

# ICs for Chip Cards

**SIEMENS** 

Intelligent 256-Byte EEPROM SLE 4432/SLE 4442

Data Sheet 07.95

#### Edition 07.95

This edition was realized using the software system FrameMaker.

Published by Siemens AG, Bereich Halbleiter, Marketing-Kommunikation, Balanstraße 73, 81541 München

© Siemens AG 1995. All Rights Reserved.

#### Attention please!

As far as patents or other rights of third parties are concerned, liability is only assumed for components, not for applications, processes and circuits implemented within components or assemblies.

The information describes the type of component and shall not be considered as assured characteristics.

Terms of delivery and rights to change design reserved.

For questions on technology, delivery and prices please contact the Semiconductor Group Offices in Germany or the Siemens Companies and Representatives worldwide (see address list).

Due to technical requirements components may contain dangerous substances. For information on the types in question please contact your nearest Siemens Office, Semiconductor Group.

Siemens AG is an approved CECC manufacturer.

#### **Packing**

Please use the recycling operators known to you. We can also help you – get in touch with your nearest sales office. By agreement we will take packing material back, if it is sorted. You must bear the costs of transport.

For packing material that is returned to us unsorted or which we are not obliged to accept, we shall have to invoice you for any costs incurred.

# Components used in life-support devices or systems must be expressly authorized for such purpose!

Critical components<sup>1</sup> of the Semiconductor Group of Siemens AG, may only be used in life-support devices or systems<sup>2</sup> with the express written approval of the Semiconductor Group of Siemens AG.

- 1 A critical component is a component used in a life-support device or system whose failure can reasonably be expected to cause the failure of that life-support device or system, or to affect its safety or effectiveness of that device or system.
- 2 Life support devices or systems are intended (a) to be implanted in the human body, or (b) to support and/or maintain and sustain human life. If they fail, it is reasonable to assume that the health of the user may be endangered.

# ICs for Chip Cards

Intelligent 256-Byte EEPROM SLE 4432/SLE 4442

Data Sheet 07.95

| SLE 4432/S<br>Revision H |                                        |  |  |  |  |  |  |  |  |
|--------------------------|----------------------------------------|--|--|--|--|--|--|--|--|
| Previous Re              | Previous Releases: 01.94               |  |  |  |  |  |  |  |  |
| Page                     | Subjects (changes since last revision) |  |  |  |  |  |  |  |  |
|                          | Editorial changes                      |  |  |  |  |  |  |  |  |

This edition was realized using the software system FrameMaker<sup>®</sup>

| Important: | For further information please contact:                                                                                                                                                                             |
|------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
|            | Siemens Semiconductor Group in Munich, Germany,                                                                                                                                                                     |
|            | Key Account Service Chip Card ICs and Identsystem ICs,                                                                                                                                                              |
|            | Tel.: + 49 89 4144-4362, Fax + 49 89 4144-2360                                                                                                                                                                      |
|            | The supply of this component does not include a licence for its use in smart card applications. This licence is due to: INNOVATRON Patents 137 Boulevard de Sébastopol, 75002 Paris, France, Fax + 33 1 40 13 39 09 |

# **General Information**

# **SIEMENS**

| Conter          | nts                                             | Page |
|-----------------|-------------------------------------------------|------|
| 1               | Pin Configuration                               | 6    |
| 2               | Functional Description                          | 7    |
| 2.1             | Memory Overview                                 | 8    |
| 2.2             | Transmission Protocol                           | 9    |
| 2.2.1           | Reset and Answer-to-Reset                       | 10   |
| 2.2.2           | Operational Modes                               | 10   |
| 2.3             | Commands                                        | 12   |
| 2.3.1           | Read Main Memory (SLE 4432 and SLE 4442)        | 14   |
| 2.3.2           | Read Protection Memory (SLE 4432 and SLE 4442)  | 15   |
| 2.3.3           | Update Main Memory (SLE 4432 and SLE 4442)      | 16   |
| 2.3.4           | Write Protection Memory (SLE 4432 and SLE 4442) | 18   |
| 2.3.5           | Read Security Memory (SLE 4442 only)            | 19   |
| 2.3.6           | Update Security Memory (SLE 4442 only)          | 20   |
| 2.3.7           | Compare Verification Data (SLE 4442 only)       |      |
| 2.4             | PSC Verification (SLE 4442 only)                | 21   |
| 2.5             | Reset Modes                                     | 23   |
| 2.6             | Break                                           | 23   |
| 2.7             | Failures                                        | 23   |
| 2.8             | Coding of the Chip                              | 23   |
| 3               | Operational Information                         | 26   |
| <b>ა</b><br>3.1 | Memory Map                                      |      |
| 3.1<br>3.2      | Electrical Characteristics                      |      |
| 3.2.1           | Absolute Maximum Ratings                        |      |
| 3.2.1           | Operation Range                                 |      |
| 3.2.2           | DC Characteristics                              |      |
| 3.2.3<br>3.2.4  | AC Characteristics                              |      |
| 3.2.4<br>3.3    | Timing Diagrams                                 |      |
| 5.5             | Tilling Diagrams                                | 29   |
| 4               | Package and Dimensions                          | 32   |



