EMMICRO EMTCG256-3G

EM MICROELECTRONIC – MARIN SA
Theseus™ Gold 256 3G
EMTCG256-3G
256KB Flash Smart Card IC + Crypto
Environment
Voltage Class A, B and C : 1.8V, 3-5V supply ± 10%
-25°C to +85°C operating temperature
Max supply current 10 mA at 5.5 V and 30 MHz
Max supply current 6 mA at 3.3 V and 30 MHz
Max supply current 4 mA at 1.8 V and 10 MHz
> 4 KV ESD Protection HBM
I/O
Memory Control
Memory Management Unit (MMU) + HW Firewall
Memory physical access rights management
Extended addressing capability with Java Mode
EEPROM Erase write control
EEPROM Fast program in FLASH Mode 40 µs / Byte
EEPROM Multiple Page Erase up to 128 Bytes
EEPROM Fast write in Flash mode
OTPROM Bank Erase (32KB)
FLASH Block Erase (2KB)
Development kit
Emulation platform (EME4652) fully integrated in Keil
uVision2 Debugger with all debugging facilities
Starter Kit EMSK4600 with uVision2 integration:
OTP, Flash blocks, EEPROM code download
EEPROM data download (personalization)
ISO 7816-3 compliant electrical interface
ISO 7816-3 compliant reset and response T=0 T=1 protocols
Security
OTPROM / Flash block physical access rights
CRC16 module hardware accelerator ISO3309
Unique chip identification number
Notification of tampering
CPU
Out of frequency, voltage, temperature detection
Software compatible CMOS 80X51 industry standard
Internal clock and voltage generation
“far” addressing support extending ‘xdata’ up to 8MB
Accelerated architecture with 16 bit CPU performance level DPA/SPA resistance mechanisms
Security target EAL4+
Linear code / data addressing (no bank switching)
Up to 30 MHz internal CPU clock
Memory
4KB XRAM +256B Internal RAM
Idle Modes
128KB OTPROM 4 blocks of 32KB
Idle and Stop mode selectable modes
64KB FLASH BLOCK 32 blocks of 2KB
NVM operation possible with CPU in idle mode
64KB EEPROM
IO Transmission and Reception with CPU in idle mode
10 year data retention
Max idle current 200 µA
>300k read write cycles
Cryptography Resources
Delivery form
DES / TDES Hardware accelerator
Backlapped and distressed 8” wafers to 180 µm
CBC mode Hardware acceleration
Options: Sawn wafers on frame, Modules
Hardware Random Number Generator FIPS140-2
Applications
Mobile communication : GSM: Phase 2, 2+ WIB, OTA,
WLAN GPRS, UMTS, CDMA, Java Card Platform
Banking, Health, loyalty, membership cards
Block Diagram
SECURITY MODULE
UVD / OVD
UTD / OTD
UFD / OFD
DPA / SPA protections
Power Management System
30MHz on-chip Oscillator
Internal VDD
A, B, C on-chip
Voltage Regulator
Internal RST
Reset Control and
Power-on Reset
Controlled Clock Divider
Random Number
Generator
Fast Architecture
DES / TDES
CBC / EBC
80X51 Core
ISO 7816-3
256 Bytes RAM
CRC16
ISO 3309
Interface 3G
MMU (Memory Management Unit Interface)
4096 Bytes
RAM
64K Bytes
FLASH
BLOCKS
128K Bytes
OTPROM
64K Bytes
EEPROM
Charge Pump: Internal VPP Generation
Copyright  2004, Rev A, EM Microelectronic-Marin SA
1
www.emmicroelectronic.com
EM MICROELECTRONIC – MARIN SA
Theseus™ Gold 256 3G
EMTCG256-3G
Introduction
EMTCG256-3G is a member of the Theseus family of devices
designed specifically for smart card applications. It is software
compatible with the industry standard 8051 micro-controller,
to guarantee the maximum availability of qualified software.
The hardware implementation of the core is a modern design
not relying on microcode, with an increase of up to 4 times on
a standard 8051's clocks per instruction.
Security of the family of devices makes them particularly
suitable in electronic commerce and sensitive data areas.
This is accomplished in hardware, with not only protection
against out of parameter operation of the device, but
hardware memory management to protect against software
security attacks. The CPU clock is derived from its own
internal oscillator, so preventing attacks by clock
manipulation, or extrapolating program execution by
monitoring current variations on clock edges.
The need to support the emerging multifunction cards
requires that the device under software control can download
an application and run it when the device is in the field
embedded in a plastic card. This application can be in the
form of a script to be executed by an interpreter or as a raw
binary directly executed by the processor. The device has to
be protected against the downloading of attack software
designed to corrupt or uncover the working or data contained
in the device. Traditionally this has been a software function,
which relies on the total integrity of the embedded software.
The EMTCG256-3G implements the first level of protection in
hardware. This maximizes the security of the device, and
allows the reusability of developed certified code, by isolating
it from the actual hardware implementation of the device.
This protection mechanism allows for a Secure Operating
System to be embedded into the device at manufacture,
which has access rights to features of the device that are
denied to applications that can be loaded into the device at
manufacture or in the field.
The Secure Operating System allocates to each application
programme, areas of the memory resources of the device.
The hardware then ensures that when the application code is
executing only accesses to these designated spaces are
made.
An extension of application mode has been developed to
facilitate Java Card virtual machine integration.
With up to a 99KB (RAM+FLASH+ROM) of on chip memories
EMTCG256-3G eradicates the need for memory bank
switching either for data and code space. This is maximizing
computing performances as well as code density of you
application allowing Smart Card to integrate more features.
