DALLAS DS1963S

DS1963S
SHA iButton
www.iButton.com
SPECIAL FEATURES
§
§
§
§
§
§
§
§
§
§
4096 bits of read/write nonvolatile (NV)
memory organized as 16 pages of 256 bits
each
Eight memory pages with individual 64-bit
secrets and 32-bit read-only non rolling-over
page write cycle counters
Secrets are write-only and have their own
individual write cycle counters
On-chip 512-bit SHA-1 (FIPS 180-1,
ISO/IEC 10118-3) engine to compute a 160bit Message Authentication Codes (MAC)
and generate page secrets
Device can operate as roaming iButton® or
as coprocessor for a host computer
256–bit scratchpad ensures integrity of data
transfer
On-chip 16-bit CRC generator for
safeguarding data transfers
Overdrive mode boosts communication
speed to 125 kbits per second
Operating temperature range from -20°C to
+85°C
Over 10 years of data retention
§
§
§
§
§
Button shape is self-aligning with cupshaped probes
Durable stainless steel case engraved with
registration number withstands harsh
environments
Easily affixed with self-stick adhesive
backing, latched by its flange, or locked with
a ring pressed onto its rim
Presence detector acknowledges when reader
first applies voltage
Meets UL#913 (4th Edit.); Intrinsically Safe
Apparatus, Approved under Entity Concept
for use in Class I, Division 1, Group A, B, C
and D Locations (application pending)
F5 MicroCan
5.89
0.51
â
16.25
51
â
18
000000FBC52B
17.35
â
1-Wire
COMMON iButton FEATURES
§
§
§
§
§
§
§
Unique, factory–lasered and tested 64-bit
registration number (8-bit family code
+ 48-bit serial number + 8-bit CRC tester)
assures absolute traceability because no two
parts are alike
Multidrop controller for MicroLAN
Digital identification and information by
momentary contact
Chip-based data carrier compactly stores
information
Data can be accessed while affixed to object
Economically communicates to host with a
single digital signal at 15.4 kbits per second
Standard 16 mm diameter and 1-Wire®
protocol ensure compatibility with iButton
Device family
IO
GND
All dimensions are shown in millimeters
ORDERING INFORMATION
DS1963S
F5 MicroCan
EXAMPLES OF ACCESSORIES
DS9096P
DS9101
DS9093RA
DS9093A
DS9092
Self-Stick Adhesive Pad
Multipurpose Clip
Mounting Lock Ring
Snap-In Fob
iButton Probe
iButton and 1-Wire are registered trademarks of Dallas Semiconductor.
1 of 37
021704
DS1963S
iButton DESCRIPTION
The DS1963S Monetary iButton with SHA-1 Function is a rugged 4 kbit read/write data carrier that can
be easily accessed with minimal hardware. Its NV memory acts as a localized database for public as well
as protected data belonging to the owner of the device and the environment in which it is used. An
integrated 512-bit SHA-1 engine can be activated to compute 160-bit message authentication codes
(MAC) based on information stored in the device. Data is transferred serially via the 1-Wire protocol,
which requires only a single data lead and a ground return. Using the TMEX file format (see Application
Note 114) a single DS1963S can serve up to four independent applications, such as secure change purses
for electronic payment at local transit systems, pay phones, parking systems or vending machines. The
DS1963S is also intended to function as a coprocessor that assists the host in computing signatures, using
a secure signing secret, when writing back the new balance to a roaming device after a purchase.
The DS1963S, like other SRAM-based iButtons, has an additional memory area called the scratchpad that
acts as a buffer when writing to the main memory. The DS1963’s scratchpad is also used for feeding data
segments to the SHA-1 engine or receiving/comparing message authentication codes.
Data is first written to the scratchpad from where it can be read back. After the data has been verified, a
copy scratchpad command will transfer the data to main memory. This process ensures data integrity in
an environment that does not provide a reliable electric contact.
Each DS1963S has its own 64-bit ROM registration number that is factory lasered into the chip inside to
provide a guaranteed unique identity for absolute traceability. The durable MicroCan package is highly
resistant to environmental hazards such as dirt, moisture, and shock. Its compact coin-shaped profile is
self-aligning with mating receptacles, allowing the DS1963S to be easily used by human operators.
Accessories permit the DS1963S to be mounted on almost any surface including plastic key fobs, photoID badges and printed circuit boards.
SECURITY
A system that uses mobile data carriers consists mainly of three components, 1) host computers that read
and write data carriers, 2) the data carriers (“slave devices”) themselves, and 3) the users of the system
who might be tempted to manipulate the data or to emulate the behavior of the data carrier. The DS1963S
is designed to address all these areas of attacks without using any proprietary restricted algorithms. The
security of the device is based on the Secure Hash Standard SHA-1, which is documented on the Internet
at locations such as http://www.itl.nist.gov/div897/pubs/fip180-1.htm.
The table below shows a matrix of possible non-violent attacks in form of a truth table. The notes
referenced in the table explain the typical methods to defeat the attacks. A more detailed description is
found in the section “Application Overview” near the end of this document. For the full description of the
functions used see section “Memory and SHA Function Commands” and the SHA-1 Computation and
message formats.
Authorized
Host
Unauthorized
Host
Authentic data
See note 2
Normal operation
See note 1
Don’t care
Manipulated data
See notes 2 and 3
See note 3
Don’t care
Don’t care
2 of 37
Emulated slave
Authentic
Slave
Emulated slave
DS1963S
Note 1: The device provides functions to authenticate the host based on a system-wide secret, the
device’s ROM Registration number and a user-selected pin number that is installed in one of the
memory pages of a roaming data carrier.
Note 2: To find out whether a slave device is authentic the host writes a 3-byte “challenge” to the
scratchpad before issuing a command to compute the SHA-1 MAC over the challenge, the data
of a memory page, the page number, the page’s write-cycle counter, the device’s ROM
Registration number, and the secret associated with that page. By varying the challenge every
time it reads from a slave, the host can verify that the slave contains the correct secret and can
perform the required SHA computation in the required time.
Note 3: Manipulated data can be discovered if the data in the slave device is “signed” by an authorized
host. Signing consists of calculating a 160-bit SHA-1 MAC over the data to be protected, the
write-cycle counter of the page on which it is to be stored, the ROM ID of the slave device in
which it is to be stored, and any dedicated secret known only to authorized hosts. The MAC is
stored together with the application data (a monetary value together with a transaction ID code,
for example) in an appropriate memory page. To verify the authenticity of the data the host
repeats the process of signing. Any change in the data, the cycle counter, data carrier or an
invalid (not belonging to the system) signing-secret will make the verification of the signature
fail.
OVERVIEW
The block diagram in Figure 1 shows the relationships between the major control and memory sections of
the DS1963S. The DS1963S has six main data components: 1) 64-bit lasered ROM, 2) 256-bit scratchpad, 3) eight 32-byte pages of general-purpose SRAM, 4) eight 32-byte pages of SRAM protected by
write-cycle counters, 5) two 32-byte pages storing eight 64-bit secrets with individual write-cycle
counters, and 6) a 512-bit SHA-1 Engine (SHA = Secure Hash Algorithm). The hierarchical structure of
the 1-Wire protocol is shown in Figure 2. All write-cycle counters are 32 bits long and will not roll over
once the maximum count has been reached. The contents of the counters is read together with the
memory data using a special command. The bus master must first provide one of the seven ROM
Function Commands, 1) Read ROM, 2) Match ROM, 3) Search ROM, 4) Skip ROM, 5) Resume
Communication, 6) Overdrive-Skip ROM or 7) Overdrive-Match ROM. Upon completion of an
Overdrive ROM command byte executed at standard speed, the device will enter Overdrive mode where
all subsequent communication occurs at a higher speed. The protocol required for these ROM function
commands is described in Figure 10. After a ROM function command is successfully executed, the
memory functions become accessible and the master may provide any one of the eight memory function
commands. The protocol for these memory function commands is described in Figure 7. All data is read
and written least significant bit first.
PARASITE POWER
The block diagram (Figure 1) shows the parasite-powered circuitry. This circuitry “steals” energy
whenever the data contact is in the logic-high state. This stolen energy will provide sufficient power
while the data contact is in a logic-low state as long as the specified timing and voltage requirements are
met. The advantages of parasite power are two-fold: 1) by stealing energy off this input, the DS1963Sinternal lithium reserves are conserved and 2) if the lithium is exhausted for any reason, the ROM may
still be read normally. The remaining circuitry of the DS1963S is solely operated by lithium energy.
3 of 37
DS1963S
64-BIT LASERED ROM
Each DS1963S contains a unique ROM code that is 64 bits long. The first 8 bits are a 1-Wire family
code. The next 48 bits are a unique serial number. The last 8 bits are a CRC of the first 56 bits.
(See Figure 3). The 1-Wire CRC is generated using a polynomial generator consisting of a shift register
8
5
4
and XOR gates as shown in Figure 4. The polynomial is X + X + X + 1. Additional information about
the Dallas 1-Wire Cyclic Redundancy Check is available in the Book of DS19xx iButton Standards. The
shift register bits are initialized to zero. Then starting with the least significant bit of the family code, one
bit at a time is shifted in. After the 8th bit of the family code has been entered, then the serial number is
entered. After the 48th bit of the serial number has been entered, the shift register contains the CRC
value. Shifting in the 8 bits of CRC should return the shift register to all zeros.
