at88sc0104c ATMEL Corporation, at88sc0104c Datasheet
at88sc0104c
Available stocks
Related parts for at88sc0104c
at88sc0104c Summary of contents
Page 1
... Programmable 8-byte Answer-To-Reset Register – ISO 7816-2 Compliant Modules • High Reliability – Endurance: 100,000 Cycles – Data Retention: 10 years – ESD Protection: 4,000V CryptoMemory Specification For Standard Mode of Operation AT88SC0104C AT88SC0204C AT88SC0404C AT88SC0808C AT88SC1616C AT88SC3216C AT88SC6416C AT88SC12816C AT88SC25616C 5210A–SMIC–04/07 ...
Page 2
AT88SC0104/0204/0404/0808/1616/3216/6416/12816/25616C ii 5210A–SMIC–04/07 ...
Page 3
... Scope and Purpose of This Document .....................................................................2 3.1 Supply Voltage (V ) ..............................................................................................3 CC 3.2 Clock (SCL/CLK) ......................................................................................................3 3.3 Serial Data (SDA/IO) ................................................................................................3 3.4 Reset (RST) .............................................................................................................3 4.1 User Memory ............................................................................................................3 4.2 Configuration Memory ..............................................................................................9 5.1 Security Operations ................................................................................................13 5.2 Data Protection Features .......................................................................................14 5.3 Configuration Memory Values ................................................................................15 5.4 Security Fuses .......................................................................................................19 7.1 Start-up Sequence .................................................................................................24 7.2 Command Set ........................................................................................................24 7.3 Command Format ..................................................................................................25 7.4 Acknowledge Polling ..............................................................................................26 7.5 Device Addressing .................................................................................................27 7.6 Command Descriptions ..........................................................................................27 7.7 Initialization Example ..............................................................................................33 ii ...
Page 4
... Command Set ........................................................................................................37 8.5 Command Descriptions ..........................................................................................40 9 Initialization Example ............................................................................ 47 9.1 Write Data to User Zones .......................................................................................47 9.2 Unlock Configuration Memory ................................................................................47 9.3 Write Data to Configuration Memory ......................................................................47 9.4 Set Security Fuses .................................................................................................47 10 Absolute Maximum Ratings .................................................................. 50 10.1 DC and AC Characteristics ..................................................................................51 10.2 Timing Diagrams for Synchronous Communications ........................................... Tamper Detection Limits ................................................................. 56 11.1 High Voltage and Low Voltage Limit ....................................................................56 11 ...
Page 5
... Cryptom- emory has a configuration memory that contains registers to define the security rights for each user zone and space for passwords and secret keys used by the security logic of CryptoMemory ...
Page 6
... Smart Card Applications CryptoMemory offers the ability to communicate with virtually any smart card reader using the asynchronous T=0 protocol defined in ISO 7816-3. For devices with 32K bits of user memory and larger, communication speeds up to 153,600 baud are supported by utilizing ISO 7816-3 Protocol and Parameter Selection. All CryptoMemory devices in smart card module form will also communicate using a synchronous 2-wire serial interface ...
Page 7
... User Memory The EEPROM user memory is divided into user zones. Multiple zones allow for the storage of different data types or files in different zones. Access to user zones is possible only after meeting security requirements. The customer defines these security requirements in the configuration memory during device personalization ...
Page 8
... Figure 4-1. AT88SC0104C User Memory ZONE $00 - User 0 - $18 $00 - User 1 - $00 - User 2 - $18 $00 - User 3 - $18 Note: Page size=16 bytes AT88SC0104/0204/0404/0808/1616/3216/6416/12816/25616C Bytes 32 Bytes 32 Bytes 32 Bytes $6 $7 5210A–SMIC–04/07 ...
Page 9
... Figure 4-2. AT88SC0204C User Memory ZONE $00 - User 0 - $38 $00 - User 1 - $38 $00 - User 2 - $38 $00 - User 3 - $38 Note: Page size=16 bytes 5210A–SMIC–04/07 AT88SC0104/0204/0404/0808/1616/3216/6416/12816/25616C $ Bytes 64 Bytes 64 Bytes 64 Bytes $ ...
