all | frequencies |
|
exhibits | applications |
---|---|---|---|---|
manual |
app s | submitted / available | |||||||
---|---|---|---|---|---|---|---|---|
1 2 |
|
Users Manual | Users Manual | 350.10 KiB | ||||
1 2 | Cover Letter(s) | |||||||
1 2 | Cover Letter(s) | |||||||
1 2 | External Photos | |||||||
1 2 | Internal Photos | |||||||
1 2 | Test Report | |||||||
1 2 | Test Setup Photos | |||||||
1 2 | Block Diagram | |||||||
1 2 | Cover Letter(s) | |||||||
1 2 | ID Label/Location Info | |||||||
1 2 | ID Label/Location Info | |||||||
1 2 | Operational Description | |||||||
1 2 | Test Setup Photos |
1 2 | Users Manual | Users Manual | 350.10 KiB |
INSIDE CONTACTLESS DATASHEET ACCESSO 2G DESKTOP READER 13.56 MHz for ISO chips
- 14 443 type A and B
- 15 693
- FeliCa Chips > Packaging > Readers > more... DS 1 G 2 o s s e c c A
t e e h s a t a D
G 2 o s s e c c A Version 1.1 G 2 o s s e c c A
t e e h s a t a D
G 2 o s s e c c A Version 1.1 Content CHAPTER 1 :
ACCESSO DESCRIPTION System Integration Dimensions and Pin Co-ordinates Mechanical Interface Component View CHAPTER 2 CONNECTION Power supply Characteristics USB Interface PC drivers installation Baud rate Couplers Inputs and Outputs How to reset the coupler Software reset 7 8 8 10 10 11 11 11 12 13 13 DS 2 G 2 o s s e c c A
t e e h s a t a D
G 2 o s s e c c A Version 1.1 CHAPTER 3 COMMAND INTERFACE REFERENCE MANUAL HOST - COUPLER protocol description Coupler commands overview SELECT_CARD SELECT_PAGE TRANSMIT GET_RESPONSE READ_STATUS SET_STATUS Modifiable parameters Couplers INPUTs AND OUTPUTS EEPROM free area DISABLE_COUPLER DISABLE_COUPLER ENHANCED ENABLE_COUPLER ASK_RANDOM LOAD_KEY_FILE SELECT_CURRENT_KEY DIVERSIFY_KEY GET_CONFIG 2 2 5 6 8 10 12 13 14 15 16 16 17 18 19 20 21 22 23 24 DS 3 G 2 o s s e c c A
t e e h s a t a D
G 2 o s s e c c A Version 1.1 CHAPTER 4 USERS GUIDE Managing INSIDE chips Security configuration Selecting a chip Selecting a page Reading chip memory Writing chip memory Halting a chip How to work with several chips in the field Managing INSIDEs chips protocols Managing the security INSIDE chips security Key loading How to set a key as the active one How to authentify a chip How to authentify a PAGE Protecting the keys Managing STANDARD chips protocols Time out adjustment 15 693-3 protocol ISO 14 443 type A ISO 14 443 type B FeliCa ( new version) Managing the RF field How to reset the RF field ?
How to asleep the coupler How to wake up the coupler APPENDIX A HOW TO LOAD A KEY IN A COUPLER Exchange key General key loading procedure Terminology and notation Key loading step by step Algorithms Key permutation Checksum byte calculation Load key checksum calculation APPENDIX B ERROR CODE 2 3 4 5 6 7 8 9 10 11 11 13 14 15 15 16 17 17 17 18 18 18 19 19 19 19 21 21 22 22 23 23 23 23 DS 4 Main Features :
USB interface Security management:
!Security module
!Secure key loading Secured Key Storage Contactless interfaces:
!ISO 15 693
!ISO 14 443 type A
!ISO 14 443 type B
!FELICA TM Contactless transmission of data and energy supply Carrier frequency: 13.56MHz Transparent mode for contactless data exchange Low power consumption < (To be defined) Stand by mode for low power standby current consumption < (To be defined) Operating temperature range: -20C to +50C CE approval capabilities Product Ordering Code Product Desktop USB reader OEM USB Reader Ordering code ACCESSO 2G OEM PCB ACCESSO 2G Package Black andYellow Tools
G 2 o s s e c c A
t e e h s a t a D
G 2 o s s e c c A Version 1.1 DS 5 FCC AND CE COMPLIANCE Federal Communications Commission (FCC) Part 15 statement This equipment has been tested to FCC requirements and has been found acceptable for use. The FCC requires the following statement for your information :
This equipement generates and uses radiofrequency energy and if not installed and used properly, that is, in strict accordance with the manufacturers instructions, may cause interference to radio and television reception. It has been tested and found to comply with the limits for a Class B computing device in accordance with the specifications in part 15 of FCC rules, which are designed to provide reasonable protection against such interference in a residential installation. however, there is no guarentee that interference will not occure in a particular installation. If this equipment does cause interference to radio or television reception, which can be determined by tuning the equipment off and on, the user is encouraged to try to correct the interference by one or more of the following measures:
If using an indoor antenna, have quality outdoor antenna installed Reoriant the receiving antenna until interference is reduced or eliminated Move the radio or television receiver away from the receiver/control Move the antenna leads away from any wire runs to the receiver/control Plug the receiver/control into a different outlet so that it and the radio or television receiver are on different branch circuits. This device complies with part 15 off the FCC rules. Operation is subject to the following two conditions : (1) this device may not cautse harmful interference, and (2) : this device must accept any interference received, including interference that may cause undesired operation. If necessary, the user should consult the dealer or an experienced radio/television technician for additional suggestions. The user or master may find the following booklet prepared by the Federal Communication Commissions helpful: Interference Handbook. This booklet is available from the US Government Printing Office, Washington, DC 20402. The user shall not make any changes or modifications to the equipment unless authorized by installation instructions or Users Manual. Unauthoriezd changes or modifications could void the users authority to operate the equipment. G 2 o s s e c c A
t e e h s a t a D
G 2 o s s e c c A Model : ACCESSO FCC ID : Q45ACCESSO This device is certified to comply with Class B limits. Part 15 of FCC rules. See instruction manual. Tested To Comply With FCC Standards Electrical Rating: 5.0V " 50mA Made in France Version 1.1 DS - 6 G 2 o s s e c c A
t e e h s a t a D CHAPTER 1 :
DESCRIPTION ACCESSO ACCESSO and M260H are couplers developed by INSIDE Contactless for managing the RF communication interface with 13.56 MHz standard chips. They have the following features :
""""" Operating frequency
""""" Host interface
""""" Target applications
""""" Target chip 13.56MHz USB Proximity and short range applications All INSIDEs chips, 15693 chips, 14443 chips (type A and type B), FELICA TM You will find in this chapter ...
!!!!!Couplers mechanical characteristics (PIN position, size...)
