Operational Description
- Model RC-S430C -
Version 1.0 Sony Corporation RC-S430C Operational Description Reader/Writer Operation After turning on the power switch, the Reader/Writer transmits 13.56MHz 10% ASK polling signal with the specified intensity until receiving a response from a contactless card. After receiving the response from a card the device starts to communicate with the card by using the same frequency and modulation. Though the reader/writer is a self-
operating device according to the program installed in the FLASH memory, it can be connected to a host computer (Controller) for more complicated applications by taking out the reader/writer from the enclosure. For the connection to a host computer, refer to the initialization and communication protocols described below. 1 Connection with Controller The connection with controller shall be done as follows. Interface Connector : Methode 1100-12-110-02 (right angle) The interface connector is a 10-pin connector located at the right edge of the RF/Control board which is shown in the schematic drawing of Fig.6. The pitch of connector pins is 2.54mm. The most upper connector pin is No. 1. Pin assignment of the connector is shown in Fig. 4 and Table 4. 12V GND
SHDN :
DC input port
Ground port Shut Down (No Connection in usual operation) Power supply for the circuit on the RF/Control board can be shut down by applying high level voltage (5V) to the pin. RX+,- , TX+,-
RXD,TXD
Serial Data I/O (RS-485)
Serial Data I/O (CMOS 5V or RS-232C) RF block Controller to Antenna CN1 1 2 3 4 RFIN+
RFIN-
RFOUT+
RFOUT-
WD RD WD RD
*R/W
*R/W CARRIER CARRIER EN/*INH EN/*INH C D D N G V 5 CN2 10 9 8 7 6 5 4 3 2 1 RXD(CMOS or RS232C) GND TXD(CMOS or RS232C) TX+(RS485) TX-(RS485) RX+(RS485) RX-(RS485) DCIN GND SHDN RXD TXD TX+
TX-
RX+
RX-
D N G V 5 Converter 5V DC GND SHDN Fig.1 : Pin Assignment of Connectors CN1-2 Pin No. 1 2 3 5 7 8 Pin Assignment GND SHDN Table 1 : Pin Assignment of Interface Connector CN2 DCIN RX+
TX+
TXD 4 RX-
6 TX-
9 GND 10 RXD 2 RC-S430C Operational Description Power
voltage : DC12V (shall be applied to DCIN of CN2) voltage allowance : +4V, -0.5V 180mA current voltage ripple allowance
The Reader/Writer can be operated in the voltage range of 7-11.5V and the voltage ripple > 100mV, however operating distance cannot be assured in such condition. 100mV (peak-to-peak) External Interface serial 1 port : RS-485A, RS-232C and CMOS logic level(5V) software selectable, non-inverted or inverted, and baud rate
(default setting : CMOS 5V, non-inverted, 115.2kbps) Common pins are assigned for RS-232C and CMOS logic level. RS-232C is available by mounting MAX3221CAE(MAXIM) as IC10, 4 capacitors C53-56 and 2 resistors R49-50 and removing 2 resistors R43-44 which are located near the right, lower corner of the RF/Control board as is shown in Fig.5. 2 Transaction Overview 2.1 Communication Protocol There are two communication protocols, namely, data link level and application level protocol. Either ACK or NACK packet is returned in every packet transfer. ACK indicates a successful transfer, NACK means unsuccessful. Controller Reader/Writer Command Packet ACK Max. 2ms Start of Packet Code Packet Length Checksum Packet Data Checksum Command or Response Code Response Packet 00 00 FF LEN LCS PD0 PD1 PDn DCS 00 Max. 2ms ACK Preamble Packet Length Packet Data Postamble Fig. 2 : Communication Protocol and Packet Structure 2.2 Re-sending Protocol Reader/Writer supports the re-sending procedure in Controller interface. Re-sending handling is triggered or required in the two cases below :
1. NACK packet is returned. 2. Neither ACK nor NACK response comes. (time out) Controller should re-send the same packet within 5ms after receiving NACK or detecting time out. 2.3 ACK / NACK Packet ACK / NACK packet format is as follows :
3 RC-S430C Operational Description ACK : LEN = 00h & LCS = ffh without Packet Data part and DCS NACK : LEN = ffh & LCS = 00h without Packet Data part and DCS 2.4 Mutual Authentication Mutual Authentication is a process that is performed between Controller and Reader/Writer to authenticate each other mutually in order to avoid the fraud usage. This authentication is based on the following elements :
