AT88SC153 - Mature

Features
•
•
•
•
•
•
•
•
•
One 64 x 8 (512-bit) Configuration Zone
Three 64 x 8 (512-bit) User Zones
Programmable Chip Select
Low-voltage Operation: 2.7V to 5.5V
Two-wire Serial Interface
8-byte Page Write Mode
Self-timed Write Cycle (10 ms max)
Answer-to-reset Register
High-security Memory Including Anti-wiretapping
– 64-bit Authentication Protocol (under exclusive patent license from ELVA)
– Secure Checksum
– Configurable Authentication Attempts Counter
– Two Sets of Two 24-bit Passwords
– Specific Passwords for Read and Write
– Four Password Attempts Counters
– Selectable Access Rights by Zone
• ISO Compliant Packaging
• High Reliability
– Endurance: 100,000 Cycles
– Data Retention: 100 Years
– ESD Protection: 4,000V min
• Low-power CMOS
Table 0-1.
AT88SC153
Pin Configuration
Name
Description
ISO Module Contact
Standard Package Pin
VCC
Supply Voltage
C1
8
GND
Ground
C5
1
SCL
Serial Clock Input
C3
6
SDA
Serial Data
Input/Output
C7
3
RST
Reset Input
C2
7
Figure 0-1.
3 x 64 x 8
Secure Memory
with
Authentication
Card Module Contact
VCC
RST
1016E-SMEM-12/07
Figure 0-2.
8-pin SOIC or, PDIP
GND
NC
SDA
NC
1
2
3
4
8
7
6
5
VCC
RST
SCL
NC
1. Description
The AT88SC153 provides 2,048 bits of serial EEPROM memory organized as one configuration
zone of 64 bytes and three user zones of 64 bytes each. This device is optimized as a “secure
memory” for multiapplication smart card markets, secure identification for electronic data transfer, or components in a system without the requirement of an internal microprocessor.
The embedded authentication protocol allows the memory and the host to authenticate each
other. When this device is used with a host that incorporates a microcontroller (e.g., AT89C51,
AT89C2051, AT90S1200), the system provides an “anti-wiretapping” configuration. The device
and the host exchange “challenges” issued from a random generator and verify their values
through a specific cryptographic function included in each part. When both agree on the same
result, the access to the memory is permitted.
Figure 1-1.
Security Methodology
2. Memory Access
Depending on the device configuration, the host might carry out the authentication protocol
and/or present different passwords for each operation, read or write. Each user zone may be
configured for free access for read and write or for password-restricted access. To insure security between the different user zones (multiapplication card), each zone can use a different set of
passwords. A specific attempts counter for each password and for the authentication provides
protection against “systematic attacks.” When the memory is unlocked, the two-wire serial protocol is effective, using SDA and SCL. The memory includes a specific register providing a 32-bit
data stream conforming to the ISO 7816-10 synchronous answer-to-reset.
2
AT88SC153
1016E–SMEM–12/07
AT88SC153
Figure 2-1.
VCC
GND
Block Diagram
Power
Mgt.
Authentication
Unit
Random
Generator
Data
Transfer
SCL
SDA
ISO
Interface
RST
Password
Verification
EEPROM
Answer
To Reset
3. Pin Descriptions
3.1
Supply Voltage (VCC)
The VCC input is a 2.7V-to-5.5V positive voltage supplied by the host.
3.2
Serial Clock (SCL)
The SCL input is used to positive edge clock data into the device and negative edge clock data
out of the device.
3.3
Serial Data (SDA)
The SDA pin is bidirectional for serial data transfer. This pin is open-drain driven and may be
wire-ORed with any number of other open-drain or open-collector devices. An external pull-up
resistor should be connected between SDA and VCC. The value of this resistor and the system
capacitance loading the SDA bus will determine the rise time of SDA. This rise time will determine the maximum frequency during read operations. Low value pull-up resistors will allow
higher frequency operations while drawing higher average power supply current.
3.4
Reset (RST)
When the RST input is pulsed high, the device will output the data programmed into the 32-bit
answer-to-reset register. All password and authentication access will be reset. Following a reset,
device authentication and password verification sequences must be presented to re-establish
user access.
3
1016E–SMEM–12/07
4. Memory Mapping
The 2,048 bits of the memory are divided in four zones of 64 bytes each.
Table 4-1.
Memory Map
Zone
$0
$1
$2
$3
$4
$5
$6
$7
@
$00
64 bytes
User 0
zz(1) = 00
$38
$00
64 bytes
User 1
zz = 01
-
$38
$00
64 bytes
User 2
zz = 10
$38
$00
64 bytes
Configuration
zz = 11
$38
Note:
1. zz = zone number
The last 64 bytes of the memory is a configuration zone with specific system data, access rights,
and read/write commands; it is divided into four subzones.
