1
Features
One 64 x 8 (512 bit) Configuration Zone
Three 64 x 8 (512 bit) User Zones
Programmable Chip Select
Low-voltage Operation: 2.7V to 5.5V
Two-wire Serial Interface
8-byte Page Write Mode
Self-timed Write Cycle (10 ms max)
ISO 7816-3 Synchronous Protocol
Answer-to-Reset Register
High-security Memory Including Anti-wire Tapping
64-bit Authentication Protocol*
Secure Checksum
Configurable Authentication Attempts Counter
Two Sets of Two 24-bit Passwords
Specific Passwords for Read and Write
Four Password Attempts Counters
Selectable Access Rights by Zone
ISO Compliant Packaging
High Reliability
Endurance: 100,000 Cycles
Data Retention: 100 Years
ESD Protection: 4,000V min
Low-Power CMOS
Description
The AT88SC153 provides 2,048 bits of serial EEPROM memory organized as one
configuration zone of 64 bytes and three user zones of 64 bytes each. This device is
optimized as a "secure memory" for multi-application smart card markets, secure
identification for electronic data transfer or for components in a system without the
requirement of an internal microprocessor.
The embedded authentication protocol allows the memory and the host to
authenticate each other. When this device is used with a host which incorporates a
microcontroller, e.g., AT89C51, AT89C2051, AT90S1200, the system provides an
"anti-wire tapping" configuration. The device and the host exchange "challenges"
issued from a random generator and verify their values through a specific
cryptographic function included in each part. When both agree on the same result, the
access to the memory is permitted.
Security Methodology
3 x 64 x 8
Secure Memory
with
Authentication
AT88SC153
Rev. 1016B11/99
*Under exclusive patent license from ELVA
AT88SC153
2
Memory Access
Depending on the device configuration, the host might
carry out the authentication protocol, and/or present
different passwords for each operation: read or write. Each
user zone may be configured for free access for read and
write, or for password restricted access. To insure security
between the different user zones (multi-application card),
each zone can use a different set of passwords. A specific
a t t e m p t s c o u n t e r f o r e a c h p a s s w o r d a n d f o r t h e
authentication provides protection against "systematic
attacks". When the memory is unlocked, the two-wire serial
protocol is effective, using SDA and SCL. The memory
includes a specific register providing a 32-bit data stream
conforming to the ISO 7816-3 synchronous Answer-to-
Reset.
Block Diagram
Pin Descriptions
Supply Voltage (VCC)
The VCC input is a 2.7V to 5.5V positive voltage supplied
by the host.
Serial Clock (SCL)
The SCL input is used to positive edge clock data into the
device and negative edge clock data out of the device.
Serial Data (SDA)
The SDA pin is bi-directional for serial data transfer. This
pin is open-drain driven, and may be wire-ORed with any
number of other open drain or open collector devices. An
external pull up resistor should be connected between SDA
and VCC. The value of this resistor and the system
capacitance loading the SDA bus will determine the rise
time of SDA. This rise time will determine the maximum
frequency during Read operations. Low value pull-up
resistors will allow higher frequency operations while
drawing higher average power supply current.
Reset (RST)
When the RST input is pulsed high, the device will output
the data programmed into the 32-bit answer-to-reset
register. All password and authentication access will be
reset. Following a reset, device authentication and
password verification sequences must be presented to re-
establish user access.
VCC
AT88SC153
3
Memory Mapping
Notes:
1. CMC: Card Manufacturer Code.
AR0-2: Access Register for User Zone 0 to 2.
MTZ: Memory Test Zone.
DCR: Device Configuration Register.
AAC: Authentication Attempts Counter.
PAC: Password Attempts Counter.
zz: Zone number
2. Address $20 also serves as the virtual address of the Checksum Authentication Register (CAR) during checksum mode.
The 2,048 bits of the memory are divided in four zones of 64 bytes each:
Zone
$0
$1
$2
$3
$4
$5
$6
$7
@
User 0
zz = 00
$00
64 bytes
-
-
$38
User 1
zz = 01
$00
64 bytes
-
$38
User 2
zz = 10
$00
64 bytes
-
-
$38
Configuration
zz = 11
$00
64 bytes
$38
The last 64 bytes of the memory is a configuration zone with specific system data, access rights and read/write commands;
it is divided in four subzones
(1)
.
Configuration
$0
$1
$2
$3
$4
$5
$6
$7
@
Fabrication
Answer-to-Reset
Lot History Code
$00
Fab Code
CMC
AR0
AR1
AR2
MTZ
$08
Identification
Issuer Code
$10
DCR
Identification Number (Nc)
$18
AAC
(2)
Cryptogram (Ci)
$20
Secret
Secret Seed (Gc)
$28
Passwords
PAC
Write 0
PAC
Read 0
$30
PAC
Secure Code/Write 1
PAC
Read 1
$38
AT88SC153
4
Fuses
FAB, CMA and PER are nonvolatile fuses blown at the
end of each card life step. Once blown, these EEPROM
fuses can not be reset.
