Foreword
The IC card is divided into two categories according to the structure, which can be divided into a memory card and a CPU card. Compared with ordinary memory cards, the logical encryption card has a complicated internal structure, and its storage area can be divided into a card setting area and an application area. The card setting area stores the code and card password associated with the card manufacturer and the card issuer; the application area can be divided into different partitions according to needs. The security of the logical encryption card is relatively high, which is reflected in: the card establishes the master password, and each application partition has its own independent operation password. The main control functions of the logic encryption card are: control of data storage area opening/closing; control of data storage area read/write; control of data storage area erasing operation; counting and error checking of password verification and error times control.
How does the AT88SC1604 card work?
The AT88SC1604 is a logically encrypted memory card chip designed by ATMEL Corporation of the United States. It has a storage capacity of 15,704 bits and is a product chip with a large capacity in the current logical encryption memory card.
Chip characteristics
(1) The AT88SC1604 chip is a single-memory multi-logic partition structure. In addition to dividing the specific flag data area and control data area, the main memory divides the application data into four completely isolated sub-areas, and each sub-area is equipped with its own read and write control flags and write/ Erase passwords and logic controls such as password input error counters.
(2) The chip is in serial transmission mode and meets the ISO7816-3 synchronous transmission protocol.
(3) The chip is fabricated in a low-power CMOS process, with a read time of s per word bit and a write cycle of 5ms.
(4) The memory cells inside the chip have at least 10,000 erase/rewrite cycles. The data retention period is 10 years.
Chip storage partition structure and definition
The AT88SC1604 chip is divided into a manufacturer code area, a publisher code area, a user security password area, a user password comparison count area, a personal code area, and four application areas. Each application area is composed of a password area, a password comparison count area, an erase password area, and an erase password comparison count area, an application data area, and a memory test area.
(1) Manufacturer Code Area (FZ)
The specific information of the card chip manufacturer recorded in the zone (eg, production lot number, date, and specially developed feature code) is written by the manufacturer before the chip is shipped from the factory. When the fuse (FUSH1) controlling this area is not blown, the memory cells of the area can be erased and rewritten like a normal EEPROM memory cell. Once the fuse is blown, the written manufacturer code cannot be changed.
(2) Publisher Code Area (IZ)
This area is used to record specific information about the card issuer (eg, issue lot number, date, region range number, and feature code such as a specific user number). When the fuse controlling the zone is not blown, the contents of the memory cells of the zone can be freely erased or rewritten. After the personalization process is completed, the fuse (FUSH2) of the zone is controlled to be blown, and the injected "publisher code" can be fully cured. This code is also an identification of the authenticity of the card, distinguishing the important identification of the card application category.
(3) Personal code area (CPZ)
This area is used to store personal identification data. This area is protected by the "user password" of the chip. When the "user password" is successful, the area is readable and writable and erasable. The "user password" is unsuccessful. This area can only be read but not written and erased.
(4) User Password Area (SC)
This cipher zone is the "total control switch" for the entire memory. Before use, a security code entered in advance by the authorized cardholder is stored as a "reference word" in this storage area. When using, you must enter a "check password". The chip compares the input "check password" with the "reference word" of the internal memory. If the comparison results are consistent, the IC card will open the entire chip memory (including the control password of each partition and each application data area). The "secure password" area SCn (n = 1, 2, 3, 4) of each zone is completely similar to the role of the SC.
For the cipher area SCn (n = 1, 2, 3, 4) of each partition, the comparison operation is controlled by the count of the corresponding "application area cipher" comparison counter (SnAC). When the password is entered incorrectly 8 times in a row, SCn will be locked.
(5) Password Comparison Counting Area (SCAC)
This area accumulates the number of consecutively entered incorrect passwords. After 8 consecutive incorrect comparison operations, the chip will be locked. After the chip is locked, any erase, write, and compare operation commands will be rejected.
This area is 8 bits long and operates in bit-wise mode. At the time of chip initialization, it is all "1" state, that is, the read value is "FFH". Each time the entered password is compared, first find the first bit of "1" in the order from high to low, write this bit to "0", and then store the newly entered "check password" with the original The "reference words" of the SC area are compared. The comparison operation itself is completed by the chip itself, and the comparison result is judged by setting the SV flag, that is, SV is set to "1" when the comparison is successful. Less successful, the SV remains in its original "0" state. The count value of the counter after each comparison operation in the course of 8 consecutive comparison errors is "7FH", "3FH", "1FH", "0FH", "07H", "03H", "01H", "00H", respectively. . When the counter is "00H", the subsequent comparison operation command cannot find a bit of "1" in the "SCAC" area, and the chip refuses to continue the comparison operation.
