DYNEX MA28140

MA28140
MA28140
Packet Telecommand Decoder
■ Built-in Command Pulse Distribution Unit Core Logic
■ Radiation Hard to 1MRads (Si)
■ High SEU Immunity, Latch-up Free
12
14
TCC0-5
TCS0-5
TCA0-5
VDD
GND
PTD
CPDUSTN
CPDUEN
CPDUDIV
MAPSTN
MAPCK
MAPDSR
MAPDTR
MAPDATA
MAPADT
MAP
Interface
■ Built-in Authentication Unit
Trans- Power
ponder
Interface
■ Single Chip Implementation of all TC Decoder Core
Functions
AUDIS
AUEXT
AUST
AUBUF
AUEND
AUR
AUTSL
AUSBUF
FARBUF
LADR(0-10)
LDAT(0-7)
RWN
BRQN
BGRN
RAMCSN
ROMCSN
LACCS
LACK
CPDU
Interface
FEATURES
Authentication
Interface
Some of these layers have a telemetry reporting
mechanism. The processed TC segment can be transferred to
the application either serially or in parallel.
144444244443
Command Pulse Distribution
PRDY
PBUS(0-15)
Local Bus
Interface
Authentication Layer
Parallel
Interface
Segmentation Layer
RFAVN
VCLSB
TMMOD
PAR
RESETN
CLK
PRIOR
TEST
MODE
CONF
SELTC(0-2)
DECOD
123 144424443
Transfer Layer
CLCWSA
CLCWCA
CLCWDA
CLCWSB
CLCWCB
CLCWDB
CPDUS
FAR1S
FAR2S
AU1S
AU2S
TMC
TMD
Miscellaneous
Coding Layer
1444442444443 123 144424443 123 123
Telemetry
Interface
The MA28140 Packet Telecommand Decoder (PTD) is a
single-chip implementation of the core part of a telecommand
decoder, manufactured using CMOS-SOS high performance,
radiation hard, 1.5µm technology. The PTD is a full
implementation of and fully compliant with the packet
telecommand standard ESA PSS-04-107 and the
telecommand decoder specification ESA PSS-04-151, these
being derived from the corresponding CCSDS standards.
The PTD, which handles 6 NRZ TC input channels,
processes the following layers:
DS3839-7.0 September 2001
142443
Replaces June 2000 version, DS3839-6.1
■ CMOS-SOS Technology
■ Conforms to CCSDS Standards
Pin connections
■ 6 NRZ TC Input Channels
■ 50Kbps Bit Rate
■ Low Power Consumption
■ Single 5V Supply
■ -55 to +125°C Operation
1/72
MA28140
CONTENTS
1. INTRODUCTION
Page
Front sheet ............................................................................ 1
1. Introduction ....................................................................... 2
2. TC Decoder Subsystem Overview .................................... 3
3. PTD Architectural Overview .............................................. 4
4. PTD Functional Description
4.1 Coding Layer ....................................................... 6
4.2 Transfer Layer ..................................................... 9
4.3 Authentication Layer .......................................... 15
4.4 Segmentation Layer ........................................... 21
CONVENTION
4.5 CPDU ................................................................. 22
In this document the two conventions described in
references 1 and 2 apply:
4.6 Telemetry Reporting .......................................... 24
5. PTD Interfaces
5.1 Physical Channel Interface ................................ 27
5.2 MAP Interface .................................................... 27
5.3 Telemetry Interface ............................................ 30
5.4 Parallel Interface ................................................ 34
5.5 CPDU Interface .................................................. 35
5.6 Local Bus Interface ............................................ 36
5.7 Memories ........................................................... 36
5.8 External Authentication ...................................... 41
6. State After Reset ............................................................. 42
7. Signal Description ........................................................... 44
8. Electrical Characteristics and Ratings
8.1 DC Parameters .................................................. 47
8.2 AC Parameters .................................................. 48
9. Package Details
9.1 Dimensions ........................................................ 65
9.2 Pin Assignment .................................................. 66
10. Radiation Tolerance ...................................................... 70
11. Ordering Information ..................................................... 70
12. Synonyms ..................................................................... 71
REFERENCES
1. “Packet Telecommand Standard” ESA PSS-04-107,
Issue 2, April 92.
2. “Telecommand Decoder Specification” ESA PSS-04-151,
Issue 1, September 93.
2/72
This document is the data sheet of the “Packet
Telecommand Decoder”, henceforth called the PTD.
The PTD is compatible with the ESA PSS-04-107 standard
directly derived from the CCSDS recommendations. This
standard is described in references 1 and 2. The data sheet is
based on both documents for the description of the protocol.
Nevertheless, it was impossible to include the whole reference
documents in the data sheet, thus some specific points of the
protocol or some descriptions of the recommended hardware
implementation have not been included. The reader may find
these points in the applicable documents.
1. The first bit in the field to be transmitted (i.e. the most left
justified bit when drawing a figure) is defined to be Bit 0. When
the field is used to express a binary value, the Most Significant
Bit (MSB) shall be the first transmitted bit of the field (i.e. Bit 0).
Bit 0
Bit N-1
N Bit Data Field
MSB
← First Bit transmitted = MSB
LSB
Note: Some of the external interfaces have parallel busses
(LADR, LDAT, PBUS, SELTC) which have the opposite bit
order specified, i.e. Bit 0 is The Least Significant Bit.
2. An 8-bit word (a byte) is called an OCTET.
MA28140
Local Bus
ROM
External
Authentication
Unit
Configuration
Authentication
RAM
Back-up
Power
Supply
TC input
NRZ or PSK
(6 max)
Transponder
I/F
PTD
Clock
CPDU
I/F
Command
Pulses
(256 max)
MAP
Demultiplexer
I/F
Serial
Data link
(62 max)
Telemetry
I/F
Figure 1: Block Diagram of a TC Decoder Subsystem
2. TC DECODER SUBSYSTEM OVERVIEW
An ESA/CCSDS Telecommand Decoder subsystem
including the PTD and fulfilling the receiving-end functions
established in the Packet Telecommand Standard (ref 1) is
shown in Figure 1.
The PTD requires the following additional hardware to fulfil
the requirements of the Telecommand Decoder Specification
(ref 2):
• Transponder I/F including demodulators for PSK TC
inputs.
• Telemetry I/F. The telemetry reporting signals can be
directly connected to a Virtual Channel Multiplexer (ref 3).
• Command Pulse Distribution Unit I/F. This function
performs decoding of commands present on the local bus
and power amplification. The PTD ASIC associated with
the CPDU I/F can manage 256 pulse outputs.
• Memories. There are 2 different memories:
- RAM (2Kx8) used to store the received TC data and
protocol variables (programme authentication key for
instance) and eventually to store the TC segment
available for further processing by the Data Management
System. If this memory is used to store the recovery LAC
counter (Authentication function), it must be a non-volatile
memory.
- ROM (1Kx8) divided in two parts:
- Configuration part, used to provide the Mission
Specific Data.
- Authentication part, used to provide the fixed
Authentication key.
• External Authentication Unit (optional). Although an AU is
implemented in the PTD, it is also possible to use an
external AU if the mission requires a different
authentication algorithm. This external unit accesses the
RAM in order to authenticate a TC segment.
• MAP demultiplexer I/F. This interface is composed of a
demultiplexer to provide the TC segment data to various
Data Management System interfaces. The demultiplexer
is controlled by the MAP data present on the Local Bus.
The PTD ASIC can manage 62 different serial data
interfaces (63 if AU is disabled).
3/72
MA28140
3. PTD ARCHITECTURAL OVERVIEW
AUTHENTICATION UNIT BLOCK
Figure 2 describes the PTD functional architecture which
features 7 major blocks described below. Figure 3 shows the
CCSDS protocol layer architecture. The PTD deals with the
Coding Layer, the Transfer Layer, the Authentication Layer,
the Segmentation Layer and a part of the Packetisation Layer
of the CCSDS protocol.
This block (which is optional and can be disabled
permanently or during flight) is concerned with the segment
data protection, it enables the spacecraft to authenticate the
received data. The authentication concept is the “plain text
with appended signature” approach, described in Section 8 of
ref. 2.
In the PTD architecture this function is implemented on
chip. However, a specific interface allows authentication to be
performed externally - if another coding algorithm is to be
used, the on-chip block can be disabled and an external
authentication system can be used.
The block generates a reporting word (Authentication
Status = 80 bits) and part of the 32 bit FAR.
CODING LAYER BLOCK
The coding layer block multiplexes the 6 physical TC
channel inputs and fulfils the coding layer function described in
section 5 of ref.1.
The main tasks performed by the PTD at this level are:
• Start sequence detection and selection of the first active
TC input.
• Codeblock error detection and correction.
• Valid codeblock transfer to the above layer.
• Generation of part of the FAR and CLCW status.
SEGMENTATION LAYER BLOCK
TRANSFER LAYER BLOCK
This level is concerned with the processing of the frames
received from the coding layer and fulfils the transfer layer
function described in section 6 of ref.1.
At this level, the PTD performs the following tasks:
This block implements only some of the segmentation
layer functions described in section 7 of ref.1. Its purpose is to
manage the back-end buffer shared with the FARM-1 block of
the transfer layer and to implement the MAP interface in order
to demultiplex (with external hardware) the segments
dedicated to the different spacecraft applications.
• Clean frame validation.
• Legal frame validation.
• Frame analysis report mechanism.
• Reporting word (16 bit CLCW and part of 32 bit FAR)
generation.
EXTERNAL BUS
6447448
DATA CTL
AD
8
FAR28...30 AUS0...79
11
CLCW
CPDUS
BUS
CONTROLLER
adr
AUTHENTICATION
UNIT
TELEMETRY
MODULE
FAR
TM interface
AUS
INTERNAL BUS
control
data
CLK
DATA
ACTIVE
6
6
6
CODING LAYER
BLOCK
CLEAN FRAME
VALIDATION
BLOCK
LEGAL FRAME
VALIDATION
BLOCK
FARM-1
BLOCK
SEGMENTATION
LAYER BLOCK
COMMAND PULSE
DISTRIBUTION
UNIT
TRANSFER LAYER
FAR7...12
FAR13...15
FAR18...20
FAR1...3
FAR4...6
FAR16,17
FAR1...3
CLCW0...15
FAR21...26
MAP interface
Figure 2: PTD Internal Architecture
4/72
CPDUS0...15
MA28140
EXAMPLE : 256 OCTETS
PACKETISATION
LAYER
PACKET
HEADER
PACKET
ERROR
CONTROL
PACKET
DATA
1 OCTET
248 OCTETS
1
8
SEGMENTATION
LAYER
SEGMENT
HEADER
FIRST PACKET
SEGMENT
SEGMENT
HEADER
LAST PACKET
SEGMENT
5
249 (MAX.)
2
TRANSFER
LAYER
FRAME
HEADER
FRAME DATA
FIELD
FRAME
ERROR
CONTROL
CODING
LAYER
(CODEBLOCK
LENGTH = 8
OCTETS)
PHYSICAL
LAYER
(ESA PLOP-2)
2
7
1
START
SEQUENCE
INFORMATION
ERROR
CONTROL
CODEBLOCK
No.1
7
5
1
1
E.C.
E.C.
CODEBLOCK
No.2
2
9
FRAME
FRAME FRAME DATA ERROR
HEADER
FIELD
CONTROL
7
1
4
E.C.
CODEBLOCK
No.36
3
FILL
1
8
TAIL
E.C. SEQUENCE
CODEBLOCK
No.37
16 OCTETS
306 OCTETS
MIN. 1 OCTET
34 OCTETS
ACQUISITION
SEQUENCE
FIRST CLTU
IDLE SEQUENCE
LAST CLTU
IDLE SEQUENCE
(OPTIONAL)
Figure 3: CCSDS Protocol Layer Architecture
COMMAND PULSE DISTRIBUTION UNIT
The CPDU is integrated into the PTD ensuring higher
reliability for this critical function (direct telecommand for
spacecraft reconfiguration) than if implemented in an external
chip. The critical commands executed by the CPDU are
received in specific packets. The CPDU responds to the MAP
identifier 0, and to a mission dependent application process
identifier (stored in ROM). No segmentation is accepted, the
commands must be contained in an unsegmented package.
The unit generates a reporting word (CPDU Status = 16 bits).
BUS CONTROLLER
This block is the interface between external memories and
on chip modules. Its different functions are:
• address decoding.
• internal and external bus access arbitration.
TELEMETRY MODULE
This block is the interface with the telemetry subsystem. It
manages the data report storage using double buffered
registers.
5/72
MA28140
4. PTD FUNCTIONAL DESCRIPTION
4.1 CODING LAYER
Overview of the Layer
The coding layer provides the forward error correction
capability and synchronisation services used by the Transfer
layer. Each Transfer Frame is encoded/embedded in one
CLTU (Command Link Transmission Unit), which is the
protocol-data unit of the coding layer. At the receiving end of
the Coding Layer, a “dirty” symbol stream (plus control
information on whether the physical channel is active or
inactive) is received from the layer below. Searching for the
Start Sequence, the coding layer finds the beginning of a
CLTU and decodes the TC Codeblocks. As long as no errors
are detected, or errors are detected and corrected, the coding
layer passes “clean” octets of data to the Transfer layer.
Should any codeblock contain an uncorrectable error, this
Codeblock is abandoned and considered as Tail Sequence, no
further data is passed to the layer above and the Coding Layer
returns to a Start Sequence searching mode until it detects
one. The coding layer also generates part of the CLCW and
FAR status.
The PTD can handle up to 6 TC input interfaces, the data
bit rate on these inputs should not exceed 50 Kbits per second
when using the Authentication Unit. If the Authenication unit is
not used the symbol rate could exceed 200kBits/sec (not
guaranteed).
Standard Data Structures Within the Layer
A CLTU is made up of three distinct protocol data
elements:
- one 16-bit Start Sequence,
- one or more TC Codeblocks of a fixed length of 8 octets
to encode the protocol data unit from the layer above,
- one Tail Sequence of length equal to that of the TC
Codeblock, i.e. 8 octets.
Start
Sequence
First
Codeblock
16 Bits
••••••••••
Last
Codeblock
Variable Number of Codeblocks
Tail
Sequence
8 Octets
The Start Sequence marks the beginning of the TC
Codeblock field within a CLTU. It consists of a 16-bit
synchronisation pattern represented in hexadecimal as EB90,
where the first transmitted octet is EB.
The TC Codeblock field consists of one or more TC
Codeblocks. The codeblock length of received data is fixed
and set to 8 octets (information field: 7 octets).
P0 (MSB)
Information Field
7 Octets
6/72
P6
P7 (LSB)
Error Control Field
7 parity bits
Filler Bit
1 Octet
The Tail Sequence marks the end of the TC Codeblock
Field within a CLTU. The length of the Tail Sequence is that of
a TC Codeblock. Reference 1 specifies that its pattern should
be alternating “zeros” and “ones”, ending with a “one” (55 ....
55 in hexadecimal), but any double error codeblock, or single
error codeblock with filler bit equal to 1 will be interpreted as
Tail Sequence by the PTD.
Synchronization and TC Input Selection
Synchronization is performed by searching for the Start
Sequence simultaneously on all active TC inputs. The Start
Sequence detection allows one bit error anywhere in the 16-bit
pattern. Furthermore due to NRZ coding ambiguity on the
incoming bit stream, it is possible to detect the inverted Start
Sequence pattern in order to choose between positive or
negative representation for further NRZ data processing. If an
inverted Start Sequence is detected, the following bit stream is
inverted until the Tail Sequence is encountered.
Two different modes to perform the TC channel selection
are supported, selectable with the PRIOR configuration input:
Standard Mode (PRIOR = 0), in which all TC inputs TC0 to
TC5 have the same priority, and the search for a Start
Sequence is performed on all active TC channels
simultaneously.
Priority Mode (PRIOR = 1), in which two inputs are
assigned an absolute priority.
Note: This mode is not compliant with Ref. 1, and is
intended for applications with specific requirements on
unconditional access to the TC decoder. If this mode is used,
a thorough analysis of potential failure modes and the built-in
timeout mechanisms is recommended.
Standard Mode
The TC input selection locks the selection multiplexer on
the first TC channel where the Start Sequence is found. The
selection mechanism is restarted once a Tail Sequence or a
codeblock rejection has been detected. Furthermore, as a
protection mechanism in case of RF receiver breakdown, a
timeout mechanism is provided; if the TC channel clock is not
detected during a certain time, the TC selection mechanism is
reactivated in order not to remain lacked on a Channel without
a clock signal.
The timeout value between two successive edges of the
TC channel clock is: 3932160
tCK < TC clock timeout < 4587520 tCK, with tCK being the
system clock period. With a
system clock frequency fCK of 4MHz this equals 0.98s
<TC clock timeout < 1.15s.
MA28140
Codeblock Decoding
Priority Mode
In this mode two inputs have priority, according to the
following rule: TC0 > TC1 > TC2 = TC3 = TC4 = TC5. When
neither the TC0 input nor the TC1 input is active, the selection
between the inputs TC2 to TC5 is performed as in the
Standard Mode.
As soon as the TC active signal of TC0 is asserted, this TC
input is selected, and the 5 other channels are inhibited. In
case another input was already selected and receiving data, it
is abandoned. The TC0 input remains selected until one of the
following events:
a1: its TC active signal becomes inactive, or
b1: its bit clock has not been received for a period equal to
the TC clock timeout, or
c1: no Start Sequence has been detected for a period
equal to the TC active timeout, or
d1: a Tail Sequence or a codeblock rejection has occurred.
Upon events (a1) and (d1), the selection logic returns to
the search state. Upon events (b1) and (c1), the TC0 input is
ignored (i.e. considered inactive) until the event (a1) occurs.
When the TC0 input is inactive (including the case of a
timeout as described above), as soon as the TC active signal
of TC1 is asserted, this TC input is selected, and the lower
priority inputs TC2 to TC5 are inhibited. In case any of these
inputs was already selected and receiving data, it is
abandoned. The TCl input remains selected until one of the
following events.
a2: its TC active signal, becomes inactive, or
b2: its bit clock has not been received for a period equal to
the TC clack timeout, or
c2: no Start Sequence has been detected for a period
equal to the TC active timeout, or
d2: a Tail Sequence or a codeblock rejection has occurred,
or
e2: the TCO active signal is asserted.
Upon events (a2) and (d2), the selection logic returns to the
search state. Upon events (b2) and (c2), the selection logic
ignores the TC1 input until event (a2) occurs. Upon event (e2)
the TCl input is inhibited and the TC0 input is selected as
previously described.
The TC clock timeout value between two successive edges
of the TC channel clock is: 3932160 tCK < TC clock timeout <
4587520 tCK. With a system clock frequency fCK of 4 MHz this
equals 0.98s <TC clock timeout < 1.15s.
The TC active timeout value between two successive Start
Sequence patterns being detected is 334233600 tCK < TC
active timeout < 335399960 tCK. With a system clock
frequency fCK of 4MHz this equals 83.5s < TC active timeout <
83.9s.
Codeblock decoding is performed for each received
codeblock. At the sending end, a systematic block coding
procedure processing 56 bits per Codeblock and generating 7
parity check bits per Codeblock is used. The parity check bits
are then complemented and placed into the codeblocks: P0
(MSB) through P6 are located in the first seven bits (MSBs) of
the last octet of the codeblock. The last bit of the last octet, P7
(LSB), is a filler bit appended to complete the 8-bit Error Control
Field. This Filler Bit should normally be a zero, except for the
Tail Sequence. The code is a (63,56) modified Bose-ChaudhuriHocquenghem (BCH), based on the following polynomial
generator: g(x)=x7+x6+x2+1. A single error correction & double
error detection mode is provided by using this code.
