Got a question?

+91 85272 53651

For more information or any query, please give us a call on this number

PCI certified secure transaction processing board

Introduction

Fare collection systems in transit applications would generally handle closed and open loop cards. Closed loop cards are of the MIFare / DESFire and Felica types and the open loop cards are the bank issued EMV cards.

The security and transaction processing requirements of both card types is slightly different, where the bank card handling at the ECU board needs a higher degree of security compliance – PCI certification / AES 128/256 bit encryption and more. Hence, we at NextGen have developed a secure ECU board, capable of handling the card processing needs for card and account based ticketing in transit.

The ECU board is based on a Renesas RZG1E processor. The broad delivery specifications on this board are :

AFCS board Input Voltage 12VDC
Consumption Current Idle mode 600 mA
Peak Current Inrush (normal) – 2.0 Amp
Peak – 3.0 A
Communication Speed With R/W 115,200 baud
Interface USB 2.0 for R/W board
USB 2.0 for ECU
(port 1 = slave
Port 2 = master / slave)
Ethernet for Middleware x 2 nos Nos (backup) 10/100 and 100/1000 MPBS
OS Embedded linux (detail version will be added at next update) with Ubuntu 16.0 as the base OS OR Linux-OS CIP-4.185
Memory size 1 GB + SD card up to 32 GB
Processing speed 1.2 GHz
Certification Secure IP
Dimensions (H x W x L mm) 147 x 105 x 40 mm

Overview

The broad outline for the layout and design specifications are detailed as here :

2.1 The design concept :

The design concept of this secure ECU processing board is a System on Module (SOM), where the OS and the application reside on a secure SD card, and the OS and the application are compiled together as a single build and loaded on the SOM board. During the boot up process, the OS and the application are read from the SD card and loaded onto the RAM of the processor board and the processing then is processed from this virtual application.

Advantages here :

The ECU board is based on a Renesas RZG1E processor. The broad delivery specifications on this board are :

  • Security : its not possible to change the application here without access to the whole SD card application which includes the OS
  • Power consumption : very low, hence low heat generation and able to operate in the closed gate operations
  • Moving parts : NIL, there is no cooling fan needed here, hence low operational and maintenance costs.
2.2 The Physical Dimensions :
2.3 The actual view
2.4 Screen Printing
2.5 Dimensions
  • PCB size : 147 x 105 mm
  • Hole to hole : 139 x 96 mm
  • Hole diameter : 6 mm
2.6 Connector Specifications for the Carrier Board
S. No Connector No. Description Connector specifications
1 J2 JTAG Connector. Normal 2.54mm two row Header
2 J4 Ethernet 10/100/1GHz. 769-AXK724147G
3 J5 Ethernet 10/100Mbps or PDC Interface Camera. 112J-TDAR-R01
4 CN1 SD Card. 112J-TDAR-R01
5 CN2 Dual USB 2.0 (KUSBX-AS2N-B)
6 J9 / CN3 24 bit RGB 7 inch TFT with resistive touch screen and 10.1 inch CTP. Not mounting for Nextgen
7 J13 Debug Micro USB connector. 207A-BAB0-01
8 J14/15 Audio Codec microphone and speaker.
9 J45/46 CAN 2 port.
10 J28.J29/ J44 / J41 UART 4 Port. Single row 2.54mm header

Security Features

Keeping in view the security requirements on the card ( open loop ) processing application from the banks, the security features enabled on this board broadly are :

Function Description
Encrypted kernel booting The kernel in the non-volatile memory is encrypted to prevent illegal copying of software. Detection of tampering or the illegal copying is enable at the booting up.
Encrypted communications Secure communications are enable by mutual authentication between the product and server (SSL/TLS).
Secure storage Data are encrypted and decrypted by device-specific key. By device-specific key, only the product in which encrypted the data can decrypt the data.
Secure software updates The key and Linux kernel used in encrypted kernel booting are updated safely.
Basic cryptographic functions The basic functions of encryption/decryption provided. (See Table 1-2.)

Cryptographic Functionality Provided within the Security Solution

Encryption Algorithm
Symmetric cryptography AES algorithm in CBC mode (128 or 256 bits)
Asymmetric cryptography RSA (1024 or 2048 bits)
Hashing algorithm SHA-1 or SHA-256
MAC HMAC (SHA-1 or SHA-256)
CMAC (AES-128 or AES-256)