The effect of SnAC (n = 1, 2, 3, 4) is similar to that of SCAC. The operational controls are exactly the same. Only SCAC is to limit the comparison operation to the SC area. SnAC limits the comparison operation to the SCn area. SCAC has the highest level of control. When the SCAC is "00H", the chip internally blocks the comparison operation to the SC area, so that the comparison of SCn is also prohibited. If the SCAC is not a "00H" value, whether the SCn can perform the comparison operation is determined by the state value of the SnAC area after the comparison of the SC area is successful. In the SnAC area, during the 8 consecutive comparison inputs, the count value of the counter after each comparison operation is the same as the 8 values ​​of the SCAC. (ie, "7FH", "3FH", "1FH", "0FH", "07H", "03H", "OlH", "00H") When SnAC is "00H", then "application n area" Will be locked.
(6) Erase password area (EZn, n=l.2, 3, 4)
This area is used to store the control password for erasing the application area operation. These passwords are generally used by publishers. The last set of "erase passwords" entered during the personalization process will cause the "erase password" to be saved in the area after the chip fuse FUSE2 is blown. This area can no longer be read, written, and erased, and can only be compared. If the application area needs to be erased during use, it must first compare the corresponding EZ area with an "erase password". In the case that the "erase password comparison counter" is not "00H", If the two codes being compared are identical, the cells of the corresponding application area are allowed to be erased, otherwise the erase operation will be prohibited.
(7) Erase password comparison count area (EnAC, n=l, 2, 3, 4)
The role of the erase password comparison count area is similar to that of the SCAC. It accumulates the number of consecutive input errors for each application area erasure password. After up to eight consecutive incorrect password comparisons, the erase operation of the application area controlled by the area is locked, thereby causing the application area to be read-only and to allow single write.
(8) Application data area (AZn, n=1, 2, 3, 4)
This area is mainly used by users. Information about the data record and card identification of the storage system. The writing and reading of the application data area are respectively controlled by the state of the first two bits Pn and Rn of the area and the SV flag, and the erasing operation is controlled by the erasing password of the area. The AT88SC1604 is designed with four fully isolated partitions, with the unit capacity of the 1 to 3 partitions being 4K bits and the unit capacity of the 4th partition being 3.6K bits.
(9) Storage area test area (MTZ)
This area is mainly used for performance testing of EEPROM cell arrays after chip production. This area is not protected by any control area status and flag status, allowing reading, writing and erasing operations on this area, but cannot be compared. operating.
Applications
Based on the characteristics of the above 1604 chip, in the petrol system design of the petrochemical system, we use the single chip chip 89C2051 and the IC card circuit to form a separate system to control the operation of the IC card chip. The system passes the standard RS232 communication interface and the main control. The board realizes data exchange. This circuit design has good compatibility in hardware. It can be connected to any control board or microcomputer with RS232 interface by coordinating the IC card communication protocol of both parties.
The six ports of the MCU chip 89C2051 are connected to the IC card through the IOC card holder, and the P1.2 port controls the on/off of the 5V power supply of the IC card. When the power is turned on, the MCU chip is in the reset state, and all the 6 ports output "1", the IC card. The power supply is disconnected, ICSW is the detection end of the IC card. When the IC card is inserted, the port is connected to the ground. The P1.3 port detects that the IC card has been inserted into the card holder, that is, the IC card is powered on, and the IC card is operated. After the completion, cut off the power of the IC card and prompt the user to pull the card. After the other four ports of the MCU chip are connected to the power of the IC card, the IC card is reset, read the card, proofread the password, erase the card, write the card, etc. according to the needs of the card operation.
Hardware circuit
Chip operation mode timing and design program
There are five operating modes of the AT88SCl604 chip. They are implemented by a combination of pin signals such as PGM, RST, and CLK, and an internal address counter (IAC).
(1) Chip reset operation: The AT88SCl604 has two reset modes: power-on reset and control reset.
Power-on reset: Power-on reset is the initial state when the chip is powered up. Power-on reset belongs to the chip
Internal reset. It will reset all hidden flags inside the chip to the 0 state. And reset the address counter to 0 bits.
Control Reset: When CLK is low, a falling edge on the RST pin will cause a reset operation on the chip. Control reset is to reset the address counter to 0 without affecting the state of any internal flags.
Note: 1) It is forbidden to count when RST is high
2) After the CLK terminal is lowered, delay a reset hold time Trh (min 0.1 s) RST terminal reset (falling edge), and the address counter is cleared. After the address counter is cleared, the data of the 0th bit of the "data reset valid time" Tdvr (max 2 s) is delayed and sent to the I/O line.