Table 4-2.
Configuration Zone
Configuration
Fabrication
Identification
$0
$1
$2
$3
Answer-to-Reset
Fab Code
$5
$6
$7
@
Lot History Code
CMC
AR0
AR1
AR2
$00
MTZ
$08
Issuer Code
$10
DCR
Identification Number (Nc)
$18
AAC(1)
Cryptogram (Ci)
$20
Secret Seed (Gc)
$28
Secret
Passwords
$4
PAC
Write 0
PAC
Read 0
$30
PAC
Secure Code/Write 1
PAC
Read 1
$38
Note:
1. Address $20 also serves as the virtual address of the Checksum Authentication Register (CAR) during checksum mode.
Note:
CMC: Card Manufacturer Code
AR0–2: Access Register for User Zone 0 to 2
MTZ: Memory Test Zone
DCR: Device Configuration Register
AAC: Authentication Attempts Counter
PAC: Password Attempts Counter
4
AT88SC153
1016E–SMEM–12/07
AT88SC153
5. Fuses
FAB, CMA, and PER are nonvolatile fuses blown at the end of each card life step. Once blown,
these EEPROM fuses can not be reset.
• The FAB fuse is blown by Atmel prior to shipping wafers to the card manufacturer.
• The CMA fuse is blown by the card manufacturer prior to shipping cards to the issuer.
• The PER fuse is blown by the issuer prior to shipping cards to the end user.
The device responds to a read fuse command with fuse byte.
Table 5-1.
Fuse Byte
Bit 7
Bit 6
Bit 5
Bit 4
Bit 3
Bit 2
Bit 1
Bit 0
0
0
0
0
0
PER
CMA
FAB
When the fuses are all “1”s, read and write are allowed in the entire memory. Before blowing the
FAB fuse, Atmel writes the entire memory to “1” and programs the fabrication subzone (except
CMC and AR) and the secure code.
Table 5-2.
Access Rights
Zone
Access
FAB = 0
CMA = 0
PER = 0
Fabrication
(Except CMC, MTZ and AR)
Read
Free
Free
Free
Write
Forbidden
Forbidden
Forbidden
Card Manufacturer
Code
Read
Free
Free
Free
Write
Secure Code
Forbidden
Forbidden
Read
Free
Free
Free
Write
Secure Code
Secure Code
Forbidden
Read
Free
Free
Free
Write
Free
Free
Free
Read
Free
Free
Free
Write
Secure Code
Secure Code
Forbidden
Read
Secure Code
Secure Code
Forbidden
Write
Secure Code
Secure Code
Forbidden
Read
Secure Code
Secure Code
Write PW
Write
Secure Code
Secure Code
Write PW
Read
Free
Free
Free
Write
Secure Code
Secure Code
Write PW
Read
AR
AR
AR
Write
AR
AR
AR
Access Registers
Memory Test Zone
Identification
Secret
Passwords
PAC
User Zones
Note:
CMC: Card Manufacturer Code
AR: Access Rights as defined by the access registers
PW: Password
5
1016E–SMEM–12/07
6. Configuration Zone
6.1
Answer-to-reset
32-bit register defined by Atmel
6.2
Lot History Code
32-bit register defined by Atmel
6.3
Fab Code
16-bit register defined by Atmel
6.4
Card Manufacturer Code
16-bit register defined by the card manufacturer
6.5
Issuer Code
64-bit register defined by the card issuer
6.6
Access Registers
Three 8-bit access registers defined by the issuer, one for each user zone (active low)
Table 6-1.
Access Registers
Bit 7
Bit 6
Bit 5
Bit 4
Bit 3
Bit 2
Bit 1
Bit 0
WPE
RPE
ATE
AOW
PWS
WLM
MDF
PGO
Write Password Enable (WPE): If enabled (WPE = “0”), the user is required to verify the write
password to allow write operations in the user zone. If disabled (WPE = “1”), all write operations
are allowed within the zone. Verification of the write password also allows the read and write
passwords to be changed.
Read Password Enable (RPE): If enabled (RPE = “0”), the user is required to verify either the
read password or write password to allow read operations in the user zone. Read operations initiated without a verified password will return $00 (or the status of the fuse bits, if either CMA or
PER are still intact). Verification of the write password will always allow read access to the zone.
RPE = “0” and WPE = “1” is allowed but is not recommended.
Authentication Enable (ATE): If enabled (ATE = “0”), a valid authentication sequence is
required for both read and write and must be completed before access is allowed to the user
zone. If disabled (ATE = “1”), authentication is not required for access.