DS1963S BLOCK DIAGRAM Figure 1
DATA
1-Wire
Function Control
Parasite-Powered
Circuitry
64-bit
Lasered ROM
Lid
Contact
Flag and Mode
Register
Memory and
SHA Function
Control Unit
512-bit
Secure Hash
Algorithm
Engine (SHA-1)
CRC16
Generator
256-bit
Scratchpad
PRNG
Counter
R
Data Memory
8 Pages of
256 bits each
Data Memory
8 Pages of
256 bits each
S
8 Write-Cycle
Counters
one for each
Memory Page
8 Write-Cycle
Counters
one for each
Secret
4 of 37
Secrets Memory
2 Pages of
256 bits
storing 8 Secrets
of 64 bits each
DS1963S
HIERARCHCAL STRUCTURE FOR 1-WIRE PROTOCOL Figure 2
1-Wire Bus
Bus
Master
Other
Devices
DS1963S
Command
Level
1-Wire ROM Function
Commands (see Figure 10)
DS1963S specific
Memory Function
Commands (see Figure 7)
Available
Commands
Data Fields
Affected
Read ROM
Match ROM
Search ROM
Skip ROM
Resume
Overdrive Skip
Overdrive Match
64-bit ROM, RC-Flag
64-bit ROM, RC-Flag
64-bit ROM, RC-Flag
RC-Flag
RC-Flag
64-bit ROM, RC-Flag, OD-Flag
64-bit ROM, RC-Flag, OD-Flag
Write Scratchpad
Read Scratchpad
Copy Scratchpad
256-bit Scratchpad, Flags
256-bit Scratchpad, HIDE Flag
Data Memory, Secrets Memory,
W/C Counter, Flags
160 bits of Scratchpad, Flags
256-bit Scratchpad, Flags
Data Memory, Flags
Data Memory, W/C Counters of
Memory Page and Secret, Secret, 64bit ROM Registration Number, 160 bits
of Scratchpad, Flags, PRNG Counter
Several of the following Items,
depending on selected Sub-Function:
Data Memory, W/C Counter of
Memory Page, Secret, 64-bit ROM
Registration Number, Scratchpad,
Flags, PRNG Counter
Match Scratchpad
Erase Scratchpad
Read Memory
Read Authenticated Page
Compute SHA
64-BIT LASERED ROM Figure 3
MSB
LSB
8-Bit CRC Code
MSB
48-Bit Serial Number
LSB
MSB
8-Bit Family Code (18h)
LSB
5 of 37
MSB
LSB
DS1963S
1-WIRE CRC GENERATOR Figure 4
Polynomial = X8 + X5 + X4 + 1
R
1ST
STAGE
X0
2ND
STAGE
X1
X2
3RD
STAGE
4TH
STAGE
X3
5TH
STAGE
X4
S
6TH
STAGE
X5
X6
7TH
STAGE
8TH
STAGE
X7
X8
INPUT DATA
MEMORY MAP
As shown in the block diagram, the DS1963S has four memory areas: data memory, secrets memory,
counter memory, and scratchpad. Each of these memory areas is organized in pages of 32 bytes. Figure 5
shows details. The scratchpad acts as a buffer when writing to data or secrets memory. Pages 0 to 15 have
unrestricted read/write access. They account for the 4096 bits of NV SRAM. Pages 16 and 17 contain the
eight 64-bit secrets to which the user only has write access. The secrets are readable only by the SHA
engine, which uses them to compute message authentication codes. Sixteen 32-bit write-cycle counters
count write-accesses to pages 8 to 15 as well as to the eight secrets. These counters are located in pages
19 and 20 and can be read without restriction. Page 21 contains a counter, which increments with every
start of the SHA engine. This counter provides the seed for generating pseudo-random numbers and
therefore is referred to as PRNG counter. Since the SHA engine requires about 20 times as much energy
as copying the entire scratchpad to a memory location the PRNG counter can be used as indicator for the
remaining energy reserves of the device. Page 18 is the physical location of the 32-byte scratchpad.
ADDRESS REGISTERS AND TRANSFER STATUS
The DS1963S employs three address registers: TA1, TA2 and E/S (Figure 6). Registers TA1 and TA2
must be loaded with the target address to which data will be written or from which data will read.
Register E/S is a read-only byte counter and transfer-status register, used to verify data integrity with
write commands. The lower 5 bits of the E/S register indicate the address of the last byte that has been
written to the scratchpad for subsequent copying into main memory. This address is called Ending Offset.
Bit 5 of the E/S register, called PF or “partial byte flag,” is a logic-1 if the number of data bits sent by the
master is not an integer multiple of 8. Bit 6 has no function; it always reads 0. Note that the lowest 5 bits
of the target address also determine the address within the scratchpad where intermediate storage of data
will begin. This address is called byte offset. If the target address (TA1) for a Write command is 3CH for
example, then the scratchpad will store incoming data beginning at byte offset 1CH and will be full after
only 4 bytes, resulting in an ending offset of 1FH. The ending offset together with the Partial Flag support
the master checking the data integrity after a Write command. The highest valued bit of the E/S register,
called AA or Authorization Accepted, acts as a flag to indicate that the data stored in the scratchpad has
already been copied to the target memory address. Writing data to the scratchpad clears this flag.
6 of 37
DS1963S
DS1963S MEMORY MAP Figure 5
4k-Bit
NV RAM
Data Memory with General Read/Write Access
Secret #
Counter #
Counter Incr.
Page #
Address Range
0
0000h to 001Fh
0
0
None
1
0020h to 003Fh
1
1
None
2
0040h to 005Fh
2
2
None
3
0060h to 007Fh
3
3
None
4
0080h to 009Fh
4
4
None
5
00A0h to 00BFh
5
5
None
6
00C0h to 00DFh
6
6
None
7
00E0h to 00FFh
7
7
None
8
0100h to 011Fh
0
0
With write cycle
9
0120h to 013Fh
1
1
With write cycle
10
0140h to 015Fh
2
2
With write cycle
11
0160h to 017Fh
3
3
With write cycle
12
0180h to 019Fh
4
4
With write cycle
13
01A0h to 01BFh
5
5
With write cycle
14
01C0h to 01DFh
6
6
With write cycle
15
01E0h to 01FFh
7
7
With write cycle
Secrets Memory with User Write Access Only
Description
Page #
Address Range
16
0200h to 0207h
Secret 0
0208h to 020Fh
Secret 1
0210h to 0217h
Secret 2
0218h to 021Fh
Secret 3
0220h to 0227h
Secret 4
0228h to 022Fh
Secret 5
0230h to 0237h
Secret 6
0238h to 023Fh
Secret 7
17
7 of 37
DS1963S
DS1963S MEMORY MAP (continued) Figure 5
Counter Memory with User Read Access Only
Description
Page #
Address Range
19
0260h to 0263h
Counter 0 (Write Cycles to Page 8)
0264h to 0267h
Counter 1 (Write Cycles to Page 9)
0268h to 026Bh
Counter 2 (Write Cycles to Page 10)
026Ch to 026Fh
Counter 3 (Write Cycles to Page 11)
0270h to 0273h
Counter 4 (Write Cycles to Page 12)
0274h to 0277h
Counter 5 (Write Cycles to Page 13)
0278h to 027Bh
Counter 6 (Write Cycles to Page 14)
027Ch to 027Fh
Counter 7 (Write Cycles to Page 15)
0280h to 0283h
Write Cycle Counter Secret 0
0284h to 0287h
Write Cycle Counter Secret 1
0288h to 028Bh
Write Cycle Counter Secret 2
028Ch to 028Fh
Write Cycle Counter Secret 3
0290h to 0293h
Write Cycle Counter Secret 4
0294h to 0297h
Write Cycle Counter Secret 5
0298h to 029Bh
Write Cycle Counter Secret 6
029Ch to 029Fh
Write Cycle Counter Secret 7
02A0h to 02A3h
PRNG Counter
20
21
ADDRESS REGISTERS Figure 6
Target Address (TA1)
T7
T6
T5
T4
T3
T2
T1
T0
Target Address (TA2)
T15
T14
T13
T12
T11
T10
T9
T8
Ending Address with
Data Status (E/S)
(Read Only)
AA
0
PF
E4
E3
E2
E1
E0
WRITING WITH VERIFICATION
To write data to the DS1963S, the scratchpad has to be used as intermediate storage. First the master
issues the Write Scratchpad command to specify the desired target address, followed by the data to be
written to the scratchpad. Under certain conditions (see Write Scratchpad command) the master will
receive an inverted CRC16 of the command, address and data at the end of the write scratchpad command
sequence. Knowing this CRC value, the master can compare it to the value it has calculated itself to
decide if the communication was successful and proceed to the Copy Scratchpad command. If the master
could not receive the CRC16, it should send the Read Scratchpad command to verify data integrity. As
preamble to the scratchpad data, the DS1963S repeats the target address TA1 and TA2 and sends the
contents of the E/S register. If the PF flag is set, data did not arrive correctly in the scratchpad. The
master does not need to continue reading; it can start a new trial to write data to the scratchpad. Similarly,
a set AA flag indicates that the device did not recognize the Write command. If everything went
8 of 37
DS1963S
correctly, both flags are cleared and the ending offset indicates the address of the last byte written to the
scratchpad. Now the master can continue reading and verifying every data byte. After the master has
verified the data, it can send the Copy Scratchpad command. This command must be followed exactly by
the data of the three address registers TA1, TA2 and E/S. The master may obtain the contents of these
registers by reading the scratchpad or derive it from the target address and the amount of data to be
written. As soon as the DS1963S has received these bytes correctly, it will copy the data to the requested
location beginning at the target address.
MEMORY AND SHA FUNCTION COMMANDS
Due to its design as a secure device the DS1963S has to behave differently from other Memory iButtons.
Although the data memory of the DS1963S can be read the same way as any other NV SRAM based
Memory iButton, attempts to read pages 16 and 17, which store the secrets, and page 18, the physical
location of the scratchpad, will result in FFh-bytes rather than real data. The other functions that the
DS1963S shares with regular Memory iButtons are governed by a flag called HIDE. Once this HIDE flag
is cleared these functions behave the same as with other NV SRAM based devices. The HIDE flag is
mainly controlled (set or cleared) by the functions that involve the SHA engine. In order to prevent
scratchpad data from accidentally being exposed, the HIDE flag is automatically set as the parasitepowered circuit performs a power-on reset whenever the DS1963S returns to a probe point. The HIDE
flag is then cleared by issuing an Erase Scratchpad command, which also erases all the data left in the
scratchpad.
The “Memory and SHA Function Flow Chart” (Figure 7) describes the protocols necessary for accessing
the memory and operating the SHA engine. The communication between master and DS1963S takes
place either at regular speed (default, OD = 0) or at Overdrive Speed (OD = 1). If not explicitly set into
the Overdrive Mode the DS1963S assumes regular speed.
Write Scratchpad Command [0Fh]
HIDE = 0, Target Address range 0000h to 01FFh only
After issuing the write scratchpad command, the master must first provide the 2–byte target address,
followed by the data to be written to the scratchpad. The data will be written to the scratchpad starting at
the byte offset (T4:T0). The ending offset (E4: E0) will be the byte offset at which the master stops
writing data. Only full data bytes are accepted. If the last data byte is incomplete its content will be
ignored and the partial byte flag PF will be set.
