Inv. № 635А
ONE CHIP MICROCONTROLLER FOR
ELECTRONIC TICKETS WITH ENCRYPTION ALGORITHM SUPPORT
FOR AUTHENTICATION PROCEDURE
MIK1K5PTAC
June 2013
1.
1. BASIC CHARACTERISTICS
RF interface in compliance with ISO/IEC 14443A







Contactless data transmission.
Operating distance between the card and the read-write device antenna: up to 100mm (depending on
antenna geometry and read-write device power).
Operating frequency: 13.56 MHz.
Data transfer rate: 106 kbit/s.
Data integrity check during the transmission: 16-bit cyclic checksum (CRC), parity check.
Anticollision algorithm.
Unique 7-byte serial number (Cascade level 2 according to ISO/IEC 14443-3).
EEPROM









1536-bit EEPROM total memory.
1184-bit EEPROM user memory.
Available EEPROM user overwrite/read memory size for 36 pages.
Handling with the first 16 pages of EEPROM is the same as in K5016XC1H4.
Reprogramming block capability of any EEPROM page (serial number is being protected from
reprogramming at delivery).
32 bits one-time programmable data storage page.
16-bit counter.
Data retention: 5 years.
Not less than 10 000 rewrite cycles.
Security





Authentication procedure using 3DES encryption algorithm.
32 bits one-time programmable data storage page.
Reprogramming block capability of any EEPROM page (serial number is being protected from
reprogramming at delivery).
EEPROM area user option that requires an authentication for reading or reading and writing.
7-byte serial number for anti-copying protection of each device.
1
Inv. № 635А
ONE CHIP MICROCONTROLLER FOR
ELECTRONIC TICKETS WITH ENCRYPTION ALGORITHM SUPPORT
FOR AUTHENTICATION PROCEDURE
MIK1K5PTAC
June 2013
2.
GENERAL DESCRIPTION
The controller has been developed in compliance with ISO/IEC 14443A. An exchange protocol level
corresponds to parts 2 and 3 of the ISO/IEC 14443A standard. The controller is a dedicated IC primarily
intended for usage as a contactless single trip ticket in the public transport system.
Contactless energy and data transfer
The controller does not need an outer or battery power supply. The power supply and high-speed data
transmission with 106 kbit/s is implemented by means of a RF exchange when the controller antenna is
positioned near to the reader device antenna.
Anticollision algorithm
An intellectual anticollision function enables the reader device to simultaneously process more than one card.
The anticollision algorithm enables separate selection of each card. It enables to make a transaction with one
selected card so as to avoid another card interference in the field.
The anticollision function is based on an individual controller serial number UID. The controller UID is 7byte long and supports the Cascade level 2 in compliance with ISO/IEC 14443-3.
Security
Individual 7-byte serial number is programmed into each controller in the process of manufacturing. It
cannot be altered and guarantees the uniqueness of each device. This is an effective anticopying protection
mechanism. The serial number can be used for the cryptographic protection of the controller memory data. A
unique ID can be used to make various access keys for appropriate cryptographic systems.
32-bit-one-time programmable area provides for write-once operations, e.g. for a one-time counter. It may
be used for irreversible devalidation of tickets.
The programmable write-protection function for any of 48 pages of EEPROM (e.g., for one one-time
programmable page), except for pages with chip serial number (such pages are write-protected at delivery),
allows fixing data pagewise. This function enables to program the device for dedicated applications in a
unique way.
User data can be protected by user-programmed keys. Protected area access requires the authentication
procedure. In the course of authentication procedure random numbers are encrypted and decrypted using the
keys. User ma preset the area that requires the authentication procedure for access.
The chip contains a 16- bit counter that can be incremented immediately after delivery to any value , then to
the value not exceeding 15 in decimal format. During writing procedure the counter is secured from
shutdown or chip out the field (anti-tearing function). So, writing of values to the counter different from the
old or the new values is impossible.
2
Inv. № 635А
ONE CHIP MICROCONTROLLER FOR
ELECTRONIC TICKETS WITH ENCRYPTION ALGORITHM SUPPORT
FOR AUTHENTICATION PROCEDURE
MIK1K5PTAC
June 2013
FUNCTIONAL DESCRIPTION
CONTROLLER BLOCK-DIAGRAM
The controller microcircuit consists of EEPROM, RF interface and digital control unit. Fig.1 shows a blockdiagram of the controller. Energy and data are transmitted via an antenna, which consists of a coil with
several turns directly connected to a controller chip. No external components are needed.