Authentication Only for Write (AOW): If enabled (AOW = “0”), a valid authentication sequence
must be completed before write access is allowed to the user zone. Read access to this zone is
allowed without authentication. This bit is ignored if ATE is enabled.
Password Select (PWS): This bit defines which of the two password sets must be presented to
allow access to the user zone. Each access register may point to a unique password set, or
access registers for multiple zones may point to the same password set. In this case, verification
of a single password will open several zones, combining the zones into a single larger zone.
6
AT88SC153
1016E–SMEM–12/07
AT88SC153
Write Lock Mode (WLM): If enabled (WLM = “0”), the 8 bits of the first byte of each user zone
page will define the locked/unlocked status for each byte in the page. Write access is forbidden
to a byte if its associated bit in byte 0 is set to “0”. Bit 7 controls byte 7, bit 6 controls byte 6, etc.
Modify Forbidden (MDF): If enabled (MDF = “0”), no write access is allowed in the zone at any
time. The user zone must be written before the PER is blown.
Program Only (PGO): If enabled (PGO = “0”), data within the zone may be changed from “1” to
“0” but never from “0” to “1”.
6.7
Identification Number (Nc)
An identification number with up to 56 bits is defined by the issuer and should be unique for each
device.
6.8
Cryptogram (Ci)
The 56-bit cryptogram is generated by the internal random generator and modified after each
successful verification of the cryptogram by the chip, on host request. The initial value, defined
by the issuer, is diversified as a function of the identification number. The 64 bits used in the
authentication protocol consist of the 56-bit cryptogram and the 8-bit Authentication Attempts
Counter (AAC). Note that any change in the AAC status will change Ci for the next authentication attempt.
6.9
Secret Seed (Gc)
The 64-bit secret seed, defined by the issuer, is diversified as a function of the identification
number.
6.10
Memory Test Zone
The memory test zone is an 8-bit free access zone for memory and protocol test.
6.11
Password Set
The password set consists of two sets of two 24-bit passwords for read and write operations,
defined by the issuer. The write password allows modification of the read and write passwords of
the same set. By default, Password 1 is selected for all user zones.
Secure Code: The secure code is a 24-bit password defined by Atmel and is different for each
card manufacturer. The Write 1 Password is used as the secure code until the personalization is
over (PER = 0).
Attempts Counters: There are four 8-bit password attempts counters (PACs), one for each
password, and one other 8-bit attempts counter for the authentication protocol (AAC). The
attempts counters limit the number of consecutive incorrect code presentations allowed (currently four).
6.12
Device Configuration Register
This 8-bit register allows the issuer to select the device configuration options (active-low) shown
in Figure .
7
1016E–SMEM–12/07
Table 6-2.
Device Configuration Options
Bit 7
Bit 6
Bit 5
Bit 4
Bit 3
Bit 2
Bit 1
Bit 0
SME
UCR
UAT
ETA
CS3
CS2
CS1
CS0
Programmable Chip Select (CS0–CS3): The four most significant bits (b4–b7) of every command comprise the chip select address. All AT88SC153 devices will respond to the default chip
select address of $B (1011). Each device will also respond to a second chip select address programmed into CS0–CS3 of the device configuration register. By programming each device to a
unique chip select address, it is possible to connect up to 15 devices on the same serial data
bus. The Write EEPROM and Verify Password commands can be used globally to all devices
sharing the bus by using the default chip select address $B.
Eight Trials Allowed (ETA): If enabled (ETA = “0”), the ETA extends the trials limit to eight
incorrect presentations allowed (passwords or authentication). If disabled (ETA = “1”), the PAC
and AAC will allow only four incorrect attempts.
Unlimited Authentication Trials (UAT): If enabled (UAT = “0”), the AAC is disabled, allowing
an unlimited number of authentication attempts. The PACs are not affected by the UAT bit.
Unlimited Checksum Reads (UCR): If enabled (UCR = “0”), the device will allow an unlimited
number of checksums without requiring a new authentication.
Supervisor Mode Enable (SME): If enabled (SME = “0”), verification of the Write 1 password
will allow the user to write and read the entire passwords zone (including the PACs).
6.13
Checksum Authentication Register
After a valid authentication has been completed, the internal pseudo-random generator (PRG)
will compute a secure checksum after one write command or several consecutive write commands. This checksum certifies that the data sent by the host during the write commands were
received and therefore written in the memory. For every write command, the device clocks the
data bytes into the PRG and its output is the Checksum Authentication Register (CAR), which is
a function of Ci, Gc, Q, and the data bytes written.
