ISO 7816 Compatible X76F200 2K 256 x 8 bit Secure SerialFlash FEATURES DESCRIPTION • 64-bit Password Security • One Array (240 Bytes) Two Passwords (16 Bytes) —Read Password —Write Password • Programmable Passwords • Retry Counter Register —Allows 8 tries before clearing of the array • 32-bit Response to Reset (RST Input) • 8 byte Sector Write mode • 1MHz Clock Rate • 2 wire Serial Interface • Low Power CMOS —2.0 to 5.5V operation —Standby current Less than 1µA —Active current less than 3 mA • High Reliability Endurance: —100,000 Write Cycles • Data Retention: 100 years • Available in: —8 lead PDIP, SOIC, TSSOP, Smart Card and Smart Card Module The X76F200 is a Password Access Security Supervisor, containing one 1920-bit Secure SerialFlash array. Access to the memory array can be controlled by two 64-bit passwords. These passwords protect read and write operations of the memory array. The X76F200 features a serial interface and software protocol allowing operation on a popular two wire bus. The bus signals are a clock Input (SCL) and a bidirectional data input and output (SDA). The X76F200 also features a synchronous response to reset providing an automatic output of a hard-wired 32-bit data stream conforming to the industry standard for memory cards. The X76F200 utilizes Xicor’s proprietary Direct WriteTM cell, providing a minimum endurance of 100,000 cycles and a minimum data retention of 100 years. Functional Diagram Retry Counter CS CHIP ENABLE DATA TRANSFER Data Transfer SCL SCL SDA SDA ARRAYAccess ACCESS Array ENABLE Enable INTERFACE Interface LOGIC Logic 8K BYTE SerialFlash ARRAY Erase Logic0 ARRAY (PASSWORD PROTECTED) 240 Byte 32 BYTE SerialFlashArray ARRAY EEPROM PASSWORD ARRAY Password Array AND PASSWORD and Password VERIFICATION LOGIC ARRAY 1 (PASSWORD PROTECTED) ISORESET Reset RETRY COUNTER Verification Logic RST RST RESPONSE Register REGISTER Response 7025 FM 01 Xicor, Inc. 1999 Patents Pending 9900-5004.3 1/26/99 EP 1 Characteristics subject to change without notice X76F200 PIN DESCRIPTIONS the nonvolatile write cycle the write operation will be terminated and the part will reset and enter into a standby mode. Serial Clock (SCL) The SCL input is used to clock all data into and out of the device. The basic sequence is illustrated in Figure 1. Serial Data (SDA) SDA is an open drain serial data input/output pin. During a read cycle, data is shifted out on this pin. During a write cycle, data is shifted in on this pin. In all other cases, this pin is in a high impedance state. PIN NAMES Symbol Reset (RST) RST is a device reset pin. When RST is pulsed high the X76F200 will output 32 bits of fixed data which conforms to the standard for “synchronous response to reset”. The part must not be in a write cycle for the response to reset to occur. See Figure 7. If there is power interrupted during the Response to Reset, the response to reset will be aborted and the part will return to the standby state. The response to reset is "mask programmable" only! Description SDA Serial Data Input/Output SCL Serial Clock Input RST Reset Input Vcc Supply Voltage Vss Ground NC No Connect PIN CONFIGURATION PDIP DEVICE OPERATION The X76F200 memory array consists of thirty 8-byte sectors. Read or write access to the array always begins at the first address of the sector. Read operations then can continue indefinitely. Write operations must total 8 bytes. VCC 1 8 RST NC 2 7 SCL NC 3 6 SDA 4 5 NC Vss SOIC Smart Card Module There are two primary modes of operation for the X76F200; Protected READ and protected WRITE. Protected operations must be performed with one of two 8-byte passwords. VSS 1 8 VCC NC 2 7 RST VCC GND SDA 3 6 SCL RST NC NC 4 5 NC SCL SDA NC NC TSSOP The basic method of communication for the device is generating a start condition, then transmitting a command, followed by the correct