Home

UM0148 User Manual - STMicroelectronics

1. v UMO0148 y User Manual Vending machine demo kit for RFID contactless memories Introduction The vending machine demo kit is designed to show how STMicroelectronic s short range RFID contactless memories can be used as e purse keys for vending machines The short range products suitable for e purse applications are the SRIX512 and SRIX4K The SRIX512 and SRIX4K are contactless memories that are powered by a 13 56MHz transmitted carrier radio wave They contain a 512 bit SRIX512 or 4096 bit SRIX4K EEPROM with memory mapping organized as blocks of 32 bits They conform to the ISO 14443 B recommendation for the transfer of power and signals via radio transmission The CRX14 USB Reader circuitry amplitude modulates 10 modulation the data on the carrier using Amplitude Shift Keying ASK The SRIX512 SRIX4K replies by load modulating the data on the carrier using Bit Phase Shift Keying BPSK which uses the 847kHz sub carrier The data transfer rate in each direction is 106 Kbits second The Vending Machine Demo Kit consists of m One DemokitCRX14 m One CD ROM m Some SRIX512 and SRIX4K Samples m Documentation The software used to run the demo kit is available on the CD ROM but it can also be downloaded from www st com file name VendingMachine UMO148 zip The Vending Machine Demo Kit is used to m Personalize tickets as a ticket issuer m Demonstrate the selling process at any Point of Sale POS m Reload the keys w
2. one MasterKey a demonstration parameter used internally for calculating certificates Fc2 and Fc3 Appendix A Certificates IssuerMachineReaderlndex ReloadMachineReaderlndex VendingMachineX Readerlndex these are order indexes of specific virtual machines issuer machine reload recover machine specific vending machines All indexes are set to zero by default which means that it is configured for 1 reader The indexes address the reader s tables which are found during the initialization process The initialization process searches incrementally for the CRX14 readers via the I C bus on all USB readers connected to the PC When there is only one USB reader with several CRX14 readers connected via the I C bus the CRX14 readers with lower 12C address are the first to be added to the table and are put in the lower index position In the case of multiple USB readers the situation is more complex it depends on how the operating system manages the USB devices and it is necessary to plug the readers into the PC to find and set the correct indexes VendingMachineX PersonalName usually the name of the vending machine location VendingMachineX PersonallD the ID number linked to the location VendingMachineX BackgroundJPEG the link to the background JPEG image for a pair of vending machines left or right recommended resolution of this image is 400 x 500 pixels VendingMachineX OfferNameY the list of item s offered by th
3. Installing the software Browse the CD and find the Vending Machine Demo folder After opening the folder run the setup exe program Read the text of the Welcome Screens and then click on Next Figure 2 Choose your destination location The default folder is C Program Files STM VendingMachine Figure 3 Figure 2 Welcome screens i Vending Machine Demo v1 0 InstallShield Wizard Installshield InstallShield Wizard Welcome to the InstallShield Wizard for Vending Machine Demo v1 0 The InstallShield R Wizard will install Vending Machine Demo v1 0 on your computer To continue click Next WARNING This program is protected by copyright law and international treaties Cancel Figure 3 Choose destination location screen ie ending Machine Demo 1 0 InstallShield Wizard Destination Folder D Click Next to install to this Folder or click Change to install to a different Folder S Install Vending Machine Demo v1 0 to C Program Files STM YendingMachine Change Installshield 7 25 3 Configuring the demo UMO148 User Manual 3 8 25 Configuring the demo Once installed the demo software can be configured using the config ini file which is stored in the Res subdirectory of the program main directory set during installation The config ini file contains the following parameters WriteProtection the tag s memory write protection flag active when set to
