Rainbow Electronics DS2705 User Manual

r

m

PASS

FAIL

C

SHA-1 Authentication Maste

DS2705

www.maxim-ic.com

GENERAL DESCRIPTION

The DS2705 provides the master side of a Secure
Hash Algorithm (SHA) based token authentication
scheme. Hardware-based SHA authentication allows
for security without the added cost and complexity of
a microprocessor-based system. Batteries and other
accessories are authenticated using a single contact
through the Dallas 1-WireÒ interface. Authentication
is performed on demand or automatically, with the
pass/fail status reported on open-drain output pins to
signal the charge system and/or drive LEDs. The
DS2705 stores a predetermined challenge-and­response pair in nonvolatile (NV) EEPROM. The
DS2705 works in conjunction with Dallas Battery
Management SHA-1 token products, including the
DS2703 and DS2704.

APPLICATIONS

Digital Cameras
Portable DVD and Media Players
Cradle and Accessory Chargers
Cell Phones/Smartphones

APPLICATION EXAMPLE

PIN CONFIGURATION

HAL

2

3

VSS

MAX

VDD

7

MDQ

6

SDQ

VPP

FEATURES

§ Initiates Challenge-and-Response
Authentication based on the SHA-1 Algorithm

§ Dallas 1-Wire Master/Slave Interface Operates
at Standard and Overdrive Speeds

§ Input and Output pins for Initiating Challenge
and Reporting Authentication Pass/Fail

§ Programmable Configuration

§ Operates from 2.5V to 5.5V Supply

§ Tiny mMAX Package (Pb-Free)

ORDERING INFORMATION

PART TEMP RANGE MARKING PIN-PACKAGE

DS2705U+

DS2705U+/T&R

+ Denotes lead-free package.
1-Wire is a registered trademark of Dallas Semiconductor.

1 of 18 050506

-40°C to +85°C

-40°C to +85°C

DS2705

DS2705 DS2705U+ in Tape-and-Reel

mMAX

DS2705: SHA-1 Authentication Master

ABSOLUTE MAXIMUM RATINGS

Voltage Range on All Pins (except VPP), Relative to VSS -0.3V to +5.5V
Voltage Range on V

Pin, Relative to VSS -0.3V to +18V

PP

Continuous Source Current, MDQ 20mA
Operating Temperature Range -40°C to +85°C
Storage Temperature Range -55°C to +125°C
Soldering Temperature See IPC/JEDEC J-STD-020A Specification

Stresses beyond those listed under “Absolute Maximum Ratings” may cause permanent damage to the device. These are stress ratings only,
and functional operation of the device at these or any other conditions beyond those indicated in the operational sections of the specifications is
not implied. Exposure to the absolute maximum rating conditions for extended periods may affect device.

DC ELECTRICAL CHARACTERISTICS

(2.5V £ VDD £ 5.5V, TA = -20°C to +85°C.)

PARAMETER SYMBOL CONDITIONS MIN TYP MAX UNITS

Active mode,
MDQ low, I
Active mode,
MDQ idle, I

O_MDQ

O_MDQ

Sleep mode, I

= 0

= 0

= 0 (Note 2) 1 2

O_MDQ

2.5 mA

90 130

mA

mA

Program pulse (Notes 1, 3) 14.5 15.0 V

(Note 1) 1.8 V

(Note 1) 0.6 V

IOL = 4mA (Note 1) 0.4 V

Supply Current

Programming Voltage: VPP

Input Logic High:
MDQ, SDQ, CHAL

Input Logic Low:
MDQ, SDQ, CHAL

Output Logic Low: MDQ, SDQ V

I

I

I

V

V

V

DD1

DD2

DD3

PP

IH

IL

OL1

Output Logic Low: PASS, FAIL

Pulldown: VPP

Pulldown: SDQ, CHAL I

Pullup: MDQ

V

OL2

I

PD1

PD2

IOH

VOH

IOL = 10mA (Note 1) 0.4 V

300

(Note 5) 0.125

Communication mode
(Note 6)

Computation mode

= 2.0mA (Note 7)

I

OH

0.25 2.5 mA

V

- 0.1

DD

V

mA

mA

Input Capacitance: MDQ, SDQ CIN 60 pF

EEPROM RELIABILITY SPECIFICATION

(2.5V £ VDD £ 5.5V, TA = -20°C to +85°C.)

PARAMETER SYMBOL CONDITIONS MIN TYP MAX UNITS

EEPROM Write Time t

EEPROM Write Endurance N

EEW

EEC

(Note 3) 15 ms

(Notes 3, 4) 1,000 Cycles

2 of 18

DS2705: SHA-1 Authentication Master

AC ELECTRICAL CHARACTERISTICS: MASTER 1-Wire INTERFACE

(2.5V £ VDD £ 5.5V, TA = -20°C to +85°C.)