1. two 8byte (64bit) keys 2. three pass authentication model (ISO 9758) 3. cryptography algorithm mentioned in section 3.2.5. 2.5 Encryption and Decryption The cryptography algorithm is used for the following three stages :
1. mutual authentication between Controller and Reader/Writer 2. mutual authentication between Reader/Writer and Card 3. commands and data encryption through Reader/Writer 3 Communication Commands 3.1 General In this section, the communication commands between Controller and Reader /Writer are described. Table 1-3 shows all commands between Controller and general Reader/Writer. All commands are categorized into 3 groups as follows :
1. Reader/Writer internal operation command 2. Card operation command 3. Card management command Card management command group is for issue Reader/Writer and not for general Reader/Writer . 3.2 Reader/Writer Internal Operation Command 3.2.1 Attention Command Attention Command enables Reader/Writer and Controller to recognize each other and is the only command available before the authentication completes. The main purpose of this Attention Command is to recognize its partner before authentication and to force Reader/Writer to be in the idle state. 3.2.2 Authentication 1 Command Authentication 1 Command enables Controller to authenticate Reader/Writer. 3.2.3 Authentication 2 Command Authentication 2 Command enables Reader/Writer to authenticate Controller. 3.2.4 Disconnect Command Disconnect Command is for Controller to terminate the communication with Reader/Writer. 4 RC-S430C Operational Description Command Attention Authentication 1 Authentication 2 Disconnect Change Reader/Writer Access Key Self-Diagnosis Check Firmware Version Change Communication Mode Kill Module Reader/Writer Reset Firmware Maintenance Command Code Response Code 00h 02h 04h 06h 20h 40h 44h 46h 4ah 4ch 52h 01h 03h 05h 07h 21h 41h 45h 47h 4bh 4dh 53h Table 2 : Reader/Writer Internal Operation Command Command Code Response Code Command Polling Request Service Request Response Mutual Authentication Read Block Write Block Release Read Without Encryption Write Without Encryption 80h 82h 84h 86h 88h 8ah 8eh 98h 9ah Table 3 : Card Operation Command 81h 83h 85h 87h 89h 8bh 8fh 99h 9bh Command Register Issue ID Register Area Register Service Register Manufacture ID Card Self-Diagnosis Command Code Response Code c0h c2h c4h e0h f0h c1h c3h c5h e1h f1h Table 4 : Card Management Command 5 RC-S430C Operational Description 3.2.5 Change Reader/Writer Access Key Command Change Reader/Writer Access Key Command performs alteration of the access keys, which are stored in Reader/Writer for the mutual authentication between Controller and Reader/Writer. 3.2.6 Self-Diagnosis Command Self-Diagnosis Command activates self-diagnosis test of Reader/Writer. After the Diagnosis completion, Reader/Writer sends back the test result. 3.2.7 Check Firmware Version Command Check Firmware Version Command is used for checking the version of Reader/Writer firmware. 3.2.8 Change Communication Mode Command Change Communication Mode Command performs the following changes : baud rate, logic level interface(non-inverted or inverted), encryption on/off, time-out. 3.2.9 Kill Module Command Kill Module Command is used for killing the specified module within Reader/Writer. 3.2.10 Reader/Writer Reset Command Reader/Writer Reset Command executes the initialization routine. 3.2.11 Firmware Maintenance Command Firmware Maintenance Command is used for updating the firmware within Reader/Writer. 3.3 Card Operation Command Polling Command 3.3.1 Polling Command enables Reader/Writer to give a call to Card and to detect existence of Card by the response from Card. 3.3.2 Request Service Command Request Service Command enables Reader/Writer to check whether the specified service code is registered to Card or not. In case that the specified service is registered to Card, key version of the service is available by the response from Card. 3.3.3 Request Response Command Request Response Command enables Reader/Writer to check which mode Card is in. There are 4 modes, before Authentication, after Authentication 1, after Authentication 2 and after Register xxx Command (see 4.4 Card Management Command). 