**Intelligent 256-Byte EEPROM with Write Protect Function** 

**SLE 4432** 

Intelligent 256-Byte EEPROM with Write Protect Function and Programmable Security Code (PSC)

**SLE 4442** 

#### **Features**

- 256 × 8-bit EEPROM organization
- Byte-wise addressing
- Irreversible byte-wise write protection of lowest 32 addresses (Byte 0 ... 31)
- 32 × 1-bit organization of protection memory
- Two-wire link protocol
- End of processing indicated at data output
- Answer-to-Reset acc. to ISO standard 7816-3
- Programming time 2.5 ms per byte for both erasing and writing
- Minimum of 10<sup>4</sup> write/erase cycles<sup>1)</sup>
- Data retention for minimum of ten years<sup>1)</sup>
- Contact configuration and serial interface in accordance with ISO standard 7816 (synchronous transmission)



### **Additional Feature of SLE 4442**

 Data can only be changed after entry of the correct 3-byte programmable security code (security memory)

| Туре          | Ordering Code | Package                 |
|---------------|---------------|-------------------------|
| SLE 4432 M2.2 | on request    | Wire-Bonded Module M2.2 |
| SLE 4432 C    | on request    | Chip                    |
| SLE 4442 M2.2 | on request    | Wire-Bonded Module M2.2 |
| SLE 4442 C    | on request    | Chip                    |

<sup>1)</sup> Values are temperature dependent, for further information please refer to your Siemens sales office.

# 1 Pin Configuration (top view)

VCC C1 C5 GND

RST C2 C6 N.C.

CLK C3 C7 I/O

N.C. C4 C8 N.C.

IEP01380

M2.2 (Card Contacts)

### **Pin Definitions and Functions**

| Card Contact | Symbol | Function                             |  |  |  |  |
|--------------|--------|--------------------------------------|--|--|--|--|
| C1           | VCC    | Supply voltage                       |  |  |  |  |
| C2           | RST    | Reset                                |  |  |  |  |
| C3           | CLK    | Clock input                          |  |  |  |  |
| C4           | N.C.   | Not connected                        |  |  |  |  |
| C5           | GND    | Ground                               |  |  |  |  |
| C6           | N.C.   | Not connected                        |  |  |  |  |
| C7           | I/O    | Bidirectional data line (open drain) |  |  |  |  |
| C8           | N.C.   | Not connected                        |  |  |  |  |

SLE 4432/SLE 4442 comes as a M2.2 wire-bonded module for embedding in plastic cards or as a die for customer packaging.

## 2 Functional Description



**Block Diagram** 

### 2.1 Memory Overview



Figure 1 Memory Overwiew

#### **SLE 4432**

The SLE 4432 consists of 256 x 8 bit EEPROM main memory and a 32-bit protection memory with PROM functionality. The main memory is erased and written byte by byte. When erased, all 8 bits of a data byte are set to logical one. When written, the information in the individual EEPROM cells is, according to the input data, altered bit by bit to logical zeros (logical AND between the old and the new data in the EEPROM). Normally a data change consists of an erase and write procedure. It depends on the contents of the data byte in the main memory and the new data byte whether the EEPROM is really erased and/or written. If none of the 8 bits in the addressed byte requires a zero-to-one transition the erase access will be suppressed. Vice versa the write access will be suppressed if no one-to-zero transition is necessary. The write and the erase operation takes at least 2.5 ms each.

Each of the first 32 bytes can be irreversibly protected against data change by writing the corresponding bit in the protection memory. Each data byte in this address range is assigned to one bit of the protection memory and has the same address as the data byte in the main memory which it is assigned to. Once written the protection bit cannot be erased (PROM).

#### **SLE 4442**

Additionally to the above functions the SLE 4442 provides a security code logic which controls the write/erase access to the memory. For this purpose the SLE 4442 contains a 4-byte security memory with an Error Counter EC (bit 0 to bit 2) and 3 bytes reference data. These 3 bytes as a whole are called Programmable Security Code (PSC). After power on the whole memory, except for the reference data, can only be read. Only after a successful comparison of verification data with the internal reference data the memory has the identical access functionality of the SLE 4432 until the power is switched off. After three successive unsuccessful comparisons the Error Counter blocks any subsequent attempt, and hence any possibility to write and erase.

#### 2.2 Transmission Protocol

The transmission protocol is a two wire link protocol between the interface device IFD and the integrated circuit IC. It is identical to the protocol type "S = A". All data changes on I/O are initiated by the falling edge on CLK.