4. Write Reload Counter Crypto backup 1 Read all back and check If all OK then activate write protection q 19 25 8 Detailed mode UMO148 User Manual 20 25 Figure 15 Buying Items flowchart Buying Items Read of UID Read of whole memory 0 15 Check key validity Check Type ID Check Personal ID Check available units Decrement the unit counter Calculate Unit Counter Certificate Crypto Backup if activated Write Unit Counter 5 Write Unit Counter Certificate 15 Write Unit Counter Crypto backup 14 Write updated Last date of use 12 Read all back and check d UMO148 User Manual 8 Detailed mode Figure 16 Unit Reload sequence flowchart Reload sequence Read of UID Read of whole memory 0 15 Check validity if Err then Recovery proc Check value to be reloaded Calculate Reload Counter Certificate Crypto Backup if activated Write Reload Counter 6 Write Reload Counter Certificate 0 Write Reload Counter Crypto backup 1 Write updated Last date of use 12 Read all back and check q 21 25 8 Detailed mode UMO148 User Manual Appendix D Emulated errors D 1 D 2 D 3 D 4 D 5 22 25 Application certificate error An Application certificate error occurs when the Application certificate value in the tag differs from the values calculated in Fct1 The value of the Application certificate is located in block 11 The application certificate error
5. can be recovered by a new Application certificate recalculation only if the write protection was not yet activated on the affected key Visit the Reload Recovery desk Unit counter error A Unit counter error occurs when the Unit Counter value is smaller then the Reload Counter value The value of the Unit counter is located in block 5 The solution is to align the Reload Counter to the same value as the unit counter which sets the e purse value to 0 after which the key must be reloaded All involved certificates are then recalculated Visit the Reload Recovery desk Unit counter certificate error A Unit counter certificate error occurs when the Unit counter certificate is corrupted The value of the Unit counter certificate is located in block 15 The solution is to recalculate the Unit counter certificate In this case the value of the E purse is lower and the certificate is recalculated Visit the Reload Recovery desk Reload counter certificate error A Reload counter certificate error occurs when the Reload counter certificate is corrupted The value of the Reload counter certificate is located in block 0 The solution is to recalculate all the involved certificates A sophisticated recovery procedure which takes into account all possible inputs Reload Counter value and Reload OTP counter value and the Reload counter certificate and Reload counter crypto backup outputs can be build in to real applications Visit the Reload Re
6. crypto backup see Section A 3 feature is activated the relevant security procedures are executed in the Key Personalization phase Using the e purse key Once the Key personalization phase has been successfully completed the ticket is active and the user can buy goods However before buying several parameters of the key are checked e Vending machine type identification number e Personal identification number in line with particular vending machine e Validity of all the accessible certificates and crypto backups If the key contains enough units then the user can buy goods and the units used are deducted from the Unit counter Finally the linked certificates and backups are recalculated and loaded back into the key 5 25 1 Ticket mapping UMO148 User Manual 1 3 Reloading units After use the user may want to reload units into the key If there are no errors detected in the tag then the Reload unit counter is appropriately decreased and all the linked certificates and crypto backups see Section A 3 are recalculated and loaded back into the tag s memory If an error occurs the errors must be corrected before any further reloading can take place Figure 1 Example of standard ticket manufacturing flow for SRIXAK ST Key manufacturing personnalisation plant ER er Programmed and printed Virgin key Key Vending manufacturer machine 6 25 UMO148 User Manual 2 Installing the software 2 q
7. and United Kingdom United States of America www st com ky 25 25
