1996 Microchip Technology Inc.
Preliminary
DS40152C-page 1
M
Code Hopping Encoder
FEATURES
Security
Programmable 28/32-bit serial number
Programmable 64-bit encryption key
Each transmission is unique
67-bit transmission code length
32-bit hopping code
35-bit fixed code (28/32-bit serial number,
4/0-bit function code, 1-bit status, 2-bit CRC)
Encryption keys are read protected
Operating
2.0-6.6V operation
Four button inputs
- 15 functions available
Selectable baud rate
Automatic code word completion
Battery low signal transmitted to receiver
Nonvolatile synchronization data
PWM and Manchester modulation
Other
Easy to use programming interface
On-chip EEPROM
On-chip oscillator and timing components
Button inputs have internal pull-down resistors
Current limiting on LED output
Minimum component count
Enhanced Features Over HCS300
48-bit seed vs. 32-bit seed
2-bit CRC for error detection
28/32-bit serial number select
Two seed transmission methods
PWM and Manchester modulation
IR modulation mode
Typical Applications
The HCS360 is ideal for Remote Keyless Entry (RKE)
applications. These applications include:
Automotive RKE systems
Automotive alarm systems
Automotive immobilizers
Gate and garage door openers
Identity tokens
Burglar alarm systems
PACKAGE TYPES
HCS360 BLOCK DIAGRAM
DESCRIPTION
The HCS360 is a code hopping encoder designed for
secure Remote Keyless Entry (RKE) systems. The
HCS360 utilizes the K
EE
L
OQ
code hopping technology,
which incorporates high security, a small package
outline and low cost, to make this device a perfect
solution for unidirectional remote keyless entry systems
and access control systems.
The HCS360 combines a 32-bit hopping code
generated by a nonlinear encryption algorithm, with a
28/32-bit serial number and 7/3 status bits to create a
67-bit transmission stream. The length of the
transmission eliminates the threat of code scanning
and the code hopping mechanism makes each
transmission unique, thus rendering code capture and
resend (code grabbing) schemes useless.
1
2
3
4
8
7
6
5
S0
S1
S2
S3
V
DD
LED
PWM
V
SS
PDIP, SOIC
HCS360
V
SS
V
DD
Oscillator
Reset circuit
LED driver
Controller
Power
latching
and
switching
Button input port
32-bit shift register
Encoder
EEPROM
PWM
LED
S
3
S
2
S
1
S
0
HCS360
K
EE
L
OQ
is a registered trademark of Microchip Technology Inc.
*Code hopping encoder patents issued in Europe, U. S. A., R. S. A. -- US: 5,517,187; Europe: 0459781
HCS360
DS40152C-page 2
Preliminary
1996 Microchip Technology Inc.
The encryption key, serial number, and configuration
data are stored in EEPROM which is not accessible via
any external connection. This makes the HCS360 a
very secure unit. The HCS360 provides an easy to use
serial interface for programming the necessary security
keys, system parameters, and configuration data.
The encryption keys and code combinations are pro-
grammable but read-protected. The keys can only be
verified after an automatic erase and programming
operation. This protects against attempts to gain
access to keys and manipulate synchronization values.
The HCS360 operates over a wide voltage range of
2.0V to 6.6V and has four button inputs in an 8-pin
configuration. This allows the system designer the
freedom to utilize up to 15 functions. The only
components required for device operation are the but-
tons and RF circuitry, allowing a very low system cost.
1.0
SYSTEM OVERVIEW
1.1
Key Terms
Manufacturer's code a 64-bit word, unique to
each manufacturer, used to produce a unique
encryption key in each transmitter (encoder).
Encryption Key a unique 64-bit key generated
and programmed into the encoder during the
manufacturing process. The encryption key
controls the encryption algorithm and is stored in
EEPROM on the encoder device.
Learn The HCS product family facilitates several
learning strategies to be implemented on the
decoder. The following are examples of what can
be done.
Normal Learning
The receiver uses the same information that is
transmitted during normal operation to derive the
transmitter's secret key, decrypt the discrimination
value and the synchronization counter.
Secure Learn*
The transmitter is activated through a special but-
ton combination to transmit a stored 48-bit value
(random seed) that can be used for key genera-
tion or be part of the key. Transmission of the ran-
dom seed can be disabled after learning is
completed.
The HCS360 is a code hopping encoder device that is
designed specifically for keyless entry systems,
primarily for vehicles and home garage door openers. It
is meant to be a cost-effective, yet secure solution to
such systems. The encoder portion of a keyless entry
system is meant to be held by the user and operated to
gain access to a vehicle or restricted area. The
HCS360 requires very few external components
(Figure
2-1).
