1
Features
One of a Family of Devices with User Memories from 1-Kbit to 1-Mbit
16-Kbit EEPROM User Memory
Sixteen 128 x 8 (1-Kbit) Zones
Self-timed Write Cycle (5 ms)
Single Byte or 16-byte Page Write Mode
Programmable Access Rights for Each Zone
2-Kbit Configuration Zone
37-byte OTP Area for User-defined Codes
160-byte Area for User-defined Keys and Passwords
Low Voltage Operation: 2.7V to 5.5V
Dual Protocol
ISO 7816-3 Asynchronous T = 0 Protocol
Synchronous Two-wire Protocol
High Security Features
64-bit Patented Dynamic Symetric Mutual Authentication Protocol (
under
exclusive patent license from ELVA)
Encrypted Checksum
Stream Encryption
Four Key Sets for Authentication and Encryption
Eight Sets of Two 24-bit Passwords
Anti-tearing Function
Voltage and Frequency Monitor
High Reliability
Endurance: 100,000 Cycles
Data Retention: 10 years
ESD Protection: 4,000V min
ISO-compliant Bond Pad Locations and Package Options
Table 1. Pin Configuration
Card Module Contact
8-lead SOIC, PDIP or LAP
Pad
Description
ISO Module Contact
Standard Package Pin
VCC
Supply Voltage
C1
8
GND
Ground
C5
1
SCL/CLK
Serial Clock Input
C3
6
SDA/IO
Serial Data Input/Output
C7
3
RST
Reset Input
C2
7
VCC = C1
RST = C2
SCL/CLK = C3
NC = C4
C5 = GND
C6 = NC
C7 = SDA/IO
C8 = NC
1
2
3
4
8
7
6
5
GND
NC
SDA/IO
NC
VCC
RST
SCL/CLK
NC
8 x 128 x 16
CryptoMemory
TM
AT88SC1616C
Summary
Rev. 2030AS09/01
Note: This is a summary document. A complete document is
available under NDA. For more information, please contact your
local Atmel sales office.
2
AT88SC1616C
2030AS09/01
Description
The AT88SC1616C member of the CryptoMemory family is a high performance secure mem-
ory providing 16 Kbits of user memory with advanced security and cryptographic features built
in. The user memory is divided into 16 zones, each of which may be individually set with dif-
ferent security access rights or combined together to provide space for 1 to 16 data files. The
AT88SC1616C provides high security, low cost and ease of implentation for smart card appli-
cations without the need for a microprocessor operating system. The embedded
cryptographic engine provides for a dynamic, symmetric-mutual authentication between the
device and host as well as performing stream encryption for all data and passwords
exchanged between the device and host. Up to four unique key sets may be used for these
operations. The AT88SC1616C offers the ability to communicate with virtually any smart card
reader using the asynchronous T = 0 protocol defined in ISO 7816-3. For closed systems or
applications using the device on a circuit board. The AT88SC1616C will also communicate
using a synchronous two-wire protocol at clock speeds up to 2 MHz. In this communication
mode, up to 15 devices may be connected and individually addressed on the same serial data
bus. The two-wire protocol may also be used for high speed personalization of the device in
card form.
Figure 1. Block Diagram
Pin
Descriptions
Supply Voltage (V
CC
)
The V
CC
input is a 2.7V to 5.5V positive voltage supplied by the host.
Clock (SCL/CLK)
In the asynchronous T = 0 protocol, the SCL/CLK input is used to provide the device with a
carrier frequency f. The nominal length of one bit emitted on I/O is defined as an "elementary
time unit" (ETU) and is equal to 372/f.
When the synchronous protocol is used, the SCL/CLK input is used to positive edge clock
data into the device and negative edge clock data out of the device.
Serial Data (SDA/IO)
The SDA pin is bidirectional for serial data transfer. This pin is open-drain driven and may be
wire-ORed with any number of other open drain or open collector devices. An external pull-up
resistor should be connected between SDA and V
CC
. The value of this resistor and the system
capacitance loading the SDA bus will determine the rise time of SDA. This rise time will deter-
mine the maximum frequency during Read operations. Low value pull-up resistors will allow
higher frequency operations while drawing higher average power supply current.