Serial interface
EMTCG256-3G offers a unique serial interface compliant with
the ISO 7816-3 specification with several modes
implemented allowing serial connections at 9600 up to 357K
bits per second at 3.57MHz. EMTCG256-3G supports T=0
asynchronous half duplex character transmission protocol,
T=1 asynchronous half duplex block transmission and a
proprietary T=14 protocol used for fast loading of Code into
the OTP by the card manufacturer. It handles minimum guard
time requirements between characters specified by ISO78163 specification automatically. EMTCG256-3G is designed to
be compatible with the ISO7816-3 specification defining the
characteristics of Integrated Circuit Cards commonly referred
to as smart cards.
DES/TDES
High performance symmetric encryption / decryption
algorithm can be achieved using DES and Triple DES on chip
HW Accelerator, this engine could be used as well in EBC
and CBC modes. The intrinsic security of this DES
implementation can be reinforced using SPA/DPA protection
mechanisms to achieve very high level of security.
Random Number Generator
The on chip random number generator is fully Fips140-2
compliant, providing a rapid stream of truly random numbers.
This allows use of the random numbers generated beyond
just the provision of numbers for randomizing transmissions
or generating keys.
Clocks
EMTCG256-3G has its own internal oscillator this allows the
core of the device to be independent of the external clock.
The processor can also be clocked much faster than the IO
CLK signal. This ensures the elimination of fraudulent attacks
involving frequency jitter and unequal mark space ratios. The
internal clock generator is connected to the core via a divider
that is under the control of the software. This allows the
Operating System writer to control the trade off between
execution speed and power drawn by the device. Extending
battery life in hand help applications where slow interfaces
are involved.
Anti tampering
The EMTCG256-3G has extensive anti tampering provision
including the monitoring of the connection to the device to
ensure that deviations beyond a prescribed criteria result in
the device being closed down before its operating conditions
are violated.
In systems where application isolation is not needed, the
security mechanism acts as a general protection unit trapping
software errors.
On chip voltage regulators
Several on chip regulators isolate the various elements of the
device from variations and fluctuations in the supply voltage.
This allows elements to be characterized precisely, as they
operate at one fixed voltage, which in turn maximizes the
endurance of the device.
Non Volatiles Memories
The use of flash blocks of with 2kB increments configurable
for code or data, allows to address different larger market
range with a single product.
Technology
This product is using superior Flash memory SuperFlash
Technology licensed from SST and SuperFlash is a registered
trademark of SST (Silicon Storage Technology Inc.).
Copyright  2004, Rev A, EM Microelectronic-Marin SA
2
www.emmicroelectronic.com
EM MICROELECTRONIC – MARIN SA
Theseus™ Gold 256 3G
EMTCG256-3G
TECHNICAL DATA
Absolute Maximum Ratings
Parameter
Symbol
Limit Values
min
typical
Unit
max
Supply Operating Volt
Vcc
-0.3
6
Voltage at remaining pin
Vpin
Vss – 0.3
Vcc + 0.3
V
Power dissipation
Ptot
+60
mW
Storage temperature
IccI
+125
°C
-40
V
DC Characteristics
Parameter
Symbol
Limit Values
min
Ambient temperature
TA
-25
Supply Voltage Class A,B
Supply Voltage Class C
Vcc
Vcc
2.7
1.62
Supply Current Class B
Supply Current Class C
Supply Current idle
typical
Unit
max
+85
°C
5.5
1.98
V
V
Icc
6 (Note 1)
mA
Icc
4 (Note 1)
mA
IccI
200 (Note 2)
µA
3/5
1.8
Note 1: The supply current refers to clock frequency of 5 Mhz
Note 2: The supply current at 3.3V and a clock frequency of 1 Mhz, at +25°C
IO pin
Parameter
Symbol
Conditions
min
max
Unit
H input voltage
VIH
IIhmax =±20µA
0.7 * Vcc
Vcc
V
L input voltage
H output voltage (Note 3)
VIL
VOH
-0.3
0.7 * Vcc
0.8
Vcc
V
V
0
0.4
V
1
µS
L output voltage
VOL
IIL max =±20µA
IOhmax = +20µA
IOlmax = -1mA
Rise Fall Time
tr , tF
CIN = COUT = 30pF
Note 3: Assumes 20KΩ Pull up resistor on interface device
Clock (CLK)
Parameter
Condition
Min
Max
Unit
H output voltage
L output voltage
VOH
VOL
IOhmax = +20µA
IOlmax = -20µA
Vcc - 0.7
0
V
V
Rise Fall Time
tr , tF
CIN = COUT = 30pF
Vcc
0.5
9% CLK
period
Symbol
Condition
Min
Max
Unit
H output voltage
VOH
IOhmax = +20µA
Vcc - 0.7
Vcc
V
L output voltage
VOL
0
0.6
V
Rise Fall Time
tr , tF
IOlmax = -20µA
CIN = COUT = 30pF
400
µs
Reset(RST)
Parameter
Symbol
EM Microelectronic-Marin SA cannot assume responsibility for use of any circuitry described other than circuitry
entirely embodied in an EM Microelectronic-Marin SA product. EM Microelectronic-Marin SA reserves the right to
change the circuitry and specifications without notice at any time. You are strongly urged to ensure that the
information given has not been superseded by a more up-to-date version.
© EM Microelectronic-Marin SA, 01/04, Rev. A
Copyright  2004, Rev A, EM Microelectronic-Marin SA
3
www.emmicroelectronic.com