PARAMETER SYMBOL CONDITIONS MIN TYP MAX UNITS

STANDARD BUS TIMING

Time Slot t

Recovery Time t

Write-0 Low Time t

Write-1 Low Time t

Read-Data Sample Window t

Reset-Time Low t

Presence-Detect High t

Presence-Detect Low t

OVERDRIVE BUS TIMING

Time Slot t

Recovery Time t

Write-0 Low Time t

Write-1 Low Time t

Read-Data Sample Window t

(Note 10) 90

MSLOT

(Note 10) 7.5 10 12.5

MREC

(Note 10) 88.5

MLOW0

(Note 10) 1.05 1.5 2.25

MLOW1

(Note 10) 4.0 5.5 7.0

MRDV

(Note 10) 510 680 850

MRSTL

(Note 10) 2 75

MPDH

(Note 10) 2 400

MPDL

(Note 10) 12

MSLOT

(Note 10) 1 2 2.5

MREC

(Note 10) 10.5

MLOW0

(Note 10) 0.35 0.5 0.65

MLOW1

(Note 10) 1.1 1.5 1.9

MRDV

ms

ms

ms

ms

ms

ms

ms

ms

ms

ms

ms

ms

ms

Reset-Time Low t

Presence-Detect High t

Presence-Detect Low t

(Note 10) 53 70 88

MRSTL

(Note 10) 2 7

MPDH

(Note 10) 2 41

MPDL

ms

ms

ms

3 of 18

DS2705: SHA-1 Authentication Master

AC ELECTRICAL CHARACTERISTICS: SLAVE 1-Wire INTERFACE

(2.5V £ VDD £ 5.5V, TA = -20°C to +85°C.)

PARAMETER SYMBOL CONDITIONS MIN TYP MAX UNITS

STANDARD BUS TIMING

Time Slot t

Recovery Time t

Write-0 Low Time t

Write-1 Low Time t

Read-Data Valid t

Reset-Time High t

Reset-Time Low t

Presence-Detect High t

Presence-Detect Low t

OVERDRIVE BUS TIMING

Time Slot t

Recovery Time t

Write-0 Low Time t

Write-1 Low Time t

60 120

SLOT

1

REC

60 120

LOW0

1 15

LOW1

15

RDV

480

RSTH

480 960

RSTL

15 60

PDH

60 240

PDL

6 16

SLOT

1

REC

6 16

LOW0

1 2

LOW1

ms

ms

ms

ms

ms

ms

ms

ms

ms

ms

ms

ms

ms

Read-Data Valid t

Reset-Time High t

Reset-Time Low t

Presence-Detect High t

Presence-Detect Low t

2

RDV

48

RSTH

48 80

RSTL

2 6

PDH

8 24

PDL

ms

ms

ms

ms

ms

4 of 18

AC ELECTRICAL CHARACTERISTICS

(2.5V £ VDD £ 5.5V, TA = -20°C to +85°C.)

PARAMETER SYMBOL CONDITIONS MIN TYP MAX UNITS

DS2705: SHA-1 Authentication Master

Programming Pulse Width t

Programming Pulse Rise Time t

Programming Pulse Fall Time t

Strong Pullup Delay Time t

Strong Pullup Period t

Challenge Delay Time t

Authentication Attempt Time t

FAIL Pin Pulse Frequency

17 ms

PPW

(Note 8) 0.5 5

PPR

(Note 8) 0.5 5

PPF

2 10

SPUD

24 34 48 ms

SPUP

45 65 85 ms

CHD

(Note 9) 61 490 ms

AAT

FOM = 1, 50% duty cycle 1.5 2 2.5 Hz

t

FPF

Note 1:

Note 2:

Note 3:

Note 4:

Note 5:

Note 6:

Note 7:

Note 8:

Note 9:

Note 10:

All voltages are referenced to V

IDD3 Sleep mode conditions:

CHAL pin inactive OR (CHAL active AND (PAA = 0 AND PPT = 00 AND FOM = 0 AND Initial Authentication sequence
complete))

[Above conditions disable the internal oscillator]

Programming temperature range is T

5 years data retention at 70°C

If CHAL pin left unconnected, CHP bit = 0 required for an authentication attempt to be initiated on power up. See Table 1.

Typical Communication mode MDQ pullup behavior equivalent to 3kW resistor.

Typical Computation mode MDQ pullup behavior approximates a 50W resistor.

Exceeding maximum rise and fall time specifications may affect device reliability.

t

= Retries per Attempt x (264bits x 90ms + 3 x (t

AAT

MAX[7 retries]: 490ms, MIN[no retries]: 61ms with standard timings

1. 1-Wire Master timings based on ±25% clock tolerance from nominal.

2. t

3. t

4. Bus rise time of ~1ms required to settle to logic high by t

[defined in design documentation] = t

RPDT

= t

MPDL-MAX

MRSTH-MIN

.

