AT88SC0204C, CryptoMemory 2 Kbit
• One of a Family of 9 Devices with User Memories from 1 Kbit to 256-Kbit
• 2-Kbit (256 Bytes) EEPROM User Memory
– Four 64-byte (512-bit) Zones
– Self-timed Write Cycle
– Single Byte or 16-byte Page Write Mode
– Programmable Access Rights for Each Zone
• 2-Kbit Configuration Zone
– 37-byte OTP Area for User-defined Codes
– 160-byte Area for User-defined Keys and Passwords
• High Security Features
– 64-bit Mutual Authentication Protocol (Under License of ELVA)
– Encrypted Checksum
– Stream Encryption
– Four Key Sets for Authentication and Encryption
– Eight Sets of Two 24-bit Passwords
– Anti-tearing Function
– Voltage and Frequency Monitor
• Smart Card Features
– ISO 7816 Class A (5V) or Class B (3V) Operation
– ISO 7816-3 Asynchronous T = 0 Protocol (Gemplus® Patent) *
– Multiple Zones, Key Sets and Passwords for Multi-application Use
– Synchronous 2-wire Serial Interface for Faster Device Initialization *
– Programmable 8-byte Answer-To-Reset Register
– ISO 7816-2 Compliant Modules
• Embedded Application Features
– Low Voltage Operation: 2.7V to 5.5V
– Secure Nonvolatile Storage for Sensitive System or User Information
– 2-wire Serial Interface
– 1.0 MHz Compatibility for Fast Operation
– Standard 8-lead Plastic Packages, Green Compliant (exceeds RoHS)
– Same Pinout as 2-wire Serial EEPROMs
• High Reliability
– Endurance: 100,000 Cycles
– Data Retention: 10 years
– ESD Protection: 4,000V min
The AT88SC0204C member of the CryptoMemory® family is a high-performance secure memory providing 2 Kbits of user memory with advanced security and cryptographic features built in. The user memory is divided into four 64-byte zones, each of which may be individually set with different security access rights or effectively combined together to provide space for 1 to 4 data files.
Smart Card Applications
The AT88SC0204C provides high security, low cost, and ease of implementation without the need for a microprocessor operating system. The embedded cryptographic engine provides for dynamic and symmetric mutual authentication between the device and host, as well as performing stream encryption for all data and passwords xchanged between the device and host. Up to four unique key sets may be used for these operations. The AT88SC0204C offers the ability to communicate with virtually any smart card reader using the asynchronous T = 0 protocol (Gemplus Patent) defined in ISO 7816-3.
Through dynamic and symmetric mutual authentication, data encryption, and the use of encrypted checksums, the AT88SC0204C provides a secure place for storage of sensitive information within a system. With its tamper detection circuits, this information remains safe even under attack. A 2-wire serial interface running at 1.0 MHz is used for fast and efficient communications with up to 15 devices that may be individually addressed. The AT88SC0204C is available in industry standard 8-lead packages with the same familiar pinout as 2-wire serial EEPROMs.
Supply Voltage (VCC)
The VCC input is a 2.7V to 5.5V positive voltage supplied by the host.
In the asynchronous T = 0 protocol, the SCL/CLK input is used to provide the device with a carrier frequency f. The nominal length of one bit emitted on I/O is defined as an “elementary time unit” (ETU) and is equal to 372/ f. When the synchronous protocol is used, the SCL/CLK input is used to positive edge clock data into the device and negative edge clock data out of the device.
The AT88SC0204C provides an ISO 7816-3 compliant asynchronous answer to reset sequence. When the reset sequence is activated, the device will output the data programmed into the 64-bit answer-to-reset register. An internal pull-up on the RST input pad allows the device to be used in synchronous mode without bonding RST. The AT88SC0204C does not support the synchronous answer-to-reset sequence.