Page 10
... Figure 4-3. AT88SC0404C User Memory ZONE $00 - User 0 - $78 $00 - User 1 - $78 $00 - User 2 - $78 $00 - User 3 - $78 Note: Page size=16 bytes Figure 4-4. AT88SC0808C User Memory ZONE $00 - User 0 - $78 User 1 $ User 6 $78 $00 - User 7 - $78 Note: Page size=16 bytes AT88SC0104/0204/0404/0808/1616/3216/6416/12816/25616C 128 Bytes ...
Page 11
... Figure 4-5. AT88SC1616C User Memory ZONE $00 - User 0 - $78 User 1 $ User 14 $78 $00 - User 15 - $78 Note: Page size=16 bytes Figure 4-6. AT88SC3216C User Memory ZONE $00 - User 0 - $F8 User 1 $ User 14 $F8 $00 - User 15 - $F8 Note: Page size= 64 bytes 5210A–SMIC–04/07 AT88SC0104/0204/0404/0808/1616/3216/6416/12816/25616C $ ...
Page 12
... Figure 4-7. AT88SC6416C User Memory ZONE $000 - User 0 - $1F8 User 1 $000 - - - - - - User 14 $1F8 $000 - User 15 - $1F8 Note: Page size= 64 bytes Figure 4-8. AT88SC12816C User Memory ZONE $000 - User 0 - $3F8 User 1 $000 - - - - - - User 14 $3F8 $000 - User 15 - $3F8 Note: Page size= 128 bytes AT88SC0104/0204/0404/0808/1616/3216/6416/12816/25616C ...
Page 13
... User Zone. The control logic defines access rights to the configuration memory as well as to the user zones and the user may not alter these rights. The access rights include the ability to program certain portions of the configuration memory and then lock the data written through the use of Security Fuses ...
Page 14
... Figure 4-10. AT88SC0104C, 0204C, 0404C Configuration Memory $0 $1 $00 $08 Fab Code $10 $18 DCR $20 AR0 PR0 $28 $30 $38 $40 $48 $50 $58 $60 $68 $70 $78 $80 $88 $90 $98 $A0 $A8 $B0 PAC $B8 PAC $C0 PAC $C8 $D0 $D8 $E0 $E8 PAC $F0 $F8 AT88SC0104/0204/0404/0808/1616/3216/6416/12816/25616C Answer To Reset MTZ Card Manufacturer Code Lot History Code ...
Page 15
... Figure 4-11. AT88SC0808C Configuration Memory $0 $1 $00 $08 Fab Code $10 $18 DCR $20 AR0 PR0 $28 AR4 PR4 $30 $38 $40 $48 $50 $58 $60 $68 $70 $78 $80 $88 $90 $98 $A0 $A8 $B0 PAC $B8 PAC $C0 PAC $C8 PAC $D0 PAC $D8 PAC $E0 PAC $E8 PAC $F0 $F8 5210A–SMIC–04/07 AT88SC0104/0204/0404/0808/1616/3216/6416/12816/25616C $ Answer To Reset MTZ Lot History Code ...
Page 16
... Figure 4-12. AT88SC1616C, 3216C, 6416C, 12816C, 25616C Configuration Memory $0 $1 $00 $08 Fab Code $10 $18 DCR $20 AR0 PR0 $28 AR4 PR4 $30 AR8 PR8 $38 AR12 PR12 $40 $48 $50 $58 $60 $68 $70 $78 $80 $88 $90 $98 $A0 $A8 $B0 PAC $B8 PAC $C0 PAC $C8 PAC $D0 PAC $D8 PAC $E0 PAC $E8 PAC $F0 $F8 AT88SC0104/0204/0404/0808/1616/3216/6416/12816/25616C Answer To Reset ...
Page 17
... Encryption Modes. The Standard Mode is the default mode for the device after power-up. Special procedures exist for enabling Authentication and Encryption Modes but are beyond the scope of this document. Information pertaining to use of Authentication and Encryp- tion Modes of CryptoMemory is available from Atmel under Non-Disclosure and/or Limited Licensing Agreements (NDA and/or LLA). Table 5-1. ...
Page 18
... Additional information on using encrypted checksums is available from Atmel under NDA and LLA. 5.2 Data Protection Features Security operations control access to data stored in CryptoMemory. After gaining access, addi- tional options exist to protect data in the user memory. 5.2.1 Modify Forbidden The Modify Forbidden option renders the user zone read-only by restricting all write operations to it ...
