Part Number Hot Search : 
EL8172 36023 KA7552A 74LS48P 20010 G1353 MJE13009 26LS33
Product Description
Full Text Search
 

To Download AT88SC102-09GT-XX-27 Datasheet File
  If you can't view the Datasheet, Please click here to try to view without PDF Reader .  
 
 

  Datasheet File OCR Text:
  1 features ? 1k x 1 serial eeprom with security logic  two application zones  stores and validates security codes  maximum of eight incorrect security code attempts  provides transport code security  low voltage operation: 2.7v to 5.5v  manufactured using low power cmos technology  supports iso/iec 7816-3 synchronous protocol  v pp internally generated  2 s read access time; 2 ms write cycle time  temperature range from -40 c to 85 c  esd protection 4,000v minimum.  high reliability: 100,000 program/erase cycles guaranteed data retention of 10 years description the at88sc102 device is a low-cost, synchronous, secure memory integrated circuit, designed for use in prepaid and loyalty smart card applications. the at88sc102 provides 1024 bits of serial electrically erasable and programmable read only memory (eeprom) within two application zones, plus 64 bits in a code protected zone. additional eeprom memory and security logic provide security for smart card applications. space is provided in the eeprom memory for manufacturing records for both the smart card manufacturer and card issuer. after personalization, these records, and the state of the bit which enables the erase counter function, are locked and protected from modification for the lifetime of the product. iso card contact descriptions iso contact pad name description c1 vcc operating voltage c2 rst address reset c3 clk clock and address control c4 fus fuse c5 gnd ground c6 nc no connect c7 i/o bidirectional data c8 pgm programming control 1k eeprom - security logic with two application zones at88sc102 rev. 1419b ? 11/99 card module contacts vss nc i/o pgm vdd rst clk fus c1 c2 c3 c4 c5 c6 c7 c8
at88sc102 2 terminology the following terms have specific definitions for the at88sc102. erase: a program operation which results in an eeprom data bit being set to a logic ? 1 ? state. outside the application zones, all erase operations are performed on 16-bit words. an erase operation performed on any bit within a word will execute an erase of the entire word. inside the application zones, erase operations are controlled by the sv flag, ez passwords and the ec2en fuse. these operations are defined in the ? device operation ? section of the data sheet. write: a program operation which results in an eeprom bit, or word being set to a logic ? 0 ? state. an unwritten bit is defined as erased, or set to a logic ? 1 ? state. write operations in the at88sc102 may be performed on individual bits after security code validation. in security level 2, write operations also require that the p1 or p2 bit within the application zone is set to ? 1 ? . program: an eeprom function which activates internally timed, high voltage circuitry and results in a data bit, or word being set to either a logic ? 0 ? or ? 1 ? state. bit: a single data element set to either a logic ? 0 ? or ? 1 ? state. all bit addresses within the application zones (az1, az2) may be written individually. byte: eight consecutive data bits. a byte boundary will begin on an address that is evenly divisible by eight. the at88sc102 has no capability for byte write operations. word: sixteen consecutive data bits. a word boundary will begin on an address that is evenly divisible by 16. erase operations will always operate on 16-bit words when applied to addresses outside the application zones. in security level 1, erase operations within the application zones also operate on 16-bit words. in security level 2, erase operations within the application zones operate on the entire zone. write operations function on single bits, not words, in both security levels. blown: in reference to an at88sc102 internal eeprom fuse, the blown state is a logic ? 0 ? . unblown: in reference to an at88sc102 internal eeprom fuse, the unblown state is a logic ? 1 ? . verification: at88sc102 operations are controlled by the state of several internal flags. the flags sv, e1 and e2 are set after verification of an associated password (security code or ez1 or ez2 respectively). verification is accomplished by executing an inc/cmp operation, which correctly matches the password bit by bit as the clk increments the address through the password memory addresses. block diagram the at88sc102 is manufactured using low-power cmos technology and features its own internal high-voltage pump for single voltage supply operation. the devices are guaranteed to 100,000 erase/write cycles and 10-year data retention. the at88sc102 supports the iso/iec 7816-3 synchronous protocol. vss vdd rst clk pgm fus i/o address counter power on reset eeprom memory security logic
at88sc102 3 security features the security features of atmel?s at88sc102 include:  data access only after validation of the security code.  permanent invalidation of the device after eight consecutive false security code presentations.  read/write protection of certain memory zones.  secure transport of devices using transport code compare sequence.  unique customer identification number written and locked into every device for protection against duplication or counterfeiting. security levels and memory access to at88sc102 access to the memory is controlled by the state of the issuer fuse and by the voltage supply applied on the fus pad. level 1: (security during personalization) conditions: issuer fuse = ? 1 ? (not blown) fus pin = ? 1 ? (required) at88sc102 die and modules are delivered with the issuer fuse intact (unblown). issuer personalization is completed at this level. security code validation is required to allow access to personalize the eeprom memory. the fus pin must be held at a logic ? 1 ? for security level 1. the function of the fus pin enables the card issuer to simulate security level 2 during application development, without permanently blowing the issuer fuse. see ? memory access rules during personalization ? . level 2: (security after personalization) conditions: issuer fuse = ? 0 ? (blown) fus pin = ? x ? (don ? t care) customer release. the eeprom memory zone is protected by the various flags and passwords. after issuer personalization, security level 2 is implemented by blowing the issuer fuse. the device can also be placed in security level 2 by taking fus pin low, independent of the state of issuer fuse. see ? memory access rules after personalization ? . fus pad issuer fuse security level logic ? 0 ? x2 logic ? 1 ? 1 (unblown) 1 logic ? 1 ? 0 (unblown) 2
