2002 Microchip Technology Inc.
DS40152E-page 1
HCS360
FEATURES
Security
Programmable 28/32-bit serial number
Programmable 64-bit encryption key
Each transmission is unique
67-bit transmission code length
32-bit hopping code
35-bit fixed code (28/32-bit serial number,
4/0-bit function code, 1-bit status, 2-bit CRC)
Encryption keys are read protected
Operating
2.0-6.6V operation
Four button inputs
- 15 functions available
Selectable baud rate
Automatic code word completion
Battery low signal transmitted to receiver
Nonvolatile synchronization data
PWM and Manchester modulation
Other
Easy-to-use programming interface
On-chip EEPROM
On-chip oscillator and timing components
Button inputs have internal pull-down resistors
Current limiting on LED output
Minimum component count
Enhanced Features Over HCS300
48-bit seed vs. 32-bit seed
2-bit CRC for error detection
28/32-bit serial number select
Two seed transmission methods
PWM and Manchester modulation
IR Modulation mode
Typical Applications
The HCS360 is ideal for Remote Keyless Entry (RKE)
applications. These applications include:
Automotive RKE systems
Automotive alarm systems
Automotive immobilizers
Gate and garage door openers
Identity tokens
Burglar alarm systems
DESCRIPTION
The HCS360 is a code hopping encoder designed for
secure Remote Keyless Entry (RKE) systems. The
HCS360 utilizes the K
EE
L
OQ
code hopping technology,
which incorporates high security, a small package
outline and low cost, to make this device a perfect
solution for unidirectional remote keyless entry sys-
tems and access control systems.
PACKAGE TYPES
BLOCK DIAGRAM
The HCS360 combines a 32-bit hopping code
generated by a nonlinear encryption algorithm, with a
28/32-bit serial number and 7/3 status bits to create a
67-bit transmission stream.
1
2
3
4
8
7
6
5
S0
S1
S2
S3
V
DD
LED
DATA
V
SS
PDIP, SOIC
HCS3
6
0
V
SS
V
DD
Oscillator
RESET circuit
LED driver
Controller
Power
latching
and
switching
Button input port
32-bit shift register
Encoder
EEPROM
DATA
LED
S
3
S
2
S
1
S
0
K
EE
L
OQ
Code Hopping Encoder
HCS360
DS40152E-page 2
2002 Microchip Technology Inc.
The crypt key, serial number and configuration data are
stored in an EEPROM array which is not accessible via
any external connection. The EEPROM data is pro-
grammable but read-protected. The data can be veri-
fied only after an automatic erase and programming
operation. This protects against attempts to gain
access to keys or manipulate synchronization values.
The HCS360 provides an easy-to-use serial interface
for programming the necessary keys, system parame-
ters and configuration data.
1.0
SYSTEM OVERVIEW
Key Terms
The following is a list of key terms used throughout this
data sheet. For additional information on K
EE
L
OQ
and
Code Hopping, refer to Technical Brief 3 (TB003).
RKE - Remote Keyless Entry
Button Status - Indicates what button input(s)
activated the transmission. Encompasses the 4
button status bits S3, S2, S1 and S0 (Figure 3-1).
Code Hopping - A method by which a code,
viewed externally to the system, appears to
change unpredictably each time it is transmitted.
Code word - A block of data that is repeatedly
transmitted upon button activation (Figure 3-1).
Transmission - A data stream consisting of
repeating code words (Figure 8-1).
Crypt key - A unique and secret 64-bit number
used to encrypt and decrypt data. In a symmetri-
cal block cipher such as the K
EE
L
OQ
algorithm,
the encryption and decryption keys are equal and
will therefore be referred to generally as the crypt
key.
Encoder - A device that generates and encodes
data.
Encryption Algorithm - A recipe whereby data is
scrambled using a crypt key. The data can only be
interpreted by the respective decryption algorithm
using the same crypt key.
Decoder - A device that decodes data received
from an encoder.
Decryption algorithm - A recipe whereby data
scrambled by an encryption algorithm can be
unscrambled using the same crypt key.
Learn Learning involves the receiver calculating
the transmitter's appropriate crypt key, decrypting
the received hopping code and storing the serial
number, synchronization counter value and crypt
key in EEPROM. The K
EE
L
OQ
product family facil-
itates several learning strategies to be imple-
mented on the decoder. The following are
examples of what can be done.
- Simple Learning
The receiver uses a fixed crypt key, common
to all components of all systems by the same
manufacturer, to decrypt the received code
word's encrypted portion.
- Normal Learning
The receiver uses information transmitted
during normal operation to derive the crypt
key and decrypt the received code word's
encrypted portion.
- Secure Learn
The transmitter is activated through a special
button combination to transmit a stored 60-bit
seed value used to generate the transmitter's
crypt key. The receiver uses this seed value
to derive the same crypt key and decrypt the
received code word's encrypted portion.
Manufacturer's code A unique and secret 64-
bit number used to generate unique encoder crypt
keys. Each encoder is programmed with a crypt
key that is a function of the manufacturer's code.
Each decoder is programmed with the manufac-
turer code itself.
The HCS360 code hopping encoder is designed specif-
ically for keyless entry systems; primarily vehicles and
home garage door openers. The encoder portion of a
keyless entry system is integrated into a transmitter,
carried by the user and operated to gain access to a
vehicle or restricted area. The HCS360 is meant to be
a cost-effective yet secure solution to such systems,
requiring very few external components (Figure 2-1).
Most low-end keyless entry transmitters are given a
fixed identification code that is transmitted every time a
button is pushed. The number of unique identification
codes in a low-end system is usually a relatively small
number. These shortcomings provide an opportunity
for a sophisticated thief to create a device that `grabs'
a transmission and retransmits it later, or a device that
quickly `scans' all possible identification codes until the
correct one is found.