Page 19
... In the event of a power loss during a write cycle, the integrity of the device's stored data may be recovered. This function is optional and the host may choose to activate the anti-tearing func- tion for any write to a user zone or configuration memory by use of the appropriate B4 system write command. When anti-tearing is active, write commands will take longer to execute since more write cycles are required ...
Page 20
... Table 5-2. Factory Programmed Fields Device AT88SC0104C AT88SC0204C AT88SC0404C AT88SC0808C AT88SC1616C AT88SC3216C AT88SC6416C AT88SC12816C ...
Page 21
... Four, eight, or sixteen 8-bit access registers allow personalization of the device. Each access register works in conjunction with a Password/Key register to define the security settings for each individual zone of the user memory. Values in the access registers take immediate effect after programming. The default value for each bit is “1”. ...
Page 22
When PM = “11”, the user zone under protection requires no password. When PM = “10”, the zone requires Write Password verification for writing and reading is free. When PM = “01” or “00”, reading requires the read password verification ...
Page 23
... Security Fuses CryptoMemory uses four fuses. The status of these fuses is given in a ‘fuse byte.’ A value of ‘0’ indicates that the fuse has been blown. Bits this byte are not used as Security Fuses and are reserved for Atmel use 5210A– ...
Page 24
... Any attempt to blow a fuse out of sequence will be unsuccessful. Table 5-7 on page 21 each fuse condition AT88SC0104/0204/0404/0808/1616/3216/6416/12816/25616C 20 Device Fuses resv resv resv provides a summary of access rights for all portions of the memory for SEC PER CMA 5210A–SMIC–04/ FAB ...
Page 25
... Table 5-7. Fuse Access Rights Summary Zone Identification (Except MTZ and CMC) Memory Test Zone (MTZ) Card Manufacturer Code (CMC) Read Only (Lot History Code) Access Control Crytography (Except Encryption Keys S) Encryption Keys (S) Secret Passwords Password Attempts Counters (PAC) Forbidden User Zones ...
Page 26
... Provide a clock signal to CLK-SCL • RST goes high after 400 clock cycles. The device will respond with a 64-bit ATR code, including historical bytes to indicate the memory density within the CryptoMemory family. The 64-bit ATR code comes from a register that contains the characters shown in page 23 CryptoMemory device ...
Page 27
... The CyrptoMemory device will always output all 8 bytes in response to the asynchronous ATR command regardless of the contents of the register. Table 6-1. ATR Codes for Lower Density CryptoMemory Device TS AT88SC0104C $3B AT88SC0204C $3B AT88SC0404C $3B AT88SC0808C $3B AT88SC1616C $3B Table 6-2. ATR Codes for Higher Density CryptoMemory ...
Page 28
... The command set of CryptoMemory is expanded compared to a Serial EEPROM as the func- tionality of CryptoMemory exceeds that of a simple memory device. Each instruction sent to the CryptoMemory must have 4 bytes: Command, Address 1, Address 2 and N. The last byte, N, defines the number of any additional data bytes to be sent or received from the CryptoMemory device ...
Page 29
... AT88SC6416C) Normal (AT88SC12816C, AT88SC25616C) with Anti-Tearing (all devices) Read User Zone Write Config Zone System Write (AT88SC0104C-AT88SC1616C) Write Config Zone (AT88SC3216C, AT88SC6416C) Write Config Zone (AT88SC12816C, AT88SC25616C) Write Fuses Set User Zone Write Config Zone with Anti-Tearing Set User Zone with Anti-Tearing ...
Page 30
... TWI write or read command. The CryptoMemory read command looks like a TWI write command (LSB of the first byte = 0) but after the 4th byte of the command the CryptoMem- ory device will begin to send data back on the bus. The number of bytes sent by CryptoMemory will be equal to the value of N. ...
Page 31
... A specific device may be set to respond to another value ($0 to $F) in addition setting this value in the second nibble of the Device Configuration Register (DCR) in the configuration memory. The DCR is set to $FF at the Atmel factory and thus will respond to device address $B and $F unless the DCR is modified. For a device to respond only to $B the DCR should be set to $B also ...
Page 32
... The value N defines how many bytes are to be written. The maximum number of bytes that may be written is as follows; • $10 for AT88SC0104C through AT88SC1616C (EEPROM page size of 16 bytes) • $40 for AT88SC3216C and AT88SC6416C (EEPROM page size of 64 bytes) • $80 for AT88SC12816C and AT88SC25616C (EEPROM page size of 128 bytes) In anti-tearing mode the maximum value for N is $08 for all devices ...
