Hand’IT-2G - Preliminary Datasheet INSIDE CONTACTLESS Version 1.1 DATASHEET Hand’IT-2G Compact Flash READER 13.56 MHz for ISO chips - 14 443 type A and B - 15 693 - FeliCa Chips > Packaging > Readers > more...
Hand’IT-2G - Preliminary Datasheet Content Version 1.
Hand’IT-2G - Preliminary Datasheet Version 1.
Hand’IT-2G - Preliminary Datasheet Version 1.
Main Features Hand'IT-2G -Preliminary Datasheet √ Security management: Version 1.1 !Security module !Secure key loading √ Secured Key Storage √ Contactless interfaces: !ISO 15 693 !ISO 14 443 type A !ISO 14 443 type B !FELICA TM √ Contactless transmission of data and energy supply √ Carrier frequency: 13.
Hand'IT-2G -Preliminary Datasheet FCC AND CE COMPLIANCE Version 1.1 Federal Communications Commission (FCC) Part 15 statement This equipment has been tested to FCC requirements and has been found acceptable for use. The FCC requires the following statement for your information : This equipement generates and uses radiofrequency energy and if not installed and used properly, that is, in strict accordance with the manufacturer’s instructions, may cause interference to radio and television reception.
Hand'IT-2G -Preliminary Datasheet Version 1.1 CHAPTER 1 HAND'IT-2G DESCRIPTION HAND'IT-2G couplers are developed by INSIDE contactless for managing the RF communication interface with 13.56 MHz standard chips. They have the following features : " " " Operating frequency Host interface Compatibility " Target applications " Target chip 13.
Hand'IT-2G -Preliminary Datasheet HAND'IT-2G dimensions Version 1.
Hand'IT-2G -Preliminary Datasheet Version 1.1 CHAPTER 2 HAND'IT-2G CONNECTION This chapter describes : ! How to power the coupler ! How to communicate with the coupler Physical Description The host is connected to the Compact Flash Hand’IT 2G using a standard 50pin connector. The host must be equiped with a CF+ type 1 or 2 slot. Refer to the host user manual for the Compact Flash card insertion. Electrical Description The HandIT 2G acts as a standard PC Card ATA using I/O Mode.
Hand'IT-2G -Preliminary Datasheet Software & Drivers Version 1.1 System requirements The Hand’It 2G works with laptops or PDAs running Microsoft Windows 98/2000/XP/CE /Pocket PC2002&2003. Pocket PC Users PDA running Pocket PC don’t need any specific driver to manage the Hand’IT 2G as a standard COM Port. Depending on the device, the COM port number can take any value. Refer to the Register DataBase to get the correct COM number under HKEY_LOCAL_MACHINE\ DRIVERS\ACTIVE\xx Search the Key with PnpId = Hand_
Serial Interface Hand'IT-2G -Preliminary Datasheet This interface allows a serial connection to the host via the CF interface: Version 1.
Hand'IT-2G -Preliminary Datasheet How to reset HAND'IT-2G couplers Version 1.1 Resetting the coupler may be useful in two situation : a. to set the parameters (speed, disable mode, protocol settings, keys ) to the defaults values. All these values are stored in coupler’s internal EEPROM b.
Coupler - Reference manual Version 1.2 CHAPTER 3 COMMAND INTERFACE REFERENCE MANUAL In this chapter you will find the command format, and the description of all the commands used by the coupler.
Coupler - Reference manual HOST - COUPLER protocol Version 1.2 DESCRIPTION The commands are modeled on the ISO 7816 command set. This protocol is used by all INSIDE’s couplers A typical protocol exchange includes: 1. The host sends a command to the coupler 2. The coupler executes the command 3.
Coupler - Reference manual ISO In : The host sends a command + data and receives the status words. ISO Out : The host sends a command and receives data + the status words. Coupler with firmware former than 40-017F has only ISO NONE, ISO IN and ISO OUT protocol available. In all cases, status words are returned (SW1 and SW2). Case 1: ISO None Data Exchange Command Host Cla. Ins.