at88sc102 4 memory map at88sc102 memory diagram bit address description bits words 0 - 15 fabrication zone (fz) 16 1 16 - 79 issuer zone (iz) 64 4 80 - 95 security code (sc) 16 1 96 - 111 security code attempts counter (scac) 16 1 112 - 175 code protected zone (cpz) 64 4 176 - 687 application zone 1 (az1) 512 32 688 - 735 application zone 1 erase key (ez1) 48 3 736 - 1247 application zone 2 (az2) 512 32 1248 - 1279 application zone 2 erase key (ez2) 32 2 1280 - 1407 application zone 2 erase counter (ec2) 128 8 1408 - 1423 memory test zone (mtz) 16 1 1424 - 1439 manufacturer ? s zone (mfz) 16 1 1440 - 1455 block write/erase 16 1 1456 - 1471 manufacturer ? s fuse 16 1 1529 ec2en fuse (controls use of ec2) 1 1552 - 1567 issuer fuse 16 1
at88sc102 5 memory zones zone definition fabrication zone fz (16 bits) the 16-bit fabrication zone is programmed when the chip is manufactured and cannot be changed. the data held in the fabrication zone is specific to each atmel customer, and cannot be modified. application software may check this fabrication zone code to assure that the device was manufactured by atmel specifically for the intended application. devices containing codes assigned to specific customers will not be sold to unauthorized customers. fraudulent cards will not contain the correct code. issuer zone iz (64 bits) the 64-bit issuer zone is programmed by the card issuer during the personalization phase. it will contain issuer-specific information, such as serial numbers and dates. this area becomes read-only after the issuer fuse has been blown. read access is always allowed in the issuer zone. security code sc (16 bits) the card security code is initially set by atmel, to protect the card during transportation to the card issuer. during personalization, this code must be verified by the at88sc102 to allow access to the eeprom memory. after the security code has been verified, the code itself may be changed in either security mode. while in personalization mode (security level 1), the security code gives erase and write access to both the application zones and the code protected zone. in security level 2, the security code gives write access to both the application zones and the code protected zone. erase access requires verification of both the security code and the erase key (ez1 or ez2). verification of the security code will set the internal flag sv to ? 1 ? . atmel ships the device with a security code (transportation code) pre-programmed. this protects against the unauthorized use of an unpersonalized device, and should be written to a new value during initialization. security code attempts counter scac (16 bits) the protocol for verification of the security code requires that the user write one of the first eight bits of the scac to a logic ? 0 ? . this allows the scac to count the number of consecutive incorrect presentations of the security code. after eight consecutive incorrect security code presentations, the first eight bits of the scac will all be written to ? 0 ? , and the user is permanently blocked from access to the application zones, as well as other areas controlled by the security code. after a successful presentation of the security code, the entire 16-bit scac, including the eight active bits, should be erased. this verifies that the correct security code has been presented, since an erase operation in this area is not allowed without sc verification. it also clears the scac bits in preparation for the next use of the card. this erase operation will also clear the remaining eight bits of the 16-bit scac word. these eight bits may be used in an application, although the entire 16-bit word will be erased if any bit in the scac is erased. code protected zone cpz (64 bits) read access to this area is always allowed, and does not require sc validation. the security code must be correctly presented to allow write or erase access to the code protected zone. application zones 1 and 2 az1 and az2 (512 bits each) the application zones (az1 and az2) are intended to hold user application data. p1 (address 176) controls write access, and r1 (address 177) controls read access within az1. p2 (address 736) controls write access and r2 (address 737) controls read access within az2. in security level 1, an entire 16-bit word will be erased if an erase is performed on any single bit within that word. in security level 2, erase operations are controlled by both the sv flag and the erase keys (ez1 and ez2). see the device operation erase definition for specific details. the number of erase operations performed in az2 may be limited by leaving the ec2en fuse set to ? 1 ? . the at88sc102 allows unlimited erase operations of az1. application zone erase keys ez1 (48 bits) ez2 (32 bits) (enabled in security level 2 only.) the erase keys are passwords used to control erase operations within the application zones, after the issuer fuse has been blown (security level 2). the erase key passwords are written by the issuer during personalization (security level 1), after verification of the security code. ez1 and ez2 can not be changed after the issuer fuse is blown. in security level 2, the at88sc102 allows only block erasure of an entire application zone. az1 can be erased only after both the security code and the ez1 password have been validated. verification of ez1 will set the internal flag e1 to ? 1 ? . az2 can be erased only after both the security code and the ez2 password have been validated. verification of ez1 will set the internal flag e1 to ? 1 ? . verification of ez2 will set the internal flag e2 to ? 1 ? .