Serial Data (SDA/IO)
The SDA pin is bidirectional for serial data transfer. This pin is open-drain driven and may be wired with any number of other open drain or open collector devices. An external pull-up resistor should be connected between SDA and VCC. The value of this resistor and the system capacitance loading the SDA bus will determine the rise time of SDA. This rise time will determine the maximum frequency during read operations. Low value pull-up resistors will allow higher frequency operations while drawing higher average power supply current. SDA/IO information applies to both asynchronous and synchronous protocols.
When the synchronous protocol is used, the SCL/CLK input is used to positive edge clock data into the device and negative edge clock data out of the device.
Device Operation for Synchronous Protocols
CLOCK and DATA TRANSITIONS:
The SDA pin is normally pulled high with an external device. Data on the SDA pin may change only during SCL low time periods (see Figure 5 on page 7). Data changes during SCL high periods will indicate a start or stop condition as defined below.
The EEPROM user memory is divided into 4 zones of 512 bits each. Multiple zones allow for different types of data or files to be stored in different zones. Access to the user zones is allowed only after security requirements have been met. These security requirements are defined by the user during the personalization of the device in the configuration memory. If the same security requirements are selected for multiple zones, then these zones may effectively be accessed as one larger zone.
Access to the user zones occurs only through the control logic built into the device. This logic is configurable through access registers, key registers and keys programmed into the configuration memory during device personalization. Also implemented in the control logic is a cryptographic engine for performing the various higher-level security
functions of the device.
The configuration memory consists of 2048 bits of EEPROM memory used for storing passwords, keys and codes and for defining security levels to be used for each user zone. Access rights to the configuration memory are defined in the control logic and may not be altered by the user.
There are three fuses on the device that must be blown during the device personalization process. Each fuse locks certain portions of the configuration memory as OTP memory. Fuses are designed for the module manufacturer, card manufacturer and card issuer and should be blown in sequence, although all programming of the device and blowing of the fuses may be performed at one final step.
The AT88SC0204C supports two different communication protocols.
• Smart Card Applications: The asynchronous T = 0 protocol defined by ISO 7816-3 is used for compatibility with the industry’s standard smart card readers.
• Embedded Applications: A 2-wire serial interface is used for fast and efficient communication with logic or controllers.
The power-up sequence determines which of the two communication protocols will be used.
Asynchronous T = 0 Protocol
This power-up sequence complies with ISO 7816-3 for a cold reset in smart card applications.
• VCC goes high; RST, I/O-SDA and CLK-SCL are low.
• Set I/O-SDA in receive mode.
• Provide a clock signal to CLK-SCL.
• RST goes high after 400 clock cycles.
The device will respond with a 64-bit ATR code, including historical bytes to indicate the memory density within the CryptoMemory family. Once the asynchronous mode has been selected, it is not possible to switch to the synchronous mode without powering off the device.
Synchronous 2-wire Serial Interface
The synchronous mode is the default after powering up VCC due to an internal pull-up on RST. For embedded applications using CryptoMemory in standard plastic packages, this is the only communication protocol.
• Power-up VCC, RST goes high also.
• After stable VCC, CLK-SCL and I/O-SDA may be driven.
Communication Security Modes
Communications between the device and host operate in three basic modes. Standard mode is the default mode for the device after power-up. Authentication mode is activated by a successful authentication sequence. Encryption mode is activated by a successful encryption activation following a successful authentication.
In the event of a power loss during a write cycle, the integrity of the device’s stored data may be recovered. This function is optional: the host may choose to activate the anti-tearing function, depending on application requirements. When anti-tearing is active, write commands take longer to execute, since more write cycles are required to complete them, and data are limited to eight bytes.
Data are written first to a buffer zone in EEPROM instead of the intended destination address, but with the same access conditions. The data are then written in the required location. If this second write cycle is interrupted due to a power loss, the device will automatically recover the data from the system buffer zone at the next power-up.
In 2-wire mode, the host is required to perform ACK polling for up to 8 ms after write commands when anti-tearing is active. At power-up, the host is required to perform ACK polling, in some cases for up to 2 ms, in the event that the device needs to carry out the data recovery process.
If a user zone is configured in the write lock mode, the lowest address byte of an 8-byte page constitutes a write access byte for the bytes of that page.
