HIGH SECURITY
HS SERIES
ENCODER
WIRELESS MADE SIMPLE
®
HS SERIES ENCODER DATA GUIDE
®
DESCRIPTION
HS Series encoders and decoders are
designed for maximum security remote
control applications. The HS encoder
encodes the status of up to eight buttons or
contacts into a highly secure encrypted
output intended for wireless transmission
via a RF or infrared link. The HS Series
uses CipherLinx™ technology, which is
based on the Skipjack algorithm developed
by the U.S. National Security Agency
(NSA) and has been independently
evaluated by ISE. CipherLinx™ never
sends or accepts the same data twice,
never loses sync, and changes codes on
every packet, not just every button press.
In addition to state-of-the-art security, the
tiny 20-pin SSOP packaged parts also
offer innovative features, including up to 8
data lines, multiple baud rates, individual
“button level” permissions, keypad user
PIN, encoder identity output, low power
consumption, and easy setup.
CipherLinx
Technology
Ro
HS
EVALUATED
C
0.309
(7.85)
0.026
(0.65)
0.207 (5.25)
OMP
IAN
T
L
LICAL-ENC-HS001
YYWWNNN
0.013
(0.32)
0.284
(7.20)
0.007
(0.18)
0.030
(0.75)
Figure 1: Package Dimensions
FEATURES
APPLICATIONS INCLUDE
Keyless Entry / Access Control
CipherLinx™ security technology
Door and Gate Openers
ISE evaluated
Security Systems
Never sends the same packet twice
Remote Device Control
Never loses sync
Car Alarms / Starters
PIN-protected encoder access
Home / Industrial Automation
8 selectable data lines
Remote Status Monitoring
“Button level” permissions
Encoder ID available at decoder
Wide 2.0 to 5.5V operating voltage
ORDERING INFORMATION
Low supply current (370µA @ 3V)
PART #
DESCRIPTION
Ultra-low 0.1µA sleep current
LICAL-ENC-HS001
HS Encoder
Selectable baud rates
LICAL-DEC-HS001
HS Decoder
No programmer required
MDEV-LICAL-HS
HS Master Development System
HS encoders are shipped on reels of 1,600
Small SMD package
Patents Pending
Revised 1/28/08
ELECTRICAL SPECIFICATIONS
Parameter
POWER SUPPLY
Operating Voltage
Supply Current:
At 2.0V V
CC
At 3.0V V
CC
At 5.0V V
CC
Power-Down Current:
At 2.0V V
CC
At 3.0V V
CC
At 5.0V V
CC
ENCODER SECTION
Input Low
Input High
Output Low
Output High
Output Sink Current
Output Drive Current
SEND High to DATA_OUT
ENVIRONMENTAL
Operating Temperature Range
Designation
V
CC
I
CC
Min.
2.0
–
–
–
I
PDN
–
–
–
V
IL
V
IH
V
OL
V
OH
–
–
–
–
0.0
0.8 x V
CC
–
V
CC
- 0.7
–
–
–
-40
0.10
0.10
0.20
–
–
–
–
–
–
3.3
–
0.80
0.85
0.95
0.15 x V
CC
V
CC
0.6
–
25
25
–
+125
µA
µA
µA
V
V
V
V
mA
mA
mS
°C
–
–
–
2
3
–
–
–
–
–
–
Typical
–
240
370
670
Max.
5.5
300
470
780
Units
VDC
µA
µA
µA
Notes
–
1
1
1
RECOMMENDED PAD LAYOUT
HS Series encoders and decoders are implemented in an industry standard
20-pin Shrink Small Outline Package (20-SSOP). The recommended layout
dimensions are shown below.
0.047
(1.19)
0.016
(0.41)
0.026
(0.65)
0.234 (5.94)
0.328 (8.33)
Figure 2: HS Series Encoder PCB Layout Dimensions
Table 1: Electrical Specifications
PRODUCTION CONSIDERATIONS
These surface-mount components are designed to comply with standard reflow
production methods. The recommended reflow profile is shown below and
should not be exceeded, as permanent damage to the part may result.
