ATMEL AT88SC6416CRF

1. Features
• One of a Family of Devices with User Memory of 1 Kbit to 64 Kbits
• Contactless 13.56 MHz RF Communications Interface
•
•
•
•
•
– ISO/IEC 14443-2:2001 Type B Compliant
– ISO/IEC 14443-3:2001 Type B Compliant Anticollision Protocol
– Command Set Optimized for Multicard RF Communications
– Tolerant of Type A Signaling for Multiprotocol Applications
Integrated 82 pF Tuning Capacitor
User EEPROM Memory
– 64 Kbits Configured as Sixteen 512-byte (4-Kbit) User Zones
– Byte, Page, and Partial Page Write Modes
– Self-timed Write Cycle
256-byte (2-Kbit) Configuration Zone
– User-programmable Application Family Identifier (AFI)
– User-defined Anticollision Polling Response
– User-defined Keys and Passwords
High-Security Features
– 64-bit Mutual Authentication Protocol (under license of ELVA)
– Encrypted Checksum
– Stream Encryption
– Four Key Sets for Authentication and Encryption
– Eight Sets of Two 24-bit Passwords
– Password and Authentication Attempts Counters
– Selectable Access Rights by Zone
– Antitearing Function
– Tamper Sensors
High Reliability
– Endurance: 100,000 Write Cycles
– Data Retention: 10 Years
– Operating Temperature: −40°C to +85°C
13.56 MHz
CryptoRF®
EEPROM Memory
64 Kbits
AT88SC6416CRF
Summary
2. Description
The CryptoRF® family integrates a 13.56 MHz RF interface into a CryptoMemory®,
resulting in a contactless smart card with advanced security and cryptographic features. This device is optimized as a contactless secure memory, for RF smart cards,
and secure data storage, without the requirement of an internal microprocessor.
For communications, the RF interface utilizes the ISO/IEC 14443-2 and -3 Type B bit
timing and signal modulation schemes, and the ISO/IEC 14443-3 Slot-MARKER Anticollision Protocol. Data is exchanged half duplex at a 106-kbit/s rate, with a two-byte
CRC_B providing error detection capability. The maximum communication range
between the reader antenna and contactless card is approximately 10 cm when used
with an RFID reader that transmits the maximum ISO/IEC 14443-2 RF power level.
The RF interface powers the other circuits; no battery is required. Full compliance with
the ISO/IEC 14443-2 and -3 standards results in anticollision interoperability with the
AT88RF020 2-Kbit RFID EEPROM product and provides both a proven RF communication interface and a robust anticollision protocol.
Rev. 5006DS–CRRF–04/09
The AT88SC6416CRF contains 64 Kbits of user memory and 2 Kbits of configuration memory. The 2 Kbits of configuration
memory contain eight sets of read/write passwords, four crypto key sets, security access registers for each user zone, and
password/key registers for each zone.
The CryptoRF command set is optimized for a multicard RF communications environment. A programmable AFI register
allows this IC to be used in numerous applications in the same geographic area with seamless discrimination of cards
assigned to a particular application during the anticollision process.
3. Block Diagram
Figure 3-1.
Block Diagram
RF Interface
Command
and
Response
r
ie
tif
ec
Over
Voltage
Clamp
EEPROM
Regulator
Data Transfer
VDD
R
C
Modulator
AC1
VSS
Password
Verification
AC2
Clock
Extraction
Data
Extraction
Frame Formatting
and
Error Detection
Interface
Anticollision
Authentication
Encryption and
Certification Unit
Random Number
Generator
2
AT88SC6416CRF
5006DS–CRRF–04/09
AT88SC6416CRF
4. Communications
All personalization and communication with this device is performed through the RF interface.
The IC includes an integrated tuning capacitor, enabling it to operate with only the addition of a
single external coil antenna.
The RF communications interface is fully compliant with the electrical signaling and RF power
specifications in ISO/IEC 14443-2:2001 for Type B only. Anticollision operation and frame formatting are compliant with ISO/IEC 14443-3:2001 for Type B only.