password. All parts will be shipped from the factory with all passwords equal to ‘0’. The user must perform ACK Polling to determine the validity of the password, before starting a data transfer (see Acknowledge Polling.) Only after the correct password is accepted and a ACK polling has been performed, can the data transfer occur. VCC 1 8 NC 2 7 SCL RST NC 3 6 SDA VSS 4 5 NC After each transaction is completed, the X76F200 will reset and enter into a standby mode. This will also be the response if an unsuccessful attempt is made to access a protected array. To ensure the correct communication, RST must remain LOW under all conditions except when running a “Response to Reset sequence”. Data is transferred in 8-bit segments, with each transfer being followed by an ACK, generated by the receiving device. If the X76F200 is in a nonvolatile write cycle a “no ACK” (SDA=High) response will be issued in response to loading of the command byte. If a stop is issued prior to 2 X76F200 Figure 1. X76F200 Device Operation Start Condition All commands are preceeded by the start condition, which is a HIGH to LOW transition of SDA when SCL is HIGH. The X76F200 continuously monitors the SDA and SCL lines for the start condition and will not respond to any command until this condition is met. LOAD COMMAND/ADDRESS BYTE LOAD 8-BYTE PASSWORD A start may be issued to terminate the input of a control byte or the input data to be written. This will reset the device and leave it ready to begin a new read or write command. Because of the push/pull output, a start cannot be generated while the part is outputting data. Starts are inhibited while a write is in progress. VERIFY PASSWORD ACCEPTANCE BY USE OF ACK POLLING Stop Condition All communications must be terminated by a stop condition. The stop condition is a LOW to HIGH transition of SDA when SCL is HIGH. The stop condition is also used to reset the device during a command or data input sequence and will leave the device in the standby power mode. As with starts, stops are inhibited when outputting data and while a write is in progress. READ/WRITE DATA BYTES Retry Counter The X76F200 contains a retry counter. The retry counter allows 8 accesses with an invalid password before any action is taken. The counter will increment with any combination of incorrect passwords. If the retry counter overflows, the memory area and both of the passwords are cleared to "0". If a correct password is received prior to retry counter overflow, the retry counter is reset and access is granted. Acknowledge Acknowledge is a software convention used to indicate successful data transfer. The transmitting device, either master or slave, will release the bus after transmitting eight bits. During the ninth clock cycle the receiver will pull the SDA line LOW to acknowledge that it received the eight bits of data. The X76F200 will respond with an acknowledge after recognition of a start condition and its slave address. If both the device and a write condition have been selected, the X76F200 will respond with an acknowledge after the receipt of each subsequent eight-bit word. Device Protocol The X76F200 supports a bidirectional bus oriented protocol. The protocol defines any device that sends data onto the bus as a transmitter and the receiving device as a receiver. The device controlling the transfer is a master and the device being controlled is the slave. The master will always initiate data transfers and provide the clock for both transmit and receive operations. Therefore, the X76F200 will be considered a slave in all applications. Clock and Data Conventions Data states on the SDA line can change only during SCL LOW. SDA changes during SCL HIGH are reserved for indicating start and stop conditions. Refer to Figure 2 and Figure 3. 