G 2 o s s e c c A Version 1.1 DS 6 System Integration Processor Emitter Receiver USB communication manager Power Supply Reader Block Diagram Antenna G 2 o s s e c c A
t e e h s a t a D
G 2 o s s e c c A Version 1.1 DS 7
. 2 7 6 m m Dimensions and Pin Co-ordinates 65 mm 102 mm Mechanical Interface Component View G 2 o s s e c c A
t e e h s a t a D
G 2 o s s e c c A Version 1.1 DS 8 CHAPTER 2 CONNECTION This chapter describes :
! How to power the coupler
! How to communicate with the coupler through the USB line G 2 o s s e c c A
t e e h s a t a D
G 2 o s s e c c A Version 1.1 DS 9 Power supply Characteristics Accesso readers are supply directly through the USB line. Pin VDD Typical TBD Description Min. DC voltage TBD Ripple < 30MHz Supply current TBD Max. TBD TBD Unit V mVss m Electrical characteristics G 2 o s s e c c A
t e e h s a t a D
G 2 o s s e c c A Version 1.1 DS 10 USB Interface Communication with the reader is done using a serial protocol through USB interface. PC drivers installation
! Plug the coupler
! At PC request for driver, choose the one supplied with the ACCESSO kit (CD Rom). Baud rate The default data rate is set at 9600 bauds, but this can be changed by software to select lower data rates :
! 9600 (default value)
! 115200 G 2 o s s e c c A
t e e h s a t a D
G 2 o s s e c c A Version 1.1 DS 11 Couplers Inputs and Outputs ACCESSO and M260H has no input, and one output for the embedded LED. This LED is controlled by software and can have the following colors :
Green Orange Red Use the Set Status command to control the LED control. G 2 o s s e c c A
t e e h s a t a D
G 2 o s s e c c A Version 1.1 DS 12 How to reset the coupler Resetting the coupler may be useful to set the parameters (speed, disable mode, protocol settings, keys ) to the defaults values. All these values are stored in couplers internal EEPROM Software reset It is possible to reset the couplers EEPROM by sending 2 commands thanks to the SET STATUS command. Command = $80,$F4,$80,$3E,$01 - Data = $00 Command = $80,$F4,$80,$7E,$01 - Data = $00 Then the coupler has the default setting : 9600 bds, defaults protocols.... G 2 o s s e c c A
t e e h s a t a D
G 2 o s s e c c A Version 1.1 DS 13 l a u n a m e c n e r e f e R l
r e p u o C Version 1.1 CHAPTER 3 COMMAND INTERFACE REFERENCE MANUAL In this chapter you will find the command format, and the description of all the commands used by the coupler. User may refer to this chapter to find the following information :
!!!!!low level description of data exchange between coupler and host, mainly when using microcontroller or an automat
!!!!!check the signification and/or a value of a command parameter RM 1 HOST - COUPLER protocol DESCRIPTION The commands are modeled on the ISO 7816 command set. This protocol is used by all INSIDEs couplers A typical protocol exchange includes:
1. The host sends a command to the coupler 2. The coupler executes the command 3. The host receives a response from the coupler Coupler command is always constituted of 5 bytes :
CLASS : always 80h INSTRUCTION : command to be executed by the coupler (like SelectCard) P1 : Command parameter P2 : Command parameter P3 : Command parameter Depending on the command, coupler answers data, status words. There are 4 cases of data exchange:
Case Host to coupler Coupler to Host ISO Type 1 2 3 4 None None Yes Yes None Yes None Yes ISO None ISO Out ISO In ISO In / Out Note : In case 4, data has to be sent and received from the coupler. With T=0 protocol, it is not possible in a single command, so this command has to be split into 2 commands:
l a u n a m e c n e r e f e R l
r e p u o C Version 1.1 RM 2 ISO In : The host sends a command + data and receives the status words. ISO Out : The host sends a command and receives data + the status words. Coupler with firmware former than 40-017F has only ISO NONE, ISO IN and ISO OUT protocol available. In all cases, status words are returned (SW1 and SW2). Case 1: ISO None Data Exchange Command Status words Host Cla. Ins. P1 P2 P3 Coupler nb of bytes 5 bytes SW1 SW2 2 bytes Case 2 : ISO Out Data Exchange - Coupler ##### Host Command Ack. Data Status words Host Cla. Ins. P1 P2 P3 Coupler nb bytes
= Ins. data SW1 SW2 5 1
= P3 2 Class : always 80h Instruction : command code P1 & P2 : command parameters P3: number of data bytes expected from the coupler Ack. : coupler acknowledgement. It is always equal to the command code, except when an error occurs. If the Acknoledgement value is different than the instruction byte, then the received byte is the first byte of a status error code coded on 2 bytes. Data : data sent to the host by the coupler. Size of the command has to be P3. Status word : 90 00h if correct, error code. Case 3: ISO In Data Exchange - Host ##### Coupler Command Ack. Data Status words Host Cla. Ins. P1 P2 P3 Data Coupler nb bytes
= Ins. SW1 SW2 5 1
= P3 2 Class : always 80h Instruction : command code P1 & P2 : command parameters RM 3 l a u n a m e c n e r e f e R l
r e p u o C Version 1.1 P3: number of data bytes sent to the coupler. Ack. : coupler acknowledgement. It is always equal to the command code, except when an error occurs. If Acknowledgement value is different than instruction byte, then the received byte is the first byte of a status error code coded on 2 bytes. Data : data sent by host to the coupler. Size of data array has to be P3. Status word : 90 00h if correct / error code. Error : If the Acknowledgement value is different than the instruction byte, then the received byte is the first byte of a status error code coded on 2 bytes. Case 4 : ISO InOut Data Exchange - Host coupler Command Ack. Data in Ack. Data out Status words Host Cla. Ins. P1 P2 P3 Data in Coupler nb bytes
= Ins.
= Ins. Data out SW1 SW2 5 1
= P3 1
=P2 2 Class : always 80h Instruction : command code P1 : command parameters P2 : number of data bytes expected from the coupler. P3 : number of data bytes sent to the coupler. Ack. : coupler acknowledgement. It is always equal to the command code, except when an error occurs. If Acknowledgement value is different than instruction byte, then the received byte is the first byte of a status error code coded on 2 bytes. Data : data sent to the host by the coupler. Size of the command has to be P3. Status word : 90 00h if correct / error code. RM 4 l a u n a m e c n e r e f e R l
r e p u o C Version 1.1 Coupler commands overview Command SELECT_CARD SELECT_PAGE TRANSMIT GET_RESPONSE Command READ_STATUS SET_STATUS DISABLE_COUPLER ENABLE_COUPLER INS A4h A6h C2h Description Selects one contactless card following list of possible cards in the field Selects a page in a multi-application chip Sends and retrieve data from chip through contactless interface : Transparent mode C0h Reads the internal buffer of the coupler to retrieve chip answer for ISO 7816 T=0 protocol. INS F2h F4h Description Reads coupler status or EEPROM memory. Sets the coupler status or write in EEPROM memory. ADh Disables the coupler. it will only respond after a ENABLE_COUPLER command. AEh Enable the coupler. It wakes up the coupler after a DISABLE_COUPLER command. Security module functions :
Command LOAD_KEY_FILE ASK_RANDOM SELECT_CURRENT_KEY INS D8h 84h 52h Description Load new master keys for authentication purposes. Ask for a random number from the coupler. Select the key to be used for authentication purposes. RM 5 l a u n a m e c n e r e f e R l
r e p u o C Version 1.1 SELECT_CARD Use Select a card in order to get the serial number. This command manages anti-collision and authentication features. This command is able to test several communication protocol. It answers the number of protocol used to select the card. Prototyping
" Command sent : A4h
" Command type : ISO out Host 80h A4h P1 P2 P3 Coupler A4h Card type Serial number 90h 00h Parameters 7 Bit Function
6
5 4 3 2 1 0 Key Auth Presel. Loop Halt Wait P1: Parameter used for contactless configuration IMPORTANT: are reserved for future use, and values should be set to 0. WAIT :
1: Wait until a card is selected or a character received from the host (e.g. PC). 0: Exit if no card is detected after 3 attempts. Note: When SELECT_CARD uses the option LOOP, the coupler sends ACK=60h (See T=0 specifications) after each unsuccessful selection until a card is selected. When a card is selected, 90h 00h is returned. In order to stop this scanning, host has to send a byte through the RS232 interface. HALT:
1: Halts card after selection for fast serial numbers capture. 0: No halt after selection. LOOP:
1: returned a frame composed of ACK | CARD TYPE | SN | 9000h or wait character 60h 0: no loop performed. PRE:
1: Increases pre-selection with INSIDE CONTACTLESS anti-collision and a large number of cards. 0: Standard anti-collision (best for 5 cards max.). RM 6 l a u n a m e c n e r e f e R l
r e p u o C Version 1.1 AUTH:
1: Performs a standard INSIDE authentication. Authentication is performed if the key is set as the current key. Please refer to appendix A : How to low a key for key loading and key management operations details. 0: Does not perform an authentication. KEY:
1: Authenticates with Debit Key (Kd = Key 1) if AUTH is set. 0: Authenticates with Credit Key (Kc = Key 2) if AUTH is set. P2: Parameter used for selecting the card types to be read b7 - b4 b3 b2 b1 b0 0 Protocol 3 Protocol 2 Protocol 1 Protocol 0 INSIDE couplers manage the following protocols :
- Protocol 0 : ISO 14 443 type B & Inside anticollision (only for INSIDE chip)
- Protocol 1 : ISO 15 693 & Inside anticollision (only for INSIDE chip)
- Protocol 2 : ISO 14 443 type B-3