at88sc102 6 application zone 2 erase counter ec2 (128 bits) (enabled in security level 2 only) the application zone 2 erase counter (ec2) is enabled only in security mode 2 and only when the ec2en fuse is set to ? 1 ? . if both of these conditions are true, the user will be limited to 128 erase operations in application zone 2. ec2 is used to count these erase cycles. the erase protocol for the at88sc102 application zone 2 requires one bit in ec2 to be written to ? 0 ? . after 128 erase operations, all 128 bits in ec2 will be ? 0 ? and the user will be blocked from erasing az2. the erase counter is only writeable and cannot be erased. when the ec2en fuse = ? 0 ? , the ec2 operation is disabled. in that case there is no limit to the number of times az2 can be erased, and ec2 has no function. memory test zone mtz (16 bits) all operations are allowed for this zone (write, erase, read). the purpose of this zone is to provide an area in the product memory which is not restricted by security logic. it is used for testing purposes during the manufacturing process, and may also be used in the product application if desired, although no security protection exists for the mtz. manufacturer ? s zone mfz (16 bits) the mfz is intended to hold data specific to the smart card manufacturer (like assembly lot codes, dates, etc.). read operations within this zone are always allowed. write or erase operations within this zone are allowed after the security code has been verified. after the data is entered by the card manufacturer, the manufacturer ? s fuse can be blown and the data within the mfz will become read- only. blowing the issuer fuse will also lock the data in the mfz. ec2en fuse (1 bit) this single bit eeprom fuse selects whether the ec2 counter is used to limit the number of az2 erase operations in security mode 2. if the ec2en fuse is unblown ( ? 1 ? ), the number of erase operations allowed in az2 is limited to 128. if the ec2en fuse is blown ( ? 0 ? ), there is no limit to the number of erase operations in az2. after the issuer fuse is blown, the state of the ec2en fuse is locked and cannot be changed. issuer fuse (16 bits) this eeprom fuse is used to change the security mode of the at88sc102 from security mode 1 ( ? 1 ? ) to security mode 2 ( ? 0 ? ). initialization of the at88sc102 for use by the end customer occurs in security mode 1. access conditions in security mode 1 are described in table 1. access conditions in security mode 2 are described in table 2. manufacturer ? s fuse (1 bit) this single bit eeprom fuse is used to lock the data stored in the manufacturer ? s zone after personalization has been completed. memory zones (continued) zone definition
at88sc102 7 definition of at88sc102 internal flags zone definition sv security validation flag operation: the sv flag is set by correctly matching the 16-bit security code bit-by-bit from address 80 through 95, as clk increments the address counter. the security code matching operation must be followed immediately by a validation operation within the security code attempts counter (scac). this validation operation requires the user to find a bit in the first eight bits of the scac (addresses 96 - 103) which is a logic ? 1 ? . a write operation is performed, followed by an erase. the at88sc102 will validate that the comparison was correct by outputting a logic ? 1 ? , and sv will be set. after the erase, all 16 bits in the scac will also be erased. the sv flag remains set until power to the card is turned off. if the comparison was in error, or part of the validation was not performed correctly, the at88sc102 will output a logic ? 0 ? , showing that the sv flag has not been set. after eight consecutive incorrect security code presentations, the card is permanently locked. function: this flag is the master protection for the memory zones. see tables 1 and 2. p1 application zone 1 write flag operation: if bit 176 has been programmed to a logic ? 1 ? this flag is set after bit 176 has been addressed. the flag remains set until power to the device is turned off, even if this bit is written to ? 0 ? by a subsequent operation. function: p1 and sv must both be set in order to enable a write command in the application zone (security mode 2). r1 application zone 1 read flag operation: if bit 177 has been programmed to a logic ? 1 ? this flag is set after bit 177 has been addressed. the flag remains set until power to the device is turned off, even if this bit is written to ? 0 ? by a subsequent operation. function: r1 or sv must be set in order to enable application zone 1 to be read. p2 application zone 2 write flag operation: if bit 736 has been programmed to a logic ? 1 ? this flag is set after bit 736 has been addressed. the flag remains set until power to the device is turned off, even if this bit is written to ? 0 ? by a subsequent operation. function: p2 and sv must both be set in order to enable a write command in application zone 2 (security mode 2). r2 application zone 2 read flag operation: if bit 737 has been programmed to a logic ? 1 ? this flag is set after bit 737 has been addressed. the flag remains set until power to the device is turned off, even if this bit is written to ? 0 ? by a subsequent operation. function: r2 or sv must be set in order to enable application zone 2 to be read.
at88sc102 8 e1 application zone 1 erase flag operation: the e1 flag is set by correctly matching the application zone 1 erase key (ez1) bit by bit as pin clk increments the address counter. to complete an erase operation of az1 in security level 2, an erase operation must be performed on bit 736 after e1 is set. the e1 flag is reset when the address counter = 0. function: application zone 1 (bits 176 - 687) will be erased when e1 is set and an erase is performed on bit 736. this operation erases all bits in application zone 1. there is no limit to the number of erase operations which can be performed on az1. e2 ec enabled application zone 2 erase flag with erase counter operation enabled. (ec2en fuse = ? 1 ? ) operation: this flag is set by correctly matching the application zone 2 erase key (ez2) bit by bit as pin clk increments the address counter. then a validation operation must be completed. this operation requires the user to find a bit in application zone 2 erase counter (ec2), addresses 1280 - 1407, which is a logic ? 1 ? . a write must then be performed, followed by an erase. the at88sc102 will validate that the comparison was correct and application zone 2 will be erased. this flag is also reset when the address counter = 0. function: application zone 2 (bits 736 -1237) is erased when e2 is set and an erase is performed after the validation operation in ec2 described above. this operation erases all bits in application zone 2. e2 ec disabled application zone 2 erase flag with erase counter operation disabled. (ec2en fuse = ? 0 ? ) operation: e2 is set when the application zone 2 erase key comparison is valid. it is reset when the address counter = 0. function: application zone 2 (bits 736 -1247) is erased when e2 is set and an erase is performed on bit 1280. this operation erases all bits in application zone 2, but does not affect the word containing bit 1280. definition of at88sc102 internal flags zone definition
at88sc102 9 definition of at88sc102 passwords definition of at88sc102 fuses manufacturer fuse: this fuse is used to control writes and erases of the manufacturer zone (mfz). when the security code has been validated and both the issuer fuse and the manufacturer fuse are unblown, writes and erases of the mfz are allowed. blowing the issuer fuse will also disable the manufacturer fuse if it has not been blown previously. ec2en fuse: this fuse selects whether the ec2 counter is used to limit the number of application zone 2 erases allowed in security mode 2. if ec2en fuse is ? unblown ? , then the application zone 2 erases are limited to 128. if the ec2en fuse is ? blown ? the application zone erases are unlimited. after the issuer fuse is blown the state of the ec2en fuse is locked and cannot be changed. issuer fuse: this fuse is used to personalize the at88sc102 for end use. it is an additional eeprom bit which can be programmed to a logic ? 0 ? . this is its ? blown ? state. security of the device when issuer fuse is a logic ? 1 ? is described in table 1. the device is in security level 2 when the issuer fuse is blown. the device can also be placed in security level 2 by taking the fus pin low inde- pendent of the state of issuer fuse. memory access rules of the device in security level 2 are described in table 2. password definition security code ( sc ) bits 80-95 (16 bits) this password is used to set the sv (security validation) flag and is used in determining what operations are allowed in each zone (see tables 1 and 2). application zone 1 erase key ( ez1 ) bits 688-735 (48 bits) this password must be programmed during issuer personalization. it is used to erase application zone 1 in security level 2. verification of ez1 will set the internal flag e1 to ? 1 ? . application zone 2 erase key ( ez2 ) bits 1248-1279 (32 bits) this password must be programmed during issuer personalization. it is used to erase application zone 2 in security level 2. verification of ez2 will set the internal flag e2 to ? 1 ? .
