9.4 Set Security Fuses
Once all data have been written and verified in the user zones and the Configuration zone, the security fuses must be set before the device is released from the secure location used for device initialization. There are three fuses—FAB, CMA and PER—that must be set in the specified order: first FAB, followed by CMA, and then PER. Each fuse is set individually using the Write Fuse command. The status of all three fuses can be verified using the Read Fuse command. Once all fuses have been set, the Read Fuse command will return a value of zero for the second nibble of the fuse byte.
The AT88SC0104CA is used for this example. A small pattern is written into the first two user zones. Security for each of these two user zones and the associated register values are shown in the table below. Simple password values are used for demonstration.
User Zone | Data | Security Requirements | Access Register | Password/Key Register |
|---|---|---|---|---|
0 | Zone 0 | None | $FF | $FF |
1 | Zone 1 | Read/Write Password (Set 1) | $7F | $F9 |
2 | Zone 2 | Read/Write Authentication (Set 2) | $DF | $BF |
3 | Zone 3 | Read/Write Password (Set 1) Read/Write Authentication (Set 2) with Encryption Required | $57 | $B9 |
The following section shows the Two-Wire commands sent to the CryptoMemory® device for the purpose of initializing the device. The flow is consistent with the steps described above; comments have been added as indicated with an asterisk (*).
*AT88SC0104CA Initialization Example
*WRITE DATA TO USER ZONES
*Set User Zone 0
B4 03 00 00
*Write data = Zone 0 Data
B0 00 00 0B 5A 6F 6E 65 20 30 20 44 61 74 61
*Set User Zone 1
B4 03 01 00
*Write data = Zone 1 Data
B0 00 00 0B 5A 6F 6E 65 20 31 20 44 61 74 61
*Set User Zone 2
B4 03 02 00
*Write data = Zone 2 Data
B0 00 00 0B 5A 6F 6E 65 20 32 20 44 61 74 61
*Set User Zone 3
B4 03 03 00
*Write data = Zone 3 Data
B0 00 00 0B 5A 6F 6E 65 20 33 20 44 61 74 61
*UNLOCK CONFIGURATION ZONE
BA 07 00 03 DD 42 97
*WRITE CODES IN CONFIGURATION ZONE
*Write Card Mfg Code = P001
B4 00 0B 04 50 30 30 31
*Write Identification Number = 00000000012345
B4 00 19 07 00 00 00 00 01 23 45
*Write Issuer Code = STATION 035
B4 00 40 10 53 54 41 54 49 4F 4E 20 30 33 35 00 00 00 00 00
*WRITE REGISTERS IN CONFIGURATION ZONE
*Write Registers AR1/PR1 = 7F F9
B4 00 22 02 7F F9 DF BF 57 B9
*WRITE KEYS IN CONFIGURATION MEMORY
*Write Ci for set 2 = 22222222222222
B4 00 71 07 22 22 22 22 22 22 22
*Write Gc for set 2 = 5B4F9AE4B5098BE7
B4 00 A0 08 5B 4F 9A E4 B5 09 8B E7
*WRITE PASSWORDS IN CONFIGURATION MEMORY
*WRITE PASSWORDS IN CONFIGURATION ZONE
*Write Passwords, read 7 = 10 00 01, write 7 = 11 00 11
B4 00 B9 07 11 00 11 FF 10 00 01
*READ ENTIRE CONFIGURATION ZONE TO VERIFY
B6 00 00 F0
*Device Response:
3B B2 11 00 10 80 00 01 10 10 FF 50 30 30 31 FF
8C AD A8 10 0A AB FF FF FB 00 00 00 00 01 23 45
FF FF 7F F9 FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
53 54 41 54 49 4F 4E 20 30 33 35 00 00 00 00 00
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF 11 00 11 FF 10 00 01
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
*SET SECURITY FUSES
*Set FAB Fuse
B4 01 06 00
*Set CMA Fuse
B4 01 04 00
*Set PER Fuse
B4 01 00 00
*Read Fuse Byte = X0
B6 01 00 01
*Device Response:
00
90 00