2 of 37
The DS1963S Monetary iButton with SHA-1 Function is a rugged 4 kbit read/write data carrier that can
be easily accessed with minimal hardware. Its NV memory acts as a localized database for public as well
as protected data belonging to the owner of the device and the environment in which it is used. An
integrated 512-bit SHA-1 engine can be activated to compute 160-bit message authentication codes
(MAC) based on information stored in the device. Data is transferred serially via the 1-Wire protocol,
which requires only a single data lead and a ground return. Using the TMEX file format (see Application
Note 114) a single DS1963S can serve up to four independent applications, such as secure change purses
for electronic payment at local transit systems, pay phones, parking systems or vending machines. The
DS1963S is also intended to function as a coprocessor that assists the host in computing signatures, using
a secure signing secret, when writing back the new balance to a roaming device after a purchase.
The DS1963S, like other SRAM-based iButtons, has an additional memory area called the scratchpad that
acts as a buffer when writing to the main memory. The DS1963’s scratchpad is also used for feeding data
segments to the SHA-1 engine or receiving/comparing message authentication codes.
Data is first written to the scratchpad from where it can be read back. After the data has been verified, a
copy scratchpad command will transfer the data to main memory. This process ensures data integrity in
an environment that does not provide a reliable electric contact.
Each DS1963S has its own 64-bit ROM registration number that is factory lasered into the chip inside to
provide a guaranteed unique identity for absolute traceability. The durable MicroCan package is highly
resistant to environmental hazards such as dirt, moisture, and shock. Its compact coin-shaped profile is
self-aligning with mating receptacles, allowing the DS1963S to be easily used by human operators.
Accessories permit the DS1963S to be mounted on almost any surface including plastic key fobs, photo-
ID badges and printed circuit boards.
A system that uses mobile data carriers consists mainly of three components, 1) host computers that read
and write data carriers, 2) the data carriers (“slave devices”) themselves, and 3) the users of the system
who might be tempted to manipulate the data or to emulate the behavior of the data carrier. The DS1963S
is designed to address all these areas of attacks without using any proprietary restricted algorithms. The
security of the device is based on the Secure Hash Standard SHA-1, which is documented on the Internet
at locations such as http://www.itl.nist.gov/div897/pubs/fip180-1.htm.
The table below shows a matrix of possible non-violent attacks in form of a truth table. The notes
referenced in the table explain the typical methods to defeat the attacks. A more detailed description is
found in the section “Application Overview” near the end of this document. For the full description of the
functions used see section “Memory and SHA Function Commands” and the SHA-1 Computation and
message formats.
Authentic data
Manipulated data
Authorized See note 2
See notes 2 and 3
Emulated slave
Host Normal operation
See note 3
Unauthorized See note 1
Don’t care
Host Don’t care
Don’t care
Emulated slave