After a valid authentication, any write command will enable the checksum mode and cause AAC
to become the virtual location of the 8-byte CAR. When all data have been transmitted, the host
may perform a Read CAR command by sending a read command with the AAC address ($20).
The first 8 bytes transmitted by the device form the secure checksum.
The checksum mode allows only a single Read CAR operation for each valid authentication. The
checksum mode is disabled at the end of the Read CAR command, whatever the number of
bytes transmitted, or by a read command with any other address. The checksum mode can only
be enabled once for a given authentication.
Note: During the Read CAR command, the internal address counter is incremented just as in a
normal read command. Once 8 bytes have been transmitted, the checksum mode is automatically disabled, and if the host continues to request data, the device responds as to a normal read
command, from the address $28.
8
AT88SC153
1016E–SMEM–12/07
AT88SC153
7. User Zones
Three zones are dedicated to the user data. The access rights of each zone are programmable
separately via the access registers. If several zones share the same password set, this set will
be entered only once (after the part is powered up), so several zones might be combined in one
larger zone.
8. Security Operations
8.1
Write Lock
If a user zone is configured in the write lock mode (access register bit 2), the lowest address
byte of a page constitutes a write access byte for the bytes of that page.
Table 8-1.
Write Lock
$0 - WLB
$1
$2
$3
$4
$5
$6
$7
@
11011001
xx
Lock
xx
Lock
xx
xx
xx
Lock
xx
xx
$00
Example: The write lock byte (WLB) at $00 controls the bytes from $00 to $07.
The WLB can also lock itself by writing its least significant (right most) bit to “0”. The WLB can
only be programmed, i.e., bits written to “0” cannot return to “1”.
In the write lock configuration, only one byte of the page can be written at a time. Even if several
bytes are received, only the first byte will be taken into account by the device.
8.2
Password Verification
Compare the operation password presented with the stored one, and write a new bit in the corresponding attempts counter for each wrong attempt. A valid attempt erases the attempts counter
and allows the operation to be carried out as long as the chip is powered.
The current password is memorized and active until power is turned off, unless a new password
is presented or RST becomes active. Only one password is active at a time. The AT88SC153
requires that the Verify Password command be transmitted twice in sequence to successfully
verify a write or read password. (This two-pass method of password verification was implemented in the AT88SC153 to protect the device from attacks on the password security system.)
The first Verify Password command can be considered an initialization command. It will write a
new bit (“0”) in the corresponding PAC. The data bits in this initialization command are ignored.
The second Verify Password command will compare the 3-byte password data presented with
the corresponding password value stored in memory. If the comparison is valid, the PAC will be
cleared. A successful password verification will allow authorized operations to be carried out as
long as the chip is powered. The current password is memorized and active until power is turned
off, a new password is presented, or RST becomes active. Only one password is active at a
time. If a new user zone is selected that points to a different password set, the new password
must be verified and the old password becomes invalid.
9
1016E–SMEM–12/07
8.3
Authentication Protocol
The access to an user zone may be protected by an authentication protocol in addition to password-dependent rights.
The authentication success is memorized and active as long as the chip is powered, unless a
new authentication is initialized or RST becomes active. If the new authentication request is not
validated, the card has lost its previous authentication and it should be presented again. Only
the last request is memorized.
The authentication verification protocol requires the host to perform an Initialize Authentication
command, followed by a Verify Authentication command.
The password and authentication may be presented at any time and in any order. If the trials
limit has been reached, i.e., the 8 bits of the attempts counter have been written, the password
verification or authentication process will not be taken into account.
9. Command Definitions and Protocols
The communications protocol is based on the popular two-wire serial interface. Note that the
most significant bit is transmitted first.
Table 9-1.
Device Commands
Command
Description
Chip Select
Instruction
b7
b6
b5
b4
b3
b2
b1
b0
Write EEPROM
CS3
CS2
CS1
CS0
z
z
0
0
Read EEPROM
CS3
CS2
CS1
CS0
z
z
0
1
Verify Password
CS3
CS2
CS1
CS0
r
p
1
1
Initialize Authentication
CS3
CS2
CS1
CS0
0
0
1
0
Verify Authentication
CS3
CS2
CS1
CS0
0
1
1
0
Write Fuse
CS3
CS2
CS1
CS0
1
0
1
0
Read Fuse
CS3
CS2
CS1
CS0
1
1
1
0
Note:
10
r : Read/write password
p : Password set
AT88SC153
1016E–SMEM–12/07
AT88SC153
9.1
Read EEPROM
Figure 9-1.
