HCS412
K
EE
L
OQ®
Code Hopping Encoder and Transponder
FEATURES
Security
•
•
•
•
•
Programmable 64-bit encoder crypt key
Two 64-bit IFF keys
Keys are read protected
32-bit bi-directional challenge and response using
one of two possible keys
69-bit transmission length
• 32-bit hopping code,
• 37-bit nonencrypted portion
Programmable 28/32-bit serial number
60-bit, read protected seed for secure learning
Two IFF encryption algorithms
Delayed counter increment mechanism
Asynchronous transponder communication
Transmissions include button Queuing
information
2.0V to 6.3V operation
Three switch inputs: S2, S1, S0 – seven functions
Battery-less bi-directional transponder capability
Selectable baud rate and code word blanking
Automatic code word completion
Battery low detector
PWM or Manchester data encoding
Combined transmitter, transponder operation
Anticollision of multiple transponders
Passive proximity activation
Device protected against reverse battery
Intelligent damping for high Q LC-circuits
100 mV
PP
sensitive LC input
Automotive remote entry systems
Automotive alarm systems
Automotive immobilizers
Gate and garage openers
Electronic door locks (Home/Office/Hotel)
Burglar alarm systems
Proximity access control
PACKAGE TYPES
PDIP, SOIC
S0
S1
S2/RFEN/LC1
LC0
1
8
V
DD
LED
DATA
GND
HCS412
2
3
4
7
6
5
BLOCK DIAGRAM
V
DD
Power
Control
Oscillator
•
•
•
•
•
•
Configuration Register
S0
S1
Debounce
Control
and
Queuer
Address EEPROM
Decoding
Wake-up
Logic
Control Logic
and Counters
Operating
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
LED
Transponder
Circuitry
LC0
RFEN/S2/LC1
PPM
Detector
DATA
PPM
Manch.
Encoder
DATA
DATA
Driver
Other
•
•
•
•
•
•
•
•
•
•
Simple programming interface
On-chip tunable RC oscillator, ± 10%
On-chip EEPROM
64-bit user EEPROM in Transponder mode
Battery-low LED indication
Serialized Quick Turn Programming (SQTP
SM
)
8-pin PDIP/SOIC
RF Enable output
ASK and FSK PLL interface option
Built in LC input amplifier
Typical Applications
©
2011 Microchip Technology Inc.
DS41099D-page 1
Register
LED
Control
Encryption/Increment
Logic
HCS412
GENERAL DESCRIPTION
The HCS412 combines patented K
EE
L
OQ®
code hop-
ping technology with bi-directional transponder chal-
lenge-and-response security into a single chip solution
for logical and physical access control.
When used as a code hopping encoder, the HCS412 is
ideally suited to keyless entry systems; vehicle and
garage door access in particular. The same HCS412
can also be used as a secure bi-directional transponder
for contactless token verification. These capabilities
make the HCS412 ideal for combined secure access
control and identification applications, dramatically
reducing the cost of hybrid transmitter/transponder
solutions.
•
Learn
– Learning involves the receiver calculating
the transmitter’s appropriate crypt key, decrypting
the received hopping code and storing the serial
number, synchronization counter value and crypt
key in EEPROM (Section 6.1). The K
EE
L
OQ
prod-
uct family facilitates several learning strategies to
be implemented on the decoder. The following are
examples of what can be done.
-
Simple Learning
The receiver uses a fixed crypt key, common
to all components of all systems by the same
manufacturer, to decrypt the received code
word’s encrypted portion.
-
Normal Learning
The receiver uses information transmitted
during normal operation to derive the crypt
key and decrypt the received code word’s
encrypted portion.
-
Secure Learn
The transmitter is activated through a special
button combination to transmit a stored 60-bit
seed value used to generate the transmitter’s
crypt key. The receiver uses this seed value
to derive the same crypt key and decrypt the
received code word’s encrypted portion.
•
Manufacturer’s code
- A unique and secret 64-
bit number used to generate unique encoder crypt
keys. Each encoder is programmed with a crypt
key that is a function of the manufacturer’s code.
Each decoder is programmed with the manufac-
turer code itself.