The following table describes the Decoding Strategy of the
codeblocks:
ERRORS DETECTED
no errors
FILLER BIT
VALUE
ignored
even number of errors
ignored
odd number of errors
with a binary syndrome
value equal to all zeros
odd number of errors
with a binary syndrome
value different from all
zeros
odd number of errors
with a binary syndrome
value different from all
zeros
ignored
DECISION
codeblock
accepted
codeblock
rejected
codeblock
rejected
0
codeblock
accepted
correction of
a single error
codeblock
rejected
1
CLTU Management
CLTU decoding consists of the states and events
summarized in the following table and state diagram:
E4
E1
S1
INACTIVE
S2
SEARCH
E3
E2(b)
S3
DECODE
E2(c)
E2(a)
Figure 4: CLTU Decoder State Diagram
7/72
MA28140
State Number
S1
State Name
INACTIVE
S2
SEARCH
S3
DECODE
Event Number
E1
Event Name
CHANNEL ACTIVATION
E2 (a) (c)
CHANNEL
DEACTIVATION
CLTU ERROR
(b)
E3
E4
START SEQUENCE
FOUND
CODEBLOCK
REJECTION
State Definition
All telecommand channels are inactive (no bit lock is achieved)
or no bit modulation is detected.
Incoming bit stream is searched, bit by bit, for the Start
Sequence pattern.
Codeblocks, which are either free of error or which can be
corrected, are received and decoded, and their information
octets are transferred to the layer above
Event Definition
Bit modulation is detected and bit lock is achieved:
telecommand bit stream is present
Deactivation of the TC Active Signal
More than 37 codeblocks accepted in the CLTU
or Timeout on the TC Clock signal
or Activity on a channel having higher priority in priority mode
The Start Sequence pattern has been detected, signalling the
beginning of the first codeblock of the CLTU
A codeblock is found uncorrectable (erroneous codeblock or
tail sequence). No information octet from this codeblock is
transferred to the layer above
Codeblock transfer is performed in a serial way to the
above layer (Transfer layer). Two indication signals are
provided to the above layer - one indicating the whole frame
duration, the other asserted each time a 7 octets block is being
transferred.
The following rules apply to the data transfer between the
Coding Layer and the Transfer Layer:
• When the first Candidate Codeblock is affected by an
event E4 or by an event E2, the CLTU is abandoned. No
Candidate Frame is transferred to the Transfer Layer.
• When the first Candidate Codeblock is found to be error
free, or if it contained one error which has been corrected, its
information octets (i.e. 7 octets) are transferred to the
Transfer Layer. The decoding of the CLTU continues until
one of the following events occurs:
1- when an event E4 (codeblock rejection) occurs for any
of the 37 possible Candidate Codeblocks the decoder returns
to the search state S2 with the following actions:
- The codeblock is abandoned
- No information from that codeblock is transferred to
the layer above
- The Coding Layer indicates to the Transfer Layer the
end of transfer of the Candidate Frame.
2- when an event E2 (channel deactivation) occurs the
decoder returns to the inactive state (for the channel) with the
following actions:
- The CLTU is aborted,
- The CLTU is reported as abandoned,
- A signal is sent to the Transfer Layer to indicate that
the entire block of octets making up the Candidate
Frame must be erased.
8/72
3- When an event E2(b) (CLTU error) occurs, the decoder
returns to the search state with the following actions:
- The CLTU is aborted,
- The CLTU is reported as abandoned,
- A signal is sent to the Transfer Layer to indicate that
the entire block of octets making up the Candidate
Frame must be erased.
A CLTU error occurs in the following cases:
- More than 37 codeblocks have been accepted in the
CLTU,
- A timeout on the TC clock signal occurs,
- Activity on a channel having higher priority is
detected in priority mode.
The DECOD output is activated when the CLTU decoder
state is S3.
MA28140
• Virtual channel identifier. It is used as a spacecraft subidentifier. It can provide an identification of the spacecraft
telecommand chain selected for operating the spacecraft.
4.2 TRANSFER LAYER
Overview of the Layer
The Transfer Layer implements the following sublayers:
- The Frame Error Control Sublayer which ensures that
only “clean” frames are transferred to the sublayer above by
using a CRC error syndrome verification.
- The Frame Header Sublayer verifies the conformity of
the relevant frame header fields by using the Legal Frame
Validation process before passing the frame to the FARM1.
- The “Frame Acceptance and Reporting Mechanism
One” or FARM1 ensures that frames are processed in the
correct sequence.
There are three types of TC transfer frames:
- two types for the Sequence-Controlled Service: AD and
BC frames
- one type for the Expedited Service: BD frames
The Sequence-Controlled Service is used for normal
spacecraft communications. It concerns essentially TC
Transfer Frames carrying TC segments: the AD frames. To
configure the AD machine, special control frames are used
called BC frames.
The Expedited Service is used for recovery in the absence
of the telemetry downlink or during unexpected situations. It is
only concerned with TC transfer frames carrying TC segments:
the BD frames.
Standard Data Structures Within the Layer
The major fields of the TC Transfer Frame are shown
below:
5 octets
Frame Header
1 to 249 octets
Frame Data Field
2 octets
Frame Error
Control Field
Frame Header
• Frame length. This field specifies the number of octets
contained within the entire TC transfer frame:
Field Value = (Total number of octets) - 1
• Frame sequence number. This number is denoted as
N(S). It is set to different values:
- for AD frames it should be set to the Transmitter
Frame Sequence Number and it is compared to the
Receiver Frame Sequence Number V(R) stored in the
PTD, to control the transfer of a sequence of frames
(see the FARM-1 process)
- for BC and BD frames it should be set to all zeros.
Except for the bypass and control command flags, the
values of the first three header octets are programmed in the
external ROM.
In the abbreviations AD, BD and BC, A stands for
Acceptance check of N(S), B stands for Bypass of A, C
stands for Control and D stands for Data. AC is an illegal
combination because Control Commands cannot reliably use
a transfer service which they are meant to modify.
Frame Data Field
The frame data field is of variable length from a minimum of
1 octet to a maximum of 249 octets. When the frame is a data
frame (type AD or BD), it contains a TC segment. When the
frame is a BC frame, this field can contain 2 control commands
to configure the FARM-1 process:
• the UNLOCK command. The FARM-1 has a built in
mechanism which will go into a Lockout state whenever it
receives a type-AD frame containing a frame sequence
number N(S) outside the limits of the FARM-1 Sliding
Window. The UNLOCK command provides a mechanism to
reset the Lockout condition. The UNLOCK command is
encoded as a single octet with the value: 00000000.
The structure of the frame header is given below:
version
number
bypass
flag
2
1
2 octets
control
command
flag
1
reserved
field A
spacecraft
ID
2
10
virtual
channel
ID
6
1 octet
reserved
field B
A description of the fields of the frame header is given
below:
• Version number, Reserved field A and Reserved field B
should always be 00 (ref 1).
• Bypass flag and control command flags. Their values
are given in the next table:
Bypass Flag
0
0
1
1
Control Command Flag
0
1
0
1
Interpretation
AD frames
ILLEGAL
BD frames
BC frames
• Spacecraft identifier. This field provides the identification
of the spacecraft being commanded.
2
1 octet
frame
length
8
1 octet
frame
sequence
number
8
• The SET V(R) command. The SET V(R) command
allows V(R) to be preset to any desired value. The SET V(R)
command is encoded as three octets with the values:
10000010
00000000
XXXXXXXX
The value to be set into V(R) is stored in the third octet.
Frame Error Field
The frame error field is a mandatory 16-bit field which
occupies the two trailing octets of the TC Transfer Frame. It is
a cyclic redundant code (CRC) generated with the polynom
X16+X12+ X5+1 with the shift register being initialised to all ones
before processing each frame (refer to ref 2 for a complete
description of this field). The CRC is only used for error
detection by the frame and not for error correction.
9/72
MA28140
Standard Procedures Within the Layer
The Clean Frame Validation Process
On receiving a new frame, the Clean Frame Validation
process performs the following tasks:
- the number of octets in the frame is checked to be greater
than 7 octets,
- the transfer frame is assumed to be a version 1 frame,
- the frame length field is checked to be compliant with the
real number of octets of the frame,
- the number of fill octets is verified to be minimum zero and
maximum six,
- the fill octets are removed,
- the CRC error syndrome verification is carried out.
All candidate frames passing all the preceding validation
checks are declared clean and transferred immediately to the
Legal Frame Validation process. Frames failing any of the
preceding tests are declared dirty and are erased.
The Legal Frame Validation Process
On receiving a clean frame, the Legal Frame Validation
process performs the following validation checks:
- the version number is checked to be as defined in the
ROM,
- the reserved fields A and B are checked to be as
defined in the ROM,
- the value of the spacecraft ID is checked to be as
defined in the ROM,
- the value of the Virtual Channel ID is checked to be as
defined in the ROM and by the VCLSB input,
- the Bypass and Control Command flags must combine
legally,
- the BC frames must contain a valid control command
(either UNLOCK or SET V(R)),
- for a BC or BD frame the Frame Sequence Number field
must be set to all zeros.
The LSB of the VC ID is indirectly defined from a dedicated
pin VCLSB; it allows easy configuring of a pair of redundant TC
decoders.
- VCLSB = 1: The VC ID LSB read from the ROM is
inverted.
- VCLSB = 0: The VC ID LSB read from the ROM is not
inverted.
All candidate frames passing all the preceding validation
checks are declared legal and transferred immediately to the
FARM-1 process. Frames failing any of the preceding tests are
declared illegal and erased.
The FARM-1 Process
THE FARM-1 VARIABLES
The Frame Acceptance and Reporting mechanism
(FARM-1) is described by a finite state machine represented
by the FARM-1 state table. The FARM-1 maintains a set of
variables which are described below:
• The State. This may be one of the following:
- Open (S1)
- Wait (S2)
- Lockout (S3)
This variable represents the state of the FARM-1
automaton. In Open State, the FARM-1 accepts frames
and passes them to the above layer. In Wait State, there is
no buffer space available in which to place any further
received data of type AD. The protocols leaves the Wait
State upon receipt of a buffer release signal from the
Higher Layer. Lockout is entered if the protocol machine
detects an error. It is a safe state in that no user data (AD
frames) will be accepted or transferred to the Higher Layer.
The only accepted data frames are the BD frames, but
even in this case the protocol machine remains in lockout
state. The protocol machine leaves the Lockout State upon
receipt of an UNLOCK control command.
• The Lockout Flag. This is set to 1 whenever the protocol
is in the Lockout State.
• The Wait Flag. This is set to 1 whenever the protocol is
in Wait State.
• The Retransmit Flag. This is set to 1 whenever the
protocol machine knows that an AD
frame has been lost in transmission or has been
discarded because there was no buffer space available.
This flag is reset to 0 upon the successful receipt of a
frame with N(S)=V(R), the receipt of a SET V(R) control
command (unless in Lockout State) or receipt of an
UNLOCK control command.
• FARM B counter. This is incremented whenever
a valid BD or BC frame arrives. This counter is a 2 bit
wraparound counter.
• Receiver Frame Sequence Number V(R). This
records the value of N(S) expected to be
seen in the next AD frame.
• The buffer management variable. The PTD maintains a
flag indicating the number of the back end buffer. The
AUBUF output pin provides the value of this flag (the
back end and front end buffers are represented in Figure
6). The number of the TC channel on which the data
stored in the back-end buffer has been received is
provided on the output pins (SELTC2-0).
• FARM Sliding window variables. The purpose of these
are to protect FARM-1 against the unauthorised transfer
of a sequence of frames such that the Frame Sequence
Number N(S) of one or more of these frames will exceed
the current value of the V(R) counter. The FARM Sliding
Window concept applies only to AD frames.
The FARM Sliding Window is defined in terms of two
variables:
- the width of the positive part referred to as PW
- the width of the negative part referred to as NW
The FARM Positive window area starts with V(R) and
extends PW frames in the positive direction. The FARM
Negative window starts at V(R) - 1 and extends NW frames in
the negative direction.
10/72
MA28140
POSITIVE WINDOW AREA = PW
DISCARD FRAME &
SET RETRANSMIT
FLAG
1
)+
(R
V
=
S) ACCEPT
N(
FRAME &
SET V(R)=V(R)+1
DISCARD
FRAME & GO TO
LOCKOUT
STATE
N(S)=V(R)
N(S)=V(R)-1
DISCARD FRAME
N
(S
)=
V(
R
)-N
W
LOCKOUT AREA = 256-W
N(
S)
=V
(R
)+
PW
-1
NEGATIVE WINDOW AREA = NW
Figure 5: The FARM Sliding Window Concept
A Frame Sequence Number N(S) falls outside the FARM Sliding Window i.e. in the Lockout Area when:
N(S)>V(R)+PW-1
N(S)<V(R)-NW
In this case, the Lockout flag is set.
When N(S) falls inside the FARM Sliding Window, one of the following three cases can occur:
• First case
N(S)=V(R)
The frame is accepted
• Second Case
N(S)>V(R) and
N(S)≤V(R)+PW-1
The frame is in the positive window and does not contain the expected Frame Sequence Number. The Frame is discarded
and the retransmit Flag is set.
• Third Case
N(S)<V(R) and
N(S)≥V(R)-NW
The frame is in the negative window and is discarded without any other action being taken.
11/72
MA28140
THE FARM-1 PROCESS DESCRIPTION
At the user end of the FARM-1 process the TC segments
are delivered as a buffer of accepted data. No distinction is
made between a TC segment delivered by means of an AD
frame and one delivered by a BD frame. However, the
management of the common FARM-1 back end buffer is
affected as follows:
• BD Frames:
When a frame of this type is accepted by the FARM-1, the
TC segment it contains shall be placed in the back end buffer
of the FARM-1 even if this buffer still contains data (partially
read or not ) in which case this data will be erased, an abort
signal sent to the Segment Layer to signal the erasure and the
new data signalled as arrived. This implies an Event E10.
• AD frames:
When a frame of this type is accepted by the FARM-1, the
TC segment it contains is placed in the back end buffer of the
FARM- 1 only when the buffer is available (empty). If the buffer
still contains data, the newly arrived frame is discarded
(erased) as shown by the FARM-1 state table (Event E2 in
table 1).
The definitions used in the FARM-1 State Table are listed
below:
• “Valid frame arrives” means that the Legal Frame
Validation Sublayer has placed a legal frame in the front-end
buffer. If the frame is a data frame (AD or BD) and if the FARM1 accepts it, the back end buffer is allocated for the data.
• “Accept” for an AD frame is subject to a buffer available
signal. When no back end buffer is available (Event E2) the
frame is discarded. The data is then made available for the
Authentication Layer, or the Segmentation Layer if
Authentication is disabled.
• “Accept” for a BD frame means that the TC segment is
placed in the back end buffer even when this buffer still
contains data, in which case this previous data is erased
(event E10). The Wait concept does not apply to BD frames.
The data is available for the Authentication Layer, or the
Segmentation Layer if Authentication is disabled.
S t a t e Na me
Main Feature of State
State Number
E v e nt Condit ions
N(S)=V(R)
Valid AD frame
arrives
N(S)=V(R)
N(S)>V(R)
N(S)<V(R)
i.e. inside
part of sliding
N(S)<
A buffer is
available for this
frame
E v e nt
Numbe r
E1
No buffer is
available for this
frame
E2
and
+PW-1
positive
window and >V(R)
E3
OPEN
Normal state to
accept frames
(S1)
WAI T
Wait Flag is on
S(2)
LO CKO UT
Lockout Flag is
on
S(3)
OPEN
Accept frame,
V(R):=V(R)+1R
etransmit
Flag:=0
WAI T
Not applicable
LO CKO UT
Discard
Discard
(S3)
Discard
(S2)
Discard,
Retransmit
Flag:=1
(S2)
Discard
(S3)
Discard
(S1)
(S2)
(S3)
(S1)
Discard,
Retransmit
Flag:=1,
Wait Flag:=1
Table 1: The FARM-1 State Table
12/72
MA28140
E v e nt Condit ions
N(S)<V(R) and N(S)>
(Cont') Valid
V(R)-NW i.e. inside
negative part of sliding
window
AD frame
N(S)>V(R)+PW-1 and
arrives
N(S)<V(R)-NW i.e.outside
sliding window
E v e nt
Numbe r
E4
OPEN
Discard
WAI T
Discard
LO CKO UT
Discard
E5
(S1)
Discard
(S2)
Discard
(S3)
Discard
Lockout
Flag:=1
Lockout
Flag:=1
(S3)
Accept, Increment
FARM-B Counter
(S3)
Accept, Increment
FARM-B Counter
(S3)
Accept, Increment
FARM-B Counter
(S1)
Increment FARM-B
Counter,
Retransmit Flag:=0
(S2)
Increment FARM-B
Counter,
Retransmit Flag:=0,
Wait Flag:=0
(S3)
Increment FARM-B
Counter,
Retransmit Flag:=0,
Wait Flag:=0, Lockout
Flag:=0
(S1)
Increment FARM-B
Counter,
Retransmit Flag:=0
V(R):=V*(R)
(S1)
Increment FARM-B
Counter,
Retransmit Flag:=0
Wait Flag:=0
V(R):=V*(R)
(S1)
Increment FARM-B
Counter,
E9
(S1)
Discard
(S1)
Discard
(S3)
Discard
E10
(S1)
Ignore
(S1)
Wait Flag:=0
(S3)
Wait Flag:=0
(S1)
Report value of:
V(R),
Lockout Flag,
Wait Flag,
Retransmit Flag,
FARM-B Counter
(S1)
Report value of:
V(R),
Lockout Flag,
Wait Flag,
Retransmit Flag,
FARM-B Counter
(S3)
Report value of: V(R),
Lockout Flag,
Wait Flag,
Retransmit Flag,
FARM-B Counter
E6
Valid BD frame arrives*
E7
Valid Unlock BC frame arrives
E8
Valid Set V(R) to V*(R) BC frame arrives
Invalid frame arrives
Buffer release signal
E11
CLCW report time
(S2)
(S1)
* Note: Event E6 implies that Event E10 also occurs. When in state S2, an event E6 will lead to state S1.
(S3)
Table 1: The FARM-1 State Table (continued)
13/72
MA28140
Buffer Management
Once the data is validated (Clean, Legal and Frame
Validation processes passed), it is transferred from the frontend buffer to the back-end buffer for use by the segmentation
layer. Only one back-end buffer is managed by the PTD. This
mechanism is depicted in figure 6 below:
N Segment Reception
FRONT END BUFFER
Segment n
Coding and
Transfer
Layers
Segmentation Layer
Segment n-1
Applications
CPDU
CPDU I/F
BACK END BUFFER
Segment n-1
CPDU BUFFER
N+1 Segment Reception
BACK END BUFFER
Segment n
Coding and
Transfer
Layers
Segmentation Layer
Segment n+1
Applications
CPDU
CPDU I/F
FRONT END BUFFER
Segment n
CPDU BUFFER
Figure 6: Buffer Management
14/72
MA28140
4.3 AUTHENTICATION LAYER
Overview of the Layer
Structure of the Authenticated Segments
This optional layer is implemented on-chip but a
connection to an external Authentication Unit is also
implemented in case another implementation is desired. The
choice of the AU is done by means of a dedicated
configuration input AUEXT:
The TC segment is the protocol data unit of the
Segmentation Layer. The general format of an authenticated
TC Segment is specified in Section 10 of ref.1. The particular
format of an authenticated TC segment for the PTD is the
following:
(a) The length of the signature field of the Authentication
Tail is 5 octets.
(b) The length of the Authentication Tail is 9 octets (5 octets
for the signature + 4 octets for the LAC); the maximum length
of the TC Segment is 249 octets (Segment Header (1 octet) +
Segment Data Field (239 octets) + Authentication Tail (9
octets)), and its minimum length 10 octets (Segment Header (1
octet) + Authentication Tail (9 octets)).