8. at there are not enough units available on the key to buy the requested item The solution is to visit the Reload Recovery desk and reload more units onto the key 23 25 8 Detailed mode UMO148 User Manual 24 25 Revision history Date 01 Jul 2005 Revision 1 Initial release Changes UM0148 User Manual Information furnished is believed to be accurate and reliable However STMicroelectronics assumes no responsibility for the consequences of use of such information nor for any infringement of patents or other rights of third parties which may result from its use No license is granted by implication or otherwise under any patent or patent rights of STMicroelectronics Specifications mentioned in this publication are subject to change without notice This publication supersedes and replaces all information previously supplied STMicroelectronics products are not authorized for use as critical components in life support devices or systems without express written approval of STMicroelectronics The ST logo is a registered trademark of STMicroelectronics All other names are the property of their respective owners 2005 STMicroelectronics All rights reserved STMicroelectronics group of companies Australia Belgium Brazil Canada China Czech Republic Finland France Germany Hong Kong India Israel Italy Japan Malaysia Malta Morocco Singapore Spain Sweden Switzerl
9. covery desk Unit counter crypto error A Unit counter crypto errors occurs when the Unit counter crypto backup is corrupted The value of the Unit counter crypto is located in block 14 The solution is to recalculate the Unit counter crypto backup In this case the value of the E purse is lower and the crypto backup is recalculated Visit the Reload Recovery desk UMO148 User Manual 8 Detailed mode D 6 D 7 D 8 D 9 Reload counter crypto error A Reload counter crypto error occurs when the Reload Counter Crypto Backup is corrupted The value of the Reload counter crypto is located in block 1 The solution is to recalculate all the involved certificates A sophisticated recovery procedure which takes into account all possible inputs Reload Counter value and Reload OTP counter value and the Reload counter certificate and Reload counter crypto backup outputs can be build in to real applications Visit the Reload Recovery desk Wrong Type ID The Wrong Type ID warning message indicates that the user is trying to use the key with the wrong type of vending machine The value of the Type ID is located in block 8 Visit the Reload Recovery desk Wrong Personal ID The Wrong personal ID warning message indicates that the user is trying to use the key at the wrong location The value of the personal ID is located in block 9 Visit the Reload Recovery desk Want of Units A Want of Units warning message indicates th
10. ding machine is immediately highlighted and its offer displayed on the virtual display The user can choose a product by pressing the corresponding button or by clicking on the virtual display Once the requested product is selected the user places the memory key in the reader s antenna field to execute the transaction and receive the product Several types of errors can occur during the transaction These errors are listed in Appendix D If the user places the key in the reader s antenna field when no product is selected the status of the ticket is shown on the virtual display In the detailed mode which is shown on the screen in Figure 7 there are also buttons to generate error states Unit Counter Error Unit Counter Cert Error Reload Counter Cert Error Vending machine demo main screen Display 04 04 2005 11 38 38 Snack at Rousset KEY PLEASE y Tuna Sandwitch y Chicken Sandwitch aues Snickers A MusiFi 11 25 6 Using the vending machine UM0148 User Manual Figure 7 Detailed mode screen 12 25 LD UMO148 User Manual 7 Reload desk memory recovery 7 Reload desk memory recovery The Reload desk memory recover is used when an error has occurred or there are no more units available in the key When the key is placed in the reader s antenna field the status of the ticket is shown on the virtual display If no error is detected select the number of units to reload and start the proce
