ATMEL AT88RF04C

Features
• One of a Family of Devices with User Memory of 4 Kbit to 64 Kbits
• Contactless 13.56 MHz RF Communications Interface
⎯ ISO/IEC 14443-2:2001 Type B Compliant
⎯ ISO/IEC 14443-3:2001 Type B Compliant Anticollision Protocol
⎯ Tolerant of Type A Signaling for Multiprotocol Applications
• Integrated 82 pF Tuning Capacitor
• User EEPROM Memory
⎯ 4 Kbits Configured as Four 128-byte (1-Kbit) User Zones
⎯ Byte, Page, and Partial Page Write Modes
⎯ Self-timed Write Cycle
• 256-byte (2-Kbit) Configuration Zone
⎯ User-programmable Application Family Identifier (AFI)
⎯ User-defined Anticollision Polling Response
⎯ User-defined Keys and Passwords
13.56 MHz
CryptoRF®
EEPROM Memory
4 Kbits
AT88RF04C
⎯ Read-Only Unique Die Serial Number
⎯ Secure Personalization Mode
• High-Security Features
⎯ Selectable Access Rights by Zone
⎯ 64-bit Mutual Authentication Protocol (under license of ELVA)
Summary
⎯ Encrypted Checksum
⎯ Stream Encryption using 64-bit Key
⎯ Four Key Sets for Authentication and Encryption
⎯ Four Sets of Two 24-bit Passwords
⎯ Password and Authentication Attempts Counters
⎯ Anti-tearing Function
⎯ Tamper Sensors
• High Reliability
⎯ Endurance: 100,000 Write Cycles
⎯ Data Retention: 10 Years
⎯ Operating Temperature: −40°C to +85°C
Description
The CryptoRF® family integrates a 13.56 MHz RF interface into a CryptoMemory®.
This product line is ideal for RF tags and contactless smart cards that can benefit
from advanced security and cryptographic features. This device is optimized as a
contactless secure memory for data storage without the requirement of an internal
microprocessor.
For communications, the RF interface utilizes the ISO/IEC 14443-2 and -3 Type B bit
timing and signal modulation schemes, and the ISO/IEC 14443-3 Slot-MARKER
Anticollision Protocol. Data is exchanged half duplex at a 106-kbit/s rate, with a twobyte CRC_B providing error detection capability. The RF interface powers the other
circuits; no battery is required. Full compliance with the ISO/IEC 14443-2 and -3
standards and provides both a proven RF communication interface and a robust
anticollision protocol.
8672AS–CRRF–04/09
The AT88RF04C contains 4 Kbits of user memory and 2 Kbits of configuration memory. The 2 Kbits of configuration memory
contain four sets of read/write passwords, four crypto key sets, security access registers for each user zone, and password/key
registers for each zone.
The CryptoRF command set is optimized for a multi-card RF communications environment. A programmable AFI register allows
this IC to be used in numerous applications in the same geographic area with seamless discrimination of cards assigned to a
particular application during the anticollision process.
Figure 1.
Block Diagram
RF Interface
AC1
ifi
er
Regulator
VDD
VSS
Password
Verification
AC2
Clock
Extraction
Data
Extraction
1.
EEPROM
Data Transfer
R
ec
t
Over
Voltage
Clamp
C
Modulator
Command
and
Response
Frame
Formatting
and
Error
Detection
Interface
Anticollision
Authentication
Encryption
and
Certification
Unit
Random Number
Generator
Communications
All personalization and communication with this device is performed through the RF interface. The IC includes an
integrated tuning capacitor, enabling it to operate with only the addition of a single external coil antenna.
The RF communications interface is fully compliant with the electrical signaling and RF power specifications in ISO/IEC
14443-2:2001 for Type B only. Anticollision operation and frame formatting are compliant with ISO/IEC 14443-3:2001
for Type B only.
ISO/IEC 14443 nomenclature is used in this specification where applicable. The following abbreviations are utilized
throughout this document. Additional terms are defined in the section in which they are used.
•
•
•
•
2
PCD – Proximity Coupling Device: the reader/writer and antenna
PICC – Proximity Integrated Circuit Card: the tag/card containing the IC and antenna
RFU – Reserved for Future Use: any feature, memory location, or bit that is held as reserved for future use
$ xx – Hexadecimal Number: denotes a hex number “xx” (Most Significant Bit on left)
AT88RF04C
8672AS–CRRF–04/09
AT88RF04C
2.