at88sc102 10 memory access rules during personalization - security mode 1 (1) notes: 1. security mode 1 conditions: ec2en = ? 1 ? or ? 0 ? issuer fuse = ? 1 ? fus pin = ? 1 ? (required) 2. sv: sv = ? 1 ? after validation of the security code 3. r1: 2nd bit of application zone 1 (bit 177) 4. r2: 2nd bit of application zone 2 (bit 737) 5. mf: manufacturer fuse = ? 0 ? when blown table 1. access conditions during personalization (issuer fuse not blown). zone sv (2) r1 (3) r2 (4) mf (5) read erase write compare fz x x x x yes no no no iz 0 1 x x x x x x yes yes no yes no yes no no sc 0 1 x x x x x x no yes no yes no yes yes no scac 0 1 x x x x x x yes yes no yes yes yes no no cpz 0 1 x x x x x x yes yes no yes no yes no no az1 0 0 1 0 1 x x x x x x x no yes yes no no yes no no yes no no no ez1 0 1 x x x x x x no yes no yes no yes no no az2 0 0 1 x x x 0 1 x x x x no yes yes no no yes no no yes no no no ez2 0 1 x x x x x x no yes no yes no yes no no ec2 0 1 x x x x x x yes yes no yes yes yes no no mtz x x x x yes yes yes no mfz 0 1 1 x x x x x x x 0 1 yes yes yes no no yes no no yes no no no
at88sc102 11 memory access rules after personalization - security mode 2 (1) notes: 1. security mode 2 conditions: manufacturer fuse = ? x ? ec2en fuse = ? 1 ? or ? 0 ? issuer fuse = ? 0 ? fus pin = ? x ? 2. sv: sv = ? 1 ? after validation of the security code 3. p1: 1st bit of application zone 1 (bit 176) 4. r1: 2nd bit of application zone 1 (bit 177) 5. p2: 1st bit of the application zone . (bit 736) 6. r2: 2nd bit of the application zone 2 (bit 737) 7. e1: e1 = ? 1 ? after a valid presentation of the application zone 1 erase key ez1 8. e2: e2 = ? 1 ? after a valid presentation of the application zone 2 erase key ez2 table 2. access conditions after personalization (issuer fuse blown). zone sv (2) p1 (3) r1 (4) p2 (5) r2 (6) e1 (7) e2 (8) read erase write compare fzxxxxxxxyesnono no izxxxxxxxyesnono no sc 0 1 x x x x x x x x x x x x no no no yes no yes yes no scac 0 1 x x x x x x x x x x x x yes yes no yes yes yes no no cpz 0 1 x x x x x x x x x x x x yes yes no yes no yes no no az1 0 0 1 1 1 1 x x 0 0 1 1 0 1 x x x x x x x x x x x x x x x x x x 0 1 0 1 x x x x x x no yes yes yes yes yes no no no yes no yes no no no no yes yes no no no no no no ez1xxxxxxxnononoyes az2 0 0 1 1 1 1 x x x x x x x x x x x x x x 0 0 1 1 0 1 x x x x x x x x x x x x 0 1 0 1 no yes yes yes yes yes no no no yes no yes no no no no yes yes no no no no no no ez2xxxxxxxnononoyes ec2xxxxxxxyesnoyesno mtzxxxxxxxyesyesyesno mfzxxxxxxxyesnono no
at88sc102 12 micro operations notes: 1. the output is disabled (hi-state) on all addresses where the read operation is disabled. 2. the two instructions inc/read and inc/cmp share the same control signal states. 3. the circuit will distinguish between the inc/read and inc/cmp instructions by testing the internal address counter. (cmp can only be done with the addresses corresponding to the security code or to an erase key). 4. the internal address counter counts up to 1567. an additional clk pulse resets the address to 0. the at88sc102 circuit operation modes are selected by the input logic levels on the control pins pgm, clk and rst and by the internal address. timing for these operations is specified in the ac characteristics section. operation pgm rst clk definition reset x0 this operation will reset the internal address to 0. after the falling edge of rst, the first bit of the fabrication zone (address 0) will be driven on the i/o contact. the erase flags (e1 and e2) will be reset. inc/read 00 the address is incremented on the falling edge of clk. if read operations are enabled, the addressed bit will be driven on the i/o pin after the falling edge of clk. when read operations are disabled, the i/o will be disabled and pulled to a high state by the external system pull-up resistor. inc/cmp 00 the inc/cmp operation will compare the value of the data driven by the system host on the i/o pin, to the value of the bit already written into the eeprom memory at that address location. this process is used during validation of the at88sc102 security code and erase keys. the data must be stable on the i/o pin before the rising edge of clk, when the data will be latched internally. comparison occurs on the next falling edge of clk. the internal address is also incremented on the falling edge of clk. erase/write 10 the i/o pin must be driven to a ? 1 ? for an erase, and to a ? 0 ? for a write operation before the rising edge of clk (see t ds ) standby 01x the device is placed in standby mode when fus pin = ? 0 ? and rst = ? 1 ? . the address will not increment when rst is high.
