MA28140 MA28140 Packet Telecommand Decoder ■ Built-in Command Pulse Distribution Unit Core Logic ■ Radiation Hard to 1MRads (Si) ■ High SEU Immunity, Latch-up Free 12 14 TCC0-5 TCS0-5 TCA0-5 VDD GND PTD CPDUSTN CPDUEN CPDUDIV MAPSTN MAPCK MAPDSR MAPDTR MAPDATA MAPADT MAP Interface ■ Built-in Authentication Unit Trans- Power ponder Interface ■ Single Chip Implementation of all TC Decoder Core Functions AUDIS AUEXT AUST AUBUF AUEND AUR AUTSL AUSBUF FARBUF LADR(0-10) LDAT(0-7) RWN BRQN BGRN RAMCSN ROMCSN LACCS LACK CPDU Interface FEATURES Authentication Interface Some of these layers have a telemetry reporting mechanism. The processed TC segment can be transferred to the application either serially or in parallel. 144444244443 Command Pulse Distribution PRDY PBUS(0-15) Local Bus Interface Authentication Layer Parallel Interface Segmentation Layer RFAVN VCLSB TMMOD PAR RESETN CLK PRIOR TEST MODE CONF SELTC(0-2) DECOD 123 144424443 Transfer Layer CLCWSA CLCWCA CLCWDA CLCWSB CLCWCB CLCWDB CPDUS FAR1S FAR2S AU1S AU2S TMC TMD Miscellaneous Coding Layer 1444442444443 123 144424443 123 123 Telemetry Interface The MA28140 Packet Telecommand Decoder (PTD) is a single-chip implementation of the core part of a telecommand decoder, manufactured using CMOS-SOS high performance, radiation hard, 1.5µm technology. The PTD is a full implementation of and fully compliant with the packet telecommand standard ESA PSS-04-107 and the telecommand decoder specification ESA PSS-04-151, these being derived from the corresponding CCSDS standards. The PTD, which handles 6 NRZ TC input channels, processes the following layers: DS3839-7.0 September 2001 142443 Replaces June 2000 version, DS3839-6.1 ■ CMOS-SOS Technology ■ Conforms to CCSDS Standards Pin connections ■ 6 NRZ TC Input Channels ■ 50Kbps Bit Rate ■ Low Power Consumption ■ Single 5V Supply ■ -55 to +125°C Operation 1/72 MA28140 CONTENTS 1. INTRODUCTION Page Front sheet ............................................................................ 1 1. Introduction ....................................................................... 2 2. TC Decoder Subsystem Overview .................................... 3 3. PTD Architectural Overview .............................................. 4 4. PTD Functional Description 4.1 Coding Layer ....................................................... 6 4.2 Transfer Layer ..................................................... 9 4.3 Authentication Layer .......................................... 15 4.4 Segmentation Layer ........................................... 21 CONVENTION 4.5 CPDU ................................................................. 22 In this document the two conventions described in references 1 and 2 apply: 4.6 Telemetry Reporting .......................................... 24 5. PTD Interfaces 5.1 Physical Channel Interface ................................ 27 5.2 MAP Interface .................................................... 27 5.3 Telemetry Interface ............................................ 30 5.4 Parallel Interface ................................................ 34 5.5 CPDU Interface .................................................. 35 5.6 Local Bus Interface ............................................ 36 5.7 Memories ........................................................... 36 5.8 External Authentication ...................................... 41 6. State After Reset ............................................................. 42 7. Signal Description ........................................................... 44 8. Electrical Characteristics and Ratings 8.1 DC Parameters .................................................. 47 8.2 AC Parameters .................................................. 48 9. Package Details 9.1 Dimensions ........................................................ 65 9.2 Pin Assignment .................................................. 66 10. Radiation Tolerance ...................................................... 70 11. Ordering Information ..................................................... 70 12. Synonyms ..................................................................... 71 REFERENCES 1. “Packet Telecommand Standard” ESA PSS-04-107, Issue 2, April 92. 2. “Telecommand Decoder Specification” ESA PSS-04-151, Issue 1, September 93. 2/72 This document is the data sheet of the “Packet Telecommand Decoder”, henceforth called the PTD. The PTD is compatible with the ESA PSS-04-107 standard directly derived from the CCSDS recommendations. This standard is described in references 1 and 2. The data sheet is based on both documents for the description of the protocol. Nevertheless, it was impossible to include the whole reference documents in the data sheet, thus some specific points of the protocol or some descriptions of the recommended hardware implementation have not been included. The reader may find these points in the applicable documents. 1. The first bit in the field to be transmitted (i.e. the most left justified bit when drawing a figure) is defined to be Bit 0. When the field is used to express a binary value, the Most Significant Bit (MSB) shall be the first transmitted bit of the field (i.e. Bit 0). Bit 0 Bit N-1 N Bit Data Field MSB ← First Bit transmitted = MSB LSB Note: Some of the external interfaces have parallel busses (LADR, LDAT, PBUS, SELTC) which have the opposite bit order specified, i.e. Bit 0 is The Least Significant Bit. 2. An 8-bit word (a byte) is called an OCTET. MA28140 Local Bus ROM External Authentication Unit Configuration Authentication RAM Back-up Power Supply TC input NRZ or PSK (6 max) Transponder I/F PTD Clock CPDU I/F Command Pulses (256 max) MAP Demultiplexer I/F Serial Data link (62 max) Telemetry I/F Figure 1: Block Diagram of a TC Decoder Subsystem 2. TC DECODER SUBSYSTEM OVERVIEW An ESA/CCSDS Telecommand Decoder subsystem including the PTD and fulfilling the receiving-end functions established in the Packet Telecommand Standard (ref 1) is shown in Figure 1. The PTD requires the following additional hardware to fulfil the requirements of the Telecommand Decoder Specification (ref 2): • Transponder I/F including demodulators for PSK TC inputs. • Telemetry I/F. The telemetry reporting signals can be directly connected to a Virtual Channel Multiplexer (ref 3). • Command Pulse Distribution Unit I/F. This function performs decoding of commands present on the local bus and power amplification. The PTD ASIC associated with the CPDU I/F can manage 256 pulse outputs. • Memories. There are 2 different memories: - RAM (2Kx8) used to store the received TC data and protocol variables (programme authentication key for instance) and eventually to store the TC segment available for further processing by the Data Management System. If this memory is used to store the recovery LAC counter (Authentication function), it must be a non-volatile memory. - ROM (1Kx8) divided in two parts: - Configuration part, used to provide the Mission Specific Data. - Authentication part, used to provide the fixed Authentication key. • External Authentication Unit (optional). Although an AU is implemented in the PTD, it is also possible to use an external AU if the mission requires a different authentication algorithm. This external unit accesses the RAM in order to authenticate a TC segment. • MAP demultiplexer I/F. This interface is composed of a demultiplexer to provide the TC segment data to various Data Management System interfaces. The demultiplexer is controlled by the MAP data present on the Local Bus. The PTD ASIC can manage 62 different serial data interfaces (63 if AU is disabled). 3/72 MA28140 3. PTD ARCHITECTURAL OVERVIEW AUTHENTICATION UNIT BLOCK Figure 2 describes the PTD functional architecture which features 7 major blocks described below. Figure 3 shows the CCSDS protocol layer architecture. The PTD deals with the Coding Layer, the Transfer Layer, the Authentication Layer, the Segmentation Layer and a part of the Packetisation Layer of the CCSDS protocol. This block (which is optional and can be disabled permanently or during flight) is concerned with the segment data protection, it enables the spacecraft to authenticate the received data. The authentication concept is the “plain text with appended signature” approach, described in Section 8 of ref. 2. In the PTD architecture this function is implemented on chip. However, a specific interface allows authentication to be performed externally - if another coding algorithm is to be used, the on-chip block can be disabled and an external authentication system can be used. The block generates a reporting word (Authentication Status = 80 bits) and part of the 32 bit FAR. CODING LAYER BLOCK The coding layer block multiplexes the 6 physical TC channel inputs and fulfils the coding layer function described in section 5 of ref.1. The main tasks performed by the PTD at this level are: • Start sequence detection and selection of the first active TC input. • Codeblock error detection and correction. • Valid codeblock transfer to the above layer. • Generation of part of the FAR and CLCW status. SEGMENTATION LAYER BLOCK TRANSFER LAYER BLOCK This level is concerned with the processing of the frames received from the coding layer and fulfils the transfer layer function described in section 6 of ref.1. At this level, the PTD performs the following tasks: This block implements only some of the segmentation layer functions described in section 7 of ref.1. Its purpose is to manage the back-end buffer shared with the FARM-1 block of the transfer layer and to implement the MAP interface in order to demultiplex (with external hardware) the segments dedicated to the different spacecraft applications. • Clean frame validation. • Legal frame validation. • Frame analysis report mechanism. • Reporting word (16 bit CLCW and part of 32 bit FAR) generation. EXTERNAL BUS 6447448 DATA CTL AD 8 FAR28...30 AUS0...79 11 CLCW CPDUS BUS CONTROLLER adr AUTHENTICATION UNIT TELEMETRY MODULE FAR TM interface AUS INTERNAL BUS control data CLK DATA ACTIVE 6 6 6 CODING LAYER BLOCK CLEAN FRAME VALIDATION BLOCK LEGAL FRAME VALIDATION BLOCK FARM-1 BLOCK SEGMENTATION LAYER BLOCK COMMAND PULSE DISTRIBUTION UNIT TRANSFER LAYER FAR7...12 FAR13...15 FAR18...20 FAR1...3 FAR4...6 FAR16,17 FAR1...3 CLCW0...15 FAR21...26 MAP interface Figure 2: PTD Internal Architecture 4/72 CPDUS0...15 MA28140 EXAMPLE : 256 OCTETS PACKETISATION LAYER PACKET HEADER PACKET ERROR CONTROL PACKET DATA 1 OCTET 248 OCTETS 1 8 SEGMENTATION LAYER SEGMENT HEADER FIRST PACKET SEGMENT SEGMENT HEADER LAST PACKET SEGMENT 5 249 (MAX.) 2 TRANSFER LAYER FRAME HEADER FRAME DATA FIELD FRAME ERROR CONTROL CODING LAYER (CODEBLOCK LENGTH = 8 OCTETS) PHYSICAL LAYER (ESA PLOP-2) 2 7 1 START SEQUENCE INFORMATION ERROR CONTROL CODEBLOCK No.1 7 5 1 1 E.C. E.C. CODEBLOCK No.2 2 9 FRAME FRAME FRAME DATA ERROR HEADER FIELD CONTROL 7 1 4 E.C. CODEBLOCK No.36 3 FILL 1 8 TAIL E.C. SEQUENCE CODEBLOCK No.37 16 OCTETS 306 OCTETS MIN. 1 OCTET 34 OCTETS ACQUISITION SEQUENCE FIRST CLTU IDLE SEQUENCE LAST CLTU IDLE SEQUENCE (OPTIONAL) Figure 3: CCSDS Protocol Layer Architecture COMMAND PULSE DISTRIBUTION UNIT The CPDU is integrated into the PTD ensuring higher reliability for this critical function (direct telecommand for spacecraft reconfiguration) than if implemented in an external chip. The critical commands executed by the CPDU are received in specific packets. The CPDU responds to the MAP identifier 0, and to a mission dependent application process identifier (stored in ROM). No segmentation is accepted, the commands must be contained in an unsegmented package. The unit generates a reporting word (CPDU Status = 16 bits). BUS CONTROLLER This block is the interface between external memories and on chip modules. Its different functions are: • address decoding. • internal and external bus access arbitration. TELEMETRY MODULE This block is the interface with the telemetry subsystem. It manages the data report storage using double buffered registers. 5/72 MA28140 4. PTD FUNCTIONAL DESCRIPTION 4.1 CODING LAYER Overview of the Layer The coding layer provides the forward error correction capability and synchronisation services used by the Transfer layer. Each Transfer Frame is encoded/embedded in one CLTU (Command Link Transmission Unit), which is the protocol-data unit of the coding layer. At the receiving end of the Coding Layer, a “dirty” symbol stream (plus control information on whether the physical channel is active or inactive) is received from the layer below. Searching for the Start Sequence, the coding layer finds the beginning of a CLTU and decodes the TC Codeblocks. As long as no errors are detected, or errors are detected and corrected, the coding layer passes “clean” octets of data to the Transfer layer. Should any codeblock contain an uncorrectable error, this Codeblock is abandoned and considered as Tail Sequence, no further data is passed to the layer above and the Coding Layer returns to a Start Sequence searching mode until it detects one. The coding layer also generates part of the CLCW and FAR status. The PTD can handle up to 6 TC input interfaces, the data bit rate on these inputs should not exceed 50 Kbits per second when using the Authentication Unit. If the Authenication unit is not used the symbol rate could exceed 200kBits/sec (not guaranteed). Standard Data Structures Within the Layer A CLTU is made up of three distinct protocol data elements: - one 16-bit Start Sequence, - one or more TC Codeblocks of a fixed length of 8 octets to encode the protocol data unit from the layer above, - one Tail Sequence of length equal to that of the TC Codeblock, i.e. 8 octets. Start Sequence First Codeblock 16 Bits •••••••••• Last Codeblock Variable Number of Codeblocks Tail Sequence 8 Octets The Start Sequence marks the beginning of the TC Codeblock field within a CLTU. It consists of a 16-bit synchronisation pattern represented in hexadecimal as EB90, where the first transmitted octet is EB. The TC Codeblock field consists of one or more TC Codeblocks. The codeblock length of received data is fixed and set to 8 octets (information field: 7 octets). P0 (MSB) Information Field 7 Octets 6/72 P6 P7 (LSB) Error Control Field 7 parity bits Filler Bit 1 Octet The Tail Sequence marks the end of the TC Codeblock Field within a CLTU. The length of the Tail Sequence is that of a TC Codeblock. Reference 1 specifies that its pattern should be alternating “zeros” and “ones”, ending with a “one” (55 .... 55 in hexadecimal), but any double error codeblock, or single error codeblock with filler bit equal to 1 will be interpreted as Tail Sequence by the PTD. Synchronization and TC Input Selection Synchronization is performed by searching for the Start Sequence simultaneously on all active TC inputs. The Start Sequence detection allows one bit error anywhere in the 16-bit pattern. Furthermore due to NRZ coding ambiguity on the incoming bit stream, it is possible to detect the inverted Start Sequence pattern in order to choose between positive or negative representation for further NRZ data processing. If an inverted Start Sequence is detected, the following bit stream is inverted until the Tail Sequence is encountered. Two different modes to perform the TC channel selection are supported, selectable with the PRIOR configuration input: Standard Mode (PRIOR = 0), in which all TC inputs TC0 to TC5 have the same priority, and the search for a Start Sequence is performed on all active TC channels simultaneously. Priority Mode (PRIOR = 1), in which two inputs are assigned an absolute priority. Note: This mode is not compliant with Ref. 1, and is intended for applications with specific requirements on unconditional access to the TC decoder. If this mode is used, a thorough analysis of potential failure modes and the built-in timeout mechanisms is recommended. Standard Mode The TC input selection locks the selection multiplexer on the first TC channel where the Start Sequence is found. The selection mechanism is restarted once a Tail Sequence or a codeblock rejection has been detected. Furthermore, as a protection mechanism in case of RF receiver breakdown, a timeout mechanism is provided; if the TC channel clock is not detected during a certain time, the TC selection mechanism is reactivated in order not to remain lacked on a Channel without a clock signal. The timeout value between two successive edges of the TC channel clock is: 3932160 tCK < TC clock timeout < 4587520 tCK, with tCK being the system clock period. With a system clock frequency fCK of 4MHz this equals 0.98s <TC clock timeout < 1.15s. MA28140 Codeblock Decoding Priority Mode In this mode two inputs have priority, according to the following rule: TC0 > TC1 > TC2 = TC3 = TC4 = TC5. When neither the TC0 input nor the TC1 input is active, the selection between the inputs TC2 to TC5 is performed as in the Standard Mode. As soon as the TC active signal of TC0 is asserted, this TC input is selected, and the 5 other channels are inhibited. In case another input was already selected and receiving data, it is abandoned. The TC0 input remains selected until one of the following events: a1: its TC active signal becomes inactive, or b1: its bit clock has not been received for a period equal to the TC clock timeout, or c1: no Start Sequence has been detected for a period equal to the TC active timeout, or d1: a Tail Sequence or a codeblock rejection has occurred. Upon events (a1) and (d1), the selection logic returns to the search state. Upon events (b1) and (c1), the TC0 input is ignored (i.e. considered inactive) until the event (a1) occurs. When the TC0 input is inactive (including the case of a timeout as described above), as soon as the TC active signal of TC1 is asserted, this TC input is selected, and the lower priority inputs TC2 to TC5 are inhibited. In case any of these inputs was already selected and receiving data, it is abandoned. The TCl input remains selected until one of the following events. a2: its TC active signal, becomes inactive, or b2: its bit clock has not been received for a period equal to the TC clack timeout, or c2: no Start Sequence has been detected for a period equal to the TC active timeout, or d2: a Tail Sequence or a codeblock rejection has occurred, or e2: the TCO active signal is asserted. Upon events (a2) and (d2), the selection logic returns to the search state. Upon events (b2) and (c2), the selection logic ignores the TC1 input until event (a2) occurs. Upon event (e2) the TCl input is inhibited and the TC0 input is selected