ISO/IEC 14443 nomenclature is used in this specification where applicable. The following abbreviations are utilized throughout this document. Additional terms are defined in the section in
which they are used.
• PCD – Proximity Coupling Device: the reader/writer and antenna
• PICC – Proximity Integrated Circuit Card: the tag/card containing the IC and antenna
• RFU – Reserved for Future Use: any feature, memory location, or bit that is held as reserved
for future use
• $ xx – Hexadecimal Number: denotes a hex number “xx” (Most Significant Bit on left)
4.1
Anticollision Protocol
When the PICC enters the 13.56 MHz RF field of the host reader (PCD), it performs a power on
reset (POR) function and waits silently for a valid Type B polling command. The CryptoRF PICC
processes the antitearing registers as part of the POR process.
The PCD initiates the anticollision process by issuing an REQB or WUPB command. The WUPB
command activates any card (PICC) in the field with a matching AFI code. The REQB command
performs the same function but does not affect a PICC in the Halt state. The CryptoRF command set is available only after the anticollision process has been completed.
4.2
CRC Error Detection
A two-byte CRC_B is required in each frame transmitted by the PICC or PCD to permit transmission error detection. The CRC_B is calculated on all of the command and data bytes in the
frame. The SOF, EOF, start bits, stop bits, and EGT are not included in the CRC_B calculation.
The two-byte CRC_B follows the data bytes in the frame.
Figure 4-1.
SOF
4.3
Location of the Two CRC_B Bytes within a Frame
K data bytes
CRC1
CRC2
EOF
Type A Tolerance
The RF Interface is designed for use in multiprotocol applications. It will not latch or lock up if
exposed to Type A signals and will not respond to them. The PICC may reset in the presence of
Type A field modulation but is not damaged by exposure to Type A signals.
3
5006DS–CRRF–04/09
5. User Memory
The EEPROM user memory is divided into 16 user zones as shown in the memory map in Table
5-1. Multiple zones allow for different types of data or files to be stored in different zones. Access
to the user zones is allowed only after security requirements have been met. These security
requirements are defined by the user in the configuration memory during personalization of the
device. The EEPROM memory page length is 32 bytes.
Table 5-1.
Memory Map
Zone
$0
$1
$2
$3
$4
$5
$6
$7
$000
User 0
–
512 Bytes
–
$1F8
User 1
–
–
–
User 14
$000
–
–
$1F8
$000
User 15
–
512 Bytes
–
$1F8
6. Configuration Memory
The configuration memory consists of 2048 bits of EEPROM memory used for storing system
data, passwords, keys, codes, and security-level definitions for each user zone. Access rights to
the configuration zone are defined in the control logic and may not be altered by the user. These
access rights include the ability to program certain portions of the configuration memory and
then lock the data written through use of the security fuses.
6.1
Security Fuses
There are three fuses on the device that must be blown during the device personalization process. Each fuse locks certain portions of the configuration memory as OTP memory. Fuses are
designated for the module manufacturer, card manufacturer and card issuer and must be blown
in sequence.
4
AT88SC6416CRF
5006DS–CRRF–04/09
AT88SC6416CRF
7. Communication Security
Communication between the PICC and reader operates in three basic modes. Standard mode is
the default mode for the device after power-up and anticollision. Authentication mode is activated by a successful authentication sequence. Encryption mode is activated by a successful
encryption activation, following a successful authentication.
Table 7-1.
Configuration Security Modes
Mode
User Data
Passwords
Data Integrity
Check
Standard
clear
clear
MDC(1)
Authentication
clear
encrypted
MAC(2)
Encryption
encrypted
encrypted
MAC(2)
Notes:
1. Modification Detection Code
2. Message Authentication Code
7.1
Security Methodology
Figure 7-1.
