Inside Secure ACCESSO Desktop Reader User Manual Couverture

Inside Secure Desktop Reader Couverture

Users Manual

Accesso 2G - Datasheet - Accesso 2GDS 1Version 1.1INSIDE CONTACTLESSACCESSO 2GDESKTOP READER13.56 MHz for ISO chips- 14 443 type A and B- 15 693- FeliCaDATASHEETChips > Packaging > Readers > more...
Accesso 2G - Datasheet - Accesso 2GDS 2Version 1.1Content CHAPTER 1 :ACCESSO DESCRIPTIONSystem Integration 7Dimensions and Pin Co-ordinates 8Mechanical Interface – Component View 8CHAPTER 2CONNECTIONPower supply 10Characteristics 10USB Interface 11PC drivers installation 11Baud rate 11Coupler’s Inputs and Outputs 12How to reset the coupler 13Software reset 13
Accesso 2G - Datasheet - Accesso 2GDS 3Version 1.1CHAPTER 3COMMAND INTERFACEREFERENCE MANUALHOST - COUPLER protocol 2description 2Coupler commands overview 5SELECT_CARD 6SELECT_PAGE 8TRANSMIT 10GET_RESPONSE 12READ_STATUS 13SET_STATUS 14Modifiable parameters 15Coupler’s INPUTs AND OUTPUTS 16EEPROM free area 16DISABLE_COUPLER 17DISABLE_COUPLER ENHANCED 18ENABLE_COUPLER 19ASK_RANDOM 20LOAD_KEY_FILE 21SELECT_CURRENT_KEY 22DIVERSIFY_KEY 23GET_CONFIG 24
Accesso 2G - Datasheet - Accesso 2GDS 4Version 1.1CHAPTER 4USER’S GUIDEManaging INSIDE chips 2Security configuration 3Selecting a chip 4Selecting a page 5Reading chip memory 6Writing chip memory 7Halting a chip 8How to work with several chips in the field 9Managing INSIDE’s chips protocols 10Managing the security 11INSIDE chips security 11Key loading 13How to set a key as the active one 14How to authentify a chip 15How to authentify a PAGE 15Protecting the keys 16Managing STANDARD chips protocols 17Time out adjustment 1715 693-3 protocol 17ISO 14 443 type A 18ISO 14 443 type B 18FeliCa ( new version) 18Managing the RF field 19How to reset the RF field ? 19How to asleep the coupler 19How to wake up the coupler 19APPENDIX AHOW TO LOAD A KEY IN A COUPLERExchange key 21General key loading procedure 21Terminology and notation 22Key loading step by step 22Algorithms 23Key permutation 23Checksum byte calculation 23Load key checksum calculation 23APPENDIX BERROR CODE
Accesso 2G - Datasheet - Accesso 2GDS 5Version 1.1Main Features :√√√√√USB interface√√√√√Security management:!Security module!Secure key loading√√√√√Secured Key Storage√√√√√Contactless interfaces:!ISO 15 693!ISO 14 443 type A!ISO 14 443 type B!FELICA TM√√√√√Contactless transmission of data and energy supply√√√√√Carrier frequency: 13.56MHz√√√√√Transparent mode for contactless data exchange√√√√√Low power consumption < (To be defined)√√√√√Stand by mode for low power standby current consumption < (To be defined)√√√√√Operating temperature range: -20°C to +50°C√√√√√CE approval capabilitiesProduct Ordering CodeProduct Ordering code Package ToolsDesktop USB reader ACCESSO 2G Black andYellow -OEM USB Reader ACCESSO 2G OEM PCB -
Accesso 2G - Datasheet - Accesso 2GDS - 6Version 1.1FCC AND CE COMPLIANCEFederal Communications Commission (FCC) Part 15 statementThis equipment has been tested to FCC requirements and has been found acceptable foruse. The FCC requires the following statement for your information :This equipement generates and uses radiofrequency energy and if not installed and usedproperly, that is, in strict accordance with the manufacturer’s instructions, may causeinterference to radio and television reception. It has been tested and found to comply withthe limits for a Class B computing device in accordance with the specifications in part 15of FCC rules, which are designed to provide reasonable protection against such interferencein a residential installation. however, there is no guarentee that interference will not occurein a particular installation. If this equipment does cause interference to radio or televisionreception, which can be determined by tuning the equipment off and on, the user isencouraged to try to correct the interference by one or more of the following measures:•If using an indoor antenna, have quality outdoor antenna installed•Reoriant the receiving antenna until interference is reduced or eliminated•Move the radio or television receiver away from the receiver/control•Move the antenna leads away from any wire runs to the receiver/control•Plug the receiver/control into a different outlet so that it and the radio or televisionreceiver are on different branch circuits.This device complies with part 15 off the FCC rules. Operation is subject to the followingtwo conditions : (1) this device may not cautse harmful interference, and (2) : this devicemust accept any interference received, including interference that may cause undesiredoperation.If necessary, the user should consult the dealer or an experienced radio/television technicianfor additional suggestions. The user or master may find the following booklet prepared bythe Federal Communication Commissions helpful: «Interference Handbook».This booklet is available from the US Government Printing Office, Washington, DC 20402.The user shall not make any changes or modifications to the equipment unless authorizedby installation instructions or User’s Manual. Unauthoriezd changes or modifications couldvoid the user’s authority to operate the equipment.Model : ACCESSO FCC ID : Q45ACCESSO This device is certified to comply with Class B limits. Part 15 of FCC rules. See instruction manual. Made in France Electrical Rating: 5.0V " 50mA Tested To Comply With FCC Standards
Accesso 2G - Datasheet - Accesso 2GDS 6Version 1.1 CHAPTER 1 :ACCESSODESCRIPTIONACCESSO and M260H are couplers developed by INSIDEContactless for managing the RF communication interface with 13.56MHz standard chips.They have the following features :"""""Operating frequency 13.56MHz"""""Host interface USB"""""Target applications Proximity and short rangeapplications"""""Target chip All INSIDE’s chips, 15693 chips,14443 chips (type A and type B),FELICA TMYou will find in this chapter ...!!!!!Coupler’s mechanical characteristics (PIN position, size...)
Accesso 2G - Datasheet - Accesso 2GDS 7Version 1.1System IntegrationProcessor EmitterReceiverPower SupplyUSB communication managerAntennaReader Block Diagram
Accesso 2G - Datasheet - Accesso 2GDS 8Version 1.1Dimensions and Pin Co-ordinates65 mm 102 mm27.6 mmMechanical Interface – Component View
Accesso 2G - Datasheet - Accesso 2GDS 9Version 1.1CHAPTER 2CONNECTIONThis chapter describes :!How to power the coupler!How to communicate with the coupler through the USB line
Accesso 2G - Datasheet - Accesso 2GDS 10Version 1.1Power supplyCharacteristicsAccesso readers are supply directly through the USB line.Pin Description Min. Typical Max. UnitVDD DC voltage TBD TBD TBD VRipple < 30MHz TBD mVssSupply current TBD mElectrical characteristics
Accesso 2G - Datasheet - Accesso 2GDS 11Version 1.1USB InterfaceCommunication with the reader is done using a serial protocol through USB interface.PC drivers installation! Plug the coupler! At PC request for driver, choose the one supplied with the ACCESSO kit (CD Rom).Baud rateThe default data rate is set at 9600 bauds, but this can be changed by software to selectlower data rates :!9600 (default value)!115200
Accesso 2G - Datasheet - Accesso 2GDS 12Version 1.1Coupler’s Inputs and OutputsACCESSO and M260H has no input, and one output for the embedded LED.This LED is controlled by software and can have the following colors :•Green•Orange•RedUse the Set Status command to control the LED control.
Accesso 2G - Datasheet - Accesso 2GDS 13Version 1.1How to reset the couplerResetting the coupler may be useful to set the parameters (speed, disable mode, protocolsettings, keys ) to the defaults values. All these values are stored in coupler’s internalEEPROMSoftware resetIt is possible to reset the coupler’s EEPROM by sending 2 commands thanks to the SETSTATUS command.Command = $80,$F4,$80,$3E,$01 - Data = $00Command = $80,$F4,$80,$7E,$01 - Data = $00Then the coupler has the default setting : 9600 bds, defaults protocols....