When executing the Write Scratchpad command the CRC generator inside the DS1963S (see Figure 12)
calculates a CRC of the entire data stream, starting at the command code and ending at the last data byte
sent by the master. This CRC is generated using the CRC16 polynomial by first clearing the CRC
generator and then shifting in the command code (0FH) of the Write Scratchpad command, the Target
Addresses TA1 and TA2 as supplied by the master and all the data bytes. The master may end the Write
Scratchpad command at any time. However, if the ending offset is 11111b, the master may send 16 read
time slots and will receive the CRC generated by the DS1963S.
HIDE = 1: Target Address range 0200h to 023Fh only
The function of the command is limited to selecting the secret that will be overwritten by the data
currently stored in the scratchpad, which is typically the result of a previously executed Compute First
Secret or Compute Next Secret command. The addresses of the eight secrets are shown in Figure 5. The
address transmitted after the command code may point to anywhere within the address range of the secret.
Following the target address the master may transmit data bytes as if writing to the scratchpad. Once as
many data bytes have been transmitted as would fit into the scratchpad beginning at the specified target
9 of 37
DS1963S
address, the master may send 16 read time slots and will receive the CRC generated by the DS1963S. The
data bytes are used in the CRC calculation but are not actually written to the scratchpad.
Read Scratchpad Command [AAh]
HIDE = 0:
The Read Scratchpad command allows verifying the target address, ending offset and the integrity of the
scratchpad data. After issuing the command code the master begins reading. The first 2 bytes will be the
target address. The next byte will be the ending offset/data status byte (E/S) followed by the scratchpad
data beginning at the byte offset (T4: T0). The master may read data until the end of the scratchpad after
which it will receive the inverted CRC generated by the DS1963S. If the master continues reading after
the CRC all data will be logic 1’s.
HIDE = 1:
The function of the command is limited to reading the target address and ending offset. Instead of
scratchpad data the master will read logic 1’s until, based on the target address read, the end of the
scratchpad is reached, at which point the master will receive the CRC generated by the DS1963S. If the
master continues reading all data will be logic 1’s.
Copy Scratchpad [55h]
HIDE = 0, Target Address range 0000h to 01FFh only
The Copy Scratchpad command is used to copy data from the scratchpad to a memory page. After issuing
the command, the master must provide a 3-byte authorization pattern, which should have been obtained
by an immediately preceding Read Scratchpad command. This 3-byte pattern must exactly match the data
contained in the three address registers (TA1, TA2, E/S, in that order). If the pattern matches, the AA
(Authorization Accepted) flag will be set and the copy will begin. While the data is being copied the
master will read logic 1’s. A pattern of alternating 1’s and 0’s will be transmitted after the data has been
copied until the master issues a reset pulse. Any attempt to reset the part will be ignored while the copy is
in progress. The copy operation typically takes 30 µs. The master must read at least 8 bits of this
alternating pattern. Otherwise the device might not properly respond to a subsequent Reset Pulse.
The data to be copied is determined by the three address registers. The scratchpad data from the
beginning offset through the ending offset will be copied to memory, starting at the target address.
Anywhere from 1 to 32 bytes may be copied to memory with this command. Only executing a write
scratchpad command will clear the AA flag.
HIDE = 1: Target Address range 0200h to 023Fh only
The function follows the regular flow as described above if the target address and ending offset match the
address of a secret. If the target address points to a location within the main memory address range but
the HIDE-flag is set (due to a power-on reset of the parasite-powered circuit, for example) no scratchpad
data will be copied. Conversely, one can copy known data (“password”) to a secret by writing data to the
scratchpad, setting the HIDE flag, issuing a Write Scratchpad command to select a secret and then issuing
a Copy Scratchpad command. This procedure, however, is not recommended since it compromises the
achievable level of security.
Read Memory [F0h]
The read memory command may be used to read memory pages 0 to 15, the write cycle counters located
in pages 19 and 20 and the PRNG counter at the beginning of page 21. Trying to read the secrets that are
located in pages 16 and 17 will not reveal any data. Attempts to read page 18 will return the scratchpad
data if HIDE flag is cleared (HIDE=0) and FFh values if the flag is set (HIDE=1). After issuing the
10 of 37
DS1963S
command, the master must provide the 2-byte target address. After these 2 bytes, the master reads data
beginning from the target address and may continue until the end of the PRNG counter and beyond. The
12 bytes following the PRNG counter are undefined. If the master continues reading the result will be
logic 1’s. It is important to realize that the target address registers will point to the last byte read. The
ending offset/data status byte is unaffected.
The hardware of the DS1963S provides a means to accomplish error-free writing to the memory section.
To safeguard reading data in the 1-Wire environment and to simultaneously speed up data transfers, it is
recommended to packetize data into data packets of the size of one memory page each. Such a packet
would typically store a master-calculated 16-bit CRC with each page of data to insure rapid, error-free
data transfers that eliminate having to read a page multiple times to determine if the received data is
correct or not. (See Application Note 114 for the recommended file structure, which is also referred to as
TMEX Format.)
Erase Scratchpad [C3h]
The purpose of this command is to clear the HIDE flag and to wipe out data that might have been left in
the scratchpad from a previous operation. After having issued the command code the bus master transmits
a target address, as with the write scratchpad command, but no data. Next the whole scratchpad will be
automatically filled with FFh bytes, regardless of the target address. This process takes approximately 32
µs during which the master reads 1’s. After this the master reads a pattern of alternating 0’s and 1’s
indicating that the command has completed. The master must read at least 8 bits of this alternating
pattern. Otherwise the device might not properly respond to a subsequent Reset Pulse.
Match Scratchpad [3Ch]
SHA-1 MACs calculated by the DS1963S are written into the scratchpad. Some calculations such as
those done by the Authenticate Host or Validate Data Page function cause the HIDE flag to be set as well.
The Match Scratchpad command allows this data to be checked without making it publicly readable. The
command compares the 160-bit Message Authentication Code which is found in scratchpad locations
8 through 27 after a SHA computation, as described in the sections “SHA-1 Computation Algorithm” and
“SHA-1 Output Message Formats”, to the result that the master has computed by its own means. After the
master has issued the Match Scratchpad command code it transmits 1 byte after another starting with byte
8 and ending with byte 27. If all bytes match, the master will read a pattern of alternating 0’s and 1’s. If in
addition the AUTH-flag was set, the MATCH-flag will be set. If the comparison was not successful the
master will read all 1’s. The master must read at least 8 bits after having received the inverted CRC16.
Otherwise the device might not properly respond to a subsequent Reset Pulse.
11 of 37
DS1963S
Memory and SHA Function Flow Chart Figure 7
Bus Master TX Memory or
SHA Function Command
F0h
Read Memory
?
From ROM Functions
Flow Chart (Figure 10)
3Ch
Match Scratchpad
?
Y
N
Y
N
CHLG = 0 ; AUTH = 0
CHLG = 0 ; MATCH = 0
Bus Master TX
TA1(T7:T0), TA2 (T15:T8)
DS1963S sets Scratchpad Offset = 8 decimal
Address
< 2B0h ?
Y
N
Bus Master TX
data byte
S
DS1963S
R
increments
SP. Offset
DS1963S sets Memory
Address = (T15:T0)
Master
TX Reset ?
DS1963S
increments
Address
Counter
Y
N
Y
Pages
16 to 17 ?
N
Bus Master RX
Data Byte from
Memory Address
To Figure 7
2nd Part
SP Offset = 27
N
Y
Bus Master RX
FFh byte
N
AUTH=1?
Y
Y
Y
Master
TX Reset ?
AUTH=0; MATCH=1
N
DS1963S TX CRC16 of
Command and Data
Address
< 2AFh ?
N
Data Bytes
Match ?
N
Bus Master
RX "1"s
Y
DS1963S TX "0"
Bus Master
RX "1"s
Master
TX Reset ?
N
DS1963S TX "1"
Master
TX Reset ?
Y
N
Y
From Figure 7
2nd Part
To ROM Functions
Flow Chart (Figure 10)
Vertical
Spare
12 of 37
DS1963S
Memory and SHA Function Flow Chart (continued) Figure 7
From Figure 7
1st part
To Figure 7
3rd part
0Fh
N
Write Scratchpad
?
Y
CHLG = 0 ; AUTH = 0
Bus Master TX
TA1(T7:T0), TA2 (T15:T8)
N
Address
< 200h ?
Y
Y
HIDE = 1 ?
N
Y
DS1963S sets Scratchpad
Offset = (T4:T0), clears (PF, AA)
DS1963S sets Scratchpad
Offset = (T4:T0), clears (PF, AA)
T2:T0 := 0,0,0
E4:E0 := T4, T3, 1,1,1
Bus Master TX Data Byte
to Scratchpad Offset
Master
TX Reset ?
DS1963S
increments
SP. Offset
N
N
Offset
= 11111b ?
Y
DS1963S TX CRC16 of
Command, Address, Data
R
Bus Master TX
Dummy byte
Y
Partial
Byte ?
Y
PF = 1
N
Bus Master
RX "1"s
Master
TX Reset ?
DS1963S
increments
SP. Offset
Y
N
N
Y
PF = 1
DS1963S TX CRC16 of
Command, Address, Data
Y
Master
TX Reset ?
Partial
Byte ?
Offset
= 11111b ?
Bus Master
RX "1"s
Master
TX Reset ?
Y
N
N
S
N
Secret
Address ?
N
Bus Master
RX "1"s
N
Master
TX Reset ?
Y
Y
From Figure 7
3rd part
To Figure 7
1st part
Vertical
Spare
13 of 37
DS1963S
Memory and SHA Function Flow Chart (continued) Figure 7
From Figure 7
2nd part
To Figure 7
4th part
AAh
N
Read Scratchpad
?
Y
C3h
Erase ScratchN
Pad
?
Y
Bus Master RX
TA1 (T7:T0),TA2 (T15:T8)
and E/S Byte
CHLG = 0
AUTH = 0
S
Bus Master TX
TA1(T7:T0), TA2(T15:T8)
DS1963S sets Scratchpad Offset = (T4:T0)
R
N
HIDE = 1 ?
Y
Bus Master RX
FFh Byte
Bus Master RX
Data Byte from
Scratchpad Offset
Bus Master
RX "1"s
Master
TX Reset ?
DS1963S
increments
SP. Offset
Y
DS1963S fills the
whole scratchpad
with FFh bytes
N
N
N
Offset
= 11111b ?
