Independent security element & multi-sensors

SafePal S1 adopts dual-chip architect, separating sensitive security logic from general business logic inside the product. Inside SafePal S1 there implements an independent security element, whose purpose is to solely protect the safety of private key and approve every 'sending out' payments.

Features of the SafePal S1 security element:

1. Qualification of Common Criteria EAL5+ level.

The Evaluation Assurance Level is a numerical grade assigned following the completion of a Common Criteria security evaluation, an international standard in effect since 1999. There are 7 levels in the criteria(EAL1 through EAL7). The increasing assurance levels reflect added assurance requirements that must be met to achieve Common Criteria certification. EAL is widely adopted to evaluate whether an IT product or system can provide its security features more reliably (and the required third-party analysis and testing performed by security experts is reasonable evidence in this direction). It is also widely adopted in financial industry, where most of the debit cards and credit cards are using EAL4+ standard, one level lower than EAL5+.

Learn more about EAL: Evaluation Assurance Level here.

2. Multiple security sensors

SafePal S1 is embedded with multiple sensors. Should there be any attacks, such as non-intrusive attack, semi-intrusive attack and intrusive attack, detected by any of these sensors or modules, the security element will execute self-destroy mechanism, wiping all security data, thus preventing the attackers from gaining the private key.

  • High and low voltage detection module: to confront with fault injection attacks such as voltage attack or extreme temperature attack

  • High and low frequency detection module: to confront with frequency and electromagnetic attack

  • Filter: to shield and filter abnormal frequency

  • Light sensor: to detect light conditions when the chip is opened up. In such attack when the light sensor detects any light exposure, the secure element will clean all RAM data and enter protection mode, meaning no core program can be operated on the chip and the chip is under reset status, thus preventing the attackers to conduct any further attacks.

  • Pulse sensor: to detect abnormal pulse signal caused by physical attacks, and transfer warnings toward element processor

  • Temperature sensor: to detect abnormal temperature caused by electronic attack

  • Metallic shield: to detect electromagnetic attack when attacker tries to open up and probe the chip

3. Self-destroy mechanism

SafePal S1 is embedded with multiple sensors, the security chip would execute self-destroy mechanism, erasing all wallet data and leave no trace for the hackers. Don’t worry if the data is erased, your assets are still secure on chain and you can be recover them with the correct mnemonic phrase on a new SafePal device(See the security practice of keeping your mnemonic phrase secure).

4. Other important security schemes

  • RAM protection: supports RAM verification, data verification, un-readable verification area and RAM encryption scrambler, thus to confront with intrusive attacks and fault injections.

  • BUS encryption: encryption and verification of internal data transfer BUS including AHB(Advanced High performance Bus), APB(Advanced Peripheral Bus), etc. This is to protect the data from intrusive attack and fault injections.

  • Algorithm authentication and protection: including DES algorithm module and AES algorithm module, to prevent non-intrusive side-channel attacks