at88sc102 13 device functional operation function functional operation sequence por operation: por (power-on reset) is initiated as the device power supply ramps from 0v up to a valid operating voltage. function: por resets all flags, and the address is reset to 0. reset operation: with clk low, a falling edge on the rst pin will reset the address counter to address 0. function: the address is reset to ? 0 ? , and the first bit of the memory is driven by the at88sc102 on i/o after a reset. only e1 and e2 are reset when the address is reset to 0. the reset operation has no affect on any of the other flags (sv, p1, r1, p2, r2). addressing operation: addressing is handled by an internal address counter. the address is incremented on the falling edge of clk. reset must be low while incrementing the address. a falling edge of reset clears the counter to address 0. function: addressing of the at88sc102 is sequential. specific bit addresses may be reached by completing a reset, then clocking the device (inc/read) until the desired address is reached. the at88sc102 will determine which operations are allowed at specific address locations. these operations are specified in tables 1 and 2. example: to address the issuer zone (iz) execute a reset operation, then clock the device 16 times. the device now outputs the first bit of the issuer zone (iz). after the address counter counts up to 1567 the next clk pulse resets the address to 0. read operation : rst and pgm pins must be low. if a read operation is allowed, the state of the memory bit which is being addressed is output on the i/o pin. the i/o buffer is an open drain and the output of a logic ? 0 ? therefore causes the device to pull the pin to ground. the output of a logic ? 1 ? causes the device to place the pin in a high impedance state. therefore in order to sense a logic ? 1 ? , an external pullup must be placed between the i/o pin and vcc. the address counter is incremented on the falling edge of clk. function: non-application zones: as the address counter is incremented, the contents of the memory are read out on the i/o pin. the read operation is inhibited for addresses where security prevents a read operation (see tables 1 and 2). application zones: application zone 1 can be read when: sv = ? 1 ? or r1 = ? 1 ? . application zone 2 can be read when: sv = ? 1 ? or r2 = ? 1 ? .
at88sc102 14 write a write operation sets the bit(s) to a logic ? 0 ? operation: clk = ? 0 ? pgm ? 0 ? ? 1 ? (i/o switches to an input) i/o = ? 0 ? (input = ? 0 ? for write operation) clk ? 0 ? ? 1 ? (rising edge of clk starts the write operation) pgm ? 1 ? ? 0 ? i/o ? 0 ? ? z ? (high-impedance) wait t chp (see ? ac electrical characteristics ? ) clk ? 1 ? ? 0 ? (falling edge of clk ends the write operation). note: the falling edge of clk which ends the write operation does not increment the address counter. function: non-application zones: the write operation is inhibited for addresses where security prevents a write operation (see tables 1 and 2). application zones: the application zones can be written when: security level 1: sv = ? 1 ? security level 2: sv = ? 1 ? and p1 = ? 1 ? for az1. sv = ? 1 ? and p2 = ? 1 ? for az2 erase operation sequence clk = ? 0 ? pgm ? 0 ? ? 1 ? (i/o switches to an input) i/o = ? 1 ? (input = ? 1 ? for erase operation) clk ? 0 ? ? 1 ? (rising edge of clk starts the erase operation.) pgm ? 1 ? ? 0 ? i/o ? 1 ? ? z ? (high-impedance) wait t chp (see ? ac electrical characteristics ? ) clk ? 1 ? ? 0 ? (falling edge of clk ends the erase operation.) note: the falling edge of clk which ends the erase operation does not increment the address counter. erase (non- application zones) an erase operation sets the bits to logic ? 1 ? . the eeprom memory is organized into 16 bit words. although erases are performed on single bits the erase operation clears an entire word in the memory (except for the application zones in security level 2). therefore, performing an erase on any bit in the word will clear all 16 bits of that word to logic ? 1 ? . operation : perform ? erase operation sequence ? as specified above. function: the erase operation is inhibited for addresses where security prevents an erase operation. (see tables 1 and 2). erase (application zones) security level 1 security level 1: (issuer fuse = ? 1 ? and fus pin = ? 0 ? ) the application zone can only be erased when sv = 1. operation: increment address counter to any bit within az1 or az2. perform ? erase operation sequence ? as specified above. function: this operation will erase the entire 16-bit word containing the bit. device functional operation (continued) function functional operation sequence
at88sc102 15 erase (application zone 2) security level 2 ec mode enabled security level 2: (issuer fuse = ? 0 ? or fus pin = ? 0 ? ) ec mode is enabled. erase operations within az2 are limited to 128. application zone 1 can only be erased when sv = ? 1 ? and e1 = ? 1 ? . operation: set sv = ? 1 ? by validating the security code (see definition of sv internal flag). increment address counter to the first bit of the application zone 2 erase key (ez2 = bit 1248). execute 32 inc/cmp operations, correctly verifying each bit of the 32-bit erase key. increment the address counter through the application zone 2 erase counter (ec2 = bits 1280 - 1407) until a bit is found which is set to ? 1 ? . perform a write operation on this bit (this write will not increment the address counter). perform an erase operation on the same bit. function: this operation will erase the entire application zone. one additional bit of erase counter 2 will now be written to ? 0 ? . the erase operation in ec2 will initiate the az2 erase, but will not affect the state of the bits within ec2. erase (application zone 1 or 2) security level 2 ec mode disabled security level 2: (issuer fuse = ? 