Lead-Free
Sn
/ Pb
275
250
Notes
1. Current consumption with no active loads.
2. For 3V supply, (0.15 x 3.0) = 0.45V max.
3. For 3V supply, (0.8 x 3.0) = 2.4V min.
ABSOLUTE MAXIMUM RATINGS
Supply Voltage V
CC
Any Input or Output Pin
Max. Current Sourced By Output Pins
Max. Current Sunk By Output Pins
Max. Current Into V
CC
Max. Current Out Of GND
Operating Temperature
Storage Temperature
-0.3
-0.3
to
+6.5
to V
CC
+ 0.3
25
25
250
300
to
+125
to
+150
VDC
VDC
mA
mA
mA
mA
°C
°C
260°C Max
240°C Max
225
200
TEMPERATURE (°C)
175
150
125
100
75
50
-40
-65
*NOTE*
Exceeding any of the limits of this section may lead to permanent
damage to the device. Furthermore, extended operation at these maximum
ratings may reduce the life of this device.
25
0
0
20
40
60
80
100
120
140
160
180
200
220
240
260
280
300
320
340
360
380
400
420
TIME (SECONDS)
Figure 3: HS Series Reflow Profile
Baud Rate
4,800
28,800
Decoder Activation Time
67
36
*CAUTION*
This product is a static-sensitive component. Always wear an ESD
wrist strap and observe proper ESD handling procedures when
working with this device. Failure to observe this precaution may
result in device damage or failure.
Page 3
Table 2: Encoder SEND to Decoder Activation Times (mS)
Page 2
PIN ASSIGNMENTS
1
2
3
4
5
6
7
8
9
10
D6
LICAL-ENC-HS001
D5 20
D7
SEL_BAUD
SEL_TIMER
GND
GND
KEY_IN
TX_CNTL
DATA_OUT
MODE_IND
D4
D3
D2
VCC
VCC
D1
D0
SEND
CREATE_PIN
19
18
17
16
15
14
13
12
11
PIN DESCRIPTIONS
Data Lines
The encoder has eight data lines, D0 through D7. when the SEND line goes high,
the states of these lines are recorded, encrypted for transmission, then
reproduced on the outputs of the decoder.
SEL_BAUD
This line is used to select the baud
rate of the serial data stream. The
state of the line allows the selection of
one of two possible baud rates, as
shown in the adjacent table.
SEL_BAUD
0
1
Baud Rate (bps)
4,800
28,800
Table 5: Baud Rate Selection Table
Figure 4: HS Series Encoder Pin Assignments
The baud rate must be set before power-up. The encoder will not recognize any
change in the baud rate setting after it is on.
Pin Name
D0-D7
SEL_BAUD
SEL_TIMER
GND
KEY_IN
TX_CNTL
DATA_OUT
MODE_IND
CREATE_PIN
SEND
V
CC
Pin Number
1, 2, 13, 14, 17-20
3
4
5, 6
7
8
9
10
11
12
15, 16
I/O
I
I
I
Description
Data Input Lines
Baud Rate Selection Line
PIN Time-Out Timer Select Line
Ground
Key Input Pin
External Transmitter Control Line
Serial Data Output
Mode Indicator Output
Create PIN Mode Selection Line
Encoder Send Data Line
Positive Power Supply
SEL_TIMER
This line is used to set the length of inactive time before PIN reentry is required.
GND
These lines are connected to ground.
KEY_IN
This line is used to input the key from the decoder.
TX_CNTL
This line goes high when the SEND line goes high and low when the SEND line
goes low. This can be used to power up external devices, such as a transmitter,
when the encoder is sending data, and power it down when the encoder is
asleep. It can also be used to drive a LED for visual indication of transmission.
DATA_OUT
The encoder will output an encrypted serial data stream on this line. This line can
directly interface with all Linx RF transmitter modules or it can be used to
modulate an IR diode.
MODE_IND
This line will be activated while the encoder is in Get Key Mode or Create Pin
Mode. It allows the connection of a LED or other indicator for user feedback.