CONTROL UNIT
Crypto unit РЧ-интерфейсRNG
antenna
РЧинтерфейс
RF interface
Cryption
control
РЧ-интерфейс
unit
Command
РЧ-интерфейс
EEPROM
interface
РЧ-интерфейс
EEPROM
РЧ-интерфейс
interpreter
РЧ-интерфейс
Fig. 1. Controller block-diagram
RADIO-FREQUENCY (RF) INTERFACE includes:
 Modulator/demodulator;
 Rectifier;
 Clock regenerating circuit;
 Power-on reset (POR) circuit;
 Voltage regulator.
CONTROL UNIT includes:
 Crypto unit for data encryption/decryption in compliance with the 3DES algorithm;
 Cryption control unit for implementation of authentication procedures using the crypto unit;
 Command interpreter for identification, verification, ISO 14443-3 protocol command execution and
EEPROM access commands;
 Random number generator (RNG) for random number generation used in the authentication procedure;
 EEPROM interface used by the command interpreter for EEPROM access.
EEPROM
contains 1536 user-available data bits organized in 48 with 4 bytes each. These 1536 data bits include:
 80 data bits reserved for manufacturer;
 32 data bits used for lock-to-read-only;
 32 one-time programmable data bits;
 1152 memory bits available for user overwrite/read.
3
Inv. № 635А
ONE CHIP MICROCONTROLLER FOR
ELECTRONIC TICKETS WITH ENCRYPTION ALGORITHM SUPPORT
FOR AUTHENTICATION PROCEDURE
MIK1K5PTAC
June 2013
Controller functioning algorithm
The commands are fed by a reader, which are then processed by controller’s command interpreter in
accordance with the current state by generating necessary response signals. Fig. shows the controller state
diagram.
PO R
H A LT
ID LE
REQ A
W U PA
W U PA
H LTA
H LTA
REA D
по ад р.
0x00
REA D Y 1
A N TICO LLISIO N CL1
SELECT CL1
REA D Y 2
REA D
по ад р.
0x00
A N TICO LLISIO N CL2
SELECT CL2
A CTIV E
REA D
W RITE
A U TH EN TICA TE
A U TH EN TICA TED
REA D
W RITE
Note: in all states the chip goes over into the IDLE or HALT state, if the chip receives any other command
except for specified. If the chip has previously been in the HALT state, it will go over into the HALT state.
Fig. 2. Controller state diagram
4
Inv. № 635А
ONE CHIP MICROCONTROLLER FOR
ELECTRONIC TICKETS WITH ENCRYPTION ALGORITHM SUPPORT
FOR AUTHENTICATION PROCEDURE
MIK1K5PTAC
June 2013
STATES
IDLE
From [POR] state as a result of reset following a field supply the controller goes over into [IDLE] state. The
controller goes out of this state only after receiving a REQA or a WUPA command from the reader device.
Any other data received in this state is interpreted as an error and the controller stays in the [IDLE] mode.
If the HALT command is executed correctly, the controller goes over into the [HALT] waiting state, of
which the controller can be run out by the WUPA command. Henceforth upon receiving an incorrect
command in any of the states, the controller shall go over into the [HALT] waiting state (not in the [IDLE]
state).
READY1
In this state the controller enables the reader device to carry the first stage of its identification and to receive
the first 3 bytes of controller’s UID serial number by the ANTICOLLISION CL1 command (Anticollision,
Cascade level 1). The controller goes out of this state correctly only upon receiving of SELECT Cascade
Level 1, SELECT CL1 command or READ (from address 0) command.
 After executing the SELECT command of Cascade level 1 the controller goes over into the state
[READY2], in which the second part of anticollision procedure is executable
 By executing the READ command (from address 0) the anticollision procedure may be omitted and
the controller at once jumps over into the [ACTIVE] state.
Note: If there is more than one controller in the reader device field, the READ command execution (from
address 0) shall cause a collision because of different serial numbers of controllers, but in spite of that all
controller devices shall be selected.
Any other commands received in the [READY1] state are interpreted as an error and the controller goes over
to the waiting state ([IDLE] or [HALT] depending upon its previous state).
Controller’s response to the SELECT command of Cascade level 2 is the transmission of the SAK (Select
Acknowledge) byte with 0x04 code. In accordance with ISO/IEC 14443-3 this byte content indicates
whether the anticollision cascade procedure of Cascade Level 1 is ended.
