0S1204V DALLAS SEMICONDUCTOR DS1204V Electronic Key FEATURES Cannot be deciphered by reverse engineering Partitioned memory thwarts pirating @ User-insertable packaging allows personal posses- sion e Exclusive blank keys on request Appropriate identification can be made with a 64-bit reprogrammable memory Unreadable 64-bit security match code virtually pre- vents deciphering by exhaustive search with over 1019 possibilities 128 bits of secure read/write memory create addition- al barriers by permitting data changes as often as needed Rapid erasure of identification security match code and secure read/write memory can occur if tampering is detected Low-power CMOS circuitry Four million bps data rate Durable and rugged Applications include software authorization, gray market software protection, proprietary data, financial transactions, secure personnel areas, and system ac- cess control DESCRIPTION The DS1204V Electronic Key is a miniature security system that stores 64 bits of user-definable identifica- tion code and a 64-bit security match code that protects 128 bits of read/write nonvolatile memory. The 64-bit identification code and the security match code are pro- grammed into the key via a special program mode oper- ation. After programming, the key follows a procedure with a serial format to retrieve or update data. Interface cost to a microprocessor is minimized by on-chip circuit- ry that permits data transfer with only three signals: Clock (CLK), Reset (RST), and Data Input/Output (DQ). PIN ASSIGNMENT DALLAS DS1204V ELECTRONIC KEY SIDE fea ee BOTTOM: PIN VIEW | 1.0IN See Mech. Drawings Section PIN DESCRIPTION Pin t - Voc +5 Volts Pin 2 - RST Reset Pin 3 - DQ Data Input/Output Pin 4- CLK Clock Pin 5 - GND Ground Low pin count and a guided entry for mating receptacle overcome mechanical problems normally encountered with conventional integrated circuit packaging, making the device transportable and user-insertable. OPERATION - NORMAL MODE The Electronic Key has two modes of operation: normal and program. The block diagram (see Figure 1) illus- trates the main elements of the key when used in the normal mode. To initiate data transfer with the key, RST is taken high and 24 bits are loaded into the command 030994 1/10 or 1995 by Dallas Semiconductor Corporation. Al Bitthe Heosrog For mportan ieornaton moter patents and other intekectual property rights , Please refer to Dallas Nconductor data books.DS1204V register on each low-to-high transition of the CLK input. The command register must match the exact bit pattern that defines normal operation for read or write, or com- munications are ignored. If the command register is loaded properly, communications are allowed to contin- ue. The next 64 cycles to the key are reads. Data is clocked out of the key on the high-to-low transition of the clock from the identification memory. Next, 64 write cycles must be written to the compare register. These BLOCK DIAGRAM - NORMAL MODE Figure 1 64 bits must match the exact pattern stored in the secu- rity match memory. Ifa match is not found, access to ad- ditional information is denied. instead, random data is output for the next 128 cycles when reading data. If write cycles are being executed, the write cycles are ignored. Ifa match is found, access is permitted to a 128-bit read/ write nonvolatile memory. Figure 2 is a summary of nor- mal mode operation and Figure 3 is a flow chart of the normal mode sequence. DQ > 64-BIT Lt CLK CONTROL IDENTIFICATION +1|_iocic RST 64-BiT o_____ SECURITY MATCH COMPARE REGISTER = lug 4 > 128-BIT SECURE MEMORY = __ COMMAND REGISTER p RANDOM DATA SEQUENCE - NORMAL MODE Figure 2 PROTOCOL IDENTIFICATION SECURITY MATCH COMMAND WORD 64 READ CYCLES 64 WRITE CYCLES MATCH SECURE MEMORY 128 READ OR WRITES 930994 2/10081204V FLOW CHART - NORMAL MODE Figure 3 RESET HIGH WRITE COMMAND PROTOCOL READ 64 BITS IDENTIFICATION WRITE 64 BITS SECURITY MATCH PROGRAM MODE The block diagram in Figure 4 illustrates the main ele- ments of the key when used in the program mode. To Ini- tiate the program mode, RST is driven high and 24 bits are loaded into the command register on each low-to-high transition of the CLK input. The command register must match the exact pattern that defines pro- OUTPUT GARBLED DATA READ OR WRITE 128 BITS BASED SECURE NV RAM ON PROTOCOL STOP RESET LOW OUTPUT IN HIGH Z gram operation. If an exact match is not found, the re- mainder of the program cycle is ignored. If the command register is properly loaded, then the 128 bits that follow are written to the identification memory and the security match memory. Figure 5 is a summary of program mode operation and Figure 6 is a flow chart of program mode operation. 