•
Anticollision
- A scheme whereby transponders
in the same field can be addressed individually
preventing simultaneous response to a command
(Section 4.3.1).
•
IFF
- Identify Friend or Foe (Section 1.2).
•
Proximity Activation
- A method whereby an
encoder automatically initiates a transmission in
response to detecting an inductive field
(Section 4.4.1).
•
Transport code
- An access code, ‘password’
known only by the manufacturer, allowing pro-
gram access to certain secure device memory
areas (Section 4.3.3).
•
AGC
- Automatic Gain Control.
1.0
SYSTEM OVERVIEW
Key Terms
The following is a list of key terms used throughout this
data sheet. For additional information on terminology,
please refer to the K
EE
L
OQ
introductory Technical Brief
(TB003).
•
RKE -
Remote Keyless Entry.
•
PKE
- Passive Keyless Entry.
•
Button Status
- Indicates what transponder but-
ton input(s) activated the transmission. Encom-
passes the 4 button status bits LC0, S2, S1 and
S0 (Figure 3-2).
•
Code Hopping
- A method by which a code,
viewed externally to the system, appears to
change unpredictably each time it is transmitted
(Section 1.1.3).
•
Code word
- A block of data that is repeatedly
transmitted upon button activation (Section 3.2).
•
Transmission
- A data stream consisting of
repeating code words.
•
Crypt key
- A unique and secret 64-bit number
used to encrypt and decrypt data. In a symmetri-
cal block cipher such as the K
EE
L
OQ
algorithm,
the encryption and decryption keys are equal and
will therefore be referred to generally as the crypt
key.
•
Encoder
- A device that generates and encodes
data.
•
Encryption Algorithm
- A recipe whereby data is
scrambled using a crypt key. The data can only be
interpreted by the respective decryption algorithm
using the same crypt key.
•
Decoder
- A device that decodes data received
from an encoder.
•
Transponder Reader (Reader, for short)
- A
device that authenticates a token using bi-direc-
tional communication.
•
Decryption algorithm
- A recipe whereby data
scrambled by an encryption algorithm can be
unscrambled using the same crypt key.
DS41099D-page 2
©
2011 Microchip Technology Inc.
HCS412
1.1
Encoder Overview
The HCS412 code hopping transcoder is designed
specifically for passive entry systems; primarily vehicle
access. The transcoder portion of a passive entry sys-
tem is integrated into a transmitter, carried by the user
and operated to gain access to a vehicle or restricted
area. The HCS412 is meant to be a cost-effective yet
secure solution to such systems, requiring very few
external components (Figure 2-6).
1.1.1
LOW-END SYSTEM SECURITY RISKS
‘grabbing’ or code ‘scanning’. The high security level of
the HCS412 is based on the patented K
EE
L
OQ
technol-
ogy. A block cipher based on a block length of 32 bits
and a key length of 64 bits is used. The algorithm
obscures the information in such a way that even if the
transmission information (before coding) differs by only
one bit from that of the previous transmission, statisti-
cally greater than 50 percent of the next transmission’s
encrypted bits will change.
1.1.3
HCS412 HOPPING CODE
Most low-end keyless entry transmitters are given a
fixed identification code that is transmitted every time a
button is pushed. The number of unique identification
codes in a low-end system is usually a relatively small
number. These shortcomings provide an opportunity
for a sophisticated thief to create a device that ‘grabs’
a transmission and retransmits it later, or a device that
quickly ‘scans’ all possible identification codes until the
correct one is found.
1.1.2
HCS412 SECURITY
The 16-bit synchronization counter is the basis behind
the transmitted code word changing for each transmis-
sion; it increments each time a button is pressed.
Once the device detects a button press, it reads the
button inputs and updates the synchronization counter.
The synchronization counter and crypt key are input to
the encryption algorithm and the output is 32 bits of
encrypted information. This encrypted data will change
with every button press, its value appearing externally
to ‘randomly hop around’, hence it is referred to as the
hopping portion of the code word. The 32-bit hopping
code is combined with the button information and serial
number to form the code word transmitted to the
receiver. The code word format is explained in greater
detail in Section 3.2.