11. dix D EmulatederrOrS seks kase aa eee 22 D 1 Application certificate error ie EER EE ee 22 D 2 Unit counter error nnna nananana 22 D 3 Unit counter certificate error 0 0 00 00 ec 22 D 4 Reload counter certificate error llle 22 2 25 Ey UMO148 User Manual L5 Unit counter crypto error asus rore arenas dE 22 D 6 Reload counter crypto error 0 0 cee ee 23 Df Wrong Type ID oso che ee cheese a eee Rea he ek RU Ree EE 23 UB Wrong Personal ID ste KEES es ve eee al yea ee eee od 23 L9 Warntor UNIS issus dass Er wie fates EO eae EER frate 23 Revision HISTORY casara ra BUR E rac E a 24 3 25 UMO148 User Manual Figure 1 Figure 2 Figure 3 Figure 4 Figure 5 Figure 6 Figure 7 Figure 8 Figure 9 Figure 10 Figure 11 Figure 12 Figure 13 Figure 14 Figure 15 Figure 16 4 25 List of figures Example of standard ticket manufacturing flow for SRIX4K 0020000 ee eee 6 Welcome screenS EE EE EE hr nnn 7 Choose destination location screen EE EE cette 7 First menu window oo 9 Issuer key personalization screen EE EE EE SE Ee Ee ee ee ee ee ee ee 10 Vending machine demo main screen EE EE tee 11 Detailed mode screen iss ER eee eens 12 Reload desk memory recovery screen eae 13 Memory map standard screen 1 0 cee er 14 Memory map recording memory accesses screen oooococcccc EE Ee ee ee 15 Application certificate exaM
12. dure by clicking on Reload Recover When errors are detected the Reload function is disabled and the errors have to be corrected before doing another Reload The InfoBox provides short descriptions of the errors and the proposed recovery actions See Appendix D for a list of all the possible error states Figure 8 Reload desk memory recovery screen r Units MM Display Reload units 00 04 04 2005 15 35 10 SRIX4K Memory Unit Counter 8485 Reload Counter 7995 Reload OTP Counter 178 RELOAD RECOVER 490 Issue 04 04 2005 11 21 24 r InfoBox WRITE DISABLE No Errors detected this key can be reloaded Crypto Enabled Crypto Unit Counter 8485 Crypto Reload Unit Counter 7995 Crypto Reload OTP Counter 178 Crypto E purse 490 CERTIFICATES OK q 13 25 8 Detailed mode UMO148 User Manual 8 Detailed mode Selecting the Detailed Demo Mode checkbox on the first demo screen shows the memory map of the key see Figure 9 If the Record Memory Access checkbox is unselected the content of the last detected tag is shown If the reader fails to read the memory content the memory map provides information about the fail and the block number of the last successfully read block If the Record Memory Access checkbox is selected the screen is not updated when a new tag is inserted into the reader s antenna field Instead all previous memory accesses undertaken during the Key i
13. e vending machine it indicates the name of the products offered VendingMachineX OfferPriceY the price list of the item s offered by the vending machine it indicates the unit price of a particular product VendingMachineX OfferBMPY the list of images which correspond to the item s offered by the vending machine it indicates the link to the bitmap image 45 x 45 pixels which represents the particular product UM0148 User Manual 4 Launching the demo 4 Launching the demo After successful installation the demo program is launched from the Windows Start menu Start Programs Vending machine demo Immediately after execution the Splash screen appears After the program is fully loaded into the memory the first menu window see Figure 4 appears select the Key Issuer Personalization mode the Reload Desk Memory Recovery mode or the Vending Machine Demo to start the demo Figure 4 First menu window ky 9 25 5 Key personalization UMO148 User Manual 5 Key personalization The key personalization is normally done in the production phase by the key manufacturer and so final key users receive the contactless memories already personalized for their needs and specification However as the Contactless memory samples included in the kit are general samples used for a wide variety of applications they must be personalized by the user before use To personalize an empty tag e choose a desired key type e s
14. erial Number a unique number that is controlled by the application owner MK the Master Key dedicated to the application which is controlled by the application owner and can be used to differentiate between the various applications of particular customer Vending machine type identification number this parameter stores the flags of the type of vending machines that use the key Personal identification number a unique number used to help the provider differentiate between the various locations of the vending machines Application certificate Fct1 The Fct1 certificate is used to authenticate the personalized data Figure 11 shows and example In this example the key is personalized for a snack machine Vending machine type identification 40 00 55 AA in ST Rousset personal identification number AF FF 11 11 The SRIX4K UID number is DO 02 18 00 11 22 33 44 with serial number 12 34 56 78 The Fct1 certificate is always fully managed by the customer s application and so provides a high level of security Figure 11 Application certificate example Serial Number Vending machine type identification number Personal identification number Application certificate Fct1 E4 59 28 7C UMO148 User Manual 8 Detailed mode A 2 A 3 A 3 1 Counter certificates Fct2 Fct3 Certificates Fct2 and Fct3 are used to authenticate the counter values See Figure 12 for an example As for the Fct1 cert
