down mode current