SEGMENT
SEGMENT
SEGMENT HEADER
DATA FIELD
TRAILER
Sequence
MAP
(optional)
Flags
Identifier
2 bits
6 bits
variable
9 octets
<----------------1 octet ------------><----- from 9 to 248 octets ------>
The segment trailer is optional and has a fixed length of 9
octets. The following table summarizes the management of the
Segment Trailer.
Ty pe of
Aut he nt ic a t ion
Internal AU
Ty pe of Fra me
S e gme nt Tra ile r
External AU
Authenticated frame
Not authenticated frame
Authenticated frame
AU disable
Not authenticated frame
All
segment trailer (9 octets length)
no segment trailer
segment trailer (9 octets length)
if AuTsl=0,
no segment trailer if AuTsl=1
no segment trailer
no segment trailer
The selection of MAPs that are deemed to carry
authenticated TC segments takes into account the possibility
to associate MAP IDs in pairs when packet re-assembly is
required. Therefore, authenticated MAPs are selected by
pairs, using the 5 LSBs of the MAP identifier field of the
Segment Header. The selection mechanism is such that it will
point at the last pair of MAP identifiers (counting upwards from
MAP 0) that carries authenticated segments. The value
identifying this particular pair of identifiers is called the
Authenticated MAP ID Pointer and is stored in ROM.
For example, selecting MAP 4 (i.e. Authenticated MAP ID
Pointer = 4) means that the first 5 pairs of MAPs (i.e. MAP 0
and 32, MAP 1 and 33, MAP 2 and 34, MAP 3 and 35, MAP 4
and 36) are expected to carry authenticated TC segments.
• AUEXT = 1: the internal AU is disabled and the external
AU is used,
• AUEXT = 0: the internal AU is used and the external AU
is disabled.
MAP 63 is reserved for AU configuration commands when
authentication is disabled. It is possible to bypass this layer
(when no authentication is required) by means of a dedicated
configuration input AUDIS. In this case, segments are passed
directly to the segmentation layer .The values of the AUDIS pin
are:
• AUDIS = 1: the internal or external AU is disabled,
• AUDIS = 0: the internal or external AU is enabled.
When the AU is disabled, the TC segment does not have
an AU tail (the last nine octets are not deleted), the
Authenticated MAP ID Pointer has no meaning and MAP 63 is
considered as a standard MAP (the data is output on MAP
number 63 without removing the AU tail).
An 80 bit length status, AUS, is generated by this block and
fetched by the telemetry system in order to send it back to the
ground segment.
The Authentication Processor
The authentication method specified in references 1 and 2
consists of generating a 40-bit digital signature using a
transformation under a secret key applied to the TC Segment.
This authentication signature is appended to the TC segment
and guarantees to the recipient that the TC Segment is
authentic with respect to its sender and its contents.
An incoming TC Segment is authenticated by performing
the same transformation made by the transmitting end, and by
comparing the received signature with the onboard-generated
one. A functional diagram of the Authentication Processor is
shown below. There are four main parts:
- the Hashing Function;
- the Hard Knapsack;
- the Deletion Box;
- the Signature Comparator.
They are described in the next four subsections. Not
apparent on the functional diagram of Figure 7 is the
organisation of the secret Authentication Keys stored in the
Authentication Processor. This is described in the section on
AU Control Commands on page 18.
15/72
MA28140
THE HASHING FUNCTION
THE HARD KNAPSACK
One purpose of the Hashing Function is to compress the
variable amount of data bits constituted by the extended
message x into a pre-signature P of fixed length (60 bits). The
device realising the Hashing Function is a 60-bit linear
feedback shift register (LFSR), as shown in Figure 8. The 60
feedback coefficients C0, C1,......,C59 are part of the
Authentication Key.
The LFSR is initialised to the 60-bit value P’ = 1000....000
(where Bit P0 = 1) before the process of each authenticated
TC Segment begins. P will be the value in the LFSR after the
last bit of the variable-length extended message x has been
shifted in. The extended message x (x = [m,l,z]) consists of the
following data elements, placed one after the other in that
order:
The purpose of the Hard Knapsack is to ensure that it is not
possible to deduce the presignature P from the signature S.
The Hard Knapsack is based on the concept of the modular
knapsack. It consists of 60 weights (numbered from W0 to
W59, each weight being 48 bits long) and is defined by the
following transformation:
j=59
S' = (∑PjWj) mod 248
j=0
where the bits Pj of the presignature P select the
corresponding weights Wj of the knapsack.
The result is the 48-bit knapsack sum S’. The most
significant bit of the sum is called S’0.
THE DELETION BOX
- the received message m, i.e., the TC Segment
(variable from 1 to 240 octets) without the
Authentication Tail;
- the received LAC value l, i.e., 4 octets (2 bits of LAC
ID, plus 30 bits of LAC Count);
The Deletion Box deletes the 8 least significant bits of the
48-bit knapsack sum S’, i.e., bits S’40 through S’47. The result
is the 40-bit authentication signature S (numbered from Bit 0 to
Bit 39, as for signature s).
- three octets of virtual fill z, consisting of 24 zeros.
THE SIGNATURE COMPARATOR
The purpose of the 24 bits of virtual fill is to ensure that the
Hashing Function is provided with a minimum of data bits. The
24 bits of virtual fill z are generated by the PTD. Note that since
m (the TC Segment) cannot be equal to zero, the total length of
an authenticated TC Segment (i.e., [m,l,s]) cannot be smaller
than 10 octets (Segment Header (1 octet) + Authentication tail
(9 octets)). Anything smaller than 10 octets is rejected as being
too short.
TC
Segment
(m, l, s)
The Signature Comparator compares the received 40-bit
signature s with the onboard generated 40-bit signature S.
m
l
x
Hashing
Function
P
Hard
Knapsack
S'
Deletion
Box
z
S
s
Signature
Comparator
Figure 7: Functional Diagram of the Authentication Processor
16/72
Signature Valid
S
MA28140
x (i)
P0 (i)
P1 (i)
C0
P2 (i)
C1
C2
P3 (i)
P59(i)
C3
C59
Figure 8: Realisation of the Hashing Function
THE LAC COUNTERS
THE AUTHENTICATION KEY
The Authentication Key consists of:
60 x 48-bit Hard Knapsack Weights =
2880 bits = 360 octets
60 x 1-bit Hashing Function coefficients =
60 bits =
8 octets
Full Authentication Key =
2940 bits = 368 octets
The system includes two such 2940-bit keys:
- a fixed, mission-unique Authentication Key, called the
Fixed Key;
- an in-flight programmable Authentication Key, called the
Programmable Key.
(a) Fixed Key
The Fixed Key is required for start-up and emergency
(recovery) operations. The Fixed Key is stored in the external
ROM as part of the Mission-Specific Data.
(b) Programmable Key
The Programmable Key is required for all normal
operations. The contents of the Programmable Key reside in
the RAM where it can be modified by means of Authentication
Control Commands specifically defined for that purpose. The
format of these Change Programmable Key Block Control
Commands, which are specified in the section on AU Control
Commands (page 18), allows any 5-octet block to be modified
starting at any of the 368 octet boundaries.
The Supervisor
The Supervisor consists of four main parts:
- the Logical Authentication Channel (LAC) Registers;
- the Final Authorisation Function;
- the Control Command Processor;
- the Deletion Function.
A LAC Counter is basically a 30-bit counter which is used
to associate every TC segment with an authentication
sequence number. The purpose of this number is to protect the
system against attacks by ensuring that identical TC segments
will not have the same signature except at very large intervals
of time. The LAC counter is incremented by one every time a
TC segment is successfully authenticated (and only then). The
LAC counter value used for authenticating each TC segment is
uplinked with each signature.
Three LAC Registers are provided:
- one Principal LAC register (LAC ID = 00);
- one Auxiliary LAC register (LAC ID = 01);
- one Recovery LAC register (LAC ID = 10).
Bits 0 and 1 of the LAC are fixed in order to select the LAC
Register to be used for the final authorisation of a TC
Segment. For what concerns the 30 bits of LAC Count (Bits 2
through 31, where the LSB is Bit 31), they are implemented as
follows:
- The Principal and Auxiliary LAC counters have 30 bits.
- The Recovery LAC counter has 8 bits (the LSBs 24-31)
whereas the remaining 22 bits (2-23) are permanently
set to 1.
THE FINAL AUTHORISATION FUNCTION
When the received signature s of a TC Segment compares
with the onboard-generated signature S, the contents of the
received LAC Count field is compared with the contents of the
indicated LAC Register. If both contents are found equal, there
are two cases:
- The TC Segment was transferred on a MAP to be
authenticated with a MAP ID lower or equal to the MAP ID
pointer. In this case, the TC Segment is authorised for
transfer to the Segmentation Layer.
They are briefly described in the next four subsections.
17/72
MA28140
- The TC Segment was transferred on MAP 63 (i.e., MAP
111111), which is dedicated to the transfer of Authentication
Control Commands. In this case, the Control Command
Processor is authorised to further process the TC Segment,
which will never be transferred to the Segmentation Layer.
In both cases, the contents of the indicated LAC Register is
incremented by one.
DUMMY CONTROL COMMAND
The purpose of this command is to serve as NOP (No
Operation) for testing purposes. After being authenticated, this
Control Command will have no effect. However, since the AU
has authenticated the Dummy Segment, the contents of the
LAC Register used during the authorisation process have
been incremented and a telemetry report prepared
accordingly.
THE CONTROL COMMAND PROCESSOR
The function of the Control Command Processor is to
execute the special TC Segments called Authentication
Control Commands after being authorised by the Final
Authorisation Function. The formats of the various
Authentication Control Commands are specified in the section
on AU Control Commands next. Any TC Segment not
conforming to the specified formats (i.e., both in length and in
contents) are rejected and reported as not executable.
SELECT KEY CONTROL COMMANDS
(a) Select Fixed Key
The AU selects the Fixed Key prior to authenticating the TC
Segment:
- If authentication is successful, the Fixed Key remains
selected.
- If authentication is unsuccessful, the key previously in
use remains selected.
THE DELETION FUNCTION
The Deletion Function deletes the Authentication Tail of all
TC Segments authorised by the Final Authorisation Function.
The complete authentication process is meant to be
transparent to an observer placed at the receiving end of the
Segmentation Layer.
AU Control Commands
It is necessary to differentiate TC Segments containing the
Authentication Control Commands required to reconfigure the
AU. This is done by allocating the TC Segment Header
contents “all ones” to these particular segments, i.e.:
- Sequence Flags set to 11 (Unsegmented)
- MAP ID set to 111111 (MAP63)
TC Segments containing the Authentication Control
Commands shall always be authenticated. The formats of the
Authentication Control Commands are organised in three
groups as follows:
- One octet of TC Segment Header for all three groups.
- One octet following the Segment Header to specify the
Control Command Identifier
- Zero, four or eight octets of Control Command Data
Field, depending on the group.
Table 2 gives the complete list of Authentication Control
Commands, with Group numbers, Control Command IDs and
Command Names. Table 3 shows the format of the TC
Segment for each Group, complete with Authentication Tail.
Each Control Command is specified in the next subsections.
18/72
(b) Select Programmable Key
The AU selects the Programmable Key for authentication
of the TC Segment:
- If authentication is successful, the Programmable Key
remains selected.
- If authentication is unsuccessful, the key previously in
use remains selected.
LOAD FIXED KEY IN PROGRAMMABLE KEY MEMORY
CONTROL COMMAND
This command reloads the Fixed Key set in the
Programmable Key memory with a single command
instruction. The key used for authenticating the TC Segment
containing the Control Command will be whatever key was
selected in the AU at the time the command was transmitted.
SET NEW LAC COUNT VALUE CONTROL COMMAND
The purpose of this Control Command is to set the value of
one of the three programmable LAC Counters: Principal,
Auxiliary or Recovery with LAC Identifiers 00, 01 and 10
respectively. If the LAC Identifier is set to 11, the command is
not executed and reported as not executable. As soon as the
TC Segment is authorised by the authentication process, the
specified LAC Count value is forced into the selected LAC
Register. Note that the 22 MSBs of the 30-bit Recovery LAC
Register are permanently set to all ones, therefore those same
bits in a Set New Recovery LAC Count Value Control
Command are ignored by the AU. The key used for
authenticating the TC Segment containing the Control
Command will be whatever key was selected in the AU at the
time the command was transmitted.
MA28140
GRO UP
CO NTRO L CO MMAND
IDENTIFIER (8 BITS)
0000 0000
CO MMAND NAME
0000 0101
SELECT FIXED KEY
0000 0110
SELECT PRO GRAMMABLE KEY
0000 0111
0000 1001
0000 1010
LO AD FIXED KEY IN PRO GRAMMABLE KEY MEMO RY
SET NEW LAC CO UNT VALUE
CHANGE PRO GRAMMABLE KEY BLO CK A
0000 1011
CHANGE PRO GRAMMABLE KEY BLO CK B
DUMMY
GRO UP 1
GRO UP 2
GRO UP 3
Table 2: List of Authentication Control Commands
1 octet
Segment Header
11111111
1 octet
Control Command Identifier
00000***
9 octets
Authentication Tail
LAC+Signature
Group 1 Control Command, 11 Octets
1 octet
Segment Header
11111111
1 octet
Control Command
Identifier
00001001
4 octets
LAC value to be set
LAC ID 2 bits
9 octets
Authentication Tail
LAC Count 30 bits
LAC + Signature
Group 2 Control Command, 15 Octets
1 octet
Segment Header
11111111
1 octet
Control Command
Identifier
0000101*
1 octet
7 octets
Start Address of
Key specific pattern
new 40 bit Keyblock
to be encoded
9 octets
Authentication Tail
LAC+Signature
Group 3 Control Command, 19 Octets
Table 3: Formats of Authentication Control Commands (Full TC Segment)
19/72
MA28140
CHANGE PROGRAMMABLE KEY BLOCK CONTROL
COMMANDS A AND B
Two such Control Commands are provided to cover the full
size of the Programmable Key:
- Command A concerns the first 256 octet boundaries.
- Command B concerns the last 112 octet boundaries.
It is possible to load a 5-octet (40 bits) block starting from
any of the 368 octet boundaries. Any transmission using the
unused boundaries of Command B (from 113 to 255) is
ignored and reported as non-executable. The key used for
authenticating the TC Segment containing one of these
Control Commands will be whatever key was selected in the
AU at the time each Control Command was received. Once the
TC Segment has been authorized by the authentication
process, the TC Segment, minus the 40-bit signature s (i.e.
[m,l]) is complemented and passed once more through the
RAM
Mapping
signature-building process, i.e. through the Authentication
Processor. The 24 bits of virtual fill z are inserted as before,
i.e., they are not complemented, but remain all zeros. The
result of the process is a 40-bit pseudo-signature which,
instead of being sent to the Signature Comparator, is loaded in
the Programmable Key memory, starting at the octet location
indicated by the start address field, as follows:
- Bits 32 through 39 of pseudo-signature at the indicated
octet location;
- Bits 24 through 31 of pseudo-signature at the next
location (start address + 1);
- And so on, until Bits 0 through 7 are loaded at location
start address + 4.
Any arbitary procedure can be used for changing the key,
starting from any of the 368 octet boundaries.
Address provided in the
Control command (decimal)
000
40
W0 (40 to 47)
47
201
001
32
W0 (32 to 39)
39
202
002
24
W0 (24 to 31)
31
203
003
16
W0 (16 to 23)
23
204
004
8
W0 (8 to 15)
15
205
005
0
W0 (0 to 7)
7
206
006
40
W1 (40 to 47)
47
207
007
32
W1 (32 to 39)
39
255
16
W42 (16 to 23)
23
000
8
W42 (8 to 15)
15
367
103
0
W59 (0 to 7)
7
368
104
369
105
55
C (55 to 48)
48
36A
106
47
C (47 to 40)
40
36B
107
39
C (39 to 32)
32
36C
108
31
C (31 to 24)
24
36D
109
23
C (23 to 16)
16
36E
110
15
C (15 to 8)
8
36F
111
7
C (7 to 0)
0
300
Bank B
2FF
Bank A
200
59
C (59 to 56)
56
Figure 9: Organisation of the Programmable Key Memory
20/72
Note: Bit 0 is the MSB
MA28140
4.4 SEGMENTATION LAYER
Segment Data Field
Overview of the Layer
The segment data field may vary from 0 to 248 octets
maximum. When the optional Segment Trailer is used, the
maximum length of the segment data field will be reduced by 9
octets.
The segmentation layer provides the means to distribute
several distinct streams of variable-length data units (e.g. the
TC packets) to different applications by providing a number of
service access points called the Multiple Access Points
(MAPs). The data flow on each stream can be controlled by the
receiving application using handshake control.
A TC segment consists of three distinct protocol data
elements:
- an 8-bit segment header, the purpose of which is to
identify the MAP connection and flag the sequential
position of the segment relative to the complete TC
Packet,
- a segment data field, of maximum length 248 octets,
which contains all or a portion of a TC Packet,
- the 9-octet Segment Trailer specific to authenticated
segments is removed by the authentication layer.
Standard Data Structures Within the Layer
The structure of the TC segment is given below:
SEGMENT DATA
SEGMENT HEADER
FIELD
Sequence
MAP
Flags
Identifier
2 bits
6 bits
variable
<--------------- 1 octet ------------><- from 0 to 248 octets ->
The following segmentation layer functions are
implemented in the PTD:
- the back-end buffer for the accepted TC segment. The
back-end buffer is shared between the Transfer Layer
and the Segmentation Layer.
- the MAP interface.
Upon reception of a new segment the Segment Layer
performs the following operations:
- Checks whether the segment is authenticated or not.
- Starts the AU process if the segment is authenticated
and if the AU is not disabled. The Segment Layer waits
for the completion of the AU process (internal or external).
A security mechanism is implemented, in case of AU
locking mechanism the user can stop the AU process by
activating the AU disable signal. In this case, the segment
layer stops waiting for the AU completion process and the
content of the back end buffer is lost.
- Checks if the frame is a CPDU command (MAP 0). In
this case, the CPDU layer is activated and no data is
output on the MAP interface.
- Checks if the frame is an AU command (MAP 63) and
the AU is not disabled. In this case no data is output on
the MAP interface.
Segment Header
The Segment Header is the first octet (octet 0) of the TC
segment structure. The Segment Header is divided into two
major fields as follows:
- Sequence Flags (bits 0 & 1): this field is used by the
segmentation protocol to indicate the sequential position
of the segment relative to the complete data unit (e.g. the
TC Packet). The flags are interpreted as follows:
Bit 0 (MSB)
0
0
1
1
Standard Procedures Within the Layer
Bit 1
1
0
0
1
- For a MAP 1 to 62 and for MAP 63 if the AU is disabled,
the data is provided in serial or in parallel via the MAP
interface. The MAP output frequency for serial MAP is
selectable by reading a value associated with each MAP
in the external ROM (see section 5.2).
Interpretation
First segment
Continuation segment
Last segment
Unsegmented
When the flags are set to 11 this means that the TC
Segment Data Field contains an entire TC Packet. Except for
the CPDU described in section 4.5, these flags are ignored by
the PTD.
- Multiplexed Access Point (MAP) Identifier: this 6-bit field
enables up to 64 MAP connection addresses to be associated
with a single Virtual Channel. The PTD supports MAP 1 to 63
as externally available MAPs. MAP 0 is dedicated to the
CPDU. MAP 63, when AU is enabled, is reserved for AU
commands; when the AU is disabled, MAP 63 is processed by
the segment layer like a standard MAP (see section 4.3).