15. esult is divided into four 6 bit groups which are fed through the S boxes as described in the DES standard the outer two bits select the S box row and the inner four bits select the S box column 17 25 8 Detailed mode UMO148 User Manual Appendix B Memory mapping Figure 13 Memory mapping example 32 bits Block Block Type Unit counter 7400 Decrease Counters 174 7200 E purse 200 Serial Number Vending machine type ID Personal ID ET Application certificate Fct1 Last date of use Unused A3bA 2b2Ch Unit counter Crypto backup Unit counter certificate Fct2 12CB1B1Ch Reload OTP Reload Unit counter counter d 18 25 UMO148 User Manual 8 Detailed mode Appendix C Memory accesses Figure 14 Figure 15 and Figure 16 show the step by step procedures of selected memory operations The numbers in the brackets indicate the memory block numbers for a particular memory operations Figure 14 Issuer sequence flowchart Issuer Sequence MEE WEE Read of UID Read of whole memory 0 15 Check write protection Calculate Application Certificate Calculate Reload Counter Certificate Crypto Backup if activated Write Serial Number 7 Write Type ID 8 Write Personal ID 9 Write Date of Issue 10 Write Application Certificate 11 Clear Last date of use 12 a Ss Write Unit Counter Certificate 15 Write Unit Counter Crypto backup 14 Write Reload Counter 6 Write Reload Counter Certificate 0
16. ificate the Fct2 and Fct3 certificates are always fully managed by the customer s application and so provide a high level of security Figure 12 Unit and Reload counter certificate example DO 02 18 00 11 22 33 44 ie a en FE 34 Unit Counter 10 000 2710h OTP Counter 200 9500 1900251Ch Reload Counter certificate Fct3 OC EF 6E 94 Crypto backup The Crypto Backup feature allows a user to encrypt and decrypt selected blocks using a system similar to DES Data Encryption Standard The version of DES used in the Crypto backup operates on 32 bit data blocks using a 24 bit key It iterates over 8 keys and transforms the data stream through 4 S boxes All permutations and transformations of the DES algorithm are reproduced All the steps of the full DES are used but with less iteration and smaller blocks e a24 bit key is used instead of a 56 bit key e the data is divided into 32 bit blocks instead of 64 bit blocks e there are only 8 iterations through the F module instead of 16 e there are only 4 S boxes instead of 8 e the steps to encrypt and decrypt are virtually the same except that decrypting uses the keys in reverse order and the roles of the left and right hand sides of the data block are reversed F module The F module combines 16 bits of data with a 24 bit key and performs substitutions with the DES S boxes The 16 bits of data are expanded to 24 bits with the E table then XOR ed with the key The r
17. ith new units m Simulate and recover errors Application features m RAM 16 MB m HDD free space 6 MB m USB version 1 1 m Compatible with Windows98 SE Windows2000 and Windows XP platforms Reader USB CRX14 Demokit V4 0 hardware USB Cable 12C Cable USB Tranceiver CRX14 Board and Antenna AI08718b Rev 1 July 2005 1 25 www st com UMO148 User Manual Contents 1 Ticket mapping acne ke x ona a n ae 66 DR D Ro ee a a 5 1 1 Key personalization llle 5 1 2 Using the e purse key iii EE EE EE EE RE es 5 1 3 Reloading UNITS ss ens RE ua RO FEX sabes A ee oe SEE 6 2 Installing the software ss se sd s n is N roe EE RR EAR Rr Rn eee ew eie 7 3 Configuring th demo cesso rm hh nne eee em m c n CR e 8 4 Launching the d mo rss s sex A RA RR RC RR 9 5 Key personalization s aues aun chua a RE aa 10 6 Using the vending machine eese 11 7 Reload desk memory recovery eee eee eee 13 8 Detailed mode so ss su eike bes Es BR SE PER RE ER MEE ES Ga E TERI Bi EIE 14 Appendix A CertificateS 002 c kk RR ER RR RR ER RR RR ER RR RR AR RR RR 16 A 1 Application certificate Fett anaana auaa 16 A 2 Counter certificates Fct2 FCt8 se SE Ee ee eee 17 P A EE EO OE HE ER Ed 17 ASA Fmodule a ARA 17 Appendix B Memory mapping leeeeeen nni n ii r 18 Appendix C Memory accesses ss kas ss EER RR RR RR nne 19 Appen