Coupler - Reference manualRM 1Version 1.1CHAPTER 3COMMAND INTERFACEREFERENCE MANUALIn this chapter you will find the command format, and the descriptionof all the commands used by the coupler.User may refer to this chapter to find the following information :!!!!!low level description of data exchange between couplerand host, mainly when using microcontroller or anautomat!!!!!check the signification and/or a value of a commandparameter
Coupler - Reference manualRM 2Version 1.1HOST - COUPLER protocolDESCRIPTIONThe commands are modeled on the ISO 7816 command set. This protocol is used by allINSIDE’s couplersA typical protocol exchange includes:1. The host sends a command to the coupler2. The coupler executes the command3. The host receives a response from the couplerCoupler command is always constituted of 5 bytes :•CLASS : always 80h•INSTRUCTION : command to be executed by the coupler (like SelectCard)•P1 : Command parameter•P2 : Command parameter•P3 : Command parameterDepending on the command, coupler answers data, status words.There are 4 cases of data exchange:Case Host to coupler Coupler to Host ISO Type1 None None ISO None2 None Yes ISO Out3YesNoneISO In4 Yes Yes ISO In / OutNote : In case 4, data has to be sent and received from the coupler. With T=0 protocol, itis not possible in a single command, so this command has to be split into 2 commands:
Coupler - Reference manualRM 3Version 1.1ISO In : The host sends a command + data and receives the status words.ISO Out : The host sends a command and receives data + the status words.Coupler with firmware former than 40-017F has only ISO NONE, ISO IN and ISO OUTprotocol available.In all cases, status words are returned (SW1 and SW2).Case 1: ISO None Data ExchangeHost Cla. Ins. P1 P2 P3Coupler SW1 SW2nb of bytes 2 bytesStatus words 5 bytesCommand Case 2 : ISO Out Data Exchange - Coupler ##### HostAck. DataHost Cla. Ins. P1 P2 P3Coupler = Ins. data SW1 SW2nb bytes 1 = P3Status words25Command Class : always 80hInstruction : command codeP1 & P2 : command parametersP3: number of data bytes expected from the couplerAck. : coupler acknowledgement. It is always equal to the command code, except whenan error occurs. If the Acknoledgement value is different than the instruction byte, thenthe received byte is the first byte of a status error code coded on 2 bytes.Data : data sent to the host by the coupler. Size of the command has to be P3.Status word : 90 00h if correct, error code.Case 3: ISO In Data Exchange - Host ##### CouplerAck. DataHost Cla. Ins. P1 P2 P3 DataCoupler = Ins. SW1 SW2nb bytes 1 = P3Status words25Command Class : always 80hInstruction : command codeP1 & P2 : command parameters
Coupler - Reference manualRM 4Version 1.1P3: number of data bytes sent to the coupler.Ack. : coupler acknowledgement. It is always equal to the command code, except whenan error occurs. If Acknowledgement value is different than instruction byte, then thereceived byte is the first byte of a status error code coded on 2 bytes.Data : data sent by host to the coupler. Size of data array has to be P3.Status word : 90 00h if correct / error code.Error : If the Acknowledgement value is different than the instruction byte, then the receivedbyte is the first byte of a status error code coded on 2 bytes.Case 4 : ISO InOut Data Exchange - Host ⇔⇔⇔⇔⇔ couplerAck. Data in Ack. Data outHost Cla. Ins. P1 P2 P3 Data inCoupler = Ins. = Ins. Data out SW1 SW2nb bytes 1 = P3 1 =P252Command Status wordsClass : always 80hInstruction : command codeP1 : command parametersP2 : number of data bytes expected from the coupler.P3 : number of data bytes sent to the coupler.Ack. : coupler acknowledgement. It is always equal to the command code, except whenan error occurs. If Acknowledgement value is different than instruction byte, then thereceived byte is the first byte of a status error code coded on 2 bytes.Data : data sent to the host by the coupler. Size of the command has to be P3.Status word : 90 00h if correct / error code.
Coupler - Reference manualRM 5Version 1.1Coupler commands overviewCommand INS DescriptionSELECT_CARD ‘A4h’ Selects one contactless card following list ofpossible cards in the fieldSELECT_PAGE ‘A6h’ Selects a page in a multi-application chipTRANSMIT ‘C2h’ Sends and retrieve data from chip throughcontactless interface : Transparent modeGET_RESPONSE ‘C0h’ Reads the internal buffer of the coupler to retrievechip answer for ISO 7816 T=0 protocol.Command INS DescriptionREAD_STATUS ‘F2h’ Reads coupler status or EEPROM memory.SET_STATUS ‘F4h’ Sets the coupler status or write in EEPROMmemory.DISABLE_COUPLER ‘ADh’ Disables the coupler. it will only respond after aENABLE_COUPLER command.ENABLE_COUPLER ‘AEh’ Enable the coupler. It wakes up the coupler aftera DISABLE_COUPLER command.Security module functions :Command INS DescriptionLOAD_KEY_FILE ‘D8h’ Load new master keys for authenticationpurposes.ASK_RANDOM ‘84h’ Ask for a random number from the coupler.SELECT_CURRENT_KEY ‘52h’ Select the key to be used for authenticationpurposes.
Coupler - Reference manualRM 6Version 1.1SELECT_CARDUseSelect a card in order to get the serial number. This command manages anti-collision andauthentication features.This command is able to test several communication protocol. It answers the number ofprotocol used to select the card.Prototyping"Command sent : A4h"Command type : ISO outHost 80h A4h P1 P2 P3Coupler A4h Card type Serial number 90h 00hParametersBit 76543210Function - - Key Auth Presel. Loop Halt WaitP1: Parameter used for contactless configurationIMPORTANT: ‘ – ‘ are reserved for future use, and values should be set to 0.WAIT :1: Wait until a card is selected or a character received from the host (e.g. PC).0: Exit if no card is detected after 3 attempts.Note: When SELECT_CARD uses the option «LOOP», the coupler sendsACK=60h (See T=0 specifications) after each unsuccessful selection untila card is selected. When a card is selected, «90h 00h» is returned. In orderto stop this scanning, host has to send a byte through the RS232 interface.HALT: 1: Halts card after selection for fast serial numbers capture.0: No halt after selection.LOOP: 1: returned a frame composed of ACK | CARD TYPE | SN | 9000h or wait character60h0: no loop performed.PRE: 1: Increases pre-selection with INSIDE CONTACTLESS anti-collision and a largenumber of cards.0: Standard anti-collision (best for 5 cards max.).
Coupler - Reference manualRM 7Version 1.1AUTH:1: Performs a standard INSIDE authentication.Authentication is performed if the key is set as the current key.Please refer to appendix A : «How to low a key» for key loading and key managementoperations details.0: Does not perform an authentication.KEY: 1: Authenticates with Debit Key (Kd = Key 1) if AUTH is set.0: Authenticates with Credit Key (Kc = Key 2) if AUTH is set.P2: Parameter used for selecting the card types to be readb7 - b4 b3 b2 b1 b00 Protocol 3 Protocol 2 Protocol 1 Protocol 0INSIDE couplers manage the following protocols :- Protocol 0 : ISO 14 443 type B & Inside anticollision (only for INSIDE chip)- Protocol 1 : ISO 15 693 & Inside anticollision (only for INSIDE chip)- Protocol 2 : ISO 14 443 type B-3- Protocol 3 : User defined protocol - see «Other ISO chip management» chapter for moreinformation about Protocol 3 use.If bit related to protocol x is set to one, coupler will run an anticollision using this protocol.If several protocols are selected, coupler will test all of them, starting from protocol 0 toprotocol 3.P3: Number of bytes to be return by the couplerSet P3 = 09h for reading Pico Family Chips serial numbers.Response: Card type (1 byte) and serial number (8 bytes)Card type is the protocol number used by the card that has been selected for its answer.For 15 693 INSIDE’s chips, card type value is 1 as protocol 1 is used for selection. Thisvalue is the one to use to indicate protocol in the transmit command.
