HCS300 HCS300 KEELOQ Code Hopping Encoder FEATURES DESCRIPTION The HCS300 from Microchip Technology Inc. is a code Security hopping encoder designed for secure Remote Keyless Programmable 28-bit serial number Entry (RKE) systems. The HCS300 utilizes the KEELOQ code hopping technology, incorporating high security, a Programmable 64-bit encryption key small package outline and low cost. The HCS300 is a Each transmission is unique perfect solution for unidirectional remote keyless entry 66-bit transmission code length systems and access control systems. 32-bit hopping code 28-bit serial number, 4-bit button code, 2-bit status PACKAGE TYPES Crypt keys are read protected PDIP, SOIC Operating 8 S0 VDD 1 2.0V - 6.3V operation 7 LED 2 S1 Four button inputs No additional circuitry required 6 PWM 3 S2 15 functions available VSS S3 4 5 Selectable baud rate Automatic code word completion Low battery signal transmitted to receiver HCS300 BLOCK DIAGRAM Non-volatile synchronization data Oscillator Power latching Other and Controller RESET circuit switching Easy-to-use programming interface LED LED driver On-chip EEPROM On-chip oscillator and timing components Button inputs have internal pull-down resistors EEPROM Encoder Current limiting on LED output Low external component cost PWM 32-bit shift register Typical Applications The HCS300 is ideal for Remote Keyless Entry (RKE) VSS Button input port applications. These applications include: VDD Automotive RKE systems Automotive alarm systems S3 S2 S1 S0 Automotive immobilizers Gate and garage door openers The HCS300 combines a 32-bit hopping code, Identity tokens generated by a nonlinear encryption algorithm, with a Burglar alarm systems 28-bit serial number and 6 information bits to create a 66-bit code word. The code word length eliminates the threat of code scanning and the code hopping mecha- nism makes each transmission unique, thus rendering code capture and resend schemes useless. 2001 Microchip Technology Inc. DS21137F-page 1HCS300 The crypt key, serial number and configuration data are Learn Learning involves the receiver calculating stored in an EEPROM array which is not accessible via the transmitters appropriate crypt key, decrypting any external connection. The EEPROM data is pro- the received hopping code and storing the serial grammable but read-protected. The data can be veri- number, synchronization counter value and crypt fied only after an automatic erase and programming key in EEPROM. The KEELOQ product family facil- operation. This protects against attempts to gain itates several learning strategies to be imple- access to keys or manipulate synchronization values. mented on the decoder. The following are The HCS300 provides an easy-to-use serial interface examples of what can be done. for programming the necessary keys, system parame- - Simple Learning ters and configuration data. The receiver uses a fixed crypt key, common to all components of all systems by the same manufacturer, to decrypt the received code 1.0 SYSTEM OVERVIEW words encrypted portion. Key Terms - Normal Learning The receiver uses information transmitted The following is a list of key terms used throughout this during normal operation to derive the crypt data sheet. For additional information on KEELOQ and key and decrypt the received code words Code Hopping, refer to Technical Brief 3 (TB003). encrypted portion. RKE - Remote Keyless Entry - Secure Learn Button Status - Indicates what button input(s) The transmitter is activated through a special activated the transmission. Encompasses the 4 button combination to transmit a stored 60-bit button status bits S3, S2, S1 and S0 (Figure 4-2). seed value used to generate the transmitters Code Hopping - A method by which a code, crypt key. The receiver uses this seed value viewed externally to the system, appears to to derive the same crypt key and decrypt the change unpredictably each time it is transmitted. received code words encrypted portion. Code word - A block of data that is repeatedly Manufacturers code A unique and secret 64- transmitted upon button activation (Figure 4-1). bit number used to generate unique encoder crypt Transmission - A data stream consisting of keys. Each encoder is programmed with a crypt repeating code words (Figure 8-1). key that is a function of the manufacturers code. Crypt key - A unique and secret 64-bit number Each decoder is programmed with the manufac- used to encrypt and decrypt data. In a symmetri- turer code itself. cal block cipher such as the KEELOQ algorithm, The HCS300 code hopping encoder is designed specif- the encryption and decryption keys are equal and ically for keyless entry systems primarily vehicles and will therefore be referred to generally as the crypt home garage door openers. The encoder portion of a key. keyless entry system is integrated into a transmitter, Encoder - A device that generates and encodes carried by the user and operated to gain access to a data. vehicle or restricted area. The HCS300 is meant to be Encryption Algorithm - A recipe whereby data is a cost-effective yet secure solution to such systems, scrambled using a crypt key. The data can only be requiring very few external components (Figure 2-1). interpreted by the respective decryption algorithm Most low-end keyless entry transmitters are given a using the same crypt key. fixed identification code that is transmitted every time a Decoder - A device that decodes data received button is pushed. The number of unique identification from an encoder. codes in a low-end system is usually a relatively small Decryption algorithm - A recipe whereby data number. These shortcomings provide an opportunity scrambled by an encryption algorithm can be for a sophisticated thief to create a device that grabs unscrambled using the same crypt key. a transmission and retransmits it later, or a device that quickly scans all possible identification codes until the correct one is found. The HCS300 on the other hand, employs the KEELOQ code hopping technology coupled with a transmission length of 66 bits to virtually eliminate the use of code grabbing or code scanning. The high security level of the HCS300 is based on the patented KEELOQ technol- ogy. A block cipher based on a block length of 32 bits and a key length of 64 bits is used. The algorithm obscures the information in such a way that even if the transmission information (before coding) differs by only one bit from that of the previous transmission, the next DS21137F-page 2 2001 Microchip Technology Inc.