Features • • • • • • • • • • • • 1K x 1 Serial E2PROM With Security Logic Available in Two Memory Organizations: AT88SC10111K x 1Memory Zone AT88SC1022512 x 1Memory Zone Supports ISO/IEC 7816-3 Synchronous Protocol Stores and Validates Security Codes Counts Incorrect Security Code Attempts Provides Transport Code Security Manufactured Using Low Power CMOS Technology VPP Internally Generated 2 µs Read Access Time; 5 ms Write Cycle Time Temperature Range From -25°C to 70°C ESD Immunity > 4K Volts High Reliability: 100,000 Write/Erase Cycles 100 Years Data Retention Smart Card ICs 1K E2PROM with Security Logic Block Diagram AT88SC101 AT88SC102 Description The AT88SC101/102 family provides 1024 bits of serial E2PROM (Electrically Erasable and Programmable Read Only Memory) with additional security logic for use in secure smart card applications. The AT88SC101 is available in one 1024 x 1 bit memory zones, and the AT88SC102 is available in two 512 x 1 bit memory zones. ISO Card Configuration ISO Pad Pad Description Contact # Name C1 C2 C3 C4 C5 C6 C7 C8 8 7 6 5 1 2 3 4 V CC RST CLK FUS VSS NC I/O PGM Operating Voltage Reset Clock and Address Control Identification Fuses Ground No Connect Bi-directional Data Port Programming Control Card Module Contacts Vcc C1 C5 Vss RST C2 C6 N/C CLK C3 C7 I/O FUS C4 C8 PGM The security features of Atmel’s AT88SC101/102 include: data access only after validation of the security code permanent invalidation of device upon four consecutive false security code presentations read/write protection of certain memory zones device reset if power drops secure transport of devices using transport code compare sequence The AT88SC101/102 is manufactured using low-power CMOS technology and features its own internal high-voltage pump for single voltage supply operation. The devices are guaranteed to 100,000 erase/write cycles and 100 year data retention. Endurance up to one-million AT88SC101 and AT88SC102 Memory Map AT88SC101 Memory Partitions AT88SC102 Address Bits Address Bits Fabrication Zone (FZ) 0 - 15 16 0 - 15 16 Issuer Zone (IZ) 16 - 79 64 16 - 79 64 Security Code (SC) 80 - 95 16 80 - 95 16 Security Code Attempts Counter (SCAC) 96 - 111 16 96 - 111 16 Code Protected Zone (CPZ) 112 - 175 64 112 - 175 64 Application Zone 1 (AZ1) 176 - 1199 1024 176 - 687 512 Application Zone 1 Erase Key (EZ1) 1200 - 1231 32 688 - 735 48 Application Zone 2 (AZ2) — — 736 - 1247 512 Application Zone 2 Erase Key (EZ2) — — 1248 - 1279 32 Erase Counter (EC) 1232 - 1359 128 1280 - 1407 128 Memory Test Zone (MTZ) 1360 - 1375 16 1408 - 1423 16 TOTAL BITS 1376 1424 Definition of AT88SC101/102 Memory Partitions FABRICATION ZONE (16 bits): Programmed by the manufacturer with a specific identifier for each customer. FUSE1 is blown by the manufacturer after programming the fabrication code, which makes the fabrication zone unalterable. ISSUER ZONE (64 bits): Programmed by the issuer before finalizing personalization. The data stored in the issuer zone is unalterable after FUSE2 is blown. USER PROTECTED ZONE (64 bits): Writing and erasing this zone is protected. The number of program/erase cycles is guaranteed up to 100,000. APPLICATION ZONE(S) (1024 or 512 bits): Reading and programming the application zone(s) are controlled by the first 2 bits of the zone (PR, RD) and by the security code (Tables 1 and 2). The erasure of each zone is protected by an erase key specific to each zone. SECURITY