Coupler - Reference manualRM 8Version 1.1SELECT_PAGEUseThis command is used to select and authenticate in an INSIDE multi-application chip(8*2Ks...).Prototyping"Command sent : A6h"Command type : ISO OutHost 80h A6h P1 P2 08hCoupler A6hChip 's configuration block90h 00hParametersBit 76543 2 10Function ----AuthPage selection Protocol typeP1: Parameter used for contactless configurationb3 : Auth0 - Does not perform authentication after PAGESEL.1 - Performs authentication after PAGESELb2: Select Page0 - Does not send the PAGESEL command before authentication1 - Sends the PAGESEL command with page contained in P2 before authenticationNote : b2=b3=0 imply that no operation is performedb1-b0: Protocol type:This command can only work with PICO family chipsContactless Communication Protocol00 ISO14 443 B PICO family chips01 ISO15 693 PICO family chips10 ISO14 443 B-311 User’s protocol
Coupler - Reference manualRM 9Version 1.1P2 : Page number to select and authenticate and cryptographic key to useBit 76543210Function - Page numberReader key numberb7-b4 : Reader key numberNote : 0 correspond to Kd0, 1 to Kc0, …, 14 to Kd7 and 15 to Kc7.This is the reader key number to use during authentication. The reader will use thiskey number (EEPROM) to diversify and authenticate the requested page with Kd orKc.b3 : Page’s key to use to perform the authentication0 : authentication will be performed with page’s debit key.1 : authentication will be performed with page’s credit key.b2-b0 : Page number to selectP3 : Chip answer lengthThis parameter has to be set to 8 as the chip answers the page’s configuration block (8bytes).
Coupler - Reference manualRM 10Version 1.1TRANSMITUseTransmits data from the coupler to the chip and read back chip response.This command is the one to use to read and write data in the chip.Prototyping"Command sent : C2h"Command type : ISO In / OutHost 80h C2h P1 P2 P3 DataCoupler C2h Chip answer 90h 00hP1 : Defines the contactless communication protocolP2 : Chip answer lengthP3 : Chip command and dataParametersP1: Parameter used for contactless configurationBit 7654 3 210Function Send CRCCheck CRCSend signatureISO typeRF protocol typeTime outb7: Send CRC:1: The coupler automatically sends the CRC (function of the Data bytes) to thechip. Coupler uses the CRC associated to the choosen protocol (bit 1 & 0)0: Only P3 data bytes are sent.b6: Compare CRC:1: Compares the returned CRC with the expected value calculated by the coupler(verify the data sent by the chip).0: CRC is not checked.b5-b4: Time Out:The time out value depends of the protocol used (b1 and b0 values).The time out is the time from the command’s EOF (End Of Frame) to the chipresponse SOF (Start of Frame).Bits 4& 5 Time-out 15 693Time-out 14 44300 800 µs 200 µs01 4 ms 1 ms10 24 ms 6 ms11 40 ms 10 m
Coupler - Reference manualRM 11Version 1.1b3: Send Signature:1: Send a cryptographic signature calculated thanks to the coupler security module.This option may be used only for UPDATE command performed on secure PICOfamily chip. Set this value to 0 for non secure chip or any other manufacturer chips0: Cryptographic signature is not sent.b2 : HOST - COUPLER protocol type1 : Communication is ISO IN-OUT. Coupler send back the data as soon as itreceives chip answer.0 : Commucation between HOST and coupler follows the ISO 78-16 T=0 protocol.Thus TRANSMIT command is only ISO IN, and user has to use the GET REPONSEcommand to retrieve chip DATA from the coupler.b1-b0: Protocol type:Defines the contactless communication protocol number to be used. Whencoupler’s EEPROM is set with the default values, the protocol types are as follows:Contactless Communication Protocol00 ISO14 443 B PICO family chips01 ISO15 693 PICO family chips10 ISO14 443 B-311 User protocol (default value : ISO 14 443 A-3)P2 : Number of data bytes received from the chip after transmission of thecommand.If the Compare CRC bit of P1 is enabled, P2 should not include the CRC bytes.Note: P2<=35 (23h).P3 : Number of bytes in the data field of the command.If the Send CRC or the Send Signature bit of P1 is enabled, P3 should not include theCRC bytes or the signature.Note: P3<=32 (20h).Data: Commands and data to send to the chipAll PICOTAG commands are detailed in PICOTAG datasheet.Response:$Chip answer$Status word.
Coupler - Reference manualRM 12Version 1.1GET_RESPONSEUseThis command returns the value contained in the internal buffer of the coupler.It has to be used to get chip answer when the TRANSMIT command is used with the ISOIN type to retreive the chip answer.Prototyping"Command sent :C0h"Command type : ISO outHost 80h C0h 00h 00h P3Coupler C0h Coupler buffer 90h 00hParametersP3: Number of bytes of the coupler response. It has to be less than 35 (23h).Response : Coupler’s buffer and status words
Coupler - Reference manualRM 13Version 1.1READ_STATUSUseThis command is used to get coupler parameters (communication speed…).Prototyping"Command sent : F2h"Command type : ISO outHost 80h F2h P1 P2 01hCoupler F2h Read bytes 90h 00hParametersP1: type of parameter to readb7 - b2 b1 - b00 (RFU) Parameter locationb1-b0 : Parameter location$00 : Parameter value is read in coupler’s EEPROM (setting when poweron)$01 : Coupler’s I/O$10 : Reserved for Future Use$11 : Parameter value is read in coupler’s RAM (current setting)P2: set the parameter address to readValid values for P2 according to P1 value:$EEPROM: 00h to FFh.$I/O: 05h and 07h.$Parameter: 50h to 6Fh.Response : byte value at the transmitted address + status wordNote: When reading the I/O, the Read byte returned indicates the IN1, OUT1, OUT2 pinstates as follows: (OUT2P is connected to VDD via a 1kÙ- resistor).I/O Addressb7b6b5b4b3b2b1b005h : Output----OUT2OUT1--07h : Input-------IN
Coupler - Reference manualRM 14Version 1.1SET_STATUSUseThis command sets configuration parameters and coupler’s I/O :"Communication speed"Protocols"State at Power ON"2 outputs & 1 inputThe various parameters and data used by INSIDE couplers are stored in the EEPROM.When coupler is powered on, a part of these parameters are load in coupler’s RAM, sothat parameters may be modified in coupler’s EEPROM and in coupler’s RAM.For a given parameter, RAM and EEPROM address are the same. For example, speedparameter is located at address 6Dh for both RAM and EEPROM.!When updating a value in the coupler’s EEPROM, this value will be the defaultvalue after turning the coupler on.!When updating a value in the coupler’s RAM, this value will be the current valueuntil the next Power Off.!When writing to EEPROM occurs, EEPROM parameters are reloaded into processormemory (RAM).Prototyping"Command sent : F4h"Command type : ISO InHost 80hF4hP1 P201h DataCoupler F4h 90h 00hParametersP1: Sets the type of configuration parameter to updateb7 b6 b5-b2 b1 - b0Reset coupler Reset magnetic field - (RFU) Addressb7 : Resets couplerif this bit is set to 1, coupler will fully reload EEPROM in RAM as if the coupler is poweredon.Note : when b7 = 1, the coupler responds 3Bh 00h.
Coupler - Reference manualRM 15Version 1.1b6 : Reset magnetic fieldMagnetic field is cut for 20 ms.When this bit is set to 1, coupler will execute no other action, including EEPROM or RAMupdate.b5-b2 : RFU (reserved for future use)b1-b0 : Parameter location"00 : Parameter value is read in coupler’s EEPROM (setting when poweron)"01 : Coupler’s I/O"10 : Reserved for Future Use"11 : Parameter value is read in coupler’s RAM (current setting)P2: Sets the parameter address to updateValid values for P2 according to P1 value:"EEPROM : 00h to 07h and 3Eh to FFh."I/O : 05h, 06h, 07h."RAM : 50h to 6Fh.Response: Status wordsMODIFIABLE PARAMETERSUser can change the following parameters in coupler’s memory :"Protocols - Please refer to «Managing ISO protocol with INSIDE coupler» applicationnote for more information about protocol management"Serial communication speed - from 9600 to 424000 bauds depending on thereaderName Address State Hex. value Available on...9600 57h19200 2Dh38400 15h57600 0Eh115200 06hSerial communication speed6Dh All readersNote 1 : When updating the COMSPEED parameter, the coupler returns the Status Wordswith the previous COMSPEED before the COMSPEED update.Example : the baudrate is set to 9600 bauds and needs to be temporarily updated to 115200 bauds.Send a SET_STATUS command (80h F4h 03h 6Dh 01h & 06h). The coupler responds(Status words) using 9600 bauds."State at power on - Is coupler emitting a field when it is powered on ? (please referto ENABLE and DISABLE command chapters)
Coupler - Reference manualRM 16Version 1.1Name Address State Hex. value Available on...Enable 01hDisable 00h All reader42hState at power onNote 2 : The ACTIVATE AT POWER ON parameter defines the state of the coupler whenyou turn it on.If you turn the coupler on and if 00h is written in the EEPROM at address 42h , it will be«asleep» until you send an ENABLE_COUPLER command.IMPORTANT NOTE : If change in the EEPROM is followed by a reset of the couplerand if address 42h contains 00h then the coupler will be asleep until you send anENABLE command.COUPLER’S INPUTS AND OUTPUTSPlease refer to chapter 1 for connection.Reader Input / Output I/O address Command to use ValueOUT1 05h - Bit 1 Set StatusOUT 2 05h - bit 2 Set StatusIN 1 07h - bit 0 Read StatusM22xH OUT 05h - bit 2 Set StatusM302H OUT 06h - bit 4 Set StatusByte value & color04h : Red08h : Orange0Ch : GreenBit at 0 : low levelBit at 1 : High levelM21xHSet Status05hLEDACCESSOEEPROM FREE AREAUser can use EEPROM bytes from 70h to 7Dh to write some data.
Coupler - Reference manualRM 17Version 1.1DISABLE_COUPLERUseThe coupler goes in SLEEP mode that allows low power consumption and RF carrier isdesactivated.After this command, the coupler will not respond to any command except theENABLE_COUPLER command.A new feature available only on M21xH 2G is that coupler can detect if a card approachthe antenna and wake up on its own.Prototyping"Command sent : ADh"Command Type : ISO noneHost 80h ADh BCh DAh 01hCoupler 90h 00hParametersResponse: Status wordsNote : It is possible using the SET_STATUS command to have the coupler in a sleepmode each time it turns on. The coupler will then be asleep until you send anENABLE_COMMAND. Please refer to the SET_STATUS command for activating thisfeature.
Coupler - Reference manualRM 18Version 1.1DISABLE_COUPLER ENHANCEDUseAs the DISABLE_COUPLER command, this specific version enables the user to asleepthe reader.But M210H 2G and M260H 2G have the possibility to detect that a card approaches theirantenna.As sooon as the card is detected, the coupler will turn the RF field on, and start a cardselection.If no card answers to the anticollision process, the coupler go back asleep. If a card isselected, then the coupler stay awake.Prototyping"Command sent : ADh"Command Type : ISO noneHost 80h ADh BCh P2 01hCoupler 90h 00hParametersP2 : specify the anticollision to process when a card is detected. If several bit are set at 1,all selected anticollision will be performed.b7 b6 b5 b4 b3 b2 b1 b0-0-Pulse OUT1Ant3 Ant2 Ant1 Ant0•If Antx bit is set, then the anti-collision x will be processed else not.•If no Antx is set, then the coupler will wake-up only by detecting a field change overthe reader.•If b4 is set, then the OUT1 PIN is set to high for 10 ms when a card is selected.Note : It is possible using the SET_STATUS command to have the coupler in a sleepmode each time it turns on. The coupler will then be asleep until you send anENABLE_COMMAND. Please refer to the SET_STATUS command for activating thisfeature.Note : This command is only available on : - M210-2G - ACCESSO-2G
Coupler - Reference manualRM 19Version 1.1ENABLE_COUPLERUseThis command restores a normal coupler running, with RF emission.This command can only be used after a DISABLE_COUPLER command or if the coupleris desactivated after power on.Prototyping"Command sent : AEh"Command type : ISO noneHost 80h AEh DAh BCh 00hCoupler 3Bh 00hParametersResponse : Status wordsThe coupler will respond «Instruction not recognized» (6Dh 00h) if already activated.Important note : You have to send the ENABLE_COUPLER command in a windowof 16ms. To be sure that your command will be received, send it twice. The timebetween the sending of the 2 commands has to be less than 10 ms.This is automatically done when using MX.Enable method (ActiveX component).
Coupler - Reference manualRM 20Version 1.1ASK_RANDOMUseThis command returns an 8 bytes random value from the coupler.This command has to beused to initialize the key loading procedure.Prototyping"Command sent : 84h"Command type : ISO outHost 80h 84h 00h 00h 08hCoupler 84h Random number 90h 00hParametersResponse : Random number; Status words
Coupler - Reference manualRM 21Version 1.1LOAD_KEY_FILEUseThis function loads into the coupler’s security module a key to be used for authenticationand security purposes.Key loading is a security sensitive operation. In order to protect the confidentiality of thekeys transferred to the coupler, data is encrypted. A 4-byte checksum is also sent inorder to guarantee the authenticity of the data, which could be corrupted either throughtransmission errors or by a deliberate attempt to fraud the system.Refer to «Coupler’s key loading» chapter for more information about security and the wayto calculate encrypted key and checksum.Prototype"Command sent : D8h"Command type : ISO InHost 80h D8h P1 P2 OCh DataCoupler D8h 90h 00hParametersP1 : Parameter used for key operations00: Load and activate the key pointed by P2.01: Deactivate the key pointed by P2 (Forbidden option to Exchange Key Ke).02: Delete the key pointed by P2 (Forbidden option to Exchange Key Ke).Others value are reserved for future use.Notes:With the 00 option, this command will replace the old value of the key with the new value.With the 01 and 02 options, the command has to be sent with 12-byte data at any value(Data = XX XX XX XX XX XX XX XX XX XX XX XX).When a key is deactivated, you need to reload it to reactivate the key.P2 : Key number.00h - Exchange Key Ke: used for key loading operation.01h - Debit Key Kd002h - Credit Key Kc003h - Debit Key Kd104h - Credit Key Kc1.....0Fh - Debit Key Kd710h - Credit key Kc7Data:This field contains:"the 8-byte encrypted master key"the 4-byte checksumResponse: Status Words
Coupler - Reference manualRM 22Version 1.1SELECT_CURRENT_KEYUseThis function allows to choose a key for future authentications. A key that has beendeactivated or deleted cannot be selected. Only one of the 16 keys can be current at thesame time.Prototype"Command sent : 52h"Command type : ISO InHost 80h 52h 00h P2h 08h 8 * 00hCoupler 52h 90h 00hParametersP2 : Key number01h - Debit Key Kd002h - Credit Key Kc003h - Debit Key Kd104h - Credit Key Kc1.....0Fh - Debit Key Kd710h - Credit key Kc7Remark: if the specified key is deactivated, the status bytes returned is 6Bh 00h.
Coupler - Reference manualRM 23Version 1.1DIVERSIFY_KEYUseThis function enables the user to calculate the result of key diversication with selectedchip serial number.The key diversified value is used for authentication and signature calculation while writinga secure chip.This can have 2 uses :- before an authentication (SELECT_PAGE or AUTHENTIFY command)- to calculate the keys that will be written in a chip during a personalization phase (onlyworking with a dedicated personalization coupler)Prototype"Command sent : 52h"Command type : ISO InHost 80h 52h 00h P2h 08h Chip serial numberCoupler 52h 90h 00hParametersP2 : Key number01h - Debit Key Kd002h - Credit Key Kc003h - Debit Key Kd104h - Credit Key Kc1.....0Fh - Debit Key Kd710h - Credit key Kc7Remark: if the specified key is deactivated, the status bytes returned is 6Bh 00h.
Coupler - Reference manualRM 24Version 1.1GET_CONFIGUseThis command is used to read the ID of the MCU part.Prototype"Command sent : CAh"Command type : ISO InHost 80h CAh 00h 00h 09hCoupler CA ID (8) Code Info (1) 90h 00hParametersData : MCU part’s IDCode Info (1 byte) : RFU
Chips and readers- USER’S GUIDEUG 1Version 1.0CHAPTER 4USER’S GUIDEIn this chapter ou will learn how to use the couplerto...!Use INSIDE chip!Manage the security
Chips and readers- USER’S GUIDEUG 2Version 1.0MANAGING INSIDE CHIPSThe various steps in INSIDE’s chips management are the following :!!!!!Set the used key (if your application is secured)!!!!!Select a chip!!!!!If it is a multi-application chip, select the page in which youwant to work!!!!!Read, Write data in the chip memory!!!!!Halt the chip to enable another chip selectionUsing INSIDE couplers, authentication and signature calculations aremanaged automatically by the SELECT_PAGE or the SELECT_CARDcommand. Just indicate in these commands that you want to use thesecurity features.In this chapter is just indicated the way and the functions and commandsto use to reach your goal. Please refer to the Reference Manuals for moreinformation about the functions and its parameters.In this chapter you will also learn :! ! ! ! ! how to manage the various protocol at low level or with theactiveX component! ! ! ! ! how to make a chips inventory and select a chip within severalones.
Chips and readers- USER’S GUIDEUG 3Version 1.0SECURITY CONFIGURATIONBefore using the security features, please take a look at the «Security management»chapter. You will find there basic principles on which is based INSIDE chips security.If your application is secured, you have to ...a. Load the key in the coupler. This operation has to be performed only once. As soon askeys are loaded, they are stored in the coupler’s EEPROM.b. tell to the coupler which key you want to use for your application (Kd1, Kc1, Kd2 ...)a. Loading the key...You have to indicate the following parameter :- Exchange key to enable you to load the key- New key value- Key number (is it «Debit Key 3», «Credit key 2»)!!!!!ActiveX : Mx.KeyLoading method!!!!!C Library : Clib_w_KeyLoading procedure!!!!!Low level : LOAD_KEY_FILE commandb. Activating the current key...Two commands are available to tell to the coupler which key you want to use. One hasto be used before the selectcard command, and the other before the SelectPage orAuthentify command if you want to use a key different than the one used to authentifythe chip (or if you selected the card without authentication).Use the following commands before the SelectCard command :!!!!!ActiveX method : Mx.CurrentKey property!!!!!C Library : CLib_w_SelectCurrentKey procedure!!!!!Low level : SELECT_CURRENT_KEY commandPlease refer to the chapter «Managing the security» for more details about the way itworks, and to the reference manual chapter for more details about the commands.Use the following commands before the SelectPage and Authentifycommands :!!!!!ActiveX method : Mx.DiversifyKey property!!!!!C Library : Clib_w_DiversifyKey procedure!!!!!Low level : DIVERSIFY_KEY commandPlease refer to the chapter «Managing the security» for more details about the way itworks, and to the reference manual chapter for more details about the commands.
Chips and readers- USER’S GUIDEUG 4Version 1.0SELECTING A CHIPDuring this operation, you will choose the protocol you want to use (14 443 type A, 14443 type B or 15 693), and if you want to authentify the chip. The answer will give you theprotocol used by the chip, and its serial numberSecurity... P1 value Which protocol... P2 valuenone 00h 14 443 B-2 01hKd authentication 30h 15 693 02hKc authentication 10h 14 443 B-3 04hThen use the following command :!!!!!ActiveX method : Mx.SelectCard (P1, P2, Type_SerialNumber)!!!!!C Library : Clib_w_SelectCard (P1, P2, Type_SerialNumber)!!!!!Low level : SELECT_CARD : 80h A4h P1h P2h 09h...Note 1 : Coupler will answer the protocol number used to communicate with the chip,and the chip serial number. This «protocol number» is the value to use with the TRANS-MIT command as «protocol value»Note 2 : The above table show 2 protocols ISO 14 443 type B!!!!! 14 443 type B-2 : RF protocol is the one defined in the 14 443 B standard level 2,and anticollision is INSIDE contactless one.!!!!! 14 443 type B-3 : RF protocol follows the 14 443 B standard level 2, and anticollisionis defined in 14 443 B standard level 3.
Chips and readers- USER’S GUIDEUG 5Version 1.0SELECTING A PAGEIf you are using a Multi-application chip ( 8*2K for example ) you have to select the pagein which you want to work.The SelectCard command selects by default page 0. The SelectPage command enablesyou to work in all other pages. It will manage the authentication if the page is secured.You have to enter... You will get...- page number - page configuration block (block 1)- key to use for authentication- protocol to useThen use the following command :!!!!!ActiveX method : Mx.SelectAuthPage (Key number, PageNumber, ConfigBlock)!!!!!C Library : Clib_w_SelectAuthPage (Key number, Protocol,PageNumber, ConfigBlock)!!!!!Low level : SELECT_PAGEHost 80h A6h P1 P2 08hCoupler A6hChip 's configuration block90h 00hThe following table gives you parameters to select and authenticate a secured page. P2values are just examples.Protocol P1 value... Page & key number P2 value...14 443 B 0Ch Key Kd1 & Page 1 21h15 693 0Dh Key Kc1 & Page 1 31h14 443 A 0Eh Key kd7 & Page 7 E7hNote : if the page is secured, use thediversify command to select in the coupler thekey that will be use for the authentication.
Chips and readers- USER’S GUIDEUG 6Version 1.0READING CHIP MEMORYYou will find a full memory description in the chip datasheet, but the easiest way todiscover the chip memory is to use the MX3 software (PICO MEMORY page).You have to enter... You will get...- block number - memory data- protocol to useThen use the following command :!!!!!ActiveX method : Mx.ReadBlock (BlockStart, BlockCount, ChipResponse)Mx.Read property : ActiveX component optimizes readingspeed by using READ or READ4 chip command depending on chip possibilities.!!!!!C Library : Clib_w_ReadBlock (BlockStart, BlockCount, Protocol,ChipResponse) Clib_w_ReadBlockBy4(BlockStart, BlockCount, Protocol,ChipResponse)!!!!!Low level : TRANSMIT command + 0Ch chip command (single read)+ 06h chip command (read4)All communication with a chip is done thanks to this command, including INSIDE’s chips.You will find there how to read one block with the 15 693 standard.Host 80h C2h C5h 08h 02h 0Ch AddhCoupler C2h Chip's answer 90h 00hYou can also use the Read4 chip command :Host 80h C2h C5h 20h 02h 06h AddhCoupler C2h Chip's answer 90h 00hNote : To use another protocol, just change the bit in P2 parameter.14 443 B-2 : Use 80h C2h C4h...14 443 B-3 : Use 80h C2h C6h...
Chips and readers- USER’S GUIDEUG 7Version 1.0WRITING CHIP MEMORYWhen writing data to a memory block you have to know if you are communicating to asecure or non secure chip. Parameters will be different as you ask the coupler to send ornot the signature to authenticate the data you want to write (this is automatically managedby the ActiveX component).!!!!!ActiveX method : Mx.WriteBlock (BlockStart, BlockCount, BlocksValue)!!!!!C Library : Clib_w_WriteBlock (BlockStart, BlockCount, Protocol, Auth,BlocksValue)!!!!!Low level : TRANSMIT command + 87h chip commandThis command enables you to write one block. The following example are for a 15 693communication.Non secure chipsHost 80h C2h E5h 08h 0Ah 87h Addh &DataCoupler C2h Written data 90h 00hSecure chipsHost 80h C2h 6Dh 08h 0Ah 87h Addh &DataCoupler C2h Written data 90h 00hNote : To use another protocol, just change the appropriate bit in P2parameter :Non secured chip : 14 443 B-2 : Use 80h C2h E4h...14 443 B-3 : Use 80h C2h E6h...Secured Chip : 14 443 B-2 : Use 80h C2h 6Ch...14 443 B-3 : Use 80h C2h 6Eh...
Chips and readers- USER’S GUIDEUG 8Version 1.0HALTING A CHIPThe following command halts the current selected chip :!!!!!ActiveX method : Mx.Halt!!!!!C Library : Clib_w_Halt (protocol)!!!!!Low level : TRANSMIT command + 00h chip commandHost 80h C2h 31h 00h 01h 00hCoupler C2h 90h 00hTIPS : to halt the chipas soon as you get itsserial number, use P1parameter in theSELECT_CARDcommandNote : To use another protocol, just change the appropriate bit in P2parameter :14 443 B-2 : Use 80h C2h 30h...14 443 B-3 : Use 80h C2h 32h...
Chips and readers- USER’S GUIDEUG 9Version 1.0HOW TO WORK WITH SEVERAL CHIPS IN THE FIELDHere is the basic algorithm to get serial numbers of all chips in a given RF field :Store chip serial number in a tableHalt the selected chipSelect the chip you want to work withSelect cardNo card selectedChips inventoryMake a loop with the SELECT_CARD COMMAND with HALT option enable (P1 = 02h).Chip selection with its serial numberUse the following command to select a given chip thanks to its serial number. The chipwill answer you its serial number.!!!!!ActiveX method : Mx.ReSelect (ChipSN)!!!!!C Library : Clib_w_ReSelect (ChipSN)!!!!!Low level : TRANSMIT command + 81h chip commandHost 80hC2hC5h08h09h 81h & Serial NumberCoupler C2h Serial number 90h 00hReplace C5h by C4h (C6) to use 14 443 type B-2 (type B-3) protocol.TIPS : The low levelcommandSELECT_CARDincludes an option thathalts the chip as soonas it is selected. Thisenables to earn timeby avoiding to send theHALT command. Justuse the following P1parameters : P1 =02h.
Chips and readers- USER’S GUIDEUG 10Version 1.0MANAGING INSIDE’S CHIPS PROTOCOLSLow level command and C libraryProtocols are always indicated in the command parameters (P2 for SELECT_CARD, P1for TRANSMIT). You will find the appropriate value in this User’s Guide, and in thedescription of each command in the «Reference manual».ActiveX componentThere are 2 command types :- Card selection- Select page, read, write...Card selectionWhen selecting a card, you set the protocol to use in P2 parameter of the Mx.SelectCardmethod. Coupler is able to test several protocols, and return the protocol use for carddetection.Other operation (Read, Write, SelectPage etc...)For any other operation, use the ActiveX propertie Mx.MxProtocolIndex to set theprotocol you want to use.This property is automatically set after a SelectCard command thanks to the value returnedby the coupler indicating the protocol use for card selection.If you want to change communication protocol when using a dual protocol chip(PICOPASS - 15 693 & 14 443 type B), just change this protperty value to the desiredone, and all activeX command for INSIDE chip will use this protocol.
Chips and readers- USER’S GUIDEUG 11Version 1.0MANAGING THE SECURITYINSIDE chips security is based on secret keys that protect and authentify the chip con-tent.On one hand, keys are stored in the chip. On the other hand, coupler includes a securitymodule in which are stored the application keys.Security is based on checking that keys are the same in the chip and in the coupler.First paragraph explains on what is based our security and what it is for :"Authentication"Signature"Diversified keysThe following paragraphs explain how to :"load the key into the coupler / SAM"select and / or authenticate a chip with a given keyINSIDE CHIPS SECURITYSecurity consists in protecting memory access and e-purse use by secret keys. Userwill be able to modify card content only if the coupler contains same secret keys asPICO chip.Security is checked several times :"""""Authentication : Just after having selected the chip user has to perform anauthentication before being able to access any memory data."""""Signature : for any memory modification the chip user has to send a signaturecalculated as a function of sent data, secret keys and chip serial number. Thus itis impossible to modify the chip content without knowing the application keys.In each security calculation, a diversified key is being used, based on the chip serialnumber and the application key.All security calculations are automatically manage by INSIDE’s couplers.Key diversificationTo ensure a reliable security, every security operation (authentication, signaturecalculation) is based on diversified key value.The diversified key is an 8 bytes result of calculation including chip serial number andkey value.Thus, 2 chips using same keys contain different diversified key values. This ensuresthat it is not possible to repeat some sequence registered on one card on another card. Secret Key Chip serial number Diversified Key + x % DES Key fortification algorythm Securitycontrol e-purse(stored value) manage-mentINSIDEsecurity protectsmemory from REA-DING and/or WRITING.Key diversifi-cation implies thateach securitycalculation is differentfor each cardSecurity isbased on :- key diversification- authentication-signature
Chips and readers- USER’S GUIDEUG 12Version 1.0AuthenticationAuthentication algorithm performs a mutual authentication.The principle is as follows : Data are exchanged then both device perform secretcalculations on them to obtain 2 results on 4 bytes. Authentication is done if they get thesame results. The chip first checks coupler’s response then reader verifies chip’s results.1. Coupler and chip exchange dataData (64bits) Random (32 bits)Diversifiedsecret key2. Both coupler and chip calculate 2 results on 4 bytesDiversifiedsecret key(64 bits)3. The chip verifies the coupler's result 1, then send Result 2 if OK4. The coupler checks chip's answer (Result 2)R1 R2 R1 R2CouplerSignatureEach time you want to send data to the chip, a 32 bits signature is automatically calculatedand added. Signature calculation takes into account the diversified key value (result ofoperation between key value and chip serial number) and the data. Chip will check thesignature to allow data writing. This ensures very good security on the chip content.CouplerHostKey Value Chip serial numberDiversified key valueSignatureDataData &signatureChi pSignature calculation principleSignaturewhen writingincreases memorycontent securityAuthenticationprotects the memoryfrom reading andwritingNote :Diversified key is written inthe chip during personalizationphase, and calculated aftereach card selection by thecoupler (div. key depends onthe chip serial number)
Chips and readers- USER’S GUIDEUG 13Version 1.0KEY LOADINGTo perform this complex operation, use the function supplied with the libraries (C Libraries,ActiveX component). You will find encryption algorithm in annex. C source code is providedin the C libary, and ActiveX component manage automatically all security calculation.You need to give the following parameter :"Key number"Exchange Key"New Key value!ActiveX method : Mx.KeyLoadingUse Mx.KeyLoading (KeyNum, LoadingType, ExchangeKey,NewValue) method toload the key in the coupler at the appropriate place.Keynum may have to following value :- mpkPiKd (i=0 to 7)- mpkPiKc (i=0 to 7)Example : to load the default keys as keys 6 using the default exchange key ...Mx.KeyLoading (mpkP6Kd, mklmXORKe,«$5C$BC$F1$DA$45$D5$FB$5F»,«$F0$E1$D2$C3$B4$A5$96$87»)Mx.KeyLoading (mpkP6Kc, mklmXORKe,«$5C$BC$F1$DA$45$D5$FB$5F»,«$76$65$54$43$32$21$10$00»)!C Library : Clib_w_KeyLoadingClib_w_KeyLoading (KeyNum, LoadingType, ExchangeKey,NewValue)!Low level : LOAD_KEY_FILECalculate the Encrypted key thanks to the C library algorythm (see annexe A) and usethe LOAD_KEY_FILE command...Host 80h D8h 00h P2 OCh Encrypted keyCoupler D8h 90h 00hP2 : Key number00h - Exchange Key Ke: used for key loading operation.01h - Debit Key Kd002h - Credit Key Kc003h - Debit Key Kd104h - Credit Key Kc1.....0Fh - Debit Key Kd710h - Credit key Kc7First step insecurity is to load thesecret keys into thecoupler
Chips and readers- USER’S GUIDEUG 14Version 1.0HOW TO SET A KEY AS THE ACTIVE ONEA - Before SelectCard command!ActiveX component : Mx.CurrentKeyPossible values are :- mpkPiKd (i=0 to 7)- mpkPiKc(i=0 to 7)!C Library : Clib_w_SelectCurrentKeyClib_w_SelectCurrentKey (KeyNum)!Low level : SELECT_CURRENT_KEY commandHost 80h 52h 00h P2h 08h 8 * 00hCoupler 52h 90h 00hP2 : Key number00h - Exchange Key Ke: used for key loading operation.01h - Debit Key Kd002h - Credit Key Kc003h - Debit Key Kd104h - Credit Key Kc1.....0Fh - Debit Key Kd710h - Credit key Kc7B - Before SelectPage and Authentify commandAt this stage you need to precise both the key number and the chip serial number (asyou may be working with several chips).Actually this operation is performed automatically by the selectCard command as itknows the key number thanks to the CurrentKey property, and the Serial Number isgiven by the chip during the selection phase.When using a standard coupler, the DiversifyKey command returns a useless data(random number). The returned data are used only with a personalisation coupler. Moreinformation are given in the personalisation kit.!ActiveX component : Mx.DiversifyKeyMx.DiversifyKey (KeyNum, Chip Serial Number, Databack)!C Library : Clib_w_DiversifyKeyClib_w_DiversifyKey (KeyNum, Chip Serial Number, Databack)!Low level : DIVERSIFY_KEY commandHost 80h 52h 00h P2h 08h Serial NumberCoupler 52h 90h 00hP2 : Key number00h - Exchange Key Ke: used for key loading operation.01h - Debit Key Kd002h - Credit Key Kc003h - Debit Key Kd104h - Credit Key Kc1.....0Fh - Debit Key Kd710h - Credit key Kc7Second step:tell the coupler whichkey has to be used
Chips and readers- USER’S GUIDEUG 15Version 1.0HOW TO AUTHENTIFY A CHIPAuthentication may be done while selecting the card (or the page). It can also be donelater, for example when you want to work with both Credit key and Debit key authentication.!ActiveX component : Mx.SelectCardSelectCard (30h ...) authenticates selected chip with KdSelectCard (10h ...) authenticates selected chip with Kc!C Library : Clib_w_SelectCardClib_w_SelectCard (SelectMode , ChipType, TypeSN)SelectMode = 30h : Authentify with the chip debit keySelectMode = 10h : Authentify with the chip credit key!Low level : SELECT_CARD80h A4h 10h P2 09h => Authenticate with Kc80h A4h 30h P2 09h => Authenticate with KdHOW TO AUTHENTIFY A PAGEAuthentication follows the same principle as for the SelectCard authentication.If you want to use a different key than the one used during the card selection, or ifselection has been done without you have to use the DiversifyKey command to set a keyas the active key if you want to change the active key.!ActiveX component :Mx.DiversifyKey (KeyNum, Chip Serial Number, Databack)SelectAuthPage (Key, Page, BlockConfig)!C Library :Clib_w_Mx.DiversifyKey (KeyNum, Chip Serial Number, Databack)Clib_w_SelectAuthPage (Key, Page, BlockConfig)!Low level : DIVERSIFY_KEY & SELECT_PAGEDIVERSIFY_KEYHost 80h 52h 00h P2h 08h Serial NumberCoupler 52h 90h 00hP2 : key numberSELECT_PAGEHost 80h A6h P1 P2 08hCoupler A6hChip 's configuration block90h 00hLast step :Authentication isperformed during chipselection and/or pageselectionTips : Keydiversifica-tion isautomaticallydone by theselect cardcommandTips :Key diver-sificationhas to be doneonly once. Youdon’t need to usethe Diversifycommand as soonas you work withthe same chipand the samekey
Chips and readers- USER’S GUIDEUG 16Version 1.0P1 : contacless configurationP2 : key and page numberPROTECTING THE KEYSThus all the security depends on making sure that these keys are kept secret. To ensurea good secury, key loading has to be done in a secure environment.The key loading procedure ensures that :1 - nobody decrypts the key loaded in the coupler by listenning to the HOST-COUPLERcommunication2 - nobody records and uses the communication between HOST and COUPLER to loadkeys in another couplerTo protect the communication, all data exchange is ciphered thanks to an exchange keyknown only by the coupler. Therefore, nobody will be able decipher serial communica-tion and find the application key valueProtect key storage (coupler, security module) so thatnobody can use your keys.Use our coupler security protection features or store coupler or SAM keys in a securedplace.To ensure a very good security to your application, contact us so we help you to give toyour system the security it deserves.
Chips and readers- USER’S GUIDEUG 17Version 1.0MANAGING STANDARD CHIPS PROTOCOLSThis chapter explains how to communicate with any chips that follow the 13.56MHzstandards : 15 693, 14 443 Type A and B. More over, you will find there how tocommunicate with the FeliCa chip (SONY).Note : user’s will find there the commands to use to send byte to the chip, and to get thechip answer, but we will not mention the way to manage these chips. User has to refer tothe chip datasheet or ISO standards to find more information about these chips.TIME OUT ADJUSTMENTWhen communicating with a chip, and particularly a microprocessor, user may need toincrease the time out value.The TimeOut configuration enables the user to change the value of the TRANSMITcommand to be sure that no ISO command will fail because a too short timeout.Users can change 4 timeout values corresponding to the 4 Timeout "slots" that one canuse in TRANSMIT command:•Timeout 0 (command timeout option = b00) : Address h68•Timeout 1 (command timeout option = b01) : Address h69•Timeout 2 (command timeout option = b10) : Address h6A•Timeout 3 (command timeout option = b11) : Address h6B Where "b" prefix is for binary value, "h" is for hexadecimalTo put a specific value for one of these TimeOut "slots", developper can use the followingformulas:ISO 14443 (A-B) : TimeOut = X . 380µs + 200µsISO 15693 : TimeOut = (X << 2) . 380µs + 200µsWhere X is the value of the byte and << is the operation that execute a binary right shiftof the byte value.15 693-3 PROTOCOLThis example shows how to configure the protocol, then how to send the INVENTORYcommand. Public sub Sample_15693() ‘ Configure USER protocol as 15693Mx.MxUserProtocol = mupISO_15693_3_10pc‘Low level command : use the SetStatus function‘Mx.SetStatus &H3, &H5E, &H21‘Mx.SetStatus &H3, &H5F, &H31' Send Inventory command "1 slot" to retrieve chip serial numberCommand = "$36$01$00$00"CommandSize = &H04AnswerSize = &H0AUserProtocol = &HF3Mx.Transmit UserProtocol, AnswerSize, CommandSize, Command, ChipAnswer' Send slot marker for anticollision managementMx.Transmit &H73, &H0A, &H00, «», ChipAnswerEnd Sub
Chips and readers- USER’S GUIDEUG 18Version 1.0ISO 14 443 TYPE APublic sub Sample_14443_A()‘ Configure USER protocol as 14443-A level 3Mx.MxUserProtocol = mupISO_14443A_3' Low level : use the set status command‘Mx.SetStatus &H03, &H5E, &H32‘Mx.SetStatus &H03, &H5E, &H12‘Mx.SetStatus &H03, &H64, &H63‘Mx.SetStatus &H03, &H65, &H63' Use the SelectCard command to manage anticollisionMx.SelectCard &H00, &H08, Type_SN'Send the RATS command :Buffer length = 32Name the card as card 0Command = "$50$00"CommandSize = &H02AnswerSize = &H06UserProtocol = &HF3Mx.Transmit UserProtocol, AnswerSize, CommandSize, Command, ChipAnswerEnd SubISO 14 443 TYPE BPublic sub Sample_14443_B()‘ Card selection with the select Card command : manage the anticollisionMx.SelectCard &H00, &H04, Type_SN‘Send REQB commandCommand = "$05$00$00"CommandSize = &H03AnswerSize = &H0CUserProtocol = &HF2Mx.Transmit UserProtocol, AnswerSize, CommandSize, Command, ChipAnswerEnd SubFELICA ( NEW VERSION)' Low level : use the set status command to configure the protocolMx.SetStatus &H03, &H5E, &H79Mx.SetStatus &H03, &H5E, &H02Mx.SetStatus &H03, &H64, &H00Mx.SetStatus &H03, &H65, &H00' Send a command to the chip and retrieve the answerCommand = "$06$00$FF$FF$00$01"CommandSize = &H06AnswerSize = &H12UserProtocol = &HF7Mx.Transmit UserProtocol, AnswerSize, CommandSize, Command, ChipAnswer
Chips and readers- USER’S GUIDEUG 19Version 1.0MANAGING THE RF FIELDPossible operations you can perform on the RF field are the following :"Cut RF emission, mainly when couplers are powered on battery"Start RF emission"«Reset» RF field (i.e. cut it for 20 ms in order to reset any halted chip in the field)HOW TO RESET THE RF FIELD ?This command will cut the RF field for 20 ms in order to reset all chips that are in thefield.!!!!!ActiveX method : Mx.ResetField!!!!!C Library : Clib_w_ResetField ()!!!!!Low level : SET_STATUS commandtsoH h08 h4F h04 h00 h10 h00relpuoC h4F h09 h00HOW TO ASLEEP THE COUPLERJust use the disable command which will cut the RF field so that no energy is wasted.!!!!!ActiveX method : Mx.Disable!!!!!C Library : Clib_w_Disable ()!!!!!Low level : DISABLE commandtsoH h08 hDA hCB hAD h00relpuoC h09 h00HOW TO WAKE UP THE COUPLER!!!!!ActiveX method : Mx.Enable!!!!!C Library : Clib_w_Enable ()!!!!!Low level : ENABLE commandtsoH h08 hEA hAD hCB h00relpuoC h09 h00Important noteLow level command : You have to send this command in a window of 16 ms so that thecoupler catches it. To be sure that this command is detected, send it twice, with no morethan 10 ms between the 2 commands sending. This is automatically managed by theActiveX method.
Chips and readers- USER’S GUIDEUG 20Version 1.0APPENDICES
Chips and readers- USER’S GUIDEUG 21Version 1.0APPENDIX AHOW TO LOAD A KEY IN ACOUPLERThis procedure consists in several operations on the key. The final result will be sent tothe coupler using the Loag_Key_File function.EXCHANGE KEYTo ensure the security, an exchange key will protect all key loading operations.This key is in the coupler memory and has 2 functions :-only host knowing this key will be able to modify the Debit and Credit keys.-New key value are encrypted with this exchange key so it is not possible toread the new value on the serial line.You have to know this exchange key to modify the value of any other key. For anymodification, the Exchange key is managed exactly as the Debit key and the Credit key: you have to use the Key Loading Procedure described in the next paragraphs.GENERAL KEY LOADING PROCEDUREBefore the key loading starts with the LOAD_KEY_FILE command, the host mustgenerate a session key. This key is generated by the encryption of the current ExchangeKey (Ke) with an 8-byte random number.ReaderNew key value (Kx) Exchange key (Ke) Exchange key (Ke)Ask randomCalculate the session keyEncrypt the new key valueCalculate encrypted key checksumLoad encrypted key and checksum Decrypt new key valueCalculate checksumCompare checksumCalculate the session leyHostRandom (Rnd)
Chips and readers- USER’S GUIDEUG 22Version 1.0TERMINOLOGY AND NOTATIONAdding p after the key name means that the key is permuted.Adding chk means that the 8th byte replaced by the Checksum byte value.A C before the key name means that the key has been encrypted.Abbreviation MeaningKex Exchange Key.Kexp Permuted Exchange Key.Kexp_chk Kep with the 8th byte replaced by the Checksum byte value.Rnd Random number.KxMaster key. (Kx equals to Kd or Kc)Kxp Permuted master key. (Kxp equals to Kdp or Kcp)CKxp Encrypted permuted master key. (CKxp equals to CKdp or CKcp)SK Session key.CHK 4-byte checksum.KEY LOADING STEP BY STEPWe assume that the default keys are used.STEP DESCRIPTION Example! Send the Ask_Random commandSend 80h 84h 00h 00h 08h. The coupler answer arandom number.For this example, we assume thatRnd = 00 00 00 00 00 00 00 00.The session key is define by the following formula :SK = Kexp_chk ⊕ Rnd (⊕ : bit to bit x-or operation)Kexp_chk means that we have to permute Kex then to replace the 8th byte by the checksum byte! Permute the exchange key to get KexpKexp = 6E FD 46 EF CB B3 C8 OB! replace the 8th byte by the checksum byte to get Kexp_chkKexp_chk = 6E FD 46 EF CB B3 C8 75! Calculate the session key SK = 6E FD 46 EF CB B3 C8 75This calculation include the exchange key throughthe session key (SK). This insure the protection ofthe new key value.CKxp = SK ⊕ Kxp (⊕ : bit to bit x-or operation) CKdp = 91 F2 75 BA CB 43 04 20! Permute the new key value Kx to get Kxp! Make a bit to bit X-OR operation with thesession key SK! Calculate the CheckSum! Send the command to the coupler.Load_Key_File (CKxp + CheckSum)CheckSum = 73 27 FF 01Send 80 D8 00 01 0C & 91 F2 75 BA CB 43 04 20 & 73 27 FF 01Step 1 : Get a random number from the couplerStep 2 : Calculate the Session KeyStep 3 : Calculate the Encrypted master keyStep 4 : Send the Load_Key_File command
Chips and readers- USER’S GUIDEUG 23Version 1.0ALGORITHMSKEY PERMUTATIONProceed as described below to permute a key.Example: Permute the key Kex.Kex = 0x5C 0xBC 0xF1 0xDA 0x45 0xD5 0xFB 0x5F(0x5F) !01011111(0xFB) !11111011(0xD5) !11010101(0x45) !01000101(0xDA) !11011010(0xF1) !11110001(0xBC) !10111100(0x5C) !01011100&&&&&&&&0x6E 0xFD 0x46 0xEF 0xCB 0xB3 0xC8 (0xF4)0xF4 = 0BKexp = 0x6E 0xFD 0x46 0xEF 0xCB 0xB3 0xC8 0x0BReplace the last byte by : CHECKSUM BYTE CALCULATIONProceed as described below to calculate a key checksum byte.Note: the ⊕ symbol means a bit to bit x-or operation.Example:K = 0x5C 0xBC 0xF1 0xDA 0x45 0xD5 0xFB 0x5FKp = 0x6E 0xFD 0x46 0xEF 0xCB 0xB3 0xC8 0x0BChecksum = 0x6E ⊕ 0xFD ⊕ 0x46 ⊕ 0xEF ⊕ 0xCB ⊕ 0xB3 ⊕ 0xC8 = 0x8AChecksum = 0x8A = 0x75and then,Kxp_chk = 0x6E 0xFD 0x46 0xEF 0xCB 0xB3 0xC8 0x75LOAD KEY CHECKSUM CALCULATION!Complete the 5 command bytes with 3 bytes 00 so to get 8 bytes!Calculate RES = (Command bytes) ⊕ Kxp.!Calculate the checksum CHK = Most Significant 4-Bytes(RES) ⊕ Least Significant4-Bytes(RES).
Chips and readers- USER’S GUIDEUG 24Version 1.0Example:The checksum when sending the default Debit Key Kd is :Command = 80 D8 00 01 0C 00 00 00Kdp = FF 0F 33 55 00 F0 CC 55RES = 7F D7 33 54 0C F0 CC 55CHK = 73 27 FF 01MSB(RES) 7F D7 33 54⊕LSB(RES) 0C F0 CC 55________________________________CHK = 73 27 FF 01
Chips and readers- USER’S GUIDEUG 25Version 1.0APPENDIX BERROR CODEWhen an error occurs, coupler response is only status words SW1 SW2. No data isreturned.The following table sums up the various values.SW1 SW2 Error description90h 00h Command successful67h 00h Data length, P3 incorrect6Bh 00h Parameters P1, P2 incorrect6Eh 00h Class not recognized6Dh 00h Instruction not recognised, parity error69h 82h Card not identified (CRC or authentication problem)98h 35h Command flow incorrect6Ah 82h Card not found62h 00h EEPROM erroCommon status errorsSecurity errorsExecution error

Navigation menu