The HCS412, on the other hand, employs the K
EE
L
OQ
code hopping technology coupled with a transmission
length of 69 bits to virtually eliminate the use of code
FIGURE 1-1:
BUILDING THE TRANSMITTED CODE WORD (ENCODER)
Transmitted Information
K
EE
L
OQ®
Encryption
Algorithm
32 Bits of
Encrypted Data
Serial Number
Button Press
Information
EEPROM Array
Crypt Key
Sync Counter
Serial Number
1.2
Identify Friend or Foe (IFF) Overview
Validation of a token first involves an authentication
device sending a random challenge to the token. The
token then replies with a calculated response that is a
function of the received challenge and the stored crypt
key. The authentication device, transponder reader,
performs the same calculation and compares it to the
token’s response. If they match, the token is identified
as valid and the transponder reader can take appropri-
ate action.
The HCS412’s 32-bit IFF response is generated using
one of two possible encryption algorithms and one of
two possible crypt keys; four combinations total. The
authenticating device precedes the challenge with a
five bit command word dictating which algorithm and
key to use in calculating the response.
The bi-directional communication path required for IFF
is typically inductive for short range (<10cm) transpon-
der applications and an inductive challenge, RF
response for longer range (~1.5m) passive entry appli-
cations.
©
2011 Microchip Technology Inc.
DS41099D-page 3
HCS412
2.0
2.1
DEVICE DESCRIPTION
Pinout Description
The HCS412’s footprint is identical to other encoders in
the K
EE
L
OQ
family, except for the two pins reserved for
low frequency communication.
TABLE 2-1:
Pin
Name
S0
S1
S2/RFEN/LC1
PINOUT SUMMARY
Pin
Number
1
2
3
Description
Button input pin with Schmitt Trigger detector and internal 60 kΩ (nominal) pull-down
resistor (Figure 2-1).
Button input pin with Schmitt Trigger detector and internal 60 kΩ (nominal) pull-down
resistor (Figure 2-1).
Multi-purpose input / output pin (Figure 2-2).
• Button input pin with Schmitt Trigger detector and internal pull-down resistor.
• RFEN output driver.
• LC1 low frequency (LF) antenna output driver for inductive responses and LC bias.
• Programming clock signal input.
Low frequency (LF) antenna input with automatic gain control for inductive reception and
low frequency output driver for inductive responses (Figure 2-3).
Ground reference.
Transmission data output driver. Programming input / output data signal (Figure 2-4).
LED output driver (Figure 2-5).
Positive supply voltage.
LC0
GND
DATA
LED
V
DD
4
5
6
7
8
FIGURE 2-1:
S0
S1
S0/S1 PIN DIAGRAM
SWITCH
>
IN
60 kΩ
FIGURE 2-3:
LC0 PIN DIAGRAM
RECTIFIER AND
REGULATOR
V
DD
S2LC OPTION
LC0 100
Ω
AMP
AND
DET
10V
FIGURE 2-2:
S2/RFEN/LC1 PIN DIAGRAM
S2LC OPTION
>
LC
INPUT
<
LC
OUTPUT
V
DD
OUT
100
Ω
>
SWITCH 2
INPUT
<
LC
OUTPUT
10V
DS41099D-page 4
>
VBIAS
RFEN
©
2011 Microchip Technology Inc.
HCS412
FIGURE 2-4:
DATA PIN DIAGRAM
FIGURE 2-5:
LED PIN DIAGRAM
LED
DATA
<
IN
OE
>
LED_ON
>
R
DATA
OUT
>
120 kΩ
DATA
FIGURE 2-6:
TYPICAL APPLICATION CIRCUITS
Battery-less Short Range Transponder
S0
S1
LC1
LC0
1
8
V
DD
LED
DATA
GND
HCS412
2
3
4
7
6
5
Long Range / Proximity Activated Transponder / Encoder
S0
S1
LC1
LC0
1
8
V
DD
LED
DATA
GND
RF
HCS412
2
3
4
7
6
5
Short Range Transponder with RFEN Control / Long Range Encoder
S0
S1
RFEN
LC0
1
8
V
DD
LED
DATA
GND
RF
HCS412
2
3
4
7
6
5
©
2011 Microchip Technology Inc.
DS41099D-page 5
京公网安备 11010802033920号
EEWORLD