Note:
Read EEPROM
*don’t care bit
zz: Zone number
The data byte address is internally incremented following the transmission of each data byte.
During a read operation, the address “roll over” is from the last byte of the current zone to the
first byte of the same zone. If the host is not allowed to read at the specified address, the device
will transmit the corresponding data byte with all bits equal to “0”.
9.2
Write EEPROM
Figure 9-2.
Note:
Write EEPROM
*don’t care bit
zz: Zone number
The data byte address lower three bits are internally incremented following the receipt of each
data byte. The higher data byte address bits are not incremented, retaining the 8-byte write page
address. Each data byte within a page must only be loaded once. Once a stop condition is
issued to indicate the end of the host’s write operation, the device initiates the internal nonvolatile write cycle. An ACK polling sequence can be initiated immediately. After a write command, if
the host is not allowed to write at some address locations, a nonvolatile write cycle will still be initiated, but the device will only modify data at the allowed addresses. When write lock mode is
enabled (WLM = “0”), the write cycle is initiated automatically after the first data byte has been
transmitted.
11
1016E–SMEM–12/07
9.3
Read Fuses
Figure 9-3.
Read Fuses
0
Note:
Fx = 1: fuse is not blown
Fx = 0: fuse is blown
The Read Fuses operation is always allowed. The AT88SC153 will continuously transmit the
fuse byte if the host continues to transmit an ACK. The command is terminated when the host
transmits a NACK and STOP bit.
9.4
Write Fuses
Figure 9-4.
Write Fuses
S
T
A
R
T
Note:
S
T
O
P
nnn = 001 : Blow FAB
nnn = 010 : Blow CMA
nnn = 100 : Blow PER
The Write Fuses operation is only allowed under secure code control; no data byte is transmitted
by the host. The fuses are blown sequentially: CMA is blown if FAB is equal to “0”, and PER is
blown if CMA is equal to “0”. If the fuses are all “0”s, the operation is canceled and the device
waits for a new command.
Once a stop condition is issued to indicate the end of the host’s write operation, the device initiates the internal nonvolatile write cycle. An ACK polling sequence can be initiated immediately.
9.5
Answer-to-reset
If RST is high during SCL clock pulse, the reset operation occurs according to the ISO 7816-10
synchronous answer-to-reset. The four bytes of the answer-to-reset register are transmitted
least significant bit first, on the 32 clock pulses provided on SCL.
The values programmed by Atmel are shown in Figure 9-5 below.
12
AT88SC153
1016E–SMEM–12/07
AT88SC153
Figure 9-5.
Answer-to-reset Values
$2C
9.6
$AA
$55
$A1
Verify Password
Figure 9-6.
Note:
Verify Password
Pw: Password, 3 bytes.
The two bits “rp” indicate the password to compare:
r = 0: Write password
r = 1: Read password
p: Password set number
rp = 01 for the secure code
This command must be transmitted twice in sequence to successfully verify a write or read password. The first Verify Password command can be considered an initialization command. It will
write a new bit (“0”) in the PAC corresponding to the “r” and “p” bits. The data bits in this initialization command are ignored. The second Verify Password command will compare the 3-byte
password data presented with the corresponding password value stored in memory. If the comparison is valid, the PAC will be cleared. For both commands, once the command sequence is
completed and a stop condition is issued, a nonvolatile write cycle is initiated to update the associated attempts counter. After the stop condition is issued, an ACK polling sequence with the
specific command byte of $BD will indicate the end of the write cycle and will read the attempts
counter in the configuration zone. The initialization command will result in a “0” bit in the PAC.
The second Verify Password command will read $FF in the PAC if the verification was
successful.
13
1016E–SMEM–12/07
9.7
Initialize Authentication
Figure 9-7.
Note:
Initiatize Authentication
Q: Host random number, 8 bytes
The Initialize Authentication command sets up the random generator with the cryptogram (Ci),
the secret seed (Gc), and the host random number (Q). Once the sequence is completed and a
stop condition is issued, there is a nonvolatile write cycle to clear a new bit of the AAC. In order
to complete the authentication protocol, the device requires the host to perform an ACK polling
sequence with the specific command byte of $B6, corresponding to the Verify Authentication
command.
9.8
Verify Authentication
Figure 9-8.
Verify Authentication
Q1(0)
Q1(1)
Q1(7)
1
Note:
Q1: Host challenge, 8 bytes
If Q1 is equal to Ci + 1, then the device writes Ci + 2 in memory in place of Ci; this must be preceded by the Initialize Authentication command. Once the sequence is completed and a stop
condition is issued, there is a nonvolatile write cycle to update the associated attempts counter.