SS

– t

MPDH-MAX,

= 0°C to 50°C.

A

+ t

+ t

RSTH

MRSTH

) + t

MRSTL

MRSTL

represents the maximum presence pulse low time allowed from the slave.

) = [1 to 8] x (23.7ms + 3.54ms + 34ms)

SPUD

after MDQ released at t

MRDV

MLOW1

PIN DESCRIPTION

PIN

mMAX

TDFN

1 1 CHAL Challenge Strobe Input Pin. Initiates authentication. Active level/edge set by CHP bit.

2 2

3 3

4 4

5 5

6 6 SDQ

7 7 MDQ

8 8

SYMBOL FUNCTION

PASS

FAIL

V

SS

V

PP

Authentication “PASS” Result Open-Drain Output Pin

Authentication “FAIL” Result Open-Drain Output Pin (Programmable As Low Or Pulse)

Supply Return Pin, GND Reference for Logic Signals

EEPROM Programming Voltage Input

Slave Serial interface Data I/O Pin. Bidirectional data transmit and receive at 16kbps or
143kbps. Bus master must provide a weak pullup.

Master Serial interface Data I/O Pin. Bidirectional data transmit and receive at 16kbps or
143kbps. Provides a weak pullup in communication mode and strong pullup in
computation mode.

V

Supply Input Pin. Bypass to VSS with 0.1mF capacitor.

DD

ms

ms

ms

5 of 18

Figure 1. Block Diagram

DS2705: SHA-1 Authentication Master

VDD

EEPROM

64-bit

Challenge

CHP = 0

160-bit MAC

16-bit

Configuration

Pullup

Control

CHAL

PASS

FAIL

Control FSM

t

+ t

CHD

AAT

VSS

1-Wire

Master /

Slave

MDQ

SDQ

DETAILED DESCRIPTION

The DS2705 orchestrates a challenge/response SHA-1 authentication procedure by accessing a Dallas Battery
Management SHA-1 Token product, such as the DS2703 or DS2704. The remote SHA-1 token is accessed with
the MDQ pin acting as the 1-Wire bus master. The DS2705 issues the appropriate 1-Wire command sequence on
MDQ to write the 64-bit challenge, initiates a SHA-1 computation in the token, and then reads back the 160-bit
MAC result. The DS2705 compares the 160-bit MAC received from the battery token with the preprogrammed
MAC. An exact bit for bit match is required for the authentication to be successful. The result of the operation,
PASS or FAIL, is indicated on active low status output pins which can be used to drive status LEDs and/or enable
cell charging.

The DS2705 can be configured to automatically authenticate by detection of a presence pulse on MDQ or
authentication can be controlled by the state of the CHAL input pin. The DS2705’s SDQ pin is a 1-Wire slave
interface for programming the behavior of the I.C.. All EEPROM values can be permanently locked to prevent
corruption.

Figure 2 shows a example application circuit for a standalone battery charger. The DS2705 is preprogrammed for
automatic authentication on MDQ and also contains a known good challenge/response pair. Programming occurs
during assembly through PCB test points shown on the right side of the circuit. When a battery pack is inserted into
the charger, a presence pulse on MDQ will cause the DS2705 to automatically authenticate the pack. The result of
the authentication will be displayed through the LEDs and the DS2705 will either enable or disable the charging
circuit.

6 of 18

DS2705: SHA-1 Authentication Master

Figure 2. Typical Application Circuit

MDQ

Contac ts

from

Charger to

Battery

Pack

Contact

BAT+

Contact

BAT-

Contact

Control

Charge

Circuit

Charge
Circuit
VSS

Charge

Circuit

Enable

Charge Circuit

VDD

Charge Supply

330 330 1K 150

0.1µF

CHAL

FAIL

PASS

DS2705

MDQVDD

SDQ

VPP

VSS

150

5.6V 5.6V 18V

SDQ

150

150

Testpoint

VPP

Testpoint

VSS

Testpoint

DS2705

Assembly

Programmi ng

Interface

BATTERY TOKEN PRESENCE DETECTION

Authentication of a battery or peripheral first depends on the authentication host detecting the presence or insertion
(electrical connection) of the accessory to the host unit. The DS2705 supports insertion detection in four ways, two
use the CHAL pin and two use the MDQ pin:

t

1. CHAL pin at the active logic level on IC power-up (detected after challenge delay time
negative logic level is determined by the CHP bit.