3 X76F200 Figure 2. Data Validity SCL SDA Data Stable Data Change Figure 3. Definition of Start and Stop Conditions SCL SDA Start Condition Stop Condition Table 1. X76F200 Instruction Set Command after Start Command Description Password used 1 0 S4 S3 S2 S1 S00 Sector Write Write 1 0 S4 S3 S2 S1 S0 1 Sector Read Read 1 1 1 1 1 1 0 0 Change Write Password Write 1 1 1 1 1 1 1 0 Change Read Password Write 0 1 0 1 0 1 0 1 Password ACK Command None Illegal command codes will be disregarded. The part will respond with a “no-ACK” to the illegal byte and then return to the standby mode. All write/read operations require a password. PROGRAM OPERATIONS issued which starts the nonvolatile write cycle. If more or less than 8 bytes are transferred, the data in the sector remains unchanged. Sector Write The sector write mode requires issuing the 8-bit write command followed by the password and then the data bytes transferred as illustrated in figure 4. The write command byte contains the address of the sector to be written. Data is written starting at the first address of a sector and eight bytes must be transferred. After the last byte to be transferred is acknowledged a stop condition is ACK Polling Once a stop condition is issued to indicate the end of the host’s write sequence, the X76F200 initiates the internal nonvolatile write cycle. In order to take advantage of the typical 5ms write cycle, ACK polling can begin immediately. This involves issuing the start condition 4 X76F200 followed by the new command code of 8 bits (1st byte of the protocol.) If the X76F200 is still busy with the nonvolatile write operation, it will issue a “no-ACK” in response. If the nonvolatile write operation has completed, an “ACK” will be returned and the host can then proceed with the rest of the protocol. Password ACK Polling Sequence PASSWORD LOAD COMPLETED ENTER ACK POLLING ISSUE START Data ACK Polling Sequence WRITE SEQUENCE COMPLETED ENTER ACK POLLING ISSUE PASSWORD ACK COMMAND ISSUE START ACK RETURNED? ISSUE NEW COMMAND CODE NO YES PROCEED ACK RETURNED? NO YES READ OPERATIONS PROCEED Read operations are initiated in the same manner as write operations but with a different command code. Sector Read With sector read, a sector address is supplied with the read command. Once the password has been acknowledged data may be read from the sector. An acknowledge must follow each 8-bit data transfer. A read operation always begins at the first byte in the sector, but may stop at any time. Random accesses to the array are not possible. Continuous reading from the array will return data from successive sectors. After reading the last sector in the array, the address is automatically set to the first sector in the array and data can continue to be read out. After the last bit has been read, a stop condition is generated without sending a preceding acknowledge. After the password sequence, there is always a nonvolatile write cycle. This is done to discourage random guesses of the password if the device is being tampered with. In order to continue the transaction, the X76F200 requires the master to perform a password ACK polling sequence with the specific command code of 55h. As with regular Acknowledge polling the user can either time out for 10ms, and then issue the ACK polling once, or continuously loop as described in the flow. If the password that was inserted was correct, then an “ACK” will be returned once the nonvolatile cycle in response to the passwrod ACK polling sequence is over. If the password that was inserted was incorrect, then a “no ACK” will be returned even if the nonvolatile cycle is over. Therefore, the user cannot be certain that the password is incorrect until the 10ms write cycle time has elapsed. 