18. pecify additional options e put the tag into the readers antenna field e push the Personalize button Before personalization a Write enable statement is displayed After successful personalization the appropriate tag s blocks could be write protected depending on the program configuration If a tag s block are write protected then a Write disabled statement is displayed It is not possible to personalize a write protected tag and attempting to do so gives an error message Figure 5 Issuer key personalization screen key Issuer Personnalisation gt KeyType Display Reloadable 04 04 2005 11 21 29 C Non Reloadable SRIX4K Memory Unit counter 8485 cual alie Unit Counter 8485 490 Reload Counter 7995 Reload counter 7995 Reload OTP Counter 178 Units Available 490 Iv Crypto counter backup Issue 04 04 2005 11 21 24 Issuer Info STM Prague gt Vending Machine Definition Last Used 04 04 2005 11 21 24 Type Coffe Snacks Location Rousset Location Rousset a C Prague F Brir i Snacks CERTIFICATES OK Crypto Enabled WRITE DISABLE PID OxAFFF2211 VIN OXOOOOFFFF Issuer Short Info STM Prague Help PERSONALIZE d 10 25 UMO148 User Manual 6 Using the vending machine 6 Figure 6 Using the vending machine Figure 6 shows the main window of the program All vending machines are offline at the beginning Click on a machine to select it The selected ven
19. ple oooooococccoocc IIIA 16 Unit and Reload counter certificate example llle 17 Memory mapping example o oocoocccco e mr 18 Issuer sequence flowchart o ooooocccocccc re 19 Buying Items flowcChart oooocooocccooo RII eae 20 Unit Reload sequence flowchart llle 21 UMO148 User Manual 1 Ticket mapping 1 1 1 2 Ticket mapping The demo kit software proposes a ticket mapping for the vending machine demo See Appendix B Memory mapping for specific details In e purse applications ticket mapping is where the specific data is written to the contactless memory tag which acts as the e purse key Key personalization In real applications the first thing that must be done by the key manufacturer is the Key personalization Figure 1 Example of standard ticket manufacturing flow for SRIX4K During this phase the empty tag inside the key is loaded with data for future use The following data is loaded into the tag during the Key personalization phase e Identification data which is write protected after being written Serial number Vending machine type identification number Personal identification number Date of issue and Application certificate Fc1 e Customer specific data Unit counter value Reload counter value A Unit counter certificate Fct2 Reload counter certificate Fct3 e Issuer information which is stored in the OTP memory area If the
20. ssuer personalization procedure item buying procedure and reload recovery actions can be seen using the Prev and Next buttons see Figure 10 The InfoBox provides a short description Figure 9 Memory map standard screen MemoryMapForm eee Block 32 bits Block Block Type 0 1 2 3 4 5 Unit counter 7400 Decrease Counters Reload OTP counter Reload Unit counter 7200 E purse 200 Serial Number 876CBAC6h Vending machine type ID OOOOFFFFh Personal ID AFFF2211h Date of issue 78E80A86h Application certificate Fct1 B 54E 5Ch Last date of use 00000000h Unused FFFFFFFFh Unit counter Crypto backup A3BA262Ch Unit counter certificate Fct2 12CB1B1Ch EEPROM Memory Dump successful d 14 25 UMO148 User Manual 8 Detailed mode Figure 10 Memory map recording memory accesses screen j Block 32 bits Block Block Type Unit counter Decrease Counters Reload OTP Reload Unit counter 7436 E purse O counter Serial Number 876CBAC6h TEEBOABEh 92570470h Eee Unit counter certificate Fct2 12CBIBI i v Record memory access Info T Unit counter certificates q 15 25 8 Detailed mode UMO148 User Manual Appendix A Certificates A 1 16 25 Several variables are used to calculate certificates UID the Unique Identifier of the tag its value is controlled by the manufacturer ST and securely stored in the silicon read only S

UM0148 User Manual - STMicroelectronics

Contents

Download Pdf Manuals

Related Search

Related Contents