Page 33
... The value N defines how many bytes CryptoMemory will read, a value of zero will result in 256 bytes read. The host how- ever may cease clocking the device and end the transmission with a NACK and STOP at anytime prior to receiving all N bytes. During a read operation the address will " ...
Page 34
... Write Config Zone The maximum number of bytes that may be written is as follows; • $10 for AT88SC0104C through AT88SC1616C (EEPROM page size of 16 bytes) • $40 for AT88SC3216C and AT88SC6416C (EEPROM page size of 64 bytes) • $80 for AT88SC12816C and AT88SC25616C (EEPROM page size of 128 bytes) In anti-tearing mode the maximum value for N is $08 for all devices ...
Page 35
... Write Config Zone with Anti-Tearing Set User Zone with Anti-Tearing Data written to the configuration memory may be done with anti-tearing enabled by setting address 1 to $08 of the Write Config Zone command. To enable anti-tearing for writes to a user zone a Set User Zone command is executed with address 1 set to $0B ...
Page 36
... The value N defines how many bytes CryptoMemory will read, a value of zero will result in 256 bytes read. If the address provided is an unauthorized address, the device will not ACK the N byte and will not return any data. Since access rights vary throughout the configuration zone, the host may provide an authorized start- ing address and a number of bytes N that causes the device to reach unauthorized address ...
Page 37
... Initialization Example The first step in initializing CryptoMemory is to determine what data stored in the device and what the security settings need protect this data. Once defined, determine the proper settings for CryptoMemory registers and select values for passwords. To initialize the CryptoMemory device, the following sequence is recommended to take place in a secure loca- tion to protect sensitive data and passwords that may be loaded into the device ...
Page 38
... Asynchronous T=0 Protocol 8.1 Character format CryptoMemory complies with the asynchronous T=0 protocol defined in ISO 7816-3. The char- acter format is shown in the following figure: note that the byte is transmitted with the least significant bit first. I/O Even parity is used: the parity bit is such that the overall sum of bits in the data byte and the par- ity bit is an even number ...
Page 39
... All CryptoMemory devices with user memory sizes 32Kbits and larger support the Protocol and Parameter Selection (PPS) protocol, section 7 of ISO 7816-3. This section only applies to these larger devices; PPS is not supported by CryptoMemory with memory sizes 16K bit or smaller. At the end of an ATR sequence, subsequent to either a cold or a warm reset initiated by the reader, the device will be expecting either a ‘ ...
Page 40
... PPS exchange. Following are four examples of PPS requests and responses: 8.3.1 Example 1 We assume the CryptoMemory ATR contains the byte TA(1) = 15h, indicating that it is capable of using F=372 and D=16, leading to a baud rate of 153,600 baud at 3.5712 MHz. Assuming that this is the maximum speed supported by the device, the reader immediately attempts to set the F and D parameters leading to these values. • ...
Page 41
... CryptoMemory will only operate at baud rates above the default 9600 baud through a successful PPS exchange. CryptoMemory cannot be set to higher baud rates through use of a TA(2) byte in the ATR. 8.4 Command Set Table 8-2. CryptoMemory Asynchronous Command Set Command Description Write User Zone Normal (0104C-1616C) ...
Page 42
Status Words Table 8-3. SW1 SW2 $67 $00 $69 $00 $6B $00 $6D $00 $90 $00 These status words indicate the state of the device at the end of the command. In normal condi- tions, the device sends the ...
Page 43
... Data $97 Write Cycle SW1 $90 SW2 $00 Note Class (ignored by CryptoMemory) Write instruction Address Byte A1 (ignored by 0104C-1616C) Address Byte A2=$02 4 data bytes Device responds with INS code Byte to be written at start address $02 Byte to be written at address $03 Byte to be written at address $04 Byte to be written at address $05 ...
Page 44
... The maximum number of bytes that may be written is as follows; • $10 for AT88SC0104C through AT88SC1616C (EEPROM page size of 16 bytes) • $40 for AT88SC3216C and AT88SC6416C (EEPROM page size of 64 bytes) • $80 for AT88SC12816C and AT88SC25616C (EEPROM page size of 128 bytes) Each data byte within a page must only be loaded once. In anti-tearing mode the maximum value for N is $08 for all devices ...