21/72
MA28140
A short description of the fields of the CPDU Packet is
given below:
4.5 COMMAND PULSE DISTRIBUTION UNIT
General Requirements
The CPDU is a simple unit that is solely accessible from
ground. The aim of this unit is to generate pulses to drive
certain actuators (e.g. relays). The CPDU is identified by the
Application Process Identifier placed in the TC Packet Header.
The Application Identifier of the CPDU is programmable in
ROM at addresses 006 and 007.
Functional Description
The CPDU receives TC segments, each segment
containing a complete TC Packet. TC segments having a MAP
equal to zero are carrying CPDU commands. It must be noted
that if the internal AU is enabled, MAP0 segments are always
authenticated. When a new segment carrying CPDU
commands has arrived, two cases are possible:
- the CPDU is still executing previous CPDU commands. In
this case, the incoming TC segment is ignored, whether it was
transferred in an AD or BD transfer frame.
- the CPDU is idle. The incoming TC segment is copied
from the back end buffer to the CPDU buffer for checking and
execution by the CPDU.
An important point must be noted: there is no packetisation
layer abort command associated with the CPDU. Once it has
accepted a TC Packet, the CPDU cannot release it until all
command instructions specified in that packet have been
executed.
The CPDU performs first the clean validation process
which verifies the complete packet (CRC, packet length,
segmentation flags). If the clean validation process is
successful, the CPDU performs the legal validation process,
which checks the content of the Packet Headers. The result of
the two previous verifications is reported in the 16 bits CPDU
status. For a dirty or illegal CPDU Packet, the CPDU buffer is
erased. The execution of the CPDU commands is possible
only if all the verifications succeed.
- version number: 3-bit field occupying the 3 MSBs of the
packet header. To be compliant with ref.1, these 3 bits should
be 000.
- type bit: this bit identifies if the Packet is telemetry type
(type bit = 0) or telecommand type (type bit = 1). To be
compliant with ref 1, this bit should be set to 1.
- data field header flag: this indicates the presence (data
field header flag = 1) or absence (data field header flag = 0) of
a data field header within the packet data field. To be
compliant with ref 1, this bit should be set to 0.
- application process identifier: this field identifies the
particular process to which the CPDU Packet is sent.
- sequence flags: this two-bit field indicates if the packet is
a first, last or intermediate component of a higher layer data
structure. For CPDU Packets, these two bits shall be equal to
11.
- packet sequence count: this 14-bit field allows a particular
TC Packet to be identified with respect to others occurring
within a telecommand session. This field is reported in the
CPDU status for clean and legal CPDU packets.
- packet length: this field specifies the number of octets
contained within the packet data field, by indicating the number
of octets in data field minus 1.
- packet data field: this field contains the CPDU commands
and the CRC for packet error control.
Checking the CPDU-Specific TC Packet
The CPDU Packet format is shown below:
PACKET HEADER (48 bits)
PACKET IDENTIFICATION
version
number
type
3
1
16
22/72
PACKET
SEQUENCE
CONTROL
data field
header
flag
application
process
ID
Sequence
Flags
1
11
2
PACKET
LENGTH
PACKET DATA FIELD
(variable)
DATA
APPLICPACKET
FIELD
ATION
ERROR
HEADER
DATA
CONTROL
Packet
Name or
Sequence
Count
14
16
16
variable
variable
16
MA28140
The CPDU Packet is checked in two steps: the clean
validation process and the legal validation process. The clean
verification process performs the following tests:
- correct CRC (last two octets of the Packet contain a 16-bit
CRC calculated using the same algorithm as used for the TC
transfer frame, see section on transfer frame) to verify that
there is no error in the Packet.
- the TC Segment Segmentation Flags (in Segment
Header) are equal to 11.
- the CPDU Packet length is checked to be an even
number of octets, greater than or equal to 10 octets and less
than or equal to 248 octets: 10 octets ≤ TC Packet length =
even number of octets ≤ 248 octets. The CPDU Packet length
is read from Packet Header octets 5 and 6.
- consistency between the actual number of octets making
up the CPDU Packet and the Packet length field. To achieve
this, the Packet Header octet 5 is checked to be zero and the
Packet Header octet 6 is checked to be consistent with the
effective packet length.
At this level, if the packet is found to be error-free, it is
declared clean and the process continues. Otherwise, the
complete CPDU packet is erased.
The legal verification process performs the lollowing tests
on the Packet Header (see ref 1, Section 8):
- the first octet of the Packet Header (version number &
type bit & data fields header flag & 3 MSBs of Application
Process Identifier) is compared with the value programmed in
ROM at address 006.
- the second octet (8 LSBs of Application Process
Identifier) is compared with the value programmed in ROM at
address 007.
- in the third octet (sequence flags & 6 MSBs of packet
name or sequence count), only the sequence flags field is
checked by the PTD to be equal to 11. The packet name or
sequence count is not verified, it is only reported in the CPDU
status.
- the fourth octet (8 LSBs of packet name or sequence
count) is not tested since the packet name or sequence count
is not verified. It is only reported in the CPDU Status.
If the above check succeeds, the TC Packet is declared
legal and its Application Data (command instructions) read out
and executed as described in the next subsection. If the check
fails, the Packet is erased.
Processing the Application Data
The CPDU receives a segment from the segment layer and
stores it for further processing in the CPDU buffer provided in
RAM. At the same time, the clean process is performed. This
segment duplication is necessary due to delayed command
execution. The duration of the transfer is equal to:
Td = Nb * Tacc
where Nb is the number of octets of the TC segment
(including AU tail), and Tacc is the duration of three RAM
accesses Read - Write - Read (the last read is used for
computing the CRC with data effectively stored in RAM). Tacc
can be estimated to 20*Tck (5 µs for a clock frequency of 4
MHz).
The application data of the CPDU packet should consist of
at least one command instruction in the form of one double
octet, or several of such double-octet command instructions,
up to the maximum capacity.
Each double octet should be formatted as follows:
• first octet: specifies one of 256 Command Pulse outputs.
The command distribution shall be made by an external
demultiplexer (256 possible command pulse outputs).
• Second octet: specifies the duration of the Command
Pulse to be issued on the specified output as follows:
- the 5 MSBs are ignored by the CPDU,
- the 3 LSBs specify the duration of the Command
Pulse, which is equal to about 2X multiplied by D
where X is the value of the 3 LSBs and
D = 40960 clock periods for CPDUDIV=0,
D = 8192 clock periods for CPDUDIV=1.
(see section 5.5 for exact figures.)
When there is more than one command instruction in the
CPDU Packet, each instruction is executed one after the other
in the same sequence as in the packet.
The maximum capacity of the CPDU packet is:
• 248 octets corresponding to 120 command instructions if
the Internal or External Authentication Unit is disabled
(AUDIS=1) or if the External Authentication Unit is enabled
(AUEXT=1 and AUDIS=0) and AUTSL=1.
• 238 octets corresponding to 115 command instructions if
the Internal Authentication Unit is enabled (AUEXT=0 and
AUDIS=0) or if the External Authentication Unit is enabled
(AUEXT=1 and AUDIS=0) and AUTSL=0.
For the calibrated pulses being output on the CPDUEN pin,
the pulse amplification shall be made by external hardware.
The CPDU provides a 16 bit status, CPDUS, that can be
fetched by the telemetry system. The different fields of the
CPDU status are detailed later.
23/72
MA28140
4.6 TELEMETRY REPORTING
General Description
Telemetry reporting is essential to the normal operation of
the telecommand data communication system.
Data Reports are not modified during telemetry readout. In
particular they are not affected by the arrival of new report
data. If the telemetry interface sampling rate is slower than the
rate at which new data reports are generated, a double register
mechanism ensures that the complete data report is read out.
CLCW Status Report
The Command Link Control Word (CLCW) is a standard
reporting data structure of the Packet Telecommand System. It
is a four-octet word generated by the spacecraft, the PTD
generating only the 2 least significant octets of this CLCW
which are described hereafter.
Bits
0 (MSB)
1
2
3
4
5,6
7
8 - 15 (LSB)
Value
0
Meaning
No RF Available
No Bit Lock
Lock Out
Wait
Retransmit
FARM B Counter
Report Type
Report Value
• Report Value. This field is maintained by the FARM-1 and
contains the next expected frame sequence number V(R).
The first bit to be read in serial mode is Bit 0 (MSB). The
interface for reading the CLCW status is specified in
section 5.3.
CPDU Status Report
The CPDU Status report consists of 16 bits of status data
formatted as follows:
Bits
Value
0,1
00
01
10
11
2 - 15 (LSB)
all 1
all other
values
Meaning
Cold Start
Last TC Packet accepted legal
Last TC Packet accepted clean,
but erased as not legal
Last TC Packet erased as not
clean
Cold Start
Packet Sequence Count (or
Name) of last legal CPDU
Packet
The first bit to be read out in serial mode is Bit 0 (MSB).
Legal and Clean concepts are defined previously. The
telemetry interface used to read out the CPDU Status Report is
fully described in section 5.3.
Each CLCW field is specified in the next paragraphs:
AU Status Report
• No RF Available. This field is dedicated to the Physical
Layer, i.e. the RF Transponders. When this field is 1, the
RF physical connection is not available through any of the
spacecraft transponders. When it is 0, the RF connection is
available through at least one of the spacecraft
transponders. This information is provided to the PTD by
an input pin called RFAVN.
The AU Status Report consists of 80 bits (i.e. 10 octets) of
status data formatted as follows:
• No Bit Lock. This field is dedicated to the Physical layers,
and monitors the presence of the spacecraft
demodulation. When this field is 1, all the TC Active Signals
(0 to 5) are zero at the PTD input pins. When it is 0, at least
one of the TC Active signals is set to 1.
• Lockout Flag. If 1, this field indicates that the FARM- 1 is
in the Lockout state.
• Wait Flag. If 1, this field indicates that the FARM- 1 is in a
Wait state.
• Retransmit Flag. If 1, this field indicates that an AD frame
has been lost in transmission or has been discarded
because there was no buffer space available.
• FARM B counter. This 2 bit field contains a wraparound
up-counter (modulo 4) of each TC frame of type BC or BD
declared valid by the Legal Frame Validation process, and
therefore acceptable by the FARM-1.
• Report Type. In the PTD it is always 0 in accordance with
reference 1.
24/72
Bits
Value
0,1
2 - 31
00
32,33
34 - 63
01
64
65 - 71
72 - 79 (LSB)
0000000
Meaning
Permanently set to 00
Current value of the contents of
the Principal LAC counter. The
LSB of the LAC counter value is
in bit 31
Permanently set to 01
Current value of the contents of
the auxiliary LAC counter. The
LSB of the LAC counter value is
in bit 63
Key in use by AU:
0 fixed key in use
1 Programmable key in use
Permanently set to 0 (reserved
for future use)
Current value of the 8 LSBs of
the recovery LAC counter. The
LSB of the LAC counter value is
in bit 79.
The first bit to be read in serial mode is bit 0 (MSB).
The AU Status report is implemented by using a double
register mechanism located in the external RAM. In the case of
external AU, the external AU can write the AU Status in RAM.
The number of the buffer is given by the AUS pin and the
toggling mechanism of the AU Status buffer is locked by the
PTD when the signal AUST ( External AU Start) is high. The
telemetry interface used to read the AU status report is
described in section 5.3.
MA28140
Frame Analysis Report
The FAR is required for proper testing and check-out of the TC Decoder. The FAR consists of 32 bits of survey data formatted
as follows:
BI TS
0 (MSB)
V ALUE
0
1
000
001
010
011
100
101
110
111
FRAME ANALYSIS
Note: The report of the lowest rank (i.e. of lowest 3-bit value) has
precedence in case of conflicting states.
Abandoned CLTU (see Note 1)
Frame declared dirty
Frame declared illegal for one reason
Frame declared illegal for multiple reasons
Frame (AD) discarded because of LOCKOUT
Frame (AD) discarded because of WAIT
Frame (AD) discarded because of N(S) or V(R)
Frame (AD, BD or BC) Accepted by FARM-1
000
001
010
011
100
101
110
111
LEGAL/ILLEGAL FRAME QUALIFIER
Not e : When a frame is declared ILLEGAL for multiple reasons,
only the reason of the first rank (i.e. of lowest 3-bit value) is
reported. The fields mentioned are those of the frame header.
No illegal report (or Cold Start)
Error in fixed fields (Version & Reserved)
Illegal combination (AC) of Bypass & Control Command Flags
Wrong Spacecraft ID
Wrong VC ID (because of Bits 0 to 4 of ID)
Wrong VC ID (because of Bit 5 of ID)
N(S) of BC or BD frame not set to all 0
Wrong BC frame data format (not executable)
1,2,3
4,5,6
xxxxxx
COUNT OF ACCEPTED CODE BLOCKS PER CLTU
Straight 6-bit binary count of correct or single-error-corrected
codeblocks in one CLTU; (Cold Start value: 000000)
xxx
COUNT OF SINGLE-ERROR CORRECTIONS PER CLTU
Straight 3-bit binary count, saturates at maximum value, no roll
over. (Cold Start value:000)
7 - 12
13,14,15
00
01
10
11
LEGAL FRAME QUALIFIER (4 STATES)
AD frame
No report on legal frame (or Cold Start)
BD frame
BC frame
xxx
SELECTED CHANNEL INPUT (MAXIMUM CAPABILITY : 6
INPUTS)
(Cold Start value : 111)
16,17
18,19,20
21 - 26
xxxxxx
27
ME ANI NG
STATUS OF SURVEY DATA
New survey data (or Cold Start)
Old survey data
0
28,29,30
000
001
010
011
LAST MAP ADDRESSED (64 MAPS)
(Cold Start value : 111111)
RESERVED BY ESA (set to 0)
AUTHENTICATION PROCESS ANALYSIS
No authentication report (or Cold Start)
AUTHORISED SEGMENT QUALIFIER
Authorised data segment
Authorised (and executable) Authentication Control Command
Authorised dummy segment received
25/72
MA28140
BI TS
V ALUE
100
101
110
111
31 (LSB)
0
ME ANI NG
REJECTED SEGMENT QUALIFIER
Error in Signature
Error in LAC
Wrong format (not executable) of authorised Authentication
Control Command (includes Segment Header)
Wrong length of TC Segment prior to being authenticated
(authorised), i.e. length shorter than 10 octets
set to 0
A few specific points need to be detailed:
Note 1: The abandoned CLTU state (000) is used to
indicate:
• the Cold Start
• a first TC codeblock of CLTU was abandoned (erased)
because of event 4 or event 2
• an event E2(a) channel deactivation occurs (see section
4.1)
• an event E2(b) CLTU error occurs (see section 4.1)
In the case of an Abandoned CLTU the Legal/lllegal
Frame Qualifier (bits 4, 5, 6) is set to 000 and the Legal
Frame Qualifier (bits 16, 17) is set to No Report on Legal
Frame (01).
Note 2: The rejected segment qualifier in the
Authentication process analysis has the following
prioritisation:
• 111 Too short TC segment has the highest precedence,
followed by
• 100 Error in Signature, followed by
• 101 Error in LAC, followed by
• 110 Wrong format of AU command or segmentation
flags.
The FAR is sampled and read by a telemetry interface
described in section 5.3.
26/72
MA28140
5. PTD INTERFACES
5.2 MAP INTERFACE
5.1 PHYSICAL CHANNEL INTERFACE
The MAP interface allows the PTD to provide the on-board
applications with the TC segments stored in the back-end
buffer in the RAM. It is possible to transfer full TC segments
(including segment header and packet segment) with various
lengths, from 1 octet to 249 octets. The first data output is the
TC segment header. It is possible for an application to use
either a serial or parallel interface to read this TC data. The
choice between serial or parallel interface is made with the
configuration input pin PAR as follows:
Each TC channel consists of 3 input lines:
• TCCi : symbol clock input
• TCSi : symbol stream input (NRZ-L)
• TCAi : channel active indication input
The maximum symbol rate with guaranteed operation
(using the internal AU) on these channels is 50 kbps. For
higher frequency, an incomplete AU process may occur
resulting in wrong signature calculation and thus rejected
frames. Without AU the symbol rate could be 200 kbps (not
guaranteed). At higher frequency, incorrect processing may
occur due to insufficient time to perform memory accesses.
The interface is composed of 6 TC channels. Figure 10 below
gives the timing associated with one of these 6 channels. For
unused channels, the TCAi signal should be connected to VSS,
and the TCCi and TCSi signals to VDD.
The DECOD output is activated when the CLTU decoder
state machine is in the decode state (see section 4.1). This
output goes high following the detection of a start sequence,
and goes low following a codeblock rejection or CLTU error.
• PAR = 1; the parallel MAP interface is used (section 5.4)
• PAR = 0; the serial MAP interface is used
The serial MAP interface consists of 5 signals.
• MAPDSR, data set ready output,
• MAPDTR, data terminal ready input,
• MAPCK, MAP clock output,
• MAPDATA, segment data output,
• MAPADT, aborted data transfer output.
Figure 10: TC Channel Input Timing
27/72
MA28140
In addition, the MAP interface provides the output signal
MAPSTN, in order to save the MAP identifier present on the
local data bus (LDAT<7..0>) in an external latch. This MAP
identifier is used to demultiplex the segment data toward the
selected application. The MAPSTN signal can be controlled by
the LACK signal. MAPDSR has no effect when MAPDTR
output is deasserted.
The output frequency for each MAP is programmable and
is defined in ROM. For MAP number n, the address of the
value X defining the MAP frequency is (hex) 100+n. The MAP
output frequency is given by F=fck/[2X], (X is coded on the 4
LSBs and its value varies from 1 to 13; for other values, the
output frequency is F = fck/2). For example for a PTD clock
frequency of 4 MHz, setting the ROM value to 4 will generate a
MAP frequency of 250 kHz. With a system clock frequency fck
of 4 MHz, the MAPCK frequency can vary from 488 Hz (X=13)
to 2 MHz (X=1). The use of a too low MAP frequency
compared to the TC clock frequency may lead to the activation
of the WAIT flag if the MAP output of a previous frame is not
finished when a new segment arrives. As a rule of thumb, in
order to avoid the Wait flag being asserted, the MAP frequency
should be at least the TC input bit rate multiplied by 10 when
fully variable segment size (by 2 if fixed length).
Figure 11 describes the serial interface in three different
transfer situations.
Serial MAP Interface
PTD
PAR = 0
N maximum value is 1991 corresponding to a
TC segment of 249 octets.
Note: The bit 0 is the MSB and shall be transmitted first.
Figure 11: Serial MAP Interface
28/72
MAPDSR
MAPDTR
MAPCK
MAPDATA
MAPADT
APPLICATION
MA28140
Example of data transfer with data flow control.
N maximum value is 1991 corresponding to a
TC segment of 249 octets.
Note: For each MAPDTR pulse one octet is transferred.
Note: The MAPADT signal is asserted on octet boundaries of the MAP data being transferred.
Figure 11: Serial MAP Interface (continued)
29/72
MA28140
• TMMOD = 1; the status (CPDUS, FAR, AUS) reports
are fetched with 2 sample signals.
5.3 TELEMETRY INTERFACE
The Telemetry interface allows four different reporting
words to be retrieved.
Both interfaces use the same TMC and TMD signals.
When the parallel interface is selected it is not possible to use
the TM (and MAP) serial interface, except for the CLCWB
interface which can be used in a serial mode even if the PAR
signal is set to 1. The protocol for the serial interface is fully
compliant with section 4.3 of TTC-B-01 (serial 16 bit digital
channel).
• the Command Link Control Word (CLCW),
• the Command Pulse Distribution Unit Status (CPDUS),
• the Frame Analysis Report (FAR),
• the Authentication Unit Status (AUS).