In order to know whether or not the authentication was correct, the device requires the host to
perform an ACK polling sequence with the specific command byte of $BD, to read the corresponding attempts counter in the configuration zone. A valid authentication will result in the AAC
cleared to $FF. An invalid authentication attempt will initiate a nonvolatile write cycle, but no
clear operation will be performed on the AAC.
14
AT88SC153
1016E–SMEM–12/07
AT88SC153
10. Device Operation
10.1
Clock and Data Transitions
The SDA pin is normally pulled high with an external device. Data on the SDA pin may change
only during SCL-low time periods (Figure 10-2 on page 16). Data changes during SCL-high time
periods will indicate a start or stop condition as defined below.
10.2
Start Condition
A high-to-low transition of SDA with SCL high is a start condition that must precede any other
command (Figure 10-1 on page 15).
10.3
Stop Condition
A low-to-high transition of SDA with SCL high is a stop condition. After a read sequence, the
stop command will place the device in a standby power mode (Figure 10-1 on page 15).
10.4
Acknowledge
All addresses and data are serially transmitted to and from the device in 8-bit words. The device
sends a “0” to acknowledge that it has received each byte. This happens during the ninth clock
cycle.
10.5
Standby Mode
The AT88SC153 features a low-power standby mode that is enabled upon power-up and after
the receipt of the stop bit and the completion of any internal operations.
10.6
Acknowledge Polling
Once the internally-timed write cycle has started and the device inputs are disabled, acknowledge polling can be initiated. This involves sending a start condition followed by the command
byte representative of the operation desired. Only if the internal write cycle has completed will
the device respond with a “0”, allowing the sequence to continue.
10.7
Device Timing
Figure 10-1. Start and Stop Definition
15
1016E–SMEM–12/07
Note:
The SCL input should be low when the device is idle. Therefore, SCL is low before a start condition and after a stop condition.
Figure 10-2. Data Validity
SDA
SCL
DATA STABLE
DATA STABLE
DATA
CHANGE
Figure 10-3. Output Acknowledge
1
SCL
8
9
DATA IN
DATA OUT
START
Note:
16
ACKNOWLEDGE
To transmit a NACK (no acknowledge), hold data (SDA) high during the entire ninth clock cycle.
AT88SC153
1016E–SMEM–12/07
AT88SC153
11. Absolute Maximum Ratings
*NOTICE:
Operating Temperature: 0°C to +70°C
Storage Temperature: − 65°C to +150°C
Voltage on Any Pin with Respect to Ground: − 0.7V to VCC +
0.7V
Maximum Voltage: 6.25V
DC Output Current: 5.0 mA
Stresses beyond those listed under “Absolute
Maximum Ratings” may cause permanent damage to the device. This is a stress rating only;
functional operation of the device at these or any
other conditions beyond those indicated in the
operational sections of this specification is not
implied. Exposure to absolute maximum rating
conditions for extended periods may affect
device reliability
12. DC Characteristics
Table 12-1. DC Characteristics
Applicable over recommended operating range from: VCC = +2.7V to 5.5V, TAC = 0°C to +70°C (unless otherwise noted).
Symbol
VCC
(1)
Parameter
Test Condition
Supply Voltage
Min
Typ
2.7
Max
Units
5.5
V
(2)
ICC
Supply Current (VCC = 5.0V)
READ at 1 MHz
5.0
mA
ICC
Supply Current (VCC = 5.0V)
WRITE at 1 MHz
5.0
mA
ISB1(1)
Standby Current (VCC = 2.7V)
VIN = VCC or GND
1.0
µA
ISB2
Standby Current (VCC = 5.0V)
VIN = VCC or GND
5.0
µA
ILI
Input Leakage Current
VIN = VCC or GND
1.0
µA
ILI
RST Input Leakage Current
VIN = VCC or GND
20.0
µA
ILO
Output Leakage Current
VOUT = VCC or GND
1.0
µA
-0.3
VCC x 0.3
V
VCC x 0.7
VCC + 0.5
V
0.4
V
VIL
VIH
VOL2
Notes:
Input Low Level
(3)
Input High Level
(3)
Output Low Level (VCC = 2.7V)
IOL = 2.1 mA
1. This parameter is preliminary; Atmel may change the specifications upon further characterization.
2. Output not loaded.
3. VIL min and VIH max are reference only and are not tested.
17
1016E–SMEM–12/07
13. AC Characteristics
Table 13-1. AC Characteristics
Applicable over recommended operating range from TA = 0°C to +70°C, VCC = +2.7V to +5.5V, CL = 1 TTL Gate and 100
pF (unless otherwise noted).