2. CHAL pin edge trigger after power-up period. Positive or negative edge trigger is determined by the CHP
bit.

3. Detection of Asynchronous 1-Wire Presence Pulse by insertion of battery with 1-Wire device (token).

4. Periodic Authentication Attempt issuing a 1-Wire Reset on MDQ to test for presence of a 1-Wire token.

). Positive or

CHD

With cases 1 and 2 above, the CHAL pin acts as a detection trigger when pulled to a logic low or logic high. A split
contact on the battery ground or supply terminal can be used to connect the CHAL pin to the positive or negative
battery terminal when the battery is present. In case 1, when the battery is connected prior to powering up the host
system (which occurs often since the battery typically powers the host), presence is detected by sensing the logic
level on CHAL immediately after power-up of the DS2705. A configuration bit, CHP, allows the use of either polarity
of the CHAL pin. Table 1 shows the timing and sequence of events for detecting presence on power-up. In case 2
above, the DS2705 monitors the CHAL pin for a signal transition after the power-up period is complete. The
DS2705 detects an authentication attempt on a positive or a negative edge of CHAL depending on the state of the
CHP bit. Table 2 shows the timing and sequence of detecting presence with an edge on CHAL.

7 of 18

DS2705: SHA-1 Authentication Master

Table 1. Presence Detection/Authentication on Power-up Using CHAL Pin

TIME FROM

POWER UP

CHAL PIN

t = N/A High 0 Not Present Armed Hi-Z
t < t
t
t > t
t > t

Low 0 Present Initiated Hi-Z

CHD

CHD

> t > t

CHD

CHD

+ t

Low 0 Present In Progress Hi-Z

AAT

Low 0 Present Complete Active
Pos Edge 0 Removal Reset Reset (Hi-Z)

+ t
+ t

CHD

AAT

AAT

t = N/A Low 1 Not Present Armed Hi-Z
t < t

t
t > t
t > t

t
RTA1:0 bits. Minimum time is t

Table 2. Insertion Detection/Authentication Using Transition On CHAL Pin

High 1 Present Initiated Hi-Z

CHD

> t > t

CHD

CHD

CHD

: Authentication attempt time represents the period for attempting authentication and is dependent on the

AAT

+ t

High 1 Present In Progress Hi-Z

AAT

High 1 Present Complete Active
Neg Edge 1 Removal Reset Reset (Hi-Z)

SHA

+ t
+ t

CHD

AAT

AAT

CHAL PIN CHP BIT TOKEN PRESENCE AUTHENTICATION DISPLAY

High 0 Not Present Armed Hi-Z
Neg Edge 0 Insertion Initiated Hi-Z
Low < t
Low > t

CHD

CHD

+ t

0 Present In Progress Hi-Z

AAT

+ t

0 Present Complete Active

AAT

Pos Edge 0 Removal Reset Reset
Low 1 Not Present Armed Hi-Z

Pos Edge 1 Insertion Initiated Hi-Z
High < 0.5s 1 Present In Progress Hi-Z
High > 0.5s 1 Present Complete Active
Neg Edge 1 Removal Reset Reset

CHP

BIT

TOKEN

PRESENCE

, maximum time is 8*t

SHA

AUTHENTICATION DISPLAY

.

Detection cases 3 and 4 occur through a 1-Wire Reset/Presence Detect sequence on the MDQ pin. In case 3, an
asynchronous 1-Wire presence pulse occurs when a battery with a 1-Wire device is connected to the DS2705. The
DS2705 responds with the authentication sequence. Case 4 is a user configuration option where a 1-Wire reset is
periodically issued on MDQ which then monitors the bus for the presence pulse issued by any/all 1-Wire slave
devices on the bus. If the DS2705 detects a presence pulse, it begins an authentication sequence. The DS2705
can also be configured to periodically test for the continued presence of a 1-Wire slave device once successful
authentication has completed. This allows the status display to be automatically reset when a slave token has been
removed. Table 3 shows the sequence and display activity for presence detection on MDQ.

Table 3. Asynchronous And Periodic Presence Detection Using MDQ Pin

PD

No PD Not Present Reset Hi-Z

PD

No PD Removal Reset Reset (Hi-Z)

TOKEN

PRESENCE

AUTHENTICATION DISPLAY

Insertion Initiated Hi-Z

Present

In Progress Hi-Z

Complete Active

8 of 18

DS2705: SHA-1 Authentication Master

AUTHENTICATION SEQUENCE

Following the detection of the battery, the DS2705 initiates the authentication sequence. The sequence is executed
in whole each time authentication is initiated. See Figure 4.

1. Test for presence with 1-Wire RESET.

2. Issue SKIP ROM (SKIP NET ADDRESS) command.

3. Issue Write Challenge command with 64-bit Challenge data.

4. Issue Compute MAC without ROMID command to SHA-1 token.

5. Provide strong pullup on DQ output.

6. Issue 8 write 0 timeslots.

7. Issue read time slots to receive MAC from token.

8. Compare local and token MAC results.

9. If configured for multiple attempts, re-try until authentication complete.

10. Test for presence with 1-Wire RESET.

11. Update status on

Note: If the DS2705 does not receive a presence pulse after presence has been established, or the presence
test in step 9. fails, then the status is reported as not present with both the

PASS or FAIL pins.