as previously described. The TC clock timeout value between two successive edges of the TC channel clock is: 3932160 tCK < TC clock timeout < 4587520 tCK. With a system clock frequency fCK of 4 MHz this equals 0.98s <TC clock timeout < 1.15s. The TC active timeout value between two successive Start Sequence patterns being detected is 334233600 tCK < TC active timeout < 335399960 tCK. With a system clock frequency fCK of 4MHz this equals 83.5s < TC active timeout < 83.9s. Codeblock decoding is performed for each received codeblock. At the sending end, a systematic block coding procedure processing 56 bits per Codeblock and generating 7 parity check bits per Codeblock is used. The parity check bits are then complemented and placed into the codeblocks: P0 (MSB) through P6 are located in the first seven bits (MSBs) of the last octet of the codeblock. The last bit of the last octet, P7 (LSB), is a filler bit appended to complete the 8-bit Error Control Field. This Filler Bit should normally be a zero, except for the Tail Sequence. The code is a (63,56) modified Bose-ChaudhuriHocquenghem (BCH), based on the following polynomial generator: g(x)=x7+x6+x2+1. A single error correction & double error detection mode is provided by using this code. The following table describes the Decoding Strategy of the codeblocks: ERRORS DETECTED no errors FILLER BIT VALUE ignored even number of errors ignored odd number of errors with a binary syndrome value equal to all zeros odd number of errors with a binary syndrome value different from all zeros odd number of errors with a binary syndrome value different from all zeros ignored DECISION codeblock accepted codeblock rejected codeblock rejected 0 codeblock accepted correction of a single error codeblock rejected 1 CLTU Management CLTU decoding consists of the states and events summarized in the following table and state diagram: E4 E1 S1 INACTIVE S2 SEARCH E3 E2(b) S3 DECODE E2(c) E2(a) Figure 4: CLTU Decoder State Diagram 7/72 MA28140 State Number S1 State Name INACTIVE S2 SEARCH S3 DECODE Event Number E1 Event Name CHANNEL ACTIVATION E2 (a) (c) CHANNEL DEACTIVATION CLTU ERROR (b) E3 E4 START SEQUENCE FOUND CODEBLOCK REJECTION State Definition All telecommand channels are inactive (no bit lock is achieved) or no bit modulation is detected. Incoming bit stream is searched, bit by bit, for the Start Sequence pattern. Codeblocks, which are either free of error or which can be corrected, are received and decoded, and their information octets are transferred to the layer above Event Definition Bit modulation is detected and bit lock is achieved: telecommand bit stream is present Deactivation of the TC Active Signal More than 37 codeblocks accepted in the CLTU or Timeout on the TC Clock signal or Activity on a channel having higher priority in priority mode The Start Sequence pattern has been detected, signalling the beginning of the first codeblock of the CLTU A codeblock is found uncorrectable (erroneous codeblock or tail sequence). No information octet from this codeblock is transferred to the layer above Codeblock transfer is performed in a serial way to the above layer (Transfer layer). Two indication signals are provided to the above layer - one indicating the whole frame duration, the other asserted each time a 7 octets block is being transferred. The following rules apply to the data transfer between the Coding Layer and the Transfer Layer: • When the first Candidate Codeblock is affected by an event E4 or by an event E2, the CLTU is abandoned. No Candidate Frame is transferred to the Transfer Layer. • When the first Candidate Codeblock is found to be error free, or if it contained one error which has been corrected, its information octets (i.e. 7 octets) are transferred to the Transfer Layer. The decoding of the CLTU continues until one of the following events occurs: 1- when an event E4 (codeblock rejection) occurs for any of the 37 possible Candidate Codeblocks the decoder returns to the search state S2 with the following actions: - The codeblock is abandoned - No information from that codeblock is transferred to the layer above - The Coding Layer indicates to the Transfer Layer the end of transfer of the Candidate Frame. 2- when an event E2 (channel deactivation) occurs the decoder returns to the inactive state (for the channel) with the following actions: - The CLTU is aborted, - The CLTU is reported as abandoned, - A signal is sent to the Transfer Layer to indicate that the entire block of octets making up the Candidate Frame must be erased. 8/72 3- When an event E2(b) (CLTU error) occurs, the decoder returns to the search state with the following actions: - The CLTU is aborted, - The CLTU is reported as abandoned, - A signal is sent to the Transfer Layer to indicate that the entire block of octets making up the Candidate Frame must be erased. A CLTU error occurs in the following cases: - More than 37 codeblocks have been accepted in the CLTU, - A timeout on the TC clock signal occurs, - Activity on a channel having higher priority is detected in priority mode. The DECOD output is activated when the CLTU decoder state is S3. MA28140 • Virtual channel identifier. It is used as a spacecraft subidentifier. It can provide an identification of the spacecraft telecommand chain selected for operating the spacecraft. 4.2 TRANSFER LAYER Overview of the Layer The Transfer Layer implements the following sublayers: - The Frame Error Control Sublayer which ensures that only “clean” frames are transferred to the sublayer above by using a CRC error syndrome verification. - The Frame Header Sublayer verifies the conformity of the relevant frame header fields by using the Legal Frame Validation process before passing the frame to the FARM1. - The “Frame Acceptance and Reporting Mechanism One” or FARM1 ensures that frames are processed in the correct sequence. There are three types of TC transfer frames: - two types for the Sequence-Controlled Service: AD and BC frames - one type for the Expedited Service: BD frames The Sequence-Controlled Service is used for normal spacecraft communications. It concerns essentially TC Transfer Frames carrying TC segments: the AD frames. To configure the AD machine, special control frames are used called BC frames. The Expedited Service is used for recovery in the absence of the telemetry downlink or during unexpected situations. It is only concerned with TC transfer frames carrying TC segments: the BD frames. Standard Data Structures Within the Layer The major fields of the TC Transfer Frame are shown below: 5 octets Frame Header 1 to 249 octets Frame Data Field 2 octets Frame Error Control Field Frame Header • Frame length. This field specifies the number of octets contained within the entire TC transfer frame: Field Value = (Total number of octets) - 1 • Frame sequence number. This number is denoted as N(S). It is set to different values: - for AD frames it should be set to the Transmitter Frame Sequence Number and it is compared to the Receiver Frame Sequence Number V(R) stored in the PTD, to control the transfer of a sequence of frames (see the FARM-1 process) - for BC and BD frames it should be set to all zeros. Except for the bypass and control command flags, the values of the first three header octets are programmed in the external ROM. In the abbreviations AD, BD and BC, A stands for Acceptance check of N(S), B stands for Bypass of A, C stands for Control and D stands for Data. AC is an illegal combination because Control Commands cannot reliably use a transfer service which they are meant to modify. Frame Data Field The frame data field is of variable length from a minimum of 1 octet to a maximum of 249 octets. When the frame is a data frame (type AD or BD), it contains a TC segment. When the frame is a BC frame, this field can contain 2 control commands to configure the FARM-1 process: • the UNLOCK command. The FARM-1 has a built in mechanism which will go into a Lockout state whenever it receives a type-AD frame containing a frame sequence number N(S) outside the limits of the FARM-1 Sliding Window. The UNLOCK command provides a mechanism to reset the Lockout condition. The UNLOCK command is encoded as a single octet with the value: 00000000. The structure of the frame header is given below: version number bypass flag 2 1 2 octets control command flag 1 reserved field A spacecraft ID 2 10 virtual channel ID 6 1 octet reserved field B A description of the fields of the frame header is given below: • Version number, Reserved field A and Reserved field B should always be 00 (ref 1). • Bypass flag and control command flags. Their values are given in the next table: Bypass Flag 0 0 1 1 Control Command Flag 0 1 0 1 Interpretation AD frames ILLEGAL BD frames BC frames • Spacecraft identifier. This field provides the identification of the spacecraft being commanded. 2 1 octet frame length 8 1 octet frame sequence number 8 • The SET V(R) command. The SET V(R) command allows V(R) to be preset to any desired value. The SET V(R) command is encoded as three octets with the values: 10000010 00000000 XXXXXXXX The value to be set into V(R) is stored in the third octet. Frame Error Field The frame error field is a mandatory 16-bit field which occupies the two trailing octets of the TC Transfer Frame. It is a cyclic redundant code (CRC) generated with the polynom X16+X12+ X5+1 with the shift register being initialised to all ones before processing each frame (refer to ref 2 for a complete description of this field). The CRC is only used for error detection by the frame and not for error correction. 9/72 MA28140 Standard Procedures Within the Layer The Clean Frame Validation Process On receiving a new frame, the Clean Frame Validation process performs the following tasks: - the number of octets in the frame is checked to be greater than 7 octets, - the transfer frame is assumed to be a version 1 frame, - the frame length field is checked to be compliant with the real number of octets of the frame, - the number of fill octets is verified to be minimum zero and maximum six, - the fill octets are removed, - the CRC error syndrome verification is carried out. All candidate frames passing all the preceding validation checks are declared clean and transferred immediately to the Legal Frame Validation process. Frames failing any of the preceding tests are declared dirty and are erased. The Legal Frame Validation Process On receiving a clean frame, the Legal Frame Validation process performs the following validation checks: - the version number is checked to be as defined in the ROM, - the reserved fields A and B are checked to be as defined in the ROM, - the value of the spacecraft ID is checked to be as defined in the ROM, - the value of the Virtual Channel ID is checked to be as defined in the ROM and by the VCLSB input, - the Bypass and Control Command flags must combine legally, - the BC frames must contain a valid control command (either UNLOCK or SET V(R)), - for a BC or BD frame the Frame Sequence Number field must be set to all zeros. The LSB of the VC ID is indirectly defined from a dedicated pin VCLSB; it allows easy configuring of a pair of redundant TC decoders. - VCLSB = 1: The VC ID LSB read from the ROM is inverted. - VCLSB = 0: The VC ID LSB read from the ROM is not inverted. All candidate frames passing all the preceding validation checks are declared legal and transferred immediately to the FARM-1 process. Frames failing any of the preceding tests are declared illegal and erased. The FARM-1 Process THE FARM-1 VARIABLES The Frame Acceptance and Reporting mechanism (FARM-1) is described by a finite state machine represented by the FARM-1 state table. The FARM-1 maintains a set of variables which are described below: • The State. This may be one of the following: - Open (S1) - Wait (S2) - Lockout (S3) This variable represents the state of the FARM-1 automaton. In Open State, the FARM-1 accepts frames and passes them to the above layer. In Wait State, there is no buffer space available in which to place any further received data of type AD. The protocols leaves the Wait State upon receipt of a buffer release signal from the Higher Layer. Lockout is entered if the protocol machine detects an error. It is a safe state in that no user data (AD frames) will be accepted or transferred to the Higher Layer. The only accepted data frames are the BD frames, but even in this case the protocol machine remains in lockout state. The protocol machine leaves the Lockout State upon receipt of an UNLOCK control command. • The Lockout Flag. This is set to 1 whenever the protocol is in the Lockout State. • The Wait Flag. This is set to 1 whenever the protocol is in Wait State. • The Retransmit Flag. This is set to 1 whenever the protocol machine knows that an AD frame has been lost in transmission or has been discarded because there was no buffer space available. This flag is reset to 0 upon the successful receipt of a frame with N(S)=V(R), the receipt of a SET V(R) control command (unless in Lockout State) or receipt of an UNLOCK control command. • FARM B counter. This is incremented whenever a valid BD or BC frame arrives. This counter is a 2 bit wraparound counter. • Receiver Frame Sequence Number V(R). This records the value of N(S) expected to be seen in the next AD frame. • The buffer management variable. The PTD maintains a flag indicating the number of the back end buffer. The AUBUF output pin provides the value of this flag (the back end and front end buffers are represented in Figure 6). The number of the TC channel on which the data stored in the back-end buffer has been received is provided on the output pins (SELTC2-0). • FARM Sliding window variables. The purpose of these are to protect FARM-1 against the unauthorised transfer of a sequence of frames such that the Frame Sequence Number N(S) of one or more of these frames will exceed the current value of the V(R) counter. The FARM Sliding Window concept applies only to AD frames. The FARM Sliding Window is defined in terms of two variables: - the width of the positive part referred to as PW - the width of the negative part referred to as NW The FARM Positive window area starts with V(R) and extends PW frames in the positive direction. The FARM Negative window starts at V(R) - 1 and extends NW frames in the negative direction. 10/72 MA28140 POSITIVE WINDOW AREA = PW DISCARD FRAME & SET RETRANSMIT FLAG 1 )+ (R V = S) ACCEPT N( FRAME & SET V(R)=V(R)+1 DISCARD FRAME & GO TO LOCKOUT STATE N(S)=V(R) N(S)=V(R)-1 DISCARD FRAME N (S )= V( R )-N W LOCKOUT AREA = 256-W N( S) =V (R )+ PW -1 NEGATIVE WINDOW AREA = NW Figure 5: The FARM Sliding Window Concept A Frame Sequence Number N(S) falls outside the FARM Sliding Window i.e. in the Lockout Area when: N(S)>V(R)+PW-1 N(S)<V(R)-NW In this case, the Lockout flag is set. When N(S) falls inside the FARM Sliding Window, one of the following three cases can occur: • First case N(S)=V(R) The frame is accepted • Second Case N(S)>V(R) and N(S)≤V(R)+PW-1 The frame is in the positive window and does not contain the expected Frame Sequence Number. The Frame is discarded and the retransmit Flag is set. • Third Case N(S)<V(R) and N(S)≥V(R)-NW The frame is in the negative window and is discarded without any other action being taken. 11/72 MA28140 THE FARM-1 PROCESS DESCRIPTION At the user end of the FARM-1 process the TC segments are delivered as a buffer of accepted data. No distinction is made between a TC segment delivered by means of an AD frame and one delivered by a BD frame. However, the management of the common FARM-1 back end buffer is affected as follows: • BD Frames: When a frame of this type is accepted by the FARM-1, the TC segment it contains shall be placed in the back end buffer of the FARM-1 even if this buffer still contains data (partially read or not ) in which case this data will be erased, an abort signal sent to the Segment Layer to signal the erasure and the new data signalled as arrived. This implies an Event E10. • AD frames: When a frame of this type is accepted by the FARM-1, the TC segment it contains is placed in the back end buffer of the FARM- 1 only when the buffer is available (empty). If the buffer still contains data, the newly arrived frame is discarded (erased) as shown by the FARM-1 state table (Event E2 in table 1). The definitions used in the FARM-1 State Table are listed below: • “Valid frame arrives” means that the Legal Frame Validation Sublayer has placed a legal frame in the front-end buffer. If the frame is a data frame (AD or BD) and if the FARM1 accepts it, the back end buffer is allocated for the data. • “Accept” for an AD frame is subject to a buffer available signal. When no back end buffer is available (Event E2) the frame is discarded. The data is then made available for the Authentication Layer, or the Segmentation Layer if Authentication is disabled. • “Accept” for a BD frame means that the TC segment is placed in the back end buffer even when this buffer still contains data, in which case this previous data is erased (event E10). The Wait concept does not apply to BD frames. The data is available for the Authentication Layer, or the Segmentation Layer if Authentication is disabled. S t a t e Na me Main Feature of State State Number E v e nt Condit ions N(S)=V(R) Valid AD frame arrives N(S)=V(R) N(S)>V(R) N(S)<V(R) i.e. inside part of sliding N(S)< A buffer is available for this frame E v e nt Numbe r E1 No buffer is available for this frame E2 and +PW-1 positive window and >V(R) E3 OPEN Normal state to accept frames (S1) WAI T Wait Flag is on S(2) LO CKO UT Lockout Flag is on S(3) OPEN Accept frame, V(R):=V(R)+1R etransmit Flag:=0 WAI T Not applicable LO CKO UT Discard Discard (S3) Discard (S2) Discard, Retransmit Flag:=1 (S2) Discard (S3) Discard (S1) (S2) (S3) (S1) Discard, Retransmit Flag:=1, Wait Flag:=1 Table 1: The FARM-1 State Table 12/72 MA28140 E v e nt Condit ions N(S)<V(R) and N(S)> (Cont') Valid V(R)-NW i.e. inside negative part of sliding window AD frame N(S)>V(R)+PW-1 and arrives N(S)<V(R)-NW i.e.outside sliding window E v e nt Numbe r E4 OPEN Discard WAI T Discard LO CKO UT Discard E5 (S1) Discard (S2) Discard (S3) Discard Lockout Flag:=1 Lockout Flag:=1 (S3) Accept, Increment FARM-B Counter (S3) Accept, Increment FARM-B Counter (S3) Accept, Increment FARM-B Counter (S1) Increment FARM-B Counter, Retransmit Flag:=0 (S2) Increment FARM-B Counter, Retransmit Flag:=0, Wait Flag:=0 (S3) Increment FARM-B Counter, Retransmit Flag:=0, Wait Flag:=0, Lockout Flag:=0 (S1) Increment FARM-B