Security Methodology
Device (card)
Card Number
VERIFY A
Compute Challenge B
Challenge B
Host (reader)
COMPUTE Challenge A
Challenge A
VERIFY B
Check Password (RPW)
DATA
Checksum (CS)
Read Password (RPW)
Check Password (WPW)
Write Password (WPW)
DATA
CS
VERIFY CS
VERIFY CS (optional)
Write DATA
7.2
Memory Access
Depending on the device configuration, the host will carry out the authentication protocol and/or
present different passwords for each operation: read or write. To insure security between the different user zones (multiapplication card), each zone can use a different set of passwords. A
specific attempts counter for each password and for the authentication provides protection
against systematic attacks.
5
5006DS–CRRF–04/09
8. Security Operations
8.1
Antitearing
In the event of a power loss during a write cycle, the integrity of the device’s stored data may be
recovered. This function is optional: the host may choose to activate the antitearing function
depending on application requirements. When antitearing is active, write commands take longer
to execute since more write cycles are required to complete them. Data writes are limited to 8byte pages when antitearing is active.
Data is written first to a buffer zone in EEPROM instead of to the intended destination address,
but with the same access conditions. The data is then written to the required location. If this second write cycle is interrupted due to a power loss, the device will automatically recover the data
from the buffer zone at the next power-up.
8.2
Password Verification
Passwords may be used to protect user zones read and/or write access. When a password is
presented using the Check Password command, it is memorized and active until power is
removed unless a new password is presented or a valid DESELECT or IDLE command is
received. Only one password is active at a time, but write passwords also give read access.
8.3
Authentication Protocol
The access to a user zone may be protected by an authentication protocol in addition to password dependent rights. Passwords are encrypted in authentication mode.
The authentication success is memorized and active as long as the chip is powered, unless a
new authentication is initialized or a valid DESELECT or IDLE command is received. If the new
authentication request is not validated, the card loses its previous authentication and it must be
presented again. Only the last request is memorized.
8.4
Encryption
The data exchanged between the card and the reader during Read, Write, and Check Password
commands may be encrypted to ensure data confidentiality.
The issuer may choose to protect the access to a user zone with an encryption key by settings
made in the configuration memory. In that case, activation of the encryption mode is required in
order to read/write data in the zone.
The encryption activation success is memorized and active as long as the chip is powered,
unless a new initialization is initiated or a valid DESELECT or IDLE command is received. If the
new encryption activation request is not validated, the card will no longer encrypt data during
read operations nor will it decrypt data received during write or Check Password operations.
8.5
Checksum
The PICC implements a data validity check function in the form of a checksum. The checksum
may function in standard or cryptographic mode. In the standard mode, the checksum is optional
and may be used for transmission error detection. The cryptographic mode is more powerful
since it provides data origin authentication capability in the form of a Message Authentication
Code (MAC). To write data to the device, the host is required to compute a valid MAC and provide it to the device. If after an ingoing command the device computes a MAC different from the
6
AT88SC6416CRF
5006DS–CRRF–04/09
AT88SC6416CRF
MAC transmitted by the host, not only is the command abandoned but the cryptographic mode is
also reset. A new authentication is required to reactivate the cryptographic mode.
8.6
Initial Device Programming
CryptoRF is delivered with all security features disabled. To program the polling response or
enable the security features of CryptoRF the device must be personalized by programming several registers. This is accomplished by programming the configuration memory using simple
write and read commands.
8.7
Transport Password
To gain access to the configuration memory, a transport password known as the secure code
must be presented using the Check Password command. The secure code for
AT88SC6416CRF is $70 BA 2E.
9. Tuning Capacitance
The capacitance between the coil pins AC1 and AC2 is 82 pF nominal and may vary ±10% over
temperature and process variation.
10. Reliability
Table 10-1.
