M
SCS152
Token Card Chip
FEATURES
DIE LAYOUT
• ISO 7816-3:1989 “Answer to Reset” compatible
for synchronous cards
GND
VDD
• Industry standard 4406 command set compatible
• Extended commands:
SCI
- Combined WRITE and
ERASE-WITH-CARRY function
SDIO
SCK
- Cryptographic signature of the EEPROM
contents and challenge
• 40-bit user programmable area with lock bit
• 64-bit cryptographic key
• 64-bit transport code
• 33352 token units (78888 )
8
• Internal protection against token counter value
corruption (anti-tearing)
BLOCK DIAGRAM
ADDRESS
GENERATION
DESCRIPTION
EEPROM
The SCS152 is a third generation token card integrated
circuit intended for prepaid applications. Typical appli-
cations of the SCS152 include disposable telephone
cards, vending machine cards, low value debit cards,
access control, and authentication.
VDD
GND
SIGNATURE
CALCULATOR
I/O
SDIO
The SCS152 incorporates several security features,
including an internal signature function and a long
transport code. The SCS152 has two modes – issuer
mode and user mode. During wafer testing, it is placed
in issuer mode for card manufacturing and transporta-
tion to the issuer. In issuer mode, the transport code is
needed to program the device and, thus, is protected
from unauthorized use before personalization by the
issuer.
SCI
CONTROLLER
SCK
A correct signature indicates that the memory contents
have not been altered. It can therefore be used to check
the serial number, or that changes to the token counter
have actually occurred.
During personalization, a cryptographic key, unique to
the card, is programmed into EEPROM. This key can
not be read.The system using the card must be able to
determine what key was programmed from examining
the memory map (i.e., not the token counter) containing
the issuer and serial number information.
Programming the token counter uses a special circuit to
ensure that the programming will either be complete or
will not happen at all, if the external supply is suddenly
removed.* This is called Fail Safe Programming™,
and, when used in conjunction with the extended write
and erase command, removes the need for special
‘tear-out’ protection to be performed by the reader.
The signature function computes an 8-bit value based
on a system supplied value (challenge) and the visible
memory map. Because of the nature of the signature
function and the fact that the key is not known outside
the system, it is practically impossible to predict the
value which the signature will compute.
Note: The fail safe feature only works in the token
counter area.
KEELOQ is a registered trademark of Microchip Technology Inc.
*Patents applied for.
1997 Microchip Technology Inc.
Preliminary
DS40150B-page 1