Counter, Retransmit Flag:=0 V(R):=V*(R) (S1) Increment FARM-B Counter, Retransmit Flag:=0 Wait Flag:=0 V(R):=V*(R) (S1) Increment FARM-B Counter, E9 (S1) Discard (S1) Discard (S3) Discard E10 (S1) Ignore (S1) Wait Flag:=0 (S3) Wait Flag:=0 (S1) Report value of: V(R), Lockout Flag, Wait Flag, Retransmit Flag, FARM-B Counter (S1) Report value of: V(R), Lockout Flag, Wait Flag, Retransmit Flag, FARM-B Counter (S3) Report value of: V(R), Lockout Flag, Wait Flag, Retransmit Flag, FARM-B Counter E6 Valid BD frame arrives* E7 Valid Unlock BC frame arrives E8 Valid Set V(R) to V*(R) BC frame arrives Invalid frame arrives Buffer release signal E11 CLCW report time (S2) (S1) * Note: Event E6 implies that Event E10 also occurs. When in state S2, an event E6 will lead to state S1. (S3) Table 1: The FARM-1 State Table (continued) 13/72 MA28140 Buffer Management Once the data is validated (Clean, Legal and Frame Validation processes passed), it is transferred from the frontend buffer to the back-end buffer for use by the segmentation layer. Only one back-end buffer is managed by the PTD. This mechanism is depicted in figure 6 below: N Segment Reception FRONT END BUFFER Segment n Coding and Transfer Layers Segmentation Layer Segment n-1 Applications CPDU CPDU I/F BACK END BUFFER Segment n-1 CPDU BUFFER N+1 Segment Reception BACK END BUFFER Segment n Coding and Transfer Layers Segmentation Layer Segment n+1 Applications CPDU CPDU I/F FRONT END BUFFER Segment n CPDU BUFFER Figure 6: Buffer Management 14/72 MA28140 4.3 AUTHENTICATION LAYER Overview of the Layer Structure of the Authenticated Segments This optional layer is implemented on-chip but a connection to an external Authentication Unit is also implemented in case another implementation is desired. The choice of the AU is done by means of a dedicated configuration input AUEXT: The TC segment is the protocol data unit of the Segmentation Layer. The general format of an authenticated TC Segment is specified in Section 10 of ref.1. The particular format of an authenticated TC segment for the PTD is the following: (a) The length of the signature field of the Authentication Tail is 5 octets. (b) The length of the Authentication Tail is 9 octets (5 octets for the signature + 4 octets for the LAC); the maximum length of the TC Segment is 249 octets (Segment Header (1 octet) + Segment Data Field (239 octets) + Authentication Tail (9 octets)), and its minimum length 10 octets (Segment Header (1 octet) + Authentication Tail (9 octets)). SEGMENT SEGMENT SEGMENT HEADER DATA FIELD TRAILER Sequence MAP (optional) Flags Identifier 2 bits 6 bits variable 9 octets <----------------1 octet ------------><----- from 9 to 248 octets ------> The segment trailer is optional and has a fixed length of 9 octets. The following table summarizes the management of the Segment Trailer. Ty pe of Aut he nt ic a t ion Internal AU Ty pe of Fra me S e gme nt Tra ile r External AU Authenticated frame Not authenticated frame Authenticated frame AU disable Not authenticated frame All segment trailer (9 octets length) no segment trailer segment trailer (9 octets length) if AuTsl=0, no segment trailer if AuTsl=1 no segment trailer no segment trailer The selection of MAPs that are deemed to carry authenticated TC segments takes into account the possibility to associate MAP IDs in pairs when packet re-assembly is required. Therefore, authenticated MAPs are selected by pairs, using the 5 LSBs of the MAP identifier field of the Segment Header. The selection mechanism is such that it will point at the last pair of MAP identifiers (counting upwards from MAP 0) that carries authenticated segments. The value identifying this particular pair of identifiers is called the Authenticated MAP ID Pointer and is stored in ROM. For example, selecting MAP 4 (i.e. Authenticated MAP ID Pointer = 4) means that the first 5 pairs of MAPs (i.e. MAP 0 and 32, MAP 1 and 33, MAP 2 and 34, MAP 3 and 35, MAP 4 and 36) are expected to carry authenticated TC segments. • AUEXT = 1: the internal AU is disabled and the external AU is used, • AUEXT = 0: the internal AU is used and the external AU is disabled. MAP 63 is reserved for AU configuration commands when authentication is disabled. It is possible to bypass this layer (when no authentication is required) by means of a dedicated configuration input AUDIS. In this case, segments are passed directly to the segmentation layer .The values of the AUDIS pin are: • AUDIS = 1: the internal or external AU is disabled, • AUDIS = 0: the internal or external AU is enabled. When the AU is disabled, the TC segment does not have an AU tail (the last nine octets are not deleted), the Authenticated MAP ID Pointer has no meaning and MAP 63 is considered as a standard MAP (the data is output on MAP number 63 without removing the AU tail). An 80 bit length status, AUS, is generated by this block and fetched by the telemetry system in order to send it back to the ground segment. The Authentication Processor The authentication method specified in references 1 and 2 consists of generating a 40-bit digital signature using a transformation under a secret key applied to the TC Segment. This authentication signature is appended to the TC segment and guarantees to the recipient that the TC Segment is authentic with respect to its sender and its contents. An incoming TC Segment is authenticated by performing the same transformation made by the transmitting end, and by comparing the received signature with the onboard-generated one. A functional diagram of the Authentication Processor is shown below. There are four main parts: - the Hashing Function; - the Hard Knapsack; - the Deletion Box; - the Signature Comparator. They are described in the next four subsections. Not apparent on the functional diagram of Figure 7 is the organisation of the secret Authentication Keys stored in the Authentication Processor. This is described in the section on AU Control Commands on page 18. 15/72 MA28140 THE HASHING FUNCTION THE HARD KNAPSACK One purpose of the Hashing Function is to compress the variable amount of data bits constituted by the extended message x into a pre-signature P of fixed length (60 bits). The device realising the Hashing Function is a 60-bit linear feedback shift register (LFSR), as shown in Figure 8. The 60 feedback coefficients C0, C1,......,C59 are part of the Authentication Key. The LFSR is initialised to the 60-bit value P’ = 1000....000 (where Bit P0 = 1) before the process of each authenticated TC Segment begins. P will be the value in the LFSR after the last bit of the variable-length extended message x has been shifted in. The extended message x (x = [m,l,z]) consists of the following data elements, placed one after the other in that order: The purpose of the Hard Knapsack is to ensure that it is not possible to deduce the presignature P from the signature S. The Hard Knapsack is based on the concept of the modular knapsack. It consists of 60 weights (numbered from W0 to W59, each weight being 48 bits long) and is defined by the following transformation: j=59 S' = (∑PjWj) mod 248 j=0 where the bits Pj of the presignature P select the corresponding weights Wj of the knapsack. The result is the 48-bit knapsack sum S’. The most significant bit of the sum is called S’0. THE DELETION BOX - the received message m, i.e., the TC Segment (variable from 1 to 240 octets) without the Authentication Tail; - the received LAC value l, i.e., 4 octets (2 bits of LAC ID, plus 30 bits of LAC Count); The Deletion Box deletes the 8 least significant bits of the 48-bit knapsack sum S’, i.e., bits S’40 through S’47. The result is the 40-bit authentication signature S (numbered from Bit 0 to Bit 39, as for signature s). - three octets of virtual fill z, consisting of 24 zeros. THE SIGNATURE COMPARATOR The purpose of the 24 bits of virtual fill is to ensure that the Hashing Function is provided with a minimum of data bits. The 24 bits of virtual fill z are generated by the PTD. Note that since m (the TC Segment) cannot be equal to zero, the total length of an authenticated TC Segment (i.e., [m,l,s]) cannot be smaller than 10 octets (Segment Header (1 octet) + Authentication tail (9 octets)). Anything smaller than 10 octets is rejected as being too short. TC Segment (m, l, s) The Signature Comparator compares the received 40-bit signature s with the onboard generated 40-bit signature S. m l x Hashing Function P Hard Knapsack S' Deletion Box z S s Signature Comparator Figure 7: Functional Diagram of the Authentication Processor 16/72 Signature Valid S MA28140 x (i) P0 (i) P1 (i) C0 P2 (i) C1 C2 P3 (i) P59(i) C3 C59 Figure 8: Realisation of the Hashing Function THE LAC COUNTERS THE AUTHENTICATION KEY The Authentication Key consists of: 60 x 48-bit Hard Knapsack Weights = 2880 bits = 360 octets 60 x 1-bit Hashing Function coefficients = 60 bits = 8 octets Full Authentication Key = 2940 bits = 368 octets The system includes two such 2940-bit keys: - a fixed, mission-unique Authentication Key, called the Fixed Key; - an in-flight programmable Authentication Key, called the Programmable Key. (a) Fixed Key The Fixed Key is required for start-up and emergency (recovery) operations. The Fixed Key is stored in the external ROM as part of the Mission-Specific Data. (b) Programmable Key The Programmable Key is required for all normal operations. The contents of the Programmable Key reside in the RAM where it can be modified by means of Authentication Control Commands specifically defined for that purpose. The format of these Change Programmable Key Block Control Commands, which are specified in the section on AU Control Commands (page 18), allows any 5-octet block to be modified starting at any of the 368 octet boundaries. The Supervisor The Supervisor consists of four main parts: - the Logical Authentication Channel (LAC) Registers; - the Final Authorisation Function; - the Control Command Processor; - the Deletion Function. A LAC Counter is basically a 30-bit counter which is used to associate every TC segment with an authentication sequence number. The purpose of this number is to protect the system against attacks by ensuring that identical TC segments will not have the same signature except at very large intervals of time. The LAC counter is incremented by one every time a TC segment is successfully authenticated (and only then). The LAC counter value used for authenticating each TC segment is uplinked with each signature. Three LAC Registers are provided: - one Principal LAC register (LAC ID = 00); - one Auxiliary LAC register (LAC ID = 01); - one Recovery LAC register (LAC ID = 10). Bits 0 and 1 of the LAC are fixed in order to select the LAC Register to be used for the final authorisation of a TC Segment. For what concerns the 30 bits of LAC Count (Bits 2 through 31, where the LSB is Bit 31), they are implemented as follows: - The Principal and Auxiliary LAC counters have 30 bits. - The Recovery LAC counter has 8 bits (the LSBs 24-31) whereas the remaining 22 bits (2-23) are permanently set to 1. THE FINAL AUTHORISATION FUNCTION When the received signature s of a TC Segment compares with the onboard-generated signature S, the contents of the received LAC Count field is compared with the contents of the indicated LAC Register. If both contents are found equal, there are two cases: - The TC Segment was transferred on a MAP to be authenticated with a MAP ID lower or equal to the MAP ID pointer. In this case, the TC Segment is authorised for transfer to the Segmentation Layer. They are briefly described in the next four subsections. 17/72 MA28140 - The TC Segment was transferred on MAP 63 (i.e., MAP 111111), which is dedicated to the transfer of Authentication Control Commands. In this case, the Control Command Processor is authorised to further process the TC Segment, which will never be transferred to the Segmentation Layer. In both cases, the contents of the indicated LAC Register is incremented by one. DUMMY CONTROL COMMAND The purpose of this command is to serve as NOP (No Operation) for testing purposes. After being authenticated, this Control Command will have no effect. However, since the AU has authenticated the Dummy Segment, the contents of the LAC Register used during the authorisation process have been incremented and a telemetry report prepared accordingly. THE CONTROL COMMAND PROCESSOR The function of the Control Command Processor is to execute the special TC Segments called Authentication Control Commands after being authorised by the Final Authorisation Function. The formats of the various Authentication Control Commands are specified in the section on AU Control Commands next. Any TC Segment not conforming to the specified formats (i.e., both in length and in contents) are rejected and reported as not executable. SELECT KEY CONTROL COMMANDS (a) Select Fixed Key The AU selects the Fixed Key prior to authenticating the TC Segment: - If authentication is successful, the Fixed Key remains selected. - If authentication is unsuccessful, the key previously in use remains selected. THE DELETION FUNCTION The Deletion Function deletes the Authentication Tail of all TC Segments authorised by the Final Authorisation Function. The complete authentication process is meant to be transparent to an observer placed at the receiving end of the Segmentation Layer. AU Control Commands It is necessary to differentiate TC Segments containing the Authentication Control Commands required to reconfigure the AU. This is done by allocating the TC Segment Header contents “all ones” to these particular segments, i.e.: - Sequence Flags set to 11 (Unsegmented) - MAP ID set to 111111 (MAP63) TC Segments containing the Authentication Control Commands shall always be authenticated. The formats of the Authentication Control Commands are organised in three groups as follows: - One octet of TC Segment Header for all three groups. - One octet following the Segment Header to specify the Control Command Identifier - Zero, four or eight octets of Control Command Data Field, depending on the group. Table 2 gives the complete list of Authentication Control Commands, with Group numbers, Control Command IDs and Command Names. Table 3 shows the format of the TC Segment for each Group, complete with Authentication Tail. Each Control Command is specified in the next subsections. 18/72 (b) Select Programmable Key The AU selects the Programmable Key for authentication of the TC Segment: - If authentication is successful, the Programmable Key remains selected. - If authentication is unsuccessful, the key previously in use remains selected. LOAD FIXED KEY IN PROGRAMMABLE KEY MEMORY CONTROL COMMAND This command reloads the Fixed Key set in the Programmable Key memory with a single command instruction. The key used for authenticating the TC Segment containing the Control Command will be whatever key was selected in the AU at the time the command was transmitted. SET NEW LAC COUNT VALUE CONTROL COMMAND The purpose of this Control Command is to set the value of one of the three programmable LAC Counters: Principal, Auxiliary or Recovery with LAC Identifiers 00, 01 and 10 respectively. If the LAC Identifier is set to 11, the command is not executed and reported as not executable. As soon as the TC Segment is authorised by the authentication process, the specified LAC Count value is forced into the selected LAC Register. Note that the 22 MSBs of the 30-bit Recovery LAC Register are permanently set to all ones, therefore those same bits in a Set New Recovery LAC Count Value Control Command are ignored by the AU. The key used for authenticating the TC Segment containing the Control Command will be whatever key was selected in the AU at the time the command was transmitted. MA28140 GRO UP CO NTRO L CO MMAND IDENTIFIER (8 BITS) 0000 0000 CO MMAND NAME 0000 0101 SELECT FIXED KEY 0000 0110 SELECT PRO GRAMMABLE KEY 0000 0111 0000 1001 0000 1010 LO AD FIXED KEY IN PRO GRAMMABLE KEY MEMO RY SET NEW LAC CO UNT VALUE CHANGE PRO GRAMMABLE KEY BLO CK A 0000 1011 CHANGE PRO GRAMMABLE KEY BLO CK B DUMMY GRO UP 1 GRO UP 2 GRO UP 3 Table 2: List of Authentication Control Commands 1 octet Segment Header 11111111 1 octet Control Command Identifier 00000*** 9 octets Authentication Tail LAC+Signature Group 1 Control Command, 11 Octets 1 octet Segment Header 11111111 1 octet Control Command Identifier 00001001 4 octets LAC value to be set LAC ID 2 bits 9 octets Authentication Tail LAC Count 30 bits LAC + Signature Group 2 Control Command, 15 Octets 1 octet Segment Header 11111111 1 octet Control Command Identifier 0000101* 1 octet 7 octets Start Address of Key specific pattern new 40 bit Keyblock to be encoded 9 octets Authentication Tail LAC+Signature Group 3 Control Command, 19 Octets Table 3: Formats of Authentication Control Commands (Full TC Segment) 19/72 MA28140 CHANGE PROGRAMMABLE KEY BLOCK CONTROL COMMANDS A AND B Two such Control Commands are provided to cover the full size of the Programmable Key: - Command A concerns the first 256 octet boundaries. - Command B concerns the last 112 octet boundaries. It is possible to load a 5-octet (40 bits) block starting from any of the 368 octet boundaries. Any transmission using the unused boundaries of Command B (from 113 to 255) is ignored and reported as non-executable. The key used for authenticating the TC Segment containing one of these Control Commands will be whatever key was selected in the AU at the time each Control Command was received. Once the TC Segment has been authorized by the authentication process, the TC Segment, minus the 40-bit signature s (i.e. [m,l]) is complemented and passed once more through the RAM Mapping signature-building process, i.e. through the Authentication Processor. The 24 bits of virtual fill z are inserted as before, i.e., they are not complemented, but remain all zeros. The result of the process is a 40-bit pseudo-signature which, instead of being sent to the Signature Comparator, is loaded in the Programmable Key memory, starting at the octet location indicated by the start address field, as follows: - Bits 32 through 39 of pseudo-signature at the indicated octet location; - Bits 24 through 31 of pseudo-signature at the next location (start address + 1); - And so on, until Bits 0 through 7 are loaded at location start address + 4. Any arbitary procedure can be used for changing the key, starting from any of the 368 octet boundaries. Address provided in the Control command (decimal) 000 40 W0 (40 to 47) 47 201 001 32 W0 (32 to 39) 39 202 002 24 W0 (24 to 31) 31 203 003 16 W0 (16 to 