Reliability
Parameter
Write endurance
Data retention
Min
Typ
Max
Units
100,000
–
–
Write
Cycles
10
–
–
Years
11. Mechanical
11.1
Engineering Samples
Sample Code
Sample Description
Maximum Range
AT88SC6416CRF-MR1
R Module, 82 pF, on 35 mm tape
AT88SC6416CRF-L01B
RF Smart Card, ID-1 size, PVC
8−10 cm
AT88SC6416CRF-MU1
RFID Tag, 17 mm diameter, on 35 mm tape
1−3 cm
AT88SC6416CRF-MS1
RFID Tag, 10 x 20 mm size, on 35 mm tape
10−15 mm
7
5006DS–CRRF–04/09
11.2
Ordering Information
Ordering Code
Package
Tuning Capacitor
Temperature Range
AT88SC6416CRF-MR1
R Module
82 pF
Commercial (0⋅ C to 70⋅ C)
AT88SC6416CRF-WA1
6 mil wafer, 150 mm diameter
82 pF
Industrial (−40⋅ C to 85⋅ C)
Package Type
R Module
11.3
Description
2- lead RF Smart Card Module, XOA2 style, RoHS compliant
Packaging Information
Ordering Code: AT88SCxxxxCRF-MR1
Module Size: M5
Dimension: 5.06 x 8.00 [mm]
Glob Top : Square - 4.8 x 5.1 [mm]
Thi ckness : 0.38 [mm]
Pitch : 9.5 [mm]
8
AT88SC6416CRF
5006DS–CRRF–04/09
Headquarters
International
Atmel Corporation
2325 Orchard Parkway
San Jose, CA 95131
USA
Tel: 1(408) 441-0311
Fax: 1(408) 487-2600
Atmel Asia
Unit 1-5 & 16, 19/F
BEA Tower, Millennium City 5
418 Kwun Tong Road
Kwun Tong, Kowloon
Hong Kong
Tel: (852) 2245-6100
Fax: (852) 2722-1369
Atmel Europe
Le Krebs
8, Rue Jean-Pierre Timbaud
BP 309
78054 Saint-Quentin-enYvelines Cedex
France
Tel: (33) 1-30-60-70-00
Fax: (33) 1-30-60-71-11
Atmel Japan
9F, Tonetsu Shinkawa Bldg.
1-24-8 Shinkawa
Chuo-ku, Tokyo 104-0033
Japan
Tel: (81) 3-3523-3551
Fax: (81) 3-3523-7581
Technical Support
[email protected]
Sales Contact
www.atmel.com/contacts
Product Contact
Web Site
www.atmel.com
Literature Requests
www.atmel.com/literature
Disclaimer: The information in this document is provided in connection with Atmel products. No license, express or implied, by estoppel or otherwise, to any
intellectual property right is granted by this document or in connection with the sale of Atmel products. EXCEPT AS SET FORTH IN ATMEL’S TERMS AND CONDITIONS OF SALE LOCATED ON ATMEL’S WEB SITE, ATMEL ASSUMES NO LIABILITY WHATSOEVER AND DISCLAIMS ANY EXPRESS, IMPLIED OR STATUTORY
WARRANTY RELATING TO ITS PRODUCTS INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
PURPOSE, OR NON-INFRINGEMENT. IN NO EVENT SHALL ATMEL BE LIABLE FOR ANY DIRECT, INDIRECT, CONSEQUENTIAL, PUNITIVE, SPECIAL OR INCIDENTAL DAMAGES (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF PROFITS, BUSINESS INTERRUPTION, OR LOSS OF INFORMATION) ARISING OUT
OF THE USE OR INABILITY TO USE THIS DOCUMENT, EVEN IF ATMEL HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Atmel makes no
representations or warranties with respect to the accuracy or completeness of the contents of this document and reserves the right to make changes to specifications
and product descriptions at any time without notice. Atmel does not make any commitment to update the information contained herein. Unless specifically provided
otherwise, Atmel products are not suitable for, and shall not be used in, automotive applications. Atmel’s products are not intended, authorized, or warranted for use
as components in applications intended to support or sustain life.
©2009 Atmel Corporation. All rights reserved. Atmel®, Atmel logo and combinations thereof, Everywhere You Are®, CryptoMemory®, CryptoRF® and others, are registered trademarks or trademarks of Atmel Corporation or its subsidiaries. Innovatron® is a registered trademark of
Innovatron. Other terms and product names may be trademarks of others.
5006DS–CRRF–04/09