FWZCX: CLR ICPGM; reset subroutine
NOP
SETB ICREST
NOP
SETB ICSDA
NOP
CLR ICCLK ; clock terminal clear
NOP
CLR ICREST ; reset terminal clear
NOP
RET
(2) Read operation: When performing the read operation, it must be ensured that the RST pin and the PGM pin are kept low at the same time. If the read operation of each password control area of ​​the chip is performed, it can only be performed when FUSE2 is not blown and the SV flag is "1".
If the read operation is performed on each of the chip identification data areas, the SV flag needs to be set to "1" in addition to the FZ and IZ areas.
If the read operation of each application data area of ​​the chip is performed, it needs to be performed in the state of SV=1 and Rn=1 (n=1, 2, 3, 4).
Note: At the falling edge of CLK, the address counter is incremented by one, and the data of the address unit currently referred to by the address counter is output to the I/O line. Therefore, during the entire clock cycle Tdk, two operations of address plus 1 (INC) and read (REA) are included.
Read the IC data subroutine (R2: the number of IC card bytes to be read, R0: the data area stores the lower first address)
RICDAZ: MOV A, #KXXDZ; card information address to send A
LCALL SADR; card search address
RICDA: MOV R3, #08
RICDA1: SETB ICSDA
NOP
MOV C, ICSDA; bit read to A
RLC A
SETB ICCLK
NOP
CLR ICCLK
NOP
DJNZ R3, RICDA1
MOV @R0,A; 8-bit data transmission data area
DEC R0
DJNZ R2, RICDA
RET
; Find the IC card address subroutine (send the hexadecimal address to the ACC)
SADR: LCALL FWZCX
MOV B, #08
MUL AB ; Calculated bit address: hex address *8
MOV R4, A; low bit address is sent to R4
MOV R5, B; high bit address is sent to R5
JNZ SADR1; lower address is not 0 turn
MOV A, R5
JZ SADR3
DEC R5
SADR1: SETB ICREST ; reset terminal set 1
SETB ICSDA
CLR ICPGM
CLR ICCLK
CLR ICREST
SADR2: SETB ICCLK
SETB ICCLK
CLR ICCLK
CLR ICCLK
DJNZ R4, SADR2
MOV A, R5
JZ SADR3
DEC R5
SJMP SADR2
SADR3: RET
;
(3) Comparison operation: When performing the comparison operation, it must be ensured that the RST pin and the PGM pin are kept low at the same time. The comparison operation can only be performed on the chip password control area and is judged internally by the chip. When FUSE2 is not blown, the SC area can only be compared when SV=0, and the comparison operation to other areas is invalid. When SV=1, the chip does not perform any comparison operation. After FUSE2 is blown, the SC area can only be compared when SV=0, and the comparison operation to other areas is invalid.
Note: The above chip password comparison timing diagram assumes that the first two bits of the cipher counter are 0, and the third bit finds the processing timing of 1.
The timing relationship of the chip SC is shown in Figure 2~5:
From operation (B) to (F), the address counter is unchanged, and the process of password comparison is:
(A) Compare secure password/erase password sequence
(B) Find a bit with a bit of "1" in the password input comparison counter
(C) Write "0" in this unit of "1"
(D) Chip output "0"
(E) If the comparison is successful, the corresponding flag of the security password/erase password on the rising edge of PGM
(SV, Sn or En) is set to "1", and the secure password/erase password input comparison counter
(SCAC, SnAC or EnAC) is erased.
(F) If the erasure is successful, the corresponding security password/erase password flag is set to "1", the chip will output "1", otherwise the chip outputs "0".
(G) On the falling edge of CLK, the address counter is incremented by one and the state of the next bit is output.