23) 23 204 004 8 W0 (8 to 15) 15 205 005 0 W0 (0 to 7) 7 206 006 40 W1 (40 to 47) 47 207 007 32 W1 (32 to 39) 39 255 16 W42 (16 to 23) 23 000 8 W42 (8 to 15) 15 367 103 0 W59 (0 to 7) 7 368 104 369 105 55 C (55 to 48) 48 36A 106 47 C (47 to 40) 40 36B 107 39 C (39 to 32) 32 36C 108 31 C (31 to 24) 24 36D 109 23 C (23 to 16) 16 36E 110 15 C (15 to 8) 8 36F 111 7 C (7 to 0) 0 300 Bank B 2FF Bank A 200 59 C (59 to 56) 56 Figure 9: Organisation of the Programmable Key Memory 20/72 Note: Bit 0 is the MSB MA28140 4.4 SEGMENTATION LAYER Segment Data Field Overview of the Layer The segment data field may vary from 0 to 248 octets maximum. When the optional Segment Trailer is used, the maximum length of the segment data field will be reduced by 9 octets. The segmentation layer provides the means to distribute several distinct streams of variable-length data units (e.g. the TC packets) to different applications by providing a number of service access points called the Multiple Access Points (MAPs). The data flow on each stream can be controlled by the receiving application using handshake control. A TC segment consists of three distinct protocol data elements: - an 8-bit segment header, the purpose of which is to identify the MAP connection and flag the sequential position of the segment relative to the complete TC Packet, - a segment data field, of maximum length 248 octets, which contains all or a portion of a TC Packet, - the 9-octet Segment Trailer specific to authenticated segments is removed by the authentication layer. Standard Data Structures Within the Layer The structure of the TC segment is given below: SEGMENT DATA SEGMENT HEADER FIELD Sequence MAP Flags Identifier 2 bits 6 bits variable <--------------- 1 octet ------------><- from 0 to 248 octets -> The following segmentation layer functions are implemented in the PTD: - the back-end buffer for the accepted TC segment. The back-end buffer is shared between the Transfer Layer and the Segmentation Layer. - the MAP interface. Upon reception of a new segment the Segment Layer performs the following operations: - Checks whether the segment is authenticated or not. - Starts the AU process if the segment is authenticated and if the AU is not disabled. The Segment Layer waits for the completion of the AU process (internal or external). A security mechanism is implemented, in case of AU locking mechanism the user can stop the AU process by activating the AU disable signal. In this case, the segment layer stops waiting for the AU completion process and the content of the back end buffer is lost. - Checks if the frame is a CPDU command (MAP 0). In this case, the CPDU layer is activated and no data is output on the MAP interface. - Checks if the frame is an AU command (MAP 63) and the AU is not disabled. In this case no data is output on the MAP interface. Segment Header The Segment Header is the first octet (octet 0) of the TC segment structure. The Segment Header is divided into two major fields as follows: - Sequence Flags (bits 0 & 1): this field is used by the segmentation protocol to indicate the sequential position of the segment relative to the complete data unit (e.g. the TC Packet). The flags are interpreted as follows: Bit 0 (MSB) 0 0 1 1 Standard Procedures Within the Layer Bit 1 1 0 0 1 - For a MAP 1 to 62 and for MAP 63 if the AU is disabled, the data is provided in serial or in parallel via the MAP interface. The MAP output frequency for serial MAP is selectable by reading a value associated with each MAP in the external ROM (see section 5.2). Interpretation First segment Continuation segment Last segment Unsegmented When the flags are set to 11 this means that the TC Segment Data Field contains an entire TC Packet. Except for the CPDU described in section 4.5, these flags are ignored by the PTD. - Multiplexed Access Point (MAP) Identifier: this 6-bit field enables up to 64 MAP connection addresses to be associated with a single Virtual Channel. The PTD supports MAP 1 to 63 as externally available MAPs. MAP 0 is dedicated to the CPDU. MAP 63, when AU is enabled, is reserved for AU commands; when the AU is disabled, MAP 63 is processed by the segment layer like a standard MAP (see section 4.3). 21/72 MA28140 A short description of the fields of the CPDU Packet is given below: 4.5 COMMAND PULSE DISTRIBUTION UNIT General Requirements The CPDU is a simple unit that is solely accessible from ground. The aim of this unit is to generate pulses to drive certain actuators (e.g. relays). The CPDU is identified by the Application Process Identifier placed in the TC Packet Header. The Application Identifier of the CPDU is programmable in ROM at addresses 006 and 007. Functional Description The CPDU receives TC segments, each segment containing a complete TC Packet. TC segments having a MAP equal to zero are carrying CPDU commands. It must be noted that if the internal AU is enabled, MAP0 segments are always authenticated. When a new segment carrying CPDU commands has arrived, two cases are possible: - the CPDU is still executing previous CPDU commands. In this case, the incoming TC segment is ignored, whether it was transferred in an AD or BD transfer frame. - the CPDU is idle. The incoming TC segment is copied from the back end buffer to the CPDU buffer for checking and execution by the CPDU. An important point must be noted: there is no packetisation layer abort command associated with the CPDU. Once it has accepted a TC Packet, the CPDU cannot release it until all command instructions specified in that packet have been executed. The CPDU performs first the clean validation process which verifies the complete packet (CRC, packet length, segmentation flags). If the clean validation process is successful, the CPDU performs the legal validation process, which checks the content of the Packet Headers. The result of the two previous verifications is reported in the 16 bits CPDU status. For a dirty or illegal CPDU Packet, the CPDU buffer is erased. The execution of the CPDU commands is possible only if all the verifications succeed. - version number: 3-bit field occupying the 3 MSBs of the packet header. To be compliant with ref.1, these 3 bits should be 000. - type bit: this bit identifies if the Packet is telemetry type (type bit = 0) or telecommand type (type bit = 1). To be compliant with ref 1, this bit should be set to 1. - data field header flag: this indicates the presence (data field header flag = 1) or absence (data field header flag = 0) of a data field header within the packet data field. To be compliant with ref 1, this bit should be set to 0. - application process identifier: this field identifies the particular process to which the CPDU Packet is sent. - sequence flags: this two-bit field indicates if the packet is a first, last or intermediate component of a higher layer data structure. For CPDU Packets, these two bits shall be equal to 11. - packet sequence count: this 14-bit field allows a particular TC Packet to be identified with respect to others occurring within a telecommand session. This field is reported in the CPDU status for clean and legal CPDU packets. - packet length: this field specifies the number of octets contained within the packet data field, by indicating the number of octets in data field minus 1. - packet data field: this field contains the CPDU commands and the CRC for packet error control. Checking the CPDU-Specific TC Packet The CPDU Packet format is shown below: PACKET HEADER (48 bits) PACKET IDENTIFICATION version number type 3 1 16 22/72 PACKET SEQUENCE CONTROL data field header flag application process ID Sequence Flags 1 11 2 PACKET LENGTH PACKET DATA FIELD (variable) DATA APPLICPACKET FIELD ATION ERROR HEADER DATA CONTROL Packet Name or Sequence Count 14 16 16 variable variable 16 MA28140 The CPDU Packet is checked in two steps: the clean validation process and the legal validation process. The clean verification process performs the following tests: - correct CRC (last two octets of the Packet contain a 16-bit CRC calculated using the same algorithm as used for the TC transfer frame, see section on transfer frame) to verify that there is no error in the Packet. - the TC Segment Segmentation Flags (in Segment Header) are equal to 11. - the CPDU Packet length is checked to be an even number of octets, greater than or equal to 10 octets and less than or equal to 248 octets: 10 octets ≤ TC Packet length = even number of octets ≤ 248 octets. The CPDU Packet length is read from Packet Header octets 5 and 6. - consistency between the actual number of octets making up the CPDU Packet and the Packet length field. To achieve this, the Packet Header octet 5 is checked to be zero and the Packet Header octet 6 is checked to be consistent with the effective packet length. At this level, if the packet is found to be error-free, it is declared clean and the process continues. Otherwise, the complete CPDU packet is erased. The legal verification process performs the lollowing tests on the Packet Header (see ref 1, Section 8): - the first octet of the Packet Header (version number & type bit & data fields header flag & 3 MSBs of Application Process Identifier) is compared with the value programmed in ROM at address 006. - the second octet (8 LSBs of Application Process Identifier) is compared with the value programmed in ROM at address 007. - in the third octet (sequence flags & 6 MSBs of packet name or sequence count), only the sequence flags field is checked by the PTD to be equal to 11. The packet name or sequence count is not verified, it is only reported in the CPDU status. - the fourth octet (8 LSBs of packet name or sequence count) is not tested since the packet name or sequence count is not verified. It is only reported in the CPDU Status. If the above check succeeds, the TC Packet is declared legal and its Application Data (command instructions) read out and executed as described in the next subsection. If the check fails, the Packet is erased. Processing the Application Data The CPDU receives a segment from the segment layer and stores it for further processing in the CPDU buffer provided in RAM. At the same time, the clean process is performed. This segment duplication is necessary due to delayed command execution. The duration of the transfer is equal to: Td = Nb * Tacc where Nb is the number of octets of the TC segment (including AU tail), and Tacc is the duration of three RAM accesses Read - Write - Read (the last read is used for computing the CRC with data effectively stored in RAM). Tacc can be estimated to 20*Tck (5 µs for a clock frequency of 4 MHz). The application data of the CPDU packet should consist of at least one command instruction in the form of one double octet, or several of such double-octet command instructions, up to the maximum capacity. Each double octet should be formatted as follows: • first octet: specifies one of 256 Command Pulse outputs. The command distribution shall be made by an external demultiplexer (256 possible command pulse outputs). • Second octet: specifies the duration of the Command Pulse to be issued on the specified output as follows: - the 5 MSBs are ignored by the CPDU, - the 3 LSBs specify the duration of the Command Pulse, which is equal to about 2X multiplied by D where X is the value of the 3 LSBs and D = 40960 clock periods for CPDUDIV=0, D = 8192 clock periods for CPDUDIV=1. (see section 5.5 for exact figures.) When there is more than one command instruction in the CPDU Packet, each instruction is executed one after the other in the same sequence as in the packet. The maximum capacity of the CPDU packet is: • 248 octets corresponding to 120 command instructions if the Internal or External Authentication Unit is disabled (AUDIS=1) or if the External Authentication Unit is enabled (AUEXT=1 and AUDIS=0) and AUTSL=1. • 238 octets corresponding to 115 command instructions if the Internal Authentication Unit is enabled (AUEXT=0 and AUDIS=0) or if the External Authentication Unit is enabled (AUEXT=1 and AUDIS=0) and AUTSL=0. For the calibrated pulses being output on the CPDUEN pin, the pulse amplification shall be made by external hardware. The CPDU provides a 16 bit status, CPDUS, that can be fetched by the telemetry system. The different fields of the CPDU status are detailed later. 23/72 MA28140 4.6 TELEMETRY REPORTING General Description Telemetry reporting is essential to the normal operation of the telecommand data communication system. Data Reports are not modified during telemetry readout. In particular they are not affected by the arrival of new report data. If the telemetry interface sampling rate is slower than the rate at which new data reports are generated, a double register mechanism ensures that the complete data report is read out. CLCW Status Report The Command Link Control Word (CLCW) is a standard reporting data structure of the Packet Telecommand System. It is a four-octet word generated by the spacecraft, the PTD generating only the 2 least significant octets of this CLCW which are described hereafter. Bits 0 (MSB) 1 2 3 4 5,6 7 8 - 15 (LSB) Value 0 Meaning No RF Available No Bit Lock Lock Out Wait Retransmit FARM B Counter Report Type Report Value • Report Value. This field is maintained by the FARM-1 and contains the next expected frame sequence number V(R). The first bit to be read in serial mode is Bit 0 (MSB). The interface for reading the CLCW status is specified in section 5.3. CPDU Status Report The CPDU Status report consists of 16 bits of status data formatted as follows: Bits Value 0,1 00 01 10 11 2 - 15 (LSB) all 1 all other values Meaning Cold Start Last TC Packet accepted legal Last TC Packet accepted clean, but erased as not legal Last TC Packet erased as not clean Cold Start Packet Sequence Count (or Name) of last legal CPDU Packet The first bit to be read out in serial mode is Bit 0 (MSB). Legal and Clean concepts are defined previously. The telemetry interface used to read out the CPDU Status Report is fully described in section 5.3. Each CLCW field is specified in the next paragraphs: AU Status Report • No RF Available. This field is dedicated to the Physical Layer, i.e. the RF Transponders. When this field is 1, the RF physical connection is not available through any of the spacecraft transponders. When it is 0, the RF connection is available through at least one of the spacecraft transponders. This information is provided to the PTD by an input pin called RFAVN. The AU Status Report consists of 80 bits (i.e. 10 octets) of status data formatted as follows: • No Bit Lock. This field is dedicated to the Physical layers, and monitors the presence of the spacecraft demodulation. When this field is 1, all the TC Active Signals (0 to 5) are zero at the PTD input pins. When it is 0, at least one of the TC Active signals is set to 1. • Lockout Flag. If 1, this field indicates that the FARM- 1 is in the Lockout state. • Wait Flag. If 1, this field indicates that the FARM- 1 is in a Wait state. • Retransmit Flag. If 1, this field indicates that an AD frame has been lost in transmission or has been discarded because there was no buffer space available. • FARM B counter. This 2 bit field contains a wraparound up-counter (modulo 4) of each TC frame of type BC or BD declared valid by the Legal Frame Validation process, and therefore acceptable by the FARM-1. • Report Type. In the PTD it is always 0 in accordance with reference 1. 24/72 Bits Value 0,1 2 - 31 00 32,33 34 - 63 01 64 65 - 71 72 - 79 (LSB) 0000000 Meaning Permanently set to 00 Current value of the contents of the Principal LAC counter. The LSB of the LAC counter value is in bit 31 Permanently set to 01 Current value of the contents of the auxiliary LAC counter. The LSB of the LAC counter value is in bit 63 Key in use by AU: 0 fixed key in use 1 Programmable key in use Permanently set to 0 (reserved for future use) Current value of the 8 LSBs of the recovery LAC counter. The LSB of the LAC counter value is in bit 79. The first bit to be read in serial mode is bit 0 (MSB). The AU Status report is implemented by using a double register mechanism located in the external RAM. In the case of external AU, the external AU can write the AU Status in RAM. The number of the buffer is given by the AUS pin and the toggling mechanism of the AU Status buffer is locked by the PTD when the signal AUST ( External AU Start) is high. The telemetry interface used to read the AU status report is described in section 5.3. MA28140 Frame Analysis Report The FAR is required for proper testing and check-out of the TC Decoder. The FAR consists of 32 bits of survey data formatted as follows: BI TS 0 (MSB) V ALUE 0 1 000 001 010 011 100 101 110 111 FRAME ANALYSIS Note: The report of the lowest rank (i.e. of lowest 3-bit value) has precedence in case of conflicting states. Abandoned CLTU (see Note 1) Frame declared dirty Frame declared illegal for one reason Frame declared illegal for multiple reasons Frame (AD) discarded because of LOCKOUT Frame (AD) discarded because of WAIT Frame (AD) discarded because of N(S) or V(R) Frame (AD, BD or BC) Accepted by FARM-1 000 001 010 011 100 101 110 111 LEGAL/ILLEGAL FRAME QUALIFIER Not e : When a frame is declared ILLEGAL for multiple reasons, only the reason of the first rank (i.e. of lowest 3-bit value) is reported. The fields mentioned are those of the frame header. No illegal report (or Cold Start) Error in fixed fields (Version & Reserved) Illegal combination (AC) of Bypass & Control Command Flags Wrong Spacecraft ID Wrong VC ID (because of Bits 0 to 4 of ID) Wrong VC ID (because of Bit 5 of ID) N(S) of BC or BD frame not set to all 0 Wrong BC frame data format (not executable) 1,2,3 4,5,6 xxxxxx COUNT OF ACCEPTED CODE BLOCKS PER CLTU Straight 6-bit binary count of correct or single-error-corrected codeblocks in one CLTU; (Cold Start value: 000000) xxx COUNT OF SINGLE-ERROR CORRECTIONS PER CLTU Straight 3-bit binary count, saturates at maximum value, no roll over. (Cold Start value:000) 7 - 12 13,14,15 00 01 10 11 LEGAL FRAME QUALIFIER (4 STATES) AD frame No report on legal frame (or Cold Start) BD frame BC frame xxx SELECTED CHANNEL INPUT (MAXIMUM CAPABILITY : 6 INPUTS) (Cold Start value : 111) 16,17 18,19,20 21 - 26 xxxxxx 27 ME ANI NG STATUS OF SURVEY DATA New survey data (or Cold Start) Old survey data 0 28,29,30 000 001 010 011 LAST MAP ADDRESSED (64 MAPS) (Cold Start value : 111111) RESERVED BY ESA (set to 0) AUTHENTICATION PROCESS ANALYSIS No authentication report (or Cold Start) AUTHORISED SEGMENT QUALIFIER Authorised data segment Authorised (and executable) Authentication Control Command Authorised dummy segment received 25/72 MA28140 BI TS V ALUE 100 101 110 111 31 (LSB) 0 ME ANI NG REJECTED SEGMENT QUALIFIER Error in Signature Error in LAC Wrong format (not executable) of authorised Authentication Control Command (includes Segment Header) Wrong length of TC Segment prior to being authenticated (authorised), i.e. length shorter than 10 octets set to 0 A few specific points need to be detailed: Note 1: The abandoned CLTU state (000) is used to indicate: • the Cold Start • a first TC codeblock of CLTU was abandoned (erased) because of event 4 or event 2 • an event E2(a) channel deactivation occurs (see section 4.1) • an event E2(b) CLTU error occurs (see section 4.1) In the case of an Abandoned CLTU the Legal/lllegal Frame Qualifier (bits 4, 5, 6) is set to 000 and the Legal Frame Qualifier (bits 16, 17) is set to No Report on Legal Frame (01). Note 2: The rejected segment qualifier in the Authentication process analysis has the following prioritisation: • 111 Too short TC segment has the highest precedence, followed by • 100 Error in Signature, followed by • 101 Error in LAC, followed by • 110 Wrong format of AU command or segmentation flags. The FAR is sampled and read by a telemetry interface described in section 5.3. 