5 X76F200 START Figure 4. Sector Write Sequence (Password Required) Host Commands Write Password 0 Wait tWC OR Password ACK Command ACK ACK ACK SDA S ACK X76F200 Response Write Password 7 WRITE COMMAND STOP ... P Wait tWC Data ACK Polling ACK no-ACK ACK ACK S X76F200 Responce ACK Password ACK COMMAND ACK Host Commands ACK START If ACK, Then Password Matches Figure 5. Acknowledge Polling SCL 8th clk. of 8th pwd. byte SDA ‘ACK’ clk 8th clk ‘ACK’ 8th bit ‘ACK’ clk START condition ACK or no ACK START Figure 6. Sector Read Sequence (Password Required) Host Commands Read Password 0 Wait tWC OR Password ACK Command ACK ACK ACK SDA S ACK X76F200 Response Read Password 7 READ COMMAND ... ACK no-ACK S X76F200 Responce STOP Password ACK COMMAND ACK Host Commands ACK START If ACK, Then Password Matches P Data n Data 0 6 X76F200 PASSWORDS standard for “synchronous response to reset”. The part must not be in a write cycle for the response to reset to occur. Passwords are changed by sending the "change read password" or "change write password" commands in a normal sector write operation. A full eight bytes containing the new password must be sent, following successful transmission of the current write password and a valid password ACK response. The user can use a repeated ACK Polling command to check that a new password has been written correctly. An ACK indicates that the new password is valid. After initiating a nonvolatile write cycle the RST pin must not be pulsed until the nonvolatile write cycle is complete. If not, the ISO response will not be activated. If the RST is pulsed HIGH and the CLK is within the RST pulse (meet the tNOL spec.) in the middle of an ISO transaction, it will output the 32 bit sequence again (starting at bit 0). Otherwise, this aborts the ISO operation and the part returns to standby state. If the RST is pulsed HIGH and the CLK is outside the RST pulse (in the middle of an ISO transaction), this aborts the ISO operation and the part returns to standby state. There is no way to read any of the passwords. RESPONSE TO RESET (DEFAULT = 19 20 AA 55) If there is power interrupted during the Response to Reset, the response to reset will be aborted and the part will return to the standby state. A Response to Reset is not available during a nonvolatile write cycle. The ISO Response to reset is controlled by the RST and CLK pins. When RST is pulsed high during a clock pulse, the device will output 32 bits of data, one bit per clock, and it resets to the standy state. This conforms to the ISO Figure 7. Response to RESET (RST) RST SCK 1 0 0 1 1 0 0 0 SO LSB Byte 0 0 0 0 0 1 0 0 MSB LSB 0 0 1 0 1 0 1 0 1 MSB MSB LSB MSB LSB 2 1 1 0 1 0 1 0 1 0 3 ABSOLUTE MAXIMUM RATINGS* *COMMENT Temperature under Bias ..................... –65°C to +135°C Storage Temperature ..........................–65°C to +150°C Voltage on any Pin with Respect to VSS .......................................–1V to +7V D.C. Output Current..................................................5mA Lead Temperature (Soldering, 10 seconds).................................. 300°C Stresses above those listed under “Absolute Maximum Ratings” may cause permanent damage to the device. This is a stress rating only and the functional operation of the device at these or any other conditions above those listed in the operational sections of this specification is not implied. Exposure to absolute maximum rating conditions for extended periods may affect device reliability. 