0 ? or fus pin = ? 0 ? ) ec mode is disabled in az2. unlimited erase operations in az2. az1 always allows unlimited erase operations. application zone 1 can only be erased when sv = ? 1 ? and e1 = ? 1 ? . application zone 2 can only be erased when sv = ? 1 ? and e2 = ? 1 ? . operation: set sv = ? 1 ? by validating the security code (see definition of sv internal flag). increment address counter to the first bit of the application zone erase key (ez1 = bit 688, ez2 = bit 1248). execute 32 or 48 inc/cmp operations, correctly verifying each bit of the 32 or 48 bit erase key. increment the address counter to the next bit (bit 736, to erase az1, bit 1280 to erase az2). perform an erase operation on this bit. function: this operation will erase the entire application zone, but does not affect the word containing bit 736 or 1280. block write/erase enabled in security level 1 only. operation: set address counter between address 1440 and 1455. sv must be set. fus pin must be high. perform a write or erase operation. function: the entire memory excluding the fabrication zone (fz), memory test zone (mtz) and manufacturer ? s zone (mfz) will be written to ? 0 ? (write) or ? 1 ? (erase). the block write/erase modes are used to quickly personalize the device. device functional operation (continued) function functional operation sequence
at88sc102 16 blowing manufacturer fuse valid in security level 1. operation: set address counter between address 1456 and 1471. sv must be set. the fus pin can be either a ? 0 ? or a ? 1 ? . rst pin = ? 1 ? perform a write operation. function: the manufacturer fuse will be at a logic ? 0 ? state. note: the address will not change as long as rst is high. clk should be low when rst is brought low. this will reset the address counter to 0. blowing ec2en fuse valid in security level 1. the ec2en fuse must be blown before the issuer fuse is blown. operation: set the address counter to address 1529. fus pin = ? 1 ? rst pin = ? 1 ? perform a write operation function: ec2en fuse will be written to a logic ? 0 ? state. note: the address will not change as long as rst is high. clk should be low when rst is brought low this will reset the address counter to 0. blowing issuer fuse operation: set address counter between address 1552 and 1567. sv must be set. the fus pin can be either a ? 0 ? or a ? 1 ? . rst pin = ? 1 ? perform a write operation function: issuer fuse will be set to a logic ? 0 ? state. this operation will convert the at88sc102 from security level 1 to security level 2. the action is irreversible. note: the address will not change as long as rst is high. clk should be low when rst is brought low. this will reset the address counter to 0. function of fus and rst pin fus used for personalizing the device. fus must be high to be able to personalize the device when issuer fuse is unblown. in security level 1, the fus pin may be forced low to simulate security level 2. in security level 2, the fus pin has no function. rst this pin is used to reset the address counter address to 0. it is also used in writing the issuer fuse and the ec2en fuse low. when the fus pin is low and the rst pin is high, the part is in stand-by mode. device functional operation (continued) function functional operation sequence
at88sc102 17 absolute maximum ratings* *notice: stresses beyond those listed under ? absolute maxi- mum ratings ? may cause permanent damage to the device. this is a stress rating only and functional operation of the device at these or any other condi- tions beyond those indicated in the operational sec- tions of this specification is not implied. exposure to absolute maximum rating conditions for extended periods may affect device reliability. dc characteristics operating temperature ........................-55 c to +125 c storage temperature............................-65 c to +150 c voltage on any pin with respect to ground................... -0.3v to v cc + 0.7v maximum operating voltage .................................6.25v dc output current................................................5.0 ma applicable over recommended operating range from: v cc = 4.5v to 5.5v and t a = -25 c to +85 c (unless otherwise noted). symbol characteristics min type max unit i cc supply current on v cc during read (t amb = + 25 c) 2 ma i ccp supply current on v cc during program (t amb = + 25 c) 5 ma i sb standby current on vcc (rst @ v cc ; fus, clk, pgm @ gnd; i ol = 0 a; f clk = 0 khz) 50 a v il input low level -0.3 v cc x 0.3 v v ih input high level v cc x 0.7 v cc + 0.3 v v ol output low level (i ol = 1ma) 0.4 v i il input leakage current 20 a i ih i/o leakage current (v oh = v cc open drain) 20 a
at88sc102 18 ac characteristics conditions of dynamic tests ac load circuit t a = -25 c to +85 c, v cc = 5v 10%, gnd = 0v (unless otherwise noted). symbol characteristics min type max unit t clk clock cycle time 3.3 s t rh rst hold time 0.1 s t dvr data valid reset to address ? 0 ? 2.0 s t ch clk pulse width (high) 0.2 s t cl clk pulse width (low) 0.2 s t dv data access 2.0 s t oh data hold 0 s t sc data in setup (cmp instruction) 0 s t hc data in hold (cmp instruction) 0.2 s t chp clk pulse width (high in programming) 2.0 ms t ds data in setup 0.2 s t dh data in hold 0 s t spr pgm setup 2.2 s t hpr pgm hold 0.2 s the circuit has an output with open drain. an external resistor is necessary between vcc and i/o in order to load the output. pulse levels of the input gnd to v cc reference levels in input v cc x 0.3 and v cc x 0.7 reference levels in output 1.5v rising and falling time of signals 5 ns i/o vcc r load chip test point 100 pf test ckt. included