26/72 MA28140 5. PTD INTERFACES 5.2 MAP INTERFACE 5.1 PHYSICAL CHANNEL INTERFACE The MAP interface allows the PTD to provide the on-board applications with the TC segments stored in the back-end buffer in the RAM. It is possible to transfer full TC segments (including segment header and packet segment) with various lengths, from 1 octet to 249 octets. The first data output is the TC segment header. It is possible for an application to use either a serial or parallel interface to read this TC data. The choice between serial or parallel interface is made with the configuration input pin PAR as follows: Each TC channel consists of 3 input lines: • TCCi : symbol clock input • TCSi : symbol stream input (NRZ-L) • TCAi : channel active indication input The maximum symbol rate with guaranteed operation (using the internal AU) on these channels is 50 kbps. For higher frequency, an incomplete AU process may occur resulting in wrong signature calculation and thus rejected frames. Without AU the symbol rate could be 200 kbps (not guaranteed). At higher frequency, incorrect processing may occur due to insufficient time to perform memory accesses. The interface is composed of 6 TC channels. Figure 10 below gives the timing associated with one of these 6 channels. For unused channels, the TCAi signal should be connected to VSS, and the TCCi and TCSi signals to VDD. The DECOD output is activated when the CLTU decoder state machine is in the decode state (see section 4.1). This output goes high following the detection of a start sequence, and goes low following a codeblock rejection or CLTU error. • PAR = 1; the parallel MAP interface is used (section 5.4) • PAR = 0; the serial MAP interface is used The serial MAP interface consists of 5 signals. • MAPDSR, data set ready output, • MAPDTR, data terminal ready input, • MAPCK, MAP clock output, • MAPDATA, segment data output, • MAPADT, aborted data transfer output. Figure 10: TC Channel Input Timing 27/72 MA28140 In addition, the MAP interface provides the output signal MAPSTN, in order to save the MAP identifier present on the local data bus (LDAT<7..0>) in an external latch. This MAP identifier is used to demultiplex the segment data toward the selected application. The MAPSTN signal can be controlled by the LACK signal. MAPDSR has no effect when MAPDTR output is deasserted. The output frequency for each MAP is programmable and is defined in ROM. For MAP number n, the address of the value X defining the MAP frequency is (hex) 100+n. The MAP output frequency is given by F=fck/[2X], (X is coded on the 4 LSBs and its value varies from 1 to 13; for other values, the output frequency is F = fck/2). For example for a PTD clock frequency of 4 MHz, setting the ROM value to 4 will generate a MAP frequency of 250 kHz. With a system clock frequency fck of 4 MHz, the MAPCK frequency can vary from 488 Hz (X=13) to 2 MHz (X=1). The use of a too low MAP frequency compared to the TC clock frequency may lead to the activation of the WAIT flag if the MAP output of a previous frame is not finished when a new segment arrives. As a rule of thumb, in order to avoid the Wait flag being asserted, the MAP frequency should be at least the TC input bit rate multiplied by 10 when fully variable segment size (by 2 if fixed length). Figure 11 describes the serial interface in three different transfer situations. Serial MAP Interface PTD PAR = 0 N maximum value is 1991 corresponding to a TC segment of 249 octets. Note: The bit 0 is the MSB and shall be transmitted first. Figure 11: Serial MAP Interface 28/72 MAPDSR MAPDTR MAPCK MAPDATA MAPADT APPLICATION MA28140 Example of data transfer with data flow control. N maximum value is 1991 corresponding to a TC segment of 249 octets. Note: For each MAPDTR pulse one octet is transferred. Note: The MAPADT signal is asserted on octet boundaries of the MAP data being transferred. Figure 11: Serial MAP Interface (continued) 29/72 MA28140 • TMMOD = 1; the status (CPDUS, FAR, AUS) reports are fetched with 2 sample signals. 5.3 TELEMETRY INTERFACE The Telemetry interface allows four different reporting words to be retrieved. Both interfaces use the same TMC and TMD signals. When the parallel interface is selected it is not possible to use the TM (and MAP) serial interface, except for the CLCWB interface which can be used in a serial mode even if the PAR signal is set to 1. The protocol for the serial interface is fully compliant with section 4.3 of TTC-B-01 (serial 16 bit digital channel). • the Command Link Control Word (CLCW), • the Command Pulse Distribution Unit Status (CPDUS), • the Frame Analysis Report (FAR), • the Authentication Unit Status (AUS). Serial CLCW Interface It is possible for an application to use either a serial or parallel interface to read these reports. The selection between serial or parallel interface is made with the configuration input pin PAR as follows: The 16 bit Command Link Control Word (CLCW) can be retrieved through this interface. The serial CLCW interface is redundant in order to allow two separate redundant TM encoders to be connected to each TC decoder. Figure 12 shows the serial CLCW telemetry interface. The serial interface is implemented with 3 signal lines: • PAR = 1; the parallel TM interface is used • PAR = 0; the serial TM interface is used • CLCWSA: status sample input, The parallel interface is described in section 5.4. The parallel interface is useful for integrating subsystems comprising both the TC decoder and a processor, without cross-coupling after the TC decoders. The CLCW has its own serial telemetry interface which is redundant in serial mode. The other three reports (CPDUS, FAR, AUS) can be fetched through a common serial interface (clock and data lines) using two or five different sample signals. The selection between using two or five sample signals is made with the configuration input pin TMMOD as follows: • CLCWCA: status clock input, • CLCWDA: status data output. The redundant serial CLCW interface is identical with the nominal serial CLCW interface using the 3 signals: • CLCWSB: status sample input, • CLCWCB: status clock input, • TMMOD = 0; the status (CPDUS, FAR, AUS) reports are fetched with 5 sample signals. • CLCWDB: status data output. PTD CLCWS I/F CLCW Serial Interface CLCWSA CLCWCA CLCWDA APPLICATION Telemetry Systems PAR = 0 Note: The 0 bit is the MSB and is transmitted first. Figure 12: Serial CLCW Telemetry Interface 30/72 MA28140 The sample signal CLCWSA should be activated only once to fetch the entire CLCW word. The serial CLCW interface has been designed to allow the VCM device specified in reference 3 to automatically retrieve the CLCWs without any additional components being required. If one of the CLCW interfaces is not used, the following signals CLCWSx and CLCWCx should be connected to VDD. Activating the CLCWCA (CLCWCB) signal when CLCWSA (or CLCWSB) is deasserted, will generate invalid data output on CLCWDA (or CLCWDB). The sample signal CPDUS needs to be activated only once to fetch the entire CPDUS word. CPDUS, FAR1S, FAR2S, AUS1S and AU2S cannot be asserted simultaneously. If CPDUS, FAR1S, FAR2S, AUS1S and AU2S are not asserted, activating the TMC signal will generate invalid data on the TMD output. If the CPDU status report interface is not used, the CPDUS signal should be connected to VDD. Figure 13 below describes the CPDU telemetry serial interface. CPDU Status Report Interface in 5 Samples Mode Serial FAR Status Report Interface in 5 Samples Mode The 16 bit Command Pulse Distribution Unit Status report can be retrieved through this interface. It is possible for an application to use either a serial or a parallel interface to read out this status report. The serial or parallel mode is selected with the PAR configuration pin of the PTD (see section 5.4). The serial interface in 5 samples mode uses 3 signal lines: The 32 bit Frame Analysis Report can be retrieved through this interface. It is possible for an application to use either a serial or a parallel interface to read out this status report. The serial or parallel mode is selected with the PAR configuration pin of the PTD (see section 5.4). The serial interface in 5 samples mode uses 4 signal lines: • CPDUS: status sample input. • FAR1S: first status sample input, • TMC: status clock input, is also used for FAR and AUS. • FAR2S: second status sample input, • TMD: status data output, is also used for FAR and AUS. • TMC: status clock input, is also used for CPDUS and AUS, • TMD: status data output, is also used for CPDUS and AUS. PTD CPDUS I/F CLCW Status Report Serial Interface CPDUS TMC TMD APPLICATION Telemetry Systems PAR = 0 Note: The 0 bit is the MSB and is transmitted first. Figure 13: CPDU Telemetry Serial Interface 31/72 MA28140 The sample signals FAR1S and FAR2S should be asserted to fetch the 32 bits of FAR. CPDUS, FAR1S, FAR2S, AUS1S and AU2S cannot be asserted simultaneously. If CPDUS, FAR1S, FAR2S, AUS1S and AU2S are not asserted, activating the TMC signal will generate invalid data on the TMD output. If the FAR status report interface is not used, the FAR1S and FAR2S signals should be connected to VDD. Figure 14 describes the FAR telemetry serial interface. Serial AU Status Interface in 5 Samples Mode The 80 bit Authentication Unit Status report can be retrieved through this interface. It is possible for an application to use either a serial or a parallel interface to read out this status report. The serial or parallel mode is selected with the PAR configuration pin of the PTD (ee section 5.4). The serial interface in 5 samples mode is implemented with 4 signal lines: • AU1S: first status sample input, • AU2S: second status sample input, When AU1S is asserted, the pointer for reading out data with AU2S is reset to the second octet of the report. The sample signals AU1S and AU2S should be asserted as described in Figure 15 to fetch the 80 bits of AUS report. CPDUS, FAR1S, FAR2S, AUS1S and AU2S cannot be asserted simultaneously. If CPDUS, FAR1S, FAR2S, AUS1S and AU2S are not asserted, activating the TMC signal will generate invalid data on the TMD output. If the AU status report interface is not used, the AU1S and AU2S signals should be connected to VDD. Figure 15 describes the AUS telemetry serial interface. Serial CPDU, FAR, AU Status Interface in 2 Samples Mode The 16 bit Command Pulse Distribution Unit status report, the 32 bit Frame Analysis report and the 80 bit Authentication Unit status report can be retrieved through this interface. The serial interface in 2 samples mode is implemented with 4 signal lines: • TMC: status clock input, is also used for CPDUS and FAR. • TMD: status data output, is also used for CPDUS and FAR. • CPDUS: first status sample input, • FAR1S: second status sample input, • TMC: status clock input, • TMD: status data output. PTD FAR I/F FAR Status Report Serial Interface FAR1S FAR2S TMC TMD APPLICATION Telemetry System PAR = 0 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 Note: The 0 bit is the MSB and is transmitted first. Figure 14: FAR Telemetry Serial Interface 32/72 24 25 26 27 28 29 30 31 MA28140 PTD AU I/F AU Status Report Serial Interface AU1S AU2S TMC TMD APPLICATION Telemetry System PAR = 0 bit 0-15 bit 16-31 bit 32-47 bit 48-63 bit 64-79 Note: The 0 bit is the MSB and is transmitted first. Figure 15: AUS Telemetry Serial Interface Telemetry Report Serial Interface in 2 Samples Mode CPDUS FAR1S TMC TMD PTD APPLICATION Telemetry System PAR = 0 0 31 0 79 Note: The 0 bit is the MSB and is transmitted first. Figure 16: Telemetry Serial Interface in 2 Sample Mode 33/72 MA28140 When CPDUS is asserted, the pointer for reading out data with FAR1S is reset to the first octet of the FAR. The samples CPDUS and FAR1S should be activated as described in Figure 16 to fetch the 128 bits of status words. The first 16 bits are those of the CPDU status word, to be acquired by asserting the CPDUS signal line. The next 32 bits are those of the FAR status word, to be acquired by signalling on the FAR1S signal line (2 x 16 bits). The last 80 bits are those of the AU status word, to be acquired by additional assertions (5 x 16 bits) of the FAR1S signal line. It is possible to read out only the first 48 bits (CPDU and FAR), e.g. if the AU is not used. FAR1S, AU1S and AU2S do not have any impact in this mode, but should be connected to VDD. 5.4 PARALLEL INTERFACE A parallel interface is provided on the PTD to access the TC segment and the four reporting words: CLCW, CPDUS, FAR and AUS. The parallel mode is selected with the PAR configuration pin of the PTD (the parallel mode is selected when PAR is set to 1). The parallel interface is implemented with the following signals: • PCSN: parallel bus chip select input, • PAD<2..0>: parallel address bus (input), • PRDY: data validation output, • PBUS<15..0>: parallel data bus (output), • MAPDSR: MAP data set ready output, • MAPADT: MAP aborted data transfer output. The PCSN, PAD2, PAD1 and PAD0 signal lines use respectively the CPDUS, FAR1S, FAR2S and AU1S input pins of the serial interface. The application acquires the TC segment and the four reporting words by read cycles. The addressing of these words is as follows: PAD2 0 0 0 0 1 1 1 1 PAD1 0 0 1 1 0 0 1 1 PAD0 0 1 0 1 0 1 0 1 read word MAP segment CPDU status CLCW status MAP status FAR1 status FAR2 status AU1 status AU2 status When the AU1 status is read, the pointer for reading out data with AU2S is reset. The MAP TC segment is read as described in Figure 17. A TC segment is read by consecutive accesses to <000>. Data read when MAPDSR is not asserted is not valid. The TC segment data octet of even rank is output on the 8 MSB of PBUS (the first octet is 00 and therefore even). The TC segment data octet of odd rank is output on the 8 LSB of PBUS. In the case of a TC segment with an odd number of octets, the last 16 bits word output on PBUS contains the last TC segment data octet on the 8 MSB and a non significant 34/72 octet (all bits set to 0) on the 8 LSB. For example, if the TC segment to be output is (hexadecimal) AABBCC, the first word read is AABB and the second one is CC00. After a PCSN assertion, the PRDY output is activated when the data is available on the PBUS output. The PRDY is released when the PCSN signal is deasserted. The PRDY signal will not be asserted if PCSN is asserted and PAD = 000 (MAP segment read) when MAPDSR is inactive. When PCSN is deasserted the PBUS bus is tristated. The MAP status word can be read at any time. The access to this word is identical to the telemetry status word accesses as described in Figure 18. It contains the following information: • PBUS<0>: MAPDSR information (identical to MAP data set ready signal line). • PBUS<1>: ODD/EVEN segment length information (Odd: 1, Even: 0). • PBUS<15..2>: not used (value : 00000000000000). NOTE: only TC segments appearing on MAP 1 to 62 and on MAP 63 when AU is disabled, can be read out using this parallel interface. MAP 0 is not affected by this parallel interface since it is directly connected to the CPDU. The telemetry status word is read as described in Figure 18. The CLCW status word is read using one read cycle where PAD = 010. The CPDU status word is read using one read cycle where PAD = 001. The FAR status words are read with two read cycles: • One read cycle with PAD = 100 for the first 16 bits (FAR1) • One read cycle with PAD = 101 for the last 16 bits (FAR2). The AU status words are read using five read cycles: • One read cycle with PAD = 110 for the first 16 bits (AU1) • Four read cycles with PAD = 111 for the last 64 bits (AU2): bits 16-31, bits 32-47, bits 48-63 and bits 64-79. When the AU1 Status report is read, the pointer for reading out data with AU2 is reset to the second octet of the AU report. The Status of Survey bit is set when FAR2 is read. The following pins have no influence in parallel mode: • MAPDTR (should be connected to VSS), • CLCWSA, CLCWCA (should be connected to VDD), • AU2S (should be connected to VDD), • TMC (should be connected to VDD), • TMMOD (should be connected to VSS), The reports and TC segments cannot be read out in an arbitrary order. The following constraints apply: A FAR2 read out shall not be separated from the previous FAR1 read out by AU1 or AU2 read out. An AU2 read out shall not be separated from a previous AU1 or a previous AU2 read out by FAR1 or FAR2 read out. MA28140 Figure 17: Parallel MAP Interface Figure 18: Parallel Telemetry Read Cycle 5.5 CPDU INTERFACE This interface consists of 3 signal lines: • CPDUSTN: CPDU address strobe output, • CPDUEN: CPDU enable output, • CPDUDIV: CPDU frequency divider input. The CPDU interface provides the output signal CPDUSTN in order to save the CPDU physical channel identifier present on the local data bus LDAT<7..0> in an external latch (no specific LADR address is associated with this data). This CPDU identifier is used to demultiplex the command pulse toward the selected CPDU output. The CPDUSTN signal can be controlled by the LACK input. The CPDUEN signal is representative of the command pulse as far as duration is concerned. The pulse amplification should be made after demultiplexing with external circuitry. The CPDUDIV signal allows division of the pulse length specified in ref 2 by a factor of 5, in order to get a better accuracy. Alternatively, this allows the PTD to be used with a 1MHz clock frequency, instead of a 4 MHz clock. For a 4 MHz clock, the duration D is 10.24 ms if CPDUDIV=0 and 2.048 ms if CPDUDIV=1. The maximum duration (=128xD) is about 1.31 s if CPDUDIV=0, and 262 ms if CPDUDIV=1. The delay between the time at which the packet has been declared Legal and the execution of the command instruction (rising edge of CPDUEN) can be any value between 0.5 D and 1.5 D. The duration between two instructions placed one after the other in the same CPDU packet (from falling edge to rising edge of CPDUEN) corresponds to about D. COMMAND 000 001 010 011 100 101 110 111 PULSE LENGTH (CLOCKS) (CPUDIV=0) 40961 81921 163841 327681 655361 1310721 2621441 5242881 PULSE LENGTH (CLOCKS) (CPUDIV= 1) 8193 16385 32769 65537 131073 262145 524289 1048577 Table 4: CPDU Pulse Lengths 35/72 MA28140 PTD CPDU I/F CPDU Interface CPDUSTN CPDUEN LDAT<7-0> CPDU External Module up to 256 CPDU outputs CPDUDIV Figure 19: CPDU Interface 5.6 LOCAL BUS INTERFACE This interface is used to access the external memory map. It consists of the following signals: • LADR<10..0>: address bus (output), • LDAT<7..0>: data bus (input/output), • RWN: read write output, • LACK: memory acknowledge input, • RAMCSN: RAM chip select output, • ROMCSN: ROM chip select output, • LACCS: chip select output asserted for recovery LAC counter access. The Local bus cycle is started by asserting the RWN and CSN signals and activating the LADR signal. It is ended by asserting LACK signal. If extended access times are not required, LACK can be permanently asserted. This interface provides a bus fault timer which is enabled when CSN signals are active and reset when LACK signal is active. If a reset doesn’t occur within a minimum of 32 Tck (8 us for a 4 MHz clock frequency) and a maximum of 64 Tck (16 us for a 4 MHz clock frequency), the current Local bus cycle is aborted by forcing CSN inactive. The functional timings corresponding to the local bus interface are given in section 8.2. 