The transmission protocol consists of the 4 modes:

- Reset and Answer-to-Reset
- Command Mode
- Outgoing Data Mode
- Processing Mode

Operational modes

**Note:** The I/O pin is open drain and therefore requires an external pull up resistor to achieve a high level.

#### 2.2.1 Reset and Answer-to-Reset

Answer-to-Reset takes place according to ISO standard 7816-3 (ATR). The reset can be given at any time during operation. In the beginning, the address counter is set to zero together with a clock pulse and the first data bit (LSB) is output to I/O when RST is set from level H to level L. Under a continuous input of additional 31 clock pulses the contents of the first 4 EEPROM addresses is read out. The 33rd clock pulse switches I/O to high impedance Z and finishes the ATR procedure.

Answer-to-Reset (Hex)

| Byte 1                          | Byte 2                           | Byte 3                            | Byte 4                            |  |  |
|---------------------------------|----------------------------------|-----------------------------------|-----------------------------------|--|--|
| DO <sub>7</sub> DO <sub>0</sub> | DO <sub>15</sub> DO <sub>8</sub> | DO <sub>23</sub> DO <sub>16</sub> | DO <sub>31</sub> DO <sub>24</sub> |  |  |



Figure 2
Reset and Answer-to-Reset

### 2.2.2 Operational Modes

### **Command Mode**

After the Answer-to-Reset the chip waits for a command. Every command begins with a start condition, includes a 3 bytes long command entry followed by an additional clock pulse and ends with a stop condition.

- Start condition: Falling edge on I/O during CLK in level H
- Stop condition: Rising edge on I/O during CLK in level H

After the reception of a command there are two possible modes:

- Outgoing data mode for reading
- Processing mode for writing and erasing

### **Outgoing Data Mode**

In this mode the IC sends data to the IFD. The first bit becomes valid on I/O after the first falling edge on CLK. After the last data bit an additional clock pulse is necessary in order to set I/O to high impedance Z and to prepare the IC for a new command entry. During this mode any start and stop condition is discarded.

### **Processing Mode**

In this mode the IC processes internally. The IC has to be clocked continuously until I/O, which was switched to level L after the first falling edge of CLK, is set to high impedance level Z. Any start and stop condition is discarded during this mode.

**Note:** The RST line is low during the modes mentioned above. If RST is set to high during the CLK low level any operation is aborted and I/O is switched to high impedance Z (Break).



Figure 3 Operational Modes

### 2.3 Commands

#### **Command Format**

Each command consists of three bytes:

| MS | В  |    | Cor | ntrol |    | L  | .SB | MS | В   |    | Add | ress | i  | L   | .SB | MS | В  |    | Da | ata |    | L  | .SB |
|----|----|----|-----|-------|----|----|-----|----|-----|----|-----|------|----|-----|-----|----|----|----|----|-----|----|----|-----|
| В7 | В6 | B5 | В4  | В3    | В2 | В1 | В0  | Α7 | A 6 | Α5 | Α4  | А3   | A2 | A 1 | Α0  | D7 | D6 | D5 | D4 | D3  | D2 | D1 | D0  |

Beginning with the control byte LSB is transmitted first.



Figure 4
Command Mode

The SLE 4432 provides 4 commands which are listed in **table 1**. Additionally to these commands the SLE 4442 provides 3 commands which can be found in **table 2**.

Table 1

|    |    |    |    |    |    |    |    | Byte 2<br>Address | Byte 3<br>Data | Operation                     | Mode             |
|----|----|----|----|----|----|----|----|-------------------|----------------|-------------------------------|------------------|
| B7 | В6 | B5 | В4 | В3 | B2 | B1 | В0 | A7-A0             | D7-D0          |                               |                  |
| 0  | 0  | 1  | 1  | 0  | 0  | 0  | 0  | address           | no effect      | READ MAIN<br>MEMORY           | outgoing<br>data |
| 0  | 0  | 1  | 1  | 1  | 0  | 0  | 0  | address           | input data     | UPDATE MAIN<br>MEMORY         | processing       |
| 0  | 0  | 1  | 1  | 0  | 1  | 0  | 0  | no effect         | no effect      | READ PROTECTION MEMORY        | outgoing<br>data |
| 0  | 0  | 1  | 1  | 1  | 1  | 0  | 0  | address           | input data     | WRITE<br>PROTECTION<br>MEMORY | processing       |

Table 2 SLE 4442 only

| 0 | 0 | 1 | 1 | 0 | 0 | 0 | 1 | no effect | no effect  | READ SECURITY<br>MEMORY      | outgoing<br>data |
|---|---|---|---|---|---|---|---|-----------|------------|------------------------------|------------------|
| 0 | 0 | 1 | 1 | 1 | 0 | 0 | 1 | address   | input data | UPDATE SECURITY<br>MEMORY    | processing       |
| 0 | 0 | 1 | 1 | 0 | 0 | 1 | 1 | address   | input data | COMPARE<br>VERIFICATION DATA | processing       |

## 2.3.1 Read Main Memory (SLE 4432 and SLE 4442)

The command reads out the contents of the main memory (with LSB first) starting at the given byte address (N = 0...255) up to the end of the memory. After the command entry the IFD has to supply sufficient clock pulses. The number of clocks is  $m = (256 - N) \times 8 + 1$ . The read access to the main memory is always possible.