Serial CLCW Interface
It is possible for an application to use either a serial or
parallel interface to read these reports. The selection between
serial or parallel interface is made with the configuration input
pin PAR as follows:
The 16 bit Command Link Control Word (CLCW) can be
retrieved through this interface. The serial CLCW interface is
redundant in order to allow two separate redundant TM
encoders to be connected to each TC decoder. Figure 12
shows the serial CLCW telemetry interface. The serial
interface is implemented with 3 signal lines:
• PAR = 1; the parallel TM interface is used
• PAR = 0; the serial TM interface is used
• CLCWSA: status sample input,
The parallel interface is described in section 5.4. The
parallel interface is useful for integrating subsystems
comprising both the TC decoder and a processor, without
cross-coupling after the TC decoders. The CLCW has its own
serial telemetry interface which is redundant in serial mode.
The other three reports (CPDUS, FAR, AUS) can be
fetched through a common serial interface (clock and data
lines) using two or five different sample signals. The selection
between using two or five sample signals is made with the
configuration input pin TMMOD as follows:
• CLCWCA: status clock input,
• CLCWDA: status data output.
The redundant serial CLCW interface is identical with the
nominal serial CLCW interface using the 3 signals:
• CLCWSB: status sample input,
• CLCWCB: status clock input,
• TMMOD = 0; the status (CPDUS, FAR, AUS) reports
are fetched with 5 sample signals.
• CLCWDB: status data output.
PTD
CLCWS I/F
CLCW Serial Interface
CLCWSA
CLCWCA
CLCWDA
APPLICATION
Telemetry
Systems
PAR = 0
Note: The 0 bit is the MSB and is transmitted first.
Figure 12: Serial CLCW Telemetry Interface
30/72
MA28140
The sample signal CLCWSA should be activated only once
to fetch the entire CLCW word. The serial CLCW interface has
been designed to allow the VCM device specified in reference
3 to automatically retrieve the CLCWs without any additional
components being required. If one of the CLCW interfaces is
not used, the following signals CLCWSx and CLCWCx should
be connected to VDD. Activating the CLCWCA (CLCWCB)
signal when CLCWSA (or CLCWSB) is deasserted, will
generate invalid data output on CLCWDA (or CLCWDB).
The sample signal CPDUS needs to be activated only once
to fetch the entire CPDUS word. CPDUS, FAR1S, FAR2S,
AUS1S and AU2S cannot be asserted simultaneously. If
CPDUS, FAR1S, FAR2S, AUS1S and AU2S are not asserted,
activating the TMC signal will generate invalid data on the
TMD output. If the CPDU status report interface is not used,
the CPDUS signal should be connected to VDD. Figure 13
below describes the CPDU telemetry serial interface.
CPDU Status Report Interface in 5 Samples Mode
Serial FAR Status Report Interface in 5 Samples
Mode
The 16 bit Command Pulse Distribution Unit Status report
can be retrieved through this interface. It is possible for an
application to use either a serial or a parallel interface to read
out this status report. The serial or parallel mode is selected
with the PAR configuration pin of the PTD (see section 5.4).
The serial interface in 5 samples mode uses 3 signal lines:
The 32 bit Frame Analysis Report can be retrieved through
this interface. It is possible for an application to use either a
serial or a parallel interface to read out this status report. The
serial or parallel mode is selected with the PAR configuration
pin of the PTD (see section 5.4). The serial interface in 5
samples mode uses 4 signal lines:
• CPDUS: status sample input.
• FAR1S: first status sample input,
• TMC: status clock input, is also used for FAR and AUS.
• FAR2S: second status sample input,
• TMD: status data output, is also used for FAR and AUS.
• TMC: status clock input, is also used for CPDUS and
AUS,
• TMD: status data output, is also used for CPDUS and
AUS.
PTD
CPDUS I/F
CLCW Status Report Serial Interface
CPDUS
TMC
TMD
APPLICATION
Telemetry
Systems
PAR = 0
Note: The 0 bit is the MSB and is transmitted first.
Figure 13: CPDU Telemetry Serial Interface
31/72
MA28140
The sample signals FAR1S and FAR2S should be
asserted to fetch the 32 bits of FAR. CPDUS, FAR1S, FAR2S,
AUS1S and AU2S cannot be asserted simultaneously. If
CPDUS, FAR1S, FAR2S, AUS1S and AU2S are not asserted,
activating the TMC signal will generate invalid data on the
TMD output. If the FAR status report interface is not used, the
FAR1S and FAR2S signals should be connected to VDD.
Figure 14 describes the FAR telemetry serial interface.
Serial AU Status Interface in 5 Samples Mode
The 80 bit Authentication Unit Status report can be
retrieved through this interface. It is possible for an application
to use either a serial or a parallel interface to read out this
status report. The serial or parallel mode is selected with the
PAR configuration pin of the PTD (ee section 5.4). The serial
interface in 5 samples mode is implemented with 4 signal lines:
• AU1S: first status sample input,
• AU2S: second status sample input,
When AU1S is asserted, the pointer for reading out data
with AU2S is reset to the second octet of the report. The
sample signals AU1S and AU2S should be asserted as
described in Figure 15 to fetch the 80 bits of AUS report.
CPDUS, FAR1S, FAR2S, AUS1S and AU2S cannot be
asserted simultaneously. If CPDUS, FAR1S, FAR2S, AUS1S
and AU2S are not asserted, activating the TMC signal will
generate invalid data on the TMD output. If the AU status
report interface is not used, the AU1S and AU2S signals
should be connected to VDD.
Figure 15 describes the AUS telemetry serial interface.
Serial CPDU, FAR, AU Status Interface in 2
Samples Mode
The 16 bit Command Pulse Distribution Unit status report,
the 32 bit Frame Analysis report and the 80 bit Authentication
Unit status report can be retrieved through this interface. The
serial interface in 2 samples mode is implemented with 4
signal lines:
• TMC: status clock input, is also used for CPDUS and
FAR.
• TMD: status data output, is also used for CPDUS and
FAR.
• CPDUS: first status sample input,
• FAR1S: second status sample input,
• TMC: status clock input,
• TMD: status data output.
PTD
FAR I/F
FAR Status Report Serial Interface
FAR1S
FAR2S
TMC
TMD
APPLICATION
Telemetry
System
PAR = 0
0
1 2 3 4 5
6 7
8
9 10 11 12 13 14 15
16
17 18 19 20 21 22 23
Note: The 0 bit is the MSB and is transmitted first.
Figure 14: FAR Telemetry Serial Interface
32/72
24
25 26 27 28 29 30 31
MA28140
PTD
AU I/F
AU Status Report Serial Interface
AU1S
AU2S
TMC
TMD
APPLICATION
Telemetry
System
PAR = 0
bit 0-15
bit 16-31
bit 32-47
bit 48-63
bit 64-79
Note: The 0 bit is the MSB and is transmitted first.
Figure 15: AUS Telemetry Serial Interface
Telemetry Report Serial Interface in 2 Samples Mode
CPDUS
FAR1S
TMC
TMD
PTD
APPLICATION
Telemetry
System
PAR = 0
0
31
0
79
Note: The 0 bit is the MSB and is transmitted first.
Figure 16: Telemetry Serial Interface in 2 Sample Mode
33/72
MA28140
When CPDUS is asserted, the pointer for reading out data
with FAR1S is reset to the first octet of the FAR. The samples
CPDUS and FAR1S should be activated as described in
Figure 16 to fetch the 128 bits of status words. The first 16 bits
are those of the CPDU status word, to be acquired by asserting
the CPDUS signal line. The next 32 bits are those of the FAR
status word, to be acquired by signalling on the FAR1S signal
line (2 x 16 bits). The last 80 bits are those of the AU status
word, to be acquired by additional assertions (5 x 16 bits) of the
FAR1S signal line. It is possible to read out only the first 48 bits
(CPDU and FAR), e.g. if the AU is not used.
FAR1S, AU1S and AU2S do not have any impact in this
mode, but should be connected to VDD.
5.4 PARALLEL INTERFACE
A parallel interface is provided on the PTD to access the
TC segment and the four reporting words: CLCW, CPDUS,
FAR and AUS. The parallel mode is selected with the PAR
configuration pin of the PTD (the parallel mode is selected
when PAR is set to 1). The parallel interface is implemented
with the following signals:
• PCSN: parallel bus chip select input,
• PAD<2..0>: parallel address bus (input),
• PRDY: data validation output,
• PBUS<15..0>: parallel data bus (output),
• MAPDSR: MAP data set ready output,
• MAPADT: MAP aborted data transfer output.
The PCSN, PAD2, PAD1 and PAD0 signal lines use
respectively the CPDUS, FAR1S, FAR2S and AU1S input pins
of the serial interface. The application acquires the TC
segment and the four reporting words by read cycles. The
addressing of these words is as follows:
PAD2
0
0
0
0
1
1
1
1
PAD1
0
0
1
1
0
0
1
1
PAD0
0
1
0
1
0
1
0
1
read word
MAP segment
CPDU status
CLCW status
MAP status
FAR1 status
FAR2 status
AU1 status
AU2 status
When the AU1 status is read, the pointer for reading out
data with AU2S is reset. The MAP TC segment is read as
described in Figure 17.
A TC segment is read by consecutive accesses to <000>.
Data read when MAPDSR is not asserted is not valid. The TC
segment data octet of even rank is output on the 8 MSB of
PBUS (the first octet is 00 and therefore even). The TC
segment data octet of odd rank is output on the 8 LSB of
PBUS. In the case of a TC segment with an odd number of
octets, the last 16 bits word output on PBUS contains the last
TC segment data octet on the 8 MSB and a non significant
34/72
octet (all bits set to 0) on the 8 LSB. For example, if the TC
segment to be output is (hexadecimal) AABBCC, the first word
read is AABB and the second one is CC00.
After a PCSN assertion, the PRDY output is activated
when the data is available on the PBUS output. The PRDY is
released when the PCSN signal is deasserted. The PRDY
signal will not be asserted if PCSN is asserted and PAD = 000
(MAP segment read) when MAPDSR is inactive. When PCSN
is deasserted the PBUS bus is tristated. The MAP status word
can be read at any time. The access to this word is identical to
the telemetry status word accesses as described in Figure 18.
It contains the following information:
• PBUS<0>: MAPDSR information (identical to MAP data
set ready signal line).
• PBUS<1>: ODD/EVEN segment length information
(Odd: 1, Even: 0).
• PBUS<15..2>: not used (value : 00000000000000).
NOTE: only TC segments appearing on MAP 1 to 62 and
on MAP 63 when AU is disabled, can be read out using this
parallel interface. MAP 0 is not affected by this parallel
interface since it is directly connected to the CPDU. The
telemetry status word is read as described in Figure 18.
The CLCW status word is read using one read cycle where
PAD = 010.
The CPDU status word is read using one read cycle where
PAD = 001.
The FAR status words are read with two read cycles:
• One read cycle with PAD = 100 for the first 16 bits
(FAR1)
• One read cycle with PAD = 101 for the last 16 bits
(FAR2).
The AU status words are read using five read cycles:
• One read cycle with PAD = 110 for the first 16 bits (AU1)
• Four read cycles with PAD = 111 for the last 64 bits
(AU2): bits 16-31, bits 32-47, bits 48-63 and bits
64-79.
When the AU1 Status report is read, the pointer for reading
out data with AU2 is reset to the second octet of the AU report.
The Status of Survey bit is set when FAR2 is read. The
following pins have no influence in parallel mode:
• MAPDTR (should be connected to VSS),
• CLCWSA, CLCWCA (should be connected to VDD),
• AU2S (should be connected to VDD),
• TMC (should be connected to VDD),
• TMMOD (should be connected to VSS),
The reports and TC segments cannot be read out in an
arbitrary order. The following constraints apply: A FAR2 read
out shall not be separated from the previous FAR1 read out by
AU1 or AU2 read out. An AU2 read out shall not be separated
from a previous AU1 or a previous AU2 read out by FAR1 or
FAR2 read out.
MA28140
Figure 17: Parallel MAP Interface
Figure 18: Parallel Telemetry Read Cycle
5.5 CPDU INTERFACE
This interface consists of 3 signal lines:
• CPDUSTN: CPDU address strobe output,
• CPDUEN: CPDU enable output,
• CPDUDIV: CPDU frequency divider input.
The CPDU interface provides the output signal CPDUSTN
in order to save the CPDU physical channel identifier present
on the local data bus LDAT<7..0> in an external latch (no
specific LADR address is associated with this data). This
CPDU identifier is used to demultiplex the command pulse
toward the selected CPDU output. The CPDUSTN signal can
be controlled by the LACK input. The CPDUEN signal is
representative of the command pulse as far as duration is
concerned. The pulse amplification should be made after
demultiplexing with external circuitry. The CPDUDIV signal
allows division of the pulse length specified in ref 2 by a factor
of 5, in order to get a better accuracy. Alternatively, this allows
the PTD to be used with a 1MHz clock frequency, instead of a
4 MHz clock.
For a 4 MHz clock, the duration D is 10.24 ms if
CPDUDIV=0 and 2.048 ms if CPDUDIV=1. The maximum
duration (=128xD) is about 1.31 s if CPDUDIV=0, and 262 ms
if CPDUDIV=1. The delay between the time at which the
packet has been declared Legal and the execution of the
command instruction (rising edge of CPDUEN) can be any
value between 0.5 D and 1.5 D. The duration between two
instructions placed one after the other in the same CPDU
packet (from falling edge to rising edge of CPDUEN)
corresponds to about D.
COMMAND
000
001
010
011
100
101
110
111
PULSE LENGTH
(CLOCKS)
(CPUDIV=0)
40961
81921
163841
327681
655361
1310721
2621441
5242881
PULSE LENGTH
(CLOCKS)
(CPUDIV= 1)
8193
16385
32769
65537
131073
262145
524289
1048577
Table 4: CPDU Pulse Lengths
35/72
MA28140
PTD
CPDU I/F
CPDU Interface
CPDUSTN
CPDUEN
LDAT<7-0>
CPDU
External
Module
up to 256
CPDU outputs
CPDUDIV
Figure 19: CPDU Interface
5.6 LOCAL BUS INTERFACE
This interface is used to access the external memory map.
It consists of the following signals:
• LADR<10..0>: address bus (output),
• LDAT<7..0>: data bus (input/output),
• RWN: read write output,
• LACK: memory acknowledge input,
• RAMCSN: RAM chip select output,
• ROMCSN: ROM chip select output,
• LACCS: chip select output asserted for recovery LAC
counter access.
The Local bus cycle is started by asserting the RWN and
CSN signals and activating the LADR signal. It is ended by
asserting LACK signal. If extended access times are not
required, LACK can be permanently asserted. This interface
provides a bus fault timer which is enabled when CSN signals
are active and reset when LACK signal is active. If a reset
doesn’t occur within a minimum of 32 Tck (8 us for a 4 MHz
clock frequency) and a maximum of 64 Tck (16 us for a 4 MHz
clock frequency), the current Local bus cycle is aborted by
forcing CSN inactive. The functional timings corresponding to
the local bus interface are given in section 8.2.
36/72
5.7 MEMORIES
The PTD manages two types of memory:
• RAM to temporarily store the received TC data and all
protocol variables (counter values, programmable key,
...). The RAM is organized in 2K words of 8 bits. In the
case when it is used to store the eight bits of the recovery
LAC counter, it should be non volatile.
• ROM (1Kx8) to store the mission specific data and the
fixed Authentication key.
In order to allow the use of slow memories, an
acknowledge signal (LACK) is used to indicate when the
memory access is completed.
In order to save the 8 LSBs of recovery LAC counter in a
device different from the RAM, two different chip select signals
(RAMCSN and LACCS) are provided for the recovery LAC
counter access. Two different modes are provided to manage
the LAC counter select signals, these modes are selectable
with a configuration pin called AUTSL as follows:
• AUTSL = 1: The recovery LAC counter is stored in RAM.
The PTD asserts the RAMCSN signal when it performs
the recovery LAC counter access.
• AUTSL = 0: The recovery LAC counter is stored in a
device different from the RAM. The PTD asserts the
LACCS signal when it performs the recovery LAC counter
access. This non volatile memory could be for example
an EEPROM for low radiation requirements or relays for
radiation hardened recovery LACs.
MA28140
Case 1: RAM is used to store the 8 bits of Recovery LAC counter
BACK-UP POWER
LADR
PTD
LDAT
AD
8
RWN
WE
RAMCSN
VDD
AUTSL
VSS
AUEXT
DAT
CS
LACCS
RAM
Case 2: A device different from the RAM is used to store the 8 bits of Recovery LAC counter
RAM
LADR
PTD
LDAT
AD
8
RWN
RAMCSN
VSS
AUTSL
VSS
AUEXT
NON-VOLATILE
DAT
DAT
WE
WE
LAC value
CS
LACCS
CS
Figure 20: Recovery LAC Value Storage
A diagram of two possible implementations is given in
Figure 20.
The RAM mapping is organized in such a way that the PTD
is able to use the following external RAM buffers:
• two buffers working in a flip-flop mode between transfer
and segmentation layer, respectively called Front End
and Back End buffer.
• one buffer used by the CPDU interface
The buffer management is described in section 4.2. The
memory mapping is defined in tables 5 and 6.
37/72
MA28140
RAM
Buffer0-(front end/back end) (see note 1)
Buffer1-(back end/front end) (see note 1)
Programmable key - Knapsack
Programmable key - Hashing
Internal use (reserved)
Free
8 LSB of Recovery LAC
Internal use (reserved)
Auxiliary LAC Counter - octet 4 LSB
Auxiliary LAC Counter - octet 3
Auxiliary LAC Counter - octet 2
Auxiliary LAC Counter - octet 1 MSB
Principal LAC Counter - octet 4 LSB
Principal LAC Counter - octet 3
Principal LAC Counter - octet 2
Principal LAC Counter - octet 1 MSB
Free
AUS octet 10 - buffer 0
AUS octet 9 - buffer 0
AUS octet 8 - buffer 0
AUS octet 7 - buffer 0
AUS octet 6 - buffer 0
AUS octet 5 - buffer 0
AUS octet 4 - buffer 0
AUS octet 3 - buffer 0
AUS octet 2 - buffer 0
AUS octet 1 - buffer 0
FAR octet 4 - buffer 0
FAR octet 3 - buffer 0
FAR octet 2 - buffer 0
FAR octet 1 - buffer 0
Free
AUS octet 10 - buffer 1
AUS octet 9 - buffer 1
AUS octet 8 - buffer 1
AUS octet 7 - buffer 1
AUS octet 6 - buffer 1
AUS octet 5 - buffer 1
AUS octet 4 - buffer 1
AUS octet 3 - buffer 1
AUS octet 2 - buffer 1
AUS octet 1 - buffer I
FAR octet 4 - buffer 1
FAR octet 3 - buffer 1
FAR octet 2 - buffer 1
FAR octet 1 - buffer 1
Free
CPDU buffer (see note 2)
Free
S tart Addre ss
000
100
200
368
370
374
400
401
402
403
404
405
406
407
408
409
40A
410
411
412
413
414
415
416
417
418
419
41A
41B
41C
41D
41E
430
431
432
433
434
435
436
437
438
439
43A
43B
43C
43D
43E
600
700
E nd Addre ss
0FF
1FF
367
36F
373
3FF
400
401
402
403
404
405
406
407
408
409
40F
410
411
412
413
414
415
416
417
418
419
41A
41B
41C
41D
42F
430
431
432
433
434
435
436
437
438
439
43A
43B
43C
43D
5FF
6FF
7FF
Note 1: The addresses 000 and 100 contain the buffer length (X) and the first word of the
frame are stored at address X and 100+X respectively; the last word is stored at address
001 and 101 respectively.