- Protocol 3 : User defined protocol - see Other ISO chip management chapter for more information about Protocol 3 use. If bit related to protocol x is set to one, coupler will run an anticollision using this protocol. If several protocols are selected, coupler will test all of them, starting from protocol 0 to protocol 3. P3: Number of bytes to be return by the coupler Set P3 = 09h for reading Pico Family Chips serial numbers. Response: Card type (1 byte) and serial number (8 bytes) Card type is the protocol number used by the card that has been selected for its answer. For 15 693 INSIDEs chips, card type value is 1 as protocol 1 is used for selection. This value is the one to use to indicate protocol in the transmit command. RM 7 l a u n a m e c n e r e f e R l
r e p u o C Version 1.1 SELECT_PAGE Use This command is used to select and authenticate in an INSIDE multi-application chip
(8*2Ks...). Prototyping
" Command sent : A6h
" Command type : ISO Out Host 80h A6h P1 P2 08h Coupler A6h configuration 90h 00h Chip 's block Parameters 7 Bit Function
6
5
4
3 Auth 2 1 0 Page selection Protocol type P1: Parameter used for contactless configuration b3 : Auth 0 - Does not perform authentication after PAGESEL. 1 - Performs authentication after PAGESEL b2: Select Page 0 - Does not send the PAGESEL command before authentication 1 - Sends the PAGESEL command with page contained in P2 before authentication Note : b2=b3=0 imply that no operation is performed b1-b0: Protocol type:
This command can only work with PICO family chips Contactless Communication Protocol ISO14 443 B PICO family chips 00 ISO15 693 PICO family chips 01 10 ISO14 443 B-3 Users protocol 11 RM 8 l a u n a m e c n e r e f e R l
r e p u o C Version 1.1 P2 : Page number to select and authenticate and cryptographic key to use Bit 7 6 5 4 Function Reader key number 3
2 1 0 Page number b7-b4 : Reader key number Note : 0 correspond to Kd0, 1 to Kc0, , 14 to Kd7 and 15 to Kc7. This is the reader key number to use during authentication. The reader will use this key number (EEPROM) to diversify and authenticate the requested page with Kd or Kc. b3 : Pages key to use to perform the authentication 0 : authentication will be performed with pages debit key. 1 : authentication will be performed with pages credit key. b2-b0 : Page number to select P3 : Chip answer length This parameter has to be set to 8 as the chip answers the pages configuration block (8 bytes). l a u n a m e c n e r e f e R l
r e p u o C Version 1.1 RM 9 TRANSMIT Use Transmits data from the coupler to the chip and read back chip response. This command is the one to use to read and write data in the chip. Prototyping
" Command sent : C2h
" Command type : ISO In / Out Host 80h C2h P1 P2 P3 Data Coupler C2h Chip answer 90h 00h P1 : Defines the contactless communication protocol P2 : Chip answer length P3 : Chip command and data Parameters P1: Parameter used for contactless configuration Bit 7 6 5 4 3 Function Send CRC Check CRC Time out Send signature 2 ISO type 0 1 RF protocol type b7: Send CRC:
1: The coupler automatically sends the CRC (function of the Data bytes) to the chip. Coupler uses the CRC associated to the choosen protocol (bit 1 & 0) 0: Only P3 data bytes are sent. b6: Compare CRC:
1: Compares the returned CRC with the expected value calculated by the coupler
(verify the data sent by the chip). 0: CRC is not checked. b5-b4: Time Out:
The time out value depends of the protocol used (b1 and b0 values). The time out is the time from the commands EOF (End Of Frame) to the chip response SOF (Start of Frame). Bits 4& 5 00 01 10 11 Time-out 15 693 800 s Time-out 14 443 200 s 4 ms 24 ms 40 ms 1 ms 6 ms 10 m RM 10 l a u n a m e c n e r e f e R l
r e p u o C Version 1.1 l a u n a m e c n e r e f e R l
r e p u o C Version 1.1 b3: Send Signature:
1: Send a cryptographic signature calculated thanks to the coupler security module. This option may be used only for UPDATE command performed on secure PICO family chip. Set this value to 0 for non secure chip or any other manufacturer chips 0: Cryptographic signature is not sent. b2 : HOST - COUPLER protocol type 1 : Communication is ISO IN-OUT. Coupler send back the data as soon as it receives chip answer. 0 : Commucation between HOST and coupler follows the ISO 78-16 T=0 protocol. Thus TRANSMIT command is only ISO IN, and user has to use the GET REPONSE command to retrieve chip DATA from the coupler. b1-b0: Protocol type:
Defines the contactless communication protocol number to be used. When couplers EEPROM is set with the default values, the protocol types are as follows:
Contactless Communication Protocol ISO14 443 B PICO family chips 00 ISO15 693 PICO family chips 01 10 ISO14 443 B-3 User protocol (default value : ISO 14 443 A-3) 11 P2 : Number of data bytes received from the chip after transmission of the command. If the Compare CRC bit of P1 is enabled, P2 should not include the CRC bytes. Note: P2<=35 (23h). P3 : Number of bytes in the data field of the command. If the Send CRC or the Send Signature bit of P1 is enabled, P3 should not include the CRC bytes or the signature. Note: P3<=32 (20h). Data: Commands and data to send to the chip All PICOTAG commands are detailed in PICOTAG datasheet. Response:
Chip answer Status word. RM 11 GET_RESPONSE Use This command returns the value contained in the internal buffer of the coupler. It has to be used to get chip answer when the TRANSMIT command is used with the ISO IN type to retreive the chip answer. Prototyping
" Command sent :C0h
" Command type : ISO out Host 80h C0h 00h 00h P3 Coupler Parameters C0h Coupler buffer 90h 00h P3: Number of bytes of the coupler response. It has to be less than 35 (23h). Response : Couplers buffer and status words l a u n a m e c n e r e f e R l
r e p u o C Version 1.1 RM 12 READ_STATUS Use This command is used to get coupler parameters (communication speed). Prototyping
" Command sent : F2h
" Command type : ISO out Host 80h F2h P1 P2 01h Coupler Parameters P1: type of parameter to read F2h Read bytes 90h 00h b7 - b2 0 (RFU) b1 - b0 Parameter location b1-b0 : Parameter location on)
$ 00 : Parameter value is read in couplers EEPROM (setting when power
$ 01 : Couplers I/O
$ 10 : Reserved for Future Use
$ 11 : Parameter value is read in couplers RAM (current setting) P2: set the parameter address to read Valid values for P2 according to P1 value:
$ EEPROM:
$ Parameter:
I/O:
00h to FFh. 05h and 07h. 50h to 6Fh. Response : byte value at the transmitted address + status word Note: When reading the I/O, the Read byte returned indicates the IN1, OUT1, OUT2 pin states as follows: (OUT2P is connected to VDD via a 1k- resistor). I/O Address b7 b6 b5 b4 b3 b2 b1 05h : Output 07h : Input
OUT2 OUT1
b0
IN RM 13 l a u n a m e c n e r e f e R l
r e p u o C Version 1.1 SET_STATUS Use This command sets configuration parameters and couplers I/O :
Communication speed Protocols State at Power ON 2 outputs & 1 input The various parameters and data used by INSIDE couplers are stored in the EEPROM. When coupler is powered on, a part of these parameters are load in couplers RAM, so that parameters may be modified in couplers EEPROM and in couplers RAM. For a given parameter, RAM and EEPROM address are the same. For example, speed parameter is located at address 6Dh for both RAM and EEPROM. When updating a value in the couplers EEPROM, this value will be the default
value after turning the coupler on.
until the next Power Off.
memory (RAM). When updating a value in the couplers RAM, this value will be the current value When writing to EEPROM occurs, EEPROM parameters are reloaded into processor Prototyping
" Command sent : F4h
" Command type : ISO In Host 80h F4h P1 P2 01h Data Coupler Parameters F4h 90h 00h P1: Sets the type of configuration parameter to update b7 b6 b5-b2 b1 - b0 Reset coupler Reset magnetic field
- (RFU) Address b7 : Resets coupler if this bit is set to 1, coupler will fully reload EEPROM in RAM as if the coupler is powered on. Note : when b7 = 1, the coupler responds 3Bh 00h. RM 14 l a u n a m e c n e r e f e R l
r e p u o C Version 1.1 l a u n a m e c n e r e f e R l
r e p u o C Version 1.1 b6 : Reset magnetic field Magnetic field is cut for 20 ms. When this bit is set to 1, coupler will execute no other action, including EEPROM or RAM update. b5-b2 : RFU (reserved for future use) b1-b0 : Parameter location on)
" 00 : Parameter value is read in couplers EEPROM (setting when power
" 01 : Couplers I/O
" 10 : Reserved for Future Use
" 11 : Parameter value is read in couplers RAM (current setting) P2: Sets the parameter address to update Valid values for P2 according to P1 value:
EEPROM : 00h to 07h and 3Eh to FFh. I/O :
RAM :
05h, 06h, 07h. 50h to 6Fh. Response: Status words MODIFIABLE PARAMETERS User can change the following parameters in couplers memory :
" Protocols - Please refer to Managing ISO protocol with INSIDE coupler application note for more information about protocol management
" Serial communication speed - from 9600 to 424000 bauds depending on the reader Name Address communication Serial speed 6Dh State 9600 19200 38400 57600 115200 Hex. value Available on... 57h 2Dh 15h 0Eh 06h All readers Note 1 : When updating the COMSPEED parameter, the coupler returns the Status Words with the previous COMSPEED before the COMSPEED update. Example : the baudrate is set to 9600 bauds and needs to be temporarily updated to 115 200 bauds. Send a SET_STATUS command (80h F4h 03h 6Dh 01h & 06h). The coupler responds
(Status words) using 9600 bauds.