3.3.4 Mutual Authentication Command Mutual Authentication Command activates the mutual authentication procedure between Reader/Writer and Card. 3.3.5 Read Block Command Read Block Command activates Reader/Writer to read the specified block data from Card after the mutual authentication between the Reader/Writer and Card has been established successfully. Read Block Command enables a Service Provider with successful mutual authentication to read blocks that this Service Provider has the right to access. 6 RC-S430C Operational Description With one Read Block Command, up to 8 block can be read simultaneously. If more than 8 blocks should be read, more than one Read Block Command shall be called separately. The response of Read Block Command is a 1byte Read result and Block Data that has been read. In the Read result, a 1byte consequence of one block Read is given in 1bit. As there are up to 8 blocks, 1byte is enough to record all the Read consequence. 3.3.6 Write Block Command Write Block Command activates Reader/Writer to write the specified block data to Card as new data after the mutual authentication between Reader/writer and Card has been established successfully. With one Write Block Command, up to 8 block can be written simultaneously. If more than 8 blocks should be written, more than one Write Block Command shall be called separately. The response of Write Block Command is a 1byte Write result. In the Write result, a 1byte consequence of one block Write is given in 1bit. As there are up to 8 blocks, 1byte is enough to record all the Write consequence. The purse operation can be performed with Write Block Command. 3.3.7 Release Command Release Command enables Card to be released from established communication sequence with Reader/Writer. 3.3.8 Read Without Encryption Command Read Without Encryption Command activates Reader/Writer to read the specified block data from Card without the mutual authentication between the Reader/Writer and Card. Read Without Encryption Command can be applied only to blocks which service code is registered security-free. The number of blocks that can be read simultaneously and the response of Read Without Encryption Command are the same as those for Read Block Command
(see 4.3.5). 3.3.9 Write Without Encryption Command Write Without Encryption Command activates Reader/Writer to write the specified block data to Card without the mutual authentication between the Reader/Writer and Card, however can be applied only to blocks which service code is registered security-
free. The number of blocks that can be write simultaneously and the response of Write Without Encryption Command are the same as those for Write Block Command
(see 4.3.6). 3.4 Card Management Command The commands described in this section are for issue Reader/Writer and not for general Reader/Writer. 3.4.1 Register Issue ID Command Register Issue ID Command makes it possible to register Issue ID(IDi) , Issue Parameter(PMi), System Code and Area 0000 Key to Card, and also makes it to erase other services and to initialize Memory Allocation Information in Card. 3.4.2 Register Area Command Register Area Command makes it possible to register new Area and the parameters of new Area to Card, which are Service Code Range, Available Block Number and Area Key. 3.4.3 Register Service Command 7 RC-S430C Operational Description Register Service Command makes it possible to register new Service and the parameters of new Service to Card, which are Service Code, Block Number and Service Key. 3.4.4 Register Manufacture ID Command Register Manufacture ID Command makes it possible to register Manufacture ID(IDm) , Manufacture Parameter(PMm), System Code, System Key and Area 0000 Key to Card, and also makes it to clear Issue ID of Card. In order to execute Register Manufacture ID Command, Manufacture ID must be all 00h. This means that Register Manufacture ID Command is effective to Card once for all. 3.4.5 Card Self-Diagnosis Command Card Self-Diagnosis Command activates self-diagnosis test of Card. After the Diagnosis completion, Card sends back the test result. 8