CODE (16 bits): Must be presented by the issuer to access circuit memory and personalize device before blowing FUSE2. This secures transportation between the manufacturer and the issuer. After the device is personalized and FUSE2 is blown, this code protects the access to the application zone(s) of the card. APPLICATION ZONE ERASE KEY (32 or 48 bits): Must be presented to authorize the erasure of the application zone(s). The key(s) must be programmed during the personalization of the circuit. SECURITY CODE ATTEMPTS COUNTER (16 bits): Counts the number of incorrect security code attempts. The device is locked after 4 false presentations. MEMORY TEST ZONE (16 bits): at this memory location. 2 AT88SC101/102 ERASE COUNTER (128 bits): Limits the number of erasures of the last zone to 128 or less. Allows pattern testing AT88SC101/102 Memory Access to AT88SC101 and AT88SC102 The access to the memory is controlled by the state of the internal fuses and by the voltage supply applied on the FUS pad: FUS Pad Voltage 0V 5V 5V State of the FUSES FUSE 1FUSE 2 Either Either Blown Not Blown Blown Blown Access Conditions See: Table 2 Table 1 Table 2 Table 1. AT88SC101/102 Access Conditions During Personalization (FUSE 2 Not Blown) S C 1 P R 1 R D 2 P R 2 R D FZ X X X X X X X X YES NO NO NO IZ 0 1 X X X X X X X X X X X X X X YES YES NO YES NO YES NO NO SC 0 1 X X X X X X X X X X X X X X NO YES NO YES NO YES YES NO SCAC 0 1 X X X X X X X X X X X X X X YES YES NO YES YES YES NO NO CPZ 0 1 X X X X X X X X X X X X X X YES YES NO YES NO YES NO NO AZ1 0 0 1 X X X 0 1 X X X X X X X X X X X X X X X X NO YES YES NO NO YES NO NO YES NO NO NO EZ1 0 1 X X X X X X X X X X X X X X NO YES NO YES NO YES NO NO AZ2 0 0 1 X X X X X X X X X 0 1 X X X X X X X X X X NO YES YES NO NO YES NO NO YES NO NO NO EZ2 0 1 X X X X X X X X X X X X X X NO YES NO YES NO YES NO NO EC 0 1 X X X X X X X X X X X X X X YES YES NO YES YES YES NO NO X X X X X X X X YES YES YES NO Zones MTZ Notes: E Z 1 E Z 2 SC:SC = 1 after validation of security code 1PR:1st bit of AZ1 (Bit 176) 1RD:2nd bit of AZ1(Bit 177) 2PR:1st bit of AZ2 (Bit 736) - AT88SC102 only E C READ 2RD: EZ1: EZ2: EC: WRITE 1 (Erase) WRITE 0 (PROG) Compare 2nd bit of AZ2 (Bit 737) - AT88SC102 only EZ1 = 1 after a valid presentation of erase key 1 EZ2 = 1 after a valid presentation of erase key 2 EC = 1 when the counter is not empty. 3 Table 2. AT88SC101/102 Access Conditions After Personalization (FUSE 2 Blown) S C 1 P R 1 R D 2 P R 2 R D FZ X X X X X X X X YES NO NO NO IZ X X X X X X X X YES NO NO NO SC 0 1 X X X X X X X X X X X X X X NO NO NO YES NO YES YES NO SCAC 0 1 X X X X X X X X X X X X X X YES YES NO YES YES YES NO NO CPZ 0 1 X X X X X X X X X X X X X X YES YES NO YES NO YES NO NO AZ1 0 0 1 1 1 1 X X 0 0 1 1 0 1 X X X X X X X X X X X X X X X X X X 0 1 0 1 X X X X X X X X X X X X NO YES YES YES YES YES NO NO NO YES NO YES NO NO NO NO YES YES NO NO NO NO NO NO EZ1 X X X X X X X X NO NO NO YES AZ2 0 0 1 1 1 1 1 1 X X X X X X X X X X X X X X X X X X 0 0 0 1 1 1 0 1 X X X X X X X X X X X X X X X X 0 X 1 0 X 1 X X X 0 1 X 0 1 NO YES YES YES YES YES YES YES NO NO NO NO YES NO NO YES NO NO NO NO NO YES YES YES NO NO NO NO NO NO NO NO EZ2 X X X X X X X X NO NO NO YES EC X X X X X X X X YES NO YES NO MTZ X X X X X X X X YES YES YES NO Zones Notes: 4 E Z 1 E Z 2 SC:SC = 1 after validation of security code 1PR:1st bit of AZ1 (Bit 176) 1RD:2nd bit of AZ1(Bit 177) 2PR:1st bit