Most keyless entry systems transmit the same code
from a transmitter every time a button is pushed. The
relative number of code combinations for a low end sys-
tem is also a relatively small number. These
shortcomings provide the means for a sophisticated
thief to create a device that `grabs' a transmission and
retransmits it later or a device that scans all possible
combinations until the correct one is found.
The HCS360 employs the K
EE
L
OQ
code hopping tech-
nology and an encryption algorithm to achieve a high
level of security. Code hopping is a method by which
the code transmitted from the transmitter to the receiver
is different every time a button is pushed. This method,
coupled with a transmission length of 67 bits, virtually
eliminates the use of code `grabbing' or code
`scanning'.
As indicated in the block diagram on page one, the
HCS360 has a small EEPROM array which must be
loaded with several parameters before use. The most
important of these values are:
A 28/32-bit serial number which is meant to be
unique for every encoder
An encryption key that is generated at the time of
production
A 16-bit synchronization value
The serial number for each transmitter is programmed
by the manufacturer at the time of production. The
generation of the encryption key is done using a key
generation algorithm (Figure 1-1). Typically, inputs to
the key generation algorithm are the serial number of
the transmitter or seed value, and a 64-bit manufac-
turer's code. The manufacturer's code is chosen by the
system manufacturer and must be carefully controlled.
The manufacturer's code is a pivotal part of the overall
system security.
The 16-bit synchronization value is the basis for the
transmitted code changing for each transmission, and
is updated each time a button is pressed. Because of
the complexity of the code hopping encryption algo-
rithm, a change in one bit of the synchronization value
will result in a large change in the actual transmitted
code. There is a relationship (Figure 1-2) between the
key values in EEPROM and how they are used in the
encoder. Once the encoder detects that a button has
been pressed, the encoder reads the button and
updates the synchronization counter. The synchroniza-
tion value is then combined with the encryption key in
the encryption algorithm and the output is 32 bits of
encrypted information. This data will change with every
button press, hence, it is referred to as the hopping
portion of the code word. The 32-bit hopping code is
combined with the button information and the serial
number to form the code word transmitted to the
receiver. The code word format is explained in detail
in Section 4.2.
*Secure Learning patents pending.
HCS360
1996 Microchip Technology Inc.
Preliminary
DS40152C-page 3
Any type of controller may be used as a receiver, but it
is typically a microcontroller with compatible firmware
that allows the receiver to operate in conjunction with a
transmitter, based on the HCS360. Section
7.0
provides more detail on integrating the HCS360 into a
total system.
Before a transmitter can be used with a particular
receiver, the transmitter must be `learned' by the
receiver. Upon learning a transmitter, information is
stored by the receiver so that it may track the
transmitter, including the serial number of the
transmitter, the current synchronization value for that
transmitter and the same encryption key that is used on
the transmitter. If a receiver receives a message of valid
format, the serial number is checked and, if it is from a
learned transmitter, the message is decrypted and the
decrypted synchronization counter is checked against
what is stored. If the synchronization value is verified,
then the button status is checked to see what operation
is needed. Figure 1-3 shows the relationship between
some of the values stored by the receiver and the val-
ues received from the transmitter.
FIGURE 1-1:
CREATION AND STORAGE OF ENCRYPTION KEY DURING PRODUCTION
FIGURE 1-2:
BASIC OPERATION OF TRANSMITTER (ENCODER)
FIGURE 1-3:
BASIC OPERATION OF RECEIVER (DECODER)
Transmitter
Manufacturer's
Serial Number or
Code
Encryption
Key
Key
Generation
Algorithm
Serial Number
Encryption Key
Sync Counter
.
.
.
HCS360 EEPROM Array
Seed
K
EE
L
OQ
Algorithm
Button Press
Information
Encryption
EEPROM Array
32 Bits of
Encrypted Data
Serial Number
Transmitted Information
Decryption Key
Sync Counter
Serial Number
Button Press
Information
EEPROM Array
Decryption Key
32 Bits of
Encrypted Data
Serial Number
Received Information
Decrypted
Synchronization
Counter
Check for
Match
Check for
Match
K
EE
L
OQ
Algorithm
Decryption
Sync Counter
Serial Number
Manufacturer Code
HCS360
DS40152C-page 4
Preliminary
1996 Microchip Technology Inc.
2.0
DEVICE OPERATION
As shown in the typical application circuits (Figure 2-1),
the HCS360 is a simple device to use. It requires only
the addition of buttons and RF circuitry for use as the
transmitter in your security application. A description of
each pin is described in Table 2-1.