PASS and FAIL pins hi-Z.

PREPROGRAMMED CHALLENGE AND RESPONSE

A challenge response authentication system does not require a truly random set of challenges. The set of unique
challenges must be sufficiently large that it precludes the use of a lookup table type of attack. If a large enough set
of unique challenges is dispersed over a population of portable devices, then each portable device does not need
to store the secret key and duplicate the computation of the MAC. It need only store one challenge response pair to
provide a practical barrier to battery clones. This system requires that every battery contain the secret key and
SHA-1 algorithm so that it is compatible with any portable device it might be required to power.

The DS2705 stores the preprogrammed challenge and response MAC. This serves to lower the cost and increase
the secrecy of the key since the key does not have to be programmed into the DS2705. Dallas Semiconductor
recommends not using any challenge response pair where either the challenge or MAC is all ‘0’s or all ‘1’s to
prevent accidental authentication of an open or shorted communication bus.

9 of 18

DS2705: SHA-1 Authentication Master

MASTER PORT (MDQ) FUNCTION COMMANDS

MASTER MODE WRITE CHALLENGE COMMAND

Write Challenge [0Ch, XXXXXXXXXXXXXXXX]. The master mode Write Challenge command sends the 8-byte

(64-bit) challenge to the remote token in preparation for a Compute MAC command.

Figure 3. Write Challenge (MDQ)

1-Wire

Reset

SKIP ROM

Cmd

Write

Challenge

64 Write Time Slots

(Random Number)

CMD

Presence

Pulse

MASTER MODE COMPUTE MAC W/O ROM ID COMMAND

Compute MAC without ROM ID [36h, XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX].

The Compute MAC command executes a MAC computation in the remote token and reads back the 20-byte result.

Figure 4. Compute and Return MAC (MDQ)

t

SPUP

Strong

Pull-up Applied

8 Write 0

Time Slots

160 Read Time Slots

(20-By te MAC)

1-Wire

Reset

Presence

Pulse

SKIP ROM

Cmd

Compute

MAC
Cmd

t

SPUD

10 of 18

DS2705: SHA-1 Authentication Master

MAC Comparison

After the SHA-1 computation is completed by the remote token, the DS2705 and remote SHA-1 token both contain
a MAC result based on the secret key. The results are compared by the DS2705 on a bit by bit basis as the MAC
data is read in from the remote token. Note that the secret is never transmitted on the bus and thus cannot be
captured by observing bus traffic.

Multiple Authentication Attempts

The DS2705 is configurable for multiple authentication attempts or re-tries to avoid reporting authentication failure
in the event of contact bounce or a noisy communication channel. When configured for more than one retry, the
status outputs are kept at the previous state until one attempt succeeds or all attempts fail. It is always
recommended to configure the DS2705 for at least one retry.

Signaling Authentication Results

Authentication results are signaled on the open drain
both outputs remain at their previous state. After authentication is complete, the pass or fail status is reported until
the display is cleared by one of the following conditions:

§ CHAL pin returning to inactive logic level.

§ Battery token removal detected when no 1-Wire Presence Pulse is returned in response to a 1-Wire

Reset.

PASS and FAIL output pins. During an authentication attempt,

Table 4. PASS/FAIL Outputs

CONDITION FOM BIT

Token Not Present x Hi-Z Hi-Z
Authentication in
Progress
Complete: Pass x LOW Hi-Z

Complete: Fail

x No Change No Change

0 Hi-Z LOW
1 Hi-Z Pulse

PASS OUTPUT FAIL OUTPUT

PROGRAMMING AND CONFIGURING

The DS2705 requires a configuration step prior to deployment to program the 64-bit challenge, 160-bit response
and to set up desired configuration options. Configuration is performed in slave mode using the SDQ and VPP
pins. The Challenge-and-Response pair, and option data are programmed in on-chip EEPROM that requires an
externally supplied programming voltage. After programming and verifying the EEPROM data, setting of the Lock
bits is recommended to prevent future modification. SDQ and VPP have internal pull downs which prevent the pins
from floating during normal operation.

11 of 18

DS2705: SHA-1 Authentication Master

Table 5. Configuration Register

FIELD NAME DESCRIPTION DEFAULT

Re-Tries Per Authentication Attempt

Each re-try includes:
OWR, PD, Skip ROM, Write Challenge, Read MAC, Compare MAC, Final OWR/PD

0 0 0 Re-try (1 attempt per initiation)

CR[1:0] RTA1:0

CR[3:2] PAA1:0

CR[5:4] PPT1:0

CR[6] APA

CR[7] CHP

CR[8] FOM

CR[9] OWS

CR[11:10] LOCK1:0

0 1 1 Re-tries (2 attempts per initiation)

1 0 3 Re-tries (4 attempts per initiation)

1 1 7 Re-tries (8 attempts per initiation)

PASS output hi-Z until authentication complete.
Authentication complete after first occurrence of a PASS result or all re-tries are a FAIL result
Periodic Authentication Attempt

Each Attempt performed with the programmed number of re-tries:

0 0 No Periodic Attempts

0 1 Attempt every 1s

1 0 Attempt every 8s
1 1 Attempt every 16s

PASS and FAIL pins retain previous states until updated when authentication completed. If
presence not detected, status outputs are cleared to hi-Z.