36/72 5.7 MEMORIES The PTD manages two types of memory: • RAM to temporarily store the received TC data and all protocol variables (counter values, programmable key, ...). The RAM is organized in 2K words of 8 bits. In the case when it is used to store the eight bits of the recovery LAC counter, it should be non volatile. • ROM (1Kx8) to store the mission specific data and the fixed Authentication key. In order to allow the use of slow memories, an acknowledge signal (LACK) is used to indicate when the memory access is completed. In order to save the 8 LSBs of recovery LAC counter in a device different from the RAM, two different chip select signals (RAMCSN and LACCS) are provided for the recovery LAC counter access. Two different modes are provided to manage the LAC counter select signals, these modes are selectable with a configuration pin called AUTSL as follows: • AUTSL = 1: The recovery LAC counter is stored in RAM. The PTD asserts the RAMCSN signal when it performs the recovery LAC counter access. • AUTSL = 0: The recovery LAC counter is stored in a device different from the RAM. The PTD asserts the LACCS signal when it performs the recovery LAC counter access. This non volatile memory could be for example an EEPROM for low radiation requirements or relays for radiation hardened recovery LACs. MA28140 Case 1: RAM is used to store the 8 bits of Recovery LAC counter BACK-UP POWER LADR PTD LDAT AD 8 RWN WE RAMCSN VDD AUTSL VSS AUEXT DAT CS LACCS RAM Case 2: A device different from the RAM is used to store the 8 bits of Recovery LAC counter RAM LADR PTD LDAT AD 8 RWN RAMCSN VSS AUTSL VSS AUEXT NON-VOLATILE DAT DAT WE WE LAC value CS LACCS CS Figure 20: Recovery LAC Value Storage A diagram of two possible implementations is given in Figure 20. The RAM mapping is organized in such a way that the PTD is able to use the following external RAM buffers: • two buffers working in a flip-flop mode between transfer and segmentation layer, respectively called Front End and Back End buffer. • one buffer used by the CPDU interface The buffer management is described in section 4.2. The memory mapping is defined in tables 5 and 6. 37/72 MA28140 RAM Buffer0-(front end/back end) (see note 1) Buffer1-(back end/front end) (see note 1) Programmable key - Knapsack Programmable key - Hashing Internal use (reserved) Free 8 LSB of Recovery LAC Internal use (reserved) Auxiliary LAC Counter - octet 4 LSB Auxiliary LAC Counter - octet 3 Auxiliary LAC Counter - octet 2 Auxiliary LAC Counter - octet 1 MSB Principal LAC Counter - octet 4 LSB Principal LAC Counter - octet 3 Principal LAC Counter - octet 2 Principal LAC Counter - octet 1 MSB Free AUS octet 10 - buffer 0 AUS octet 9 - buffer 0 AUS octet 8 - buffer 0 AUS octet 7 - buffer 0 AUS octet 6 - buffer 0 AUS octet 5 - buffer 0 AUS octet 4 - buffer 0 AUS octet 3 - buffer 0 AUS octet 2 - buffer 0 AUS octet 1 - buffer 0 FAR octet 4 - buffer 0 FAR octet 3 - buffer 0 FAR octet 2 - buffer 0 FAR octet 1 - buffer 0 Free AUS octet 10 - buffer 1 AUS octet 9 - buffer 1 AUS octet 8 - buffer 1 AUS octet 7 - buffer 1 AUS octet 6 - buffer 1 AUS octet 5 - buffer 1 AUS octet 4 - buffer 1 AUS octet 3 - buffer 1 AUS octet 2 - buffer 1 AUS octet 1 - buffer I FAR octet 4 - buffer 1 FAR octet 3 - buffer 1 FAR octet 2 - buffer 1 FAR octet 1 - buffer 1 Free CPDU buffer (see note 2) Free S tart Addre ss 000 100 200 368 370 374 400 401 402 403 404 405 406 407 408 409 40A 410 411 412 413 414 415 416 417 418 419 41A 41B 41C 41D 41E 430 431 432 433 434 435 436 437 438 439 43A 43B 43C 43D 43E 600 700 E nd Addre ss 0FF 1FF 367 36F 373 3FF 400 401 402 403 404 405 406 407 408 409 40F 410 411 412 413 414 415 416 417 418 419 41A 41B 41C 41D 42F 430 431 432 433 434 435 436 437 438 439 43A 43B 43C 43D 5FF 6FF 7FF Note 1: The addresses 000 and 100 contain the buffer length (X) and the first word of the frame are stored at address X and 100+X respectively; the last word is stored at address 001 and 101 respectively. Note 2: The address 600 contains the CPDU buffer length (X) and the first word of the frame is stored at address 600+X, the last word is stored at address 601. Table 5: RAM Mapping 38/72 MA28140 RO M Frame Header octet 1 (see note 3) Frame Header octet 2 (see note 3) Frame Header octet 3 (see note 3) FARM PW' = PW - 1 (see note 4) FARM NW' = 256 - NW (see note 4) Authenticated MAP ID pointer (see note 5) CPDU Packet Header octet 1 and 2 (see note 6) Free MAP frequency table defined in section 5.2 Free Fixed key - Knapsack (see note 7) Fixed key - Hashing (see note 8) Free S tart Addre ss 000 001 002 003 004 005 006 008 100 140 200 368 370 E nd Addre ss 000 001 002 003 004 005 007 0FF 13F 1FF 367 36F 3FF Note 3: These 3 octets contain all the fields of the Frame Header including reserved bits and version bits. Bypass and Control flags (in Frame Header octet 1) form the only field that is not a fixed value: the value of these 2 bits in ROM has no influence on the PTD operation (default value = 00). Note 4: In order to facilitate the implementation of the FARM Sliding Window Concept in the PTD, the values stored in the ROM are not PW and NW but: - PW' = PW - 1 - NW' = 256 - NW The PW' and NW' numbers can be any value between 0 and 255. Note 5: Bits 7 and 6 are not used. Note 6: These 2 octets contain all the field of the Packet Header including version and type bits. Note 7: The Knapsack key mapping is given in Figure 9. Address 200 contains the least significant octet of the first Knapsack coefficient W0. Address 201 contains octet 1 of the first Knapsack coefficient W0, (see example below). Note 8: The Hashing key mapping is given in Figure 9. Address 368 contains the 4 LSBs of the Hashing key stored at the right of the memory octet in the reverse order. Address 369 contains the 8 following bits in the reverse order. Caution: if the Hashing key is read bit by bit starting from the MSB, the memory must be filled from right to left, (see example below). Table 6: ROM Mapping Example An example of ROM programming is given here for a fictitious spacecraft. Note: In the following example 16# indicates hexadecimal, 10# indicates decimal, 2# indicates binary. The value of the spacecraft ID is The value of the virtual channel ID is The value of the Application Process ID is For the FARM-1 process, the values of PW and NW are The Authenication MAP ID Pointer is For the CPDU, the Application Process Identifier is : 16#301 : 16#20 : 16#456 : 10#100 and 10#100 : 16#15 : 16#456 Frame Header octet 1 contains the following fields: Version number : 2#00 in accordance with ref 1 Bypass flag : 0 or 1 (no influence): 0 for example Control Comrnand flag : 0 or 1 (no influence): 0 for example Reserved field A : 2#00 in accordance with ref 1 Spacecraft ID (2 MSBs) : 2#11 The value of the ROM at address 000 is: 16#03 Frame Header octet 2 contains the following field: Spacecraft ID (8 LSBs) : 2#00000001 The value of the ROM at address 001 is: 16#01 Frame Header octet 3 contains the following fields: Virtual Channel ID : 2#100000 Reserved field B : 2#00 in accordance with ref 1 The value of the ROM at address 002 is: 16#80 39/72 MA28140 The calculation of PW’ gives: PW’ = PW - 1 = 100 - 1 = 99—> 16#63 The value of the ROM at address 003 is: 16#63 The calculation of NW’ gives: NW’ = 256 - NW = 256 - 100 = 156—> 16#9C The value of the ROM at address 004 is: 16#9B The authenticated MAP ID is 5 bits long. The 5 LSBs of the ROM value @ address 05 correspond to the authenticated MAP ID, the 3 MSBs can be either 0 or 1 (0 for example). The value of the ROM at address 005 is: 16#15 CPDU Packet Header octet 1 contains the following fields: Version number : 2#000 in accordance with ref 1 Type : 1 for CPDU Data Fields Header flag : 0 for CPDU Application Process ID (3 MSBs) : 2#100 The value of the ROM at address 006 is: 16#14 CPDU Packet Header octet 2 contains the following field: Application Process ID (8 LSBs) : 2#01010110 The value of the ROM at address 007 is: 16#56 The ROM will be programmed as follows: Address Data 000 001 002 003 004 005 006 007 03 01 80 63 9C 15 14 56 Knapsack and Hashing Key If the Knapsack key is (example from ref.2 appendix B2) W0 : 00 01 02 03 04 05 W1 : 06 07 08 09 0A 0B W59 : 62 63 64 65 66 67 And if the Hashing Key is : C0...C59 A AA AA AA AA AA AA AA MSB The ROM will be programmed as follows: 40/72 Address Data 200 201 202 203 204 205 206 207 etc 367 368 369 370 etc 36E 36F 05 04 03 02 01 00 0B 0A etc 62 05 55 55 55 55 55 MA28140 5.8 EXTERNAL AUTHENTICATION INTERFACE This interface is provided to connect the PTD with an external Authentication Unit. The PTD allows the external AU to access the data buffer (described in section 5.7) of the RAM in order to process a TC segment which is to be authenticated. The interface is composed of the following signals: • AUDIS: (input) This signal functions as for the internal AU, disabling the authentication unit. • AUEXT: (input) This signal indicates the use of an external authentication unit. • AUST: (output) This signal indicates that a TC frame has been received and must be authenticated. In this case, AUST is activated a few clock periods after the deactivation of the DECOD output indicating the end of the tail sequence of the frame. • AUBUF: (output) This signal indicates to the external AU which RAM buffer is the back-end buffer containing the TC segment to be authenticated. • BRQN: (input) This signal is the bus request to read or write the buffer from the external AU. It is activated for each external access to memory. • BGRN: (output) This signal is the acknowledge of the PTD to BRQN; the PTD will then tristate its signals connected to the RAM (RAMCSN, ROMCSN, LACCS, RWN, LADR and LDAT). The LACK input has no effect when BGRN output is asserted. • AUEND: (input) AU result validation. This signal indicates the end of the external authentication process and validates the AUR signal. The external AU process starts upon receipt of the rising edge of the AUST signal, which is asserted by the PTD until the AUEND input is asserted indicating that the external AU process is finished. The result of the external authentication is given by the AUR signal (set to 1 for a valid authentication). The total duration of the external AU process plus the duration of the MAP output (if it exists) must be smaller than the duration of the next frame to arrive, measured from the start of the frame to the end of the last valid codeblock. A longer duration may lead to a rise of the FARMB WAIT flag. The result must be given to the PTD before the end of the last valid codeblock of the next frame to arrive, so as not to lock the back-end/front-end buffer toggling mechanism, and the FAR buffer management of the next frame. The external AU can also write the AUS status in the local RAM, in the buffer number given by the AUSBUF output. The PTD locks the toggling mechanism of the AU status buffer while AUST is high in order to prevent data corruption. The external AU can also write bits 28 to 30 of the FAR status by writing the fourth octet of the FAR status in the local RAM, in the buffer number indicated by the FARBUF output. A similar mechanism locks the toggling of the FAR buffer when the AUST output is high. The AUS and FAR buffer update can start when the PTD activates the AUST output and shall be completed when the application asserts the AUEND signal. The local memory interface provides a bus arbiter fault timer. This timer is enabled when BGRN signal is active and reset when BRQN signal is inactive. If a reset does not occur within a minimum of 32 Tck and a maximum of 64 Tck (8 to 16 µs at 4 MHz), the BGRN signal is forced to inactive state. The functional timings corresponding to this interface are given in section 8.2. • AUR: (input) AU result signal. This signal indicates that the received TC frame is authorized or non authorized at the rising edge of AUEND. • AUTSL: (input) AU tail length select signal. This signal allows definition of the length of the AU tail as follows: - AUTSL = 0: The length of the AU tail shall be 9 octets. In this case the 9 last octets of the segment authenticated by the external AU will be deleted by the PTD before transferring the segment to the application. - AUTSL = 1: The length of the AU tail shall be 0 octets. In this case all octets of the segment authenticated by the external AU shall be transfered to the application. • AUSBUF: (output) This signal indicates which AU Status buffer the external AU must update. • FARBUF: (output) This signal indicates which FAR status buffer the external AU must update (the external AU shall update only the bits 28 through 30 of the FAR status). 41/72 MA28140 6. STATE AFTER RESET Asserting the RESETN signal asynchronously forces the local bus interface to avoid bus contention. The master clock should be started before RESETN deassertion. After 2 master clock cycles, the PTD is in a stable state and all its outputs take their cold start value. Deasserting the RESETN signal starts the initialisation phase. After this phase, the PTD registers are initialised. PTD Outputs After the Assertion of RESETN Input - LADR<10..0> - LDAT<7..0> - RWN - RAMCSN - ROMCSN - LACCS - all other outputs at unknown state —> 000 —> ZZ —> 1 —> 1 —> 1 —> 0 PTD Outputs After the Reset Sequence - LADR<10..0> - LDAT<7..0> - RWN - BGRN - RAMCSN - ROMCSN - LACCS - MAPSTN - MAPCK - MAPDSR - MAPDATA - MAPADT - CPDUSTN - CPDUEN - CLCWDA - TMD - CLCWDB - PRDY - PBUS<15..0> - AUST - AUBUF - AUSBUF - FARBUF - SELTC<2..0> - DECOD —> 000 —> ZZ —> 1 —> 1 —> 1 —> 1 —> 0 —> 1 —> 0 —> 0 —> 0 —> 0 —> 1 —> 0 —> 0 —> 0 —> 0 —> 0 —> ZZZZ —> 0 —> 1 —> 0 —> 0 after Reset, 1 after initialization (FAR write) —> 111 —> 0 PTD Outputs After the Initialisation Phase CODING LAYER: The coding layer is ready to receive a frame after the reset. TRANSFER LAYER: The transfer layer initialisation state after reset is the following: • FARM-1 state • FARMB counter • V(R) counter : lockout : 11 : 00000000 The cold start value of the CLCW (2 octets) is X000 (where X can be hexadecimal 2, 6, A or E). The value of the MSB (No RF available) depends on the value of the RFAVN pin. The value of the second MSB (No Bit Lock) depends on the activation of the Tca signals (see section 4.6). AUTHENTICATION LAYER: The cold start initialisation state for the AU layer can be summarized as follows if AUDis = 0 and AUExt = 0: - Key in use - Contents of programmable key - Contents of Principal and Auxiliary LAC Registers - Contents of the Recovery LAC counter 42/72 : fixed key : undefined : all ones : unchanged by the PTD MA28140 The cold start value of the AU Status (10 octets) takes the following value if AUDis = 0 and AUExt = 0: 3FFFFFFF 7FFFFFFF 00XX in hexadecimal The value of the last octet corresponds to that of the 8 LSBs of the recovery LAC, which should be maintained even in the event of loss of power. Thus, this value shall be defined during the system implementation. SEGMENT LAYER: The segment layer is ready to receive a new segment. The MAP outputs are inactive. The cold start value of the FAR (4 octets) is the following: 00007FE0 in hexidecimal. CPDU LAYER: The CPDU layer is ready to receive a new CPDU. The CPDUEN output is inactive. The cold start value of the CPDU status (2 octets) is: 3FFF in hexadecimal. 