" State at power on - Is coupler emitting a field when it is powered on ? (please refer to ENABLE and DISABLE command chapters) RM 15 l a u n a m e c n e r e f e R l
r e p u o C Version 1.1 Name Address State Hex. value Available on... State at power on 42h Enable Disable 01h 00h All reader Note 2 : The ACTIVATE AT POWER ON parameter defines the state of the coupler when you turn it on. If you turn the coupler on and if 00h is written in the EEPROM at address 42h , it will be asleep until you send an ENABLE_COUPLER command. IMPORTANT NOTE : If change in the EEPROM is followed by a reset of the coupler and if address 42h contains 00h then the coupler will be asleep until you send an ENABLE command. COUPLERS INPUTS AND OUTPUTS Please refer to chapter 1 for connection. Reader Input / Output I/O address Command to use Value M21xH M22xH M302H OUT1 OUT 2 IN 1 OUT OUT 05h - Bit 1 Set Status 05h - bit 2 07h - bit 0 05h - bit 2 06h - bit 4 Set Status Read Status Set Status Set Status ACCESSO LED 05h Set Status EEPROM FREE AREA User can use EEPROM bytes from 70h to 7Dh to write some data. Bit at 0 : low level Bit at 1 : High level Byte value & color 04h : Red 08h : Orange 0Ch : Green RM 16 DISABLE_COUPLER Use The coupler goes in SLEEP mode that allows low power consumption and RF carrier is desactivated. After this command, the coupler will not respond to any command except the ENABLE_COUPLER command. A new feature available only on M21xH 2G is that coupler can detect if a card approach the antenna and wake up on its own. Prototyping
Command sent : ADh Command Type : ISO none Host 80h ADh BCh DAh 01h Coupler 90h 00h Parameters Response: Status words Note : It is possible using the SET_STATUS command to have the coupler in a sleep mode each time it turns on. The coupler will then be asleep until you send an ENABLE_COMMAND. Please refer to the SET_STATUS command for activating this feature. l a u n a m e c n e r e f e R l
r e p u o C Version 1.1 RM 17 DISABLE_COUPLER ENHANCED Use As the DISABLE_COUPLER command, this specific version enables the user to asleep the reader. But M210H 2G and M260H 2G have the possibility to detect that a card approaches their antenna. As sooon as the card is detected, the coupler will turn the RF field on, and start a card selection. If no card answers to the anticollision process, the coupler go back asleep. If a card is selected, then the coupler stay awake. Prototyping
Command sent : ADh Command Type : ISO none Host Coupler 80h ADh BCh P2 01h 90h 00h Parameters P2 : specify the anticollision to process when a card is detected. If several bit are set at 1, all selected anticollision will be performed. b7
b6 0 b5
b4 Pulse OUT1 b3 Ant3 b2 Ant2 b1 Ant1 b0 Ant0 the reader. If Antx bit is set, then the anti-collision x will be processed else not. If no Antx is set, then the coupler will wake-up only by detecting a field change over If b4 is set, then the OUT1 PIN is set to high for 10 ms when a card is selected. Note : It is possible using the SET_STATUS command to have the coupler in a sleep mode each time it turns on. The coupler will then be asleep until you send an ENABLE_COMMAND. Please refer to the SET_STATUS command for activating this feature. Note : This command is only available on :
- M210-2G
- ACCESSO-2G RM 18 l a u n a m e c n e r e f e R l
r e p u o C Version 1.1 ENABLE_COUPLER Use This command restores a normal coupler running, with RF emission. This command can only be used after a DISABLE_COUPLER command or if the coupler is desactivated after power on. Prototyping
" Command sent : AEh
" Command type : ISO none Host 80h AEh DAh BCh 00h Coupler Parameters 3Bh 00h Response : Status words The coupler will respond Instruction not recognized (6Dh 00h) if already activated. Important note : You have to send the ENABLE_COUPLER command in a window of 16ms. To be sure that your command will be received, send it twice. The time between the sending of the 2 commands has to be less than 10 ms. This is automatically done when using MX.Enable method (ActiveX component). l a u n a m e c n e r e f e R l
r e p u o C Version 1.1 RM 19 ASK_RANDOM Use This command returns an 8 bytes random value from the coupler.This command has to be used to initialize the key loading procedure. Prototyping
" Command sent : 84h
" Command type : ISO out Host 80h 84h 00h 00h 08h Coupler 84h Random number 90h 00h Parameters Response : Random number; Status words l a u n a m e c n e r e f e R l
r e p u o C Version 1.1 RM 20 LOAD_KEY_FILE Use This function loads into the couplers security module a key to be used for authentication and security purposes. Key loading is a security sensitive operation. In order to protect the confidentiality of the keys transferred to the coupler, data is encrypted. A 4-byte checksum is also sent in order to guarantee the authenticity of the data, which could be corrupted either through transmission errors or by a deliberate attempt to fraud the system. Refer to Couplers key loading chapter for more information about security and the way to calculate encrypted key and checksum. Prototype
" Command sent : D8h
" Command type : ISO In Host 80h D8h P1 P2 OCh Data Coupler Parameters D8h 90h 00h P1 : Parameter used for key operations 00:
01:
02:
Others value are reserved for future use. Load and activate the key pointed by P2. Deactivate the key pointed by P2 (Forbidden option to Exchange Key Ke). Delete the key pointed by P2 (Forbidden option to Exchange Key Ke). Notes:
With the 00 option, this command will replace the old value of the key with the new value. With the 01 and 02 options, the command has to be sent with 12-byte data at any value
(Data = XX XX XX XX XX XX XX XX XX XX XX XX). When a key is deactivated, you need to reload it to reactivate the key. P2 : Key number. 00h - Exchange Key Ke: used for key loading operation. 01h - Debit Key Kd0 02h - Credit Key Kc0 03h - Debit Key Kd1 04h - Credit Key Kc1
..... 0Fh - Debit Key Kd7 10h - Credit key Kc7 Data:
This field contains:
" the 8-byte encrypted master key
" the 4-byte checksum Response: Status Words RM 21 l a u n a m e c n e r e f e R l
r e p u o C Version 1.1 SELECT_CURRENT_KEY Use This function allows to choose a key for future authentications. A key that has been deactivated or deleted cannot be selected. Only one of the 16 keys can be current at the same time. Prototype
" Command sent : 52h
" Command type : ISO In Host 80h 52h 00h P2h 08h 8 * 00h Coupler 52h 90h 00h Parameters P2 : Key number 01h - Debit Key Kd0 02h - Credit Key Kc0 03h - Debit Key Kd1 04h - Credit Key Kc1
..... 0Fh - Debit Key Kd7 10h - Credit key Kc7 Remark: if the specified key is deactivated, the status bytes returned is 6Bh 00h. l a u n a m e c n e r e f e R l
r e p u o C Version 1.1 RM 22 DIVERSIFY_KEY Use This function enables the user to calculate the result of key diversication with selected chip serial number. The key diversified value is used for authentication and signature calculation while writing a secure chip. This can have 2 uses :
- before an authentication (SELECT_PAGE or AUTHENTIFY command)
- to calculate the keys that will be written in a chip during a personalization phase (only working with a dedicated personalization coupler) Prototype
" Command sent : 52h
" Command type : ISO In Host 80h 52h 00h P2h 08h Chip serial number Coupler 52h 90h 00h Parameters P2 : Key number 01h - Debit Key Kd0 02h - Credit Key Kc0 03h - Debit Key Kd1 04h - Credit Key Kc1
..... 0Fh - Debit Key Kd7 10h - Credit key Kc7 Remark: if the specified key is deactivated, the status bytes returned is 6Bh 00h. RM 23 l a u n a m e c n e r e f e R l
r e p u o C Version 1.1 GET_CONFIG Use This command is used to read the ID of the MCU part. Prototype
" Command sent : CAh
" Command type : ISO In Host 80h CAh 00h 00h 09h Coupler CA ID (8) Code Info (1) 90h 00h Parameters Data : MCU parts ID Code Info (1 byte) : RFU l a u n a m e c n e r e f e R l
r e p u o C Version 1.1 RM 24 CHAPTER 4 USERS GUIDE In this chapter ou will learn how to use the coupler to...
!Use INSIDE chip
!Manage the security I E D U G S R E S U
s r e d a e r d n a i s p h C Version 1.0 UG 1 MANAGING INSIDE CHIPS The various steps in INSIDEs chips management are the following :
!!!!! Set the used key (if your application is secured)
!!!!! Select a chip
!!!!! If it is a multi-application chip, select the page in which you want to work
!!!!! Read, Write data in the chip memory
!!!!! Halt the chip to enable another chip selection Using INSIDE couplers, authentication and signature calculations are managed automatically by the SELECT_PAGE or the SELECT_CARD command. Just indicate in these commands that you want to use the security features. In this chapter is just indicated the way and the functions and commands to use to reach your goal. Please refer to the Reference Manuals for more information about the functions and its parameters. In this chapter you will also learn :
! ! ! ! ! how to manage the various protocol at low level or with the activeX component
! ! ! ! ! how to make a chips inventory and select a chip within several ones. I E D U G S R E S U
s r e d a e r d n a i s p h C Version 1.0 UG 2 SECURITY CONFIGURATION Before using the security features, please take a look at the Security management chapter. You will find there basic principles on which is based INSIDE chips security. If your application is secured, you have to ... a. Load the key in the coupler. This operation has to be performed only once. As soon as keys are loaded, they are stored in the couplers EEPROM. b. tell to the coupler which key you want to use for your application (Kd1, Kc1, Kd2 ...) a. Loading the key... You have to indicate the following parameter :
- Exchange key to enable you to load the key
- New key value
- Key number (is it Debit Key 3, Credit key 2)
!!!!! ActiveX :
Mx.KeyLoading method
!!!!! C Library :
Clib_w_KeyLoading procedure
!!!!! Low level :
b. Activating the current key... LOAD_KEY_FILE command Two commands are available to tell to the coupler which key you want to use. One has to be used before the selectcard command, and the other before the SelectPage or Authentify command if you want to use a key different than the one used to authentify the chip (or if you selected the card without authentication). Use the following commands before the SelectCard command :
!!!!! ActiveX method : Mx.CurrentKey property
!!!!! C Library :
CLib_w_SelectCurrentKey procedure
!!!!! Low level :
SELECT_CURRENT_KEY command Please refer to the chapter Managing the security for more details about the way it works, and to the reference manual chapter for more details about the commands. Use the following commands before the SelectPage and Authentify commands :
!!!!! ActiveX method : Mx.DiversifyKey property
!!!!! C Library :
Clib_w_DiversifyKey procedure
!!!!! Low level :
DIVERSIFY_KEY command Please refer to the chapter Managing the security for more details about the way it works, and to the reference manual chapter for more details about the commands. I E D U G S R E S U
s r e d a e r d n a i s p h C Version 1.0 UG 3 SELECTING A CHIP During this operation, you will choose the protocol you want to use (14 443 type A, 14 443 type B or 15 693), and if you want to authentify the chip. The answer will give you the protocol used by the chip, and its serial number Security... P1 value Which protocol... P2 value none Kd authentication Kc authentication 00h 30h 10h 14 443 B-2 15 693 14 443 B-3 01h 02h 04h Then use the following command :
!!!!! ActiveX method : Mx.SelectCard (P1, P2, Type_SerialNumber)
!!!!! C Library :
Clib_w_SelectCard (P1, P2, Type_SerialNumber)
!!!!! Low level :
SELECT_CARD : 80h A4h P1h P2h 09h... Note 1 : Coupler will answer the protocol number used to communicate with the chip, and the chip serial number. This protocol number is the value to use with the TRANS-
MIT command as protocol value Note 2 : The above table show 2 protocols ISO 14 443 type B
!!!!! 14 443 type B-2 : RF protocol is the one defined in the 14 443 B standard level 2, and anticollision is INSIDE contactless one.