| Address<br>(decimal) | Main Memory           | Protection Memory       | Security Memory<br>(only SLE 4442) |
|----------------------|-----------------------|-------------------------|------------------------------------|
| 255                  | Data Byte 255 (D7 D0) | _                       | _                                  |
| :                    | :                     | _                       | _                                  |
| 32                   | Data Byte 32 (D7 D0)  | _                       | _                                  |
| 31                   | Data Byte 31 (D7 D0)  | Protection Bit 31 (D31) | _                                  |
| :                    | :                     | :                       | _                                  |
| 3                    | Data Byte 3 (D7 D0)   | Protection Bit 3 (D3)   | Reference Data Byte 3 (D7 D0)      |
| 2                    | Data Byte 2 (D7 D0)   | Protection Bit 2 (D2)   | Reference Data Byte 2 (D7 D0)      |
| 1                    | Data Byte 1 (D7 D0)   | Protection Bit 1 (D1)   | Reference Data Byte 1 (D7 D0)      |
| 0                    | Data Byte 0 (D7 D0)   | Protection Bit 0 (D0)   | Error Counter                      |

### **Command: READ MAIN MEMORY**

|                             |    |    |    | Address | Data |    |    |                                 |           |           |
|-----------------------------|----|----|----|---------|------|----|----|---------------------------------|-----------|-----------|
|                             | B7 | В6 | B5 | B4      | В3   | B2 | B1 | В0                              | A7A0      | D7D0      |
| Binary                      | 0  | 0  | 1  | 1       | 0    | 0  | 0  | 0                               | Address   | No effect |
| Hexadecimal 30 <sub>H</sub> |    |    |    |         |      |    |    | 00 <sub>H</sub> FF <sub>H</sub> | No effect |           |



Figure 5 Read Main Memory

## 2.3.2 Read Protection Memory (SLE 4432 and SLE 4442)

The command transfers the protection bits under a continuous input of 32 clock pulses to the output. I/O is switched to high impedance Z by an additional pulse. The protection memory can always be read, and indicates the data bytes of the main memory protected against changing.

| Address<br>(decimal) | Main Memory           | Protection Memory       | Security Memory<br>(only SLE 4442) |  |  |
|----------------------|-----------------------|-------------------------|------------------------------------|--|--|
| 255                  | Data Byte 255 (D7 D0) | _                       | -                                  |  |  |
| :                    | :                     | _                       | _                                  |  |  |
| 32                   | Data Byte 32 (D7 D0)  | _                       | _                                  |  |  |
| 31                   | Data Byte 31 (D7 D0)  | Protection Bit 31 (D31) | _                                  |  |  |
| :                    | :                     | :                       | _                                  |  |  |
| 3                    | Data Byte 3 (D7 D0)   | Protection Bit 3 (D3)   | Reference Data Byte 3 (D7 D0)      |  |  |
| 2                    | Data Byte 2 (D7 D0)   | Protection Bit 2 (D2)   | Reference Data Byte 2 (D7 D0)      |  |  |
| 1                    | Data Byte 1 (D7 D0)   | Protection Bit 1 (D1)   | Reference Data Byte 1 (D7 D0)      |  |  |
| 0                    | Data Byte 0 (D7 D0)   | Protection Bit 0 (D0)   | Error Counter                      |  |  |

#### **Command: READ PROTECTION MEMORY**

|             |    |    |    | Cor |                | Address | Data |    |           |           |
|-------------|----|----|----|-----|----------------|---------|------|----|-----------|-----------|
|             | В7 | В6 | B5 | B4  | В3             | B2      | B1   | B0 | A7A0      | D7D0      |
| Binary      | 0  | 0  | 1  | 1   | 0              | 1       | 0    | 0  | No effect | No effect |
| Hexadecimal |    |    |    | 34  | 1 <sub>H</sub> |         |      |    | No effect | No effect |



Figure 6 Read Protection Memory

## 2.3.3 Update Main Memory (SLE 4432 and SLE 4442)

The command programs the addressed EEPROM byte with the data byte transmitted. Depending on the old and new data, one of the following sequences will take place during the processing mode:

erase and write (5 ms) corresponding to m = 255 clock pulses
 write without erase (2.5 ms) corresponding to m = 124 clock pulses
 erase without write (2.5 ms) corresponding to m = 124 clock pulses

(All values at 50 kHz clock rate.)