Page 45
Read User Zone: $B2 8.5.2.1 Functional Host Read Command Address A1 Address A2 Number of Bytes N Figure 8-3. Read User Zone Command Functional Description The Read User Zone command $B2 allows reading of data from the device's currently ...
Page 46
... N data bytes Figure 8-5. System WRITE Command Functional Description The System Write command allows writing of system data to the device. Depending on the value of the P1 parameter, the host may write data in the configuration memory, program the fuses or set the user zone. Table 8-4. Command Write Config Zone ...
Page 47
... Write Config Zone The maximum number of bytes that may be written is as follows: • $10 for AT88SC0104C through AT88SC1616C (EEPROM page size of 16 bytes) • $40 for AT88SC3216C and AT88SC6416C (EEPROM page size of 64 bytes) • $80 for AT88SC12816C and AT88SC25616C (EEPROM page size of 128 bytes) Each data byte within a page must only be loaded once ...
Page 48
... Number of Bytes N Figure 8-7. System READ Command Functional Description The System Read command allows reading of the system data from the device. Depending on the value of the P1 parameter, the host may read the data in the configuration memory, or the fuses. Table 8-7. Command Read Config Zone Read Fuse Byte 8 ...
Page 49
Read Fuse Byte Fuse data is returned in the form of a single byte. Bits represent the fuse states; a value of ‘0’ indicates the fuse has been blown. Bits are not used ...
Page 50
... If the password is wrong, the device simply returns $69 $00 after decrementing the attempts count. The Write 7 password is also known as the Secure Code and must be properly presented before access to the configuration memory is granted when person- alizing the device AT88SC0104/0204/0404/0808/1616/3216/6416/12816/25616C ...
Page 51
... Once all fuses have been set the Read Fuse command should return a value of zero for the second nibble of the fuse byte. The AT88SC0104C is used for this example. A small pattern is written into the first two user zones. Security for each of these two user zones and the associated register values are shown in the table below ...
Page 52
... The following shows the TPDU commands sent to the CryptoMemory device for the purpose of initializing the device. The flow is consistent with the steps described above; comments have been added as indicated with an asterisk (*). *AT88SC0104C Initialization Example *WRITE DATA TO USER ZONES *Set User Zone 0 ...
Page 53
...
Page 54
Absolute Maximum Ratings Stresses beyond those listed under ‘Absolute Maximum Ratings’ may cause permanent damage to the device. This is a stress rating only and functional operation of the device at these or any other conditions beyond those indicated ...
Page 55
DC and AC Characteristics DC Characteristics Applicable over recommended operating range fromV T = -40° to +85° C (unless otherwise noted) AC Symbol Parameter V Supply Voltage CC I Supply Current (V = 5.5V Supply Current ...
Page 56
Table 10-1. AC Characteristics Applicable over recommended operating range fromV T = -40° to +85° C (unless otherwise noted) AC Symbol Parameter f Async Clock Frequency (V CLK f Async Clock Frequency (V CLK f Synchronous Clock Frequency CLK Clock ...
Page 57
Timing Diagrams for Synchronous Communications Figure 10-1. Bus Timing: Figure 10-2. Write Cycle Timing: SCL SDA Note: 5210A–SMIC–04/07 AT88SC0104/0204/0404/0808/1616/3216/6416/12816/25616C SCL: Serial Clock, SDA: Serial Data I/O SCL: Serial Clock, SDA: Serial Data I/O ACK 8th BIT WORDn STOP CONDITION ...
Page 58
Figure 10-3. Data Validity Figure 10-4. Start and Stop Definition AT88SC0104/0204/0404/0808/1616/3216/6416/12816/25616C 54 SDA SCL START STOP 5210A–SMIC–04/07 ...
Page 59
Figure 10-5. Output Acknowledge 5210A–SMIC–04/07 AT88SC0104/0204/0404/0808/1616/3216/6416/12816/25616C 55 ...
Page 60
... DC Tamper Detection Limits The CryptoMemory device family incorporates several tamper detection circuits to prohibit oper- ation outside the limits of reliable circuit operation. 11.1 High Voltage and Low Voltage Limit taken below or above these voltage limits the device will enter a reset sequence once ...
Page 61
... Atmel Corporation. All rights reserved. Atmel®, logo and combinations thereof, Everywhere You Are®, CryptoMemory® and others are registered trademarks or trademarks of Atmel Corporation or its subsidiaries. Other terms and product names may be trademarks of others. Atmel Operations ...