BL75R06SM 8K-bit EEPROM Contactless smart card chip

Similar documents
VendaCard MF1ICS50. major cities have adopted MIFARE as their e-ticketing solution of choice.

MF1ICS General description. Functional specification. 1.1 Key applications. 1.2 Anticollision. Energy. MIFARE card contacts La, Lb.

MF1ICS General description. Functional specification. 1.1 Key applications. 1.2 Anticollision. Product data sheet PUBLIC

IS23SC4439 Preliminary. 1K bytes EEPROM Contactless Smart Card Conform to ISO/IEC 14443A Standard. Table of contents

UNC20C01R 1Kbyte EEPROM Contactless Card IC

FM11RF32 32KBits Contactless IC Card Chip

JMY600 Series IC Card Module

Security & Chip Card ICs SLE 55R04. Intelligent 770 Byte EEPROM with Contactless Interface complying to ISO/IEC Type A and Security Logic

Inv.# 557 ONE CHIP MICROCONTROLLER FOR ELECTRONIC PLASTIC CARDS Preliminary datasheet September 2010 revised January 2012

JMY600 Series IC Card Module

FEATURES Contactless transmission of data and supply energy, no battery is needed up to 100mm (depending on the inlay antenna and reader)

mifare DESFire Contactless Multi-Application IC with DES and 3DES Security MF3 IC D40 INTEGRATED CIRCUITS Objective Short Form Specification

Advanced. Card. Systems. Ltd. by Eric Lee. June, Advanced Card Systems Ltd. Room 2910, The Center, 99 Queen's Road Central, Hong Kong.

FM11RF005U 512Bits EEPROM Contactless Smart Card IC

MF1S703x. 1. General description. MIFARE Classic 4K - Mainstream contactless smart card IC for fast and easy solution development. 1.

MIFARE Classic 1K - Mainstream contactless smart card IC for fast and easy solution development. energy MIFARE CARD PCD. data

Micro RWD MF-IC (Mifare/ICODE/ISO14443B) Reader (low power version with auxiliary outputs)

Micro RWD MF (Mifare) Low Power Version (with auxiliary data outputs)

INTEGRATED CIRCUITS. Standard Card IC MF1 IC S50. Functional Specification. Product Specification Revision 5.0. November Philips Semiconductors

MF1S50YYX_V1. 1 General description. MIFARE Classic EV1 1K - Mainstream contactless smart card IC for fast and easy solution development

Download from

MF0ICU2. 1. General description. MIFARE Ultralight C. 1.1 Contactless energy and data transfer. 1.2 Anticollision. Rev May

RFID Radio Frequency Identification The Basic Principle. Semiconductors 4

EWTJ-680 API Specification

JMY600 Series IC Card Module

AT88RF04C. CryptoRF EEPROM Memory 13.56MHz, 4 Kilobits SUMMARY DATASHEET. Features

RFID Beginner s Kit Command Reference Manual Copyright 2003 Intensecomp Pte Ltd All rights reserved.

REV6 Multi Sector MIFARE Reader/Writer Data Sheet

MC2002 Hand-Held Smart Card Read/Write Device (RWD) Optional Device Library Manual: ASK ΤΜ Accessing Library

Proximity reader for 13.56MHz Contactless module MiFare,ISO14443 type A /B

AT88SC3216CRF. CryptoRF EEPROM Memory 13.56MHz, 32 Kilobits SUMMARY DATASHEET. Features

JMY504M User's Manual

AT88RF1354 SPI User Guide For CryptoRF

MF0ULX1. 1 General description. MIFARE Ultralight EV1 - Contactless ticket IC. 1.1 Contactless energy and data transfer. 1.

WHAT FUTURE FOR CONTACTLESS CARD SECURITY?

Supports ISO14443A Mifare Classic 1K, Mifare Classic 4K, Mifare Ultralight. Fast data transfer - Contactless communication up to 106 KHz

SL2 ICS50/SL2 ICS General description I CODE SLI-L/I CODE SLI-L HC. 1.1 Anticollision. 1.2 Contactless energy and data transfer

JMY600 Series IC Card Module

NFC is the double click in the internet of the things

DATA SHEET. HT2DC20S20 HITAG 2 stick transponder INTEGRATED CIRCUITS

SHORT FORM SPECIFICATION

ACR122S NFC Reader. Datenblatt / Specifications. Technical Specifications

TRF79xx/MSP430/Stellaris Mifare Direct Mode 0 Training. Texas Instruments ERF Systems/Apps Team 12/2011