7 X76F200 RECOMMENDED OPERATING CONDITIONS Temp Min. Max. Supply Voltage Limits 0°C +70°C X76F200 4.5V to 5.5V –40°C +85°C X76F200 – 2 2.0V to 5.5V Commercial Industrial D.C. OPERATING CHARACTERISTICS (Over the recommended operating conditions unless otherwise specified.) Symbol Limits Min. Max. Parameter Units ICC1 VCC Supply Current (Read) 1 mA ICC2(3) VCC Supply Current (Write) 3 mA ISB1(1) VCC Supply Current (Standby) 1 µA ISB2(1) VCC Supply Current (Standby) 1 µA ILI ILO VIL(2) VIH(2) VOL Input Leakage Current Output Leakage Current Input LOW Voltage Input HIGH Voltage Output LOW Voltage 10 10 –0.5 VCC x 0.1 VCC x 0.9 VCC + 0.5 0.4 µA µA V V V Test Conditions fSCL = VCC x 0.1/VCC x 0.9 Levels @ 400 KHz, SDA = Open RST = VSS fSCL = VCC x 0.1/VCC x 0.9 Levels @ 400 KHz, SDA = Open RST = VSS VIL = VCC x 0.1, VIH = VCC x 0.9 fSCL = 400 KHz, fSDA = 400 KHz VSDA = VSCC = VCC Other = GND or VCC–0.3V VIN = VSS to VCC VOUT = VSS to VCC IOL = 3mA CAPACITANCE TA = +25°C, f = 1MHz, VCC = 5V Symbol Test COUT(3) CIN(3) Output Capacitance (SDA) Input Capacitance (RST, SCL) Max. Units Conditions 8 6 pF pF VI/O = 0V VIN = 0V NOTES: (1) Must perform a stop command after a read command prior to measurement (2) VIL min. and VIH max. are for reference only and are not tested. (3) This parameter is periodically sampled and not 100% tested. EQUIVALENT A.C. LOAD CIRCUIT A.C. TEST CONDITIONS Input Pulse Levels 5V 3V 1.53KΩ OUTPUT Input Rise and Fall Times 1.3KΩ Input and Output Timing Level Output Load OUTPUT 100pF 100pF 8 VCC x 0.1 to VCC x 0.9 10ns VCC x 0.5 100pF X76F200 AC CHARACTERISTICS (TA = -40˚C to +85˚C, VCC = +2.0V to +5.5V, unless otherwise specified.) Symbol Parameter Min Max Units 0 1 MHz 0.9 µs fSCL SCL Clock Frequency tAA(2) SCL LOW to SDA Data Out Valid 0.1 tBUF Time the Bus Must Be Free Before a New Transmission Can Start 1.2 µs tHD:STA Start Condition Hold Time 0.6 µs tLOW Clock LOW Period 1.2 µs tHIGH Clock HIGH Period 0.6 µs tSU:STA Start Condition Setup Time (for a Repeated Start Condition) 0.6 µs tHD:DAT Data In Hold Time 10 ns tSU:DAT Data In Setup Time tR SDA and SCL Rise Time 20+0.1XCb(1) 300 ns tF SDA and SCL Fall Time 20+0.1XCb(1) 300 ns tSU:STO Stop Condition Setup Time tDH Data Out Hold Time tNOL RST to SCL Non-Overlap tRDV RST LOW to SDA Valid During Response to Reset 0 450 ns tCDV CLK LOW to SDA Valid During Response to Reset 0 450 ns tRST RST High Time 1.5 µs tSU:RST RST Setup Time 500 ns 100 ns 0.6 µs 0 µs 500 ns Notes: 1. Cb = total capacitance of one bus line in pF 2. tAA = 1.1µs Max below VCC = 2.0V. RESET AC SPECIFICATIONS Power Up Timing tPUR (1) (1) tPUW Typ(2) Max. Units Time from Power Up to Read 1 mS Time from Power Up to Write 5 mS Symbol Parameter Min. Notes: 1. Delays are measured from the time VCC is stable until the specified operation can be initiated. These parameters are periodically sampled and not 100% tested. 2. Typical values are for TA = 25˚C and VCC = 5.0V Nonvolatile Write Cycle Timing Symbol tWC (1) Parameter Min. Write Cycle Time Typ.(1) Max. Units 5 10 mS Notes: 1. tWC is the time from a valid stop condition at the end of a write sequence to the end of the self-timed internal nonvolatile write cycle. It is the minimum cycle time to be allowed for any nonvolatile write by the user, unless Acknowledge Polling is used. 9 X76F200 BUS TIMING t HIGH tF t LOW tR SCL tSU:STA t HD:STA tHD:DAT t SU:DAT t SU:STO SDA IN tAA t DH t BUF SDA OUT Write Cycle Timing SCL 8th bit of last byte SDA ACK tWC Stop Condition Start Condition RST Timing Diagram – Response to a Synchronous Reset RST tRST tNOL CLK tRDV I/O tHIGH_RST tNOL 1st clk pulse tSU:RST 2nd clk pulse tCDV 3rd clk pulse tLOW_RST DATA BIT (2) DATA BIT (1) 10 X76F200 Pull Up Resistance in KΩ GUIDELINES FOR CALCULATING TYPICAL VALUES OF BUS PULL UP RESISTORS 100 V CCMAX R MIN = -------------------------- = 1.8 K Ω I OLMIN 80 60 RMAX 40 20 tR R MAX = -----------------C BUS RMIN 20 40 60 80 100 Bus capacitance in pF tR = maximum allowable SDA rise time 11 X76F200 8-LEAD PLASTIC DUAL IN-LINE PACKAGE TYPE P 0.430 (10.92) 0.360 (9.14) 0.260 (6.60) 0.240 (6.10) PIN 1 INDEX PIN 1 0.300 (7.62) REF. HALF SHOULDER WIDTH ON ALL END PINS OPTIONAL 0.060 (1.52) 0.020 (0.51) 0.145 (3.68) 0.128 (3.25) SEATING PLANE 0.025 (0.64) 0.015 (0.38) 0.065 (1.65) 0.045 (1.14) 0.150 (3.81) 0.125 (3.18) 0.020 (0.51) 0.016 (0.41) 0.110 (2.79) 0.090 (2.29) 0.325 (8.25) 0.300 (7.62) 0.015 (0.38) MAX. 0° 15° TYP .0.010 (0.25) NOTE: 1. ALL DIMENSIONS IN INCHES (IN PARENTHESES IN MILLIMETERS) 2. PACKAGE DIMENSIONS EXCLUDE MOLDING FLASH 12 X76F200 8-LEAD PLASTIC SMALL OUTLINE GULL WING PACKAGE TYPE S 0.150 (3.80) 0.158 (4.00) 0.228 (5.80) 0.244 (6.20) PIN 1 INDEX PIN 1 0.014 (0.35) 0.019 (0.49) 0.188 (4.78) 0.197 (5.00) (4X) 7° 0.053 (1.35) 0.069 (1.75) 0.004 (0.19) 0.010 (0.25) 0.050 (1.27) 0.010 (0.25) 0.020 (0.50) X 45° 0.050" TYPICAL 0.050" TYPICAL 0° – 8° 0.0075 (0.19) 0.010 (0.25) 0.250" 0.016 (0.410) 0.037 (0.937) FOOTPRINT NOTE: ALL DIMENSIONS IN INCHES (IN PARENTHESES IN MILLIMETERS) 13 0.030" TYPICAL 8 PLACES X76F200 8-LEAD PLASTIC, TSSOP, PACKAGE TYPE V .025 (.65) BSC .169 (4.3) .252 (6.4) BSC .177 (4.5) .114 (2.9) .122 (3.1) .047 (1.20) .0075 (.19) .0118 (.30) .002 (.05) .006 (.15) .010 (.25) Gage Plane 0° – 8° Seating Plane .019 (.50) .029 (.75) (7.72) Detail A (20X) (4.16) (1.78) .031 (.80) .041 (1.05) (0.42) All MEASUREMENTS ARE TYPICAL See Detail “A” NOTE: ALL DIMENSIONS IN INCHES (IN PARENTHESES IN MILLIMETERS) 14 X76F200 8 CONTACT MODULE 6 CONTACT MODULE 11.4 8 1. 59 10.62 1.31 0.2 1.215 12.6 1.62 1.31 0.2 1 90° 1.62 0.15 1.3 2.54 2.54 35mm TAPE 35mm TAPE 1.422 35 23.02 14.25 4.75 1.422 REJECT PUNCH POSITION 8.82 NOTE: ALL MEASUREMENTS IN MILLIMETERS 15 1.3 X76F200 ORDERING INFORMATION X76F200 X X –X Device VCC Limits Blank = 5V ±10% 2.0 = 2.0V to 5.5V Temperature Range Blank = Commercial = 0°C to +70°C I = Industrial= –40°C to +85°C Package S8 = 8-Lead SOIC P = 8-Lead PDIP V8 = 8-Lead TSSOP H = Die in Waffle Packs W = Die in Wafer Form X = Smart Card Module Part Mark Convention 8-Lead SOIC/PDIP X76F200 X XX Blank = 8-Lead SOIC 8-Lead TSSOP EYWW XXX D = 2.0 to 5.5V, 0 to +70°C E = 2.0 to 5.5V, -40 to +85°C Blank = 4.5 to 5.5V, 0 to +70°C I = 4.5 to 5.5V, -40 to +85°C LIMITED WARRANTY Devices sold by Xicor, Inc. are covered by the warranty and patent indemnification provisions appearing in its Terms of Sale only. Xicor, Inc. makes no warranty, express, statutory, implied, or by description regarding the information set forth herein or regarding the freedom of the described devices from patent infringement. Xicor, Inc. makes no warranty of merchantability or fitness for any purpose. Xicor, Inc. reserves the right to discontinue production and change specifications and prices at any time and without notice. Xicor, Inc. assumes no responsibility for the use of any circuitry other than circuitry embodied in a Xicor, Inc. product. No other circuits, patents, licenses are implied. U.S. PATENTS Xicor products are covered by one or more of the following U.S. Patents: 4,263,664; 4,274,012; 4,300,212; 4,314,265; 4,326,134; 4,393,481; 4,404,475; 4,450,402; 4,486,769; 4,488,060; 4,520,461; 4,533,846; 4,599,706; 4,617,652; 4,668,932; 4,752,912; 4,829, 482; 4,874, 967; 4,883, 976. Foreign patents and additional patents pending. LIFE RELATED POLICY In situations where semiconductor component failure may endanger life, system designers using this product should design the system with appropriate error detection and correction, redundancy and back-up features to prevent such an occurence. Xicor’s products are not authorized for use in critical components in life support devices or systems. 1. Life support devices or systems are devices or systems which, (a) are intended for surgical implant into the body, or (b) support or sustain life, and whose failure to perform, when properly used in accordance with instructions for use provided in the labeling, can be reasonably expected to result in a significant injury to the user. 2. A critical component is any component of a life support device or system whose failure to perform can be reasonably expected to cause the failure of the life support device or system, or to affect its safety or effectiveness. 16