Coupler - Reference manual P3: number of data bytes sent to the coupler. Version 1.2 Ack. : coupler acknowledgement. It is always equal to the command code, except when an error occurs. If Acknowledgement value is different than instruction byte, then the received byte is the first byte of a status error code coded on 2 bytes. Data : data sent by host to the coupler. Size of data array has to be P3. Status word : 90 00h if correct / error code.
Coupler - Reference manual Coupler commands overview Version 1.2 Command INS Description SELECT_CARD ‘A4h’ Selects one contactless card following list of possible cards in the field SELECT_PAGE ‘A6h’ Selects a page in a multi-application chip TRANSMIT ‘C2h’ Sends and retrieve data from chip through contactless interface : Transparent mode GET_RESPONSE ‘C0h’ Reads the internal buffer of the coupler to retrieve chip answer for ISO 7816 T=0 protocol.
Coupler - Reference manual SELECT_CARD Version 1.2 Use Select a card in order to get the serial number. This command manages anti-collision and authentication features. This command is able to test several communication protocol. It answers the number of protocol used to select the card. Prototyping " Command sent : A4h " Command type : ISO out Host 80h A4h P1 P2 P3 Coupler A4h Card type Serial number 90h 00h Parameters Bit 7 6 5 Function - - Key 4 3 2 Auth Presel.
Coupler - Reference manual Version 1.2 AUTH: 1: Performs a standard INSIDE authentication. Authentication is performed if the key is set as the current key. Please refer to appendix A : «How to low a key» for key loading and key management operations details. 0: Does not perform an authentication. KEY: 1: Authenticates with Debit Key (Kd = Key 1) if AUTH is set. 0: Authenticates with Credit Key (Kc = Key 2) if AUTH is set.
SELECT_PAGE Coupler - Reference manual Use Version 1.2 This command is used to select and authenticate in an INSIDE multi-application chip (8*2Ks...). Prototyping " " Command sent : A6h Command type : ISO Out Host 80h A6h P1 P2 08h Chip 's configuration block A6h Coupler 90h 00h Parameters Bit 7 6 5 4 3 2 Function - - - - Auth Page selection 1 0 Protocol type P1: Parameter used for contactless configuration b3 : Auth 0 - Does not perform authentication after PAGESEL.
P2 : Page number to select and authenticate and cryptographic key to use Coupler - Reference manual Bit Version 1.2 Function 7 6 5 Reader key number 4 3 - 2 1 0 Page number b7-b4 : Reader key number Note : 0 correspond to Kd0, 1 to Kc0, …, 14 to Kd7 and 15 to Kc7. This is the reader key number to use during authentication. The reader will use this key number (EEPROM) to diversify and authenticate the requested page with Kd or Kc.
TRANSMIT Coupler - Reference manual Use Version 1.2 Transmits data from the coupler to the chip and read back chip response. This command is the one to use to read and write data in the chip.
Coupler - Reference manual Version 1.2 b3: Send Signature: 1: Send a cryptographic signature calculated thanks to the coupler security module. This option may be used only for UPDATE command performed on secure PICO family chip. Set this value to 0 for non secure chip or any other manufacturer chips 0: Cryptographic signature is not sent. b2 : HOST - COUPLER protocol type 1 : Communication is ISO IN-OUT. Coupler send back the data as soon as it receives chip answer.
GET_RESPONSE Coupler - Reference manual Use Version 1.2 This command returns the value contained in the internal buffer of the coupler. It has to be used to get chip answer when the TRANSMIT command is used with the ISO IN type to retreive the chip answer. Prototyping " Command sent :C0h " Command type : ISO out Host 80h C0h 00h 00h P3 Coupler C0h Coupler buffer 90h 00h Parameters P3: Number of bytes of the coupler response. It has to be less than 35 (23h).
READ_STATUS Coupler - Reference manual Use Version 1.2 This command is used to get coupler parameters (communication speed…).
