Physical and Electrical Properties
3.4 Smart Card Microcontrollers 73 to retain data The main reason for not using PROM is that programming a PROM requires
access to the address, data and control buses. This is precisely what should not be possible with smart cards, because it would allow data to not only be written but also read out. Since the memory holds confidential data, using PROM is strictly prohibited.
EPROM (erasable programmable read-only memory)
EPROM was often used in the early years of smart card technology, since at that time it was the only type of memory that could retain data without a supply voltage and could also be written (although only once per bit). However, since an EPROM can only be erased using UV light, it cannot be erased in a smart card. This is why EPROM no longer has any practical significance. The only meaningful use for EPROM is to irreversibly store a chip number during semicon- ductor production, but this can now be realized using a special type of non-erasable EEPROM.
Figure 3.50 Photo of a ROM cell at 1000×enlargement (left) and 11,200×enlargement (right) (Source:Giesecke&Devrient)
EEPROM (electrically erasable programmable read-only memory)
EEPROM, which is technically more complex than ROM or RAM, is used in smart cards for all data and programs that need to be modified or erased at some time. Functionally, an EEPROM corresponds to the hard disk of a PC, since it retains data in the absence of power and the data can be altered as necessary. EEPROM is thus non-volatile memory.
In principle, an EEPROM cell is a tiny capacitor that can be charged or discharged. The charge state can be interrogated by sensing logic. A charged capacitor represents a logic 1,
while a discharged capacitor represents a logic 0. In order to store one data byte, eight of these small capacitors are needed, along with suitable sensing circuitry.
The erased state of the EEPROM cell is the critical factor with regard to writing to the cell. In most types of EEPROM, the erased state is ˚1˚. An EEPROM has the property that an individual cell can only be programmed from its erased state to its unerased state, which in this example is ˚0˚. If an EEPROM cell is already in the ˚0˚ state, an entire EEPROM page must be erased in order to restore that bit to the ˚1˚ state. The algorithm that is usually used for an EEPROM write routine is described in Listing 3.1.
Listing 3.1 Pseudocode of a routine for writing complete EEPROM pages. If multiple pages or only part of a page is to be written, this routine should be nested in a higher-level routine. A similar procedure should be used if a write retry routine must be called in the event of an error. Here the erased state of the EEPROM is'FF', and the written state is'00'
UpdateEEPROM:
//NewData: data to be written
//StoredData: stored data
Entry point for writing data to an EEPROM page
IF (NewData=StoredData) THEN (GOTO UpdateEEPROM Exit)
If the data already stored in the EEPROM page are the same as the new data, exit the function.
WorkData:=NewDataXORStoredData Following the XOR operation, the differences
between the stored data and the new data can be seen as set bits in the variableWorkData.
WorkData:=WorkDataANDNewData The AND operation causes the variable
WorkDatato be non-zero if the EEPROM page must be erased before the write process.
IF (WorkData<> 0) THEN (Erase EEPROM Page IF (StoredData<>'FF') THEN
(GOTO UpdateEEPROM Errror Exit))
If the variableWorkDatais non-zero, the EEPROM page must be erased before the write operation. After this operation, a test is made to see if the EEPROM page was successfully erased.
Write EEPROM Page withNewData
IF (StoredData<>NewData) THEN (GOTO UpdateEEPROM Errror Exit)
The EEPROM page can now be written. Afterwards, a check is made to see whether the data were successfully written to the EEPROM.
Update EEPROM Exit:
RETURN
The function has completed successfully.
Update EEPROM Error Exit:
RETURN
An error occurred during execution of the function.
Figure 3.52 shows the cross-section of an EEPROM cell. The actual structure is somewhat more complicated, but this simplified diagram is a very useful aid to comprehension.
In order to understand how an EEPROM cell works, you need to understand its semicon- ductor background. In its simplest form, an EEPROM cell is essentially a modified field-effect transistor (MOSFET) built on top of a silicon substrate. A MOSFET is formed by first creating a source and a drain in the substrate and then placing a control gate between them. The current
3.4 Smart Card Microcontrollers 75
Figure 3.51 Photo of an EEPROM cell at 1000×enlargement (left) and 4000×enlargement (right) (Source:Giesecke & Devrient)
gate floating gate tunnel oxide layer
substrate (p-doped)
doped drain (n-doped) channel source (n- ) Figure 3.52 Cross-section of the semiconductor structure of an EEPROM cell
flowing from the source to the drain can be controlled by applying a potential to this gate. As long as no potential is present on the gate, no current can flow, since there are two diode junctions (n–p and p–n) between the source and the drain. If a positive potential is applied to the gate, electrons are drawn towards it from the substrate, forming an electrically conducting channel between the source and the drain. The FET is then conductive, and a current can flow. In an EEPROM cell, an additional ‘floating’ gate is located between the control gate and the substrate. It is not connected to any external voltage source, and the separation between it and the substrate is very small, on the order of 10 nm. The floating gate can be charged or discharged via the substrate using the tunnel effect (Fowler–Nordheim effect), which allows charge carriers to penetrate thin oxide layers that act as insulators. This requires a sufficiently large potential difference across this oxide layer, which is called the tunnel-oxide layer. Current flow from the source to the drain is controlled by the charge on the floating gate. This means that the state of this gate can be interpreted as a logic 0 or a logic 1 according to whether a current can flow through the gate.