HIDE = 0
Y
Y
DS1963S TX "0"
Bus Master RX CRC16
of Command, Address, E/S
Byte and data (HIDE = 0)
or FFh (HIDE = 1) starting
at the Scratchpad Offset
Bus Master
RX "1"s
N
Erase
Finished ?
Y
Master
TX Reset ?
N
Master
TX Reset ?
DS1963S TX "1"
N
Y
Master
TX Reset ?
Y
From Figure 7
4th part
To Figure 7
2nd part
Vertical
Spare
14 of 37
DS1963S
Memory and SHA Function Flow Chart (continued) Figure 7
From Figure 7
3rd part
To Figure 7
5th part
55h
N
Copy Scratchpad
?
Y
CHLG = 0 ; AUTH = 0
Bus Master TX
TA1(T7:T0), TA2 (T15:T8)
and E/S Byte
R
S
N
HIDE = 1 ?
Address
< 200h ?
Y
N
N
Secret
Address ?
Y
Y
Auth. Code
Match ?
Y
N
AA = 1
DS1963S copies Scratchpad data to Memory
Bus Master
RX "1"s
N
Copy
Finished ?
Bus Master
RX "1"s
Master
TX Reset ?
N
Y
Y
DS1963S TX "0"
Y
Master
TX Reset ?
N
DS1963S TX "1"
N
Master
TX Reset ?
Y
From Figure 7
5th part
To Figure 7
3rd part
Vertical
Spare
15 of 37
DS1963S
Memory and SHA Function Flow Chart (continued) Figure 7
From Figure 7
4th part
A5h
Read Auth.
Page
?
Y
To Figure 7
6th part
N
CHLG = 0
AUTH = 0
Bus Master TX
TA1(T7:T0), TA2(T15:T8)
Y
Master
TX Reset ?
N
N
Bus Master
RX "1"s
Address
< 200h ?
Y
S
X = 0 ; M = MATCH Ù
(TA1[7:6] º SEC#[2:1])
T4:T0 = 00000b
Bus Master RX data byte
from memory address
SHA Engine computes
Message Authentication Code
of secret of selected page,
data of the selected page,
page W/C Counter, page #,
Serial Number of device and
3 bytes scratchpad data
Master
TX Reset ?
DS1963S
increments
address
N
End
Of Page ?
N
Y
N
R
DS1963S sets memory
address = (T15:T0)
Y
Y
Master TX
Reset?
Bus Master
RX "1"s
N
Bus Master RX W/C
Counter of selected page
SHA
Finished ?
Y
DS1963S TX "0"
Y
Master
TX Reset ?
Bus Master RX Secret
Counter of selected page
N
Bus Master RX CRC16
of Command, Address,
data and counter values
DS1963S TX "1"
N
Master
TX Reset ?
Y
To Figure 7
4th part
From Figure 7
6th part
Vertical
Spare
16 of 37
DS1963S
Memory and SHA Function Flow Chart (continued) Figure 7
From Figure 7
5th part
33h
Compute
SHA
?
Y
N
S
Bus Master TX
TA1(T7:T0), TA2(T15:T8)
Master
TX Reset ?
Bus Master TX
SHA Control Byte
Bus Master RX CRC16
of Command, Address
and Control Byte
Master
TX Reset ?
Y
N
To Figure 8
Compute SHA
Functions
SUCCESS
From Figure 8
Bus Master
RX "1"s
N
FAIL
From Figure 8
SHA
Finished ?
Bus Master
RX "1"s
Y
DS1963S TX "0"
Y
Master
TX Reset ?
Master
TX Reset ?
N
N
DS1963S TX "1"
N
R
Y
Master
TX Reset ?
Y
To Figure 7
5th part
Vertical
Spare
17 of 37
DS1963S
Read Authenticated Page [A5h]
This command, which is applicable to pages 0 to 15 only, combines reading a full or partial memory page
with the computation of a SHA-1 message authentication code. After the master has issued the command
code and specified a valid target address it will receive the page data beginning at the target address
through the end of the data page, the value of the write-cycle counter of the page, the value of the write
cycle of the secret associated with the page and the inverted CRC of the command code, target address,
page data and counter values. Immediately after the CRC is received the SHA engine begins the
computation of the message authentication code over the secret associated with the selected page, all 32
data bytes of the selected page, the page write cycle counter, page number, the device’s ROM registration
number and the 3-byte “challenge” that is taken from the scratchpad locations 20 through 22. The result
of the SHA computation is then placed in the scratchpad from location 8 through 27 for the master to
read. While the SHA computation takes place the master will read all 1’s. As the computation is finished
the pattern will change to alternating 0’s and 1’s. The master must read at least 8 bits of this alternating
pattern. Otherwise the device might not properly respond to a subsequent Reset Pulse. Typically the
master will next take all the page data, etc., compute the message authentication code on its own (see the
Compute SHA command, “Validate Data Page” function), and compare it to the data in the scratchpad to
determine whether the DS1963S knows the correct secret associated with the data page.
Compute SHA [33h]
The Compute SHA command provides the environment for six functions that employ the SHA engine to
generate message authentication codes in different ways. The seventh way to run the SHA engine is
through the Read Authenticated Page command, which has been described above to some extent. The full
details of all SHA computations are found in this section. Table 1 gives an overview of these functions.
SHA Functions Overview Table 1
Command or Function Name
Read Authenticated Page
Validate Data Page Function
Sign Data Page Function
Compute Challenge Function
Authenticate Host Function
Compute first Secret Function
Compute next Secret Function
Roaming Button
yes
N/A
N/A
yes
yes
yes
yes
Coprocessor Button
N/A
yes
yes
N/A
N/A
yes
yes
Applicability
Pages 0 to 15
Pages 0 to 15
Pages 0 and 8 only
Not with pages 0 and 8
Not with pages 0 and 8
Pages 0 to 15
Pages 0 to 15
A DS1963S device can be used in a system in two ways: a) as mobile data carrier that is associated to a
person that carries it, and b) as a coprocessor and data safe for a host computer or “bus master”. Either
application requires a secret to be installed in the DS1963S device. The functions needed to install secrets
in one or more steps are called Compute First Secret and Compute Next Secret. A DS1963S that works as
a coprocessor has to accomplish two functions: a) verify whether a roaming device belongs to the system
(i. e., whether it knows the secret), and b) generate or check a signature that protects data from manipulation. These functions are accomplished by the functions Validate Data Page and Sign Data Page.
The main SHA function of a roaming device is Read Authenticated Page, which provides the coprocessor
device data and message authentication code needed for the Validate Data Page function. The two remaining SHA functions that a roaming device may have to execute are Compute Challenge and Authenticate Host. These functions are not used in applications such as vending machines. However, they are essential for user- and host authentication, which will set the MATCH flag of the roaming device. Since the
MATCH flag is part of the SHA computation of Read Authenticated Page, Validate Data Page, and Sign
Data Page, the resulting message authentication code depends on and therefore reveals whether the host
18 of 37
DS1963S
authentication was successful. User- and host authentication, if implemented, prevents the use of a
DS1963S as a coprocessor device since it requires several steps to get the MATCH flag set.
After transmitting the command code the bus master selects a memory page and its secret by transmitting
a target address anywhere within the page. Next the master transmits the SHA Control byte, which is a
code for one of the six SHA functions that can be performed. Next the master receives a CRC over the
command code, address, and control byte. As the CRC is received and the control byte and address were
valid the SHA engine will start immediately and compute a message authentication code as described in
Figure 8. While the SHA computation takes place the master will read all 1’s. As the computation is
finished the pattern will change to alternating 0’s and 1’s. The master must read at least 8 bits of this
alternating pattern. Otherwise the device might not properly respond to a subsequent Reset Pulse. In case
of an invalid control byte or address the master will continue reading all 1’s until it issues a Reset Pulse.
The exact location of the various data segments as they enter the input buffer of the SHA engine is shown
in Table 2.
Compute SHA Functions Figure 8
From Compute SHA
Command (Figure 7)
0Fh
N
Compute 1st
Secret
?
Y
N
F0h
Compute next
Secret
?
Y
3Ch
N
Validate Data
Page
Continued
?
Y
below
E4:E0 = 11111b
E4:E0 = 11111b
M = MATCH Ù
(TA1[7:6] º SEC#[2:1])
M=0;X=0
HIDE = 1 ; CHLG = 0
AUTH = 0 ; MATCH = 0
M=0;X=0
HIDE = 1 ; CHLG = 0
AUTH = 0 ; MATCH = 0
X = 0 ; HIDE = 1
CHLG = 0 ; AUTH = 0
T4:T0 = 00000b
SHA Engine computes
Message Authentication Code
of a NULL secret,
data of the selected page and
15 bytes of scratchpad data
SHA Engine computes
Message Authentication Code
of secret of the selected page,
data of the selected page and
15 bytes of scratchpad data
SHA Engine computes
Message Authentication Code
of secret of the selected page,
data of the selected page and
15 bytes of scratchpad data
SUCCESS
SUCCESS
SUCCESS
To Compute SHA Command (Figure 7)
Read Authenticated Page and Compute Challenge allow the master to input a 3-byte “challenge” in the
computation via scratchpad locations 20 through 22. All other data is taken from the selected memory
page, associated secret, cycle counter, ROM Registration number and flags. With Compute First Secret
and Compute Next Secret the scratchpad locations 8 through 22 need to be filled with a partial secret
before the SHA computation takes place. A coprocessor device performing a Validate Data Page or Sign
Data Page command must have in scratchpad bytes 8 through 11 the (incremented) value of the cycle
counter of the selected memory page of the roaming device, and it must have in bytes 13 through 19 the
ROM Registration Number (without CRC), and in byte 12 the page number. A roaming device
19 of 37
DS1963S
performing an Authenticate Host command should have first performed the Compute Challenge function
in order to fill the scratchpad with pseudo-random data.
Compute SHA Functions (continued) Figure 8
From previous page
C3h
Sign Data
Page
?
Y
Page =
0 or 8 ?
CCh
Compute
Challenge
?
Y
N
N
Y
Y
N
Page =
0 or 8 ?