READY2
This state enables to conduct the second stage of controller identification and to receive the rest 4 bytes of
controller’s UID serial number by the ANTICOLLISION command of Cascade level 2. The transition from
this state to the [ACTIVE] state occurs only as a result of receiving of the SELECT command of Cascade
level 2 (SELECT Cascade Level 2, SELECT CL2) or by the READ command (from address 0) as the
transition from the [READY1] state.
Note: If there is more than one controller in the reader device field, the READ command execution (from
address 0) shall cause a collision because of different serial numbers of controllers, but in spite of that all
controller devices shall be selected.
Controller’s response to the SELECT command of Cascade level 2 is the transmission of the SAK (Select
Acknowledge) byte with 0x00 code. In accordance with ISO/IEC 14443-3 this byte content indicates
whether the anticollision cascade procedure is ended. It also defines the type of the device.
5
Inv. № 635А
ONE CHIP MICROCONTROLLER FOR
ELECTRONIC TICKETS WITH ENCRYPTION ALGORITHM SUPPORT
FOR AUTHENTICATION PROCEDURE
MIK1K5PTAC
June 2013
After executing the SELECT command of Cascade level 2 solely selected is the controller, which passed all
the stages of the anticollision procedure and only this controller shall keep on maintaining the
communication with the reader device even if other contactless devices are in the reader device field.
Any other commands received in the [READY2] state are interpreted as an error and the controller goes over
to the waiting state ([IDLE] or [HALT] depending upon its previous state).
ACTIVE
The [ACTIVE] state enables the execution of a set of commands shown in Fig. 2. The correct way of driving
the controller out of this state is executing the HLTA or AUTHENTICATE command. Any other commands
received in this state are interpreted as an error and the controller goes over back into the waiting state
([IDLE] or [HALT] depending upon the previous state).
HALT
The [HALT] state like the [IDLE] state is another waiting state realized in the controller. The controller that
has already been serviced by the reader device can be set into this state by means of the HLTA command.
This state helps the reader with detecting new devices in the field that were not yet communicate. The only
way to drive the controller out of the [HALT] state is transmitting the WUPA command thereto. Any other
data received in this state is interpreted as an error by leaving the controller in that state.
AUTHENTICATED
In this state all EEPROM pages can be accessed thru the authentication procedure.
Exit from this state can be made by the HLTA command or any other command except for commands shown
in the controller state diagram in Fig.2 for this state or command containing an error.
DATA INTEGRITY
So that to ensure a reliable data transmission between the reader device and controller thru the contactless
communication channel the following mechanisms are used:





16-bit cyclic checksum (CRC) per each transmittable block;
Parity bits for each byte;
Bit count checking;
Bit coding for distinguishing “ones”, “zeros” and “no information”;
Channel monitoring (protocol sequence and bit flow analysis).
6
Inv. № 635А
ONE CHIP MICROCONTROLLER FOR
ELECTRONIC TICKETS WITH ENCRYPTION ALGORITHM SUPPORT
FOR AUTHENTICATION PROCEDURE
MIK1K5PTAC
June 2013
RF INTERFACE
Controller’s RF interface corresponds to ISO/IEC 14443A.
The RF field from the reader device must be present permanently (with short pauses during the transmission)
like it is used for supplying power to the card.
For transmitting data from the reader to the controller and back one start bit in the beginning of each frame is
used. Following each byte the controller and the reader transmit a parity bit (“EXCLUSIVE OR” operation
inversion over all bits of one byte). The maximum frame length transmitted during the reader and the
controller communication process is 164 bits (16 data bytes + 2 CRC data bytes = 16 * 9 + 2 * 9 + 1 start
bit). Frames transmitted by the controller may have a fixed or variable length. The controller’s frames with a
fixed length may contain up to 307 bits (32 bytes + 2 CRC bytes = 32 * 9 + 2 * 9 + 1 start bit).
If controller transmits several bytes of memory page, transmitted first is a least significant bit. The same rule
applies for all subsequent pages.
EEPROM ORGANIZATION
1536 EEPROM memory bits available for a user are organized in 48 with 4 bytes each. A chip memory card
is shown in Fig. 3.