of AZ2 (Bit 736) - AT88SC102 only AT88SC101/102 E C READ 2RD: EZ1: EZ2: EC: WRITE 1 (Erase) WRITE 0 (PROG) Compare 2nd bit of AZ2 (Bit 737) - AT88SC102 only EZ1 = 1 after a valid presentation of erase key 1 EZ2 = 1 after a valid presentation of erase key 2 EC = 1 when the counter is not empty. AT88SC101/102 Modes of Operation The AT88SC101/102 has four operation modes selected by PGM, RST, CLK, and by the internal counter: Inputs Micro Instructions PGM RST RESET X INC (INC/READ) 0 0 CMP (INC/CMP) 0 0 WRITE 1 0 VERIFY 0 0 CLK 0 Definitions The address counter is reset to 0 and the first bit of the memory is available on I/O after the falling edge of RST and CLK hit 0. Note: The INC instruction is disabled when RST is high (Figure 1). Address counter is reset on the falling edge of RESET. The address counter is incremented and the first bit is available on I/O after the falling edge of the clock (unless reading is forbidden) (Figure 2). Address increments on falling edge of CLK. Data is released after the falling edge of CLK. Comparison of the bit presented to the card to the internal bit of the memory (for secret codes only). The bit should stay stable on I/O during the time CLK is low. The address counter is incremented on the falling edge of the CLK (Figure 3). I/O must be positioned on 0 for programming or on 1 for erasure before the rising edge of CLK which must stay on 1 for at least 5ms. The bit addressed (which will be written) is available on I/O after the falling edge of the CLK (Figure 4). Notes:1.Output is disabled (Hi state) on addresses where read is disabled. 2.If VDD falls between approximately 3V and 4V the chip will execute a power-on reset. 3.The 2 instructions CMP and UP are coded (0,0) on CLK and PGM. The circuit will distinguish between the 2 instructions by testing the internal address counter (CMP can only be done with the addresses corresponding to the security code or erase key). 4.The internal address counter counts up to 1519 for 101and 1567 for 102. An additional INC sets the counter to 0. 5 Table 5. AT88SC101/102 Micro Instructions Instruction Bit READ RESET n INC;position counter on bit WRITE ( WRITE 0) Word — RESET n INC; position counter on bit WRITE0 INC; go to next bit WRITE0;... ERASE (WRITE 1) — Application Zone — RESET n INC;position counter on first bit in word WRITE 1 n INC;position counter on first bit in next word WRITE 1... Global (When Fuse 2 = 1) — — — RESET n INC; n = 1392 (101) n = 1440 (102) WRITE 0 verify erase keys AT88SC101 Zone 1/88SC102 Zone 2: RESET 32 CMP n INC; n = 1232 (101), n = 1280 (102) VERIFY 1; verify 1 in EC WRITE 0; write 0 in EC WRITE 1; erase application zone RESET n INC; n = 1392 (101) n = 1440 (102) WRITE 1 AT88SC102 Zone 1: RESET 48 CMP n INC; n = 736 WRITE 1; erase application zone — RESET 79 INC; position counter on bit preceding SC 16 CMP; verify security code n INC;If none of the 1st 4 bits of the SCAC is 1, then 4 unsuccessful attempts have been made to verify SC, and the device is inoperable. If any of the 1st 4 bits is a 1, then: WRITE 0 WRITE 1; Reset the SCAC — — — RESET n INC;position counter on bit preceding access code or erase key n CMP;verify access code or erase key ; n = 32 or 48 bits — — CMP • SECURITY CODE CMP • ERASE KEYS 6 AT88SC101/102 AT88SC101/102 Figure 1. Reset Figure 2. Read Timing 7 Figure 3. Compare Timing Figure 4. Program Timing 8 AT88SC101/102 AT88SC101/102 Figure 5. SC and EZ1/EZ2 