8

AT88SC1608

0971G–SMEM–04/04

Cryptogram (Ci)

The 64-bit cryptogram is generated by the internal random generator and modified after

each successful verification of the cryptogram by the chip, on host request. The initial

value, defined by the issuer, is diversified as a function of the identification number.

Secret Seed (Gc)

The 64-bit secret seed, defined by the issuer, is diversified as a function of the identifica-

tion number.

Memory Test Zone

The memory test zone is a 64-bit free access zone for memory test.

Password Sets

The password sets are eight sets of two 24-bit passwords for read and write operations,

defined by the issuer. The write password allows the user to modify the read and write

passwords of the same set. By default, the eighth set of passwords (Write 7/Read 7) is

active for all user zones.

•

Secure Code

A 24-bit password, defined by Atmel, that is different for each card manufacturer. The

Write Password 7 is used as the secure code until the personalization is over (PER = 0).

•

Attempts Counters

There are 16 8-bit password attempts counters (PACs), one for each password, and one

other 8-bit attempts counter for the authentication protocol (AAC). The attempts

counters limit the number of consecutive incorrect code presentations allowed (currently

eight).

User Zones

These zones are dedicated to user data. The access rights of each zone are program-

mable separately via the access registers. If several zones share the same password

set, the set will be entered only once (after the part is powered up). Therefore, several

zones can be combined into one larger zone. The user zone address should be

changed each time a new zone is being reached.

Security Operations

Password Verification

Compare the operation password presented with the stored one and write a new bit in

the corresponding attempts counter for each wrong attempt. A valid attempt before the

limit erases the attempts counter, and allows the operation to be carried out as long as

the chip is powered.

Only one password is active at a time. When a new password is presented, access priv-

ileges defined by the previous password become invalid.

If the trials limit has been reached (i.e., the 8 bits of the attempts counter have been writ-

ten), the password verification process will not be taken into account.

Authentication Protocol

The access to a user zone may be protected by an authentication protocol in addition to

password-dependent rights.

The authentication success is memorized and active as long as the chip is powered,

unless a new authentication is initialized or RST becomes active. If the new authentica-

tion request is not validated, the card has lost its previous authentication and it should

be presented again. Only the last request is memorized.

The authentication verification protocol requires the host to perform an Initialize Authen-

tication command, followed by a Verify Authentication command.