The HCS360, on the other hand, employs the K
EE
L
OQ
code hopping technology coupled with a transmission
length of 66 bits to virtually eliminate the use of code
`grabbing' or code `scanning'. The high security level of
the HCS360 is based on the patented K
EE
L
OQ
technol-
ogy. A block cipher based on a block length of 32 bits
and a key length of 64 bits is used. The algorithm
obscures the information in such a way that even if the
transmission information (before coding) differs by only
one bit from that of the previous transmission, the next
2002 Microchip Technology Inc.
DS40152E-page 3
HCS360
coded transmission will be completely different. Statis-
tically, if only one bit in the 32-bit string of information
changes, greater than 50 percent of the coded trans-
mission bits will change.
As indicated in the block diagram on page one, the
HCS360 has a small EEPROM array which must be
loaded with several parameters before use; most often
programmed by the manufacturer at the time of produc-
tion. The most important of these are:
A 28-bit serial number, typically unique for every
encoder
A crypt key
An initial 16-bit synchronization value
A 16-bit configuration value
The crypt key generation typically inputs the transmitter
serial number and 64-bit manufacturer's code into the
key generation algorithm (Figure 1-1). The manufac-
turer's code is chosen by the system manufacturer and
must be carefully controlled as it is a pivotal part of the
overall system security.
FIGURE 1-1:
CREATION AND STORAGE OF CRYPT KEY DURING PRODUCTION
The 16-bit synchronization counter is the basis behind
the transmitted code word changing for each transmis-
sion; it increments each time a button is pressed. Due
to the code hopping algorithm's complexity, each incre-
ment of the synchronization value results in greater
than 50% of the bits changing in the transmitted code
word.
Figure 1-2 shows how the key values in EEPROM are
used in the encoder. Once the encoder detects a button
press, it reads the button inputs and updates the syn-
chronization counter. The synchronization counter and
crypt key are input to the encryption algorithm and the
output is 32 bits of encrypted information. This data will
change with every button press, its value appearing
externally to `randomly hop around', hence it is referred
to as the hopping portion of the code word. The 32-bit
hopping code is combined with the button information
and serial number to form the code word transmitted to
the receiver. The code word format is explained in
greater detail in Section 4.2.
A receiver may use any type of controller as a decoder,
but it is typically a microcontroller with compatible firm-
ware that allows the decoder to operate in conjunction
with an HCS360 based transmitter. Section 7.0
provides detail on integrating the HCS360 into a sys-
tem.
A transmitter must first be `learned' by the receiver
before its use is allowed in the system. Learning
includes calculating the transmitter's appropriate crypt
key, decrypting the received hopping code and storing
the serial number, synchronization counter value and
crypt key in EEPROM.
In normal operation, each received message of valid
format is evaluated. The serial number is used to deter-
mine if it is from a learned transmitter. If from a learned
transmitter, the message is decrypted and the synchro-
nization counter is verified. Finally, the button status is
checked to see what operation is requested. Figure 1-3
shows the relationship between some of the values
stored by the receiver and the values received from
the transmitter.
Transmitter
Manufacturer's
Serial Number
Code
Crypt
Key
Key
Generation
Algorithm
Serial Number
Crypt Key
Sync Counter
.
.
.
HCS360
Production
Programmer
EEPROM Array
2002 Microchip Technology Inc.
DS40152E-page 5
HCS360
2.0
DEVICE OPERATION
As shown in the typical application circuits (Figure 2-1),
the HCS360 is a simple device to use. It requires only
the addition of buttons and RF circuitry for use as the
transmitter in your security application. A description of
each pin is described in Table 2-1.
FIGURE 2-1:
TYPICAL CIRCUITS
TABLE 2-1:
PIN DESCRIPTIONS
The HCS360 will wake-up upon detecting a button
press and delay approximately 10 ms for button
debounce (Figure 2-2). The synchronization counter,
discrimination value and button information will be
encrypted to form the hopping code. The hopping code
portion will change every transmission, even if the
same button is pushed again. A code word that has
been transmitted will not repeat for more than 64K
transmissions. This provides more than 18 years of use
before a code is repeated; based on 10 operations per
day. Overflow information sent from the encoder can be
used to extend the number of unique transmissions to
more than 192K.
If in the transmit process it is detected that a new but-
ton(s) has been pressed, a RESET will immediately
occur and the current code word will not be completed.
Please note that buttons removed will not have any
effect on the code word unless no buttons remain
pressed; in which case the code word will be completed
and the power-down will occur.
FIGURE 2-2:
ENCODER OPERATION
Name
Pin
Number
Description
S0
1
Switch input 0
S1
2
Switch input 1
S2
3
Switch input 2 / Clock pin when in
Programming mode
S3
4
Switch input 3
V
SS
5
Ground reference
DATA
6
Data output pin /Data I/O pin for
Programming mode
LED
7
Cathode connection for LED
V
DD
8
Positive supply voltage
V
DD
B0
Tx out
S0
S1
S2
S3
LED
V
DD
DATA
V
SS
Two button remote control
B1
V
DD
Tx out
S0
S1
S2
S3
LED
V
DD
DATA
V
SS
Five button remote control (Note
1
)
B4 B3 B2 B1 B0
Note:
Up to 15 functions can be implemented by pressing
more than one button simultaneously or by using a
suitable diode array.
Power-Up
RESET and Debounce Delay
(10 ms)
Sample Inputs
Update Sync Info
Encrypt With
Load Transmit Register
Buttons
Added
?
All
Buttons
Released
?
(A button has been pressed)
Transmit
Stop
No
Yes
No
Yes
Crypt Key
Complete Code
Word Transmission
PDF 
ZIP