at88sc102 19 timing diagrams reset read address clk rst i/o 0 (internal address counter) t rh t dvr data valid note: clk should be low on the falling edge of rst. clk may remain low while rst is pulsed. output address clk i/o note: pgm and rst must both be low during a read cycle. i/o should not be driven (except by the external pullup resistor). t dv t cl t ch t clk t oh t oh
at88sc102 20 program compare erase/write address clk t oh notes: during any erase or write operation, pgm must fall before the falling edge of clk at the end of t chp (recommend a minimum setup time of 1 sec). after the rising edge of pgm to initiate the erase/write operation, delay at least t dv (2 sec) before driving data on the i/o contact. pgm output input t dv valid valid t spr t hpr t chp t ds t dh a n a n a n a n-1 a n+1 drive '1' (erase) or '0' (write) i/o read erase/write read t dv output address clk i/o note: input data is latched on the rising edge of clk. comparison occurs on the next falling edge of clk. the address counter is incremented on the falling edge of clk. during a compare operation of the first bit following a read (i.e. the first bit of the sc, or erase keys), data driven to the i/o may be delayed by t dv after the the falling edge of clk. a n a n-1 a n+1 t sc t hc input t sc
at88sc102 21 security code validation address rst notes: 1. a n = address, d n = read data (output), cd n = compare data (input). 2. security level 2 (issuer fuse blown). a. compare sequence of the security code. b. this diagram shows an example in which the first three bits of the security code attempts counter (96 - 98) are previously set to "0". bit 99 in this example is a 1, so the write/erase sequence is begun with that bit. c. write operation of a "0" over the existing "1". d. the at88sc102 will output a '0' following the write operation. if the comparison is successful, the sv flag is set on the falling edge of clk and the scac zone can be erased. e. erase operation. f. the at88sc102 will output a "0" following the erase operation if the security code verification is successful. if invalid, the device will output a "1". g. on the falling edge of clk, the address is incremented and the state of the next bit is driven on the i/o pin. clk pgm output output output input input input input i/o sv flag a 0 a x a 2 a 1 a 80 a 79 a 81 a 94 a 95 a 96 a 97 a 98 a 99 a 100 reset d 0 d 1 cd 80 cd 81 cd 95 d x 0 0 00 1 1 read compare sc read scac write read erase read (b) (c) (d) (e) (f) (g) (a) 0 output d 99
at88sc102 22 erase operation application zone 1 (az1) address rst notes: 1. a n = internal address, d n = read data (output), cd n = compare data (input). 2. this diagram illustrates the protocol for setting the e1 flag in security level 2 (issuer fuse blown). erase operations in security level 1 within application zone 1 do not require setting of the e1 flag. in security level 1, an erase operation on any bit in application zone 1 will erase the entire 16-bit word containing the bit. a. compare sequence of ez1. if the comparison is valid, the ez1 flag is set to "1", enabling erasure of az1. b. if e1 is set to "1", an erase operation on bit 736 will erase bits 176 - 687 (az1) (security level 1). c. after the falling edge of clk, the device will drive the i/o contact to the logic state of the existing data in bit 736. the state of this bit is not affected by the az1 erase operation. d. after the falling edge of clk, the address is incremented and the state of the next bit is driven on the i/o contact. clk pgm output input input i/o e1 flag a 0 a x a 2 a 1 a 688 a 687 a 689 a 734 a 735 a 736 reset d 0 d 1 cd 688 cd 689 cd 735 d x 1 read (b) (c) output a 737 read (d) (a) compare ez1 erase d 736
at88sc102 23 erase operation application zone 2 (az2), ec2 function disabled address rst notes: 1. a n = internal address, d n = read data (output), cd n = compare data (input) 2. this diagram illustrates the protocol for setting the e2 flag in security level 2 (issuer fuse blown). erase operations in security level 1 within application zone 2 do not require setting of the e2 flag. in security level 1, an erase operation on any bit in the application zone will erase the entire 16-bit word containing the bit. 3. ec2en fuse = "0" (disabled) a. compare sequence of ez2. if the comparison is valid, the e2 flag is set to "1", enabling erasure of az2. b. if e2 is set to "1", an erase operation on bit 1280 will erase bits 736 - 1247 (az2) (security level 1). c. after the falling edge of clk, the device will drive the i/o contact to the logic state of the existing data in bit 1280. the state of this bit is not affected by the az2 erase operation. d. after the falling edge of clk, the address is incremented and the state of the next bit is driven on the i/o contact. clk pgm output input input i/o e1 flag a 0 a x a 2 a 1 a 1248 a 1247 a 1249 a 1278 a 1279 a 1280 reset d 0 d 1 cd 1248 cd 1249 cd 1279 d x 1 read (b) (c) output a 1281 read (d) (a) compare ez2 erase d 1280
at88sc102 24 erase operation application zone 2 (az2) ec2 function enabled output a 1284 d 1284 0 (f) (g) address rst notes: 1. a n = internal address, d n = read data (output), cd n = compare data (input) 2. ec2en fuse = "1" (enabled) 3. security level 2 (issuer fuse blown) a. compare sequence of the application zone 2 erase key (ez2). b. this diagram shows an example in which the first three bits of the ec2 erase counter (bits 1280 - 1282) are previously set to "0". the write/erase operation should be performed on the first bit in ec2 which is found to be a "1". bit 1283 in this example is a "1", so the write/erase sequence is begun with that bit. c. write operation of a "0" over the existing "1". d. the at88sc102 will output a "0" following the write operation. if the comparison is successful, the e2 flag is set and the az2 zone can be erased. e. erase operation f. the at88sc102 will output a "0" following the erase operation regardless of the success of the compare operation. g. on the falling edge of clk, the address is incremented and the state of the next bit is driven on the i/o pin. clk pgm output output input input input input i/o e1 flag a 0 a x a 2 a 1 a 1248 a 1247 a 1249 a 1278 a 1279 a 1280 a 1281 a 1282 a 1283 reset d 0 d 1 cd 1248 cd 1249 cd 1279 d x 0 0 00 1 1 read read ec2 read (b) (c) (d) (e) (a) compare ez2 0 output erase read write