Note 2: The address 600 contains the CPDU buffer length (X) and the first word of the frame
is stored at address 600+X, the last word is stored at address 601.
Table 5: RAM Mapping
38/72
MA28140
RO M
Frame Header octet 1 (see note 3)
Frame Header octet 2 (see note 3)
Frame Header octet 3 (see note 3)
FARM PW' = PW - 1 (see note 4)
FARM NW' = 256 - NW (see note 4)
Authenticated MAP ID pointer (see note 5)
CPDU Packet Header octet 1 and 2 (see note 6)
Free
MAP frequency table defined in section 5.2
Free
Fixed key - Knapsack (see note 7)
Fixed key - Hashing (see note 8)
Free
S tart Addre ss
000
001
002
003
004
005
006
008
100
140
200
368
370
E nd Addre ss
000
001
002
003
004
005
007
0FF
13F
1FF
367
36F
3FF
Note 3: These 3 octets contain all the fields of the Frame Header including reserved bits and version
bits. Bypass and Control flags (in Frame Header octet 1) form the only field that is not a fixed value:
the value of these 2 bits in ROM has no influence on the PTD operation (default value = 00).
Note 4: In order to facilitate the implementation of the FARM Sliding Window Concept in the PTD,
the values stored in the ROM are not PW and NW but:
- PW' = PW - 1
- NW' = 256 - NW
The PW' and NW' numbers can be any value between 0 and 255.
Note 5: Bits 7 and 6 are not used.
Note 6: These 2 octets contain all the field of the Packet Header including version and type bits.
Note 7: The Knapsack key mapping is given in Figure 9. Address 200 contains the least significant
octet of the first Knapsack coefficient W0. Address 201 contains octet 1 of the first Knapsack
coefficient W0, (see example below).
Note 8: The Hashing key mapping is given in Figure 9. Address 368 contains the 4 LSBs of the
Hashing key stored at the right of the memory octet in the reverse order. Address 369 contains the 8
following bits in the reverse order. Caution: if the Hashing key is read bit by bit starting from the
MSB, the memory must be filled from right to left, (see example below).
Table 6: ROM Mapping
Example
An example of ROM programming is given here for a fictitious spacecraft.
Note: In the following example 16# indicates hexadecimal, 10# indicates decimal, 2# indicates binary.
The value of the spacecraft ID is
The value of the virtual channel ID is
The value of the Application Process ID is
For the FARM-1 process, the values of PW and NW are
The Authenication MAP ID Pointer is
For the CPDU, the Application Process Identifier is
: 16#301
: 16#20
: 16#456
: 10#100 and 10#100
: 16#15
: 16#456
Frame Header octet 1 contains the following fields:
Version number
: 2#00 in accordance with ref 1
Bypass flag
: 0 or 1 (no influence): 0 for example
Control Comrnand flag
: 0 or 1 (no influence): 0 for example
Reserved field A
: 2#00 in accordance with ref 1
Spacecraft ID (2 MSBs)
: 2#11
The value of the ROM at address 000 is: 16#03
Frame Header octet 2 contains the following field:
Spacecraft ID (8 LSBs)
: 2#00000001
The value of the ROM at address 001 is: 16#01
Frame Header octet 3 contains the following fields:
Virtual Channel ID
: 2#100000
Reserved field B
: 2#00 in accordance with ref 1
The value of the ROM at address 002 is: 16#80
39/72
MA28140
The calculation of PW’ gives: PW’ = PW - 1 = 100 - 1 = 99—> 16#63
The value of the ROM at address 003 is: 16#63
The calculation of NW’ gives: NW’ = 256 - NW = 256 - 100 = 156—> 16#9C
The value of the ROM at address 004 is: 16#9B
The authenticated MAP ID is 5 bits long. The 5 LSBs of the ROM value @ address 05 correspond to the authenticated
MAP ID, the 3 MSBs can be either 0 or 1 (0 for example).
The value of the ROM at address 005 is: 16#15
CPDU Packet Header octet 1 contains the following fields:
Version number
: 2#000 in accordance with ref 1
Type
: 1 for CPDU
Data Fields Header flag
: 0 for CPDU
Application Process ID (3 MSBs) : 2#100
The value of the ROM at address 006 is: 16#14
CPDU Packet Header octet 2 contains the following field:
Application Process ID (8 LSBs)
: 2#01010110
The value of the ROM at address 007 is: 16#56
The ROM will be programmed as follows:
Address
Data
000
001
002
003
004
005
006
007
03
01
80
63
9C
15
14
56
Knapsack and Hashing Key
If the Knapsack key is (example from ref.2 appendix B2)
W0 : 00 01 02 03 04 05
W1 : 06 07 08 09 0A 0B
W59 : 62 63 64 65 66 67
And if the Hashing Key is : C0...C59 A AA AA AA AA AA AA AA
MSB
The ROM will be programmed as follows:
40/72
Address
Data
200
201
202
203
204
205
206
207
etc
367
368
369
370
etc
36E
36F
05
04
03
02
01
00
0B
0A
etc
62
05
55
55
55
55
55
MA28140
5.8 EXTERNAL AUTHENTICATION INTERFACE
This interface is provided to connect the PTD with an
external Authentication Unit. The PTD allows the external AU
to access the data buffer (described in section 5.7) of the RAM
in order to process a TC segment which is to be authenticated.
The interface is composed of the following signals:
• AUDIS: (input) This signal functions as for the internal
AU, disabling the authentication unit.
• AUEXT: (input) This signal indicates the use of an
external authentication unit.
• AUST: (output) This signal indicates that a TC frame
has been received and must be authenticated. In this
case, AUST is activated a few clock periods after the
deactivation of the DECOD output indicating the end of
the tail sequence of the frame.
• AUBUF: (output) This signal indicates to the external AU
which RAM buffer is the back-end buffer containing the
TC segment to be authenticated.
• BRQN: (input) This signal is the bus request to read or
write the buffer from the external AU. It is activated for
each external access to memory.
• BGRN: (output) This signal is the acknowledge of the
PTD to BRQN; the PTD will then tristate its signals
connected to the RAM (RAMCSN, ROMCSN, LACCS,
RWN, LADR and LDAT). The LACK input has no effect
when BGRN output is asserted.
• AUEND: (input) AU result validation. This signal
indicates the end of the external authentication process
and validates the AUR signal.
The external AU process starts upon receipt of the rising
edge of the AUST signal, which is asserted by the PTD until
the AUEND input is asserted indicating that the external AU
process is finished. The result of the external authentication is
given by the AUR signal (set to 1 for a valid authentication).
The total duration of the external AU process plus the duration
of the MAP output (if it exists) must be smaller than the
duration of the next frame to arrive, measured from the start of
the frame to the end of the last valid codeblock. A longer
duration may lead to a rise of the FARMB WAIT flag. The result
must be given to the PTD before the end of the last valid
codeblock of the next frame to arrive, so as not to lock the
back-end/front-end buffer toggling mechanism, and the FAR
buffer management of the next frame.
The external AU can also write the AUS status in the local
RAM, in the buffer number given by the AUSBUF output. The
PTD locks the toggling mechanism of the AU status buffer
while AUST is high in order to prevent data corruption. The
external AU can also write bits 28 to 30 of the FAR status by
writing the fourth octet of the FAR status in the local RAM, in
the buffer number indicated by the FARBUF output. A similar
mechanism locks the toggling of the FAR buffer when the
AUST output is high. The AUS and FAR buffer update can
start when the PTD activates the AUST output and shall be
completed when the application asserts the AUEND signal.
The local memory interface provides a bus arbiter fault timer.
This timer is enabled when BGRN signal is active and reset
when BRQN signal is inactive. If a reset does not occur within a
minimum of 32 Tck and a maximum of 64 Tck (8 to 16 µs at 4
MHz), the BGRN signal is forced to inactive state. The
functional timings corresponding to this interface are given in
section 8.2.
• AUR: (input) AU result signal. This signal indicates that
the received TC frame is authorized or non authorized at
the rising edge of AUEND.
• AUTSL: (input) AU tail length select signal. This signal
allows definition of the length of the AU tail as follows:
- AUTSL = 0: The length of the AU tail shall be 9
octets. In this case the 9 last octets of the segment
authenticated by the external AU will be deleted by
the PTD before transferring the segment to the
application.
- AUTSL = 1: The length of the AU tail shall be 0
octets. In this case all octets of the segment
authenticated by the external AU shall be transfered
to the application.
• AUSBUF: (output) This signal indicates which AU Status
buffer the external AU must update.
• FARBUF: (output) This signal indicates which FAR
status buffer the external AU must update (the external
AU shall update only the bits 28 through 30 of the FAR
status).
41/72
MA28140
6. STATE AFTER RESET
Asserting the RESETN signal asynchronously forces the local bus interface to avoid bus contention. The master clock should
be started before RESETN deassertion. After 2 master clock cycles, the PTD is in a stable state and all its outputs take their cold
start value. Deasserting the RESETN signal starts the initialisation phase. After this phase, the PTD registers are initialised.
PTD Outputs After the Assertion of RESETN Input
- LADR<10..0>
- LDAT<7..0>
- RWN
- RAMCSN
- ROMCSN
- LACCS
- all other outputs at unknown state
—> 000
—> ZZ
—> 1
—> 1
—> 1
—> 0
PTD Outputs After the Reset Sequence
- LADR<10..0>
- LDAT<7..0>
- RWN
- BGRN
- RAMCSN
- ROMCSN
- LACCS
- MAPSTN
- MAPCK
- MAPDSR
- MAPDATA
- MAPADT
- CPDUSTN
- CPDUEN
- CLCWDA
- TMD
- CLCWDB
- PRDY
- PBUS<15..0>
- AUST
- AUBUF
- AUSBUF
- FARBUF
- SELTC<2..0>
- DECOD
—> 000
—> ZZ
—> 1
—> 1
—> 1
—> 1
—> 0
—> 1
—> 0
—> 0
—> 0
—> 0
—> 1
—> 0
—> 0
—> 0
—> 0
—> 0
—> ZZZZ
—> 0
—> 1
—> 0
—> 0 after Reset, 1 after initialization (FAR write)
—> 111
—> 0
PTD Outputs After the Initialisation Phase
CODING LAYER:
The coding layer is ready to receive a frame after the reset.
TRANSFER LAYER:
The transfer layer initialisation state after reset is the following:
• FARM-1 state
• FARMB counter
• V(R) counter
: lockout
: 11
: 00000000
The cold start value of the CLCW (2 octets) is X000 (where X can be hexadecimal 2, 6, A or E).
The value of the MSB (No RF available) depends on the value of the RFAVN pin. The value of the second MSB (No Bit Lock)
depends on the activation of the Tca signals (see section 4.6).
AUTHENTICATION LAYER:
The cold start initialisation state for the AU layer can be summarized as follows if AUDis = 0 and AUExt = 0:
- Key in use
- Contents of programmable key
- Contents of Principal and Auxiliary LAC Registers
- Contents of the Recovery LAC counter
42/72
: fixed key
: undefined
: all ones
: unchanged by the PTD
MA28140
The cold start value of the AU Status (10 octets) takes the following value if AUDis = 0 and AUExt = 0:
3FFFFFFF 7FFFFFFF 00XX in hexadecimal
The value of the last octet corresponds to that of the 8 LSBs of the recovery LAC, which should be maintained even in the
event of loss of power. Thus, this value shall be defined during the system implementation.
SEGMENT LAYER:
The segment layer is ready to receive a new segment. The MAP outputs are inactive. The cold start value of the FAR (4
octets) is the following: 00007FE0 in hexidecimal.
CPDU LAYER:
The CPDU layer is ready to receive a new CPDU. The CPDUEN output is inactive. The cold start value of the CPDU status (2
octets) is: 3FFF in hexadecimal.
43/72
MA28140
7. SIGNAL DESCRIPTION
In this pin description, first the name of the pin is given, then its type (input (I) or output (O)), and then a brief description.
Total input pins
Total output pins
Total I/O pins
Total number of Input, Output and I/O pins
: 47
: 51
:8
: 106
Note: Bit numbering convention: for busses, the bit number 0 is considered as the Least Significant Bit (LSB). For strobe
signals, it is indicated in the text if they are active on low or high level.
Transponder Interface
TCC0-TCC5
I
TCS0-TCS5
I
TCA0-TCA5
I
Symbol Clock signals. These signals are only recognised while Channel Active
Indication input is asserted. These signals can be asynchronous.
Symbol Stream signals. The data should be valid at the falling edge of the TCCi signals.
These signals can be asynchronous w.r.t. system clock, but not w.r.t. symbol clock signals.
Channel Active Indication signals. These signals serve as enable signals for the
Symbol Stream signals. Active high. These signals can be asynchronous.
Local Bus Interface
LADR<10..0>
O
LDAT<7..0>
I/O
RWN
O
LACK
I
BRQN
I
BGRN
RAMCSN
O
O
ROMCSN
O
LACCS
O
Local Address Bus . This bus is unidirectional and is tristated when the BGRN signal is asserted.
LADR<0> is the LSB.
Data Bus - This 8 bit data bus is driven as outputs during write cycles and as inputs during read
cycles. This bus is tristated when the BGRN signal is asserted. LDAT<0> is the LSB.
Read/Write signal. This signal indicates the direction of the data transfer on the Local Bus and is
tristated when the BGRN signal is asserted.
RWN = 1: read mode.
RWN = 0: write mode.
Memory acknowledge signal. This signal allows wait state cycles to be inserted for memory (RAM,
ROM or LAC) read and write access and for CPDUSTN and MAPSTN outputs. LACK=0 inserts
wait states. LACK can be permanently connected to 1 when no wait states are required. This
signal can be asynchronous. Active high.
Bus request signal. This signal is asserted by an external unit to request the Local Bus (external
Authentication Unit for instance). Active low. This signal can be asynchronous.
Bus grant signal. This signal is asserted to allow an external unit to use the Local Bus. Active low.
Ram chip select signal. This signal is asserted during RAM access and is tristated when the
BGRN signal is asserted. It is affected by the LACK input. Active low.
Configuration Rom chip select signal. This signal is asserted during Configuration Rom access
and is tristated when the BGRN signal is asserted. It is affected by the LACK input. Active low.
Non volatile memory select signal. This signal is asserted during recovery LAC counter access
and is tristated when BGRN signal is asserted. It is affected by the LACK input. Active high.
Map Interface
MAPSTN
O
MAPCK
O
MAPDSR
O
MAPDTR
I
MAPDATA
O
MAPADT
O
44/72
MAP address strobe signal. This signal allows the MAP Demultiplexer circuitry to latch the MAP
identifier present on the local data bus. It is affected by the LACK input. Active low.
MAP clockout signal. This signal is only activated when both MAPDSR and MAPDTR signals are
active.
MAP data set ready signal. This output indicates that a TC segment is available for transfer.
Active high.
MAP data terminal ready signal. This signal indicates that the receiving device is ready to clock in
the segment data in serial mode or a segment data sample in parallel mode. Active high. This
signal can be asynchronous.
MAP segment data serial line. The segment data is clocked out on the falling edge of the MAPCK
signal.
MAP abort data transfer signal. This output is asserted when the PTD has aborted the transfer
of a TC segment. Active high.
MA28140
CPDU Interface
CPDUSTN
O
CPDUEN
O
CPDUDIV
I
CPDU address strobe signal. This signal allows the CPDU interface to latch the CPDU output
address present on the local data bus LDAT<7..0>. It is affected by the LACK input. Active low.
CPDU enable signal. This signal provides the command pulse with the appropriate duration.
Active high.
CPDU clock division selection input.
CPDUDIV = 0: the CPDU base clock (corresponding to D) is the system clock CLK divided by
40960.
CPDUDIV = 1: the CPDU base clock (corresponding to D) is the system clock CLK divided by
8192.
CLCW Interface
CLCWSA
I
CLCWCA
I
CLCWDA
O
CLCWSB
CLCWCB
CLCWDB
I
I
O
Nominal CLCW status sample. This signal indicates that the CLCW status is sampled by the
telemetry interface. Active low. This signal can be asynchronous
Nominal CLCW status clockout signal. This signal is provided to the PTD when CLCWSA
signal is active. This signal can be asynchronous
Nominal CLCW status data line (serial mode). The data is provided either on the falling edge of
CLCWSA or on the falling edge of CLCWCA.
Redundant CLCW status sample. Active low. This signal can be asynchronous
Redundant CLCW status clockout signal. This signal can be asynchronous
Redundant CLCW status data line (serial mode). The data is provided on the falling edge of
CLCWSB or on the falling edge of CLCWCB.
Telemetry Interface
CPDUS/PCSN
I
FAR1S/PAD2
I
FAR2S/PAD1
I
AU1S/PAD0
I
AU2S
I
TMC
I
TMD
O
CPDU status report sample. This signal indicates that the CPDU status report is sampled by the
telemetry interface in serial mode. Active low . This signal has the function parallel bus chip select
(PCSN) in parallel mode. This signal can be asynchronous
FAR status report first sample. This signal indicates that the first 16 bits of FAR are sampled in
serial mode. Active low. This signal has the function bit 2 of parallel address bus (PAD2) in
parallel mode. This signal can be asynchronous
FAR status report second sample. This signal indicates that the last 16 bits of FAR are sampled in
serial mode. Active low. This signal has the function bit 1 of parallel address bus (PAD1) in
parallel mode. This signal can be asynchronous
AUS status report first sample. This signal indicates that the first 16 bits of AUS are sampled in
serial mode. Active low. This signal has the function bit 0 of parallel address bus (PAD0) in
parallel mode. This signal can be asynchronous.
AUS status report second sample. This signal is used to read out the last 4 bits of the AU staus
report by asserting it four times. Active low. This signal can be asynchronous.
Common status clockout line used for CPDU, FAR and AUS (serial mode). This signal can be
asynchronous.
Common status data line for CPDU, FAR and AUS (serial mode). The data is provided on the
falling edge of CPDUS, FAR1S, FAR2S, AU1S or AU2S, or after the falling edge of TMC.
Parallel Interface
PRDY
O
PBUS<15..0>
O
Parallel interface control line. This output is asserted when the data selected by PAD<2...0> is
available in parallel mode. Active low.
Parallel interface data bus PBUS<15..0> (PBUS0 being the LSB). PBUS tristate is controlled by
the PCSN input. When PCSN is deasserted PBUS is tristated.
45/72
MA28140
External Authentication Unit Interface
AUDIS
I
AUEXT
I
AUST
O
AUBUF
O
AUEND
I
AUR
I
AUTSL
I
AUSBUF
O
FARBUF
O
Internal AU disable signal. This signal allows bypassing of the internal or external authentication
unit. The internal and external AU are disabled when AUDIS is high. This signal can be
asynchronous
External AU select signal. This signal indicates the use of an external authentication unit. The
PTD uses the external AU when AUEXT is high and the internal AU when AUEXT is low. This
signal can be asynchronous
AU start signal. This signal indicates that a TC frame is received and must be authenticated.
It remains active as long as the external AU is working; it is deasserted after the activation of the
AUEND input. Active high.
Buffer indication signal. This signal indicates which back-end buffer contains the TC segment to
be authenticated.
AUBUF=0: buffer 0 is used
AUBUF=1: buffer 1 is used.
AU result validation signal. This signal validates the authentication process result given on pin
AUR, and indicates the end of the authentication process. This signal can be asynchronous
AU result signal. This signal indicates that the received TC frame is authorized or not authorized.
AUR=0 indicates a bad authentication result, AUR=1 indicates a valid authentication. This signal
can be asynchronous.
AU tail length select signal. This signal indicates the length of the tail for segments authenticated
with the external AU.
- AUTSL = 0: the length of the AU tail is 9 octets
- AUTSL = 1: the length of the AU tail is 0 octets.