Periodic Presence Test

1-Wire Presence test performed at programmed period:

0 0 No Periodic Test

0 1 Attempt every 0.25s

1 0 Attempt every 0.5s

1 1 Attempt every 1.0s

PASS and FAIL pins retain previous states if presence detected. PASS and FAIL pins are cleared to

hi-Z and status flags are cleared to zero if presence not detected.
Asynchronous Presence Authentication

0 No

1 Yes

Authentication sequence initiated t
CHAL Pin Polarity Setting

0 High to low transition; active low

1 Low to high transition; active high

FAIL Output Select

0 FAIL pin held low
1 FAIL pin pulsed low at 2Hz 50% duty cycle

1-Wire Bus Speed

0 Standard 1-wire communication (Master and Slave)

1 Overdrive 1-wire communication (Master and Slave)

EEPROM Lock

0 0 No Operation

0 1 No Operation

1 0 Permanently Lock EEPROM

1 1 No Operation

Writing a 10b to the lock bits, followed by an EEPROM copy will permanently lock all EEPROM
locations inside the DS2705. Writing any other value to the lock bits will perform no operation.

ms delay after Presence Detect from token.

CHD

00b

00b

00b

0b

0b

0b

0b

00b

CR[12]

¾

CR[13] FAILF

CR[14] PASSF

CR[15] LOCKF

RESERVED

FAIL flag. Mirrors the FAIL pin output for test via slave interface (SDQ pin). Set if authentication
attempt fails. Cleared when subsequent authentication attempt initiated.

PASS flag. Mirrors the PASS pin output for test via slave interface (SDQ pin). Set if authentication
attempt passes. Cleared when subsequent authentication attempt initiated.

Displays Lock/Unlock Status. LOCKF = 1 if lock procedure successful.

12 of 18

0b

0b

0b

0b

DS2705: SHA-1 Authentication Master

MEMORY

The DS2705 has a 256 byte linear memory space for the EEPROM memory block that stores the challenge,
response and configuration parameters. Addresses designated as “Reserved” typically return FFh when read.
These bytes should not be written. EEPROM memory consists of non-volatile EEPROM cells overlaying volatile
shadow RAM. The Read Data and Write Data protocols allow the 1-Wire interface to directly accesses the shadow
RAM. The Copy Data and Recall Data function commands transfer data between the EEPROM cells and the
shadow RAM. In order to modify the data stored in the EEPROM cells, data must be written to the shadow RAM
and then copied to the EERPOM. In order to verify the data stored in the EEPROM cells, the EEPROM data must
be recalled to the shadow RAM and then read from the shadow. After issuing the Copy Data function command, a
programming pulse is required on the VPP pin.

Figure 5. EEPROM Access via Shadow RAM

Copy

EEPROM

Shadow RAM

Recall

Serial

Interface

Write

Read

Table 6. Memory Map

ADDRESS (HEX) DESCRIPTION READ/WRITE

00 to 07 64-bit Challenge R/W

08 to 1B 160-bit Response (Local MAC) R/W

1C to 1D Configuration Register R/W

1E to FF Reserved —

1-Wire BUS SYSTEM

The 1-Wire bus is a system that has a single bus master and one or more slaves. A multidrop bus is a 1-Wire bus
with multiple slaves, while a single-drop bus has only one slave device. The DS2705 acts as a bus master on the
MDQ pin and as a slave device on the SDQ pin. In both cases, the DS2705 requires a single-drop bus
configuration. The discussion of the 1-Wire bus system consists of three topics: hardware configuration, transaction
sequence, and 1-Wire signaling.

HARDWARE CONFIGURATION

Because the 1-Wire bus has only a single line, it is important that each device on the bus be able to drive it at the
appropriate time. To facilitate this, each device attached to the 1-Wire bus must connect to the bus with open-drain
or tri-state output drivers. The DS2705 uses an open-drain output driver as part of the bidirectional interface
circuitry shown in Figure 6. If a bidirectional pin is not available to act as the bus master when communicating with
the DS2705 as a slave on the SDQ pin, separate output and input pins can be connected together.