Coupler - Reference manual SET_STATUS Version 1.2 Use This command sets configuration parameters and coupler’s I/O : " " " " Communication speed Protocols State at Power ON 2 outputs & 1 input The various parameters and data used by INSIDE couplers are stored in the EEPROM. When coupler is powered on, a part of these parameters are load in coupler’s RAM, so that parameters may be modified in coupler’s EEPROM and in coupler’s RAM. For a given parameter, RAM and EEPROM address are the same.
Coupler - Reference manual Version 1.2 b6 : Reset magnetic field Magnetic field is cut for 20 ms. When this bit is set to 1, coupler will execute no other action, including EEPROM or RAM update.
Coupler - Reference manual Version 1.2 Name Address State at power on 42h State Hex. value Enable 01h Disable 00h Available on... All reader Note 2 : The ACTIVATE AT POWER ON parameter defines the state of the coupler when you turn it on. If you turn the coupler on and if 00h is written in the EEPROM at address 42h , it will be «asleep» until you send an ENABLE_COUPLER command.
Coupler - Reference manual DISABLE_COUPLER Version 1.2 Use The coupler goes in SLEEP mode that allows low power consumption and RF carrier is desactivated. After this command, the coupler will not respond to any command except the ENABLE_COUPLER command. A new feature available only on M21xH 2G is that coupler can detect if a card approach the antenna and wake up on its own.
Coupler - Reference manual DISABLE_COUPLER ENHANCED Version 1.2 Use As the DISABLE_COUPLER command, this specific version enables the user to asleep the reader. But M210H 2G and M260H 2G have the possibility to detect that a card approaches their antenna. As sooon as the card is detected, the coupler will turn the RF field on, and start a card selection. If no card answers to the anticollision process, the coupler go back asleep. If a card is selected, then the coupler stay awake.
Coupler - Reference manual ENABLE_COUPLER Version 1.2 Use This command restores a normal coupler running, with RF emission. This command can only be used after a DISABLE_COUPLER command or if the coupler is desactivated after power on. Prototyping " " Command sent : AEh Command type : ISO none Host 80h Coupler AEh DAh BCh 00h 3Bh 00h Parameters Response : Status words The coupler will respond «Instruction not recognized» (6Dh 00h) if already activated.
ASK_RANDOM Coupler - Reference manual Use Version 1.2 This command returns an 8 bytes random value from the coupler.This command has to be used to initialize the key loading procedure.
Coupler - Reference manual LOAD_KEY_FILE Version 1.2 Use This function loads into the coupler’s security module a key to be used for authentication and security purposes. Key loading is a security sensitive operation. In order to protect the confidentiality of the keys transferred to the coupler, data is encrypted. A 4-byte checksum is also sent in order to guarantee the authenticity of the data, which could be corrupted either through transmission errors or by a deliberate attempt to fraud the system.
Coupler - Reference manual SELECT_CURRENT_KEY Version 1.2 Use This function allows to choose a key for future authentications. A key that has been deactivated or deleted cannot be selected. Only one of the 16 keys can be current at the same time. Prototype " " Command sent : 52h Command type : ISO In Host 80h 52h Coupler 00h P2h 08h 8 * 00h 52h 90h 00h Parameters P2 : Key number 01h - Debit Key Kd0 02h - Credit Key Kc0 03h - Debit Key Kd1 04h - Credit Key Kc1 .....
Coupler - Reference manual DIVERSIFY_KEY Version 1.2 Use This function enables the user to calculate the result of key diversication with selected chip serial number. The key diversified value is used for authentication and signature calculation while writing a secure chip.
Coupler - Reference manual GET_CONFIG Version 1.2 Use This command is used to read the ID of the MCU part.
Chips and readers- USER’S GUIDE Version 1.0 CHAPTER 4 USER’S GUIDE In this chapter ou will learn how to use the coupler to...
Chips and readers- USER’S GUIDE Version 1.0 MANAGING INSIDE CHIPS The various steps in INSIDE’s chips management are the following : ! Set the used key (if your application is secured) ! Select a chip ! If it is a multi-application chip, select the page in which you want to work ! Read, Write data in the chip memory ! Halt the chip to enable another chip selection Using INSIDE couplers, authentication and signature calculations are managed automatically by the SELECT_PAGE or the SELECT_CARD command.