!!!!! 14 443 type B-3 : RF protocol follows the 14 443 B standard level 2, and anticollision is defined in 14 443 B standard level 3. I E D U G S R E S U
s r e d a e r d n a i s p h C Version 1.0 UG 4 SELECTING A PAGE If you are using a Multi-application chip ( 8*2K for example ) you have to select the page in which you want to work. The SelectCard command selects by default page 0. The SelectPage command enables you to work in all other pages. It will manage the authentication if the page is secured. You will get...
- page configuration block (block 1) You have to enter...
- page number
- key to use for authentication
- protocol to use Then use the following command :
!!!!! ActiveX method : Mx.SelectAuthPage (Key number, PageNumber, ConfigBlock)
!!!!! C Library :
PageNumber, ConfigBlock) Clib_w_SelectAuthPage (Key number, Protocol,
!!!!! Low level :
SELECT_PAGE Host 80h A6h P1 P2 08h Coupler A6h configuration 90h 00h Chip 's block The following table gives you parameters to select and authenticate a secured page. P2 values are just examples. Protocol P1 value... Page & key number P2 value... 14 443 B 15 693 14 443 A 0Ch 0Dh 0Eh Key Kd1 & Page 1 Key Kc1 & Page 1 Key kd7 & Page 7 21h 31h E7h Note : if the page is secured, use the diversify command to select in the coupler the key that will be use for the authentication. I E D U G S R E S U
s r e d a e r d n a i s p h C Version 1.0 UG 5 READING CHIP MEMORY You will find a full memory description in the chip datasheet, but the easiest way to discover the chip memory is to use the MX3 software (PICO MEMORY page). You have to enter...
- block number
- protocol to use You will get...
- memory data Then use the following command :
!!!!! ActiveX method : Mx.ReadBlock (BlockStart, BlockCount, ChipResponse) speed by using READ or READ4 chip command depending on chip possibilities. Mx.Read property : ActiveX component optimizes reading
!!!!! C Library :
ChipResponse) ChipResponse)
!!!!! Low level :
Clib_w_ReadBlock (BlockStart, BlockCount, Protocol, Clib_w_ReadBlockBy4(BlockStart, BlockCount, Protocol, TRANSMIT command + 0Ch chip command (single read)
+ 06h chip command (read4) All communication with a chip is done thanks to this command, including INSIDEs chips. You will find there how to read one block with the 15 693 standard. Host 80h C2h C5h 08h 02h 0Ch Addh Coupler C2h Chip's answer 90h 00h You can also use the Read4 chip command :
Host 80h C2h C5h 20h 02h 06h Addh Coupler C2h Chip's answer 90h 00h Note : To use another protocol, just change the bit in P2 parameter. 14 443 B-2 : Use 80h C2h C4h... 14 443 B-3 : Use 80h C2h C6h... I E D U G S R E S U
s r e d a e r d n a i s p h C Version 1.0 UG 6 WRITING CHIP MEMORY When writing data to a memory block you have to know if you are communicating to a secure or non secure chip. Parameters will be different as you ask the coupler to send or not the signature to authenticate the data you want to write (this is automatically managed by the ActiveX component).
!!!!! ActiveX method : Mx.WriteBlock (BlockStart, BlockCount, BlocksValue)
!!!!! C Library :
BlocksValue) Clib_w_WriteBlock (BlockStart, BlockCount, Protocol, Auth,
!!!!! Low level :
This command enables you to write one block. The following example are for a 15 693 communication. TRANSMIT command + 87h chip command Non secure chips Host 80h C2h E5h 08h 0Ah Coupler Secure chips Host 80h C2h 6Dh 08h 0Ah Coupler 87h Addh
&Data 87h Addh
&Data C2h C2h Written data 90h 00h Written data 90h 00h Note : To use another protocol, just change the appropriate bit in P2 parameter :
Non secured chip :
14 443 B-2 : Use 80h C2h E4h... 14 443 B-3 : Use 80h C2h E6h... Secured Chip :
14 443 B-2 : Use 80h C2h 6Ch... 14 443 B-3 : Use 80h C2h 6Eh... I E D U G S R E S U
s r e d a e r d n a i s p h C Version 1.0 UG 7 HALTING A CHIP The following command halts the current selected chip :
!!!!! ActiveX method : Mx.Halt
!!!!! C Library :
Clib_w_Halt (protocol)
!!!!! Low level :
TRANSMIT command + 00h chip command Host 80h C2h 31h 00h 01h 00h Coupler C2h 90h 00h Note : To use another protocol, just change the appropriate bit in P2 parameter :
14 443 B-2 : Use 80h C2h 30h... 14 443 B-3 : Use 80h C2h 32h... in I E TIPS : to halt the chip D as soon as you get its serial number, use P1 parameter the U S E L E C T _ C A R D command G S R E S U
s r e d a e r d n a i s p h C Version 1.0 UG 8 I E D U TIPS : The low level G c o m m a n d S E L E C T _ C A R D includes an option that S halts the chip as soon as it is selected. This enables to earn time R by avoiding to send the HALT command. Just E use the following P1 parameters : P1 =
S 02h. U
s r e d a e r d n a i s p h C HOW TO WORK WITH SEVERAL CHIPS IN THE FIELD Here is the basic algorithm to get serial numbers of all chips in a given RF field :
N o c a r d s e e c t e d l Select card Store chip serial number in a table Halt the selected chip Select the chip you want to work with Chips inventory Make a loop with the SELECT_CARD COMMAND with HALT option enable (P1 = 02h). Chip selection with its serial number Use the following command to select a given chip thanks to its serial number. The chip will answer you its serial number.
!!!!! ActiveX method : Mx.ReSelect (ChipSN)
!!!!! C Library :
Clib_w_ReSelect (ChipSN)
!!!!! Low level :
TRANSMIT command + 81h chip command Host 80h C2h C5h 08h 09h Coupler C2h 81h & Serial Number Serial number 90h 00h Replace C5h by C4h (C6) to use 14 443 type B-2 (type B-3) protocol. Version 1.0 UG 9 MANAGING INSIDES CHIPS PROTOCOLS Low level command and C library Protocols are always indicated in the command parameters (P2 for SELECT_CARD, P1 for TRANSMIT). You will find the appropriate value in this Users Guide, and in the description of each command in the Reference manual. ActiveX component There are 2 command types :
- Card selection
- Select page, read, write... Card selection When selecting a card, you set the protocol to use in P2 parameter of the Mx.SelectCard method. Coupler is able to test several protocols, and return the protocol use for card detection. Other operation (Read, Write, SelectPage etc...) For any other operation, use the ActiveX propertie Mx.MxProtocolIndex to set the protocol you want to use. This property is automatically set after a SelectCard command thanks to the value returned by the coupler indicating the protocol use for card selection. If you want to change communication protocol when using a dual protocol chip
(PICOPASS - 15 693 & 14 443 type B), just change this protperty value to the desired one, and all activeX command for INSIDE chip will use this protocol. I E D U G S R E S U
s r e d a e r d n a i s p h C Version 1.0 UG 10
(stored value) manage-
DING and/or WRITING. I INSIDE E security protects memory from REA-
D U Security G control e-purse ment S R E Security is based on :
- key diversification S
- authentication
-signature U
s r e d a e r Key diversifi-
cation implies that d each security n for each card a calculation is different i s p h C MANAGING THE SECURITY INSIDE chips security is based on secret keys that protect and authentify the chip con-
tent. On one hand, keys are stored in the chip. On the other hand, coupler includes a security module in which are stored the application keys. Security is based on checking that keys are the same in the chip and in the coupler. First paragraph explains on what is based our security and what it is for :
" Authentication
" Signature
" Diversified keys The following paragraphs explain how to :
" load the key into the coupler / SAM
" select and / or authenticate a chip with a given key INSIDE CHIPS SECURITY Security consists in protecting memory access and e-purse use by secret keys. User will be able to modify card content only if the coupler contains same secret keys as PICO chip. Security is checked several times :
""""" Authentication : Just after having selected the chip user has to perform an authentication before being able to access any memory data.