Passwords may be used to protect read and/or write access of any user zone. When a valid password is presented, it is memorized and active until power is turned off, unless a new password is presented or RST becomes active. There are eight password sets that may be used to protect any user zone. Only one password is active at a time, but write passwords give read access also.
The access to a user zone may be protected by an authentication protocol. Any one of four keys may be selected to use with a user zone.
The authentication success is memorized and active as long as the chip is powered, unless a new authentication is initialized or RST becomes active. If the new authentication request is not validated, the card loses its previous authentication and it should be presented again. Only the last request is memorized d.
Note: Password and authentication may be presented at any time and in any order. If the trials limit has been reached (after four consecutive incorrect attempts), the password verification or authentication process will not be taken into account.
The AT88SC0204C implements a data validity check function in the form of a checksum, which may function in standard, authentication or encryption modes.
In the standard mode, the checksum is implemented as a Modification Detection Code (MDC), in which the host may read an MDC from the device in order to verify that the data sent was received correctly.
In the authentication and encryption modes, the checksum becomes more powerful since it provides a bidirectional data integrity check and data origin authentication capability in the form of a Message Authentication Code (MAC). Only the host/device that carried out a valid authentication is capable of computing a valid MAC. While operating in the authentication or encryption modes, the use of a MAC is required. For an ingoing command, if the device calculates a MAC different from the MAC transmitted by the host, not only is the command abandoned but the mode is also reset. A new authentication and/or encryption activation will be required to reactivate the MAC.
The data exchanged between the device and the host during read, write and verify password commands may be encrypted to ensure data confidentiality.
The issuer may choose to require encryption for a user zone by settings made in the configuration memory. Any one of four keys may be selected for use with a user zone. In this case, activation of the encryption mode is required in order to read/write data in the zone and only encrypted data will be transmitted. Even if not required, the host may elect to activate encryption provided the proper keys are known.
Enabling this feature allows the holder of one specific password to gain full access to all eight password sets, including the ability to change passwords.
No write access is allowed in a user zone protected with this feature at any time. The user zone must be written during device personalization prior to blowing the security fuses.
For a user zone protected by this feature, data within the zone may be changed from a “1” to a “0”, but never from a “0” to a “1”.
Initial Device Programming
To enable the security features of CryptoMemory, the device must first be personalized to set up several registers and load in the appropriate passwords and keys. This is accomplished through programming the configuration memory of CryptoMemory using simple write and read commands. To gain access to the configuration memory, the secure code must first be successfully presented. For the AT88SC0204C device, the secure code is $E5 47 47. After writing and verifying data in the configuration memory, the security fuses must be blown to lock this information in the device. For additional information on personalizing CryptoMemory, please see the application notes Programming CryptoMemory for Embedded Applications and Initializing CryptoMemory for Smart Card Applications.
|Ordering Code||Package||Voltage Range||Temperature Range|
|M2 – J Module – ISO
M2 – P Module – ISO
M2 – J Module – TWI
M2 – P Module – TWI
|2.7V–5.5V||Green compliant (exceeds
|AT88SC0204C-WI||7 mil wafer||2.7V–5.5V||Industrial (− 40°C–85°C)|
|M2 – J Module : ISO or TWI||M2 ISO 7816 Smart Card Module|
|M2 – P Module : ISO or TWI||M2 ISO 7816 Smart Card Module with Atmel® Logo|
|8P3||8-lead, 0.300” Wide, Plastic Dual Inline Package (PDIP)|
|8S1||8-lead, 0.150” Wide, Plastic Gull Wing Small Outline Package (JEDEC SOIC)|
- Formal drawings may be obtained from an Atmel sales office.
2. Both the J and P Module Packages are used for either ISO (T=0 / 2-wire mode) or TWI (2-wire mode only).
*Note: The module dimensions listed refer to the dimensions of the exposed metal contact area. The actual dimensions of the module after excise or punching from the carrier tape are generally 0.4 mm greater in both directions (i.e., a punched M2 module will yield 13.0 x 11.8 mm).