| Address<br>(decimal) | Main Memory           | Protection Memory       | Security Memory<br>(only SLE 4442) |
|----------------------|-----------------------|-------------------------|------------------------------------|
| 255                  | Data Byte 255 (D7 D0) | _                       | _                                  |
| :                    | :                     | _                       | _                                  |
| 32                   | Data Byte 32 (D7 D0)  | _                       | _                                  |
| 31                   | Data Byte 31 (D7 D0)  | Protection Bit 31 (D31) | _                                  |
| :                    | :                     | :                       | _                                  |
| 3                    | Data Byte 3 (D7 D0)   | Protection Bit 3 (D3)   | Reference Data Byte 3 (D7 D0)      |
| 2                    | Data Byte 2 (D7 D0)   | Protection Bit 2 (D2)   | Reference Data Byte 2 (D7 D0)      |
| 1                    | Data Byte 1 (D7 D0)   | Protection Bit 1 (D1)   | Reference Data Byte 1 (D7 D0)      |
| 0                    | Data Byte 0 (D7 D0)   | Protection Bit 0 (D0)   | Error Counter                      |

### **Command: UPDATE MAIN MEMORY**

|             |    |    |    | Cor | trol           |    |    |    | Address                         | Data       |
|-------------|----|----|----|-----|----------------|----|----|----|---------------------------------|------------|
|             | В7 | В6 | B5 | B4  | В3             | B2 | B1 | В0 | A7A0                            | D7D0       |
| Binary      | 0  | 0  | 1  | 1   | 1              | 0  | 0  | 0  | Address                         | Input data |
| Hexadecimal |    |    |    | 38  | 3 <sub>H</sub> |    |    |    | 00 <sub>H</sub> FF <sub>H</sub> | Input data |



Figure 7
Erase and Write Main Memory



Figure 8
Erase or Write Main Memory

If the addressed byte is protected against changes (indicated by the associated written protection bit) the I/O is set to high impedance after the clock number 2 of the processing.

## 2.3.4 Write Protection Memory (SLE 4432 and SLE 4442)

The execution of this command contains a comparison of the entered data byte with the assigned byte in the EEPROM. In case of identity the protection bit is written thus making the data information unchangeable. If the data comparison results in data differences writing of the protection bit will be suppressed. Execution times and required clock pulses see UPDATE MAIN MEMORY.

| Address<br>(decimal) | Main Memory           | Protection Memory       | Security Memory<br>(only SLE 4442) |
|----------------------|-----------------------|-------------------------|------------------------------------|
| 255                  | Data Byte 255 (D7 D0) | _                       | -                                  |
| :                    | :                     | _                       | _                                  |
| 32                   | Data Byte 32 (D7 D0)  | _                       | _                                  |
| 31                   | Data Byte 31 (D7 D0)  | Protection Bit 31 (D31) | _                                  |
| :                    | :                     | :                       | _                                  |
| 3                    | Data Byte 3 (D7 D0)   | Protection Bit 3 (D3)   | Reference Data Byte 3 (D7 D0)      |
| 2                    | Data Byte 2 (D7 D0)   | Protection Bit 2 (D2)   | Reference Data Byte 2 (D7 D0)      |
| 1                    | Data Byte 1 (D7 D0)   | Protection Bit 1 (D1)   | Reference Data Byte 1 (D7 D0)      |
| 0                    | Data Byte 0 (D7 D0)   | Protection Bit 0 (D0)   | Error Counter                      |

### **Command: WRITE PROTECTION MEMORY**

|             |    |    |    | Address | Data           |    |    |    |                                 |            |
|-------------|----|----|----|---------|----------------|----|----|----|---------------------------------|------------|
|             | В7 | В6 | B5 | B4      | В3             | B2 | B1 | В0 | A7A0                            | D7D0       |
| Binary      | 0  | 0  | 1  | 1       | 1              | 1  | 0  | 0  | Address                         | Input data |
| Hexadecimal |    |    |    | 30      | C <sub>H</sub> |    |    |    | 00 <sub>H</sub> 1F <sub>H</sub> | Input data |

## 2.3.5 Read Security Memory (SLE 4442 only)

Similar to the read command for the protection memory this command reads out the 4 bytes of the security memory. The number of clock pulses during the outgoing data mode is 32. I/O is switched to high impedance Z by an additional pulse. Without a preceding successful verification of the PSC the output of the reference bytes is suppressed, that means I/O outputs state L for the reference data bytes.

| Address<br>(decimal) | Main Memory           | Protection Memory       | Security Memory<br>(only SLE 4442)    |
|----------------------|-----------------------|-------------------------|---------------------------------------|
| 255                  | Data Byte 255 (D7 D0) | _                       | _                                     |
| :                    | :                     | _                       | _                                     |
| 32                   | Data Byte 32 (D7 D0)  | _                       | _                                     |
| 31                   | Data Byte 31 (D7 D0)  | Protection Bit 31 (D31) | _                                     |
| :                    | :                     | :                       | _                                     |
| 3                    | Data Byte 3 (D7 D0)   | Protection Bit 3 (D3)   | Reference Data Byte 3(D7 D0)          |
| 2                    | Data Byte 2 (D7 D0)   | Protection Bit 2 (D2)   | Reference Data Byte 2(D7 D0)          |
| 1                    | Data Byte 1 (D7 D0)   | Protection Bit 1 (D1)   | Reference Data Byte 1(D7 D0)          |
| 0                    | Data Byte 0 (D7 D0)   | Protection Bit 0 (D0)   | Error Counter<br>(0,0,0,0,0,D2,D1,D0) |