N
SEC# = TA1[7:5]
M = MATCH Ù
(TA1[7:6] º SEC#[2:1])
M = 0 ; X = 1; CHLG = 1
AUTH = 0 ; MATCH = 0
T4:T0 = 00000b
X = 0 ; CHLG = 0
AUTH = 0
T4:T0 = 00000b
SHA Engine computes
Message Authentication Code
of secret of selected page,
data of the selected page,
PRNG Counter,
Serial Number of device and
3 bytes of scratchpad data
SHA Engine computes
Message Authentication Code
of secret of the selected page,
data of the selected page and
15 bytes of scratchpad data
AAh
N
Authenticate
Host
?
Y
Page =
0 or 8 ?
Y
N
M=0;X=1
HIDE = 1 ; MATCH = 0
T4:T0 = 00000b
SHA Engine computes
Message Authentication Code
of secret of the selected page,
data of the selected page and
15 bytes of scratchpad data
CHLG = 1 ?
N
Y
AUTH = (TA1[7:5] º SEC#)
CHLG = 0
SUCCESS
FAIL
SUCCESS
SUCCESS
FAIL
To Compute SHA Command (Figure 7)
The Compute Challenge function stores the upper 3 bits of TA1 in a latch called SEC#, which is next
used with the Authenticate Host function. Only if Authenticate Host and Compute Challenge call upon
the same memory page (same secret) will the AUTH-flag be set. This prevents the AUTH-flag from
being set with the secret of another page that may belong to a different application or service provider.
The two most significant bits of SEC# are also used with Validate Data Page, Sign Data Page and Read
Authenticated Page when determining the M control bit. This makes a difference only for those
applications that use host/user authentication. The M control bit is only set if the MATCH-flag is set and
the target memory page is adjacent to the page that was used for authentication. This allocates one pair of
secrets (0 and 1, 2 and 3, 4 and 5, 6 and 7) and the pages associated with these secrets to one service
provider.
20 of 37
DS1963S
SHA-1 Input Message Formats Table 2
Read Authenticated Page command, Compute Challenge function
M0[31:24] = (SS+0)
M0[23:16] = (SS+1)
M0[15:8] = (SS+2)
M1[31:24] = (PP+0)
M1[23:16] = (PP+1)
M1[15:8] = (PP+2)
M2[31:24] = (PP+4)
M2[23:16] = (PP+5)
M2[15:8] = (PP+6)
M3[31:24] = (PP+8)
M3[23:16] = (PP+9)
M3[15:8] = (PP+10)
M4[31:24] = (PP+12) M4[23:16] = (PP+13) M4[15:8] = (PP+14)
M5[31:24] = (PP+16) M5[23:16] = (PP+17) M5[15:8] = (PP+18)
M6[31:24] = (PP+20) M6[23:16] = (PP+21) M6[15:8] = (PP+22)
M7[31:24] = (PP+24) M7[23:16] = (PP+25) M7[15:8] = (PP+26)
M8[31:24] = (PP+28) M8[23:16] = (PP+29) M8[15:8] = (PP+30)
M9[31:24] = (CC+0)
M9[23:16] = (CC+1)
M9[15:8] = (CC+2)
M10[31:24] = MP
M10[23:16] = FAMC M10[15:8] = SN0
M11[31:24] = SN2
M11[23:16] = SN3
M11[15:8] = SN4
M12[31:24] = (SS+4) M12[23:16] = (SS+5) M12[15:8] = (SS+6)
M13[31:24] = (SP+20) M13[23:16] = (SP+21) M13[15:8] = (SP+22)
M14[31:24] = 00h
M14[23:16] = 00h
M14[15:8] = 00h
M15[31:24] = 00h
M15[23:16] = 00h
M15[15:8] = 01h
Legend
Mt
SS
CC
PP
FAMC
MP
SNx
(SP+n)
M0[7:0] = (SS+3)
M1[7:0] = (PP+3)
M2[7:0] = (PP+7)
M3[7:0] = (PP+11)
M4[7:0] = (PP+15)
M5[7:0] = (PP+19)
M6[7:0] = (PP+23)
M7[7:0] = (PP+27)
M8[7:0] = (PP+31)
M9[7:0] = (CC+3)
M10[7:0] = SN1
M11[7:0] = SN5
M12[7:0] = (SS+7)
M13[7:0] = 80h
M14[7:0] = 00h
M15[7:0] = B8h
Input buffer of SHA engine
0 £ t £ 15; 32-bit words
Starting address of secret
See Figure 5, Memory Map, memory pages 16 and 17
Starting address of cycle counter
Read Authenticated Page Command: Write cycle counter of selected memory page,
see Figure 5, Memory Map, memory page 19; the LS-byte of the counter is stored at
the lower address
Compute Challenge: PRNG Counter; see Figure 5, Memory Map, memory page 21;
the LS-byte of the counter is stored at the lower address
Starting address of memory page
See Figure 5, Memory Map, memory pages 0 through 15
Family Code = 18h
MP[7] = Control bit M, see Figure 7, Read Authenticated Page, and Figure 8
MP[6] = Control bit X, see Figure 7, Read Authenticated Page, and Figure 8
MP[5:4] = 00b
MP[3:0] = T8:T5 (equivalent to page number in hex)
ROM Serial number of device
SN0 = least significant byte, SN5 = most significant byte
The CRC is not used
Byte n of scratchpad
The counting of n is in decimal
21 of 37
DS1963S
SHA-1 Input Message Formats (continued) Table 2
Validate Data Page, Sign Data Page, Authenticate Host, Compute First Secret, Compute Next Secret
M0[31:24] = (SS+0)
M0[23:16] = (SS+1)
M0[15:8] = (SS+2)
M0[7:0] = (SS+3)
M1[31:24] = (PP+0)
M1[23:16] = (PP+1)
M1[15:8] = (PP+2)
M1[7:0] = (PP+3)
M2[31:24] = (PP+4)
M2[23:16] = (PP+5)
M2[15:8] = (PP+6)
M2[7:0] = (PP+7)
M3[31:24] = (PP+8)
M3[23:16] = (PP+9)
M3[15:8] = (PP+10)
M3[7:0] = (PP+11)
M4[31:24] = (PP+12) M4[23:16] = (PP+13) M4[15:8] = (PP+14)
M4[7:0] = (PP+15)
M5[31:24] = (PP+16) M5[23:16] = (PP+17) M5[15:8] = (PP+18)
M5[7:0] = (PP+19)
M6[31:24] = (PP+20) M6[23:16] = (PP+21) M6[15:8] = (PP+22)
M6[7:0] = (PP+23)
M7[31:24] = (PP+24) M7[23:16] = (PP+25) M7[15:8] = (PP+26)
M7[7:0] = (PP+27)
M8[31:24] = (PP+28) M8[23:16] = (PP+29) M8[15:8] = (PP+30)
M8[7:0] = (PP+31)
M9[31:24] = (SP+8)
M9[23:16] = (SP+9)
M9[15:8] = (SP+10)
M9[7:0] = (SP+11)
M10[31:24] = MPX
M10[23:16] = (SP+13) M10[15:8] = (SP+14) M10[7:0] = (SP+15)
M11[31:24] = (SP+16) M11[23:16] = (SP+17) M11[15:8] = (SP+18) M11[7:0] = (SP+19)
M12[31:24] = (SS+4) M12[23:16] = (SS+5) M12[15:8] = (SS+6)
M12[7:0] = (SS+7)
M13[31:24] = (SP+20) M13[23:16] = (SP+21) M13[15:8] = (SP+22) M13[7:0] = 80h
M14[31:24] = 00h
M14[23:16] = 00h
M14[15:8] = 00h
M14[7:0] = 00h
M15[31:24] = 00h
M15[23:16] = 00h
M15[15:8] = 01h
M15[7:0] = B8h
Legend
Mt
SS
PP
MPX
(SP+n)
Input buffer of SHA engine
0 £ t £ 15; 32-bit words
Starting address of secret
See Figure 5, Memory Map, memory pages 16 and 17
With Compute First Secret the secret data is replaced by all zeros.
Starting address of memory page
See Figure 5, Memory Map, memory pages 0 through 15
MPX[7] = Control bit M, see Figure 8
MPX[6] = Control bit X, see Figure 8
MPX[5:0] = (SP+12)[5:0]
Byte n of scratchpad
The counting of n is in decimal
The SHA functions as well as the memory functions involve several flags that may affect the function
itself and the result of functions executed in subsequent steps. These flags are HIDE, CHLG, AUTH and
MATCH. Table 3 summarizes the operation of these flags. The only command that does not change any
flag is Read Scratchpad. Note that a power-on reset of the parasite-powered 1-Wire front end of the
device also affects the flags. This “Return to Probe” condition occurs typically when a DS1963S device
makes contact with a read/write probe of a host computer or bus master or if the connection is
intermittent. The most apparent is the HIDE-flag. If set it prevents the user from reading the data in the
scratchpad; the current value of the target address and E/S byte remain readable, though. The HIDE-flag
also affects the Write Scratchpad and Copy Scratchpad commands. The other three flags are used in
special situations only and remain cleared most of the time. The flags CHLG and AUTH act as a pair in
the host/user authentication process to ensure that commands are executed in a certain sequence. If the
sequence is correct and the subsequent Match Scratchpad command results in matching data, the
MATCH flag is set. The MATCH flag then may affect Validate Data Page, Sign Data Page or Read
Authenticated Page.
22 of 37
DS1963S
Device Flag Summary Table 3
Command, Function or Condition
Return to Probe Condition
Read Memory Command
Match Scratchpad Command
Write Scratchpad Command
Read Scratchpad Command
Erase Scratchpad Command
Copy Scratchpad Command
Read Authenticated Page Command
Validate Data Page Function
Sign Data Page Function
Compute Challenge Function
Authenticate Host Function
Compute first Secret Function
Compute next Secret Function
HIDE
SET
----------------CLEARED
--------SET
--------SET
SET
SET
CHLG
----CLEARED
CLEARED
CLEARED
----CLEARED
CLEARED
CLEARED
CLEARED
CLEARED
SET
CLEARED
CLEARED
CLEARED
AUTH
----CLEARED
CLEARED
CLEARED
----CLEARED
CLEARED
CLEARED
CLEARED
CLEARED
CLEARED
Note 2)
CLEARED
CLEARED
MATCH
--------Note 1)
----------------------------CLEARED
CLEARED
CLEARED
CLEARED
1) The flag is SET if the data matches and the AUTH flag was set before command execution;
otherwise the flag is CLEARED. Setting the MATCH flag requires the successful execution of
Compute Challenge, Authenticate Host and Match Scratchpad in an uninterrupted sequence.