""""" Signature : for any memory modification the chip user has to send a signature calculated as a function of sent data, secret keys and chip serial number. Thus it is impossible to modify the chip content without knowing the application keys. In each security calculation, a diversified key is being used, based on the chip serial number and the application key. All security calculations are automatically manage by INSIDEs couplers. Key diversification To ensure a reliable security, every security operation (authentication, signature calculation) is based on diversified key value. The diversified key is an 8 bytes result of calculation including chip serial number and key value. Thus, 2 chips using same keys contain different diversified key values. This ensures that it is not possible to repeat some sequence registered on one card on another card. Secret Key Key fortification algorythm
+ x DES Chip serial number Diversified Key Version 1.0 UG 11 protects the memory Authentication from reading and I writing E D U G S R E S U
s r e d Signature a when writing increases memory e content security r d n a i s p h C Authentication Authentication algorithm performs a mutual authentication. The principle is as follows : Data are exchanged then both device perform secret calculations on them to obtain 2 results on 4 bytes. Authentication is done if they get the same results. The chip first checks couplers response then reader verifies chips results. 1. Coupler and chip exchange data Data (64bits) Random (32 bits) Diversified secret key
(64 bits) 2. Both coupler and chip calculate 2 results on 4 bytes Diversified secret key Coupler R1 R2 R1 R2 3. The chip verifies the coupler's result 1, then send Result 2 if OK 4. The coupler checks chip's answer (Result 2) Note :
Diversified key is written in the chip during personalization phase, and calculated after each card selection by the coupler (div. key depends on the chip serial number) Signature Each time you want to send data to the chip, a 32 bits signature is automatically calculated and added. Signature calculation takes into account the diversified key value (result of operation between key value and chip serial number) and the data. Chip will check the signature to allow data writing. This ensures very good security on the chip content. Key Value Chip serial number Diversified key value Signature Data &
signature Coupler Chip Data Host Signature calculation principle Version 1.0 UG 12 KEY LOADING To perform this complex operation, use the function supplied with the libraries (C Libraries, ActiveX component). You will find encryption algorithm in annex. C source code is provided in the C libary, and ActiveX component manage automatically all security calculation. You need to give the following parameter :
Key number Exchange Key New Key value
! ActiveX method : Mx.KeyLoading Use Mx.KeyLoading (KeyNum, LoadingType, ExchangeKey,NewValue) method to load the key in the coupler at the appropriate place. Keynum may have to following value :
- mpkPiKd (i=0 to 7)
- mpkPiKc (i=0 to 7) Example : to load the default keys as keys 6 using the default exchange key ... Mx.KeyLoading (mpkP6Kd, mklmXORKe,$5C$BC$F1$DA$45$D5$FB$5F,
$F0$E1$D2$C3$B4$A5$96$87) Mx.KeyLoading (mpkP6Kc, mklmXORKe,$5C$BC$F1$DA$45$D5$FB$5F,
$76$65$54$43$32$21$10$00)
! C Library : Clib_w_KeyLoading Clib_w_KeyLoading (KeyNum, LoadingType, ExchangeKey,NewValue)
! Low level : LOAD_KEY_FILE Calculate the Encrypted key thanks to the C library algorythm (see annexe A) and use the LOAD_KEY_FILE command... Host 80h D8h 00h P2 OCh Encrypted key Coupler D8h 90h 00h P2 : Key number 00h - Exchange Key Ke: used for key loading operation. 01h - Debit Key Kd0 02h - Credit Key Kc0 03h - Debit Key Kd1 04h - Credit Key Kc1
..... 0Fh - Debit Key Kd7 10h - Credit key Kc7 First step in security is to load the secret keys into the coupler I E D U G S R E S U
s r e d a e r d n a i s p h C Version 1.0 UG 13 Second step:
tell the coupler which key has to be used HOW TO SET A KEY AS THE ACTIVE ONE A - Before SelectCard command I E D U G S R E S U
s r e d a e r d n a i s p h C ActiveX component : Mx.CurrentKey
Possible values are :
- mpkPiKd (i=0 to 7)
- mpkPiKc(i=0 to 7)
! C Library : Clib_w_SelectCurrentKey Clib_w_SelectCurrentKey (KeyNum)
! Low level :
SELECT_CURRENT_KEY command Host 80h 52h 00h P2h 08h 8 * 00h Coupler 52h 90h 00h P2 : Key number 00h - Exchange Key Ke: used for key loading operation. 01h - Debit Key Kd0 02h - Credit Key Kc0 03h - Debit Key Kd1 04h - Credit Key Kc1
..... 0Fh - Debit Key Kd7 10h - Credit key Kc7 B - Before SelectPage and Authentify command At this stage you need to precise both the key number and the chip serial number (as you may be working with several chips). Actually this operation is performed automatically by the selectCard command as it knows the key number thanks to the CurrentKey property, and the Serial Number is given by the chip during the selection phase. When using a standard coupler, the DiversifyKey command returns a useless data
(random number). The returned data are used only with a personalisation coupler. More information are given in the personalisation kit. ActiveX component : Mx.DiversifyKey
Mx.DiversifyKey (KeyNum, Chip Serial Number, Databack)
! C Library : Clib_w_DiversifyKey Clib_w_DiversifyKey (KeyNum, Chip Serial Number, Databack)
! Low level :
DIVERSIFY_KEY command Host 80h 52h 00h P2h 08h Serial Number Coupler 52h 90h 00h P2 : Key number 00h - Exchange Key Ke: used for key loading operation. 01h - Debit Key Kd0 02h - Credit Key Kc0 03h - Debit Key Kd1 04h - Credit Key Kc1
..... 0Fh - Debit Key Kd7 10h - Credit key Kc7 Version 1.0 UG 14 Last step :
Authentication is performed during chip selection and/or page I selection E D U G S R E S U Tips : Key diversifica-
tion is
automatically done by the s select card command r e d a e Tips :
Key diver-
r sification has to be done only once. You d dont need to use the Diversify n command as soon as you work with a the same chip and the same key s p h C i Version 1.0 HOW TO AUTHENTIFY A CHIP Authentication may be done while selecting the card (or the page). It can also be done later, for example when you want to work with both Credit key and Debit key authentication.
ActiveX component : Mx.SelectCard SelectCard (30h ...) authenticates selected chip with Kd SelectCard (10h ...) authenticates selected chip with Kc
! C Library : Clib_w_SelectCard Clib_w_SelectCard (SelectMode , ChipType, TypeSN) SelectMode = 30h : Authentify with the chip debit key SelectMode = 10h : Authentify with the chip credit key
! Low level : SELECT_CARD 80h A4h 10h P2 09h => Authenticate with Kc 80h A4h 30h P2 09h => Authenticate with Kd HOW TO AUTHENTIFY A PAGE Authentication follows the same principle as for the SelectCard authentication. If you want to use a different key than the one used during the card selection, or if selection has been done without you have to use the DiversifyKey command to set a key as the active key if you want to change the active key.