43/72 MA28140 7. SIGNAL DESCRIPTION In this pin description, first the name of the pin is given, then its type (input (I) or output (O)), and then a brief description. Total input pins Total output pins Total I/O pins Total number of Input, Output and I/O pins : 47 : 51 :8 : 106 Note: Bit numbering convention: for busses, the bit number 0 is considered as the Least Significant Bit (LSB). For strobe signals, it is indicated in the text if they are active on low or high level. Transponder Interface TCC0-TCC5 I TCS0-TCS5 I TCA0-TCA5 I Symbol Clock signals. These signals are only recognised while Channel Active Indication input is asserted. These signals can be asynchronous. Symbol Stream signals. The data should be valid at the falling edge of the TCCi signals. These signals can be asynchronous w.r.t. system clock, but not w.r.t. symbol clock signals. Channel Active Indication signals. These signals serve as enable signals for the Symbol Stream signals. Active high. These signals can be asynchronous. Local Bus Interface LADR<10..0> O LDAT<7..0> I/O RWN O LACK I BRQN I BGRN RAMCSN O O ROMCSN O LACCS O Local Address Bus . This bus is unidirectional and is tristated when the BGRN signal is asserted. LADR<0> is the LSB. Data Bus - This 8 bit data bus is driven as outputs during write cycles and as inputs during read cycles. This bus is tristated when the BGRN signal is asserted. LDAT<0> is the LSB. Read/Write signal. This signal indicates the direction of the data transfer on the Local Bus and is tristated when the BGRN signal is asserted. RWN = 1: read mode. RWN = 0: write mode. Memory acknowledge signal. This signal allows wait state cycles to be inserted for memory (RAM, ROM or LAC) read and write access and for CPDUSTN and MAPSTN outputs. LACK=0 inserts wait states. LACK can be permanently connected to 1 when no wait states are required. This signal can be asynchronous. Active high. Bus request signal. This signal is asserted by an external unit to request the Local Bus (external Authentication Unit for instance). Active low. This signal can be asynchronous. Bus grant signal. This signal is asserted to allow an external unit to use the Local Bus. Active low. Ram chip select signal. This signal is asserted during RAM access and is tristated when the BGRN signal is asserted. It is affected by the LACK input. Active low. Configuration Rom chip select signal. This signal is asserted during Configuration Rom access and is tristated when the BGRN signal is asserted. It is affected by the LACK input. Active low. Non volatile memory select signal. This signal is asserted during recovery LAC counter access and is tristated when BGRN signal is asserted. It is affected by the LACK input. Active high. Map Interface MAPSTN O MAPCK O MAPDSR O MAPDTR I MAPDATA O MAPADT O 44/72 MAP address strobe signal. This signal allows the MAP Demultiplexer circuitry to latch the MAP identifier present on the local data bus. It is affected by the LACK input. Active low. MAP clockout signal. This signal is only activated when both MAPDSR and MAPDTR signals are active. MAP data set ready signal. This output indicates that a TC segment is available for transfer. Active high. MAP data terminal ready signal. This signal indicates that the receiving device is ready to clock in the segment data in serial mode or a segment data sample in parallel mode. Active high. This signal can be asynchronous. MAP segment data serial line. The segment data is clocked out on the falling edge of the MAPCK signal. MAP abort data transfer signal. This output is asserted when the PTD has aborted the transfer of a TC segment. Active high. MA28140 CPDU Interface CPDUSTN O CPDUEN O CPDUDIV I CPDU address strobe signal. This signal allows the CPDU interface to latch the CPDU output address present on the local data bus LDAT<7..0>. It is affected by the LACK input. Active low. CPDU enable signal. This signal provides the command pulse with the appropriate duration. Active high. CPDU clock division selection input. CPDUDIV = 0: the CPDU base clock (corresponding to D) is the system clock CLK divided by 40960. CPDUDIV = 1: the CPDU base clock (corresponding to D) is the system clock CLK divided by 8192. CLCW Interface CLCWSA I CLCWCA I CLCWDA O CLCWSB CLCWCB CLCWDB I I O Nominal CLCW status sample. This signal indicates that the CLCW status is sampled by the telemetry interface. Active low. This signal can be asynchronous Nominal CLCW status clockout signal. This signal is provided to the PTD when CLCWSA signal is active. This signal can be asynchronous Nominal CLCW status data line (serial mode). The data is provided either on the falling edge of CLCWSA or on the falling edge of CLCWCA. Redundant CLCW status sample. Active low. This signal can be asynchronous Redundant CLCW status clockout signal. This signal can be asynchronous Redundant CLCW status data line (serial mode). The data is provided on the falling edge of CLCWSB or on the falling edge of CLCWCB. Telemetry Interface CPDUS/PCSN I FAR1S/PAD2 I FAR2S/PAD1 I AU1S/PAD0 I AU2S I TMC I TMD O CPDU status report sample. This signal indicates that the CPDU status report is sampled by the telemetry interface in serial mode. Active low . This signal has the function parallel bus chip select (PCSN) in parallel mode. This signal can be asynchronous FAR status report first sample. This signal indicates that the first 16 bits of FAR are sampled in serial mode. Active low. This signal has the function bit 2 of parallel address bus (PAD2) in parallel mode. This signal can be asynchronous FAR status report second sample. This signal indicates that the last 16 bits of FAR are sampled in serial mode. Active low. This signal has the function bit 1 of parallel address bus (PAD1) in parallel mode. This signal can be asynchronous AUS status report first sample. This signal indicates that the first 16 bits of AUS are sampled in serial mode. Active low. This signal has the function bit 0 of parallel address bus (PAD0) in parallel mode. This signal can be asynchronous. AUS status report second sample. This signal is used to read out the last 4 bits of the AU staus report by asserting it four times. Active low. This signal can be asynchronous. Common status clockout line used for CPDU, FAR and AUS (serial mode). This signal can be asynchronous. Common status data line for CPDU, FAR and AUS (serial mode). The data is provided on the falling edge of CPDUS, FAR1S, FAR2S, AU1S or AU2S, or after the falling edge of TMC. Parallel Interface PRDY O PBUS<15..0> O Parallel interface control line. This output is asserted when the data selected by PAD<2...0> is available in parallel mode. Active low. Parallel interface data bus PBUS<15..0> (PBUS0 being the LSB). PBUS tristate is controlled by the PCSN input. When PCSN is deasserted PBUS is tristated. 45/72 MA28140 External Authentication Unit Interface AUDIS I AUEXT I AUST O AUBUF O AUEND I AUR I AUTSL I AUSBUF O FARBUF O Internal AU disable signal. This signal allows bypassing of the internal or external authentication unit. The internal and external AU are disabled when AUDIS is high. This signal can be asynchronous External AU select signal. This signal indicates the use of an external authentication unit. The PTD uses the external AU when AUEXT is high and the internal AU when AUEXT is low. This signal can be asynchronous AU start signal. This signal indicates that a TC frame is received and must be authenticated. It remains active as long as the external AU is working; it is deasserted after the activation of the AUEND input. Active high. Buffer indication signal. This signal indicates which back-end buffer contains the TC segment to be authenticated. AUBUF=0: buffer 0 is used AUBUF=1: buffer 1 is used. AU result validation signal. This signal validates the authentication process result given on pin AUR, and indicates the end of the authentication process. This signal can be asynchronous AU result signal. This signal indicates that the received TC frame is authorized or not authorized. AUR=0 indicates a bad authentication result, AUR=1 indicates a valid authentication. This signal can be asynchronous. AU tail length select signal. This signal indicates the length of the tail for segments authenticated with the external AU. - AUTSL = 0: the length of the AU tail is 9 octets - AUTSL = 1: the length of the AU tail is 0 octets. If the internal AU is selected (AUEXT = 0), this signal defines the implementation of the Recovery LAC counter: - AUTSL = 0: the Recovery LAC counter is stored outside the RAM - AUTSL = 1: the Recovery LAC counter is stored in the RAM. AU Status buffer. This output indicates which AU status buffer that the external AU should update. - AUSBUF = 0: AU status buffer 0 - AUSBUF = 1: AU status buffer 1. FAR buffer. This output indicates which FAR status buffer that the external AU should update. - FARBUF = 0: FAR status buffer 0 - FARBUF = 1: FAR status buffer 1. Miscellaneous RFAVN VCLSB I I SELTC<2..0> O DECOD O TMMOD I RESETN PAR I I MODE CONF PRIOR I I I TEST CLK VDD VSS I I I I 46/72 Incoming signal from physical layer, used to generate CLCW report. Active low. Asynchronous. Virtual Channel Identifier LSB (static input). This bit enables differentiation between nominal and redundant decoder, even when using the same Configuration ROM for both decoders. - VCLSB = 1: The ‘VC ID’ LSB read from the ROM is inverted - VCLSB = 0: The ‘VC ID’ LSB read from the ROM is not inverted. Selected TC channel signals. These outputs indicate the last selected TC channel on which the data present in the back-end buffer was received, it does not concern the CLTUs being input. SELTC<0> is the LSB. Decode state signal. This signal indicates that the PTD is in the Decode state (active for all bits after the start sequence until and including the tail sequence); it can be used for a scrambler. TM mode signal. This static signal allows selection of the telemetry serial mode. - TMMOD = 0: the status (CPDUS, FAR, AUS) words are fetched with 5 samples - TMMOD = 1: the status (CPDUS, FAR, AUS) words are fetched with 2 samples. Reset signal. This signal allows the initialization of the PTD. Active low. Parallel or serial interface selecting pin. This static input allows selection of the parallel or serial interface for MAP data and TM data. - PAR = 1: parallel mode is selected - PAR = 0: serial mode is selected. Reserved pin. This static input shall be connected to ground. Reserved pin. This static input shall be connected to ground. Priority mode configuration pin. When this static input is set to 1, the priority mode (TC channels selection) is selected. Test pin for production test only. This static input shall be connected to ground in functional mode. System Clock signal. +5V (12 pins). Ground (14 pins). MA28140 8. ELECTRICAL CHARACTERISTICS AND RATINGS 8.1 DC PARAMETERS Parameter Min Max Units Supply Voltage -0.5 7 V Input Voltage -0.3 VDD+0.3 V Current Through Any Pin -20 +20 mA Operating Temperature -55 125 °C Storage Temperature -65 150 °C Note: Stresses above those listed may cause permanent damage to the device. This is a stress rating only and functional operation of the device at these conditions, or at any other condition above those indicated in the operations section of this specification, is not implied. Exposure to absolute maximum rating conditions for extended periods may affect device reliability. Table 7: Absolute Maximum Ratings Symbol Parameter Conditions VDD VIHC VILC VIHT VILT VOH VOL IPDL IPDH IPUL IPUH IL IOZL IOZH IOPDL IOPDH IDD1 IDD2 Supply Voltage CMOS input high voltage CMOS input low voltage TTL input high voltage TTL input low voltage Output high voltage Output high voltage Input Pull-down current Input Pull-down current Input Pull-up current Input Pull-up current Input leakage current Output leakage current Output leakage current Output Pull-down current Output Pull-down current Static Power supply Current Dynamic Power supply Current IOH = -3.2mA IOL = 5.0mA VDD = 5.5V, VIN = VSS VDD = 5.5V, VIN = VDD VDD = 5.5V, VIN = VSS VDD = 5.5V, VIN = VDD VDD = 5.5V, VIN = VSS or VDD VDD = 5.5V, VOUT = VSS VDD = 5.5V, VOUT = VDD VDD = 5.5V, VIN = VSS VDD = 5.5V, VIN = VDD VDD = 5.5V f = 4MHz, VDD = 5.5V Min. Typ. Max. Units 4.5 0.8 VDD VSS 2 0.9 VDD -30 -30 -150 -30 -10 -50 -50 -50 -50 - 5.0 0.5 20 5.5 VDD 0.2 VDD 0.8 0.1 VDD 30 150 30 30 10 50 50 50 150 20 40 V V V V V V V µA µA µA µA µA µA µA µA µA mA mA Notes: 1. VDD = 5V ±10% over full temperature range. 2. Total dose radiation not exceeding 105 Rads(Si). 3. Mil-Std-883, method 5005, subgroups 1, 2, 3. 4. All outputs are suitable for TTL/CMOS drive. 5. Electro-Static Discharge protection is provided for all pins. 6. Internal pull-up or pull-down resistors should not be relied upon for proper operation and/or termination of input levels under all operating conditions without prior consultation with Dynex Semiconductor. 7. Input and output leakage measurements are guaranteed but not tested at -55°C. Table 8: DC Characteristics Symbol Parameter Conditions CIN COUT Input Capacitance Output Capacitance VI = 0V VI/O = 0V Min. Typ. Max. Units - 3 5 5 7 pF pF NOTE 1: TA = 25˚C and f = 1MHz. Data obtained by characterisation or analysis; not routinely measured. Table 9: Capacitance 47/72 MA28140 8.2 AC CHARACTERISTICS Symbol Parameter Conditions FT Functionality VDD = 4.5 - 5.5V, FREQ = 4MHz VIL = VSS, VIH = VDD, VOL = VOH = VDD/2 Temp. = -55°C to +125°C, GPS Pattern Set MIL-STD-883 5005 subgroups 7, 8A, 8B Table 10: Functionality Symbol Parameter Min. Typ. Max. Units Fck Tck Tcl Tch Clock frequency Clock period Clock low pulse width Clock high pulse width 100 100 1/Fck - 4 - MHz ns ns NOTES. 1. TCK will be used as a reference for the timings. 2. For timings specified as a number of clock cycles, it should be noted that there is a variance of ±10ns caused by the hold time (for inputs only) and different delays for rising and falling signals. 3. It should be noted that a half clock cycle can mean either the longer or shorter time for a clock not having a duty cycle of 50%. 4. VDD = 5V±10% over full temperature range. 5. Total dose radiation not exceeding 105 Rads (sec). 6. Input pulse = VSS to 4V. 7. Measurement reference level = 1.5V. 8. Output load 1 TTL gate and CL = 50pF. 9. Tables 11-25 contain Mil-Std-883, method 5005, subgroups 9, 10, 11. Table 11: Clock Timings 48/72 MA28140 Physical Interface Transponder RF Transponder Interface Channel Active Data Stream Clock PTD : TCA TIMING De scription min typ max Ttc1 * TCA high to first TCC rising 4 Tck Ttc2 * Last TCC falling to TCA low 4 Tck Ttcclk TCC period 20 µs Ttc setup TCS setup to TCC falling 0 ns Ttc hold TCS hold after TCC falling 4 Tck * NOTE: if the required timing is not fulfilled on Ttc1 and Ttc2, there is a risk of loss of the first or last bits. Table 12: Physical Interface Timings 49/72 MA28140 50/72 MA28140 LOWER PRIORITY CHANNEL : TCAy Timing Tp1 Tp2 Tp3 Tp4 Tp5 De scription TCC falling of the last synchro bit to DECOD rising TCC falling of the last bit of the rejected codeblock or of the last bit of codeblock number 38 to DECOD falling TCA deactivated to DECOD falling Timeout on TCC detected to DECOD falling TCA rising on the channel with higher priority to DECOD falling Min Typ Max 3 Tck 3 Tck 3 Tck 3 Tck 3 Tck Table 13: DECOD Output Timings 51/72 MA28140 Serial MAP Interface PTD MAPDSR MAPDTR MAPCK MAPDATA MAPADT APPLICATION Tmaps7 ←→ N maximum value is 1991 (=TC segment of 249 octets) Tmaps1 ↔ Example of data transfer with data flow control for each MAPDTR pulse one octet is being transferred N maximum value is 1991 (=TC segment of 249 octets) 52/72 MA28140 Example of an aborted data transfer. Timing De scription Min Typ Max Tmapst0 (1) (3) MAPSTN low pulse width 1 Tck Tmapst1 LDAT hold after MAPSTN rising 0.5 Tck Tmapst2 MAPST rising to MADSR rising 2 Tck 1 Tmapck + 2 Tck Tmapst3 LDAT setup to MAPSTN falling 0.5 Tck Tmapst4 MAPSTN rising to MAPDATA valid 2 Tck 1 Tmapck + 2 Tck Tmaps1 MAPDTR high to MAPCK rising 0.5 Tmapck 1.5 Tmapck + 1 Tck Tmaps2 (3) MAPCK falling to MAPDSR falling 1 Tmapck Tmaps3 MAPDTR setup to MAPCK falling 2 Tck Tmapck (2) MAPCK period 2 Tck [2 13] Tck Tmapout MAPCK falling to MAPDATA valid -5 ns 10 ns Tmapdtr MAPDTR high pulse width 2 Tck Tmapadt (3) MAPADT high pulse width 2 Tmapck Tmaps4 (3) MAPCK falling to MAPADT rising 1 Tmapck Tmaps5 MAPDSR falling to MAPDSR rising 56 Tck Tmaps6 (3) MAPADT rising to MAPDSR falling 1 Tmapck Tmaps7 (4) MAPDSR rising to MAPCK rising 0.5 Tmapck 1.5 Tmapck Note (1): This timing is specified with no wait state configuration (LACK permanently asserted). The asserting of this signal is identical with the asserting of the RAMCSN signal in a write cycle. Note (2): Tmapck period is programmable as defined in section 5.2. Note (3): These timings are exact with a variance of -10ns to +10ns. Note (4): This timing is for a data transfer with MAPDTR permanently asserted. Table 14: Serial MAP Interface Timings 53/72 MA28140 PTD CLCWS I/F CLCW Serial Interface CLCWSA CLCWCA CLCWDA APPLICATION Telemetry System Timing De scription Min Typ Max Tclcw1 CLCWSA falling to CLCWCA falling 5 Tck Tclcw2 CLCWCA high pulse width between octets 2 Tck Tclcw3 CLCWCA setup to CLCWSA 0 ns Tclcw4 CLCWSA high pulse width 3 Tck Tclcw5 CLCWSA falling to CLCWDA valid (bit 0) 4 Tck Tclcwh CLCWCA high pulse width Tck Tclcwl CLCWCA low pulse width Tck Tclcwca CLCWCA period 4 Tck Tclcwout CLCWCA falling to CLCWDA valid 1 Tck 2 Tck Note: The same timings apply for the redundant CLCW status telemetry interface, which is composed of CLCWSB, CLCWCB, CLCWDB signals. Table 15: CLCW Serial Interface Timings 54/72 MA28140 PTD Timing Tcpdu1 Tcpdu2 Tcpdu3 Tcpdu4 Tcpdu5 Ttmch Ttmcl Ttmc Tcpduout CPDUS I/F CPDU Status Report Serial Interface CPDUS TMC TMD APPLICATION Telemetry System De scription CPDUS falling to TMC falling TMC high pulse width between octets TMC setup to CPDUS CPDUS high pulse width CPDUS falling to TMD valid (bit 0) TMC high pulse width TMC low pulse width TMC period TMC falling to TMD valid Min 6 Tck 2 Tck 0 ns 3 Tck 5 Tck Tck Tck 4 Tck 1 Tck Typ Max 2 Tck Table 16: CPDUS Serial Interface Timings 55/72 MA28140 PTD FAR I/F FAR Status Report Serial Interface FAR1S FAR2S TMC TMD APPLICATION Telemetry System Timing De scription Min Typ Max Tfar1 (1) FARS falling to TMC falling 16 Tck Tfar2 TMC high pulse width between octets 2 Tck Tfar3 TMC setup to FARS 0 ns Tfar4 FAR1S rising to FAR2S falling 2 Tck Tfar5 FAR2S rising to FAR1S falling 4 Tck Tfar6 (1) FARS falling to TMD valid (bit 0) 15 Tck Ttmch TMC high pulse width Tck Ttmcl TMC low pulse width Tck Ttmc TMC period 4 Tck Tfarout TMC falling to TMD valid 1 Tck 2 Tck Note (1): These timings are guaranteed when there is no request for the local bus through the BRQN input. In addition when using slow memories, the local memory accesses may be delayed by using the LACK input of duration d L (defined by the user). In this case Tfar1 and Tfar6 become Tfar1+2d L and Tfar6+2d L. Table 17: FAR Status Report Serial Interface Timings 56/72 MA28140 PTD AU I/F AU Status Report Serial Interface AU1S AU2S TMC TMD APPLICATION Telemetry System Timing De scription Min Typ Max Taus1 (1) AUS falling to TMC falling 16 Tck Taus2 TMC high pulse width between octets 2 Tck Taus3 TMC setup to AUS 0 ns Taus4 AU1S rising to AU2S falling 2 Tck Taus5 AU2S rising to AU2S falling 2 Tck Taus6 AU2S rising to AU1S falling 4 Tck Taus7 (1) AUS falling to TMD valid (bit 0) 15 Tck Ttmch TMC high pulse width Tck Ttmcl TMC low pulse width Tck Ttmc TMC period 4 Tck Tausout TMC falling to TMD valid 1 Tck 2 Tck Note (1): These timings are guaranteed when there is no request for the local bus through the BRQN input. In addition when using slow memories, the local memory accesses may be delayed by using the LACK input