2) Is SET only if CHLG flag was set before command execution; otherwise is cleared.
SHA-1 COMPUTATION ALGORITHM
This description of the SHA computation is adapted from the Secure Hash Standard SHA-1 document
referenced on page 2 of this data sheet. The algorithm takes as its input data 16, 32-bit words Mt (0 £ t £
15), as shown in Table 2, SHA-1 Input Message Formats. The SHA computation involves a sequence of
eighty 32-bit words called Wt (0 £ t £ 79), a sequence of eighty 32-bit words called Kt (0 £ t £ 79), a
Boolean function ft (B, C, D) (0 £ t £ 79) with B, C and D being 32-bit words, and three more 32-bit
words called A, E and TMP. The operations required for the SHA computation are arithmetic addition
without carry (“+”), logical inversion or 1’s complement (“\”), EXCLUSIVE OR (“Å”), logical AND
(“Ù”), logical OR (“Ú”), assignment (“:=”), and circular shifting within a 32-bit word. The expression
“Sn(X)” represents a circular shift of X by n positions to the left, with X being a 32-bit word.
The function ft is defined as follows:
ft(B,C,D) = (B Ù C) Ú ((B\) Ù D)
BÅCÅD
(B Ù C) Ú (B Ù D) Ú (C Ù D)
BÅCÅD
(0 £ t £ 19)
(20 £ t £ 39)
(40 £ t £ 59)
(60 £ t £ 79)
The sequence Wt (0 £ t £ 79) is defined as follows:
Wt := Mt
(0 £ t £ 15)
S1(Wt-3 Å Wt-8 Å Wt-14 Å Wt-16)
(16 £ t £ 79)
23 of 37
DS1963S
The sequence Kt (0 £ t £ 79) is defined as follows:
Kt
:=
5A827999h (0 £ t £ 19)
6ED9EBA1h (20 £ t £ 39)
8F1BBCDCh (40 £ t £ 59)
CA62C1D6h (60 £ t £ 79)
The variables A, B, C, D, E are initialized as follows:
A
:=
67452301h
B
:=
EFCDAB89h
C
:=
98BADCFEh
D
:=
10325476h
E
:=
C3D2E1F0h
The 160-bit MAC is the concatenation of A, B, C, D, and E after looping through the following set of
computations for t = 0 to 79 (discarding any carry-out):
TMP :=
S5(A) + ft(B,C,D) + Wt + Kt + E
E
:=
D
D
:=
C
C
:=
S30(B)
B
:=
A
A
:=
TMP
The Message Authentication Code is loaded into the scratchpad of the DS1963S in two different ways,
depending on the selected SHA function. With Compute First Secret and Compute Next Secret 64 bits of
the MAC are used in a repeating pattern in order to allow it to be copied to any of the eight secrets. With
all other SHA functions the full 160-bit result is loaded into the scratchpad. Table 4 shows the placement
of bytes in the scratchpad.
SHA-1 Output Message Formats Table 4
Partial Code (Compute First Secret and Compute Next Secret only)
(SP+0) := E[7:0]
(SP+1) := E[15:8]
(SP+2) := E[23:16]
(SP+4) := D[7:0]
(SP+5) := D[15:8]
(SP+6) := D[23:16]
(SP+8) := E[7:0]
(SP+9) := E[15:8]
(SP+10) := E[23:16]
(SP+12) := D[7:0]
(SP+13) := D[15:8]
(SP+14) := D[23:16]
(SP+16) := E[7:0]
(SP+17) := E[15:8]
(SP+18) := E[23:16]
(SP+20) := D[7:0]
(SP+21) := D[15:8]
(SP+22) := D[23:16]
(SP+24) := E[7:0]
(SP+25) := E[15:8]
(SP+26) := E[23:16]
(SP+28) := D[7:0]
(SP+29) := D[15:8]
(SP+30) := D[23:16]
(SP+3) := E[31:24]
(SP+7) := D[31:24]
(SP+11) := E[31:24]
(SP+15) := D[31:24]
(SP+19) := E[31:24]
(SP+23) := D[31:24]
(SP+27) := E[31:24]
(SP+31) := D[31:24]
Full 160-Bit Code (all other SHA functions)
(SP+8) := E[7:0]
(SP+9) := E[15:8]
(SP+12) := D[7:0]
(SP+13) := D[15:8]
(SP+16) := C[7:0]
(SP+17) := C[15:8]
(SP+20) := B[7:0]
(SP+21) := B[15:8]
(SP+24) := A[7:0]
(SP+25) := A[15:8]
(SP+11) := E[31:24]
(SP+15) := D[31:24]
(SP+19) := C[31:24]
(SP+23) := B[31:24]
(SP+27) := A[31:24]
(SP+10) := E[23:16]
(SP+14) := D[23:16]
(SP+18) := C[23:16]
(SP+22) := B[23:16]
(SP+26) := A[23:16]
24 of 37
DS1963S
1-WIRE BUS SYSTEM
The 1-Wire bus is a system that has a single bus master and one or more slaves. In all instances the
DS1963S is a slave device. The bus master is typically a microcontroller or PC. For small configurations
the 1-Wire communication signals can be generated under software control using a single port pin. For
multisensor networks, the DS2480B 1-Wire line driver chip or serial port adapters based on this chip
(DS9097U series) are recommended. This simplifies the hardware design and frees the microprocessor
from responding in real-time.
The discussion of this bus system is broken down into three topics: hardware configuration, transaction
sequence, and 1-Wire signaling (signal types and timing). The 1-Wire protocol defines bus transactions in
terms of the bus state during specific time slots that are initiated on the falling edge of sync pulses from
the bus master. For a more detailed protocol description, refer to Chapter 4 of the Book of DS19xx iButton
Standards.
HARDWARE CONFIGURATION
The 1-Wire bus has only a single line by definition; it is important that each device on the bus be able to
drive it at the appropriate time. To facilitate this, each device attached to the 1-Wire bus must have open
drain or tri-state outputs. The 1-Wire port of the DS1963S is open-drain with an internal circuit
equivalent to that shown in Figure 9.
A multidrop bus consists of a 1-Wire bus with multiple slaves attached. At standard speed the 1-Wire bus
has a maximum data rate of 16.3kbits per second. The speed can be boosted to 142kbits per second by
activating the Overdrive mode. The DS1963S is not guaranteed to be fully compliant to the iButton
Standard. Its maximum data rate in standard speed mode is 15.4kbits per second and 125kbits per second
in Overdrive. The value of the pullup resistor primarily depends on the network size and load conditions.
For most applications the maximum value of 2.2kW will be adequate.
The idle state for the 1-Wire bus is high. If for any reason a transaction needs to be suspended, the bus
must be left in the idle state if the transaction is to resume. If this does not occur and the bus is left low
for more than 16µs (Overdrive speed) or more than 120µs (standard speed), one or more devices on the
bus may be reset. With the DS1963S the bus must be left low for no longer than 15.4µs at Overdrive
speed to ensure that none of the slave devices on the 1-Wire bus performs a reset. Despite of its limited
compliance, the DS1963S will communicate properly when used in conjunction with a DS2480B 1-Wire
driver and serial port adapters that are based on this driver chip.
HARDWARE CONFIGURATION Figure 9
BUS MASTER
VPUP
DS1963S 1-Wire PORT
SEE
TEXT
RX
TX
DATA
RX = RECEIVE
Open Drain
Port Pin
TX = TRANSMIT
25 of 37
RX
TX
5 µA
Typ.
100 W
MOSFET
DS1963S
TRANSACTION SEQUENCE
The protocol for accessing the DS1963S via the 1-Wire port is as follows:
· Initialization
· ROM Function Command
· Memory or SHA Function Command
· Transaction/Data
INITIALIZATION
All transactions on the 1-Wire bus begin with an initialization sequence. The initialization sequence
consists of a reset pulse transmitted by the bus master followed by presence pulse(s) transmitted by the
slave(s). The presence pulse lets the bus master know that the DS1963S is on the bus and is ready to
operate. For more details, see the “1-Wire Signaling” section.
ROM FUNCTION COMMANDS
Once the bus master has detected a presence, it can issue one of the seven ROM function commands that
the DS1963S supports. All ROM function commands are 8 bits long. A list of these commands follows
(refer to flowchart in Figure 10):
Read ROM [33h]
This command allows the bus master to read the DS1963S’s 8-bit family code, unique 48-bit serial
number, and 8-bit CRC. This command should only be used if there is a single slave on the bus. If more
than one slave is present on the bus, a data collision will occur when all slaves try to transmit at the same
time (open drain will produce a wired-AND result). The resultant family code and 48-bit serial number
read by the master will be invalid.
Match ROM [55h]
The match ROM command, followed by a 64-bit ROM sequence, allows the bus master to address a
specific DS1963S on a multidrop bus. Only the DS1963S that exactly matches the 64-bit ROM sequence
will respond to the following memory function command. All slaves that do not match the 64-bit ROM
sequence will wait for a reset pulse. This command can be used with a single or multiple devices on the
bus.
Search ROM [F0h]
When a system is initially brought up, the bus master might not know the number of devices on the
1-Wire bus or their 64-bit ROM codes. The search ROM command allows the bus master to use a process
of elimination to identify the 64-bit ROM codes of all slave devices on the bus. The search ROM process
is the repetition of a simple 3-step routine: read a bit, read the complement of the bit, then write the
desired value of that bit. The bus master performs this 3-step routine on each bit of the ROM. After one
complete pass, the bus master knows the 64-bit ROM code of one device. Additional passes will identify
the ROM codes of the remaining devices. See Chapter 5 of the Book of DS19xx iButton Standards for a
comprehensive discussion of a search ROM, including an actual example.
Skip ROM [CCh]
This command can save time in a single drop bus system by allowing the bus master to access the
memory and SHA functions without providing the 64-bit ROM code. If more than one slave is present on
the bus and, for example, a read command is issued following the Skip ROM command, data collision
will occur on the bus as multiple slaves transmit simultaneously (open drain pulldowns will produce a
wired-AND result).
26 of 37
DS1963S
ROM FUNCTIONS FLOW CHART Figure 10
Bus Master TX
Reset Pulse
From Figure 10, 2nd Part
From Memory Functions
Flow Chart (Figure 7)
N
OD
Reset Pulse ?