030094 3/10BLOCK DIAGRAM - PROGRAM MODE Figure 4 DS1204V D/O CLK _* 64-BIT IDENTIFICATION KK CONTROL LOGIC RST ee 64-BIT K _ SECURITY MATCH COMMAND REGISTER a SEQUENCE - PROGRAM MODE Figure 5 PROTOCOL IDENTIFICATION SECURITY MATCH COMMAND WORD 64 WRITE CYCLES 64 WRITE CYCLES COMMAND WORD Each data transfer for the normal and program mode begins with a three-byte command word as shown in Figure 7. As defined, the first byte of the command word specifies whether the 128-bit nonvolatile memory will be written into or read. If any one of the bits of the first byte of the command word fails to meet the exact pattern of read or write, the data transfer will be aborted. The 8-bit pattern for read is 01100010. The pattern for write is 10011101. The first two bits of the second byte of the command word specify whether the data transfer to follow is a program or normal cycle. The bit pattern for program is 0 in bit 0 and 1 in bit 1. The program mode can be selected only when the first byte of the command word specifies a write. If the program mode is specified and the first byte of the command word does not specify awrite, data transfer will be aborted. The bit pattern that selects the normal mode of operation is 1 in bitO and Oin bit 1. The other two possible combinations for the first two bits of byte 2 will cause data transfer to abort. The remaining six bits of byte 2 and the first seven bits of byte 3 form unique patterns that allow multiple keys to reside on a common bus. As such, each respective code pattern must be written exactly for a given device or data transfer will abort. Dallas Semiconductor has five patterns available as standard products per the chart in Figure 7. Each pattern corresponds to a specific part number. Under special contract with Dallas Semi- conductor, the user can specify any bit pattern other than those specified as unavallable. The bit pattern as defined by the user must be written exactly or data transfer will abort. The last bit of byte 3 of the command word must be written to logic 1 or data transfer will abort. NOTE: Contact the Dallas Semiconductor sales office for a spe- cial command word code assignment that makes possi- ble an exclusive blank key. 387 030994 4/10081204V FLOW CHART - PROGRAM MODE Figure 6 RESET HIGH WRITE COMMAND PROTOCOL MATCH PROGRAM MODE WRITE 64 BITS t(DENTIFICATION t WRITE 64 BITS SECURITY MATCH Ss STOP ' RESET LOW OUTPUT IN HIGH Z | RESET ANDCLOCKCONTROL =" All data transfers are initiated by driving the RST input high. The RST input serves three functions. First, itturns on control logic, which allows access to the command register for the command sequence. Second, the RST signal provides a power source for the cycle to follow. To meet this requirement, a drive source for RST of 2mA @ 3.5 volts is required. However, if the Vcc pin is con- nected to a 5-volt source within nominal limits, the RST is not used as a source of power and input levels revert to normal V4 and V)_ inputs with a drive current require- ment of 500 pA. Third, the RST signal provides a meth- od of terminating data transfer. Aclock cycle is a sequence of a falling edge followed by a rising edge. For data inputs, the data must be valid during the rising edge of a clock cycle. Command bits and data bits are input on the rising edge of the clock and data bits are output on the falling edge of the clock. The rising edge of the clock returns the DQ pin to a high im- pedance state. All data transter terminates if the RST pin is low and the DQ pin goes to a high impedance state. When data transfer to the key is terminated using RST, the transition of RST must occur while the clock is ata high level to avoid disturbing the last bit of data. Data transfer is illustrated in Figure 8 for normal mode and Figure 9 for program mode. 030994 5/10 388COMMAND WORD Figure 7 081204V R R_|R_|A A A A_|A a w w w w w wi Ww w BYTE 1 x x x x x x Pp p BYTE 2 23 1 x x Xx Xx x x x BYTE 3 0 0 0 0 0 0 P P BYTE 2 DS1204U-G01 1 0 1 0 0 0 