ActiveX component :
Mx.DiversifyKey (KeyNum, Chip Serial Number, Databack) SelectAuthPage (Key, Page, BlockConfig)
! C Library :
Clib_w_Mx.DiversifyKey (KeyNum, Chip Serial Number, Databack) Clib_w_SelectAuthPage (Key, Page, BlockConfig)
! Low level : DIVERSIFY_KEY & SELECT_PAGE DIVERSIFY_KEY Host 80h 52h 00h P2h 08h Coupler P2 : key number SELECT_PAGE Host 80h A6h P1 P2 08h Coupler A6h Serial Number 52h 90h 00h Chip 's configuration block 90h 00h UG 15 P1 : contacless configuration P2 : key and page number PROTECTING THE KEYS Thus all the security depends on making sure that these keys are kept secret. To ensure a good secury, key loading has to be done in a secure environment. The key loading procedure ensures that :
1 - nobody decrypts the key loaded in the coupler by listenning to the HOST-COUPLER communication 2 - nobody records and uses the communication between HOST and COUPLER to load keys in another coupler To protect the communication, all data exchange is ciphered thanks to an exchange key known only by the coupler. Therefore, nobody will be able decipher serial communica-
tion and find the application key value Protect key storage (coupler, security module) so that nobody can use your keys. Use our coupler security protection features or store coupler or SAM keys in a secured place. To ensure a very good security to your application, contact us so we help you to give to your system the security it deserves. I E D U G S R E S U
s r e d a e r d n a i s p h C Version 1.0 UG 16 I E D U G S R E S U
s r e d a e r d n a i s p h C MANAGING STANDARD CHIPS PROTOCOLS This chapter explains how to communicate with any chips that follow the 13.56MHz standards : 15 693, 14 443 Type A and B. More over, you will find there how to communicate with the FeliCa chip (SONY). Note : users will find there the commands to use to send byte to the chip, and to get the chip answer, but we will not mention the way to manage these chips. User has to refer to the chip datasheet or ISO standards to find more information about these chips. TIME OUT ADJUSTMENT When communicating with a chip, and particularly a microprocessor, user may need to increase the time out value. The TimeOut configuration enables the user to change the value of the TRANSMIT command to be sure that no ISO command will fail because a too short timeout. Users can change 4 timeout values corresponding to the 4 Timeout "slots" that one can use in TRANSMIT command:
Timeout 0 (command timeout option = b00) : Address h68 Timeout 1 (command timeout option = b01) : Address h69 Timeout 2 (command timeout option = b10) : Address h6A Timeout 3 (command timeout option = b11) : Address h6B Where "b" prefix is for binary value, "h" is for hexadecimal To put a specific value for one of these TimeOut "slots", developper can use the following formulas:
ISO 14443 (A-B) : TimeOut = X . 380s + 200s ISO 15693 : TimeOut = (X << 2) . 380s + 200s Where X is the value of the byte and << is the operation that execute a binary right shift of the byte value. 15 693-3 PROTOCOL This example shows how to configure the protocol, then how to send the INVENTORY command. Public sub Sample_15693() Configure USER protocol as 15693 Mx.MxUserProtocol = mupISO_15693_3_10pc Low level command : use the SetStatus function Mx.SetStatus &H3, &H5E, &H21 Mx.SetStatus &H3, &H5F, &H31
' Send Inventory command "1 slot" to retrieve chip serial number Command = "$36$01$00$00"
CommandSize = &H04 AnswerSize = &H0A UserProtocol = &HF3 Mx.Transmit UserProtocol, AnswerSize, CommandSize, Command, ChipAnswer
' Send slot marker for anticollision management Mx.Transmit &H73, &H0A, &H00, , ChipAnswer End Sub Version 1.0 UG 17 ISO 14 443 TYPE A Public sub Sample_14443_A() Configure USER protocol as 14443-A level 3 Mx.MxUserProtocol = mupISO_14443A_3
' Low level : use the set status command Mx.SetStatus &H03, &H5E, &H32 Mx.SetStatus &H03, &H5E, &H12 Mx.SetStatus &H03, &H64, &H63 Mx.SetStatus &H03, &H65, &H63
' Use the SelectCard command to manage anticollision Mx.SelectCard &H00, &H08, Type_SN
'Send the RATS command :
Buffer length = 32 Name the card as card 0 Command = "$50$00"
CommandSize = &H02 AnswerSize = &H06 UserProtocol = &HF3 Mx.Transmit UserProtocol, AnswerSize, CommandSize, Command, ChipAnswer End Sub ISO 14 443 TYPE B Public sub Sample_14443_B() Card selection with the select Card command : manage the anticollision Mx.SelectCard &H00, &H04, Type_SN Send REQB command Command = "$05$00$00"
CommandSize = &H03 AnswerSize = &H0C UserProtocol = &HF2 Mx.Transmit UserProtocol, AnswerSize, CommandSize, Command, ChipAnswer End Sub FELICA ( NEW VERSION)
' Low level : use the set status command to configure the protocol Mx.SetStatus &H03, &H5E, &H79 Mx.SetStatus &H03, &H5E, &H02 Mx.SetStatus &H03, &H64, &H00 Mx.SetStatus &H03, &H65, &H00
' Send a command to the chip and retrieve the answer Command = "$06$00$FF$FF$00$01"
CommandSize = &H06 AnswerSize = &H12 UserProtocol = &HF7 Mx.Transmit UserProtocol, AnswerSize, CommandSize, Command, ChipAnswer I E D U G S R E S U
s r e d a e r d n a i s p h C Version 1.0 UG 18 I E D U G S R E S U
s r e d a e r d n a i s p h C MANAGING THE RF FIELD Possible operations you can perform on the RF field are the following :
" Cut RF emission, mainly when couplers are powered on battery
" Start RF emission
" Reset RF field (i.e. cut it for 20 ms in order to reset any halted chip in the field) HOW TO RESET THE RF FIELD ?
This command will cut the RF field for 20 ms in order to reset all chips that are in the field.
!!!!! ActiveX method : Mx.ResetField
!!!!! C Library : Clib_w_ResetField ()
!!!!! Low level :
SET_STATUS command tsoH h08 h4F h04 h00 h10 h00 relpuoC h4F h09 h00 HOW TO ASLEEP THE COUPLER Just use the disable command which will cut the RF field so that no energy is wasted.
!!!!! ActiveX method : Mx.Disable
!!!!! C Library : Clib_w_Disable ()
!!!!! Low level :
DISABLE command tsoH h08 hDA hCB hAD h00 relpuoC h09 h00 HOW TO WAKE UP THE COUPLER
!!!!! ActiveX method : Mx.Enable
!!!!! C Library : Clib_w_Enable ()
!!!!! Low level :
ENABLE command tsoH h08 hEA hAD hCB h00 relpuoC h09 h00 Important note Low level command : You have to send this command in a window of 16 ms so that the coupler catches it. To be sure that this command is detected, send it twice, with no more than 10 ms between the 2 commands sending. This is automatically managed by the ActiveX method. Version 1.0 UG 19 APPENDICES I E D U G S R E S U
s r e d a e r d n a i s p h C Version 1.0 UG 20 HOW TO LOAD A KEY IN A APPENDIX A COUPLER This procedure consists in several operations on the key. The final result will be sent to the coupler using the Loag_Key_File function. EXCHANGE KEY To ensure the security, an exchange key will protect all key loading operations. This key is in the coupler memory and has 2 functions :
only host knowing this key will be able to modify the Debit and Credit keys. New key value are encrypted with this exchange key so it is not possible to read the new value on the serial line. You have to know this exchange key to modify the value of any other key. For any modification, the Exchange key is managed exactly as the Debit key and the Credit key
: you have to use the Key Loading Procedure described in the next paragraphs. GENERAL KEY LOADING PROCEDURE Before the key loading starts with the LOAD_KEY_FILE command, the host must generate a session key. This key is generated by the encryption of the current Exchange Key (Ke) with an 8-byte random number. Host Ask random Reader New key value (Kx) Exchange key (Ke) Random
(Rnd) Exchange key (Ke) Calculate the session key Encrypt the new key value Calculate encrypted key checksum Load encrypted key and checksum Calculate the session ley Decrypt new key value Calculate checksum Compare checksum I E D U G S R E S U
s r e d a e r d n a i s p h C Version 1.0 UG 21 I E D U G S R E S U
s r e d a e r d n a i s p h C TERMINOLOGY AND NOTATION Adding p after the key name means that the key is permuted. Adding chk means that the 8th byte replaced by the Checksum byte value. A C before the key name means that the key has been encrypted. Meaning Exchange Key. Permuted Exchange Key. Kep with the 8th byte replaced by the Checksum byte value. Random number. Master key. (Kx equals to Kd or Kc) Permuted master key. (Kxp equals to Kdp or Kcp) Encrypted permuted master key. (CKxp equals to CKdp or CKcp) Session key. 4-byte checksum. Abbreviation Kex Kexp Kexp_chk Rnd Kx Kxp CKxp SK CHK KEY LOADING STEP BY STEP We assume that the default keys are used. STEP DESCRIPTION Example Step 1 : Get a random number from the coupler
! Send the Ask_Random command Send 80h 84h 00h 00h 08h. The coupler answer a random number.For this example, we assume that Rnd = 00 00 00 00 00 00 00 00. Step 2 : Calculate the Session Key The session key is define by the following formula :
SK = Kexp_chk Rnd ( : bit to bit x-or operation) Kexp_chk means that we have to permute Kex then to replace the 8th byte by the checksum byte
! Permute the exchange key to get Kexp
! replace the 8th byte by the checksum byte to get Kexp_chk
! Calculate the session key Kexp = 6E FD 46 EF CB B3 C8 OB Kexp_chk = 6E FD 46 EF CB B3 C8 75 SK = 6E FD 46 EF CB B3 C8 75 Step 3 : Calculate the Encrypted master key This calculation include the exchange key through the session key (SK). This insure the protection of the new key value. CKxp = SK Kxp ( : bit to bit x-or operation) CKdp = 91 F2 75 BA CB 43 04 20
! Permute the new key value Kx to get Kxp
! Make a bit to bit X-OR operation with the session key SK Step 4 : Send the Load_Key_File command
! Calculate the CheckSum
! Send the command to the coupler. Load_Key_File (CKxp + CheckSum) CheckSum = 73 27 FF 01 Send 80 D8 00 01 0C & 91 F2 75 BA CB 43 04 20 &
73 27 FF 01 Version 1.0 UG 22 ALGORITHMS KEY PERMUTATION Proceed as described below to permute a key. Example: Permute the key Kex. 0xDA 0x45 0xD5 0xFB 0x5F Kex = 0x5C 0xBC 0xF1
(0x5F) ! 0
(0xFB) ! 1
(0xD5) ! 1
(0x45) ! 0
(0xDA) ! 1
(0xF1) ! 1
(0xBC) ! 1
(0x5C) ! 0
0 1 0 0 0 1 1 0
0x6E 0xFD 0x46 1 1 1 1 1 1 0 1
1 1 1 0 1 1 1 1
0xEF 1 1 0 0 1 0 1 1
1 0 1 1 0 0 1 1
0xCB 0xB3 1 1 0 0 1 0 0 0
0xC8 1 1 1 1 0 1 0 0
(0xF4) Replace the last byte by :
0xF4 = 0B Kexp =
0x6E 0xFD 0x46 0xEF 0xCB 0xB3 0xC8 0x0B CHECKSUM BYTE CALCULATION Proceed as described below to calculate a key checksum byte. Note: the symbol means a bit to bit x-or operation. Example:
K =
Kp =
0x5C 0xBC 0xF1 0x6E 0xFD 0x46 0xDA 0x45 0xEF 0xD5 0xCB 0xB3 0xFB 0x5F 0xC8 0x0B Checksum = 0x6E 0xFD 0x46 0xEF 0xCB 0xB3 0xC8 = 0x8A Checksum = 0x8A = 0x75 and then, Kxp_chk =
0x6E 0xFD 0x46 0xEF 0xCB 0xB3 0xC8 0x75 LOAD KEY CHECKSUM CALCULATION
! Complete the 5 command bytes with 3 bytes 00 so to get 8 bytes
! Calculate RES = (Command bytes) Kxp.