#### **Command: READ SECURITY MEMORY**

|             |    | Control |    |    |                |    |    |    |           | Data      |
|-------------|----|---------|----|----|----------------|----|----|----|-----------|-----------|
|             | В7 | В6      | B5 | B4 | В3             | B2 | B1 | В0 | A7A0      | D7D0      |
| Binary      | 0  | 0       | 1  | 1  | 0              | 0  | 0  | 1  | No effect | No effect |
| Hexadecimal |    |         |    | 3′ | I <sub>H</sub> |    |    |    | No effect | No effect |



Figure 9
Read Security Memory

## 2.3.6 Update Security Memory (SLE 4442 only)

Regarding the reference data bytes this command will only be executed if a PSC has been successfully verified before. Otherwise only each bit of the error counter (Address 0) can be written from "1" to "0". The execution times and the required clock pulses are the same as described under UPDATE MAIN MEMORY.

#### **Command: UPDATE SECURITY MEMORY**

|             |    | Control |    |    |                |    |    |    |                                 | Data       |
|-------------|----|---------|----|----|----------------|----|----|----|---------------------------------|------------|
|             | В7 | В6      | B5 | B4 | В3             | B2 | B1 | В0 | A7A0                            | D7D0       |
| Binary      | 0  | 0       | 1  | 1  | 1              | 0  | 0  | 1  | Address                         | Input data |
| Hexadecimal |    |         |    | 39 | 9 <sub>H</sub> |    |    |    | 00 <sub>H</sub> 03 <sub>H</sub> | Input data |

### 2.3.7 Compare Verification Data (SLE 4442 only)

This command can only be executed in combination with an update procedure of the error counter (see PSC verification). The command compares one byte of the entered verification data byte with the corresponding reference data byte. For this procedure clock pulses are necessary during the processing mode.

#### **Command: COMPARE VERIFICATION DATA**

|             |    |    |    | Cor | itrol          |    |    |    | Address                         | Data       |
|-------------|----|----|----|-----|----------------|----|----|----|---------------------------------|------------|
|             | В7 | В6 | B5 | B4  | В3             | B2 | B1 | В0 | A7A0                            | D7D0       |
| Binary      | 0  | 0  | 1  | 1   | 0              | 0  | 1  | 1  | Address                         | Input data |
| Hexadecimal |    |    |    | 33  | 3 <sub>H</sub> |    |    |    | 00 <sub>H</sub> 03 <sub>H</sub> | Input data |



Figure 10 Compare Verification Data

## 2.4 PSC Verification (SLE 4442 only)

The SLE 4442 requires a correct verification of the Programmable Security Code PSC stored in the Security Memory for altering data if desired.

The following procedure has to be carried out exactly as described. Any variation leads to a failure, so that a write/erase access will not be achieved. As long as the procedure has not been successfully concluded the error counter bits can only be changed from "1" to "0" but not erased.

At first an error counter bit has to be written to "0" by an UPDATE command (see figure 11) followed by three COMPARE VERIFICATION DATA commands beginning with byte 1 of the reference data. A successful conclusion of the whole procedure can be recognized by being able to erase the error counter which is not automatically erased. Now write/erase access to all memory areas is possible as long as the operating voltage is applied. In case of error the whole procedure can be repeated as long as erased counter bits are available. Having been enabled, the reference data are allowed to be altered like any other information in the EEPROM.

The following table gives an overview of the necessary commands for the PSC verification. The sequence of the shaded commands is mandatory.

| Command                   | Control         | Address         | Data            | Remark                                                             |
|---------------------------|-----------------|-----------------|-----------------|--------------------------------------------------------------------|
|                           | B7B0            | A7A0            | D7D0            |                                                                    |
| Read security Memory      | 31 <sub>H</sub> | No effect       | No effect       | Check Error Counter                                                |
| Update Security Memory    | 39 <sub>H</sub> | 00 <sub>H</sub> | Input data      | Write free bit in Error<br>Counter input data:<br>0000 0ddd binary |
| Compare Verification Data | 33 <sub>H</sub> | 01 <sub>H</sub> | Input data      | Reference Data Byte 1                                              |
| Compare Verification Data | 33 <sub>H</sub> | 02 <sub>H</sub> | Input data      | Reference Data Byte 2                                              |
| Compare Verification Data | 33 <sub>H</sub> | 03 <sub>H</sub> | Input data      | Reference Data Byte 3                                              |
| Update Security Memory    | 39 <sub>H</sub> | 00 <sub>H</sub> | FF <sub>H</sub> | Erase Error Counter                                                |
| Read Security Memory      | 31 <sub>H</sub> | No effect       | No effect       | Check Error Counter                                                |

As shipped, the PSC is programmed with a code according to individual agreement with the customer. Thus, knowledge of this code is indispensable to alter data.