5.0 Volt
Symbol
Parameter
Min
Max
Units
fSCL
Clock Frequency, SCL
1.0
MHz
tLOW
Clock Pulse Width Low
400
ns
tHIGH
Clock Pulse Width High
400
ns
tAA
Clock Low to Data Out Valid
tHD.STA
Start Hold Time
200
ns
tSU.STA
Start Set-up Time
200
ns
tHD.DAT
Data In Hold Time
0
ns
tSU.DAT
Data In Set-up Time
100
ns
550
(1,2)
ns
tR
Inputs Rise Time
tF
Inputs Fall Time (1,2)
tSU.STO
Stop Set-up Time
tDH
Data Out Hold Time
tWR
Write Cycle Time
tRST
Reset Width High
600
ns
tSU.RST
Reset Set-up Time
50
ns
tHD.RST
Reset Hold Time
50
ns
tBUF
Period of time the bus must be free before a new
command can start (1)
500
ns
tVCC
Power On Reset Time
2.0
ms
Notes:
300
ns
100
ns
200
ns
0
ns
10
ms
1. This parameter is characterized and is not 100% tested.
2. Input rise and fall transitions must be monotonic.
14. Pin Capacitance
Table 14-1. Pin Capacitance
Applicable at recommended operating conditions: TA = 25°C, f = 1.0 MHz, VCC = +2.7V.
Symbol
CI/O
CIN
Notes:
18
Test Condition
Input/Output Capacitance (SDA)
Input Capacitance (RST, SCL)
(1)
(1)
Max
Units
Conditions
8
pF
VI/O = 0V
6
pF
VIN = 0V
1. This parameter is characterized and is not 100% tested.
AT88SC153
1016E–SMEM–12/07
AT88SC153
15. Timing Diagrams
Figure 15-1. Bus Timing (SCL: Serial Clock; SDA: Serial Data I/O)
Figure 15-2. Synchronous Answer-to-reset Timing
Figure 15-3. Write Cycle (SCL: Serial Clock; SDA: Serial Data I/O)
SCL
SDA
8th BIT
ACK
WORD n
t WR
STOP
CONDITION
Note:
START
CONDITION
The write cycle time tWR is the time from valid stop condition of a write sequence to the end of the
internal clear/write cycle.
19
1016E–SMEM–12/07
16. Ordering Information
Ordering Code
Package
Voltage Range
Temperature Range
AT88SC153-09ET-00
M2 – E Module
2.7V–5.5V
Commerical (0°C–70°C)
AT88SC153-09PT-00
M2 – P Module
2.7V–5.5V
Commerical (0°C–70°C)
AT88SC153-10PU-00
8P3
2.7V–5.5V
Industrial (− 40°C–85°C)
AT88SC153-10SU-00
8S1
2.7V–5.5V
Industrial (− 40°C–85°C)
AT88SC153-10WU-00
7 mil Wafer
2.7V–5.5V
Industrial (− 40°C–85°C)
Package Type(1)
Description
M2 – P Module
M2 ISO 7816 Smart Card Module with Atmel Logo
M2 – E Module
M2 ISO 7816 Smart Card Module
8S1
8-lead, 0.150” Wide, Plastic Gull Wing Small Outline Package (JEDEC SOIC)
8P3
8-lead, 0.300” Wide, Plastic Dual Inline Package (PDIP)
Notes:
1. Formal drawings may be obtained from an Atmel Sales Office.
17. Smart Card Modules
Ordering Code: 09ET-00
Module Size: M2-00
Dimension*: 12.6 x 11.4 [mm]
Glob Top: Clear, Round: Æ 8.0 [mm] max
Thickness: 0.58 [mm] max
Pitch: 14.25 [mm]
Ordering Code: 09PT-00
Module Size: M2
Dimension*: 12.6 x 11.4 [mm]
Glob Top: Square: 8.8 x 8.8 [mm]
Thickness: 0.58 [mm]
Pitch: 14.25 [mm]
*Note: The module dimensions listed refer to the dimensions of the exposed metal contact area. The actual dimensions
of the module after excise or punching from the carrier tape are generally 0.4 mm greater in both directions
(i.e., a punched M2 module will yield 13.0 x 11.8 mm).