CREATE_PIN
When this line is taken high, the encoder will enter Create PIN Mode and allow
the user to set a Personal Identification Number (PIN) to control encoder access.
SEND
When this line goes high, the encoder will record the states of the data lines,
encrypt them for transmission, and send the packet as a serial bit stream through
the DATA_OUT line at the baud rate selected by the state of the SEL_BAUD line.
V
CC
This is the positive power supply.
—
I
O
O
O
I
I
—
Table 3: HS Series Encoder Pin Assignments
NOTE:
None of the input lines have internal pull-up or pull-down resistors. The input lines must always be in a
known state (either GND or V
CC
) at all times or the operation may not be predictable. The designer must
ensure that the input lines are never floating, either by using external resistors, by tying the lines directly to
GND or V
CC
, or by use of other circuits to control the line state.
ENCODER MODE_IND INDICATION TABLE
The MODE_IND line is the primary means of indicating the state of the encoder
to the user. The table below provides definitions for the MODE_IND signals.
Get Key Mode
ON for 1 second after a successful key transfer.
Flashes* for 15 seconds while waiting for user to enter a PIN. It
Create PIN Mode stops flashing when the fourth number is entered or when it
times out.
Enter PIN Mode
ON when each PIN is entered.
*Flash = ON for 200ms and OFF for 200ms
Table 4: HS Series Encoder MODE_IND Definitions
Page 4
Page 5
REMOTE CONTROL OVERVIEW
Wireless remote control is growing in popularity and finding its way into more
unique applications. Remote Keyless Entry (RKE) systems for unlocking cars or
opening garage doors quickly come to mind, but how about a trash container that
signals the maintenance office when it needs to be emptied? The idea behind
remote control is simple: a button press or contact closure on one end causes
some action to be taken at the other. Implementation of the wireless RF stage
has traditionally been complicated, but with the advent of simpler discrete
solutions and modular products, such as those from Linx, implementation has
become significantly easier.
Encoder and decoder ICs are
generally employed to maintain the
security and uniqueness of a wireless
RF or IR link. These devices encode
the status of inputs, usually button or
contact closures, into a data stream
suitable for wireless transmission.
Upon successful recovery and
validation, the decoder’s outputs are
set to replicate the states of the
encoder’s inputs. These outputs can
then be used to control the circuitry
required by the application.
VCC
HS SERIES OVERVIEW
The HS Series encoder encrypts the status of up to eight buttons or contacts into
highly secure encrypted serial data stream intended for wireless transmission via
an RF or infrared link. The series uses CipherLinx™ technology, which is based
on the Skipjack algorithm developed by the United States National Security
Agency (NSA). The CipherLinx™ protocol in the HS Series has been
independently evaluated by Independent Security Evaluators (ISE). A full
evaluation white paper is available at www.linxtechnologies.com/cipherlinx.
The encoder combines eight bits representing the state of the eight data lines
with counter bits and integrity bits to form a 128-bit message. To prevent
unauthorized access, this message is encrypted with CipherLinx™ in a mode of
operation that provides data integrity as well as secrecy. CipherLinx™ never
sends or accepts the same data twice, never loses sync, and changes codes
with every packet, not just every button press.
Decoding of the received data signal is accomplished by a corresponding Linx
HS Series decoder. When the decoder receives a valid command from an
encoder, it will activate its logic-level outputs, which can be used to control
external circuitry. The encoder will send data continuously as long as the SEND
line is held high. Each time the algorithm is executed, the counter is
decremented, causing the code to be changed with the transmission of each
packet. This, combined with the large counter value and the timing associated
with the protocol, ensures that the same transmission is never sent twice.
An 80-bit key used to encrypt the data is created in the decoder by the user. The
decoder is placed into Create Key Mode, and a line is toggled 10 times, usually
by a button. This is required to gather entropy to ensure that the key is random
and chosen from all 2
80
possible keys. A high-speed timer is triggered by each
rise and fall of voltage, recording the time that the line is high and low. The 80-
bit key is generated by combining the low-order bits of the twenty timer values.