Anticollision Protocol
When the PICC enters the 13.56 MHz RF field of the host reader (PCD), it performs a power on reset (POR) function
and waits silently for a valid Type B polling command. The CryptoRF PICC processes the anti-tearing registers as part
of the POR process.
The PCD initiates the anticollision process by issuing an REQB or WUPB command. The WUPB command activates
any card (PICC) in the field with a matching AFI code.
The REQB command performs the same function but does not affect a PICC in the Halt state. The CryptoRF command
set is available only after the anticollision process has been completed.
3.
CRC Error Detection
A two-byte CRC_B is required in each frame transmitted by the PICC or PCD to permit transmission error detection.
The CRC_B is calculated on all of the command and data bytes in the frame. The SOF, EOF, start bits, stop bits, and
EGT are not included in the CRC_B calculation. The two-byte CRC_B follows the data bytes in the frame.
Figure 2.
Location of the Two CRC_B Bytes within a Frame
SOF
4.
K data bytes
CRC1
CRC2
EOF
Type A Tolerance
The RF Interface is designed for use in multiprotocol applications. It will not latch or lock up if exposed to Type A
signals and will not respond to them. The PICC may reset in the presence of Type A field modulation but is not
damaged by exposure to Type A signals.
5.
User Memory
The EEPROM user memory is divided into four user zones as shown in the memory map in Table 1. Multiple zones
allow for different types of data or files to be stored in different zones. Access to the user zones is allowed only after
security requirements have been met. These security requirements are defined by the user in the configuration memory
during personalization of the device. The EEPROM memory page length is 16 bytes.
Table 1.
Memory Map
Zone
User 0
User 1
User 2
User 3
$0
$00
―
―
$78
$00
―
―
$78
$00
―
―
$78
$00
―
―
$78
$1
$2
$3
$4
$5
$6
$7
128 Bytes
128 Bytes
128 Bytes
128 Bytes
3
8672AS–CRRF–04/09
6.
Configuration Memory
The configuration memory consists of 2048 bits of EEPROM memory used for storing system data, passwords, keys,
codes, and security-level definitions for each user zone. Access rights to the configuration zone are defined in the
control logic and may not be altered by the user. These access rights include the ability to program certain portions of
the configuration memory and then lock the data written through use of the security fuses.
7.
Security Fuses
There are three fuses on the device that must be blown during the device personalization process. Each fuse locks
certain portions of the configuration memory as OTP memory. Fuses are designated for locking the secrets and the
User Zone access requirements. The fuses must be blown in sequence.
8.
Communication Security
Communication between the PICC and reader operates in three basic modes. Standard Communication Security mode
is the default mode for the device after power-up and anticollision. Authentication Communication Security mode is
activated by a successful authentication sequence. Encryption Communication Security mode is activated by a
successful encryption activation sequence, following a successful authentication.
Table 2.
Configuration Security Modes
Communication Mode
User Data
System Data
Passwords
Normal
Clear
Clear
Clear
Authentication
Clear
Clear
Encryption
Encryption
Note:
4
Encryption
Clear
(1)
Encryption
1. AT88RF04C supports an encryption option for programming secrets.
AT88RF04C
8672AS–CRRF–04/09
AT88RF04C
9.
Security Methodology
Figure 3.
Security Methodology
Device (card)
Card Number
VERIFY A
Compute Challenge B
Challenge B
Host (reader)
COMPUTE Challenge A
Challenge A
VERIFY B
Check Password (RPW)
DATA
Checksum (CS)
Read Password (RPW)
Check Password (WPW)
Write Password (WPW)
DATA
CS
VERIFY CS
VERIFY CS (optional)
Write DATA
10.
Memory Access
Depending on the device configuration, the host will carry out the authentication protocol and/or present different
passwords for each operation: read or write. To insure security between the different user zones, each zone can use a
different set of passwords or keys. A specific attempts counter for each password and for each authentication key
provides protection against systematic attacks.
11.
Security Operations
11.1.
Anti-tearing
In the event of a power loss during a write cycle, the integrity of the device’s stored data may be recovered. This
function is optional: the host may choose to activate the anti-tearing function depending on application requirements.