The FAB fuse is blown by Atmel prior to shipping wafers
to the card manufacturer.
The CMA fuse is blown by the card manufacturer prior to
shipping cards to the issuer.
The PER fuse is blown by the issuer prior to shipping
cards to the end user.
The device responds to a Read Fuse command with "fuse byte".
Note:
CMC: Card Manufacturer Code.
AR: Access Rights as defined by the Access Registers.
PW: Password.
Bit 7
Bit 6
Bit 5
Bit 4
Bit 3
Bit 2
Bit 1
Bit 0
0
0
0
0
0
PER
CMA
FAB
When the fuses are all 1's, read and write are allowed in the entire memory. Before blowing the FAB fuse, Atmel writes the
entire memory to "1", and programs the fabrication subzone (except CMC and AR) and the secure code.
Zone
Access
FAB = 0
CMA = 0
PER = 0
Fabrication
(Except CMC, MTZ and AR)
Read
Free
Free
Free
Write
Forbidden
Forbidden
Forbidden
Card Manufacturer
Code
Read
Free
Free
Free
Write
Secure Code
Forbidden
Forbidden
Access Registers
Read
Free
Free
Free
Write
Secure Code
Secure Code
Forbidden
Memory Test Zone
Read
Free
Free
Free
Write
Free
Free
Free
Identification
Read
Free
Free
Free
Write
Secure Code
Secure Code
Forbidden
Secret
Read
Secure Code
Secure Code
Forbidden
Write
Secure Code
Secure Code
Forbidden
Passwords
Read
Secure Code
Secure Code
Write PW
Write
Secure Code
Secure Code
Write PW
PAC
Read
Free
Free
Free
Write
Secure Code
Secure Code
Write PW
User Zones
Read
AR
AR
AR
Write
AR
AR
AR
AT88SC153
5
Configuration Zone
Answer-to-Reset
32-bit register defined by Atmel.
Lot History Code
32-bit register defined by Atmel.
Fab Code
16-bit register defined by Atmel.
Card Manufacturer Code
16-bit register defined by the card manufacturer.
Issuer Code
64-bit register defined by the card issuer.
Access Registers
Three 8-bit access registers defined by the issuer, one for
each user zone. (Active low)
WPE - Write Password Enable
If enabled (WPE = "0"), the user is required to verify the
Write Password to allow write operations in the user zone.
If disabled (WPE = "1"), all write operations are allowed
within the zone. Verification of the Write password also
allows the Read and Write passwords to be changed.
RPE - Read Password Enable
If enabled (RPE = "0"), the user is required to verify either
the Read Password or Write Password to allow read
operations in the user zone. Read operations initiated
without a verified password will return $00 (or the status of
the fuse bits, if either CMA or PER are still intact).
Verification of the Write password will always allow read
access to the zone. RPE = "0" and WPE = "1" is allowed,
but is not recommended.
ATE - Authentication Enable
If enabled (ATE = "0"), a valid Authentication sequence is
required for both Read and Write and must be completed
before access is allowed to the user zone. If disabled (ATE
= "1"), authentication is not required for access.
AOW - Authentication Only for Write
If enabled (AOW = "0"), a valid Authentication sequence
must be completed before write access is allowed to the
user zone. Read access to this zone is allowed without
authentication. This bit is ignored if ATE is enabled.
PWS - Password Select
This bit defines which of the two password sets must be
presented to allow access to the user zone. Each access
register may point to a unique password set, or access reg-
isters for multiple zones may point to the same password
set. In this case, verification of a single password will open
several zones, combining the zones into a single larger
zone.
WLM - Write Lock Mode
If enabled (WLM = "0"), the eight bits of the first byte of
each user zone page will define the locked/unlocked status
for each byte in the page. Write access is forbidden to a
byte if its associated bit in byte 0 is set to "0". Bit 7 controls
byte 7, bit 6 controls byte 6, etc.
MDF - Modify Forbidden
If enabled (MDF = "0"), no write access is allowed in the
zone at any time. The user zone must be written before the
PER is blown.
PGO - Program Only
If enabled (PGO = "0"), data within the zone may be
changed from "1" to "0", but never from "0" to "1".
Identification Number (Nc)
An identification number with up to 56-bits is defined by the
issuer and should be unique for each device.
Cryptogram (Ci)
The 56-bit cryptogram is generated by the internal random
generator and modified after each successful verification of
the cryptogram by the chip, on host request. The initial
value, defined by the issuer, is diversified as a function of
the identification number. The 64 bits used in the Authenti-
cation protocol consist of the 56-bit cryptogram and the 8-
bit Authentication Attempts counter. Note that any change
in the AAC status will change Ci for the next authentication
attempt.
Secret Seed (Gc)
The 64-bit secret seed, defined by the issuer, is diversified
as a function of the identification number.
Memory Test Zone
8-bit free access zone for memory and protocol test.
Bit 7
Bit 6
Bit 5
Bit 4
Bit 3
Bit 2
Bit 1
Bit 0
WPE
RPE
ATE
AOW
PWS
WLM
MDF
PGO
PDF 
ZIP