R
S
Y
Bus Master TX ROM
Function Command
33h
Read ROM
Command
?
Y
N
OD = 0
DS1963S TX
Presence Pulse
55h
Match ROM
Command
?
Y
N
F0h
Search ROM
Command
?
Y
N
RC = 0
RC = 0
RC = 0
DS1963S TX
Family Code
(1 Byte)
Master TX Bit 0
DS1963S TX Bit 0
DS1963S TX Bit 0
Master TX Bit 0
Bit 0
Match ?
Bit 0
Match ?
Master TX Bit 1
DS1963S TX Bit 1
DS1963S TX Bit 1
Master TX Bit 1
Bit 1
Match ?
Bit 1
Match ?
Master TX Bit 63
DS1963S TX Bit 63
DS1963S TX Bit 63
Master TX Bit 63
Bit 63
Match ?
Bit 63
Match ?
RC = 1
RC = 1
DS1963S TX
Serial Number
(6 Byte)
DS1963S TX
CRC Byte
To Figure 10
2nd Part
CCh
N
Skip ROM
Command
?
Y
RC = 0
To Figure 10
2nd Part
From Figure 10
2nd Part
To Memory Functions
Flow Chart (Figure 7)
Vertical
Spare
27 of 37
DS1963S
ROM FUNCTIONS FLOW CHART (continued) Figure 10
To Figure 10, 1st Part
From Figure 10
1st Part
A5h
Resume
Command
?
Y
3Ch
Overdrive
Skip
?
Y
N
N
RC = 0 ; OD = 1
N
RC = 1 ?
69h
Overdrive
Match
?
Y
N
RC = 0 ; OD = 1
Master TX Bit 0
Y
Master
TX Reset ?
Y
Bit 0
Match ?
N
Y
N
Master TX Bit 1
N
Master
TX Reset ?
Y
Bit 1
Match ?
N
Y
S
R
Master TX Bit 63
Bit 63
Match ?
Y
RC = 1
From Figure 10
1st Part
To Figure 10
1st Part
Vertical
Spare
28 of 37
N
DS1963S
Overdrive Skip ROM [3Ch]
On a single-drop bus this command can save time by allowing the bus master to access the memory
functions without providing the 64-bit ROM code. Unlike the normal Skip ROM command the Overdrive
Skip ROM sets the DS1963S in the Overdrive Mode (OD = 1). All communication following this
command code has to occur at Overdrive Speed until a reset pulse of minimum 480 µs duration resets all
devices on the bus to regular speed (OD = 0).
When issued on a multidrop bus this command will set all Overdrive-supporting devices into Overdrive
mode. To subsequently address a specific Overdrive-supporting device, a reset pulse at Overdrive speed
has to be issued followed by a Match ROM or Search ROM command sequence. This will speed up the
search process. If more than one Overdrive-supporting slave is present on the bus and the Overdrive Skip
ROM command is followed by a read command, data collision will occur on the bus as multiple slaves
transmit simultaneously (open drain pulldowns will produce a wire-AND result).
Overdrive Match ROM [69h]
The Overdrive Match ROM command, followed by a 64-bit ROM sequence transmitted at Overdrive
Speed, allows the bus master to address a specific DS1963S on a multidrop bus and to simultaneously set
it in Overdrive Mode. Only the DS1963S that exactly matches the 64-bit ROM sequence will respond to
the subsequent memory or SHA function command. Slaves already in Overdrive mode from a previous
Overdrive Skip or a successful Overdrive Match command will remain in Overdrive mode. All Overdrive-capable slaves will return to regular speed at the next Reset Pulse of minimum 480 µs duration. The
Overdrive Match ROM command can be used with a single or multiple devices on the bus.
Resume Command [A5h]
In a typical application the DS1963S needs to be accessed several times to complete a monetary
transaction. The number of accesses increases further if host/user-Authentication is also performed. In a
multidrop environment this means that the 64-bit ROM sequence of a Match ROM command has to be
repeated for every access. To maximize the data throughput in a multidrop environment the Resume
Command function was implemented. This function checks the status of the RC bit and, if it is set,
directly transfers control to the Memory and SHA functions, similar to a Skip ROM command. The only
way to set the RC bit is through successfully executing the Match ROM, Search ROM or Overdrive
Match ROM command. Once the RC bit is set, the device can repeatedly be accessed through the Resume
Command function. Accessing another device on the bus will clear the RC bit, preventing two or more
devices from simultaneously responding to the Resume Command function.
1-WIRE SIGNALING
The DS1963S requires strict protocols to ensure data integrity. The protocol consists of four types of
signaling on one line: Reset Sequence with Reset Pulse and Presence Pulse, Write 0, Write 1, and Read
Data. Except for the presence pulse the bus master initiates all these signals. The DS1963S can
communicate at two different speeds: standard speed and Overdrive speed. If not explicitly set into the
Overdrive mode, the DS1963S will communicate at standard speed. While in Overdrive Mode the fast
timing applies to all waveforms.
To get from idle to active, the voltage on the 1-Wire line needs to fall from VPUP below the threshold VTL.
To get from active to idle, the voltage needs to rise from VILMAX past the threshold VTH. The voltage
VILMAX is relevant for the DS1963S when determining a logical level, but not for triggering any events.
The initialization sequence required to begin any communication with the DS1963S is shown in Figure
11. A Reset Pulse followed by a Presence Pulse indicates the DS1963S is ready to receive data, given the
29 of 37
DS1963S
correct ROM and memory function command. In a mixed population network, the reset low time tRSTL
needs to be long enough for the slowest 1-Wire slave device to recognize it as a reset pulse. This duration
is 480µs at standard speed and 48µs at Overdrive speed. If the bus master uses slew-rate control on the
falling edge, it must pull down the line for tRSTL + tF to compensate for the edge. A tRSTL duration of
480µs or longer will exit the Overdrive Mode returning the device to standard speed. If the DS1963S is in
Overdrive Mode and tRSTL is no longer than 80µs, the device will remain in Overdrive Mode.
After the bus master has released the line it goes into receive mode (RX). Now, the 1-Wire bus is pulled
to VPUP via the pullup resistor or, in case of a DS2480B driver, by active circuitry. When the threshold
VTH is crossed, the DS1963S waits for tPDH and then transmits a Presence Pulse by pulling the line low for
tPDL. To detect a presence pulse, the master must test the logical state of the 1-Wire line at tMSP.
The tRSTH window must be at least the sum of tPDHMAX, tPDLMAX, and tRECMIN. Immediately after tRSTH is
expired, the DS1963S is ready for data communication. In a mixed population network, tRSTH should be
extended to minimum 480µs at standard speed and 48µs at Overdrive speed to accommodate other 1Wire devices.
INITIALIZATION PROCEDURE (RESET AND PRESENCE PULSES) Figure 11
MASTER TX RESET PULSE
tMSP
e
VPUP
VIHMASTER
VTH
VTL
VILMAX
0V
MASTER RX PRESENCE PULSE
tF
tRSTL
RESISTOR
tPDH
MASTER
tPDL
tRSTH
tREC
DS1963S
Read/Write Time Slots
Data communication with the DS1963S takes place in time slots that carry a single bit each. Write time
slots transport data from bus master to slave. Read time-slots transfer data from slave to master. The
definitions of the write and read time slots are illustrated in Figure 12.
All communication begins with the master pulling the data line low. As the voltage on the 1-Wire line
falls below the threshold VTL, the DS1963S starts its internal timing generator that determines when the
data line will be sampled during a write time slot and how long data will be valid during a read time slot.
Master to Slave
For a write-one time slot, the voltage on the data line must have crossed the VTHMAX threshold after the
write-one low time tW1LMAX is expired. For a write-zero time slot, the voltage on the data line must stay
below the VTHMIN threshold until the write-zero low time tW0LMIN is expired. For most reliable
communication the voltage on the data line should not exceed VILMAX during the entire tW0L window.
After the VTHMAX threshold has been crossed, the DS1963S needs a recovery time tREC before it is ready
for the next time slot.
30 of 37
DS1963S
READ/WRITE TIMING DIAGRAM Figure 12
Write-One Time Slot
tW1L
VPUP
VIHMASTER
VTH
VTL
VILMAX
0V
tF
e
tSLOT
RESISTOR
MASTER
DS1963S
Write-Zero Time Slot
tW0L
VPUP
VIHMASTER
VTH
VTL
VILMAX
0V
tF
tSLOT
RESISTOR
MASTER
tREC
DS1963S
Read-Data Time Slot
tMSR
tRL
VPUP
VIHMASTER
VTH
Master
Sampling
Window
VTL
VILMAX
0V
tF
d
RESISTOR
tREC
tSLOT
MASTER
DS1963S
Slave to Master
A read-data time slot begins like a write-one time slot. The voltage on the data line must remain below
VTLMIN until the read low time tRL is expired. During the tRL window, when responding with a 0, the
DS1963S will start pulling the data line low; its internal timing generator determines when this pull-down
ends and the voltage starts rising again. When responding with a 1, the DS1963S will not hold the data
line low at all, and the voltage starts rising as soon as tRL is over.
The sum of tRL + d (rise rime) on one side and the internal timing generator of the DS1963S on the other
side define the master sampling window (tMSRMIN to tMSRMAX) in which the master must perform a read
from the data line. For most reliable communication, tRL should be as short as permissible and the master
should read close to but no later than tMSRMAX. After reading from the data line, the master must wait until
tSLOT is expired. This guarantees sufficient recovery time tREC for the DS1963S to get ready for the next
time slot.
31 of 37
DS1963S
CRC GENERATION
With the DS1963S there are two different types of CRCs (Cyclic Redundancy Checks). One CRC is an
8-bit type. It is computed at the factory and lasered into the most significant byte of the 64-bit ROM. The
8
5
4
equivalent polynomial function of this CRC is X + X + X + 1. To determine whether the ROM data has
been read without error the bus master can compute the CRC value from the first 56 bits of the 64-bit
ROM and compare it to the value read from the DS1963S. This 8-bit CRC is received in the true form
(non-inverted) when reading the ROM.