7
Inv. № 635А
ONE CHIP MICROCONTROLLER FOR
ELECTRONIC TICKETS WITH ENCRYPTION ALGORITHM SUPPORT
FOR AUTHENTICATION PROCEDURE
MIK1K5PTAC
June 2013
Page address
Decimal
format
Hexadecimal
format
0
1
2
0x00
0x01
0x0 2
3
4
5
0x0 3
0x04
0x05
Byte number in page
1
ВСС
2
3
Serial Number
Serial Number
Control byte
OPB
OPB
4
0 and 1 lock bytes
OPB
OPB
User memory
38
0x26
39
0x27
40
0x28
2 and 3 lock bytes
Unused memory
41
0x29
Counter
Unused memory
42
43
44
45
46
47
0х2А
0x2В
0x2С
0х2D
0x2Е
0x2F
AUTH0
AUTH1
Unused memory
Unused memory
Key
Key
Key
Key
Note: OPB - one-time programmable byte
AUTH0 – authentication byte
AUTH1 – authentication byte 1
Fig. 3. Microcontroller memory structure
8
Inv. № 635А
ONE CHIP MICROCONTROLLER FOR
ELECTRONIC TICKETS WITH ENCRYPTION ALGORITHM SUPPORT
FOR AUTHENTICATION PROCEDURE
MIK1K5PTAC
June 2013
SERIAL NUMBER (UID) AND LOCK BITS
The unique 7-byte serial number (UID) and its two Checksum Bytes are programmed in the first 9 bytes of
the controller memory. Thus the serial number occupies pages 0, 1, and the first byte of page 2. The second
byte of page 2 contains information for internal use used by the chip manufacturer. These 10 bytes are
programmed in the manufacturing process and their alteration is impossible in the user mode.
MSB
LSB
Manufacturer code
Page 0
Page 1
Page 2
Byte
Serial number
(SN0,SN1, SN2)
Serial number
(SN3, SN4, SN5, SN6)
Checksum 1
Checksum 0
Service byte
Lock bytes 1
Lock bytes 0
MSB
LSB
MSB
MSB
Notes: MSB - Most Significant Bit, LSB - Least Significant Bit. Lx bit closes lock-to-read-only
page. BLx-y bit blocks Lx-Ly lock bits
Fig. 4. Serial number, and lock bytes 0 and 1
9
LSB
Inv. № 635А
ONE CHIP MICROCONTROLLER FOR
ELECTRONIC TICKETS WITH ENCRYPTION ALGORITHM SUPPORT
FOR AUTHENTICATION PROCEDURE
MIK1K5PTAC
June 2013
According to ISO/IEC 14443-3 the Checksum byte 0 (BCC0) is defined as a module 2 sum of bytes CT,
SN0, SN1 and SN2. The Checksum byte 1 (BCC1) is defined and a module 2 sum of bytes SN3, SN4, SN5
and SN6. The byte SN0 is used for writing a manufacturer’s code in accordance with ISO/IEC 14443-3 and
ISO/IEC 7816-6 AMD.1.
The bits of byte 2 and 3 of page 2 (in decimal format) are used for locking pages 3 to 15 (in decimal format)
to Read-Only. Each page with x or x-y decimal numbers can be writing-protected individually by setting a
corresponding locking bit Lx or Lx-y. After setting the protection bit corresponding to the page that page is
accessible for read-only.
Three least significant bits of lock byte 0 are bytes used to lock-to-read-only of bits. Bit BL15-10 is used to
lock-to-read-only the lock bits for pages 10 to 15 (in decimal format). Bit BL9-4 is used to lock-to-read-only
the lock bits for pages 4 to 9 (in decimal format). BL3 is used to lock-to-read-only a lock bit for page 3 (in
decimal format).
Page 40 (in decimal format) contains lock bytes 2 and 3 (refer to Fig.5). EEPROM area containing pages
with decimal numbers x-y or x can be writing-protected individually by setting corresponding locking bits
Lx-y or Lx.
Lock bytes also contain bits used to lock-to-read-only the lock bits (BL as specified in Figure). BLx-y or
BLx bit is used to lock-to-read-only the lock bits for pages x to y or x (in decimal format) appropriately.
All lock bytes are one-time programmable.
СLBS
ЗБ
Б а йLock
т б л оByte
к и р о2в к и 2 MBS
М ЗБ
L36- L32- L28- BL28- L24- L20- L16- BL1639 35 31 39 27 23 19 27
С т рPage
а н и ц40
а 40
( д е(dec.)
ся ти ч .)