20
AT88SC153
1016E–SMEM–12/07
AT88SC153
Ordering Code: 10SU-00
8-lead SOIC
21
1016E–SMEM–12/07
Ordering Code: 10PU-00
8-lead PDIP
E
1
E1
N
Top View
c
eA
End View
COMMON DIMENSIONS
(Unit of Measure = inches)
D
e
D1
A2 A
b2
b3
b
4 PLCS
Side View
L
SYMBOL
NOM
MAX
NOTE
2
A
–
–
0.210
A2
0.115
0.130
0.195
b
0.014
0.018
0.022
5
b2
0.045
0.060
0.070
6
b3
0.030
0.039
0.045
6
c
0.008
0.010
0.014
D
0.355
0.365
0.400
3
D1
0.005
–
–
3
E
0.300
0.310
0.325
4
E1
0.240
0.250
0.280
3
e
0.100 BSC
eA
0.300 BSC
L
Notes:
MIN
0.115
0.130
4
0.150
2
1. This drawing is for general information only; refer to JEDEC Drawing MS-001, Variation BA, for additional information.
2. Dimensions A and L are measured with the package seated in JEDEC seating plane Gauge GS-3.
3. D, D1 and E1 dimensions do not include mold Flash or protrusions. Mold Flash or protrusions shall not exceed 0.010 inch.
4. E and eA measured with the leads constrained to be perpendicular to datum.
5. Pointed or rounded lead tips are preferred to ease insertion.
6. b2 and b3 maximum dimensions do not include Dambar protrusions. Dambar protrusions shall not exceed 0.010 (0.25 mm).
01/09/02
R
22
2325 Orchard Parkway
San Jose, CA 95131
TITLE
8P3, 8-lead, 0.300" Wide Body, Plastic Dual
In-line Package (PDIP)
DRAWING NO.
REV.
8P3
B
AT88SC153
1016E–SMEM–12/07
AT88SC153
Revision History
Lit Number
1016E
Date
Comment
12/2007
Adjusted Absolute Maximum Ratings
Adjusted Ordering Codes
Removed LAP
Fixed spacing on minus signs
Updated to new template
Modified Ordering Codes
Replaced 8-lead SOIC figure with version C
23
1016E–SMEM–12/07
Headquarters
International
Atmel Corporation
2325 Orchard Parkway
San Jose, CA 95131
USA
Tel: 1(408) 441-0311
Fax: 1(408) 487-2600
Atmel Asia
Room 1219
Chinachem Golden Plaza
77 Mody Road Tsimshatsui
East Kowloon
Hong Kong
Tel: (852) 2721-9778
Fax: (852) 2722-1369
Atmel Europe
Le Krebs
8, Rue Jean-Pierre Timbaud
BP 309
78054 Saint-Quentin-enYvelines Cedex
France
Tel: (33) 1-30-60-70-00
Fax: (33) 1-30-60-71-11
Atmel Japan
9F, Tonetsu Shinkawa Bldg.
1-24-8 Shinkawa
Chuo-ku, Tokyo 104-0033
Japan
Tel: (81) 3-3523-3551
Fax: (81) 3-3523-7581
Technical Support
[email protected]
Sales Contact
www.atmel.com/contacts
Product Contact
Web Site
www.atmel.com/products/securemem
Literature Requests
www.atmel.com/literature
Disclaimer: The information in this document is provided in connection with Atmel products. No license, express or implied, by estoppel or otherwise, to any
intellectual property right is granted by this document or in connection with the sale of Atmel products. EXCEPT AS SET FORTH IN ATMEL’S TERMS AND CONDITIONS OF
SALE LOCATED ON ATMEL’S WEB SITE, ATMEL ASSUMES NO LIABILITY WHATSOEVER AND DISCLAIMS ANY EXPRESS, IMPLIED OR STATUTORY WARRANTY
RELATING TO ITS PRODUCTS INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NONINFRINGEMENT. IN NO EVENT SHALL ATMEL BE LIABLE FOR ANY DIRECT, INDIRECT, CONSEQUENTIAL, PUNITIVE, SPECIAL OR INCIDENTAL DAMAGES (INCLUDING,
WITHOUT LIMITATION, DAMAGES FOR LOSS OF PROFITS, BUSINESS INTERRUPTION, OR LOSS OF INFORMATION) ARISING OUT OF THE USE OR INABILITY TO USE
THIS DOCUMENT, EVEN IF ATMEL HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Atmel makes no representations or warranties with respect to the
accuracy or completeness of the contents of this document and reserves the right to make changes to specifications and product descriptions at any time without notice.
Atmel does not make any commitment to update the information contained herein. Unless specifically provided otherwise, Atmel products are not suitable for, and shall not
be used in, automotive applications. Atmel’s products are not intended, authorized, or warranted for use as components in applications intended to support or sustain life.
© 2007 Atmel Corporation. All rights reserved. Atmel ®, logo and combinations thereof, and others are registered trademarks or trademarks of
Atmel Corporation or its subsidiaries. Other terms and product names may be trademarks of others.
1016E–SMEM–12/07