! Calculate the checksum CHK = Most Significant 4-Bytes(RES) Least Significant 4-Bytes(RES). I E D U G S R E S U
s r e d a e r d n a i s p h C Version 1.0 UG 23 Example:
The checksum when sending the default Debit Key Kd is :
Command =
Kdp =
RES =
CHK =
80 D8 00 01 0C 00 00 00 FF 0F 33 55 00 F0 CC 55 7F D7 33 54 0C F0 CC 55 73 27 FF 01 MSB(RES) 7F LSB(RES) 0C ________________________________ 33 54 CC 55 D7 F0 CHK =
73 27 FF 01 I E D U G S R E S U
s r e d a e r d n a i s p h C Version 1.0 UG 24 APPENDIX B ERROR CODE When an error occurs, coupler response is only status words SW1 SW2. No data is returned. The following table sums up the various values. SW1 90h SW2 00h Command successful Error description Common status errors 00h Data length, P3 incorrect 00h Parameters P1, P2 incorrect 00h Class not recognized 00h Instruction not recognised, parity error Security errors 82h Card not identified (CRC or authentication problem) 35h Command flow incorrect Execution error 82h Card not found 00h EEPROM erro 67h 6Bh 6Eh 6Dh 69h 98h 6Ah 62h I E D U G S R E S U
s r e d a e r d n a i s p h C Version 1.0 UG 25
frequency | equipment class | purpose | ||
---|---|---|---|---|
1 | 2004-05-17 | 13.56 ~ 13.56 | DXT - Part 15 Low Power Transceiver, Rx Verified | Class II permissive change or modification of presently authorized equipment |
2 | 2003-10-22 | 13.56 ~ 13.56 | DXT - Part 15 Low Power Transceiver, Rx Verified | Original Equipment |
app s | Applicant Information | |||||
---|---|---|---|---|---|---|
1 2 | Effective |
2004-05-17
|
||||
1 2 |
2003-10-22
|
|||||
1 2 | Applicant's complete, legal business name |
Inside Secure
|
||||
1 2 | FCC Registration Number (FRN) |
0008887242
|
||||
1 2 | Physical Address |
41 A, Parc club du Golf
|
||||
1 2 |
Cedex 3
|
|||||
1 2 |
Aix-en-Provence, N/A 13856
|
|||||
1 2 |
France
|
|||||
app s | TCB Information | |||||
1 2 | TCB Application Email Address |
i******@ckccertification.com
|
||||
1 2 | TCB Scope |
A1: Low Power Transmitters below 1 GHz (except Spread Spectrum), Unintentional Radiators, EAS (Part 11) & Consumer ISM devices
|
||||
app s | FCC ID | |||||
1 2 | Grantee Code |
Q45
|
||||
1 2 | Equipment Product Code |
ACCESSO
|
||||
app s | Person at the applicant's address to receive grant or for contact | |||||
1 2 | Name |
S**** D********
|
||||
1 2 | Title |
Hardware Operation Manager
|
||||
1 2 | Telephone Number |
+33 0********
|
||||
1 2 | Fax Number |
+33 0********
|
||||
1 2 |
s******@insidefr.com
|
|||||
app s | Technical Contact | |||||
1 2 | Firm Name |
CKC Laboratories, Inc.
|
||||
1 2 | Name |
M******** C********
|
||||
1 2 | Physical Address |
5473A Clouds Rest
|
||||
1 2 |
5473-A Clouds Rest
|
|||||
1 2 |
Mariposa, California 95338
|
|||||
1 2 |
United States
|
|||||
1 2 | Telephone Number |
209-9******** Extension:
|
||||
1 2 | Fax Number |
209-7********
|
||||
1 2 |
r******@ckc.com
|
|||||
app s | Non Technical Contact | |||||
1 2 | Firm Name |
CKC Laboratories, Inc.
|
||||
1 2 | Name |
M****** C********
|
||||
1 2 | Physical Address |
5473A Clouds Rest
|
||||
1 2 |
5463-A Clouds Rest
|
|||||
1 2 |
Mariposa, California 95338
|
|||||
1 2 |
United States
|
|||||
1 2 | Telephone Number |
209-9******** Extension:
|
||||
1 2 | Fax Number |
209-7********
|
||||
1 2 |
r******@ckc.com
|
|||||
app s | Confidentiality (long or short term) | |||||
1 2 | Does this application include a request for confidentiality for any portion(s) of the data contained in this application pursuant to 47 CFR § 0.459 of the Commission Rules?: | No | ||||
1 2 | Yes | |||||
1 2 | Long-Term Confidentiality Does this application include a request for confidentiality for any portion(s) of the data contained in this application pursuant to 47 CFR § 0.459 of the Commission Rules?: | No | ||||
if no date is supplied, the release date will be set to 45 calendar days past the date of grant. | ||||||
app s | Cognitive Radio & Software Defined Radio, Class, etc | |||||
1 2 | Is this application for software defined/cognitive radio authorization? | No | ||||
1 2 | Equipment Class | DXT - Part 15 Low Power Transceiver, Rx Verified | ||||
1 2 | Description of product as it is marketed: (NOTE: This text will appear below the equipment class on the grant) | Stride 2400 Base Station | ||||
1 2 | Desktop Reader | |||||
1 2 | Related OET KnowledgeDataBase Inquiry: Is there a KDB inquiry associated with this application? | No | ||||
1 2 | Modular Equipment Type | Does not apply | ||||
1 2 | Purpose / Application is for | Class II permissive change or modification of presently authorized equipment | ||||
1 2 | Original Equipment | |||||
1 2 | Composite Equipment: Is the equipment in this application a composite device subject to an additional equipment authorization? | No | ||||
1 2 | Related Equipment: Is the equipment in this application part of a system that operates with, or is marketed with, another device that requires an equipment authorization? | No | ||||
1 2 | Grant Comments | C2PC for PCB component change and inter connecting cable modification. | ||||
1 2 | Is there an equipment authorization waiver associated with this application? | No | ||||
1 2 | If there is an equipment authorization waiver associated with this application, has the associated waiver been approved and all information uploaded? | No | ||||
app s | Test Firm Name and Contact Information | |||||
1 2 | Firm Name |
CKC Laboratories, Inc.
|
||||
1 2 | Name |
S******** B******
|
||||
1 2 | Telephone Number |
20996********
|
||||
1 2 |
714-9******** Extension:
|
|||||
1 2 | Fax Number |
20974********
|
||||
1 2 |
866-7********
|
|||||
1 2 |
s******@ckc.com
|
|||||
1 2 |
r******@ckc.com
|
|||||
Equipment Specifications | |||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Line | Rule Parts | Grant Notes | Lower Frequency | Upper Frequency | Power Output | Tolerance | Emission Designator | Microprocessor Number | |||||||||||||||||||||||||||||||||
1 | 1 | 15C | 20 CE | 13.56000000 | 13.56000000 | ||||||||||||||||||||||||||||||||||||
Line | Rule Parts | Grant Notes | Lower Frequency | Upper Frequency | Power Output | Tolerance | Emission Designator | Microprocessor Number | |||||||||||||||||||||||||||||||||
2 | 1 | 15C | CE | 13.56000000 | 13.56000000 |
some individual PII (Personally Identifiable Information) available on the public forms may be redacted, original source may include additional details
This product uses the FCC Data API but is not endorsed or certified by the FCC