When anti-tearing is active, write commands take longer to execute since more write cycles are required to complete
them. Data writes are limited to 8-byte pages when anti-tearing is active.
Data is written first to a buffer zone in EEPROM instead of to the intended destination address, but with the same
access conditions. The data is then written to the required location. If this second write cycle is interrupted due to a
power loss, the device will automatically recover the data from the buffer zone at the next power-up.
5
8672AS–CRRF–04/09
11.2.
Password Verification
Passwords may be used to protect user zone read and/or write access. When a password is presented using the
Check Password command, it is memorized and active until power is removed unless a new password is presented or
a valid DESELECT or IDLE command is received. Only one password is active at a time, but write passwords also give
read access.
11.3.
Authentication Protocol
The access to a user zone may be protected by an authentication protocol in addition to password dependent rights.
Passwords are encrypted in Authentication Communication Security mode. The authentication success is memorized
and active as long as the chip is powered, unless a new authentication is initialized or a valid DESELECT or IDLE
command is received. If the new authentication request is not validated, the card loses its previous authentication and it
must be presented again. Only the last request is memorized.
11.4.
Encryption
The data exchanged between the card and the reader during Read, Write, and Check Password commands may be
encrypted to ensure data confidentiality.
The issuer may choose to protect the access to a user zone with an encryption key by settings made in the
configuration memory. In that case, activation of the Encryption Communication Security mode is required in order to
read/write data in the zone.
The encryption activation success is memorized and active as long as the chip is powered, unless a new initialization is
initiated or a valid DESELECT or IDLE command is received. If the new encryption activation request is not validated,
the card will no longer encrypt data during read operations nor will it decrypt data received during write or Check
Password operations.
11.5.
Checksum
The PICC implements a data validity check function in the form of a checksum. The checksum may function in
standard or cryptographic mode. In the standard mode, the checksum is optional and may be used for transmission
error detection. The cryptographic mode is more powerful since it provides data origin authentication capability in the
form of a Message Authentication Code (MAC). To write data to the device, the host is required to compute a valid
MAC and provide it to the device. If after an ingoing command the device computes a MAC different from the MAC
transmitted by the host, not only is the command abandoned but the cryptographic mode is also reset. A new
authentication is required to reactivate the cryptographic mode.
11.6.
Initial Device Programming
CryptoRF is delivered with all security features disabled. To program the polling response or enable the security
features of CryptoRF the device must be personalized by programming several registers. This is accomplished by
programming the configuration memory using simple write and read commands. AT88RF04C supports an optional
Secure Personalization mode which encrypts the secrets during programming.
11.7.
Transport Password
To gain access to the configuration memory, a transport password known as the secure code must be presented using
the Check Password command. The transport password for AT88RF04C is $30 1D D2.
12.
Tuning Capacitance
The capacitance between the coil pins AC1 and AC2 is 82 pF nominal and may vary ±10 pF due to process variation.
6
AT88RF04C
8672AS–CRRF–04/09
AT88RF04C
13.
Reliability
Table 3.
Reliability
Parameter
Min
Typical
100,000
Write Cycles
Anti-Tearing Write Endurance
50,000
Writes
Data Retention (at 55°C)
10
Years
Data Retention (At 35°C)
30
50
Years
Unlimited
Read Cycles
Sample Description
Maximum Range(1)
Engineering Samples
Figure 4.
Engineering Samples
Sample Code
AT88RF04C-MR1G
R Module, 82 pF, on 35 mm tape
AT88RF04C-L01B
RF Smart Card, ID-1 size, PVC
8 to 10 cm
AT88RF04C-MX1G
RFID Tag, 13 mm Square, on 35 mm tape
5 to 13 mm
AT88RF04C-MY1G
RFID Tag, 17 mm Round, on 35 mm tape
7 to 15 mm
Note:
15.
Units
Write Endurance (each Byte)
Read Endurance
14.