To create an association, the key, a 40-bit counter, and a decoder-generated ID
are sent to the encoder via a wire, contacts, IR, or other secure serial connection.
The HS Series allows the end user or manufacturer to create associations
between the encoder and decoder. If the encoder and decoder have been
associated through a successful key exchange, then the decoder will respond to
the encoder’s commands based on its permissions. If an encoder has not been
associated with a decoder, its commands will not be recognized.
The user or manufacturer may also set “button level” permissions. Permission
settings control how the decoder will respond to the reception of a valid
command, either allowing the activation of an individual data line or not. The
decoder is programmed with the permission settings during set-up, and those
permissions are retained in the decoder’s non-volatile memory.
The HS decoder has the ability to identify and output a decoder-assigned
identification number for a specific encoder. An encoder’s key, a 40-bit counter,
and permissions are stored in one of fifteen memory locations within the
decoder. The decoder is able to output an 8-bit binary number that corresponds
to the memory location of the encoder’s information. This provides the ability to
identify the specific encoder from which a signal originated. This identification
can be used in various ways, including systems that record access attempts or
in applications where the originating user needs to be known.
Page 7
ENC
HS
Series
Tx
LR
Series
Rx
LR
Series
DEC
HS
Series
GND
Figure 5: Remote Control Block Diagram
Prior to the arrival of the Linx HS Series, encoders and decoders typically fell into
one of two categories. First were older generation, low-security devices that
transmitted a fixed address code, usually set manually with a DIP switch. These
products were easy to use, but had significant security vulnerabilities. Since they
sent the same code in every transmission, they were subject to code grabbing.
This is where an attacker records the transmission from an authorized
transmitter and then replays the transmission to gain access to the system.
Since the same code is transmitted every time, the decoder has no way to
validate the transmission.
These concerns resulted in the development of a second type of encoder and
decoder that focused on security and utilized a changing code to guard against
code grabbing. Typically, the contents of each transmission changes based on
complex mathematical algorithms to prevent someone from reusing a
transmission. These devices gained rapid popularity due to their security and the
elimination of manual switches; however, they imposed some limitations of their
own. Such devices typically offer a limited number of inputs, the transmitter and
receiver can become desynchronized, and creating relationships and
associations among groups of transmitters and receivers is difficult.
The HS Series offers the best of all worlds. The HS Series uses an advanced
high security encryption algorithm called CipherLinx™ that will never become
desynchronized or send the same packet twice. It is easily configured without
production programming and allows for “button level” permissions and unique
encoder and decoder relationships. Eight inputs are available, allowing a large
number of buttons or contacts to be connected.
To learn more about different encoder and decoder methodologies, please refer
to Application Note AN-00310.
Page 6
HS SERIES SECURITY OVERVIEW
Encryption algorithms are complex mathematical equations that use a number,
called a key, to encrypt data before transmission. This is done so that
unauthorized persons who may intercept the transmission cannot access the
data. In order to decrypt the transmission, the decoder must use the same key
that was used to encrypt it. The decoder will perform the same calculations as
the encoder and, if the key is the same, the data will be recovered.
The HS Series uses the CipherLinx™ algorithm, which is based on Skipjack, a
cipher designed by the U.S. National Security Agency (NSA). At the time of this
writing, there are no known cryptographic attacks on the full Skipjack algorithm.
Skipjack uses 80-bit keys to encipher 64-bit data blocks. The CipherLinx™
algorithm uses Skipjack in a provably secure authenticated encryption mode
both to protect the secrecy of the data and ensure that it is not modified by an
adversary. 8 bits of data are combined with a 40-bit counter and 80 bits of
integrity protection before being encrypted to produce each 128-bit packet.
Preamble
RX
Noise Logic
Balancing Filter Filter
128-Bit Encrypted Data
Integrity Check
80 bits
Data
8 bits
Counter
40 bits
HS SERIES SECURITY OVERVIEW (CONT.)