Validation for AT88SC101/102 A) Compare sequence of the security code or the application zone erase key. B) First bit which is at a logic 1, in the false attempts counter to validate SC, or in the recharge counter to validate EZ. C) Program sequence attempts to write a 0 over the 1 currently at this address. D) The chip outputs the new state of the bit. If a 0 has been successfully programmed, SC or EZ is set on the rising edge of PGM. (Note: If CLK rises when PGM is low, the validation is aborted.) E) This program sequence will erase either the false attempts counter or the application zone. F) Chip outputs state of the current bit. If the erase was successful, the chip will output a 1 if the current bit is in the false attempts counter. The chip will output a 0 if the current bit is in the recharge counter. G) On the falling edge of clock, the address is incremented and the state of the next bit is output. Note: 1. The address does not change from operations B to F. 9 Absolute Maximum Ratings* Operating Temperature................... -55°C to +125°C Storage Temperature...................... -65°C to +150°C Voltage on Any Pin with Respect to Ground ................... -1.0 V to +7.0 V Maximum Operating Voltage ............................ 6.6 V *NOTICE: Stresses beyond those listed under "Absolute Maximum Ratings” may cause permanent damage to the device. This is a stress rating only, and functional operation of the device at these or any other conditions beyond those indicated in the operational sections of this specification is not implied. Exposure to absolute maximum rating conditions for extended periods may affect device reliability. DC Output Current ......................................... 5.0 mA DC Characteristics Die TAMB = –25°C to 70°C, VCC = 5V ± 10%, VSS = 0 V (unless otherwise specified) Symbol Characteristics Typ Max Unit ICC Supply Current on VCC out of Program (tAMB = + 25 C) — — 3.0 mA ICCP Supply Current on VCC during Program (tAMB = + 25 C) — — 4.0 mA VIL Input Low Level 0 — 0.8 V VIH Input High Level 2.0 — VCC V VOL Output Low Level (IOL = 1mA) — — 0.4 V ILeak I/O Leakage Current -50 — 50 µA Notes: 1. There is a pullup on pin RST. 2. There are pulldowns on pins FUS, CLK and PGM. Packaging All Atmel smart card secure ICs are available in wafer or standard packaging. Standard packages include plastic DIPs, SOICs, PLCCs. 10 Min AT88SC101/102 AT88SC101/102 AC Characteristics Die TAMB = –25°C to 70°C, VCC = 5V ± 10%, VSS = 0V (unless otherwise specified). Symbol fCLK tCLK tRH tDVR tCH tCL tDV tOH tSC tHC tCHP tDS tDH tSPR tHPR tDH Characteristics Clock Frequency Clock Cycle Time RST Hold Time Data Valid Reset to Address 0 CLK Pulse Width (High) CLK Pulse Width (Low) Data Access Data Hold Data In Setup (CMP Instruction) Data In Hold (CMP Instruction) CLK Pulse Width (High in Programming) Min — 3.3 20 — 0.2 0.2 — 0 0 0.2 5.0 Typ — — — — — — — — — — — Max 300 — — 2.0 — — 2.0 — — — — Unit KHz µs µs µs µs µs µs µs µs µs ms Data In Setup Data In Hold PGM Setup PGM Hold Data Hold from CLK 0.2 0 2.2 0.2 0 — — — — — — — — — — µs µs µs µs µs Conditions of Dynamic Tests The circuit has an output with open drain. An external resistance is thus necessary between VCC and I/O in order to load the output. Pulse Levels of the Input:VSS to 3.0V Reference Levels in Output:1.5V Rising and Falling Time of Signals:< 5ns VCC CHIP 4.7K I/O TEST POINT 100 pF Test Circuit Included 11