The 1-Wire bus must have a pullup resistor at the bus-master end of the bus. The DS2705 internally provides the
pullup for communication as a master on the MDQ pin. The bus master communicating with the DS2705 on SDQ is
responsible for providing an external pullup . The idle state for the 1-Wire bus is high. If, for any reason, a bus
transaction must be suspended, the bus must be left in the idle state to properly resume the transaction later. Note
that if the bus is left low for more than t
pulse, which effectively terminates the transaction.

, slave devices on the bus begin to interpret the low period as a reset

LOW0

13 of 18

Figure 6. 1-Wire Bus Interface Circuitry, DS2705 as Slave

Vpullup

(2.5 to 5.5V)

1.5kW - 4.7kW

Test System Bus

Master

(approx.)

SDQ

DS2705 SDQ Port

DS2705: SHA-1 Authentication Master

Rx

~100 Ohm

MOSFET

Tx

~1 uA

Rx = Receive
Tx = Transmit

Rx

Tx

TRANSACTION SEQUENCE

The protocol for 1-Wire communication is as follows:

§ Initialization

§ Net Address Command

§ Function Command(s)

§ Data Transfer (not all commands have data transfer)

All transactions of the 1-Wire bus begin with an initialization sequence consisting of a reset pulse transmitted by the
bus master, followed by a presence pulse transmitted by a slave if it is present on the bus. The presence pulse tells
the bus master that a slave device is on the bus and ready to operate. For more details, see the 1-Wire Signaling
section.

NET ADDRESS COMMANDS

Once the bus master has detected the presence of a slave, it can issue the net address command described in the
following paragraph. The name of the Net Address command (ROM command) is followed by its 8-bit opcode in
square brackets.

Skip Net Address [CCh]. The only net address command supported by the DS2705 is the Skip Net Address
command. It is preserved on the DS2705 for compatibility with multidrop enabled slaves such as the DS2703/4.
Skip Net Address must also be used after a reset pulse when a bus master is communicating to the DS2705 over
the SDQ input.

SLAVE PORT (SDQ) FUNCTION COMMANDS

After successfully completing the Skip Net Address command, the bus master can access the features of the
DS2705 with any of the function commands described in the following paragraphs. The name of each function is
followed by the 8-bit opcode for that command in square brackets. The function commands are summarized in
Table 7.

Read Data [69h, XX]. This command reads data starting at memory address XX. The LSb of the data in address
XX is available to be read immediately after the MSb of the address has been entered. Because the address is
automatically incremented after the MSb of each byte is received, the LSb of the data at address XX + 1 is
available to be read immediately after the MSb of the data at address XX. If the bus master continues to read
beyond address FFh, data is read starting at memory address 00 and the address is automatically incremented
until a reset pulse occurs. Addresses labeled “Reserved” in the memory map contain undefined data values. The
read data command can be terminated by the bus master with a reset pulse at any bit boundary. Read Data from
returns the data in the shadow RAM. A Recall Data command is required to transfer data from the EEPROM to the
shadow. See the Memory section for more details.

14 of 18

DS2705: SHA-1 Authentication Master

Write Data [6Ch, XX]. This command writes data starting at memory address XX. The LSb of the data to be stored
at address XX can be written immediately after the MSb of address has been entered. Because the address is
automatically incremented after the MSb of each byte is written, the LSb to be stored at address XX + 1 can be
written immediately after the MSb to be stored at address XX. If the bus master continues to write beyond address
FFh, the data starting at address 00 is overwritten. Writes to read-only addresses, reserved addresses and locked
EEPROM blocks are ignored. Incomplete bytes are not written. Write Data modifies the shadow RAM. A Copy Data
command is required to transfer data from the shadow to the EEPROM. See the Memory section for more details.
The Write command will cause spurious behavior if issued during an authentication attempt is in progress on the
MDQ pin.

Copy Data [48h]. This command copies the contents of all shadow RAM locations to EEPROM cells. After the
copy command is issued a high voltage pulse must be applied to the VPP pin for a time period of

t

. See Figure 7

PPW

for example bus timing of an EEPROM program function. During the pulse, the bus master can issue read timeslots
on the bus. The DS2705 will respond with ‘0’s while the EEPROM copy is in progress, and ‘1’s after the copy is
complete. A reset on SDQ at any time during the copy sequence will prematurely terminate the operation.

Figure 7. Copy EEPROM Sequence

t

t

PPR

PPW

t

PPF

VPP = 14.5V MIN

15.0V MAX

VPP

VPP = 0V

Non-critical Timing

SDQ

1-W ire

Reset

SKIP ROM

Cmd

Copy Data

Cmd

Presence

Pulse

Recall Data [B8h]. This command recalls the contents of all EEPROM cell locations to the shadow RAM memory.
Following the Recall command, SDQ must be driven low for a minimum of t
after the Recall command. The Recall command will cause spurious behavior if issued while an authentication
attempt is in progress on the MDQ pin.