0
1
2
С ЗLBS
Б
Б а й тLock
б л о кByte
и р о в3к и 3
MBS
М ЗБ
L44BL44L43 L42 L41
BL43 BL42 BL41
47
47
3
ПNotes:
р и м е ч а"Not
н и я : in
« Н use"
е и с п-. »unused
– н е иmemory
с п о л ь з у еarea,
м а я оMSB
б л а с т -ь Most
п а м я тSignificant
и , С З Б - с т Bit,
а р ш иLSB
й з н а-чLeast
а щ и й Significant
б и т , М З Б - Bit,
м л а дLx-y
ший
з bits
н а ч а close
щ и й б the
и т , бpage
и т ы L with
x - y з аdecimal
к р ы в а ю т numbers
с т р а н и ц ы xс to
деy
с я to-read-only,
т и ч н ы м и н о м е Blx-y
р а м и с bits
x п оclose
y о т зthe
а п и сlock
и , б иbits
т ы Bfor
L x - ypages
з а к р ы with
вают
бdecimal
и т ы б л о кnumbers
и р о в к и дxл яto сyт рto-read-only,
а н и ц с д е с я т иLz
ч н ыbits
м и close
н о м е рthe
а м иpage
с x with
п о y aоdecimal
т з а п и с и number
, б и т L z zз to-read-only,
а к р ы в а е т с т р аBlz
н и ц уbitс
десятичны м ном ером z от записи, бит BLz закры вает бит блокировки для страницы с десятичны м ном ером z от
closes the lock bit for the page with a decimal number z to-read-only
записи.
Fig. 5. Lock bytes 2, 3
10
Inv. № 635А
ONE CHIP MICROCONTROLLER FOR
ELECTRONIC TICKETS WITH ENCRYPTION ALGORITHM SUPPORT
FOR AUTHENTICATION PROCEDURE
MIK1K5PTAC
June 2013
ONE-TIME PROGRAMMABLE (OTP) BYTES
Page 3, as well as pages 16 to 18 of the controller memory consist of one-time programmable bytes. In the
manufacturing process the contents of these bytes are set to “0”. When writing into this page the new
contents are bit-wise “OR-ed” between the write data and previous contents of the page, i.e. the setting of
OTP bits to “1” is possible and its changing back to “0” is not.
EXAMPLE
Page 3
Bytes
12
13
Initial state
14
15
One-time programmable
bytes (OTP)
00000000
00000000
00000000
00000000
00000000
00000000
10101010
00000001
1st WRITE Command to OTP page
00000000
00000000
Result
00001111
11111000
2nd WRITE Command to OTP page
10000000
11111010
00000000
00000010
11111010
10101010
00000011
Result
10001111
Fig.6. One-time programmable bytes
CHIP TIME PARAMETERS
Depending on the last bit fed by a reader, the chip frame delay time may have either one or the other value.
Such values also depend on command fed to the chip, as shown in Fig. 8. In this figure, fc = 13.56 MHz.
Frame delay time and command dependence is defined by n value. For commands that require no writing
operations to the chip n value = 9. In this case frame delay time (FDT) shall make ~ 91 ms or ~ 87 ms. If the
command receipt is followed by data writing to the chip EEPROM page containing no one-time
programmable bytes, n = 435 that corresponds to FDT =~ 4.1 ms. If the command receipt is followed by data
writing to the chip EEPROM page containing one-time programmable bytes, n = 205 that corresponds to
FDT = ~ 1.9 ms. If the chip receives the AUTHENTICATE (part 1 or 2) command, n = 90 that corresponds
FDT = ~ 851 ms.
11
Inv. № 635А
ONE CHIP MICROCONTROLLER FOR
ELECTRONIC TICKETS WITH ENCRYPTION ALGORITHM SUPPORT
FOR AUTHENTICATION PROCEDURE
MIK1K5PTAC
June 2013
п о сл е д н и й б и т д а н н ы х, п о д а н н ы й
сч и ты в а ю щ и м устр о й ств о м
pulses
п еFirst
р в ы еchip
и м пmodulation
ул ь сы м о д ул
я ц и и к р и ста л л а
л оLogical
ги ч е ск а "1"
я «1»
к о н е ц к а д р а сч и ты в а ю щ е го
Reader frame
end (E)
устр о й ств а (E )
нChip
а ч а л оframe
к а д р аstart
к р и(S)
ста л л а (S)
л Logical
о ги ч е ск и"0"
й «0»
к о н е цReader
к а д р а сч
и ты вend
а ю щ(E)
е го
frame
устр о й ств а (E )
н аChip
ч а л о frame
к а д р аstart
к р и ста
(S)л л а (S)
Fig. 8. Chip response time
NEGATIVE AND POSITIVE ACKNOWLEDGEMENTS
Negative and positive acknowledgment codes (total length of 4 bits) are shown below.
0xA – a positive acknowledgment. The chip issues such acknowledgment upon successful command receipt
and processing.