SECURITY CONFIGURATION Chips and readers- USER’S GUIDE Before using the security features, please take a look at the «Security management» chapter. You will find there basic principles on which is based INSIDE chips security. Version 1.0 If your application is secured, you have to ... a. Load the key in the coupler. This operation has to be performed only once. As soon as keys are loaded, they are stored in the coupler’s EEPROM. b.
SELECTING A CHIP Chips and readers- USER’S GUIDE During this operation, you will choose the protocol you want to use (14 443 type A, 14 443 type B or 15 693), and if you want to authentify the chip. The answer will give you the protocol used by the chip, and its serial number Version 1.0 Security... P1 value Which protocol... P2 value none 00h 14 443 B-2 01h Kd authentication 30h 15 693 02h Kc authentication 10h 14 443 B-3 04h Then use the following command : ! ActiveX method : Mx.
Chips and readers- USER’S GUIDE SELECTING A PAGE Version 1.0 If you are using a Multi-application chip ( 8*2K for example ) you have to select the page in which you want to work. The SelectCard command selects by default page 0. The SelectPage command enables you to work in all other pages. It will manage the authentication if the page is secured. You have to enter... - page number - key to use for authentication - protocol to use You will get...
READING CHIP MEMORY Chips and readers- USER’S GUIDE You will find a full memory description in the chip datasheet, but the easiest way to discover the chip memory is to use the MX3 software (PICO MEMORY page). Version 1.0 You have to enter... - block number - protocol to use You will get... - memory data Then use the following command : ! ActiveX method : Mx.ReadBlock (BlockStart, BlockCount, ChipResponse) Mx.
Chips and readers- USER’S GUIDE WRITING CHIP MEMORY Version 1.0 When writing data to a memory block you have to know if you are communicating to a secure or non secure chip. Parameters will be different as you ask the coupler to send or not the signature to authenticate the data you want to write (this is automatically managed by the ActiveX component). ! ActiveX method : Mx.
HALTING A CHIP Chips and readers- USER’S GUIDE The following command halts the current selected chip : TIPS : to halt the chip as soon as you get its serial number, use P1 parameter in the SELECT_CARD command Version 1.0 ! ActiveX method : Mx.
HOW TO WORK WITH SEVERAL CHIPS IN THE FIELD Select card TIPS : The low level c o m m a n d SELECT_CARD includes an option that halts the chip as soon as it is selected. This enables to earn time by avoiding to send the HALT command. Just use the following P1 parameters : P1 = 02h.
MANAGING INSIDE’S CHIPS PROTOCOLS Chips and readers- USER’S GUIDE Low level command and C library Version 1.0 Protocols are always indicated in the command parameters (P2 for SELECT_CARD, P1 for TRANSMIT). You will find the appropriate value in this User’s Guide, and in the description of each command in the «Reference manual». ActiveX component There are 2 command types : - Card selection - Select page, read, write...
MANAGING THE SECURITY Chips and readers- USER’S GUIDE INSIDE security protects memory from READING and/or WRITING. Security control e-purse (stored value) management Security is based on : - key diversification - authentication -signature Key diversification implies that each security calculation is different for each card INSIDE chips security is based on secret keys that protect and authentify the chip content. On one hand, keys are stored in the chip.
Chips and readers- USER’S GUIDE Authentication protects the memory from reading and writing Signature when writing increases memory content security Authentication Authentication algorithm performs a mutual authentication. The principle is as follows : Data are exchanged then both device perform secret calculations on them to obtain 2 results on 4 bytes. Authentication is done if they get the same results. The chip first checks coupler’s response then reader verifies chip’s results. 1.
Chips and readers- USER’S GUIDE First step in security is to load the secret keys into the coupler Version 1.0 KEY LOADING To perform this complex operation, use the function supplied with the libraries (C Libraries, ActiveX component). You will find encryption algorithm in annex. C source code is provided in the C libary, and ActiveX component manage automatically all security calculation. You need to give the following parameter : " Key number " Exchange Key " New Key value ! ActiveX method : Mx.