FM1208M01 Contactless CPU Card

NFC Type 5 / RFID tag IC with 16-Kbit or 64-Kbit EEPROM and protection

ACR122U SAM NFC Reader. Application Programming Interface

JMY607H User's Manual

EWTJ-680 API Specification

MIFARE Ultralight TM EV1

Mifare Classic Operations with TRF79xxA NFC/RFID Transceivers. S2 Microcontroller Division NFC/RFID Applications Team 02/2014

UHF RFID tag IC with cryptographic authentication

JMY501H User's Manual

GM 500A Mifare Read/Write Module V1.0 GM 500A Mifare 13.56MHz Read/Write Protocols Interface (I2C/UART) User s Manual

MaCaPS International Ltd


Application Programming Interface

INTEGRATED CIRCUITS MF RC531. ISO Reader IC. Short Form Specification Revision 3.2. April Philips Semiconductors

YHY502CTG++ DATASHEET MHz RFID Mifare Read/Write Module. YHY502CTG++ Datasheet Revision 2.0 Oct, 2009 Page 1 of 21

NFC Lab Michel Simatic

A9213-A ISO/IEC 14443A RFID TAG IC

Communication of passive RFID Reader and. FOX3-2G/3G/4G series via RS-232 serial link. and its use to identify RFID tags in

AN MIFARE Type Identification Procedure. Application note COMPANY PUBLIC. Rev August Document information

User - Data Sheet: Transponder (R/W) ID DTx.C. 32 Byte of that:

ACOS 3 Contact Card. Functional Specification. Subject to change without prior notice

NTAG203F. 1. General description. NFC Forum Type 2 Tag compliant IC with 144 bytes user memory and field detection

RFID tags. Inductive coupling is used for. energy transfer to card transmission of clock signal data transfer

Security in Mifare Classic RFID

ST25TB series tags. April 2017

CryptoRF EEPROM Memory 8 Kbits

FM1208 Contactless CPU Card

Card Dispensing/Collecting Machine

ACR300 Bus Validator. Technical Specifications. Subject to change without prior notice

DTNFCSS UART YES Internal DTNFCUS USB YES Internal

Atmel ATA5575M2. Read/Write LF RFID IDIC 100kHz to 150kHz DATASHEET. Features

HF MIFARE Easy Module

ACR128U Dual- Interface Reader

ACR122S. Serial NFC Reader. Application Programming Interface V2.03. Subject to change without prior notice.

Grcard SIM Card. Specification

FeliCa Card User's Manual Excerpted Edition

DEFCON 26 - Playing with RFID. by Vanhoecke Vinnie

SL2S General description ICODE DNA. 1.1 Contactless energy and data transfer. 1.2 Anticollision. 1.3 Security and privacy aspects

CRYPTOGRAPHIC ENGINEERING ASSIGNMENT II Theoretical: Design Weaknesses in MIFARE Classic

REV5 Multi Sector MIFARE Reader/Writer Module Data Sheet

EHAG 125 khz Multitag Reader Module ME-H10101xx

Card Issuing Machine for Magnetic, Contact & IC Card

REV3 USB MIFARE Reader Writer Module Data sheet

KR300 User Manual. Contents

Chip Card & Security ICs SLE Intelligent 256-Byte EEPROM with Write Protection function and Programmable Security Code

H1PROT.PDF 14 Pages Last Revised 02/11/06. Micro RWD H1/S Protocol

Hitachi Releases Smart Card Microcontroller AE45X series Equipped with Contact/Contactless Dual Interface in a Single Chip

Grcard SIM Card. Specification

The Cubesat Internal bus: The I2C

MIFARE Secure OEM Reader Module Data Sheet

Research on the Security Authentication Mode of MF1 S50 Electronic Tag

JMY505G User's Manual

ACR122U-SAM USB NFC Reader

ACR120 Contactless Reader/Writer

RD220 Serial USB RFID Reader Demonstration Software User Manual

ACR1255 NFC Bluetooth Smart Card Reader

Product Specification

Transcription:

Description BL75R06SM consists of the RF-Interface, the Digital Control Unit and the 8 Kbit EEPROM. Operating distance is up to 10cm(depending on antenna geometry). The communication layer complies to parts 2 and 3 of the ISO/IEC 14443A standard. The chip supports PHILIPS s MIFARE card reader. It can be used for ticketing systems in public transport and comparable applications. Features RF interface : ISO/IEC 14443 Type A Operating frequency : 13.56 MHz Fast data transfer : 106 kbit/s Memory size : 8 Kbit No battery needed : contactless transmission of data and supply energy Anti-collision : allows to operate more than one card in the field simultaneously Operating distance : Up to 100mm ( depending on antenna geometry) Transaction possible with moving card Half-duplex communication protocol using handshake Following mechanisms are implemented in the contactless communication link between RWD and card to ensure very reliable data transmission : --- Anti-collision mechanism --- 16 bits CRC pre block --- Parity bits for each byte --- Bit count checking --- Bit coding to distinguish between 1, 0,and no information --- Channel monitoring (protocol sequence and bit stream analysis) Offer multi-application functionality --- 8 K-bit EEPROM(16 Sectors 4 Blocks 16 Bytes 8 Bit) --- Organised in securely separated 16 sectors supporting multi-application use --- each sector consists of 4 blocks --- A block is the smallest part to be addressed and consists of 16 bytes --- Individual set of two keys per sector(per application) --- User definable access conditions for each memory block --- Arithmetic : increment and decrement Data retention of 10 years Write endurance 100,000 cycles Typical operation parameter : --- Anti-collision time : 3.0ms + 1.0ms --- Authentication : 2.0ms --- Read block : 2.5ms --- Write block : 6.0ms --- Transfer : 4.5ms Typical ticketing transaction : < 100ms Identification of card + 6 Blocks read (768 bit, 2 Sector Authentication) + 2 Blocks write(256bit) with Backup http://www.belling.com.cn - 1-8/16/2006

Functional Description Block Diagram BL75R06SM 8K-bit EEPROM BL75R06SM Contactless smart card IC consists of the RF-Interface, the Digital Control Unit and the 8 Kbit EEPROM, as show in the below figure: RF Interface Digital Control Unit EEPROM Rectifier Coding and Decoding Unit Anti-collision Voltage Regulator Modulator/ Demodulator Communication Unit Clock Control Arithmetic Unit Crypto Unit EEPROM Interface EEPROM Memory Power On Reset Control Unit Authentication & Access Control Transaction Sequence Diagram http://www.belling.com.cn - 2-8/16/2006

Commands The BL75R06SM RFID ICs support the following commands: 1 Request Standard / All After Power On Reset (POR) of a card it can answer to a request command - sent by the RWD to all cards in the antenna field - by sending the answer to request code (ATQA according to ISO/IEC 14443A). 2 Anticollision Loop In the anticollision loop the serial number of a card is read. If there are several cards in the operating range of the RWD, they can be distinguished by their unique serial numbers and one can be selected (select card) for further transactions. The unselected cards return to the standby mode and wait for a new request command. 3 Select Card With the select card command the RWD selects one individual card for authentication and memory related operations. The card returns the Answer To Select(ATS) code (= 08h), which determines the type of the selected card. 4 3 Pass Authentication After selection of a card the RWD specifies the memory location of the following memory access and uses the corresponding key for the 3 pass authentication procedure. After a successful authentication all memory operations are encrypted. 5 Memory Operations After authentication any of the following operations may be performed: Read block Write block Decrement: Decrements the contents of a block and stores the result in a temporary internal data-register Increment: Increments the contents of a block and stores the result in the data-register Restore: Moves the contents of a block into the data-register Transfer: Writes the contents of the temporary internal data-register to a value block Data Integrity Following mechanisms are implemented in the contactless communication link between RWD and card to ensure very reliable data transmission: 16 bits CRC per block Parity bits for each byte Security To provide a very high security level a three pass authentication according to ISO 9798-2 is used. Three Pass Authentication Sequence a. The RWD specifies the sector to be accessed and chooses key A or B. b. The card reads the secret key and the access conditions from the sector trailer. Then the card sends a random number as the challenge to the RWD (pass one). c. The RWD calculates the response using the secret key and additional input. The http://www.belling.com.cn - 3-8/16/2006

response, together with a random challenge from the RWD, is then transmitted to the card (pass two). d. The card verifies the response of the RWD by comparing it with its own challenge and then it calculates the response to the challenge and transmits it (pass three). e. The RWD verifies the response of the card by comparing it to its own challenge. After transmission of the first random challenge the communication between card and RWD is encrypted. Memory Organisation The 1024 x 8 bit EEPROM memory is organized in 16 sectors with 4 blocks of 16 bytes each. In the erased state the EEPROM cells are read as a logical 0, in the written state as a logical 1. 1 Manufacturer Block This is the first data block (block 0) of the first sector (sector 0).It contains the IC manufacturer data. Due to security and system requirements this block is write protected after having been programmed by the IC manufacturer at production. http://www.belling.com.cn - 4-8/16/2006