0x0 - a negative acknowledgment. The chip issues such acknowledgment if invalid argument is detected in
the command (null or invalid address in the chip, invalid value added to the value in 16-bit counter resulting
to the sum more than 0xFFFF).
0x1 - a negative acknowledgment. The chip issues such acknowledgment in case incorrect CRC or parity bit
detection.
If the write command is not followed by a chip response 0xA, therefore, the writing is failed. The chip reads
by writing address and compares the written value and the value obtained in a writing command.
AUTHENTICATION USING 3DES ENCRYPTION ALGORITHM
The authentication enables two parties to make sure that each of them is aware of the same secret code (key)
and, as a consequence, each party is able to receive or transmit secret data in the course of successive
information exchange. The cryptographic algorithm implemented in a chip, hereinafter referred to as ek
function - 3DES (Triple Data Encryption Standard). The description of Triple DES algorithm is provided in
the document “NIST SP800- 67: Recommendation for the Triple Data Encryption Algorithm (TDEA) Block
Chipher, Version 1.1 May 19, 2008”. The Cypher Block Chaining (CBC) mode is used to transfer many
cipher data blocks. CBC mode description is provided in the document “ISO/IEC 10116: Information
technology - Security techniques - Modes of operation for an n-bit block cipher, February 1, 2006”. Zero
block is used as an Initial Value (IV). The last cipher data block is used as IV for all subsequent blocks.
Authentication procedure steps are shown in Table 1.
Table 1
12
Inv. № 635А
ONE CHIP MICROCONTROLLER FOR
ELECTRONIC TICKETS WITH ENCRYPTION ALGORITHM SUPPORT
FOR AUTHENTICATION PROCEDURE
MIK1K5PTAC
June 2013
Reader
The authentication procedure is always
initiated by a reader. The reader initiates an
authentication
procedure
by
the
AUTHENTICATE command
---
Transmitted data
Command
code,
byte 0x00, 2 CRC
bytes
→
8 bytesek(RndB), 2
CRC bytes
←
Chip
---
The reader generates its own random number,
RndA. RndA in concatenation with RndB’,
i.e. RndA || RndB’ is encrypted by the reader
using a key. A result ek(RndA || RndB’) is
sent to the chip.
---
16
bytes
ek(RndA||RndB’), 2
CRC bytes
→
8 bytes ek(RndA’),
2 CRC bytes
←
The chip decrypts 16 data bytes and verifies
that the random number RndB’ is a result of
“8-bits-left-rotation” of random number RndB
generated by the chip.
Then the chip makes “8-bits-left-rotation” of a
random number RndA generated by the reader
and sends the result ek (RndA’) to the reader.
The reader decrypts 8 data bytes and verifies
that the random number RndA’ is a result of
“8-bits-left-rotation” of random number
RndA generated by the reader. If the result is
unsuccessful, the reader may terminate
exchanging with the chip.
---
---
---
---
The
chip
goes
over
[AUTHENTICATED] state
The chip generates an 8-byte random number
RndB. The random number is encrypted with
a key, and the resulting message ek (RndB) is
sent to the reader.
---
to
the
NOTES:
RndB – chip random number;
RndA – reader random number;
RndB’ – chip random number altered as follows: the most significant byte is removed from a random
number and added to the least significant byte (“8-bits-left-rotation”);
RndB’ – reader random number altered as follows: the most significant byte is removed from a random
number and added to the least significant byte (“8-bits-left-rotation”).
KEY WRITING FOR 3DES ENCRYPTION ALGORITHM TO EEPROM
16 bytes of 3DES keys are written to the memory page from 0x2C to 0x2F (refer to Table 2). Keys can be
written by the WRITE or COMPATIBILITY_WRITE commands. In both command types the least significant
byte is transmitted in the first place.
Table 2
Byte number
Page
address
0x2C (dec. 44)
0x2D (dec. 45)
0x2E (dec. 46)
0x2F (dec. 47)
0
1
2
3
Key 1 / K0
Key 1 / K4
Key 2 / K0
Key 2 / K4
Key 1 / K1
Key 1 / K5
Key 2 / K1
Key 2 / K5
Key 1 / K2
Key 1 / K6
Key 2 / K2
Key 2 / K6
Key 1 / K3
Key 1 / K7
Key 2 / K3
Key 2 / K7
13
Inv. № 635А
ONE CHIP MICROCONTROLLER FOR
ELECTRONIC TICKETS WITH ENCRYPTION ALGORITHM SUPPORT
FOR AUTHENTICATION PROCEDURE
MIK1K5PTAC
June 2013
If, for example, to write the keys Key1 = 0x0001020304050607 and Key2 = 0x08090A0B0C0D0E0F,
execute a sequence of write commands with the following contents:
1)
2)
3)
4)
Address 0x2C, data 0x07060504;
Address 0x2D, data 0x03020100;
Address 0x2E, data 0x0F0E0D0C;
Address 0x2F, data 0x0B0A0908.
Contents of 4 EEPROM pages following the execution of the above operations will be as shown in Table 3.
Table 3
Byte number 0
Page
address
0x2C (dec. 44)
0x2D (dec. 45)
0x2E (dec. 46)
0x2F (dec. 47)
0x07
0x03
0x0F
0x0B
1
2
3
0x06
0x02
0x0E
0x0A
0x05
0x01
0x0D
0x09
0x04
0x00
0x0C
0x08
14
Inv. № 635А
ONE CHIP MICROCONTROLLER FOR
ELECTRONIC TICKETS WITH ENCRYPTION ALGORITHM SUPPORT
FOR AUTHENTICATION PROCEDURE
MIK1K5PTAC
June 2013
EEPROM CONTENTS AT DELIVERY
The values shown in Table 4 are written during the chip delivery to EEPROM. Initial EEPROM state enables
the user to write any information to any area available for overwriting, even if a user doesn’t know the
contents of pages with keys (these pages cannot be read). Zero values are written to the lock bytes, thereby
none of locked pages is locked. The counter contains a zero value.
Table 4
Page address
Decimal format
Hexadecimal
format
0
0x00
1
0x01
2
0x02
3
0x03
4…39
0x04…0x27
40
0x28
41
0x29
42
0x2A
43
0x2B
44
0x2C
45
0x2D
46
0x2E
47
0x2F
*non-writable
Byte number
0
1
2
3
SN0*
SN3*
Checksum 1*
0x00
0x00
0x00
0x00
0x30
0x00
0xFF
0xFF
0xFF
0xFF
SN1*
SN4*
Control byte*
0x00
0x00
0x00
0x00
0x00*
0x00*
0xFF
0xFF
0xFF
0xFF
SN2*
SN5*
0x00
0x00
0x00
0x00*
0x00*
0x00*
0x00*
0xFF
0xFF
0xFF
0xFF
Checksum 0*
SN6*
0x00
0x00
0x00
0x00*
0x00*
0x00*
0x00*
0xFF
0xFF
0xFF
0xFF
COUNTER
A 16-bit counter is located on the 41st page (address 0x29) of EEPROM. Its contents are 0x0000 at delivery.
Writing of a 16-bit value different from 0x0000 to a counter storing a value 0x0000, results in a counter
value fed to the write command. For example, if a value 0xABCDFFFF (from the address 0x29) is fed to the
write command, a value 0xABCD0000 will be read during the subsequent reading (2 bytes are non-writable).
When changing a counter value there is no need to move the chip out the field (field disabling and sequential
enabling) or transition of a chip to the [IDLE] or [HALT] state. The counter value is changed immediately
following a command (actually when a chip answers 0xA). If the counter value differs from 0x0000, a value
increases by not more than 0x000F per single operation. In other words if, e.g., a counter stores the value
0x0100, its value may be increased by 0x0F00 resulting in 0x1000. If the value 0xAFBC is fed, the resulting
value will also be 0x1000, as all bits except for 4 LSBs of zero byte are skipped. The chip is secured from
chip out the field (or field disabling) while increasing a counter value. The field might be disabled, or the
chip might be taken out of the field in any moment, but it will not store a value different from an old or a
new value in the counter.
EEPROM MEMORY ACCESS RESTRICTION
The chip user may restrict access to selected memory area so that it will require successful completion of the
authentication procedure using 3DES encryption algorithm. Area selection and reading authorization from
the area without authentication should be made by writing the value in bytes AUTH0 and AUTH1 available
in zero bytes of pages 0x2A, 0x2B.
An address of the first page of memory area is stored in authentication byte 0, AUTH0, and may be accessed
(read or write) only from the [AUTHENTICATED] state. Whereby 0x2F is the last page address in
15
Inv. № 635А
ONE CHIP MICROCONTROLLER FOR
ELECTRONIC TICKETS WITH ENCRYPTION ALGORITHM SUPPORT
FOR AUTHENTICATION PROCEDURE
MIK1K5PTAC
June 2013
hexadecimal format. If AUTH0 > 0x2F, all memory between addresses 0x00 and 0x2F is available to the
user both in the [AUTHENTICATED] state, and the [ACTIVE] state (writing is only available for keyoccupied area). The area occupied by the key cannot be read.