of duration d L (defined by the user). In this case Taus1 and Taus6 become Taus1+2d L and Taus7+2d L. Table 18: AU Status Report Serial Interface Timings 57/72 MA28140 Parallel MAP Interface MAPDSR PAD<2..0> PCSN PRDY PBUS<15..0> MAPADT PTD APPLICATION PTD 58/72 TM I/F Status Report Telemetry Parallel Interface PAD<2..0> PCSN PRDY PBUS<15..0> APPLICATION Telemetry System MA28140 Timing Tp1 Tp2 (1) De scription Min Typ Max MAPDSR rising to PCSN falling 0 ns PCSN falling to PRDY rising - for MAP word (1) 2 Tck 17 Tck - for CLCW word 5 Tck - for CPDU status word 7 Tck - for AU and FAR status word (1) 13 Tck Tp3 PCSN high width Tck Tp4 PCSN rising to PRDY falling 39 ns Tp5 PBUS hold after PCSN rising 0 ns Tp6 PBUS valid before PRDY Tck Tp7 PCSN rising to MAPDSR falling 3 Tck 4 Tck Tp8 MAPDSR low pulse width 40 Tck Tp9 (2) MAPADT high pulse width 2 Tck Tp10 PAD setup to PCSN falling Tck Tp11 PAD hold after PCSN rising Tck Tp12 (2) MAPADT rising to MAPDSR falling Tck Tp13 PCSN rising to PBUS tristate 31 ns Tp14 PCSN falling to PBUS asserted 0 ns 55 ns Note (1): These timings are guaranteed when there is no request for the local bus through the BRQN input. In addition when using slow memories, the local memory accesses may be delayed by using the LACK input, two extra delays shall be added to Tp2. Note (2): These timings are exact with a variance of -10ns to +10ns. Table 19: Parallel MAP Interface Timings 59/72 MA28140 PTD CPDU I/F CPDU Interface CPDUSTN CPDUEN LDAT<7..0> CPDU External Module CPDUDIV Timing De scription Min Typ Max Tc1 LDAT setup to CPDUSTN falling 0.5 Tck Tc2 (1) (2) CPDUSTN low pulse width 1 Tck Tc3 LDAT hold after CPDUSTN rising 0.5 Tck Tc4 CPDUSTN falling to CPDUEN rising D/2 - 3 Tck Tc5 (2) CPDUEN falling to CPDUSTN falling D/2 + 1 Tck Tc6 CPDUEN high pulse width D + Tck [2 X]xD + Tck 128D + Tck D (1) CPDUDIV = 0 40960 Tck D (1) CPDUDIV = 1 8192 Tck Note (1): This timing is specified with no wait state configuration (LACK permanently asserted). The asserting of this signal is identical with the asserting of the RAMCSN signal in a write cycle. Note (2): These timings are exact with a variance of -10ns to +10ns. Table 20: CPDU Interface Timings 60/72 MA28140 Timing De scription Min Typ Tr1 CLK rising to LADR valid 0 ns Tr2 CLK falling to RWN valid 0 ns Tr3 CLK rising to CSN asserted 0 ns Tr4 CLK rising to CSN deasserted 0 ns Tr5 CLK falling to RWN invalid 0 ns Tr6 LDAT setup to CSN deasserted 100 ns Tr7 LDAT hold after CSN deasserted 0 ns Tr8 (1) LACK setup to CLK falling 20 ns Tr9 (1) LACK hold after CLK falling 20 ns Tr10 CSN pulse width deasserted 2 Tck Note (1): Violation will lead to uncertainty about the number of wait states inserted. Max 150 ns 57 ns 67 ns 68 ns 57 ns Table 21: Memory Read Timings 61/72 MA28140 Timing Tr12 Tr13 De scription CLK falling to LDAT valid CLK falling to LDAT hi-Z Table 22: Memory Write Timings 62/72 Min 0 ns 0 ns Typ Max 62 ns 40 ns MA28140 Timing De scription Min Typ Max Tar1 (1) BRQN falling to BGRN falling 1.5 Tck 2.5 Tck Tar2 BRQN rising to BGRN rising 1.5 Tck 2.5 Tck Tar3 BGRN falling to Local Bus hi-Z 20 ns Tar4 BGRN rising to Local Bus driven 20 ns Note (1): This timing is dependent on the activity on the local bus. It is defined here for the case when the PTD does not use the local bus. Table 23: Local Bus Arbitration Timings Timing Treset1 Treset2 Treset3 Treset4 De scription ResetN low pulse width ResetN asserted to local bus outputs at cold start values (0,1;Z) ResetN deasserted to PTD outputs at cold start values (0,1;Z) ResetN deasserted to end of initialisation phase: PTD functional Min 5 Tck Typ Max 60 ns 2 Tck 200 Tck Table 24: Reset Timings 63/72 MA28140 Note: In order to use the external authentication unit, the AUDIS and AUEX signals should be set to 0 and 1 respectively. Timing Tau1 Tau2 Tau3 Tau4 Tau5 Tau6 Tau7 De scription AUBUF or AUSBUF or FARBUF setup to AUST rising AUEND rising to AUST falling AUBUF or AUSBUF or FARBUF hold after AUST AUR setup to AUEND rising AUR hold after AUEND rising AUST pulse width deasserted AUEND pulse width asserted Min 2 Tck Typ 2 Tck 0 ns 2 Tck 2 Tck 2 Tck 2 Tck Table 25: External AU Interface Timings Subgroup Definition 1 2 3 7 8A 8B 9 10 11 Static characteristics specified in Table 8 at +25°C Static characteristics specified in Table 8 at +125°C Static characteristics specified in Table 8 at -55°C Functional characteristics specified in Table 10 at +25°C Functional characteristics specified in Table 10 at +125°C Functional characteristics specified in Table 10 at -55°C Switching characteristics specified in Tables 11 to 25 at +25°C Switching characteristics specified in Tables 11 to 25 at +125°C Switching characteristics specified in Tables 11 to 25 at -55°C Table 26: Definition of Subgroups 64/72 Max 3 Tck MA28140 9. PACKAGE DETAILS 9.1 DIMENSIONS Millimetres Ref Inches Min. Nom. Max. Min. Nom. Max. A - - 2.59 - - 0.102 A1 1.37 - 1.88 0.054 - 0.074 b 0.23 - 0.33 0.009 - 0.013 c 0.10 - 0.18 0.004 - 0.007 D1, D2 - - 24.38 - - 0.960 E - - 18.11 - - 0.713 E2 - 20.32 - - 0.800 - e - 0.63 - - 0.025 - L 6.35 - 7.11 0.250 - 0.280 XG533 Seating Plane c A1 A E D1 Pin 1 117 17 L 116 18 b E2 D2 TOP VIEW e 132 Lead 50 84 83 51 65/72 MA28140 9.2 PIN ASSIGNMENT The “type” field gives the type of buffer used in the PTD: CMOS TTL 3STA TTL/CMOS TTL + 3STA for CMOS input for TTL input for tri-state output for TTL/CMOS output for a bidirectional TTL input associated with a tri-state output The “buffer” field gives the name of the GPS MA9000a buffer used in the PTD: CMOSIP TTLIP BOP TRIOUT CSCHMITT for input CMOS buffer for input TTL buffer for TTL/CMOS output buffer for output tristate buffer for input CMOS buffer with Schmitt trigger The “pu/pd” field indicates if an internal pull up or pull down is present in the buffer. Note: Internal pull-up or pull-down resistors should not be relied upon for proper operation and/or termination of input levels under all operating conditions without prior consultation with GPS. Transponde r Inte rface signal TCC0 TCC1 TCC2 TCC3 TCC4 TCC5 TCS0 TCS1 TCS2 TCS3 TCS4 TCS5 TCA0 TCA1 TCA2 TCA3 TCA4 TCA5 66/72 pin 82 79 75 72 68 65 81 78 74 71 67 64 80 77 73 70 66 63 I/ O I I I I I I I I I I I I I I I I I I type CMOS CMOS CMOS CMOS CMOS CMOS CMOS CMOS CMOS CMOS CMOS CMOS CMOS CMOS CMOS CMOS CMOS CMOS pu/ pd PU PU PU PU PU PU PU PU PU PU PU PU PD PD PD PD PD PD buffe r CSCHMITT CSCHMITT CSCHMITT CSCHMITT CSCHMITT CSCHMITT CSCHMITT CSCHMITT CSCHMITT CSCHMITT CSCHMITT CSCHMITT CSCHMITT CSCHMITT CSCHMITT CSCHMITT CSCHMITT CSCHMITT comme nts Symbol Clock signal " " " " " " " " " " " " " " " Symbol Stream signal " " " " " " " " " " " " " " " Channel Active Indication " " " " " " " " " " " " " " " MA28140 Local Bus Inte rface signal LADR<0> LADR<1> LADR<2> LADR<3> LADR<4> LADR<5> LADR<6> LADR<7> LADR<8> LADR<9> LADR<10> LDAT<0> LDAT<1> LDAT<2> LDAT<3> LDAT<4> LDAT<5> LDAT<6> LDAT<7> RWN BRQN BGRN RAMCSN ROMCSN LACCS LACK pin 5 4 3 2 1 132 130 129 128 127 126 16 15 14 13 11 10 9 8 119 116 125 120 121 122 115 I/ O O O O O O O O O O O O I/O I/O I/O I/O I/O I/O I/O I/O O I O O O O I type 3STA 3STA 3STA 3STA 3STA 3STA 3STA 3STA 3STA 3STA 3STA TTL+3STA TTL+3STA TTL+3STA TTL+3STA TTL+3STA TTL+3STA TTL+3STA TTL+3STA 3STA CMOS TTL/CMOS 3STA 3STA 3STA CMOS pu/ pd pin 22 25 26 36 28 23 I/ O O O O I O O type TTL/CMOS TTL/CMOS TTL/CMOS CMOS TTL/CMOS TTL/CMOS pu/ pd I/ O O O I type TTL/CMOS TTL/CMOS CMOS pu/ pd PD PD PD PD PD PD PD PD PU PU buffe r TRIOUT TRIOUT TRIOUT TRIOUT TRIOUT TRIOUT TRIOUT TRIOUT TRIOUT TRIOUT TRIOUT TTLIP+TRIOUT TTLIP+TRIOUT TTLIP+TRIOUT TTLIP+TRIOUT TTLIP+TRIOUT TTLIP+TRIOUT TTLIP+TRIOUT TTLIP+TRIOUT TRIOUT CMOSIP BOP TRIOUT TRIOUT TRIOUT CSCHMITT comme nts Address bus " " " " " " " " " " " " " " " " " " " " Data bus " " " " " " " " " " " " " " Read/Write Bus Request Bus Grant Chip Select RAM Chip Select ROM Recovery LAC access Acknowledge buffe r BOP BOP BOP CSCHMlTT BOP BOP comme nts MAP strobe MAP clockout MAP data set ready MAP data term. ready MAP serial data MAP abort data buffe r BOP BOP CMOSIP comme nts Strobe signal Pulse output Clock dividing Map Inte rface signal MAPSTN MAPCK MAPDSR MAPDTR MAPDATA MAPADT PU CP DU Inte rface signal CPDUSTN CPDUEN CPDUDIV pin 29 30 54 PD 67/72 MA28140 Te le me try Inte rface signal CLCWSA CLCWCA CLCWDA CLCWSB CLCWCB CLCWDB CPDUS FAR1S FAR2S AU1S AU2S TMC TMD pin 47 46 32 45 44 31 43 42 40 39 38 37 33 I/ O I I O I I O I I I I I I O type CMOS CMOS TTL/CMOS CMOS CMOS TTL/CMOS CMOS CMOS CMOS CMOS CMOS CMOS TTL/CMOS pu/ pd PU PU buffe r CSCHMlTT CSCHMlTT BOP CSCHMITT CSCHMITT BOP CSCHMITT CSCHMITT CSCHMITT CSCHMITT CSCHMITT CSCHMITT BOP comme nts CLCW status sample CLCW status clkout CLCW status data Redundant CLCW Redundant CLCW Redundant CLCW CPDU status sample FAR status first sample FAR status last sample AU status first sample AU status second sample CPDU/FAR/AU status clk CPDU/FAR/AU status data I/ O O O O O O O O O O O O O O O O O O type TTL/CMOS 3STA 3STA 3STA 3STA 3STA 3STA 3STA 3STA 3STA 3STA 3STA 3STA 3STA 3STA 3STA 3STA pu/ pd buffe r BOP TRIOUT TRIOUT TRIOUT TRIOUT TRIOUT TRIOUT TRIOUT TRIOUT TRIOUT TRIOUT TRIOUT TRIOUT TRIOUT TRIOUT TRIOUT TRIOUT comme nts Parallel interface control line Parallel interface data bus Parallel interface data bus Parallel interface data bus Parallel interface data bus Parallel interface data bus Parallel interface data bus Parallel interface data bus Parallel interface data bus Parallel interface data bus Parallel interface data bus Parallel interface data bus Parallel interface data bus Parallel interface data bus Parallel interface data bus Parallel interface data bus Parallel interface data bus type CMOS CMOS TTL/CMOS TTL/CMOS CMOS CMOS CMOS TTL/CMOS TTL/CMOS pu/ pd PU PD buffe r CMOSIP CMOSIP BOP BOP CMOSIP CMOSIP CMOSIP BOP BOP comme nts Internal AU bypass signal External AU selection AU Start signal AU buffer signal AU end validation signal AU result signal AU tail length select AU Status Buffer FAR buffer PU PU PU PU PU PU PU PU P aralle l Inte rface signal PRDY PBUS<0> PBUS<1> PBUS<2> PBUS<3> PBUS<4> PBUS<5> PBUS<6> PBUS<7> PBUS<8> PBUS<9> PBUS<10> PBUS<11> PBUS<12> PBUS<13> PBUS<14> PBUS<15> pin 86 106 105 104 103 101 100 99 98 96 95 94 93 91 90 89 88 Authe ntication Inte rface signal AUDIS AUEXT AUST AUBUF AUEND AUR AUTSL AUSBUF FARBUF 68/72 pin 109 113 84 85 112 111 110 50 49 I/ O I I O O I I I O O PD PD PU MA28140 Misce llane ous signal RFAVN VCLSB TMMOD PAR RESETN CLK PRIOR TEST MODE CONF SELTC<0> SELTC<1> SELTC<2> DECOD pin 61 60 58 51 52 53 59 114 57 56 21 20 19 27 I/ O I I I I I I I I I I O O O O type CMOS CMOS CMOS CMOS CMOS CMOS CMOS CMOS CMOS CMOS TTL/CMOS TTL/CMOS TTL/CMOS TTL/CMOS pu/ pd PU PD PD PD PU PU PD PD PD PD buffe r CSCHMITT CMOSIP CMOSIP CMOSIP CSCHMITT CSCHMITT CMOSIP CMOSIP CMOSIP CMOSIP BOP BOP BOP BOP comme nts Physical interface status VCId differentiation TM mode select Parallel/serial selection Reset Clock Priority mode To be connected to VSS To be connected to VSS To be connected to VSS Selected Channel Selected Channel Selected Channel Decode state pin 6 12 18 35 48 62 76 87 97 107 117 124 7 17 24 34 41 55 69 83 92 102 108 118 123 131 I/ O type pu/ pd buffe r comme nts VDD power supply VDD power supply VDD power supply VDD power supply VDD power supply VDD power supply VDD power supply VDD power supply VDD power supply VDD power supply VDD power supply VDD power supply VSS power supply VSS power supply VSS power supply VSS power supply VSS power supply VSS power supply VSS power supply VSS power supply VSS power supply VSS power supply VSS power supply VSS power supply VSS power supply VSS power supply P owe r S upply signal VDD VDD VDD VDD VDD VDD VDD VDD VDD VDD VDD VDD VSS VSS VSS VSS VSS VSS VSS VSS VSS VSS VSS VSS VSS VSS 69/72 MA28140 10. RADIATION TOLERANCE Total Dose Radiation Testing For product procured to guaranteed total dose radiation levels, each wafer lot will be approved when all sample devices from each lot pass the total dose radiation test. The sample devices will be subjected to the total dose radiation level (Cobalt-60 Source), defined by the ordering code, and must continue to meet the electrical parameters specified in the data sheet. Electrical tests, pre and post irradiation, will be read and recorded. GEC Plessey Semiconductors can provide radiation testing compliant with Mil-Std-883 method 1019 Ionizing Radiation (total dose) test. Total Dose (Function to specification)* 1x105 Rad(Si) Transient Upset (Stored data loss) 5x1010 Rad(Si)/sec Transient Upset (Survivability) >1x1012 Rad(Si)/sec Neutron Hardness (Function to specification) >1x1015 n/cm2 Single Event Upset** <1x10-11 Errors/bit day Latch Up Not possible * Other total dose radiation levels available on request ** Worst case galactic cosmic ray upset - interplanetary/high altitude orbit Table 27: Radiation Hardness Parameters 11. ORDERING INFORMATION Unique Circuit Designator Radiation Tolerance MAx28140xxxxx Radiation Hard Processing S 100 kRads (Si) Guaranteed R Q 300 kRads (Si) Guaranteed H 1000 kRads (Si) Guaranteed QA/QCI Process (See Section 9 Part 4) Test Process (See Section 9 Part 3) Package Type F N Flatpack (Solder Seal) Naked Die Assembly Process (See Section 9 Part 2) Reliability Level For details of reliability, QA/QC, test and assembly options, see ‘Manufacturing Capability and Quality Assurance Standards’ Section 9. 70/72 L C D E B S Rel 0 Rel 1 Rel 2 Rel 3/4/5/STACK Class B Class S MA28140 12. SYNONYMS AD Accepted Data Frame (accepted by the FARM) NRZ(-L) Non Return to Zero (Level) ASIC Application Specific Integrated Circuit N(S) Frame Sequence Number of a transmitted TC Frame AU(S) Authentication Unit (Status) NW Negative Window BC Bypass Control Frame PLOP Physical Layer Operation Procedure BD Bypass Data Frame PSK Phase Shift Keying CCSDS Consultative Committee for Space Data Systems PSS Procedures, Specification and Standards CLCW Command Link Control Word PTD Packet Telecommand Decoder CLTU Command Link Transmission Unit PW Positive Window CPDU(S) Command Pulse Distribution Unit (Status) RAM Random Access Memory CRC Cyclic Redundant Code RF Radio Frequency ESA European Space Agency ROM Read Only Memory FAR Frame Analysis Report EEPROM Electrically Erasable Programmable ROM FARM Frame Acceptance and Reporting Mechanism SEU Single Event Upset GPS GEC Plessey Semiconductors SOS Silicon On Sapphire ID Identifier TC Telecommand LAC Logical Authentication Channel TM Telemetry LFSR Linear Feedback Shift Register VC Virtual Channel LSB Least Significant Bit VCM Virtual Channel Multiplexer MAP Multiplexed Access Point V(R) The next expected TC frame sequence number MSB Most Significant Bit W FARM Sliding Window Width (variable of the FARM) NOP No Operation 13. APPLICATIONS Note 1: Failure/Problem Description The CPDU I/F generates continuously false output signals in the event that "External Authentication" and "0 octet AU Trailers" are used (i.e. AUDIS='0', AUEXT='1' and AUTSL='1'). This malfunction is particularly critical for applications using the CPDU I/F for its intended purpose to handle emergency situations. After generating a first sequence or correct output signals, the state machine driving the CPDU I/F will get caught in a never-ending loop of states and continue to generate false (pseudo-random) output signals until the PTD is reset by RESTN='0' or AUDIS='1'. No other command will stop the erroneous outputs of the CPDU I/F. Recommended action by users The following combination of signal states must not be used : AUDIS='0', AUEXT='1' and AUTSL='1'. This can be ensured by either hardwiring on the PCB or appropriate SW provisions. All users are strongly advised to validate the functionality of the CPDU I/F operation for their choice of operation modes. 71/72 MA28140 http://www.dynexsemi.com e-mail: [email protected] HEADQUARTERS OPERATIONS DYNEX SEMICONDUCTOR LTD Doddington Road, Lincoln. Lincolnshire. LN6 3LF. United Kingdom. Tel: 00-44-(0)1522-500500 Fax: 00-44-(0)1522-500550 DYNEX POWER INC. Suite 410, 99 Bank Street, Ottawa, Ontario, Canada K1P 6B9. Tel: 613.723.7035 Fax: 613.723.1518 Toll Free: 1.888.33.DYNEX (39639) CUSTOMER SERVICE CENTRE Tel: +44 (0)1522 500500. Fax: +44 (0)1522 502777 SALES OFFICE Tel: +44 (0)1522 500500. Fax: +44 (0)1522 502777 These offices are supported by Representatives and Distributors in many countries world-wide. © Dynex Semiconductor 2001 Publication No. DS3839-7 Issue No.7.0 September 2001 TECHNICAL DOCUMENTATION – NOT FOR RESALE. PRINTED IN UNITED KINGDOM Datasheet Annotations: Dynex Semiconductor annotate datasheets in the top right hard corner of the front page, to indicate product status. The annotations are as follows:Target Information: This is the most tentative form of information and represents a very preliminary specification. No actual design work on the product has been started. Preliminary Information: The product is in design and development. The datasheet represents the product as it is understood but details may change. Advance Information: The product design is complete and final characterisation for volume production is well in hand. No Annotation: The product parameters are fixed and the product is available to datasheet specification. This publication is issued to provide information only which (unless agreed by the Company in writing) may not be used, applied or reproduced for any purpose nor form part of any order or contract nor to be regarded as a representation relating to the products or services concerned. No warranty or guarantee express or implied is made regarding the capability, performance or suitability of any product or service. The Company reserves the right to alter without prior notice the specification, design or price of any product or service. Information concerning possible methods of use is provided as a guide only and does not constitute any guarantee that such methods of use will be satisfactory in a specific piece of equipment. It is the user's responsibility to fully determine the performance and suitability of any equipment using such information and to ensure that any publication or data used is up to date and has not been superseded. These products are not suitable for use in any medical products whose failure to perform may result in significant injury or death to the user. All products and materials are sold and services provided subject to the Company's conditions of sale, which are available on request. All brand names and product names used in this publication are trademarks, registered trademarks or trade names of their respective owners. 72/72