Secure Micro with BLE Safeguards Contactless Payment SystemsFollow article
Secure Micro with BLE Safeguards Contactless Payment Systems
By Gregory Guez, Executive Director, Embedded Security, Maxim Integrated
From grocery stores to restaurants, contactless payment systems are providing a fast, convenient way to take care of the bill. The prevalence of smartphones and wearable devices, along with technologies like radio-frequency identification (RFID) and near-field communication (NFC), are indeed transforming the point-of-sales (POS) landscape.
Conducting payments using smartphones and wearables could just be the start as the internet of things (IoT) becomes more prevalent in our everyday lives. Take a look at Visa, which envisions payment processing via cars and has expanded its Visa Ready Program to certify and secure payment transactions for the IoT. “Imagine with just a touch of a button, consumers could pay for gas, food or parking without leaving their connected car,” the company notes in a blog post. Indeed, the contactless payment market is anticipated grow to US$17.56 billion by 2021, up from US$6.70 billion in 2016, according to B2B research firm MarketsandMarkets.
While contactless payments are undoubtedly convenient, we also can’t neglect the matter of security, especially with IoT devices. Enhancing trust in this area can be a boon to its adoption.
Protecting On-the-Go Payments
Central to the mobile POS (mPOS) market are small, self-contained devices featuring a display, keypad, magnetic stripe reader, and smartcard and contactless card reader. These devices connect to a smartphone or tablet over Bluetooth or WiFi. To meet stringent payment certifications, designers include highly integrated secure microcontrollers into their mPOS designs. The secure chip provides payment-specific functions like secure key storage, enables cryptographic capabilities, and ensures proper tamper detection and reaction. Some designers choose to use multiple discrete chips for functions such as contactless payment, magnetic stripe reader, and Bluetooth. Bluetooth Low Energy (BLE) 4.2 provides encryption and secure connections (authentication) that allow only trusted owners to track device location and confidently pair devices. A multiple-chip methodology is, of course, more expensive and complex when it comes to development and security. Also, many of the underlying technologies available do not scale—they are limited in embedded flash memory available to support increased functionality. For software developers, an ideal scenario would be to have unlimited flash.
A new single-chip solution is now available to addresses the complexity as well as scalability and security requirements for mPOS contactless payment designs. Maxim’s MAX32565 device is a secure Arm® Cortex®-M4 microcontroller with contactless payment and Bluetooth support. With the MAX32565, there’s no need to use multiple discrete chips because it provides, in a single chip, contactless, Bluetooth Low Energy 4.2, magnetic card reader, and smartcard capabilities. Its 128KB of SRAM can be configured to be AES encrypted and battery backed. Memory space can be further expanded through external fast serial flash memories via its flexible Quad-SPI controller with execute-in-place (XIP) support as well as support for on-the-fly decryption and authentication. The Quad-SPI controller provides a high level of security as the code is decrypted in real time. It also checks for authenticity, reducing the risk of illegal code or fraudulent code relocation in external flash. Secure memory expansion also allows complex firmware with large font sets and graphics. The secure microcontroller includes a high-performance cryptographical engine as well as a True Random Number Generator and a high-level library that’s immune to side-channel attacks. The level of security provided here is compatible with PCI-PTS 5 requirements.
The MAX32565 secure microcontroller protects mobile payment/portable terminals, ATM/financial terminals, PCI payment terminals, as well as industrial gateways and access control systems like keyless entry. The MAX32565-KIT evaluation kit provides an easy way to assess the device’s capabilities. A similar version of this blog post originally appeared on Maxim’s mgineer blog.