Enabling or disabling of lock-to-read-only function defined by AUTH0 byte in all states except for
[AUTHENTICATED] depends on a bit value (the least significant bit of authentication byte 1 AUTH1). If
the least significant bit of authentication byte AUTH1 = 1, writing in the area bounded by AUTH0 byte in
the [ACTIVE] state is disabled, and reading is enabled. If the least significant bit of authentication byte
AUTH1 = 0, writing and reading in the area bounded by AUTH0 byte in the [ACTIVE] state is disabled.
DATA READING
Data reading is made by the READ command. The READ command frame contains the following bytes:
command code, EEPROM address, 2 CRC bytes. In response to the command a chip issues 16 bytes stored
in 4 EEPROM pages starting from the page with specified address. If the chip is in the [ACTIVE] state, “0”
is stored in AUTH1, address is greater than or equal to AUTH0, the chip responds negative acknowledgment
(0x0). If address is greater than or equal to 0x2C, the chip responds negative acknowledgment (0x0), since
the reading of key-occupied area is impossible. The chip returns to zero address in two ways:
1) If it reaches the last chip address. If the chip provides data from the address 0x00 instead of data
from the address 0x2C (first page with keys), and then the data stored in subsequent pages
(cumulatively 4 pages).
2) If it reaches the address stored in AUTH0 given AUTH1 = “0”. If the chip provides data from the
address 0x00 instead of data from the address AUTH0 in the [ACTIVE] state of a chip, and then the
data stored in subsequent pages (cumulatively 4 pages).
DATA WRITING
Data writing to the chip is made by 2 types of commands: WRITE and COMPATIBILITY_WRITE. The WRITE
command frame contains the following bytes: command code, page address, 4 bytes written to the page, 2
CRC bytes. The COMPATIBILITY_WRITE command contains 2 frames. The first frame contains the following
bytes: command code, page address, 2 CRC bytes. The second frame contains the following bytes: 4 bytes
written to the page, 12 random bytes skipped by the chip, 2 CRC bytes. If no address exists in the
addressable EEPROM area (greater than 0x2F), the chip will respond negative acknowledgment (0x0). If the
chip is in the [ACTIVE] state and address is greater than or equal to AUTH0 in a command, the chip
responds negative acknowledgment (0x0). When writing to the page with address of 0x00 or 0x01, the chip
responds negative acknowledgment (0x0).
16
Inv. № 635А
ONE CHIP MICROCONTROLLER FOR
ELECTRONIC TICKETS WITH ENCRYPTION ALGORITHM SUPPORT
FOR AUTHENTICATION PROCEDURE
MIK1K5PTAC
June 2013
ELECTRICAL PARAMETERS
Absolute maximum ratings
- Input current
- Latch current
- Storage temperature
- ESD protection
as high as 30 mA
as low as 100 mA
-40oC to +125oC
as low as 2kV
Table. Electrical and time parameters
Т = -25 to+70С (if not specified otherwise)
DESIGNATION
PARAMETER
Fin
Operating frequency
Cin
Input capacity, T=22С, Fin =
13.56 MHz, Vin = 2V
EEPROM programming time
Twr
17
MIN.
TYP.
MAX.
UNIT
-
-
MHz
13
13.56 ±
7КHz
16.9
21
pF
-
4.0
-
ms
Inv. № 635А
ONE CHIP MICROCONTROLLER FOR
ELECTRONIC TICKETS WITH ENCRYPTION ALGORITHM SUPPORT
FOR AUTHENTICATION PROCEDURE
MIK1K5PTAC
June 2013
CHIP SIZE AND PAD LOCATION
20
60x60
60x60
100
RF2
90x90
NC1
NC1
25
20
660 um
360
67
RF1
RF1
NC2
365
60x60
30
90x90
100
130
90x90
(0:0)
67
570 um
60x60
RF2
60x60
90x90
NC1
NC1
plate key
RF1, RF2 –antenna inputs
NC – not connected
PADS
RF1
RF2
NC1
NC2
COORDINATES
(70:145)
(505:595)
(130:610)
(510:160)
SIZE
90 um x 90 um
90 um x 90 um
60 um x 60 um
60 um x 60 um
Fig.6. Chip size and pad location
18
Mikron JSC
Mikron GmbH
Marketing dpt.
phone: +7(495) 229 7489
e-mail: [email protected]
Ernst Weissbach
phone (+49) 08106 351646
e-mail: [email protected]