at88sc102 25 notes: 1. ? xx ? must be replaced by a security code. contact an atmel sales office for the security code. 2. formal drawings may be obtained from an atmel sales office. ordering information ordering code (1) package (2) voltage range temperature range at88sc102 - 09at - xx - 2.7 at88sc102 - 09bt - xx - 2.7 at88sc102 - 09ct - xx - 2.7 at88sc102 - 09dt - xx - 2.7 at88sc102 - 09et - xx - 2.7 at88sc102 - 09gt - xx - 2.7 at88sc102 - 09ht - xx - 2.7 m2 - a module m2 - b module m4 - c module m4 - d module m2 - e module m3 - g module m3 - h module 2.7v to 3.3v commercial 0 c to 70 c at88sc102 - 09at - xx at88sc102 - 09bt - xx at88sc102 - 09ct - xx at88sc102 - 09dt - xx at88sc102 - 09et - xx at88sc102 - 09gt - xx at88sc102 - 09ht - xx m2 - a module m2 - b module m4 - c module m4 - d module m2 - e module m3 - g module m3 - h module 4.5v to 5.5v commercial 0 c to 70 c package type (2) m2 - a module m2 iso 7816 smart card module m2 - b module m2 iso 7816 smart card module with atmel logo m4 - c module m4 iso 7816 smart card module m4 - d module m4 iso 7816 smart card module with atmel logo m2 - e module m2 iso 7816 smart card module m3 - g module m3 iso 7816 smart card module m3 - h module m3 iso 7816 smart card module with atmel logo
at88sc102 26 smart card modules m2 - a module - ordering code: 09at module size: m2 dimension (1) : 12.6 x 11.4 mm glob top: black, square: 8.6 x 8.6 mm thickness: 0.58 mm max. pitch: 14.25 mm m2 - b module - ordering code: 09bt module size: m2 dimension (1) : 12.6 x 11.4 mm glob top: black, square: 8.6 x 8.6 mm thickness: 0.58 mm max. pitch: 14.25 mm m4 - c module - ordering code: 09ct module size: m4 dimension (1) : 12.6 x 12.6 mm glob top: black, square: 8.6 x 8.6 mm thickness: 0.58 mm pitch: 14.25 mm m4 - d module - ordering code: 09dt module size: m4 dimension (1) : 12.6 x 12.6 mm glob top: black, square: 8.6 x 8.6 mm thickness: 0.58 mm max. pitch: 14.25 mm m2 - e module - ordering code: 09et module size: m2 dimension (1) : 12.6 x 11.4 mm glob top: clear, round: ? 7.5 mm max. thickness: 0.58 mm max. pitch: 14.25 mm m3 - g module - ordering code: 09gt module size: m3 dimension (1) : 10.6 x 8.0 mm glob top: clear, round: ? 6.5 mm max. thickness: 0.58 mm max. pitch: 9.5 mm m3 - h module - ordering code: 09ht module size: m3 dimension (1) : 10.6 x 8.0 mm glob top: clear, round: ? 6.5 mm max. thickness: 0.58 mm max. pitch: 9.5 mm note: the module dimensions listed refer to the dimensions of the exposed metal contact area. the actual dimensions of the module after excise or punching from the carrier tape are generally 0.4 mm greater in both directions (i.e. a punched m2 module will yield 13.0 x 11.8 mm).
? atmel corporation 1999. atmel corporation makes no warranty for the use of its products, other than those expressly contained in the company ? s standard war- ranty which is detailed in atmel ? s terms and conditions located on the company ? s web site. the company assumes no responsibility for any errors which may appear in this document, reserves the right to change devices or specifications detailed herein at any tim e without notice, and does not make any commitment to update the information contained herein. no licenses to patents or other intellectu al prop- erty of atmel are granted by the company in connection with the sale of atmel products, expressly or by implication. atmel ? s products are not authorized for use as critical components in life support devices or systems. atmel headquarters atmel operations corporate headquarters 2325 orchard parkway san jose, ca 95131 tel (408) 441-0311 fax (408) 487-2600 europe atmel u.k., ltd. coliseum business centre riverside way camberley, surrey gu15 3yl england tel (44) 1276-686-677 fax (44) 1276-686-697 asia atmel asia, ltd. room 1219 chinachem golden plaza 77 mody road tsimhatsui east kowloon hong kong tel (852) 2721-9778 fax (852) 2722-1369 japan atmel japan k.k. 9f, tonetsu shinkawa bldg. 1-24-8 shinkawa chuo-ku, tokyo 104-0033 japan tel (81) 3-3523-3551 fax (81) 3-3523-7581 atmel colorado springs 1150 e. cheyenne mtn. blvd. colorado springs, co 80906 tel (719) 576-3300 fax (719) 540-1759 atmel rousset zone industrielle 13106 rousset cedex france tel (33) 4-4253-6000 fax (33) 4-4253-6001 fax-on-demand north america: 1-(800) 292-8635 international: 1-(408) 441-0732 e-mail literature@atmel.com web site http://www.atmel.com bbs 1-(408) 436-4309 printed on recycled paper. 1419b ? 11/99/xm marks bearing ? and/or ? are registered trademarks and trademarks of atmel corporation. terms and product names in this document may be trademarks of others.


▲Up To Search▲   

 
Price & Availability of AT88SC102-09GT-XX-27

All Rights Reserved © IC-ON-LINE 2003 - 2022  
[Add Bookmark] [Contact Us] [Link exchange] [Privacy policy]
Mirror Sites :  [www.datasheet.hk]   [www.maxim4u.com]  [www.ic-on-line.cn] [www.ic-on-line.com] [www.ic-on-line.net] [www.alldatasheet.com.cn] [www.gdcy.com]  [www.gdcy.net]
 . . . . .
  We use cookies to deliver the best possible web experience and assist with our advertising efforts. By continuing to use this site, you consent to the use of cookies. For more information on cookies, please take a look at our Privacy Policy. X