AN-7657: Using the MAX66250 Desktop Application, the Basics
Abstract
This application note walks through the basics of the MAX66250 NFC/RFID device in terms of its use with the associated desktop application. The functionality of the IC is exercised using the development mode of the software, which allows for the configuration of programs to enable the communication, memory, and protection features of the device. Furthermore, the results of these programs can be logged and interpreted in the operator mode of the software.
Introduction
In this application note, let us discuss the features of the MAX66250 secure authenticator IC and how to access these features using the associated desktop application: the MAX66301NFC Reader and Programmer (note: this application is different from the MAX66301 EV kit software). The device essentially acts as a near-field communication (NFC)/radio frequency identification (RFID) tag with additional cryptographic security features.
Device Features
The MAX66250 integrates advanced security features, data protection, and user programmable memory into one NFC/RFID IC to provide simple yet effective cryptographic protection for any application. Figure 1 shows the high-level interaction between the device's components.
The most integral part of the security of the MAX66250 is that the stored data is cryptographically protected, as read-protections and write-protections can be set on almost any data stored to the device.
Detailed descriptions of the security features are as follows:
- SHA3-256 secure hash algorithm for challenge/response peripheral authentication
- Keyed-hash message authentication codes (HMACs) for peripheral authentication
- Secure storage (256 bits of secure electrically erasable programmable read-only memory (EEPROM) for user data and secrets)
- 17-bit one-time set decrement-only counter with authenticated read
MAX66301NFC Reader and Programmer Application (Desktop)
This is an application for MS Windows that allows the user to send certain commands to the MAX66250 device to interface with the features of the device. Table 1 outlines the commands relevant to the desktop application.
Command | Description | Type |
Inventory | Invokes an ISO15693 Inventory Round | Global |
Reset To Ready | Enters ISO15693 Ready State | Global |
Get System Information | Reports ISO15693 System Information | General |
Write AFI | Writes to the Application Family Identifier Byte | General |
Lock AFI | Locks writing to the Application Family Identifier Byte | General |
Write DSFID | Writes to the Data Storage Format Byte | General |
Lock DSFID | Locks writing to the Data Storage Format Byte | General |
Write Memory | Writes to memory page | General |
Read Memory | Reads from memory page | General |
Read Status | Reads protections for all pages of memory | General |
Set Page Protection | Sets read, write, or APH protection of a memory page | General |
Compute and Read Page Authentication | Computes HMAC SHA3-256 authentication on a page | HMAC |
Compute S-Secret | Compute S-Secret from M-Secret using HMAC SHA3-256 | HMAC |
A simple graphical user interface is implemented to invoke commands, and create and run programs that generate combinations of these commands for different purposes. These purposes can include something as simple as reading the memory from the MAX66250, or something more complex such as writing to multiple memory pages with protections on the written data and locks on the AFI and data storage format identifier (DSFID). Thanks to the software, all the commands are employed under-the-hood, while the user simply selects the desired operations.
The next section details how to create, run, load, and save these programs.
Software Setup and Development Use
After starting the software, a window should appear that includes the Development option. This is the interface to program the MAX66250 by writing to its memory, setting memory protections, and reading its memory. To get started, walk through the following steps:
- Click Development.
- In the initial use of the software, there is a prompt to create a new password. Otherwise, enter the password (this password can also be changed, if desired).
Before inputting data to write to the MAX66250, it is important to understand the function of the commands on the right-hand side shown in Figure 2 (tagged with numbers and explained as following).
- Connects or disconnects to the MAX66250 through the specified COM port.
- Performs the inventory function. Returns the DSFID bits and unique ID.
- Reads inventory data, system information, system status, both pages of memory, and the Decrement Counter. Use this to read the memory of the MAX66250 and view its state.
- These commands run, save, and load the program. The program is defined as the inputs to the fields on the left of these commands. Running the program performs writes to the memory of the MAX66250
- Clears all the input fields. Note: This does not clear the data in the MAX66250 memory.
Figure 3 and the following section describes the function of each input field.
- Checking these Enable boxes causes the associated input fields to be written to the MAX66250.
- The User Page fields are filled with 16 bytes of data to be written to the MAX66250 when Run Program is invoked.
- This field contains the value of the Decrement Counter to set. Note: This can only be set once per MAX66250 device.
- This field contains the Master Secret used for HMAC authentication. For any HMAC functionality, enable this field.
- Page protections are set here. These page protections include read-protection, write-protection, read + write-protection, or APH protection.
- The Decrement Counter's protection is DC by default and cannot be changed. This means the page can be written to only once to set the counter, and then is write-protected from that point forward.
- Master secret protection is set here. By default, the secret is read-protected, but read + write protection can be set.
- This field allows for the setting and locking of the AFI and DSFID bits. Note: When these bits are locked, they cannot be changed.
- This window shows the log of communication between the software and the MAX66250. All reads, writes, page protections, system information, and statuses are shown here.
Note: When Read Tag is used, fields 2 to 8 are filled with the information from the MAX66250.
Operator Use
In addition to the Developer interface that allows for the creation and configuration of programs, there is an Operator mode to guide through loading test programs and equipment, setting up the test environment, running the test, and reviewing/logging the resulting data and communication. The following steps describe running a program and saving the result log file in the Operator mode.
Figure 4 shows the interface of the Operator mode. The first step to generating a result log file is to choose the test program (created in Developer mode) to simulate. Click Load to move to the second step.
Next, connect to the hardware and the MAX66250 chip. To do so, first click Connect in the Select Test Equipment section shown in Figure 5 to connect to the MAX66250 tag. Note that the data read from the MAX66250 appears under the Setup and above the Log sections. Click Continue to move to the third step.
Then, define some information concerning the testing environment in the Lot Setup section in Figure 6. Fill these fields as desired (these fields do not have any strict requirements) and then click Confirm Setup to move to the next step. Fill the Lot ID, Test Temperature, and Operator ID fields to move to the next step.
Figure 7 shows the Run Test Program tab, which is where the desired test is run. To do so, click Run Test and the log is generated like how it is populated in the Developer mode of the reader software. Furthermore, the test returns if it has passed or failed, as well as the specifics of each case detailed in the Bin table under the tab. Click End Test to advance to the final step.
The final tab shows the results of the test as illustrated in Figure 8. Here, the user can view the yield of the test, the result of the test (pass/fail), and the previously mentioned Bins. Clicking End Lot generates a log of the results of the test, which can be saved to the desired location. Once finished, click Unload Program to reset the operator tab back to Select Test Equipment to load and run a new program.
Basic Developer Use Framework
For a basic example of the application of the software, follow these steps:
- Place the NFC TAG containing the MAX66250 on the Antenna portion of the MAX6630X EV kit and connect the MAX6630X EV kit to the desktop.
- Open the desktop application, click Development, and enter the password.
- Click Connect, then Read Tag.
- Now that the tag is read and the Device UID field is filled, enable user page 0 and fill in any desired data. Also, enable and fill in the Master Secret field with random bytes.
- Click Clear Log and then Run Program to view the communication transmissions associated with page 0 and master key data exchange.
- Page 0 and master key data is now written to the MAX66250. Click Save Program and name the program.
- Click Reset to erase all data fields. Click Load Program to load the saved program or another program to run or input new data to run.
Note: Generally, it is best to use Read Tag to view the state of the MAX66250 and its protections before writing new data to it.
Summary
This application note details the basic operation and use of the MAX66301 Reader and Programmer Desktop application. It explains the use of the commands and the purpose of the input fields in the software's development and operator modes.
Trademarks
Windows is a registered service mark and registered trademark of Microsoft Corporation.