BL75R06 short-range non-contact RFID chip chip

The wide application of proximity contactless cards has made the gold card market from contact-type to close-range non-contact transition. It is expected that the 13.56MHz RFID proximity contactless card market will grow rapidly this winter and next year.

13.56MHz non-contact card works in the near-field distance, through the inductive coupling of the smart card antenna and the reader antenna (a transformer-like coupling), obtains energy and downlink commands from the transmitting antenna, and uses load modulation (Load Modulation) The method returns data to the reader.

Features of BL75R06

BL75R06SM is a 8kbE2PROM non-contact encryption storage IC card chip, which consists of RF communication interface, digital logic control module (including security control unit) and 8kb E2PROM memory. Figure 1 is the internal topology of BL75R06. The chip is directly connected to an antenna composed of coils for wireless transmission, and the read/write distance is 10 cm.

Figure 1 Internal topology of BL75R06

The RF communication interface part is composed of a radio frequency communication interface, rectification, voltage regulation, modulation/demodulation, power-on reset and clock, which are introduced by the antenna; the digital logic control module is required to respond, anti-collision, application selection, authentication and access. Control, control and arithmetic unit, RAM, ROM, crypto unit, etc.; E2PROM memory part consists of interface and 8kb E2PROM memory.

The RF interface of BL75R06 meets the requirements of ISO/IEC14443TypeA. The chip does not need a battery. The energy transmitted by the reader can be activated, and the ID number and required information data in the chip can be wirelessly transmitted. The operation distance can reach 10cm. Of course, the distance and The geometry of the antenna is related to the efficiency; the operating frequency is 13.56MHz; the data transmission rate is 106kbps; the 16-bit CRC check, parity, bit coding, bit count, etc. ensure the integrity and reliability of the transmitted data; typical transaction time, Including backup management time is less than 100ms.

The E2PROM is divided into 16 sectors, each sector is divided into 4 blocks of 16 bytes each; the access conditions of each memory block can be defined by the customer; the data retention time is at least 10 years; and the number of erasures is at least 100,000 cycles.

The BL75R06 supports the ISO14443TypeA RF interface and standard reader chip.

The main structure of the IC card

The IC card is mainly composed of a copper-frame loop antenna similar to a printed circuit board corrosion-molded and a bare chip (see FIG. 2) bound thereto, and a card-side two-sided color plastic package.

Figure 2 antenna and chip in the card

The shape and number of turns of the IC card are related to the operating frequency. It requires accurate calculations, rich practical experience, and matching with the chip. In the original design, a network analyzer is required to verify and adjust the antenna geometry and network matching.

IC card chip security system

In order to provide a high level of security, the BL75R06 uses a triple mutual authentication system that complies with the ISO/IECDIS9798-2 protocol:

1) The card reader first determines the sector to be accessed, and then selects the key A or the key B;
2) The first weight is that the card reads the key and the access condition from the Trailer block of the sector, and sends a random number to the card reader;
3) The second weight is the card reader's key and the additional input to calculate the card's response, and then send a response and another random number to the card;
4) The third weight is the card verification response of the card reader, and then a response is calculated and sent to the card reader;
5) The card reader re-verifies the response of the card;

After performing the above steps and sending the first random number, the communication between the card and the reader is encrypted.

How communication works

The BL75R06 chip interacts with the card reader through the antenna, and the command is sent by the card reader. The digital logic control module inside the BL75R06 determines the operability of the command according to the access control conditions of the corresponding sector to be accessed, and sends the corresponding Information or data. The card reader sends a request response command to all the cards in the work area RF field. After the smart card is powered on, the ATQA according to the ISO/IEC 14443A protocol can respond to the request command. During the anti-collision cycle, the card reader reads the ID serial number of the card. If the card reader has several cards in its working range, it can be identified by a unique card ID serial number, and one of the cards is selected. As the object of the next operation, the unselected card returns to the standby mode and waits for the next request command. After the card reader issues a card selection command, a card is selected to authenticate and operate on the associated memory, and the card returns an ATS code indicating the type of card selected. After the card is selected, the card reader uses the response key to perform the triple mutual authentication process according to the memory location to be accessed. After the authentication is passed, the operation of the memory is encrypted. After the authentication is passed, the operations of reading blocks, writing blocks, adding, subtracting, restoring, transferring, and terminating are performed. Add is to add a value to the contents of the block, and save the result to a temporary data register; subtract is to subtract a value from the contents of the block, and save the result to a temporary data register; recovery is Move the contents of the block to a temporary data register; transfer is to write the contents of the temporary register to the specified block. The wireless communication between the card reader and the smart card is a 16-bit CRC using information blocks, and a parity bit for each byte to ensure the reliability of data transmission. The transaction process of the card reader and smart card communication is shown in Figure 3.

Card reader and smart card communication work transaction flow chart

Figure 3 card reader and smart card communication work transaction flow chart

Memory structure

The 1024 x 8 bit E2PROM memory is composed of 16 sectors, each sector having 4 blocks, each block containing 16 bytes. In the erase state, the E2PROM cell reads a logic "0"; in the write state, a logic "1" is read. The first block of the first sector, containing the IC manufacturer's data, is written and protected by the IC manufacturer as it is programmed during the production process for security and system needs. The 16-byte blocks of the remaining sectors are used to store data. The data blocks can be configured by access path bits. The read/write blocks are used for contactless access control. The value blocks can be used for E-wallet amount access, such as giving deposits. Or an additional order to withdraw money. The authentication command must be preceded by any memory operation to ensure security. The 1024 x 8 bit E2PROM memory has flexible zone read and write and data lock functions.