To charge the floating gate, a high positive voltage is applied to the control gate. This creates a large potential difference between the substrate and the floating gate, which in turn causes electrons to tunnel through the oxide layer to the floating gate, with a current that can be measured in picoamperes. The negative charge on the floating gate produces a high threshold voltage between the source and the drain, which means that the field-effect transistor is blocked. No current can flow between the source and the drain. Storing electrons in the floating gate is thus equivalent to storing data.
charging the EEPROM cell
high threshold voltage (FET is blocked) Figure 3.53 Charging an EEPROM cell
discharging the EEPROM cell the EEPROM cell is discharged
low threshold voltage (FET conducts)
Figure 3.54 Discharging an EEPROM cell
The potential needed to charge the EEPROM cell is about 17 V at the control gate, which is reduced to about 12 V at the floating gate by capacitive coupling. However, since smart card microcontrollers work with a supply voltage of only 1.8–5 V, a charge pump is needed to pro- duce the necessary voltage. In principle, the charge pump is a cascaded voltage-multiplier circuit. It generates an output voltage of about 25 V from the low input voltage, which yields a voltage close to the necessary level of 17 V after stabilization. Depending on the structure of the cell, charging an EEPROM cell requires from 2 to 10 ms per memory page (1–32 bytes).
To erase an EEPROM cell, a negative voltage is applied to the control gate. This causes the electrons to leave the floating gate and return to the substrate. The EEPROM cell is then
3.4 Smart Card Microcontrollers 77
5 V
charging the capacitors of the charge pump
≈ 25 V ≈ 25 V
filter / buffer capacitor
Figure 3.55 This schematic diagram shows the operating principle of a charge pump circuit during charging (left) and discharging (right). These processes are repeated at a high frequency, causing the charge pump to produces a slightly pulsating DC voltage at its output.
discharged and the threshold voltage between the source and the drain is low, so the FET conducts.
The floating gate can also be discharged by heat or energetic radiation (such as X-rays or UV light), which causes it to return to its ‘secure’ state. This state is of fundamental significance in the design of smart card operating systems, since security barriers can be breached by deliberately altering ambient conditions if the secure state of the EEPROM is not used to store critical data. Depending on the technical implementation of an EEPROM cell, the secure state can correspond to a logic 0 or a logic 1. This is specific to each type of smart card microcontroller, and it should be confirmed with the manufacturer if necessary.
EEPROM is one of the few types of semiconductor memory having a limited number of access cycles. It can be read any number of times, but it can be programmed only a limited number of times. The reason for this limitation can be found in its semiconductor structure. The life expectancy of an EEPROM depends strongly on the nature, thickness and quality of the tunnel-oxide layer between the floating gate and the substrate. Since this layer must be produced very early in the fabrication process, it is exposed to strong thermal stresses in subsequent fabrication steps. This may cause damage to the oxide layer, which in turn affects the useful life of the EEPROM cell. During fabrication, and every time the cell is written, the tunnel-oxide layer absorbs electrons that are not subsequently released. These ‘trapped’ electrons are located close to the channel between the source and the drain, and once they reach a certain number they have a stronger effect on the threshold potential than the charge stored in the floating gate. When this happens, the EEPROM cell has reached the end of its useful life. Although it can still be written, the charge on the floating gate has only a minimal effect on the characteristics of the channel between the source and the drain, so the threshold potential always remains the same. The number of possible write/erase cycles varies greatly, depending on structural details. Typical values range from 100,000 to 1,000,000 cycles over the entire range of operating temperature and voltage. At room temperature and using an optimum supply voltage, values that are 10 to 50 times greater can be achieved.
When an EEPROM cell is approaching the end of its life, its data retention time decreases. The retention time can range from hours to minutes or even seconds. The more exhausted the EEPROM becomes, i.e., the more electrons that have been absorbed by the tunnel oxide layer, the shorter is the retention time.
A charged floating gate loses charge over time, due to insulation losses and quantum- mechanical effects. The time required for this to become noticeable can range from 10 to
charge in the EEPROM cell
increasing threshold value for detecting a written bit, due to electron enrichment of the tunnel oxide layer
time 1 year 10 years 100 years
Figure 3.56 Displacement of the discharge curve of an EEPROM cell as a function of the number of executed program/erase cycles
100 years. In this regard, it is interesting to note that a charged floating gate holds 100,000 to 1,000,000 electrons, depending on the implementation. Currently, all semiconductor man- ufacturers guarantee data retention for 10 years. In order to increase this value, the contents of EEPROM cells can be periodically refreshed by reprogramming. However, this is only worthwhile when the data must be stored for a long time.