Another factor is how often the message will be repeated and the intervals
between repeats. Some applications use a counter to change the appearance of
the message. This is good, but at some point, the counter will roll over and the
message will be repeated. For example, if attackers were to copy an encrypted
message and save it, they could potentially gain access to the protected device
at a later time. Depending on the size of the counter, this vulnerability could
occur frequently. The HS Series uses a 40-bit decrementing counter to keep this
from ever happening. If the SEND line was held high continuously at the high
baud rate (28,800bps), it would take 889 years before the counter would reach
zero, at which point the key would be erased and the encoder would have to get
a new key. The math used is: [(2
40
* 25.5ms) / (1000mS*60s*60m*24h*365d)] =
889 years. This large counter prevents a packet from ever being sent twice and
prevents the encoder from ever losing sync with the decoder.
The key is generated with the decoder by the user through multiple button
presses. This is ensures that the key is random and chosen from all 2
80
possible
keys. Since all of the keys are created by the user and are internal to the part,
there is no list of numbers anywhere that could be accessed to compromise the
system.
Encryption of the transmitted data is only one factor in the security of a system.
With most systems, once an encoder is authorized to access a decoder, it can
activate all of the decoder data lines. With the HS Series, each encoder can be
set to only activate certain lines. This means that the same hardware can be set
up with multiple levels of control, all at the press of a button.
Another factor in system security is the control of the encoder. If attackers gain
control of the encoder, typically they would be able to access the system. The
HS offers the option of adding a Personal Identification Number (PIN) to the
encoder that must be entered before the encoder will activate. Furthermore,
since each encoder has its own key and the Control Permissions are stored in
the decoder, all the attackers would be able to do is duplicate the device that
they have already taken. They will not be able to grant themselves greater
authority, create a new controller, or replicate another encoder.
Before the encoder sends a packet, it will calculate the Hamming Weight (the
number of ‘1’s in the string) of the packet to determine the duty cycle. If the duty
cycle is greater than 50% (more ‘1’s than ‘0’s), the encoder will logically invert all
of the bits. This ensures that every packet will always contain 50% or less ‘1’s.
Since the FCC allows transmitter output power to be averaged over 100mS, this
allows a legal improvement in link range and performance for many devices
using an ASK / OOK transmitter. A 50% duty cycle is generally the best
compromise between data volume and output power.
Some other manufacturers may use a Pulse Width Modulation (PWM) scheme
or Manchester Encoding scheme to maintain a 50% duty cycle. Both of these
methods work, but are inefficient and do not make use of the full link budget. The
HS Series uses true serial data while maintaining a 50% duty cycle. Application
Note AN-00310 covers these issues in detail.
Figure 6: HS Series Data Structure
There are several methods an attacker may use to try to gain access to the data
or the secured area. Because a key is used to interpret an encrypted message,
trying to find the key is one way to attack the protected message. The attacker
would either try using random numbers or go through all possible numbers
sequentially to try to get the key and access the data. Because of this, it is
sometimes believed that a larger key size will determine the strength of the
encryption. This is not entirely true. Although it is a factor in the equation, there
are many other factors that need to be included to maintain secure encryption.
One factor is the way that the underlying cipher (in the case of the CipherLinx™
algorithm, Skipjack) is used to encrypt the data. This is referred to as the cipher’s
“mode of operation.” If a highly secure cipher is used in an insecure mode, the
resulting encryption will be insecure. For example, some encryption modes allow
an adversary to combine parts of legitimate encrypted messages together to
create a new (and possibly malicious) encrypted message. This is known as a
“cut-and-paste” attack. The mode of operation used by the CipherLinx™
algorithm is proven to prevent this type of attack.
Another critical factor is how often the message changes. To prevent code
grabbing, most high-security systems send different data with each transmission.
Some remote control applications will encrypt the message once per activation
and repeat the same message over again until it is deactivated. This gives an
attacker the opportunity to copy the message and retransmit it to maintain the
state of the protected device and “hold the door open”, or worse yet, have the
option to come back later and gain access. The HS Series goes a step further
and sends different data with EACH PACKET, so the data will change
continuously during each transmission. This means that at 28,800bps, there will
be a completely new 128-bit message sent every 25.5mS.
Page 8
Page
9
京公网安备 11010802033920号
EEWORLD