16
The other CRC is a 16-bit type, generated according to the standardized CRC16-polynomial function X
15
2
+ X + X + 1. This CRC is used for error detection with the Read Authenticated Page command,
Compute SHA, when reading the scratchpad and for fast verification of a data transfer when writing to
the scratchpad. It is the same type of CRC as is used with NV RAM based iButtons for error detection
within the iButton Extended File Structure. In contrast to the 8-bit CRC, the 16-bit CRC is always
returned or sent in the complemented (inverted) form. A CRC-generator inside the DS1963S chip (Figure
13) will calculate a new 16-bit CRC as shown in the command flow chart of Figure 7. The bus master
may compare the CRC value read from the device to the one it calculates from the data and decides
whether to continue with an operation or to re-read the portion of the data with the CRC error.
With the Write Scratchpad command the CRC is generated by first clearing the CRC generator and then
shifting in the command code, the Target Addresses TA1 and TA2 and all the data bytes. The DS1963S
will transmit this CRC only if the data bytes written to the scratchpad include scratchpad ending offset
11111b. The data may start at any location within the scratchpad. This algorithm applies regardless of the
state of the HIDE-flag. However, if the HIDE-flag is set the data bytes that follow the target address are
used for the CRC-calculation only. They are not received in the scratchpad.
With the Read Scratchpad command the CRC is generated by first clearing the CRC generator and then
shifting in the command code, the Target Addresses TA1 and TA2, the E/S byte, and the scratchpad data
starting at the scratchpad offset. The DS1963S will transmit this CRC only if the reading continues
through the end of the scratchpad, regardless of the actual ending offset. If the HIDE-flag is set the CRCcalculation uses FFh-bytes instead of the scratchpad data, which remains hidden.
With the Read Authenticated Page command the 16-bit CRC value is the result of shifting the command
byte into the cleared CRC generator, followed by the two address bytes, the data bytes, and the values of
the write-cycle counters of the addressed memory page and its associated secret. The write cycle counters
are shifted in with their least significant byte first. With the Compute SHA command the CRC results
from shifting the command byte into the cleared CRC generator, followed by the Target Addresses TA1
and TA2 and the SHA Control byte.
For more details on generating CRC values including example implementations in both hardware and
software, see the Book of DS19xx iButton Standards.
32 of 37
DS1963S
CRC-16 HARDWARE DESCRIPTION AND POLYNOMIAL Figure 13
Polynomial = X16 + X15 + X2 + 1
1ST
STAGE
2ND
STAGE
X0
3RD
STAGE
X1
X2
R
9TH
STAGE
X9
10TH
STAGE
5TH
STAGE
6TH
STAGE
X3
X4
X5
13TH
STAGE
14TH
STAGE
15TH
STAGE
7TH
STAGE
X6
8TH
STAGE
X7
X8
S
11TH
STAGE
X10
4TH
STAGE
12TH
STAGE
X11
X12
X13
X14
16TH
STAGE
X15
INPUT DATA
33 of 37
X16
CRC
OUTPUT
DS1963S
PHYSICAL SPECIFICATION
Size
Weight
Expected Service Life
Safety
See mechanical drawing
3.3 grams
See graphic
Meets UL#913 (4th Edit.); Intrinsically Safe
Apparatus, Approval under Entity Concept for use
in Class I, Division 1, Group A, B, C and D
Locations (application pending)
ABSOLUTE MAXIMUM RATINGS*
IO Voltage to GND
IO sink current
Temperature Range
Junction Temperature
Storage Temperature Range
*
-0.5V, +6V
20mA
-40°C to +85°C
+150°C
-25°C to +50°C
This is a stress rating only and functional operation of the device at these or any other conditions
above those indicated in the operation sections of this specification is not implied. Exposure to
absolute maximum rating conditions for extended periods of time may affect reliability. These
devices must not be exposed to temperatures over +70°C for extended time periods.
ELECTRICAL CHARACTERISTICS
(VPUP = 2.8V to 5.25V, TA = -40°C to +85°C)
PARAMETER
SYMBOL
CONDITIONS
IO Pin General Data
1-Wire Pullup
RPUP
Resistance
Input Capacitance
CIO
Input Load Current
IL
IO pin at VPUP
High-to-Low
VTL
Switching Threshold
Input Low Voltage
VIL
Low-to-High
VTH
Switching Threshold
Output Low Voltage
VOL
at 4mA
Fall Time
tF
Recovery Time
tREC
Standard Speed,
RPUP=2.2kW
Overdrive Speed,
RPUP=2.2kW
Overdrive Speed,
Directly Prior to
Reset Pulse;
RPUP=2.2kW
34 of 37
MIN
TYP
MAX UNITS NOTES
2.2
kW
1, 2
0.7
800
9
2.9
pF
µA
V
3
4
5, 6, 7
0.6
0.30
2.9
V
V
1, 5, 8
5, 6, 9
0.4
V
5, 10
5
µs
µs
1
1, 15
100
5
2
5
DS1963S
PARAMETER
Timeslot Duration
SYMBOL
CONDITIONS
tSLOT
Standard Speed
Standard Speed,
-20°C to +85°C
Overdrive Speed,
VPUP > 4.5V
IO Pin, 1-Wire Reset, Presence Detect Cycle
Reset Low Time
tRSTL
Standard Speed
Standard Speed,
-20°C to +85°C
Overdrive Speed,
VPUP > 4.5V
Presence Detect High
tPDH
Standard Speed
Time
Overdrive Speed,
VPUP > 4.5V
Presence Detect Low
tPDL
Standard Speed
Standard Speed,
-20°C to +85°C
Time
Overdrive Speed,
VPUP > 4.5V
Presence Detect
tMSP
Standard Speed
Sample Time
Overdrive Speed,
VPUP > 4.5V
IO Pin, 1-Wire Write
Write-0 Low Time
tW0L
Standard Speed
Standard Speed,
-20°C to +85°C
Overdrive Speed,
VPUP > 4.5V
Write-1 Low Time
tW1L
Standard Speed
Overdrive Speed
IO Pin, 1-Wire Read
Read Low Time
tRL
Standard Speed
Overdrive Speed
Read Sample Time
tMSR
Standard Speed
Overdrive Speed
SHA-1 Engine
Computation Time
tSHA
Number of SHA-1
NSHA
Computations
35 of 37
MIN
69
65
TYP
MAX UNITS NOTES
µs
1, 15
8
540
480
960
960
µs
1, 14
48
80
17
1.8
60
6
µs
14
78
78
260
240
µs
14
7.7
24
60
6
95
9.5
µs
1
64
60
120
120
µs
1, 14
6
15.4
5
1
15 - e
2-e
µs
1, 11
5
1
tRL + d
tRL + d
15 - d
2-d
15
2
µs
1, 12
µs
1, 12
0.4
1.15
(see graphs)
ms
---
13
DS1963S
NOTES
1) System requirement.
2) Maximum allowable pullup resistance is a function of the number of 1-Wire devices in the system
and 1-Wire recovery times. The specified value here applies to systems with only one device and
with the minimum 1-Wire recovery times. For more heavily loaded systems, an active pullup such
as that found in the DS2480 may be required.
3) Capacitance on the data pin could be 800pF when power is first applied. If a 2.2kW resistor is
used to pull up the data line to VPUP; the parasite capacitance will not affect normal
communications 2.5µs after power has been applied.
4) Input load is to ground.
5) All voltages are referenced to ground.
6) VTL, VTH are a function of the internal supply voltage.
7) Voltage below which, during a falling edge on IO, a logic 0 is detected.
8) The voltage on IO needs to be less or equal to VILMAX whenever the master drives the line low.
9) Voltage above which, during a rising edge on IO, a logic 1 is detected.
10) The I-V characteristic is linear for voltages less than 1V.
11) e is the time required for the pullup circuitry to pull the voltage on IO up from VIL to VTH.
12) d represents the time required for the pullup circuitry to pull the voltage on IO up from VIL to the
input high threshold of the bus master.
13) The number of SHA-1 computations possible with the built-in energy source depends on the
operating and storage temperature of the device.
14) Highlighted numbers are not in compliance with the published iButton standards. See comparison
tables below.
15) The recovery time was intentionally increased from the standard value of 1µs to a longer value to
improve the parasitic power supply of the device. This change improves the performance of the
chip and is not considered a non-compliance to the published standard.
Non-Compliance Table for TA = -40°C to +85°C
Parameter
Name
tSLOT (incl. tREC)
tRSTL
tPDH
tPDL
tW0L
tSLS, tSPD
Standard Values
Standard Speed
Overdrive Speed
min
max
min
max
61µs
(undef.) 7µs
(undef.)
480µs
(undef.) 48µs
80µs
15µs
60µs
2µs
6µs
60µs
240µs
8µs
24µs
60µs
120µs
6µs
16µs
15µs
60µs
2µs
6µs
36 of 37
DS1963S Values
Standard Speed
Overdrive Speed
min
max
min
max
69µs
(undef.) 8µs
(undef.)
540µs
960µs
48µs
80µs
17µs
60µs
1.8µs
6µs
78µs
260µs
7.7µs
24µs
64µs
120µs
6µs
15.4µs
19µs
64µs
2µs
4.8µs
DS1963S
Non-Compliance Table for TA = -20°C to +85°C
Standard Values
Standard Speed
Overdrive Speed
min
max
min
max
61µs
(undef.) 7µs
(undef.)
480µs
(undef.) 48µs
80µs
15µs
60µs
2µs
6µs
60µs
240µs
8µs
24µs
60µs
120µs
6µs
16µs
15µs
60µs
2µs
6µs
Parameter
Name
tSLOT
tRSTL
tPDH
tPDL
tW0L
tSLS, tSPD
DS1963S Values
Standard Speed
Overdrive Speed
min
max
min
max
65µs
(undef.) 8µs
(undef.)
480µs
960µs
48µs
80µs
17µs
60µs
1.8µs
6µs
78µs
240µs
7.7µs
24µs
60µs
120µs
6µs
15.4µs
19µs
60µs
2µs
4.8µs
Expected Service Life vs Temperature
Every 0.1s (315 Million SHAs/year)
Every 0.5s (63 Million SHAs/year)
Every 2s (15 Million SHAs/year)
Every 100s (0.3 Million SHAs/year)
Every 0.2s (157 Million SHAs/year)
Every 1s (31 Million SHAs/year)
Every 5s (6 Million SHAs/year)
20.00
Min. Product Lifetime (years)
18.00
16.00
14.00
12.00
10.00
8.00
6.00
4.00
2.00
0.00
-40
-30
-20
-10
0
10
20
30
40
Temperature (°C)
37 of 37
50
60
70
80