FIGURE 2-1:
TYPICAL CIRCUITS
TABLE 2-1
PIN DESCRIPTIONS
The high security level of the HCS360 is based on the
patented K
EE
L
OQ
technology. A block cipher type of
encryption algorithm based on a block length of 32 bits
and a key length of 64 bits is used. The algorithm
obscures the information in such a way that even if the
transmission information (before coding) differs by only
one bit from the information in the previous transmis-
sion, the next coded transmission will be totally differ-
ent. Statistically, if only one bit in the 32-bit string of
information changes, approximately 50 percent of the
coded transmission will change. The HCS360 will wake
up upon detecting a switch closure and then delay
approximately 6.5 ms for switch debounce (Figure 2-2).
The synchronization information, fixed information, and
switch information will be encrypted to form the hopping
code. The encrypted or hopping code portion of the
transmission will change every time a button is
pressed, even if the same button is pushed again.
Keeping a button pressed for a long time will result in
the same code word being transmitted until the button
is released or time-out occurs. A code that has been
transmitted will not occur again for more than 64K
transmissions. This will provide more than 18 years of
typical use before a code is repeated based on 10 oper-
ations per day. Overflow information programmed into
the encoder can be used by the decoder to extend the
number of unique transmissions to more than 128K.
If, in the transmit process, it is detected that a new but-
ton(s) has been pressed, a reset will immediately be
forced and the code word will not be completed. Please
note that buttons removed will not have any effect on
the code word unless no buttons remain pressed in
which case the current code word will be completed
and the power down will occur.
Name
Pin
Number
Description
S0
1
Switch input 0
S1
2
Switch input 1
S2
3
Switch input 2/Can also be clock
pin when in programming mode
S3
4
Switch input 3/Clock pin when in
programming mode
V
SS
5
Ground reference connection
PWM
6
Pulse width modulation (PWM)
output pin/Data pin for
programming mode
LED
7
Cathode connection for directly
driving LED during transmission
V
DD
8
Positive supply voltage
connection
V
DD
B0
Tx out
S0
S1
S2
S3
LED
V
DD
PWM
V
SS
2 button remote control
B1
V
DD
Tx out
S0
S1
S2
S3
LED
V
DD
PWM
V
SS
5 button remote control (Note)
B4 B3 B2 B1 B0
Note:
Up to 15 functions can be implemented by
pressing more than one button simulta-
neously or by using a suitable diode array.
HCS360
1996 Microchip Technology Inc.
Preliminary
DS40152C-page 5
FIGURE 2-2:
ENCODER OPERATION
3.0
EEPROM MEMORY
ORGANIZATION
The HCS360 contains 192 bits (12 x 16-bit words) of
EEPROM memory (Table 3-1). This EEPROM array is
used to store the encryption key information,
synchronization value, etc. Further descriptions of the
memory array is given in the following sections.
TABLE 3-1
EEPROM MEMORY MAP
3.1
Key_0 - Key_3 (64-Bit Encryption Key)
The 64-bit encryption key is used by the transmitter to
create the encrypted message transmitted to the
receiver. This key is created and programmed at the
time of production using a key generation algorithm.
Inputs to the key generation algorithm are the serial
number for the particular transmitter being used and a
secret manufacturer's code. While the key generation
algorithm supplied from Microchip is the typical method
used, a user may elect to create their own method of
key generation. This may be done providing that the
decoder is programmed with the same means of creat-
ing the key for decryption purposes. If a seed is used,
the seed will also form part of the input to the key gen-
eration algorithm.
Power Up
Reset and Debounce Delay
(6.5 ms)
Sample Inputs
Update Sync Info
Encrypt With
Load Transmit Register
Buttons
Added
?
All
Buttons
Released
?
(A button has been pressed)
Transmit
Stop
No
Yes
No
Yes
Encryption Key
Complete Code
Word Transmission
WORD
ADDRESS
MNEMONIC
DESCRIPTION
0
KEY_0
64-bit encryption
key (word 0)
1
KEY_1
64-bit encryption
key (word 1)
2
KEY_2
64-bit encryption
key (word 2)
3
KEY_3
64-bit encryption
key (word 3)
4
SYNC_A
16-bit synchroniza-
tion
value
5
SYNC_B/SEED_2 16-bit synchroniza-
tion or seed value
(word 2)
6
RESERVED
Set to 0000H
7
SEED_0
Seed Value (word 0)
8
SEED_1
Seed Value (word 1)
7
SER_0
Device Serial
Number (word 0)
10
SER_1
Device Serial
Number (word 1)
11
CONFIG
Configuration Word
PDF 
ZIP