The STSAFE-V500 system on chip is a top-class embedded secure element (eSE) able to manage Java® Card applets from different stakeholders (such as the user, original equipment manufacturer (OEM), hardware integrator, or service provider).
The STSAFE-V500 is providing a full range of solutions according to different use cases detailed in this document such as:
StrongBox (SB) In vehicle CCC digital key (DK) Qi charging (Qi) Open Java ® Card platform (JC)
Each solution is identified as a standalone turn key solution (no dynamic switch possible between the different solutions).
It also proposes an open Java® Card pen platform capable of loading any third-party Java® Card applet.
Both a turn key solution and an Open Java® Card platform solution offer a common backbone to ease final user integration; this document describes the common set of features (the common backbone) and highlights also specific features relevant for each turn key solution.
The device is compliant with Java® Card 3.0.5 with enhanced mechanisms of memory management, security, and data management.
It also supports the GlobalPlatform® Card Specifications v.2.3 and related amendments:
GlobalPlatform ® amendment C – Contactless services v1.3 (support of the "cumulative delete" and "get status" sections) GlobalPlatform ® amendment D – Secure channel protocol SCP03 v1.1.1 GlobalPlatform ® amendment F – Secure channel protocol ‘11’ v1.2.1 GlobalPlatform ® amendment H – Executable load file upgrade v1.1 GlobalPlatform ® access control v1.1 GlobalPlatform ® APDU communication over I²C/SPI based on the GlobalPlatform ® “APDU transport over I2C/SPI” specification v1.0 GlobalPlatform ® SE configuration v2.0
The STSAFE-V500 is integrated with Android™ applications Keymint and Weaver. It can also host STMicroelectronics applications for secure storage.
It supports multiple logical secure elements that allow multiple Android™ Linux® virtual machines executing on a hypervisor environment accessing Java® Card applications.
It provides state-of-the-art security for the provided functionality, resistant to recent EMVCo/JIL hardware-related attacks subgroup (JHAS) identified vulnerabilities; it ensures a high level of security and isolation between applications, and Common Criteria EAL5+ certification is ongoing (specific for SB).