6.3.9.2 AM(1:0) Authentication Mode

Table 6-7. Authentication Mode

AM1

AM0

Access

1

1

No authentication required

1

0

Authentication for write

0

1

Normal Authentication mode

0

0

Dual Access mode

When AM = 11, the user zone under protection requires no authentication. When AM = 10, the zone requires authentication only for write access, and read access is free. When AM = 01, the zone requires authentication for both write and read access. In both of these configurations, the Authentication Key (AK) in the corresponding passwords/keys register specifies the required secret seed and corresponding cryptogram, and, when applicable, the session encryption key (see section 6.3.10 ).

Finally, when AM = 00, Dual Access mode is active, in which authentication using the Program Only Key (POK) grants the right to read and program the zone (i.e., write zeros only), while authentication using the AK grants full read and write access to the zone. In this way, a token application may be implemented, whereby regular hosts with knowledge of the POK may decrement the stored value, and only master hosts with knowledge of the AK may reset the token to its full value. See section 6.3.10  on the passwords/keys register for further definition of POK and AK.

Note:
  1. When AM = 00, the POK bits in the corresponding password/key register are ignored.
  2. When AM = 00 and PGO = 0, bits in the zone may not be written to one, even when using the AK.
  3. Requiring authentication automatically requires the use of secure checksums for write operations (see section 6.1.4 Encrypted Checksum (Message Authentication Code, MAC).