Chips and readers- USER’S GUIDE Second step: tell the coupler which key has to be used Version 1.0 HOW TO SET A KEY AS THE ACTIVE ONE A - Before SelectCard command ! ActiveX component : Mx.CurrentKey Possible values are : - mpkPiKd (i=0 to 7) - mpkPiKc(i=0 to 7) ! C Library : Clib_w_SelectCurrentKey Clib_w_SelectCurrentKey (KeyNum) ! Low level : Host 80h SELECT_CURRENT_KEY command 52h 00h P2h 08h 8 * 00h 52h Coupler 90h 00h P2 : Key number 00h - Exchange Key Ke: used for key loading operation.
Chips and readers- USER’S GUIDE Last step : Authentication is performed during chip selection and/or page selection Tips : Key diversification is automatically done by the select card command Tips : Key diversification has to be done only once. You don’t need to use the Diversify command as soon as you work with the same chip and the same key HOW TO AUTHENTIFY A CHIP Authentication may be done while selecting the card (or the page).
P1 : contacless configuration P2 : key and page number Chips and readers- USER’S GUIDE PROTECTING THE KEYS Version 1.0 Thus all the security depends on making sure that these keys are kept secret. To ensure a good secury, key loading has to be done in a secure environment.
MANAGING STANDARD CHIPS PROTOCOLS Chips and readers- USER’S GUIDE This chapter explains how to communicate with any chips that follow the 13.56MHz standards : 15 693, 14 443 Type A and B. More over, you will find there how to communicate with the FeliCa chip (SONY). Note : user’s will find there the commands to use to send byte to the chip, and to get the chip answer, but we will not mention the way to manage these chips.
ISO 14 443 TYPE A Chips and readers- USER’S GUIDE Public sub Sample_14443_A() Version 1.0 ‘ Configure USER protocol as 14443-A level 3 Mx.MxUserProtocol = mupISO_14443A_3 ' Low level : use the set status command ‘Mx.SetStatus &H03, &H5E, &H32 ‘Mx.SetStatus &H03, &H5E, &H12 ‘Mx.SetStatus &H03, &H64, &H63 ‘Mx.SetStatus &H03, &H65, &H63 ' Use the SelectCard command to manage anticollision Mx.
Chips and readers- USER’S GUIDE MANAGING THE RF FIELD Version 1.0 Possible operations you can perform on the RF field are the following : " Cut RF emission, mainly when couplers are powered on battery " Start RF emission " «Reset» RF field (i.e. cut it for 20 ms in order to reset any halted chip in the field) HOW TO RESET THE RF FIELD ? This command will cut the RF field for 20 ms in order to reset all chips that are in the field. ! ActiveX method : Mx.
Version 1.
Chips and readers- USER’S GUIDE APPENDIX A HOW TO LOAD A KEY IN A COUPLER Version 1.0 This procedure consists in several operations on the key. The final result will be sent to the coupler using the Loag_Key_File function. EXCHANGE KEY To ensure the security, an exchange key will protect all key loading operations. This key is in the coupler memory and has 2 functions : - only host knowing this key will be able to modify the Debit and Credit keys.
TERMINOLOGY AND NOTATION Chips and readers- USER’S GUIDE Adding p after the key name means that the key is permuted. Adding chk means that the 8th byte replaced by the Checksum byte value. A C before the key name means that the key has been encrypted. Abbreviation Kex Kexp Kexp_chk Rnd Kx Kx p CKxp SK CHK Meaning Exchange Key. Permuted Exchange Key. Kep with the 8th byte replaced by the Checksum byte value. Random number. Master key. (Kx equals to Kd or Kc) Permuted master key.
ALGORITHMS Chips and readers- USER’S GUIDE KEY PERMUTATION Version 1.0 Proceed as described below to permute a key. Example: Permute the key Kex.
Chips and readers- USER’S GUIDE Example: The checksum when sending the default Debit Key Kd is : Version 1.
Chips and readers- USER’S GUIDE APPENDIX B ERROR CODE Version 1.0 When an error occurs, coupler response is only status words SW1 SW2. No data is returned. The following table sums up the various values.