If the internal AU is selected (AUEXT = 0), this signal defines the implementation of the Recovery
LAC counter:
- AUTSL = 0: the Recovery LAC counter is stored outside the RAM
- AUTSL = 1: the Recovery LAC counter is stored in the RAM.
AU Status buffer. This output indicates which AU status buffer that the external AU should update.
- AUSBUF = 0: AU status buffer 0
- AUSBUF = 1: AU status buffer 1.
FAR buffer. This output indicates which FAR status buffer that the external AU should update.
- FARBUF = 0: FAR status buffer 0
- FARBUF = 1: FAR status buffer 1.
Miscellaneous
RFAVN
VCLSB
I
I
SELTC<2..0>
O
DECOD
O
TMMOD
I
RESETN
PAR
I
I
MODE
CONF
PRIOR
I
I
I
TEST
CLK
VDD
VSS
I
I
I
I
46/72
Incoming signal from physical layer, used to generate CLCW report. Active low. Asynchronous.
Virtual Channel Identifier LSB (static input). This bit enables differentiation between nominal and
redundant decoder, even when using the same Configuration ROM for both decoders.
- VCLSB = 1: The ‘VC ID’ LSB read from the ROM is inverted
- VCLSB = 0: The ‘VC ID’ LSB read from the ROM is not inverted.
Selected TC channel signals. These outputs indicate the last selected TC channel on which the
data present in the back-end buffer was received, it does not concern the CLTUs being input.
SELTC<0> is the LSB.
Decode state signal. This signal indicates that the PTD is in the Decode state (active for all bits
after the start sequence until and including the tail sequence); it can be used for a scrambler.
TM mode signal. This static signal allows selection of the telemetry serial mode.
- TMMOD = 0: the status (CPDUS, FAR, AUS) words are fetched with 5 samples
- TMMOD = 1: the status (CPDUS, FAR, AUS) words are fetched with 2 samples.
Reset signal. This signal allows the initialization of the PTD. Active low.
Parallel or serial interface selecting pin. This static input allows selection of the parallel or serial
interface for MAP data and TM data.
- PAR = 1: parallel mode is selected
- PAR = 0: serial mode is selected.
Reserved pin. This static input shall be connected to ground.
Reserved pin. This static input shall be connected to ground.
Priority mode configuration pin. When this static input is set to 1, the priority mode (TC channels
selection) is selected.
Test pin for production test only. This static input shall be connected to ground in functional mode.
System Clock signal.
+5V (12 pins).
Ground (14 pins).
MA28140
8. ELECTRICAL CHARACTERISTICS AND RATINGS
8.1 DC PARAMETERS
Parameter
Min
Max
Units
Supply Voltage
-0.5
7
V
Input Voltage
-0.3
VDD+0.3
V
Current Through Any Pin
-20
+20
mA
Operating Temperature
-55
125
°C
Storage Temperature
-65
150
°C
Note: Stresses above those listed may cause permanent
damage to the device. This is a stress rating only and
functional operation of the device at these conditions, or at
any other condition above those indicated in the operations
section of this specification, is not implied. Exposure to
absolute maximum rating conditions for extended periods
may affect device reliability.
Table 7: Absolute Maximum Ratings
Symbol
Parameter
Conditions
VDD
VIHC
VILC
VIHT
VILT
VOH
VOL
IPDL
IPDH
IPUL
IPUH
IL
IOZL
IOZH
IOPDL
IOPDH
IDD1
IDD2
Supply Voltage
CMOS input high voltage
CMOS input low voltage
TTL input high voltage
TTL input low voltage
Output high voltage
Output high voltage
Input Pull-down current
Input Pull-down current
Input Pull-up current
Input Pull-up current
Input leakage current
Output leakage current
Output leakage current
Output Pull-down current
Output Pull-down current
Static Power supply Current
Dynamic Power supply Current
IOH = -3.2mA
IOL = 5.0mA
VDD = 5.5V, VIN = VSS
VDD = 5.5V, VIN = VDD
VDD = 5.5V, VIN = VSS
VDD = 5.5V, VIN = VDD
VDD = 5.5V, VIN = VSS or VDD
VDD = 5.5V, VOUT = VSS
VDD = 5.5V, VOUT = VDD
VDD = 5.5V, VIN = VSS
VDD = 5.5V, VIN = VDD
VDD = 5.5V
f = 4MHz, VDD = 5.5V
Min.
Typ.
Max.
Units
4.5
0.8 VDD
VSS
2
0.9 VDD
-30
-30
-150
-30
-10
-50
-50
-50
-50
-
5.0
0.5
20
5.5
VDD
0.2 VDD
0.8
0.1 VDD
30
150
30
30
10
50
50
50
150
20
40
V
V
V
V
V
V
V
µA
µA
µA
µA
µA
µA
µA
µA
µA
mA
mA
Notes: 1. VDD = 5V ±10% over full temperature range.
2. Total dose radiation not exceeding 105 Rads(Si).
3. Mil-Std-883, method 5005, subgroups 1, 2, 3.
4. All outputs are suitable for TTL/CMOS drive.
5. Electro-Static Discharge protection is provided for all pins.
6. Internal pull-up or pull-down resistors should not be relied upon for proper operation and/or termination of input levels
under all operating conditions without prior consultation with Dynex Semiconductor.
7. Input and output leakage measurements are guaranteed but not tested at -55°C.
Table 8: DC Characteristics
Symbol
Parameter
Conditions
CIN
COUT
Input Capacitance
Output Capacitance
VI = 0V
VI/O = 0V
Min.
Typ.
Max.
Units
-
3
5
5
7
pF
pF
NOTE 1: TA = 25˚C and f = 1MHz. Data obtained by characterisation or analysis; not routinely measured.
Table 9: Capacitance
47/72
MA28140
8.2 AC CHARACTERISTICS
Symbol
Parameter
Conditions
FT
Functionality
VDD = 4.5 - 5.5V, FREQ = 4MHz
VIL = VSS, VIH = VDD, VOL = VOH = VDD/2
Temp. = -55°C to +125°C, GPS Pattern Set
MIL-STD-883 5005 subgroups 7, 8A, 8B
Table 10: Functionality
Symbol
Parameter
Min.
Typ.
Max.
Units
Fck
Tck
Tcl
Tch
Clock frequency
Clock period
Clock low pulse width
Clock high pulse width
100
100
1/Fck
-
4
-
MHz
ns
ns
NOTES. 1. TCK will be used as a reference for the timings.
2. For timings specified as a number of clock cycles, it should be noted that there is a variance of ±10ns caused by the
hold time (for inputs only) and different delays for rising and falling signals.
3. It should be noted that a half clock cycle can mean either the longer or shorter time for a clock not having a duty cycle
of 50%.
4. VDD = 5V±10% over full temperature range.
5. Total dose radiation not exceeding 105 Rads (sec).
6. Input pulse = VSS to 4V.
7. Measurement reference level = 1.5V.
8. Output load 1 TTL gate and CL = 50pF.
9. Tables 11-25 contain Mil-Std-883, method 5005, subgroups 9, 10, 11.
Table 11: Clock Timings
48/72
MA28140
Physical Interface
Transponder
RF
Transponder
Interface
Channel Active
Data Stream
Clock
PTD
: TCA
TIMING
De scription
min
typ
max
Ttc1 *
TCA high to first TCC rising
4 Tck
Ttc2 *
Last TCC falling to TCA low
4 Tck
Ttcclk
TCC period
20 µs
Ttc setup
TCS setup to TCC falling
0 ns
Ttc hold
TCS hold after TCC falling
4 Tck
* NOTE: if the required timing is not fulfilled on Ttc1 and Ttc2, there is a risk of loss of the first or last bits.
Table 12: Physical Interface Timings
49/72
MA28140
50/72
MA28140
LOWER PRIORITY
CHANNEL : TCAy
Timing
Tp1
Tp2
Tp3
Tp4
Tp5
De scription
TCC falling of the last synchro bit to DECOD
rising
TCC falling of the last bit of the rejected
codeblock or of the last bit of codeblock
number 38 to DECOD falling
TCA deactivated to DECOD falling
Timeout on TCC detected to DECOD falling
TCA rising on the channel with higher priority
to DECOD falling
Min
Typ
Max
3 Tck
3 Tck
3 Tck
3 Tck
3 Tck
Table 13: DECOD Output Timings
51/72
MA28140
Serial MAP Interface
PTD
MAPDSR
MAPDTR
MAPCK
MAPDATA
MAPADT
APPLICATION
Tmaps7 ←→
N maximum value is 1991 (=TC segment of 249 octets)
Tmaps1
↔
Example of data transfer with data flow control
for each MAPDTR pulse one octet is being transferred
N maximum value is 1991 (=TC segment of 249 octets)
52/72
MA28140
Example of an aborted data transfer.
Timing
De scription
Min
Typ
Max
Tmapst0 (1) (3) MAPSTN low pulse width
1 Tck
Tmapst1
LDAT hold after MAPSTN rising
0.5 Tck
Tmapst2
MAPST rising to MADSR rising
2 Tck
1 Tmapck + 2 Tck
Tmapst3
LDAT setup to MAPSTN falling
0.5 Tck
Tmapst4
MAPSTN rising to MAPDATA valid
2 Tck
1 Tmapck + 2 Tck
Tmaps1
MAPDTR high to MAPCK rising
0.5 Tmapck
1.5 Tmapck + 1 Tck
Tmaps2 (3)
MAPCK falling to MAPDSR falling
1 Tmapck
Tmaps3
MAPDTR setup to MAPCK falling
2 Tck
Tmapck (2)
MAPCK period
2 Tck
[2 13] Tck
Tmapout
MAPCK falling to MAPDATA valid
-5 ns
10 ns
Tmapdtr
MAPDTR high pulse width
2 Tck
Tmapadt (3)
MAPADT high pulse width
2 Tmapck
Tmaps4 (3)
MAPCK falling to MAPADT rising
1 Tmapck
Tmaps5
MAPDSR falling to MAPDSR rising
56 Tck
Tmaps6 (3)
MAPADT rising to MAPDSR falling
1 Tmapck
Tmaps7 (4)
MAPDSR rising to MAPCK rising
0.5 Tmapck
1.5 Tmapck
Note (1): This timing is specified with no wait state configuration (LACK permanently asserted). The
asserting of this signal is identical with the asserting of the RAMCSN signal in a write cycle.
Note (2): Tmapck period is programmable as defined in section 5.2.
Note (3): These timings are exact with a variance of -10ns to +10ns.
Note (4): This timing is for a data transfer with MAPDTR permanently asserted.
Table 14: Serial MAP Interface Timings
53/72
MA28140
PTD
CLCWS I/F
CLCW Serial Interface
CLCWSA
CLCWCA
CLCWDA
APPLICATION
Telemetry
System
Timing
De scription
Min
Typ
Max
Tclcw1
CLCWSA falling to CLCWCA falling
5 Tck
Tclcw2
CLCWCA high pulse width between octets
2 Tck
Tclcw3
CLCWCA setup to CLCWSA
0 ns
Tclcw4
CLCWSA high pulse width
3 Tck
Tclcw5
CLCWSA falling to CLCWDA valid (bit 0)
4 Tck
Tclcwh
CLCWCA high pulse width
Tck
Tclcwl
CLCWCA low pulse width
Tck
Tclcwca
CLCWCA period
4 Tck
Tclcwout
CLCWCA falling to CLCWDA valid
1 Tck
2 Tck
Note: The same timings apply for the redundant CLCW status telemetry interface, which is composed
of CLCWSB, CLCWCB, CLCWDB signals.
Table 15: CLCW Serial Interface Timings
54/72
MA28140
PTD
Timing
Tcpdu1
Tcpdu2
Tcpdu3
Tcpdu4
Tcpdu5
Ttmch
Ttmcl
Ttmc
Tcpduout
CPDUS I/F
CPDU Status Report Serial Interface
CPDUS
TMC
TMD
APPLICATION
Telemetry
System
De scription
CPDUS falling to TMC falling
TMC high pulse width between octets
TMC setup to CPDUS
CPDUS high pulse width
CPDUS falling to TMD valid (bit 0)
TMC high pulse width
TMC low pulse width
TMC period
TMC falling to TMD valid
Min
6 Tck
2 Tck
0 ns
3 Tck
5 Tck
Tck
Tck
4 Tck
1 Tck
Typ
Max
2 Tck
Table 16: CPDUS Serial Interface Timings
55/72
MA28140
PTD
FAR I/F
FAR Status Report Serial Interface
FAR1S
FAR2S
TMC
TMD
APPLICATION
Telemetry
System
Timing
De scription
Min
Typ
Max
Tfar1 (1)
FARS falling to TMC falling
16 Tck
Tfar2
TMC high pulse width between octets
2 Tck
Tfar3
TMC setup to FARS
0 ns
Tfar4
FAR1S rising to FAR2S falling
2 Tck
Tfar5
FAR2S rising to FAR1S falling
4 Tck
Tfar6 (1)
FARS falling to TMD valid (bit 0)
15 Tck
Ttmch
TMC high pulse width
Tck
Ttmcl
TMC low pulse width
Tck
Ttmc
TMC period
4 Tck
Tfarout
TMC falling to TMD valid
1 Tck
2 Tck
Note (1): These timings are guaranteed when there is no request for the local bus through the BRQN input.
In addition when using slow memories, the local memory accesses may be delayed by using the LACK
input of duration d L (defined by the user). In this case Tfar1 and Tfar6 become Tfar1+2d L and Tfar6+2d L.
Table 17: FAR Status Report Serial Interface Timings
56/72
MA28140
PTD
AU I/F
AU Status Report Serial Interface
AU1S
AU2S
TMC
TMD
APPLICATION
Telemetry
System
Timing
De scription
Min
Typ
Max
Taus1 (1)
AUS falling to TMC falling
16 Tck
Taus2
TMC high pulse width between octets
2 Tck
Taus3
TMC setup to AUS
0 ns
Taus4
AU1S rising to AU2S falling
2 Tck
Taus5
AU2S rising to AU2S falling
2 Tck
Taus6
AU2S rising to AU1S falling
4 Tck
Taus7 (1)
AUS falling to TMD valid (bit 0)
15 Tck
Ttmch
TMC high pulse width
Tck
Ttmcl
TMC low pulse width
Tck
Ttmc
TMC period
4 Tck
Tausout
TMC falling to TMD valid
1 Tck
2 Tck
Note (1): These timings are guaranteed when there is no request for the local bus through the BRQN input.
In addition when using slow memories, the local memory accesses may be delayed by using the LACK
input of duration d L (defined by the user). In this case Taus1 and Taus6 become Taus1+2d L and Taus7+2d L.
Table 18: AU Status Report Serial Interface Timings
57/72
MA28140
Parallel MAP Interface
MAPDSR
PAD<2..0>
PCSN
PRDY
PBUS<15..0>
MAPADT
PTD
APPLICATION
PTD
58/72
TM I/F
Status Report Telemetry Parallel Interface
PAD<2..0>
PCSN
PRDY
PBUS<15..0>
APPLICATION
Telemetry
System
MA28140
Timing
Tp1
Tp2 (1)
De scription
Min
Typ
Max
MAPDSR rising to PCSN falling
0 ns
PCSN falling to PRDY rising
- for MAP word (1)
2 Tck
17 Tck
- for CLCW word
5 Tck
- for CPDU status word
7 Tck
- for AU and FAR status word (1)
13 Tck
Tp3
PCSN high width
Tck
Tp4
PCSN rising to PRDY falling
39 ns
Tp5
PBUS hold after PCSN rising
0 ns
Tp6
PBUS valid before PRDY
Tck
Tp7
PCSN rising to MAPDSR falling
3 Tck
4 Tck
Tp8
MAPDSR low pulse width
40 Tck
Tp9 (2)
MAPADT high pulse width
2 Tck
Tp10
PAD setup to PCSN falling
Tck
Tp11
PAD hold after PCSN rising
Tck
Tp12 (2)
MAPADT rising to MAPDSR falling
Tck
Tp13
PCSN rising to PBUS tristate
31 ns
Tp14
PCSN falling to PBUS asserted
0 ns
55 ns
Note (1): These timings are guaranteed when there is no request for the local bus through the BRQN input.
In addition when using slow memories, the local memory accesses may be delayed by using the LACK
input, two extra delays shall be added to Tp2.
Note (2): These timings are exact with a variance of -10ns to +10ns.
Table 19: Parallel MAP Interface Timings
59/72
MA28140
PTD
CPDU I/F
CPDU Interface
CPDUSTN
CPDUEN
LDAT<7..0>
CPDU
External
Module
CPDUDIV
Timing
De scription
Min
Typ
Max
Tc1
LDAT setup to CPDUSTN falling
0.5 Tck
Tc2 (1) (2)
CPDUSTN low pulse width
1 Tck
Tc3
LDAT hold after CPDUSTN rising
0.5 Tck
Tc4
CPDUSTN falling to CPDUEN rising
D/2 - 3 Tck
Tc5 (2)
CPDUEN falling to CPDUSTN falling
D/2 + 1 Tck
Tc6
CPDUEN high pulse width
D + Tck
[2 X]xD + Tck
128D + Tck
D (1)
CPDUDIV = 0
40960 Tck
D (1)
CPDUDIV = 1
8192 Tck
Note (1): This timing is specified with no wait state configuration (LACK permanently asserted). The asserting of
this signal is identical with the asserting of the RAMCSN signal in a write cycle.
Note (2): These timings are exact with a variance of -10ns to +10ns.
Table 20: CPDU Interface Timings
60/72
MA28140
Timing
De scription
Min
Typ
Tr1
CLK rising to LADR valid
0 ns
Tr2
CLK falling to RWN valid
0 ns
Tr3
CLK rising to CSN asserted
0 ns
Tr4
CLK rising to CSN deasserted
0 ns
Tr5
CLK falling to RWN invalid
0 ns
Tr6
LDAT setup to CSN deasserted
100 ns
Tr7
LDAT hold after CSN deasserted
0 ns
Tr8 (1)
LACK setup to CLK falling
20 ns
Tr9 (1)
LACK hold after CLK falling
20 ns
Tr10
CSN pulse width deasserted
2 Tck
Note (1): Violation will lead to uncertainty about the number of wait states inserted.
Max
150 ns
57 ns
67 ns
68 ns
57 ns
Table 21: Memory Read Timings
61/72
MA28140
Timing
Tr12
Tr13
De scription
CLK falling to LDAT valid
CLK falling to LDAT hi-Z
Table 22: Memory Write Timings
62/72
Min
0 ns
0 ns
Typ
Max
62 ns
40 ns
MA28140
Timing
De scription
Min
Typ
Max
Tar1 (1)
BRQN falling to BGRN falling
1.5 Tck
2.5 Tck
Tar2
BRQN rising to BGRN rising
1.5 Tck
2.5 Tck
Tar3
BGRN falling to Local Bus hi-Z
20 ns
Tar4
BGRN rising to Local Bus driven
20 ns
Note (1): This timing is dependent on the activity on the local bus. It is defined here for the case when the
PTD does not use the local bus.
Table 23: Local Bus Arbitration Timings
Timing
Treset1
Treset2
Treset3
Treset4
De scription
ResetN low pulse width
ResetN asserted to local bus outputs at cold
start values (0,1;Z)
ResetN deasserted to PTD outputs at cold
start values (0,1;Z)
ResetN deasserted to end of initialisation
phase: PTD functional
Min
5 Tck
Typ
Max
60 ns
2 Tck
200 Tck
Table 24: Reset Timings
63/72
MA28140
Note: In order to use the external authentication unit, the AUDIS and AUEX signals should be set to 0 and 1 respectively.