Figure 11 Verification Procedure

#### 2.5 Reset Modes

#### Reset and Answer-to-Reset (compare 2.2.1)

#### **Power on Reset**

After connecting the operating voltage to VCC, I/O is high impedance Z. By all means, a read access to any address or an Answer-to-Reset must be carried out before data can be altered.

#### 2.6 Break

If RST is set to high during CLK in state L any operation is aborted and I/O is switched to high impedance Z. Minimum duration of  $t_{RES}$  = 5  $\mu s$  is necessary to trigger a defined valid reset. After Break the chip is ready for further operations.

#### 2.7 Failures

Behavior in case of failures:

In case of one of the following failures, the chip sets the I/O to high impedance Z after 8 clock pulses at the latest.

#### Possible failures:

- Comparison unsuccessful
- Wrong command
- Wrong number of command clock pulses
- Write/erase access to already protected bytes
- Rewriting and erasing of a bit in the protection memory

### 2.8 Coding of the Chip

Due to security purposes every chip is irreversibly coded by a scheme. By this way fraud and misuse is excluded. The relevant data are programmed in the memory area from address 0 to 31. Afterwards the associated protection bits are programmed. As an example, **figures 12** and **13** show ATR and Directory Data of Structure 1. When delivered, ATR header, ICM and ICT are programmed. Siemens programs also the AID. The AID (Application IDentifier) consists of 5 byte RID (Registered application provider IDentifier) administered by a national registration authority and of up to 11 byte PIX (Proprietary application Identifier eXtension). There are two possibilities: the customers AID or Siemens AID (only for sample quantities). Depending on the agreement between the customer and Siemens ICCF can be also programmed before delivery.



Figure 12
Synchronous Transmission
ATR and Directory Data of Structure 1



Figure 13
Answer-to-Reset for Synchronous Transmission
Coding of Structure 1

## 3 Operational Information

### 3.1 Memory Map

| Address<br>(decimal) | Main Memory           | Protection Memory       | Security Memory<br>(only SLE 4442) |
|----------------------|-----------------------|-------------------------|------------------------------------|
| 255                  | Data Byte 255 (D7 D0) |                         |                                    |
| :                    | :                     |                         |                                    |
| 32                   | Data Byte 32 (D7 D0)  |                         |                                    |
| 31                   | Data Byte 31 (D7 D0)  | Protection Bit 31 (D31) |                                    |
| :                    | :                     | :                       |                                    |
| 3                    | Data Byte 3 (D7 D0)   | Protection Bit 3 (D3)   | Reference Data Byte 3 (D7 D0)      |
| 2                    | Data Byte 2 (D7 D0)   | Protection Bit 2 (D2)   | Reference Data Byte 2 (D7 D0)      |
| 1                    | Data Byte 1 (D7 D0)   | Protection Bit 1 (D1)   | Reference Data Byte 1 (D7 D0)      |
| 0                    | Data Byte 0 (D7 D0)   | Protection Bit 0 (D0)   | Error Counter (0,0,0,0,0,D2,D1,D0) |

The Data bytes 0 to 31 can be protected against further changes by programming the associated protection bit 0 to 31. The SLE 4442 allows data changing only after correct verification of the Reference Data bytes. Reading of the Data bytes and of the associated protection bits is always possible.

#### 3.2 Electrical Characteristics

## 3.2.1 Absolute Maximum Ratings

| Parameter               | Symbol       | Lim   | Limit Values |    |  |
|-------------------------|--------------|-------|--------------|----|--|
|                         |              | min.  | max.         |    |  |
| Supply voltage          | $V_{ m cc}$  | - 0.3 | 6.0          | V  |  |
| Input voltage (any pin) | $V_{I}$      | - 0.3 | 6.0          | V  |  |
| Storage temperature     | $T_{ m stg}$ | - 40  | 125          | °C |  |
| Power dissipation       | $P_{tot}$    |       | 70           | mW |  |

**Note:** Stresses above those listed under "Absolute Maximum Ratings" may cause permanent damage to the device. This is a stress rating only and functional operation of the device at these or any other conditions above those indicated in the operational sections of this data sheet is not implied. Exposure to absolute maximum rating conditions for extended periods may affect device reliability, including EEPROM data retention and write/erase endurance.

In the operating range the functions given in the circuit description are fulfilled.