0 0 BYTE 3 0 0 0 0 0 1 P P BYTE 2 0S1204U-Go2 1 0 1 0 0 0 0 0 BYTE 3 0 0 0 0 1 0 P Pp BYTE 2 DS1204U-Go3 1 0 1 0 0 0 0 0 BYTE 3 0 0 0 0 1 1 P P BYTE 2 DS1204U-G04 1 0 1 0 0 0 0 0 BYTE 3 0 0 0 1 0 P P BYTE 2 DS1204U-Gos 1 0 1 0 0 0 0 0 BYTE 3 KEY CONNECTIONS The key is designed to be plugged into a standard 5-pin, 0.1-inch center SIP receptacle (SAMTEC SS105 or equivalent). A guide is provided to prevent the key from being plugged in backwards and aid in alignment of the receptacle. For portable applications, contact to the key pins can be determined to ensure connection integrity before data transfer begins. CLK, RST, and DQ all have internal 20K chm pulldown resistors to ground that can be sensed by a reading device. 389 030994 6/10081204V DATA TRANSFER - NORMAL MODE Figure 8 JUWUUW UUW UU UU | oy) % S % AESET x. a Son| w[? 063 | pao | | paras | pai27 > SS. COMMAND A READ A WRITE A READ WRITE NV 64 BITS 64 BITS 8 BITS __/ i\< 0 on | id oF DATA TRANSFER - PROGRAM MODE Figure 9 CLOCK CLK | 5 5 S | aeset 0 1 2 23 <ew| rw | | 1 | a | ot asz | ass | oo | at as2 | o6s > SS SS af COMMAND WRITE A WRITE J \_ WORD IN 64 BITS 64 BITS 030994 7/10 390DS1204V ABSOLUTE MAXIMUM RATINGS* Voltage on any Pin Relative to Ground -0.5V to +7.0V Operating Temperature 0C to 70C Storage Temperature -40C to +70C * This is a stress rating only and functional operation of the device at these or any other conditions above those indicated in the operation sections of this specification is not implied. Exposure to absolute maxi- mum rating conditions for extended periods of time may affect reliability. RECOMMENDED DC OPERATING CONDITIONS (0C to 70C) PARAMETER SYMBOL MIN TYP MAX UNITS NOTES Logic 1 Vin 2.0 Vv 1,8, 10 Logic 0 Vit -0.3 +0.8 Vv 1 RESET Logic 1 VIHE 3.5 Vv 1,9, 11 Supply Vec 45 5.0 5.5 Vv 1 DC ELECTRICAL CHARACTERISTICS (0C to 70C; Voc = 5V + 10%) PARAMETER SYMBOL MIN TYP MAX UNITS NOTES Input Leakage Hie +500 HA 4 Output Leakage lto ] +500 pA Output Current @2.4V lou -1 mA Output Current @0.4V lot +2 mA RST Input Resistance ZRSst 10 60 K ohms D/Q Input Resistance Zpa 10 60 K ohms CLK Input Resistance ZcLkK 10 60 K ohms RST Current @3.0V last 2 mA 6,9, 13 Active Current loci 6 mA 6 Standby Current loce2 25 mA 6 CAPACITANCE {ta = 25C) PARAMETER SYMBOL MIN TYP MAX UNITS NOTES Input Capacitance Cin 5 pF Output Capacitance Cout 7 pF 030994 8/10 3910S1204V AC ELECTRICAL CHARACTERISTICS (0C to 70C, Voc = 5V + 10%) PARAMETER SYMBOL MIN TyvP MAX UNITS NOTES Data to CLK Setup toc 35 ns 2,7 CLK to Data Hold toon 40 ns 2,7 CLK to Data Delay tepp 100 ns 2,3, 5,7 CLK Low Time tor 125 ns 2,7 CLK High Time ton 125 ns 2,7 CLK Frequency fouk DC 40 MHz 2,7 CLK Rise & Fall tr, te 500 ns 2,7 RST to CLK Setup tec 1 us 2,7 CLK to RST Hold tocH 40 ns 2,7 RST Inactive Time towH 125 ns 2,7, 14 RST to I/O High Z tcoz 50 ns 2,7 TIMING DIAGRAM: WRITE DATA tt L > CT RESET / \ f tcc [*_ TL \ - i NX CLOCK /| _ tt: a tbe Lo 7 a RW can feo it DATA TTT TR ww XT IK XT a X77 TL. al INPUT/OUTPUT PW iw X tt TIMING DIAGRAM: READ DATA town RESET toc CLOCK toc tt tepo tcoz [* Woon Fi . D tt tt tt: 030994 9/10 392DS1204V NOTES: 1. All voltages are referenced to GND. Measured at Viy = 2.0 or Vi_ = .8V and 10ns maximum rise and fall time. Measured at Voy = 2.4 volts and Vo, = 0.4 volts. For CLK, D/Q, and RST. Load capacitance = 50 pF. Measured with outputs open. Measured at Vj, of RST > 3.5V when RST supplies power. on Oo nO F oO DN Logic 1 maximum is Vcc + 0.3 volts if the Voc pin supplies power and RST + 0.3 volts if the RST pin supplies power. 9. Applies to RST when Vcc < 3.5V. 10. Input levels apply to CLK, DQ, and RST while Vcc is within nominal limits. When Vcc is not connected to the key, then RST input reverts to Ving. 11. RST logic 1 maximum is Voc + 0.3 volts if the Vcc pin supplies power and 5.5 volts maximum if RST supplies power. 12. Each DS1204V is marked with a 4-digit code AABB. AA designates the year of manufacture. BB designates the week of manufacture. 13. Average AC RST current can be determined using the following formula: lrotaL = 2 + ILoap oc + (4 x 10-9) (CL + 140)! lToTaAL and ILoap are in mA; C, is in pF; f is in MHz. Applying the above formula, a load capacitance of 50 pF running at a frequency of 4.0 MHz gives an lyotat of 5 mA. 14.When RST is supplying power tcwH must be increased to100 ms average. 030994 10/10 393