Timing
Tau1
Tau2
Tau3
Tau4
Tau5
Tau6
Tau7
De scription
AUBUF or AUSBUF or FARBUF setup to
AUST rising
AUEND rising to AUST falling
AUBUF or AUSBUF or FARBUF hold after
AUST
AUR setup to AUEND rising
AUR hold after AUEND rising
AUST pulse width deasserted
AUEND pulse width asserted
Min
2 Tck
Typ
2 Tck
0 ns
2 Tck
2 Tck
2 Tck
2 Tck
Table 25: External AU Interface Timings
Subgroup
Definition
1
2
3
7
8A
8B
9
10
11
Static characteristics specified in Table 8 at +25°C
Static characteristics specified in Table 8 at +125°C
Static characteristics specified in Table 8 at -55°C
Functional characteristics specified in Table 10 at +25°C
Functional characteristics specified in Table 10 at +125°C
Functional characteristics specified in Table 10 at -55°C
Switching characteristics specified in Tables 11 to 25 at +25°C
Switching characteristics specified in Tables 11 to 25 at +125°C
Switching characteristics specified in Tables 11 to 25 at -55°C
Table 26: Definition of Subgroups
64/72
Max
3 Tck
MA28140
9. PACKAGE DETAILS
9.1 DIMENSIONS
Millimetres
Ref
Inches
Min.
Nom.
Max.
Min.
Nom.
Max.
A
-
-
2.59
-
-
0.102
A1
1.37
-
1.88
0.054
-
0.074
b
0.23
-
0.33
0.009
-
0.013
c
0.10
-
0.18
0.004
-
0.007
D1, D2
-
-
24.38
-
-
0.960
E
-
-
18.11
-
-
0.713
E2
-
20.32
-
-
0.800
-
e
-
0.63
-
-
0.025
-
L
6.35
-
7.11
0.250
-
0.280
XG533
Seating Plane
c
A1
A
E
D1
Pin 1
117
17
L
116
18
b
E2
D2
TOP VIEW
e
132 Lead
50
84
83
51
65/72
MA28140
9.2 PIN ASSIGNMENT
The “type” field gives the type of buffer used in the PTD:
CMOS
TTL
3STA
TTL/CMOS
TTL + 3STA
for CMOS input
for TTL input
for tri-state output
for TTL/CMOS output
for a bidirectional TTL input associated with a tri-state output
The “buffer” field gives the name of the GPS MA9000a buffer used in the PTD:
CMOSIP
TTLIP
BOP
TRIOUT
CSCHMITT
for input CMOS buffer
for input TTL buffer
for TTL/CMOS output buffer
for output tristate buffer
for input CMOS buffer with Schmitt trigger
The “pu/pd” field indicates if an internal pull up or pull down is present in the buffer.
Note: Internal pull-up or pull-down resistors should not be relied upon for proper operation and/or termination of
input levels under all operating conditions without prior consultation with GPS.
Transponde r Inte rface
signal
TCC0
TCC1
TCC2
TCC3
TCC4
TCC5
TCS0
TCS1
TCS2
TCS3
TCS4
TCS5
TCA0
TCA1
TCA2
TCA3
TCA4
TCA5
66/72
pin
82
79
75
72
68
65
81
78
74
71
67
64
80
77
73
70
66
63
I/ O
I
I
I
I
I
I
I
I
I
I
I
I
I
I
I
I
I
I
type
CMOS
CMOS
CMOS
CMOS
CMOS
CMOS
CMOS
CMOS
CMOS
CMOS
CMOS
CMOS
CMOS
CMOS
CMOS
CMOS
CMOS
CMOS
pu/ pd
PU
PU
PU
PU
PU
PU
PU
PU
PU
PU
PU
PU
PD
PD
PD
PD
PD
PD
buffe r
CSCHMITT
CSCHMITT
CSCHMITT
CSCHMITT
CSCHMITT
CSCHMITT
CSCHMITT
CSCHMITT
CSCHMITT
CSCHMITT
CSCHMITT
CSCHMITT
CSCHMITT
CSCHMITT
CSCHMITT
CSCHMITT
CSCHMITT
CSCHMITT
comme nts
Symbol Clock signal
"
"
"
"
"
"
"
"
"
"
"
"
"
"
"
Symbol Stream signal
"
"
"
"
"
"
"
"
"
"
"
"
"
"
"
Channel Active Indication
"
"
"
"
"
"
"
"
"
"
"
"
"
"
"
MA28140
Local Bus Inte rface
signal
LADR<0>
LADR<1>
LADR<2>
LADR<3>
LADR<4>
LADR<5>
LADR<6>
LADR<7>
LADR<8>
LADR<9>
LADR<10>
LDAT<0>
LDAT<1>
LDAT<2>
LDAT<3>
LDAT<4>
LDAT<5>
LDAT<6>
LDAT<7>
RWN
BRQN
BGRN
RAMCSN
ROMCSN
LACCS
LACK
pin
5
4
3
2
1
132
130
129
128
127
126
16
15
14
13
11
10
9
8
119
116
125
120
121
122
115
I/ O
O
O
O
O
O
O
O
O
O
O
O
I/O
I/O
I/O
I/O
I/O
I/O
I/O
I/O
O
I
O
O
O
O
I
type
3STA
3STA
3STA
3STA
3STA
3STA
3STA
3STA
3STA
3STA
3STA
TTL+3STA
TTL+3STA
TTL+3STA
TTL+3STA
TTL+3STA
TTL+3STA
TTL+3STA
TTL+3STA
3STA
CMOS
TTL/CMOS
3STA
3STA
3STA
CMOS
pu/ pd
pin
22
25
26
36
28
23
I/ O
O
O
O
I
O
O
type
TTL/CMOS
TTL/CMOS
TTL/CMOS
CMOS
TTL/CMOS
TTL/CMOS
pu/ pd
I/ O
O
O
I
type
TTL/CMOS
TTL/CMOS
CMOS
pu/ pd
PD
PD
PD
PD
PD
PD
PD
PD
PU
PU
buffe r
TRIOUT
TRIOUT
TRIOUT
TRIOUT
TRIOUT
TRIOUT
TRIOUT
TRIOUT
TRIOUT
TRIOUT
TRIOUT
TTLIP+TRIOUT
TTLIP+TRIOUT
TTLIP+TRIOUT
TTLIP+TRIOUT
TTLIP+TRIOUT
TTLIP+TRIOUT
TTLIP+TRIOUT
TTLIP+TRIOUT
TRIOUT
CMOSIP
BOP
TRIOUT
TRIOUT
TRIOUT
CSCHMITT
comme nts
Address bus
"
"
"
"
"
"
"
"
"
"
"
"
"
"
"
"
"
"
"
"
Data bus
" "
" "
" "
" "
" "
" "
" "
Read/Write
Bus Request
Bus Grant
Chip Select RAM
Chip Select ROM
Recovery LAC access
Acknowledge
buffe r
BOP
BOP
BOP
CSCHMlTT
BOP
BOP
comme nts
MAP strobe
MAP clockout
MAP data set ready
MAP data term. ready
MAP serial data
MAP abort data
buffe r
BOP
BOP
CMOSIP
comme nts
Strobe signal
Pulse output
Clock dividing
Map Inte rface
signal
MAPSTN
MAPCK
MAPDSR
MAPDTR
MAPDATA
MAPADT
PU
CP DU Inte rface
signal
CPDUSTN
CPDUEN
CPDUDIV
pin
29
30
54
PD
67/72
MA28140
Te le me try Inte rface
signal
CLCWSA
CLCWCA
CLCWDA
CLCWSB
CLCWCB
CLCWDB
CPDUS
FAR1S
FAR2S
AU1S
AU2S
TMC
TMD
pin
47
46
32
45
44
31
43
42
40
39
38
37
33
I/ O
I
I
O
I
I
O
I
I
I
I
I
I
O
type
CMOS
CMOS
TTL/CMOS
CMOS
CMOS
TTL/CMOS
CMOS
CMOS
CMOS
CMOS
CMOS
CMOS
TTL/CMOS
pu/ pd
PU
PU
buffe r
CSCHMlTT
CSCHMlTT
BOP
CSCHMITT
CSCHMITT
BOP
CSCHMITT
CSCHMITT
CSCHMITT
CSCHMITT
CSCHMITT
CSCHMITT
BOP
comme nts
CLCW status sample
CLCW status clkout
CLCW status data
Redundant CLCW
Redundant CLCW
Redundant CLCW
CPDU status sample
FAR status first sample
FAR status last sample
AU status first sample
AU status second sample
CPDU/FAR/AU status clk
CPDU/FAR/AU status data
I/ O
O
O
O
O
O
O
O
O
O
O
O
O
O
O
O
O
O
type
TTL/CMOS
3STA
3STA
3STA
3STA
3STA
3STA
3STA
3STA
3STA
3STA
3STA
3STA
3STA
3STA
3STA
3STA
pu/ pd
buffe r
BOP
TRIOUT
TRIOUT
TRIOUT
TRIOUT
TRIOUT
TRIOUT
TRIOUT
TRIOUT
TRIOUT
TRIOUT
TRIOUT
TRIOUT
TRIOUT
TRIOUT
TRIOUT
TRIOUT
comme nts
Parallel interface control line
Parallel interface data bus
Parallel interface data bus
Parallel interface data bus
Parallel interface data bus
Parallel interface data bus
Parallel interface data bus
Parallel interface data bus
Parallel interface data bus
Parallel interface data bus
Parallel interface data bus
Parallel interface data bus
Parallel interface data bus
Parallel interface data bus
Parallel interface data bus
Parallel interface data bus
Parallel interface data bus
type
CMOS
CMOS
TTL/CMOS
TTL/CMOS
CMOS
CMOS
CMOS
TTL/CMOS
TTL/CMOS
pu/ pd
PU
PD
buffe r
CMOSIP
CMOSIP
BOP
BOP
CMOSIP
CMOSIP
CMOSIP
BOP
BOP
comme nts
Internal AU bypass signal
External AU selection
AU Start signal
AU buffer signal
AU end validation signal
AU result signal
AU tail length select
AU Status Buffer
FAR buffer
PU
PU
PU
PU
PU
PU
PU
PU
P aralle l Inte rface
signal
PRDY
PBUS<0>
PBUS<1>
PBUS<2>
PBUS<3>
PBUS<4>
PBUS<5>
PBUS<6>
PBUS<7>
PBUS<8>
PBUS<9>
PBUS<10>
PBUS<11>
PBUS<12>
PBUS<13>
PBUS<14>
PBUS<15>
pin
86
106
105
104
103
101
100
99
98
96
95
94
93
91
90
89
88
Authe ntication Inte rface
signal
AUDIS
AUEXT
AUST
AUBUF
AUEND
AUR
AUTSL
AUSBUF
FARBUF
68/72
pin
109
113
84
85
112
111
110
50
49
I/ O
I
I
O
O
I
I
I
O
O
PD
PD
PU
MA28140
Misce llane ous
signal
RFAVN
VCLSB
TMMOD
PAR
RESETN
CLK
PRIOR
TEST
MODE
CONF
SELTC<0>
SELTC<1>
SELTC<2>
DECOD
pin
61
60
58
51
52
53
59
114
57
56
21
20
19
27
I/ O
I
I
I
I
I
I
I
I
I
I
O
O
O
O
type
CMOS
CMOS
CMOS
CMOS
CMOS
CMOS
CMOS
CMOS
CMOS
CMOS
TTL/CMOS
TTL/CMOS
TTL/CMOS
TTL/CMOS
pu/ pd
PU
PD
PD
PD
PU
PU
PD
PD
PD
PD
buffe r
CSCHMITT
CMOSIP
CMOSIP
CMOSIP
CSCHMITT
CSCHMITT
CMOSIP
CMOSIP
CMOSIP
CMOSIP
BOP
BOP
BOP
BOP
comme nts
Physical interface status
VCId differentiation
TM mode select
Parallel/serial selection
Reset
Clock
Priority mode
To be connected to VSS
To be connected to VSS
To be connected to VSS
Selected Channel
Selected Channel
Selected Channel
Decode state
pin
6
12
18
35
48
62
76
87
97
107
117
124
7
17
24
34
41
55
69
83
92
102
108
118
123
131
I/ O
type
pu/ pd
buffe r
comme nts
VDD power supply
VDD power supply
VDD power supply
VDD power supply
VDD power supply
VDD power supply
VDD power supply
VDD power supply
VDD power supply
VDD power supply
VDD power supply
VDD power supply
VSS power supply
VSS power supply
VSS power supply
VSS power supply
VSS power supply
VSS power supply
VSS power supply
VSS power supply
VSS power supply
VSS power supply
VSS power supply
VSS power supply
VSS power supply
VSS power supply
P owe r S upply
signal
VDD
VDD
VDD
VDD
VDD
VDD
VDD
VDD
VDD
VDD
VDD
VDD
VSS
VSS
VSS
VSS
VSS
VSS
VSS
VSS
VSS
VSS
VSS
VSS
VSS
VSS
69/72
MA28140
10. RADIATION TOLERANCE
Total Dose Radiation Testing
For product procured to guaranteed total dose radiation
levels, each wafer lot will be approved when all sample
devices from each lot pass the total dose radiation test.
The sample devices will be subjected to the total dose
radiation level (Cobalt-60 Source), defined by the ordering
code, and must continue to meet the electrical parameters
specified in the data sheet. Electrical tests, pre and post
irradiation, will be read and recorded.
GEC Plessey Semiconductors can provide radiation
testing compliant with Mil-Std-883 method 1019 Ionizing
Radiation (total dose) test.
Total Dose (Function to specification)*
1x105 Rad(Si)
Transient Upset (Stored data loss)
5x1010 Rad(Si)/sec
Transient Upset (Survivability)
>1x1012 Rad(Si)/sec
Neutron Hardness (Function to specification)
>1x1015 n/cm2
Single Event Upset**
<1x10-11 Errors/bit day
Latch Up
Not possible
* Other total dose radiation levels available on request
** Worst case galactic cosmic ray upset - interplanetary/high altitude orbit
Table 27: Radiation Hardness Parameters
11. ORDERING INFORMATION
Unique Circuit Designator
Radiation Tolerance
MAx28140xxxxx
Radiation Hard Processing
S
100 kRads (Si) Guaranteed
R
Q 300 kRads (Si) Guaranteed
H 1000 kRads (Si) Guaranteed
QA/QCI Process
(See Section 9 Part 4)
Test Process
(See Section 9 Part 3)
Package Type
F
N
Flatpack (Solder Seal)
Naked Die
Assembly Process
(See Section 9 Part 2)
Reliability Level
For details of reliability, QA/QC, test and assembly
options, see ‘Manufacturing Capability and Quality
Assurance Standards’ Section 9.
70/72
L
C
D
E
B
S
Rel 0
Rel 1
Rel 2
Rel 3/4/5/STACK
Class B
Class S
MA28140
12. SYNONYMS
AD
Accepted Data Frame (accepted by the FARM)
NRZ(-L)
Non Return to Zero (Level)
ASIC
Application Specific Integrated Circuit
N(S)
Frame Sequence Number of a transmitted TC Frame
AU(S)
Authentication Unit (Status)
NW
Negative Window
BC
Bypass Control Frame
PLOP
Physical Layer Operation Procedure
BD
Bypass Data Frame
PSK
Phase Shift Keying
CCSDS
Consultative Committee for Space Data Systems
PSS
Procedures, Specification and Standards
CLCW
Command Link Control Word
PTD
Packet Telecommand Decoder
CLTU
Command Link Transmission Unit
PW
Positive Window
CPDU(S)
Command Pulse Distribution Unit (Status)
RAM
Random Access Memory
CRC
Cyclic Redundant Code
RF
Radio Frequency
ESA
European Space Agency
ROM
Read Only Memory
FAR
Frame Analysis Report
EEPROM
Electrically Erasable Programmable ROM
FARM
Frame Acceptance and Reporting Mechanism
SEU
Single Event Upset
GPS
GEC Plessey Semiconductors
SOS
Silicon On Sapphire
ID
Identifier
TC
Telecommand
LAC
Logical Authentication Channel
TM
Telemetry
LFSR
Linear Feedback Shift Register
VC
Virtual Channel
LSB
Least Significant Bit
VCM
Virtual Channel Multiplexer
MAP
Multiplexed Access Point
V(R)
The next expected TC frame sequence number
MSB
Most Significant Bit
W
FARM Sliding Window Width (variable of the FARM)
NOP
No Operation
13. APPLICATIONS
Note 1: Failure/Problem Description
The CPDU I/F generates continuously false output signals in
the event that "External Authentication" and "0 octet AU
Trailers" are used (i.e. AUDIS='0', AUEXT='1' and
AUTSL='1'). This malfunction is particularly critical for
applications using the CPDU I/F for its intended purpose to
handle emergency situations.
After generating a first sequence or correct output signals,
the state machine driving the CPDU I/F will get caught in a
never-ending loop of states and continue to generate false
(pseudo-random) output signals until the PTD is reset by
RESTN='0' or AUDIS='1'. No other command will stop the
erroneous outputs of the CPDU I/F.
Recommended action by users
The following combination of signal states must not be used :
AUDIS='0', AUEXT='1' and AUTSL='1'. This can be ensured
by either hardwiring on the PCB or appropriate SW
provisions. All users are strongly advised to validate the
functionality of the CPDU I/F operation for their choice of
operation modes.
71/72
MA28140
http://www.dynexsemi.com
e-mail: [email protected]
HEADQUARTERS OPERATIONS
DYNEX SEMICONDUCTOR LTD
Doddington Road, Lincoln.
Lincolnshire. LN6 3LF. United Kingdom.
Tel: 00-44-(0)1522-500500
Fax: 00-44-(0)1522-500550
DYNEX POWER INC.
Suite 410, 99 Bank Street,
Ottawa, Ontario, Canada K1P 6B9.
Tel: 613.723.7035
Fax: 613.723.1518
Toll Free: 1.888.33.DYNEX (39639)
CUSTOMER SERVICE CENTRE
Tel: +44 (0)1522 500500. Fax: +44 (0)1522 502777
SALES OFFICE
Tel: +44 (0)1522 500500. Fax: +44 (0)1522 502777
These offices are supported by Representatives and Distributors in many countries world-wide.
© Dynex Semiconductor 2001 Publication No. DS3839-7 Issue No.7.0 September 2001
TECHNICAL DOCUMENTATION – NOT FOR RESALE. PRINTED IN UNITED KINGDOM
Datasheet Annotations:
Dynex Semiconductor annotate datasheets in the top right hard corner of the front page, to indicate product status. The annotations are as follows:Target Information: This is the most tentative form of information and represents a very preliminary specification. No actual design work on the product has been started.
Preliminary Information: The product is in design and development. The datasheet represents the product as it is understood but details may change.
Advance Information: The product design is complete and final characterisation for volume production is well in hand.
No Annotation: The product parameters are fixed and the product is available to datasheet specification.
This publication is issued to provide information only which (unless agreed by the Company in writing) may not be used, applied or reproduced for any purpose nor form part of any order or contract nor to be regarded
as a representation relating to the products or services concerned. No warranty or guarantee express or implied is made regarding the capability, performance or suitability of any product or service. The Company
reserves the right to alter without prior notice the specification, design or price of any product or service. Information concerning possible methods of use is provided as a guide only and does not constitute any
guarantee that such methods of use will be satisfactory in a specific piece of equipment. It is the user's responsibility to fully determine the performance and suitability of any equipment using such information and
to ensure that any publication or data used is up to date and has not been superseded. These products are not suitable for use in any medical products whose failure to perform may result in significant injury
or death to the user. All products and materials are sold and services provided subject to the Company's conditions of sale, which are available on request.
All brand names and product names used in this publication are trademarks, registered trademarks or trade names of their respective owners.
72/72