Flash EEPROM (Flash electrically erasable programmable read-only memory)
Flash EEPROM, which is often simply called ‘Flash memory’, shares the property of non- volatility with regular EEPROM. This means that it retains data in the absence of a supply voltage. It is very similar to EEPROM in its construction and operation. The basic differ- ence between a Flash EEPROM and a normal EEPROM is in the writing process, which is based on hot-electron injection instead of the Fowler–Nordheim (tunneling) effect. ‘Hot’ electrons are fast electrons produced by a high potential difference between the source and the drain. Some of these electrons penetrate the tunnel-oxide layer, due to the influence of a positively charged control gate, and are stored in the floating gate. This reduces the writ- ing time to around 10 µs, which is a considerable improvement on the value of 2–10 ms for a regular EEPROM. The name ‘Flash’ comes from this extremely short programming time. Another advantage is that the programming voltage is only 12 V, compared with 17 V for EEPROMs.
There are several smart card microcontrollers with Flash EEPROM, which is primarily used in smart card microcontrollers as a replacement for mask-programmed ROM. Using a microcontroller with Flash EEPROM can reduce the development time of a smart card project by several months, since this eliminates the need to generate ROM masks.
Unfortunately, it is extremely difficult to make semiconductor devices having EEPROM and Flash EEPROM on the same chip. Consequently, in practice a microcontroller with Flash EEPROM usually does not contain any regular EEPROM. Instead, the EEPROM is replaced by a Flash EEPROM of around 8 kB, which has the smallest possible page size in order to minimize the impact on the smart card operating system. The page size of the Flash memory used to replace the ROM is generally significantly larger (e.g., 64–128 bytes), since the routines stored in this memory are written only rarely. When the chip is fabricated, a boot loader is
3.4 Smart Card Microcontrollers 79
Figure 3.57 An AT89SC168 smart card microcontroller with Flash EEPROM. The functional compo- nents at the top are (from left to right) the logic unit, RAM and CPU. The EEPROM charge pump and Flash EEPROM can be seen at the bottom (from left to right) (Source:Atmel)
stored in a small ROM to allow the smart card manufacturer to load program code and data into the Flash EEPROM.
Current Flash EEPROM cells have a guaranteed data retention period of at least 10 years, at least 100,000 write/erase cycles and typical page sizes of 8–128 bytes.
There are a few isolated smart card microcontrollers that have unusually large memories, frequently on the order of 1–2 MB. They are always fabricated using Flash memories with page sizes of up to 64 kB. This yields significant area savings with regard to the address and control lines, so memories of this size can be realized in chips having the maximum possible area of 25 mm2.
FRAM (ferroelectric random-access memory)
FRAM is a new development in semiconductor technology. Despite its name, FRAM is not volatile like RAM, but instead retains its content without a supply voltage. This type of memory exploits the properties of ferroelectric materials in order to store data. Its cell structure is similar to that of EEPROM, but with a ferroelectric material located between the control gate and the floating gate.
FRAM is potentially ideal for smart card memory, since it has very desirable properties as a data storage medium. Only 5 V is needed for programming, the programming time is around 100 ns and the maximum number of programming cycles is around one trillion. The integration density is similar to that of Flash EEPROM. However, FRAM has two disadvantages. The first is a limited number of read cycles, which makes a type of refresh cycle necessary. The second, which is more significant, is that producing FRAMs involves processing steps that
Figure 3.58 Cross-section of a FRAM cell in 0.35-µm technology. The light horizontal bands are aluminum metallization layers, and the dark vertical bars are interconnections (‘vias’) between the layers. The trapezopidal horizontal area at the lower right is the actual FRAM cell. The width of the cell is approximately 1.5 µm (Source:Fujitsu)
are difficult to master. Up to now, little effort has been made to use this technology in smart card microcontrollers. However, this could change in a few years, since FRAM technology possesses all the features needed to allow it to completely supplant EEPROMs, which are presently used almost exclusively.
RAM (random-access memory)
In smart cards, RAM is the memory used to hold data that are stored or altered during a session. The number of accesses is unlimited. RAM needs a power supply in order to operate. If power is switched off or fails temporarily, the content of the RAM is undefined.
A RAM cell consists of several transistors, connected such that they work as a bistable multivibrator. The state of this multivibrator represents the stored value of one bit in the RAM. The RAM used in smart cards is static (SRAM), which means that its contents do not have to be periodically refreshed. It is thus not dependent on an external clock, in contrast to dynamic RAM (DRAM). It is important for the RAM to be static, since it must be possible to stop the clock signal to a smart card. With dynamic RAM, this would cause the stored information to be lost.
3.4.3 Supplementary hardware
There are some requirements specific to smart cards that cannot be fully satisfied using software and thus must be satisfied by supplementary hardware, since they cannot be satisfied using the hardware of conventional microcontrollers. Consequently, the various manufacturers of smart card microcontrollers offer a wide range of supplementary functions in the form of on-chip hardware.
3.4 Smart Card Microcontrollers 81