Max
1. Communication range is dependent on the reader and reader antenna design.
Ordering Information
Ordering Code
Package
Tuning Capacitor
Temperature Range
82 pF
Commercial (-25 C to 70 C)
AT88RF04C-MR1G
R Module
AT88RF04C-MX1G
MX1 RFID Tag, 13 mm Square
Commercial (-25 C to 70 C)
AT88RF04C-MY1G
MY1 RFID Tag, 17 mm Round
Commercial (-25 C to 70 C)
AT88RF04C-WA1
6 mil wafer, 150 mm diameter
Package Type
82 pF
Industrial (-40 C to 85 C)
Description
R Module
2-lead RF Smart Card Module, XOA2 style, on 35 mm tape, Ag finish, Green(1)
MX1 RFID Tag
13 x 13 mm Square Epoxy Glass RFID Tag on 35 mm tape, Au finish, Green(1)
MY1 RFID Tag
17 mm Round Epoxy Glass RFID Tag on 35 mm tape, Au finish, Green(1)
Note:
1. Lead-free, halogen-free package. Exceeds RoHS requirements.
7
8672AS–CRRF–04/09
16.
Packaging Information
Mechanical Drawing of Module R Package (XOA2 Style)
Ordering Code: AT8RF04C-MR1G
Module Size: M5
8
Dimension:
5.06 x 8.00 [mm]
Glob Top:
Square – 4.8 x 5.1 [mm]
Thickness:
0.38 [mm]
Pitch:
9.5 [mm]
AT88RF04C
8672AS–CRRF–04/09
AT88RF04C
Mechanical Drawing of MX1 Epoxy Glass RFID Tag
Ordering Code: AT88RF04C-MX1G
9
8672AS–CRRF–04/09
Mechanical Drawing of MY1 Epoxy Glass RFID Tag
Ordering Code: AT88RF04C-MY1G
10
AT88RF04C
8672AS–CRRF–04/09
Headquarters
International
Atmel Corporation
2325 Orchard Parkway
San Jose, CA 95131
USA
Tel: 1(408) 441-0311
Fax: 1(408) 487-2600
Atmel Asia
Room 1219
Chinachem Golden Plaza
77 Mody Road Tsimshatsui
East Kowloon
Hong Kong
Tel: (852) 2721-9778
Fax: (852) 2722-1369
Atmel Europe
Le Krebs
8, Rue Jean-Pierre Timbaud
BP 309
78054 Saint-Quentin-enYvelines Cedex
France
Tel: (33) 1-30-60-70-00
Fax: (33) 1-30-60-71-11
Atmel Japan
9F, Tonetsu Shinkawa Bldg.
1-24-8 Shinkawa
Chuo-ku, Tokyo 104-0033
Japan
Tel: (81) 3-3523-3551
Fax: (81) 3-3523-7581
Technical Support
[email protected]
Sales Contact
www.atmel.com/contacts
Product Contact
Web Site
www.atmel.com
Literature Requests
www.atmel.com/literature
Disclaimer: The information in this document is provided in connection with Atmel products. No license, express or implied, by estoppel or otherwise, to any
intellectual property right is granted by this document or in connection with the sale of Atmel products. EXCEPT AS SET FORTH IN ATMEL’S TERMS AND
CONDITIONS OF SALE LOCATED ON ATMEL’S WEB SITE, ATMEL ASSUMES NO LIABILITY WHATSOEVER AND DISCLAIMS ANY EXPRESS, IMPLIED
OR STATUTORY WARRANTY RELATING TO ITS PRODUCTS INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTY OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. IN NO EVENT SHALL ATMEL BE LIABLE FOR ANY DIRECT, INDIRECT,
CONSEQUENTIAL, PUNITIVE, SPECIAL OR INCIDEN-TAL DAMAGES (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF PROFITS, BUSINESS
INTERRUPTION, OR LOSS OF INFORMATION) ARISING OUT OF THE USE OR INABILITY TO USE THIS DOCUMENT, EVEN IF ATMEL HAS BEEN ADVISED
OF THE POSSIBILITY OF SUCH DAMAGES. Atmel makes no representations or warranties with respect to the accuracy or completeness of the contents of this
document and reserves the right to make changes to specifications and product descriptions at any time without notice. Atmel does not make any commitment to
update the information contained herein. Unless specifically provided otherwise, Atmel products are not suitable for, and shall not be used in, automotive
applications. Atmel’s products are not intended, authorized, or warranted for use as components in applications intended to support or sustain life.
© 2009 Atmel Corporation. All rights reserved. Atmel®, Atmel logo and combinations thereof, CryptoMemory®, CryptoRF®, and others, are registered
trademarks or trademarks of Atmel Corporation or its subsidiaries. Other terms and product names may be trademarks of others.
8672AS–CRRF–04/09