# 3.2.2 Operation Range

| Parameter           | Symbol       | Limit Values |      |      | Unit | Test Condition     |
|---------------------|--------------|--------------|------|------|------|--------------------|
|                     |              | min.         | typ. | max. |      |                    |
| Supply voltage      | $V_{\sf CC}$ | 4.75         | 5.0  | 5.25 | V    | _                  |
| Supply current      | $I_{\rm CC}$ |              | 3    | 10   | mA   | $V_{\rm CC}$ = 5 V |
| Ambient temperature | $T_{A}$      | 0            |      | 70   | °C   | _                  |

# 3.2.3 DC Characteristics

| Parameter                                | Symbol   | Limit Values |      |              | Unit | Test Condition                   |  |
|------------------------------------------|----------|--------------|------|--------------|------|----------------------------------|--|
|                                          |          | min.         | typ. | max.         |      |                                  |  |
| High level input voltage (I/O, CLK, RST) | $V_{IH}$ | 3.5          |      | $V_{\rm CC}$ | V    | -                                |  |
| Low level input voltage (I/O, CLK, RST)  | $V_{IL}$ | 0            |      | 0.8          | V    | -                                |  |
| High level input current (I/O, CLK, RST) | $I_{IH}$ |              |      | 50           | μΑ   | V <sub>IH</sub> = 5 V            |  |
| Low level output current (I/O)           | $I_{OL}$ | 1            |      |              | mA   | $V_{\rm OL}$ = 0.4 V, open drain |  |
| High level output current (I/O)          | $I_{OH}$ |              |      | 50           | μΑ   | $V_{\rm OH}$ = 5 V, open drain   |  |
| Input capacitance                        | $C_1$    |              |      | 10           | pF   |                                  |  |

#### 3.2.4 AC Characteristics

The AC characteristics refer to the timing diagrams in the following.  $V_{\rm IHmin}$  and  $V_{\rm ILmax}$  are reference levels for measuring timing of signals.

| Parameter                                     | Symbol                | Limit Values |      |      | Unit | Test Condition         |
|-----------------------------------------------|-----------------------|--------------|------|------|------|------------------------|
|                                               |                       | min.         | typ. | max. |      |                        |
| RST High to CLK Setup time                    | t <sub>10</sub>       | 4            |      |      | μs   |                        |
| CLK Low to RST Hold time                      | t <sub>11</sub>       | 4            |      |      | μs   |                        |
| RST High time (address reset)                 | t <sub>12</sub>       | 20           | 50   |      | μs   |                        |
| RST Low to I/O Valid time                     | t <sub>13</sub>       |              |      | 2.5  | μs   |                        |
| RST Low to CLK Setup time                     | t <sub>14</sub>       | 4            |      |      | μs   |                        |
| CLK Frequency                                 | $f_{CLK}$             | 7            |      | 50   | kHz  |                        |
| CLK Rise time                                 | $t_{R}$               |              |      | 1    | μs   |                        |
| CLK Fall time                                 | $t_{F}$               |              |      | 1    | μs   |                        |
| CLK High time                                 | t <sub>15</sub>       | 9            |      |      | μs   |                        |
| CLK Low time                                  | t <sub>16</sub>       | 9            |      |      | μs   |                        |
| CLK Low to I/O Valid time                     | t <sub>17</sub>       |              |      | 2.5  | μs   |                        |
| Reset time for Break                          | t <sub>18</sub>       | 5            |      |      | μs   |                        |
| RST High to I/O Clear time (Break)            | t <sub>19</sub>       | 2.5          |      |      | μs   |                        |
| I/O High time (Start Condition)               | <i>t</i> <sub>1</sub> | 10           |      |      | μs   |                        |
| CLK High to I/O Hold time                     | $t_2$                 | 4            |      |      | μs   |                        |
| I/O Low to CLK Hold time<br>(Start Condition) | $t_3$                 | 4            |      |      | μs   |                        |
| I/O Setup to CLK High time                    | $t_4$                 | 1            |      |      | μs   |                        |
| CLK Low to I/O Hold time                      | $t_5$                 | 1            |      |      | μs   |                        |
| CLK High to I/O Clear time (Stop Condition)   | <i>t</i> <sub>6</sub> | 4            |      |      | μs   |                        |
| CLK Low to I/O Valid time                     | <i>t</i> <sub>7</sub> |              |      | 2.5  | μs   |                        |
| CLK Low to I/O Valid time                     | <i>t</i> <sub>8</sub> |              |      | 2.5  | μs   |                        |
| CLK Low to I/O Clear time                     | <i>t</i> <sub>9</sub> |              |      | 2.5  | μs   |                        |
| Erase time                                    | $t_{ER}$              | 2.5          |      |      | ms   | $f_{\rm CLK}$ = 50 kHz |
| Write time                                    | $t_{WR}$              | 2.5          |      |      | ms   | $f_{\rm CLK}$ = 50 kHz |
| Power on reset time                           | $t_{POR}$             |              |      | 100  | μs   |                        |

**Note:** The listed characteristics are ensured over the operating range of the integrated circuit. Typical characteristics specify mean values expected over the production spread. If not otherwise specified, typical characteristics apply at  $T_A = 25$  °C and the given supply voltage.

# 3.3 Timing Diagrams



Figure 14
Reset and Answer-to-Reset



Figure 15 Command Mode



Figure 16 Outgoing Data Mode



Figure 17 Processing Mode



Figure 18 Break

## 4 Package and Dimensions



Chip and Package Outlines Wire-Bonded Module M2.2



**Chip Dimensions**