Compare user password subroutine (address 0AH, 0BH)
CPSC: MOV R0, #CMM+2
MOV R1, #06
MOV R2, #02
LCALL MVITI
MOV A, #0AH
LCALL SADR; addressing
MOV R0, #06
LCALL BJMMRET
; comparison password program
BJMM: CLR ICREST
CLR ICPGM
MOV R2, #02
BJMM1: MOV A, @R0
MOV R3, #08
BJMM2: RLC A
MOV ICSDA, C
NOP
SETB ICCLK
NOP
CLR ICCLK
NOP
DJNZ R3, BJMM2
INC R0
DJNZ R2, BJMM1
MOV R2, #08; check 8 digits
BJMM4: SETB ICSDA
NOP
MOV C, ICSDA
JC BJMM5; is 1 turn
SETB ICCLK ; pointing to the next bit
NOP
CLR ICCLK
NOP
DJNZ R2, BJMM4
LJMP BJMM8; counter is 00, card lock is dead
BJMM5: SETB ICPGM
NOP
CLR ICSDA; write 0
NOP
SETB ICCLK
NOP
CLR ICPGM
NOP
LCALL DELY5
CLR ICCLK
NOP
SETB ICSDA
NOP
MOV C, ICSDA
JNC BJMM6
LJMP BJMM7; not written to 0, turn error
BJMM6: SETB ICPGM
NOP
SETB ICSDA; write 1 (erase)
NOP
SETB ICCLK
NOP
CLR ICPGM
NOP
LCALL DELY5
CLR ICCLK
NOP
SETB ICSDA
NOP
MOV C, ICSDA
NOP
SETB ICCLK
JNC BJMM7 ; erasing unsuccessful (password error)
SETB FGICG1; proofreading password mark
RET
BJMM7: CLR FGICG1; built password error mark
RET
BJMM8: SETB FGICG2; card lock sign
RET
(4) Write operation: The write operation actually contains two types: when the written data is "0", this operation is called "write operation". When the written data is "1", this operation is called "erasing operation". The "write operation" can be performed in bits. However, the "erase operation" can only be done in bytes. Even if only a single bit is erased during operation, the result of the execution will cause all 8 bits of the byte in which this bit is located to be set to "1".
For any area of ​​the chip that allows writing or erasing, the necessary condition for performing writing and erasing is that the chip's SV flag is "1".
Note: In the state where CLK is low, the PGM terminal goes from "0" to "1", and after a "program setup time" (Tspr), the CLK terminal goes from "0" to "1" (this time is written) At the beginning of the in/erb operation, the Tds (data settling time) before this is given the write data from the outside to the I/O line. The CLK terminal should remain at least 5ms (Tchp) after the "1" state, and the CLK terminal goes from "1" to "0" (this is the end of the write/erase operation). It should be noted that the falling edge of the CLK terminal that ends the write operation does not increment the address counter, but simply reads the "data" just written to externally verify the "write operation".
WICD: MOV A, #KDWDZ; send erase card low first address
LCALL SADR; seek address
MOV R2, #30; erase 30 bytes
LCALL CPESC3; erase
MOV R0, #RAMDZ ; the data address to be written in the RAM of the CPU
MOV R2, #30; write 30 bytes
WICDA: MOV A, @R0
LCALL WICDAA
INC R0
DJNZ R2, WICDA
RET
; Write a subroutine to the IC card
WICDAA: MOV R3, #08
WICDAB: RLC A
JC WICDAC; this bit is 1, turn
SETB ICPGM; open programming bit
SETB ICPGM
MOV ICSDA, C
MOV ICSDA, C
SETB ICCLK
SETB ICCLK
CLR ICPGM; close programming bit
CLR ICPGM; close programming bit
LCALL DELY5; delay 5MS
CLR ICCLK
CLR ICCLK
WICDAC: SETB ICCLK
SETB ICCLK
CLR ICCLK
DJNZ R3, WICDAB
RET
; Erase application area 1
CPESC3: SETB ICPGM; open programming bit, erase graylist entry
SETB ICPGM
SETB ICSDA
SETB ICSDA
SETB ICCLK
SETB ICCLK
CLR ICPGM; close programming bit
LCALL DELY5; delay 5MS
CLR ICCLK
CLR ICCLK
SETB ICCLK
SETB ICCLK
CLR ICCLK
MOV R3, #07
CPESC4: SETB ICCLK
SETB ICCLK
CLR ICCLK
CLR ICCLK
DJNZ R3, CPESC4
DJNZ R2, CPESC3
RET
; Delay (R7)
DELY5: MOV R7, #0AH; 5 ms delay
DELY: PUSH 07
DLY1: PUSH 07
DLY2: PUSH 07
DLY3: DJNZ R7, DLY3
POP 07
DJNZ R7, DLY2
POP 07
DJNZ R7, DLY1
POP 07
DJNZ R7,DELY
RET
Conclusion
With the rapid development of IC card technology, the demand in the fields of financial institutions, state organs, companies, and education departments is becoming more and more urgent, and the application is more and more extensive. We have implemented the use of IC cards for refueling in petrochemical system refueling stations. Some practical sub-procedures for successful commissioning are now available to everyone for reference.
LED Cone,Inflatable Cone,Inflatable Tusk
Mengzan Hometex Co., Ltd. , http://www.hzbeanbags.com