2 Data Blocks All sectors contain 3 blocks of 16 bytes for storing data (Sector 0 contains only two data blocks and the read-only manufacturer block). The data blocks can be configured by the access bits as read/write blocks for e.g. contactless access control or value blocks for e.g. electronic purse applications, where additional commands like increment and decrement for direct control of the stored value are provided. An authentication command has to be carried out before any memory operation in order to allow further commands. Value Blocks The value blocks allow to perform electronic purse functions (valid commands: read, write, increment, decrement, restore, transfer). The value blocks have a fixed data format which permits error detection and correction and a backup management. A value block can only be generated through a write operation in the value block format: Value: Signifies a signed 4-byte value. The lowest significant byte of a value is stored in the lowest address byte. Negative values are stored in standard 2 s complement format. For reasons of data integrity and security, a value is stored three times, twice non-inverted and once inverted. Adr: Signifies a 1-byte address, which can be used to save the storage address of a block, when implementing a powerful backup management. The address byte is stored four times, twice inverted and non-inverted. During increment, decrement, restore and transfer operations the address remains unchanged. It can only be altered via a write command. Byte Number Description 3 Sector Trailer (Block 3) Each sector has a sector trailer containing the secret keys A and B(optional), which return logical 0 s when read and the access conditions for the four blocks of that sector, which are stored in bytes 6...9. The access bits also specify the type (read/write or value) of the data http://www.belling.com.cn - 5-8/16/2006

blocks. If key B is not needed, the last 6 bytes of block 3 can be used as data bytes. Byte 9 of the sector trailer is available for user data. For this byte apply the same access rights as for byte 6, 7 and 8. 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 Key A Access Bits Key B (optional) Memory Access Before any memory operation can be carried out, the card has to be selected and authenticated as described previously. The possible memory operations for an addressed block depend on the key used and the access conditions stored in the associated sector trailer. http://www.belling.com.cn - 6-8/16/2006

Memory Operations Operation Description Valid for Block Type Read reads one memory block read/write, value and sector trailer Write writes one memory block read/write, value and sector trailer Increment increments the contents of a block and stores the value result in the internal data register Decrement decrements the contents of a block and stores the value result in the internal data register Transfer writes the contents of the internal data register to a value block Restore reads the contents of a block into the internal data register value 1 Access Conditions The access conditions for every data block and sector trailer are defined by 3 bits, which are stored non-inverted and inverted in the sector trailer of the specified sector. The access bits control the rights of memory access using the secret keys A and B. The access conditions may be altered, provided one knows the relevant key and the current access condition allows this operation. Note: In the following description the access bits are mentioned in the non-inverted mode only. The internal logic of the BL75R06SM ensures that the commands are executed only after an authentication procedure or never. 2 Access Conditions For The Sector Trailer Depending on the access bits for the sector trailer (block 3) the read/write access to the keys and the access bits is specified as never, key A, key B or key A B (key A or key B). On chip delivery the access conditions for the sector configuration, new cards must be authenticated with key A. Since the access bits themselves can also be blocked, special care should be taken during personalization of cards. http://www.belling.com.cn - 7-8/16/2006

Note: With each memory access the internal logic verifies the format of the access conditons. If it detects a format violation the whole sector is irreversible blocked. Note: the grey marked lines are access conditions where key B is readable and may be used for data. trailers and key A are predefined as transport configuration. Since key B may be read in transport. 3 Access Conditions For Data Blocks Depending on the access bits for data blocks (blocks 0...2) the read/write access is specified as never, key A, key B or key A B (key A or key B). The setting of the relevant access bits defines the application and the corresponding applicable commands. Read/write block: The operations read and write are allowed. Value block: Allows the additional value operations increment, decrement, transfer und restore. http://www.belling.com.cn - 8-8/16/2006

In one case ( 001 ) only read and decrement are possible for a non-rechargeable card. In the other case ( 110 ) recharching is possible by using key B. Manufacturer block: The read-only condition is not affected by the access bits setting. Key management: In transport configuration key A must be used for authentication 1. 1 if Key B may be read in the corresponding Sector Trailer it cannot serve for authentication (all grey marked lines in previous table). Consequences: If the RWD tries to authenticate any block of a sector with key B using grey marked access conditions, the card will refuse any subsequent memory access after authentication. http://www.belling.com.cn - 9-8/16/2006

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback