SCS Technical Specifications 1 0

Single Chip Smart Card Solution

v.1.0 Dario Leone for MOAI Corporation Inc.

All Rights Reserved

SCS Technical Specifications v1.0 Dario Leone for MOAI Corporation Page 2 of 25

Table Of Contents

Revision History .................................. ........................................................................... 4

Common Chip Features .............................. ................................................................... 5

Firmware Mask ROM ................................. ..................................................................... 6

Mask ROM F................................................................................................................ 6

Mask ROM S ............................................................................................................... 6

USB Descriptor .................................... ........................................................................... 7

Identification timing of smart card insertion ..... ........................................................... 8

Unique Serial Number .............................. ...................................................................... 9

USB Port Mode ..................................... ........................................................................ 10

External EEPROM ................................... ...................................................................... 11

Escape commands ................................... .................................................................... 12

Special Commands .................................. .................................................................... 13

SC_Get_Chip_Type .................................................................................................... 13

SC_Get_Serial_Number .............................................................................................. 13

SC_Read_EEPROM ................................................................................................... 14

SC_Write_EEPROM ................................................................................................... 14

SC_Pin_Control........................................................................................................... 14

Memory Card Commands .............................. .............................................................. 15

2 Wire Commands Summary ...................................................................................... 16

2W_Read_Main_Memory ............................................................................................ 16

2W_Update_Main_Memory ......................................................................................... 16

2W_Read_Protection_Memory ................................................................................... 17

2W_Write_Protection_Memory.................................................................................... 17

2W_Read_Security_Memory ...................................................................................... 17

2W_Update_Security_Memory ................................................................................... 18

2W_Compare_Verification_Data ................................................................................. 18

3 Wire Commands Summary ...................................................................................... 19

3W_Write_Erase_WP ................................................................................................. 19

3W_Write_Erase_No_WP ........................................................................................... 20

3W_Write_Protect_Bit_DC .......................................................................................... 20


3W_Read_Data_WP ................................................................................................... 21

3W_Read_Data ........................................................................................................... 21

3W_PSC_Verification .................................................................................................. 22

I2C Commands Summary ........................................................................................... 23

I2C_Read_Data........................................................................................................... 24

I2C_Write_Data ........................................................................................................... 24

Status Code Table ................................. ....................................................................... 25


Revision History

Version Date Description V1.0 July 2014 Initial version


Common Chip Features

The device will have the following common features:

100% crystaless Unique 32bits chip device serial number ISO7816 Interface with support of T=0, T=1, 2Wire, 3Wire, I2C protocols Customizable USB descriptor via external EEPROM


Firmware Mask ROM

The device will have 2 different Mask ROM with different features as described in the following.

Mask ROM F This mask ROM include the following features:

ISO7816 Interface USB CCID T=0, T=1, 2Wire, 3Wire, I2C ISO7816 Interface USB HID T=0, T=1, 2Wire, 3Wire, I2C USB Flash Disk Drive Controller

The current free GPIO will be used as hardware switch se enable/disable the following feature:

Feature Description Default Pull Up Pull Down ISO7816 USB Interface Mode Pull Down HID CCID USB CCID

Mask ROM S This mask ROM include the following features:

ISO7816 Interface USB CCID T=0, T=1, 2Wire, 3Wire, I2C ISO7816 Interface USB HID T=0, T=1, 2Wire, 3Wire, I2C SD Card

The current free GPIO will be used as hardware switch se enable/disable the following feature:

Feature Description Default Pull Up Pull Down ISO7816 USB Interface Mode Pull Down HID CCID USB CCID

The ISO7816 USB Interface switch change the bInterfaceClass of this peripheral. The two available value will be:

bInterfaceClass Meaning 0x0B Chip/Smart Card USB Device 0x03 HID Interface Class


USB Descriptor

The default USB descriptor of devices will be the following:

Interface Descriptor Type Customizable Field ISO7816 Device Descriptor 0x14CD ISO7816 Device Descriptor 0x 0900 ISO7816 Device Descriptor Generic ISO7816 Device Descriptor USB Smart Card Reader Flash Disk Drive Controller Device Descriptor 0x 14CD Flash Disk Drive Controller Device Descriptor 0x 0901 Flash Disk Drive Controller Device Descriptor Generic Flash Disk Drive Controller Device Descriptor Flash Disk Drive SD Card Device Descriptor 0x 14CD SD Card Device Descriptor 0x 0902 SD Card Device Descriptor Generic SD Card Device Descriptor Card Reader


Identification timing of smart card insertion

When you insert a smart card into the reader the device will perform the initial communication at 9600 baud, the PPS procedure, and return the detected ATR.

This procedure must be fast so must not exceed the maximum time of 1 second .

Currently the MA8169 takes about 3 seconds to return the ATR value therefore a non-standard value.

In order to verify the problem described here connect your device to the computer and configure it to work properly with the system drivers.

At this point use the application SCSTestApp.exe and the SCS Test Card T=0/T=1 then follow the steps show you the application on the screen.

The application will perform a quick test of the ATR reading speed and other important communication process.

At the end will provide a short report indicating the response time according to the following table:

Out of standard Sufficient Good Excellent


Unique Serial Number

The chip must have an unique serial number (please see the special commands to read it).

The firmware use this internal chip serial number to create the 2 different USB descriptor serial number as described in the following:

1. Create the hash MD5 block from the unique serial number.

2. This new value have 128bits length, then use the left 64bits as ISO7816 interface serial number, and the right 64bits as Mass Storage interface serial number.

3. Update this 2 values in the USB descriptor of both interfaces.


USB Port Mode

Currently MA8169 use the composite driver mode, so it is better to change this driver mode.

The device must be identified to the host system as a hub with two ports to which they are connected, respectively, the device ISO7816 and Mass Storage device.


External EEPROM

The device can be customized through the addition of an external EEPROM. The structure of the EEPROM must allow customization of the following parameters:

Interface Descriptor Type Customizable Field ISO7816 Device Descriptor Vendor ID ISO7816 Device Descriptor Product ID ISO7816 Device Descriptor Manufacturer String ISO7816 Device Descriptor Product String SD Card/Flash Disk Drive Controller Device Descriptor Vendor ID SD Card/Flash Disk Drive Controller Device Descriptor Product ID SD Card/Flash Disk Drive Controller Device Descriptor Manufacturer String SD Card/Flash Disk Drive Controller Device Descriptor Product String


Escape commands

The PC_to_RDR_Escape HOST command activate IFD-dependent feature(s).

The Escape command are user for Special Commands and Memory Card Commands

Offset Field Size Value Description 0 bMessageType 1 0x6B

1 dwLenght 4 Size of abData field of this message

5 bSlot 1 0x00 to 0xFF Identifies the slot number for this command

6 bSeq 1 0x00 to 0xFF Sequence number for command

7 abRFU 3 Reserved for Future Use

10 abData Byte Array Data block sent to the CCID

For response please see RDR_to_PC_Escape message from CCID specifications


Special Commands We can talk directly with the chip controller throught the ESCAPE commands.

SC_Get_Chip_Type Host sends out Get Chip Type command to get the chip type, then the device send out the chip type information to Host.

Command Data Block 0xD5 0x30

Response Data Status Data

See status code table See Table 1

Table 1

MASK HEX ASCII F 0x53, 0x43, 0x53, 0x2d, 0x46 SCS-F S 0x53, 0x43, 0x53, 0x2d, 0x53 SCS-S

SC_Get_Serial_Number Host sends out Get Serial Number command to get the chip unique serial number.

This is the chip serial number and not the USB descriptor serial number.

Command Data Block 0xD5 0x40


See status code table 4 bytes


SC_Read_EEPROM If the device use external EEPROM we can read the values throught the following escape commands.

Command Data Format 0xD5 0x95 0x10 Start Address LEN

SC_Write_EEPROM If the device use external EEPROM we can write the values throught the following escape commands.

Command Data Format 0xD5 0x95 0x20 Start Address LEN Data to Write

SC_Pin_Control

Command Data Format 0xD5 0x96 PIN BL

PIN is pin identification and can be only

Value Meaning 0x01 C1 0x02 C2 0x03 C3 0x07 C7

BL is pin level status and can be only

Value Meaning 0x00 Low 0x01 High


See status code table Data bytes




Memory Card Commands

In the following pages we describe all command will be supported in order to manage the memory cards.


2 Wire Commands Summary

Command Command Data Format Read Main Memory 0xD9 0x70 0x00 SA LEN Update Main Memory 0xD9 0x71 0x00 SA LEN data Read Protection Memory 0xD9 0x72 0x00 00 04 Write Protection Memory 0xD9 0x73 0x00 SA LEN data Read Security Memory 0xD9 0x74 0x00 00 04 Update Security Memory 0xD9 0x75 0x00 SA LEN data Compare Verification Data 0xD9 0x76 0x00 00 03 data

2W_Read_Main_Memory Read main memory from starting address (aa) with expected length (bb) of return data.

Command Data Format 0xD9 0x70 0x00 Starting address Expected len of returned data


See status code table Expected data

2W_Update_Main_Memory Update specific length of data to main memory.

Command Data Format 0xD9 0x71 0x00 Starting address Len of data to update Data bytes to update


See status code table --


2W_Read_Protection_Memory Read four bytes of data from protection memory.

Command Data Format 0xD9 0x72 0x00 0x00 0x04



2W_Write_Protection_Memory Write specific length of data to memory that is protected by protect bits.

When the corresponding protect bit is equal to 0, nothing changed will be applied.

When the corresponding protect bit is equal to 1 and the data passed with Command Data is the same with data in memory and then the protect bit will be set to 0.

That is the memory associated with the protect bit is locked and cannot be changed anymore.

Command Data Format 0xD9 0x73 0x00 Starting address Len of data to write Data bytes to write

Starting address can be only 0x00 to 0x31

Len of data to write can be only 0x01 to 0x32



2W_Read_Security_Memory Read four bytes of data from security memory.

Command Data Format 0xD9 0x74 0x00 0x00 0x04




2W_Update_Security_Memory Update specific length of data to security memory.

Command Data Format 0xD9 0x75 0x00 Starting address Len of data to update Data bytes to update

Starting address can be only 0x00 to 0x03

Memory map:

Address Meaning 0x00 Error Counter 0x01 Verification Code 1 0x02 Verification Code 2 0x03 Verification Code 3

Len of data to update can be only 0x01 to 0x04



2W_Compare_Verification_Data Perform Compare Verification Data

Command Data Format 0xD9 0x76 0x00 0x00 0x03 byte 1 byte 2 byte 3

Byte 1, byte 2, byte 3 are the verification code to compare




3 Wire Commands Summary

Command Command Data Format Write/Erase with protect bit 0xD9 0x60 hb lb len data Write/Erase w/o protect bit 0xD9 0x61 hb lb len data Write protect bit with comparasion 0xD9 0x62 hb lb len data Read data with protect bit (9bits) 0xD9 0x63 hb lb len Read data (8bits) 0xD9 0x64 hb lb len PSC Verification 0xD9 0x65 0x00 0x00 0x02 b1 + b2

hb: high byte of the starting address, the value range from 0x00 to 0x03

lb: low byte of the starting address, the value range from 0x00 to 0xFF

len: expected length of return data or length of data to write

3W_Write_Erase_WP Write and erase with protected bit. Write or erase the desire data into memory and change the associated protect bits from 0x01 to 0x00. The memory is protected (locked) cant be changed by further write or erase command

Command Data Format

0xD9 0x60 High byte starting address

Low byte starting address

Len of data to write Data bytes to write

High byte can be 0x00 to 0x03

Low byte can be 0x00 to 0xFF




3W_Write_Erase_No_WP Write and erase without protected bit. Write or erase the desire data into memory. The associated protect bits are left unchanged.

Command Data Format








3W_Write_Protect_Bit_DC Write protected bit with data comparison.

Comparing with the input data and the content of memory, if they have the same value, the value of the protected bit will be changed from 0x01 to 0x00.

Otherwise, the value of the protected bit will not be changed.

Command Data Format









3W_Read_Data_WP Read data along with associated protect bits.

Command Data Format

0xD9 0x63 high byte starting address

low byte starting address

Expected length of return data




See status code table Data1, protect1dataNN, protectNN

If the value of protect(NN) = 1, the memory associated with the protect bit is not protected (locked).

If the value of protect(NN) = 0, the memory associated with the protect bit is protected (locked).

3W_Read_Data Read data starting with the address that specified by the high byte of the starting address and the low byte of the starting address with the specific length of return data.

Command Data Format

0xD9 0x64 high byte starting address

low byte starting address

Expected length of return data






3W_PSC_Verification Verify two bytes of PSC-code

Command Data Format 0xD9 0x65 0x00 0x00 0x02 Byte1 Byte2




I2C Commands Summary

Command Command Data Format Read Command 0xD8 0x50 CL BF LEN Read body Write Command 0xD8 0x51 CL BF LEN Write body

CL: Command lenght

Value Meaning 1 one byte command without any address byte 2 one byte command with one address byte 3 one byte command with two address bytes

0 or other values not allowed

BF: byte flag indicate if using dummy write or not

Value Meaning 0 not use dummy write address before reading 1 need to use dummy write address before reading

other values not allowed

LEN: length of whole Read Body (= CL + 1) for Read Command

length of whole Write Body (= CL + 1 + LEN) for Write Command

Read Body: LEN

: command [address1] [address2]

LEN: length of data to be read.

If LEN is equal to 0 that means read 256 bytes of data.

Write Body: LEN

: command [address1] [address2]

LEN: length of data to be written

Note: The data length cannot exceed the page size of the specific card they are using and the data must be written within the same page.

: data to be written


I2C_Read_Data Read data with specific length of return data

Command Data Format 0xD8 0x50 CL BF LEN Read Body



I2C_Write_Data Read data with specific length of return data

Command Data Format 0xD8 0x51 CL BF LEN Write Body




Status Code Table

Status code Descriptions 0x00 No error 0xD0 Type Error 0xD1 No Response 0xD2 Power Fail 0xD3 Communication Error 0xD4 Command Error 0xD5 Card Locked 0xD6 Verify Fail 0xD7 Write Error 0xD8 Counter Empty 0xD9 ATR Error 0xDA PTS Error 0xDB Not Supported 0xFC Card Absent

SCS Technical Specifications 1 0

Documents

Transcript of SCS Technical Specifications 1 0