Bus master may issue read slots during

EEPROM copy. DS2705 responds with

‘0’s during copy , ‘1’s afterwards.

. SDQ can be driven low indefinitely

RSTL

15 of 18

Table 7. Slave Function Commands

COMMAND DESCRIPTION

COMMAND

PROTOCOL

DS2705: SHA-1 Authentication Master

BUS STATE

AFTER

COMMAND

PROTOCOL

BUS DATA

RESET

CCh

69h

Address

RESET

CCh

6Ch

Address

RESET

CCh

48h

Program Pulse

RESET

CCh

B8h

Master Rx

Master Tx

Master Rx

Master Reset None

Up to 256 bytes of

data

Up to 256 bytes of

data

Read data = 0 until

command completes

Read Data

Write Data

Copy Data

Recall Data

Reads data from
memory starting at
address XX

Writes data to
memory starting at
address XX

Copies shadow RAM
data to EEPROM

Recalls EEPROM to
shadow RAM

16 of 18

DS2705: SHA-1 Authentication Master

I/O SIGNALING

The 1-Wire bus requires strict signaling protocols to ensure data integrity. The four protocols used in 1-Wire
communication are as follows: the initialization sequence (reset pulse followed by presence pulse), write 0, write 1,
and read data. The 1-Wire bus master initiates all these types of signaling except the presence pulse.

The initialization sequence required to begin any 1-Wire communication is shown in Figure 8. A presence pulse
following a reset pulse indicates that the 1-Wire slave is ready to accept a net address command. The bus master
transmits (Tx) a reset pulse for t
1-Wire bus line is then pulled high by the pullup resistor. After detecting the rising edge on the DQ pin, the slave
waits for t

and then transmits the presence pulse for t

PDH

Figure 8. 1-Wire Initialization Sequence

RESET PRESENCE PULSE

t

V

PULLUP

GND

. The bus master then releases the line and goes into receive mode (Rx). The

RSTL

.

PDL

MRSTL

t

MPDH

t

MPDL

MODE

Standard

Overdrive

680ms

70ms

4

4ms

0

s

m

640ms

160ms

64ms

16ms

LINE T YPE LEGEND:

Bus Master active LOW Device active LOW

Both Bus Master and Device Resistor pullup
active LOW

WRITE-TIME SLOTS

A write-time slot is initiated when the bus master pulls the 1-Wire bus from a logic-high (inactive) level to a logic-low
level. There are two types of write-time slots: write 1 and write 0. All write-time slots must be t
a 1ms minimum recovery time, t
t

LOW0_MIN

after the line falls. If the line is high when sampled, a write 1 occurs. If the line is low when sampled, a

write 0 occurs. The sample window is illustrated in Figure 9. 1-Wire Write and Read-Time

, between cycles. The slave samples the 1-Wire bus line between t

REC

Slots. For the bus master

in duration with

SLOT

LOW1_MAX

and

to generate a write 1 time slot, the bus line must be pulled low and then released, allowing the line to be pulled high
less than t

after the start of the write time slot. For the host to generate a write 0 time slot, the bus line must be

RDV

pulled low and held low for the duration of the write-time slot.

READ-TIME SLOTS

A read-time slot is initiated when the bus master pulls the 1-Wire bus line from a logic-high level to a logic-low level.
The bus master must keep the bus line low for at least 1ms and then release it to allow the slave to present valid
data. The bus master can then sample the data t
time slot, the slave releases the bus line and allows it to be pulled high by the external pullup resistor. All read-time
slots must be t

in duration with a 1ms minimum recovery time, t

SLOT

specifications in the Electrical Characteristics table for more information.

from the start of the read-time slot. By the end of the read-

RDV

, between cycles. See Figure 9 and the timing

REC

17 of 18

Figure 9. 1-Wire Write and Read-Time Slots

WRITE 0 SLOT WRI TE 1 SLOT

DS2705: SHA-1 Authentication Master

V

PULLU P

GND

MODE

Standard

Overdrive

V

PULLU P

15ms

2ms

t

RDV

t

SLOT

t

LOW0

Slave Sample Window

MIN TYP MAX

15ms 30ms

1ms 3ms

Data = 0

t

SLOT

t

REC

15ms

2ms

READ DATA SLOT

t

REC

t

RDV

t

SLOT

t

LOW1

Slave Sample Window

MIN TYP MAX

15ms 30ms

1ms 3ms

Data = 1

t

SLOT

GND

t

LOW1

Master Sample Window

15ms

MODE

Standard

Overdrive

Master Sampl e Window

15ms

2ms 2ms

LINE TYPE LEGEND:

Bus Master active LOW Slave active LOW

Both Bus Master and Device Resistor pullup
active LOW

PACKAGE INFORMATION

(For the latest package outline information, go to www.maxim-ic.com/DallasPackInfo.)

18 of 18