Random
Generator
Authentication,
Encryption and
Certification Unit
EEPROM
Answer to Reset
Data Transfer
Password
Verification
Reset Block
Asynchronous
ISO Interface
Synchronous
Interface
Power
Management
VCC
GND
SCL/CLK
SDA/IO
RST
3
AT88SC1616C
2030AS09/01
Reset (RST)
The AT88SC1616C provides an ISO 7816-3 compliant asynchronous answer to reset
sequence. When the reset sequence is activated, the device will output the data programmed
into the 64-bit answer to reset register. An internal pull-up on the RST input pad allows the
device to be used in synchronous mode without bonding RST. The AT88SC1616C does not
support the synchronous answer to reset sequence.
Device
Architecture
User Zones
The EEPROM user memory is divided into 16 zones of 1024 bits each. Multiple zones allow
for different types of data or files to be stored in different zones. Access to the user zones is
allowed only after security requirements have been met. These security requirements are
defined by the user during the personalization of the device in the configuration zone. If the
same security requirements are selected for multiple zones, then these zones may effectively
be accessed as one larger zone.
Control Logic
Access to the user zones occurs only through the control logic built into the device. This logic
is configurable through access registers, key registers and keys programmed into the configu-
ration zone during device personalization. Also implemented in the control logic is a
cryptographic engine for performing the various higher level security functions of the device.
Table 2. User Zones
ZONE
$0
$1
$2
$3
$4
$5
$6
$7
User 0
$000
128 bytes
$078
User 1
User 14
$000
$078
User 15
$000
128 bytes
$078
4
AT88SC1616C
2030AS09/01
Configuration
Zone
The configuration zone consists of 2048 bits of EEPROM memory used for storing passwords,
keys, codes and defining security levels to be used for each user zone. Access rights to the
configuration zone are defined in the control logic and may not be altered by the user.
Security Fuses
There are three fuses on the device that must be blown during the device personalization pro-
cess. Each fuse locks certain portions of the configuration zone as OTP memory. Fuses are
designed for the module manufacturer, card manufacturer and card issuer and should be
blown in sequence, although all programming of the device and blowing of the fuses may be
performed at one final step.
Table 3. Configuration Zone
Component
Address
Answer to Reset
$00
Fab Code
Memory Test Zone
Card Manufacturers Code
Lot History Code
Identification Number
$18
Device Configuration Register
Access Registers
Password/Key Registers
Authentication Attempts Counters
$50
Cryptograms
Session Encryption Keys
Secret Seeds
$90
Password Attempts Counters
$B0
Write Passwords
Read Passwords
Reserved
$F0
5
AT88SC1616C
2030AS09/01
Protocol
Selection
The AT88SC1616C is compatible with two different communication protocols: asynchronous T
= 0 as defined by ISO 7816-3 or a synchronous two-wire protocol. The power-up sequence
determines which of the two protocols will be used.
Asynchronous
T = 0 Protocol
The power-up sequence complies with ISO 7816-3 for a cold reset.
V
CC
goes high with RST, I/O-SDA and CLK-SCL low.
Set I/O-SDA in receive mode.
Provide a clock signal to CLK-SCL.
RST goes high after 400 clock cycles.
The device will respond with a 64-bit ATR code, including hystorical bytes to indicate the
memory density within the CryptoMemory family. Once the asynchronous mode has been
selected, it is not possible to switch to the synchronous mode without powering off the device.
Figure 2. Asynchronous T = 0 Protocol
Synchronous
Two-wire Protocol
The synchronous mode is the default after powering up V
CC
due to the internal pull-up on RST.
Power-up V
CC
, RST goes high also.
After stable V
CC
, CLK-SCL and I/O-SDA may be driven.
Figure 3. Synchronous Two-wire Protocol
Vcc
I/O-SDA
RST
CLK-SCL
ATR
Vcc
I/O-SDA
RST
CLK-SCL
PDF 
ZIP