M1 Family
ML112K5E, ML112K5F, MC118K60, MC136K61, MC18K62, ML180K63, ML180K67, MC136K68, MC136K73, MC18KR2, MC118KR2, MC136KR2, MC136KR2 Dragon, ML120KR2, ML136KR2, ML18KR2, ML112KR2 on
Infineon SLE66 platform
Application Related Characteristics  Primitive Support  Implementation Specific Characteristics  Codelets Available
External Characteristics
Data Item 
Value 
Comments 

External Specification 

MULTOS Version 
4.2.1 


Silicon Provider / manufacturer_id 
Infineon / 0x05 


Implementer / implementer_id 
Multos International / 0x02 


Mask / ic_type(s) 
ML112K5E  0x5E, ML112K5F  0x5F, MC118K60  0x60, MC136K61  0x61, MC18K62  0x62, ML180K63  0x63, ML180K67  0x67, MC136K68  0x68, MC18KR2  0x6A, MC118KR2  0x6B, MC136KR2  0x6C, MC136KR2 Dragon  0x6F, ML120KR2  0x69, ML136KR2  0x6D, ML18KR2  0x71, ML112KR2  0x72, MC136K73  0x73



Technical Data for Contact based interface 

Power / External Clock 
1.62V to 5.5V / 1 to 7.5 MHz 
Applies to all masks 

Transport Protocol 
T = 0, T = 1, 
Applies to all masks 

FI/DI 
0x01, 0x02, 0x03, 0x08, 0x11, 0x12, 0x13, 0x18, 0x32, 0x33, 0x34, 0x38, 0x92, 0x93, 0x94, 0x95, 0x96, ,0x97, 0xA3, 0xA4, 0xA5, 0xA6, 0xA7 
Applies to all masks 

Dual ATR 
Supported 
For all masks Preenablement ATR: 3BFF9600FFC00A31FE4D8031E06B04210502xx555555555555yy
For ML112K5E xx = 5E, yy = 98 For ML136K5F xx = 5F, yy = 99 For MC118K60 xx = 60, yy = 9A For MC136K61 xx = 61, yy = 9B For MC18K62 xx = 62, yy = 9C For ML180K63 xx = 63, yy = 9D
For ML180K67 xx = 67, yy = A1 For MC136K73 xx = 73, yy = B5 For MC18KR2, xx = 6A, yy = AC For MC118KR2, xx = 6B, yy = AD For MC136KR2, xx = 6C, yy = AA For MC136KR2 Dragon, xx = 6F, yy = A9 For ML120KR2, xx = 69, yy = AF For ML136KR2, xx = 6D, yy = AB
For ML18KR2, xx = 71, yy = B7


PPS 
Supported, max speed 447kbps @ 3.58MHz 
Applies to all masks 

ATR Character Convention Direct LSB (3B) 
Supported 
Applies to all masks 

ATR Character Convention Indirect MSB (3F) 
Supported 
Applies to all masks 

Technical Data for Contactless based interface 

Transport Protocol 
Type A, Type B, Mifare 
Applies to all masks 

Preenablement contactless protocol 
106kB, Type A, CID supported, Mifare enabled 
Preenablement ATS: 3B 8F 80 01 80 31 E0 6B 84 21 05 02 xx 55 55 55 55 55 55 yy
For ML112K5E xx = 5E, yy = C8 For ML136K5F xx = 5F, yy = C9 For ML180K63 xx = 63, yy = F5 For ML180K67 xx = 67, yy = F9 For ML120KR2, xx = 69, yy = FF For ML136KR2, xx = 6D, yy = FB
For ML18KR2, xx = 71, yy = E7


Postenablement contactless protocol 
106kB, Type A, CID supported, Mifare enabled

Postenablement ATS: 3B 8F 80 01 80 31 E0 6B 84 21 05 02 xx 55 55 55 55 55 55 yy For ML112K5E xx = 5E, yy = C8 For ML136K5F xx = 5F, yy = C9 For ML180K63 xx = 63, yy = F5 For ML180K67 xx = 67, yy = F9 For ML120KR2, xx = 69, yy = FF For ML136KR2, xx = 6D, yy = FB
For ML18KR2, xx = 71, yy = E7 NOTE: other IO TCL configuration parameters supported via ‘X’ parameter upper most 3 bits are – X = 000: type A 106kb/s X = 001: type B 106kb/s X = 010: type B 106/212/424/848 kb/s X = 011: type A 106/212/424/848 kb/s X = 100: type B106/212/424 kb/s X = 101: type A 106/212/424 kb/s X = 110: type A 106kb/s 38.5ms X = 111: type B 106kb/s 38.5ms


Memory Area Sizes 

ROM 
152K 236K 150K 196K 96K
236K 196K 96K 150K 196K 196K 196K
240K 
ML112K5E ML136K5F MC118K60 MC136K61 MC18K62 ML180K63
ML180K67 MC136K73 MC18KR2 MC118KR2 MC136KR2 MC136KR2 Dragon ML120KR2 ML136KR2
ML18KR2 

RAM Public 
530 bytes 
Applies to all masks 

RAM Dynamic 
960bytes 
Applies to all masks 

EEPROM Total 
Variable 
12k on ML112K5E, 36k on ML136K5F,18k on MC118K60, 36k on MC136K61, 8k on MC18K62, 78K on ML180K63, 78k on ML180K67, 36k on MC136K68, 36k on MC136K73, 8k on MC18KR2, 18k on MC118KR2,36k on MC136KR2, 36k on MC136KR2 Dragon, 20k on ML120KR2, 36K on ML136KR2, 8k on ML18KR2, and 12k on ML112KR2


EEPROM available for applications 
variable 
The maximum single application’s code + dir rec + fci rec size (including application overhead) is 31.5K and maximum single application’s static size is 64K
In addition to the above restrictions, any application with the total application size larger than 7F00h must use "memory copy/fill additional static" primitives to access the additional static data located above 7EFFh. ST[0] for such application only indicates the last static byte located in the normal Static area. It does not indicate the end of Static area, “Get Static Size” primitive must be used to work out the end of Static area.
For each product, the total EEPROM available for all applications is as follows:
4.66k on MC18KR2 with AMD 0114v001,
14.4k on ML120KR2 with AMD 0114v002,
14.22k on ML120KR2 with AMD 0130v001,
10.4k on ML120KR2 with AMD 0114v002, 
Application Related Characteristics
Data Item 
Value 
Comments 
Application EEPROM Loading Requirements 

Application Header 
229 bytes 
Applies to all masks 
Total temporary space per protected ALU 
128 bytes 
This represents the maximum size. Applies to all masks 
Total temporary space per confidential ALU 
256 bytes 
This represents the maximum size. Applies to all masks 
MULTOS Application Function 

Static logical page size with Transaction Protection on 
32 bytes 
Applies to all masks 
Maximum write size in logical pages with Transaction Protection on 
at least 9 pages 
Limited by available EEPROM. Applies to all masks 
Physical Static page size (of underlying chip)  64 bytes  The start of Static (SB) is aligned to a physical page for all masks. 
Maximum ATR File record size 
32 bytes 
Applies to all masks 
Maximum ATR Historical Byte record size 
15 bytes 
Applies to all masks 
Maximum DIR File record size 
255 bytes 
Applies to all masks 
Maximum FCI record size 
255 bytes 
Applies to all masks 
Maximum inbound TPDU size 
260 bytes 
Applies to all masks 
Maximum outbound TPDU size 
261 bytes 
Applies to all masks 
Maximum delegation nest count 
Limited by available EEPROM 
Applies to all masks 
Maximum application history list entries 
Limited by available EEPROM 
Applies to all masks 
Retry Counters 

Set MSM Controls 
32 
Test cards set to 255. Applies to all masks 
Create MEL Application 
32 
Test cards set to 255. Applies to all masks 
Delete MEL Application 
32 
Test cards set to 255. Applies to all masks 
Key Lengths 

KCK Public Key length 
128 bytes 
Applies to all masks 
Permitted Application Provider Public Key lengths 
32 to 128 bytes 
KMA accepts APPK lengths between 72 and 128 bytes inclusive. Applies to all masks 
MULTOS TKCK length 
128 bytes 
Maximum size. Applies to all masks. 
Primitive Support
The primitives listed here are those that were included in the target specification. The list applies to all masks unless otherwise noted.
Primitive 
Supported 
Optional / Mandatory 

Add BCDN 
Yes – on ML112K5E, MC136K61, ML136K5F and ML180K63, ML180K67, MC136K68, MC136K73, MC136KR2, MC136KR2 Dragon, ML120KR2, ML136KR2, ML18KR2, ML112KR2 
Optional 
Bit Manipulate Byte 
Yes 

Bit Manipulate Word 
Yes 

Call Codelet 
Yes 

Call Extension 0, 1, 2, 3, 4, 5, 6 
Yes 

Card Block 
Yes 

Check Case 
Yes 

Checksum 
Yes 

Configure Read Binary 
Yes – on ML136K5F, ML180K63, ML180K67, MC136K68, MC136K73, ML136KR2 
Optional 
Configure Security Checks 
Yes – on ML112K5E, ML136K5F, ML180K63, ML180K67, MC136K73, MC136K68, MC136KR2, MC136KR2 Dragon, ML120KR2, ML136KR2, ML18KR2, ML112KR2 
Optional 
Control Auto Reset WWT 
Yes 

Convert BCDN 
Yes – on ML112K5E, MC136K61, ML136K5F, ML180K63, ML180K67, MC136K68, MC136K73, MC136KR2, MC136KR2 Dragon, ML120KR2, ML136KR2, ML18KR2, ML112KR2 
Optional 
Delegate 
Yes 

DES ECB Decipher 
Yes 

DES ECB Encipher 
Yes 

DivideN 
Yes 

ECC Addition 
No 
Optional 
ECC Convert Representation 
No 
Optional 
ECC Equality Test 
No 
Optional 
ECC Inverse 
No 
Optional 
ECC Scalar Multiplication 
No 
Optional 
ECC Verify Point 
No 
Optional 
Exchange Data 
Yes – on ML112K5E, ML136K5F, ML180K63, ML180K67, ML120KR2, ML136KR2, ML18KR2, and ML112KR2 
Optional 
Exit to MULTOS and Restart 
Yes  on MC136K61, ML136K5F, ML180K63, ML180K67, MC136K68, MC136K73, MC136KR2, MC136KR2 Dragon and ML136KR2 
Optional 
Generate Asymmetric Hash General 
Yes 

Generate Asymmetric Signature General 
No 
Optional 
Generate DES CBC Signature 
Yes 

Generate Random Prime 
Yes  on MC136K61, ML136K5F, ML180K63, ML180K67, MC136K68, MC136K73, MC136KR2, MC136KR2 Dragon and ML136KR2 
Optional 
Generate Triple DES CBC Signature 
Yes 

Get Data 
Yes 

Get Delegator AID 
Yes 

Get DIR File Record 
Yes 

Get File Control Information 
Yes 

Get Manufacturer Data 
Yes 

Get Memory Reliability 
Yes 

Get MULTOS Data 
Yes 

Get Purse Type 
Yes 

Get Random Number 
Yes 

Get Static Size 
Yes  on MC136K61, ML136K5F, ML180K63, ML180K67, MC136K68, MC136K73, MC136KR2, MC136KR2 Dragon and ML136KR2 
Optional 
Load CCR 
Yes 

Lookup 
Yes 

Memory Compare 
Yes 

Memory Compare Fixed Length 
Yes 

Memory Copy 
Yes 

Memory Copy Additional Static 
Yes  on MC136K61, ML136K5F, ML180K63, ML180K67, MC136K68, MC136K73, MC136KR2, MC136KR2 Dragon and ML136KR2 
Optional 
Memory Copy Fill Additional Static 
Yes  on MC136K61, ML136K5F, ML180K63, ML180K67, MC136K68, MC136K73, MC136KR2, MC136KR2 Dragon and ML136KR2 
Optional 
Memory Copy Fixed Length 
Yes 

Modular Exponentiation 
Yes 

Modular Exponentiation CRT 
Yes 

Modular Exponentiation CRT Protected 
Yes 
Optional 
Modular Inverse 
No 
Optional 
Modular Multiplication 
Yes  on MC136K61, ML136K5F, ML180K63, ML180K67, MC136K68, MC136K73, MC136KR2, MC136KR2 Dragon and ML136KR2 
Optional 
Modular Reduction 
Yes  on MC136K61, ML136K5F, ML180K63, ML180K67, MC136K68, MC136K73, MC136KR2, MC136KR2 Dragon and ML136KR2 
Optional 
MultiplyN 
Yes 

Process Proprietary Extension Primitives (06) 
Yes – on ML112K5E, ML136K5F, MC136K61, ML180K63, ML180K67, MC136K68, MC136K73, MC136KR2, MC136KR2 Dragon, ML120KR2, ML136KR2, ML18KR2, ML112K R2 
Extension used is 2 
Platform Optimized Checksum 
Yes – on ML112K5E, MC136K61, ML136K5F, ML180K63, ML180K67, MC136K68, MC136K73, MC136KR2, MC136KR2 Dragon, ML120KR2, ML136KR2, ML18KR2, ML112KR2 
Optional 
Query Channel 
Yes 
Optional 
Query Codelet 
Yes 

Query Interface Type 
Yes 

Query0, Query1, Query2, Query3 
Yes 

Reset Session Data 
Yes 

Reset WWT 
Yes 

Return from Codelet 
Yes 

SEED ECB Decipher 
Yes  on MC136K61, ML136K5F, ML180K63, ML180K67, MC136K68, MC136K73, MC136KR2, MC136KR2 Dragon and ML136KR2 

SEED ECB Encipher 
Yes  on MC136K61, ML136K5F, ML180K63, ML180K67, MC136K68, MC136K73, MC136KR2, MC136KR2 Dragon and ML136KR2 

Set AFI 
Yes 
Optional 
Set ATR File Record 
Yes 

Set ATR Historical Characters 
Yes 

Set ATS Historical Characters 
Yes 
Optional 
Set FCI Record 
Yes 

Set Select SW 
Yes 

Set Transaction Protection 
Yes 

SHA1 
Yes 

Shift Left 
Yes 

Shift Right 
Yes 

Store CCR 
Yes 

Subtract BCDN 
Yes – on ML112K5E, MC136K61, ML136K5F, ML180K63, ML180K67, MC136K68, MC136K73, MC136KR2, MC136KR2 Dragon, ML120KR2, ML136KR2, ML18KR2, ML112KR2 
Optional 
Verify Asymmetric And Retrieve General 
No 
Optional 
Implementation Specific Characteristics
Zero Block Size
The following instructions and primitives have the block size specified in the code (as opposed to being runtime data). The following table shows how each will perform if a zero block size is specified.
Type 
Instruction / Primitive 
Operation 

Instruction 
LOAD, STORE, LOADI, STOREI 
no operation 
CLEARN 
no operation 

TESTN, INCN, DECN, NOTN 
Z = 1 

CMPN, ADDN, SUBN 
C = 0, Z = 1 

ANDN, ORN, XORN 
Z = 1 

Primitive 
MultiplyN 
Z = 1 
DivideN 
C = 1, Z = unchanged 

ShiftLeft, ShiftRight 
C = 0, Z = 1 

GetDIRFileRecord 
One byte set to zero pushed onto stack, If the application specified does not exist, C = 1, Z = 1 If the application specified exists, C = 0, Z = 0 

GetManufacturerData 
One byte set to zero pushed onto stack, C = 0 Undefined: implementation specific handling Undefined: implementation specific handling 

MemoryCompareFixedLength 
DT’ = DT  4, C = 0, Z = 1 

MemoryCopyFixedLength 
DT’ = DT – 4 


AddBCDN / SubBCDN 
Max operand length = 6bytes 
Maximum Number of Pages Permitted in a Single Write
The maximum number of pages is at least nine when transaction protection is used. It is possible to write more than nine pages if there is free EEPROM. Note that if an attempt is made to write more than 9 pages and if there is insufficient free EEPROM, then an abnormal end to processing to will occur.
Condition Code Register
This implementation does support signed arithmetic. The N and V flags are present in the CCR, and they may be changed by some instructions. However, signed arithmetic is not guaranteed and should be avoided. They may be used by an application using the Load CCR and Store CCR primitives, but this may affect the portability of the application.
Supported Modulus Lengths of Cryptographic Primitives
All values given are in bytes.
Primitive 
Lengths supported 
Modular Exponentiation, public exponent not 3 
Greater than 0, but less then or equal to 256 bytes 
Modular Exponentiation, public exponent of 3 
Greater than 0, but less then or equal to 256 bytes 
Modular Exponentiation CRT 
Between 2 and 256 bytes inclusive 


Modular Multiplication 
Greater than 0, but less then or equal to 256 bytes 
Modular Reduction 
Greater than 0, but less then or equal to 256 bytes 
Generate Random Prime 
Prime must be > 5 bytes and less than or equal to 128 bytes 
RSA key pair Generation 
Modulus size must be less than or equal to 256 bytes 
Confidential Application
A confidential application > 64k which requires area at an offset beyond 64K into the ALU needs to be encrypted then the area must start at an offset < 64K and area length can be increased to cover the required areas. This restriction is due the area start item in the KTU area descriptors is specified to be a word value by the MULTOS specification.
Important Remarks
This section contains important remarks about the Primitives and IFD commands of this implementation. Applies to all masks.
Functionality 
Operation 

Automated sending of Work Wait Time extension 
The chip returns WWT extension request bytes when 80% of the WWT has expired when operating in contact mode. In contactless mode, the WWT extension will be sent between 2 and 10 ms before the expiry. 
Bit Manipulate Byte Bit Manipulate Word 
Bits 6 to 2 of b2 are ignored. That is, the primitives return the expected result regardless of the value of bits 6 to 2 of b2. 
Checksum 
If the checksummed area includes the parameters (the top four bytes of Dynamic), the checksum will be correctly calculated. 
Default Application 
This version 4.21 functionality is supported 
DivideN 
The length of each operand must not be greater than 128 bytes 
Exchange Data 
This primitive only support Mifare channel (channel number of 1). Access to channels other than 1 will cause abend.
Return Mifare status code : 00_{H}  Operation completed without errors 01_{H}  invalid operation 02_{H}  invalid block number 43_{H}  Password check failed 60_{H}  Programming error 63_{H}  Wrong Block Index D0_{H}  Mifare Disabled FF_{H}  access prohibited (The accessed Mifare sector is disabled)

Generate Asymmetric Hash General 
If b2 (mode) takes an unsupported value, this primitive performs no operation. In particular, no bytes are popped from the stack.
This primitive supports a hash modulus length of 72 bytes in conjunction with a 16byte hash digest or a 128bytet modulus with a hash chain length of 20 bytes. 
Generate Random Prime 
To avoid abend:
Note: Conf = 80 ensures probability of prime being composite is <= 2^{80} If suitable prime is not found function does not return (abend) 
Get Manufacturer Data Get MULTOS Data Get Purse Type 
If the destination is stack top, the last byte of retrieved data will be overwritten by the length of data retrieved. That is, the number of bytes copied is always returned on the stack regardless of the destination segment address.

Get Memory Reliability 
MULTOS 4 always indicates memory is reliable: C = 0, Z = 0. 
Lookup 
If the target value appears more than once in the list, the location of the first is reported. The list need not be sorted. If the target value is not found, it is left unchanged on the stack. 
Modular Exponentiation 
The least significant bit of the modulus must be 1. The exponent length and value must be greater than 0. The modulus length must be greater than 0 and less than or equal to 256 bytes. The modulus must not contain any full byte zeros at the most significant end. Modulus Length must be >= Exponent Length If Modulus Length is > 128 bytes then Exponent Length must not be > 4 bytes If any of the conditions above are not met, an abnormal end will occur.

Modular Exponentiation CRT 
The modulus length must be greater than 0, but not greater than 256 bytes. The length must also be an even number. The length of each item must be modulus length divided by 2. The most significant byte of primes p and q must not be 0. The least significant bits of the primes p and q must be 1. X (in calculation Y=X^{d}modN) must not be equal to 0. If any of these conditions are not met, an abnormal end to processing will occur. X (in calculation Y=X^{d}modN) must not be equal to 1. If the above condition is not met, undefined results will occur. 
Modular Multiplication 
The modulus length must be greater than 0 and less than or equal to 256 bytes. Note this length does not include any leading zero bytes. 
Modular Reduction 
The modulus length must be greater than 0 and less than or equal to 256 bytes. The data length must be equal to or greater than the modulus length. The modulus must not have any leading zero bytes. If any of these conditions are not met, an abnormal end will occur. 
MultiplyN 
The length of each operand must not be greater than 128 bytes 
Proprietary Primitive Extension 
There are five such primitives. They are:
Note:

RSA Key Pair Generation (proprietary) 
Two optional key generation algorithms are supported
To avoid abend:
In both versions modulus N generated has msbit = 1. 
Set Transaction Protection 
Bits 7 to 2 of b2 are ignored. That is, the primitive returns the expected result regardless of the value of bits 7 to 2 of b2. Infineon chips copy the source data to a temporary store and any updates are made to the source data. In the case of a rollback, the copy of the original source data is written to the source. 
Shift Left and Shift Right 

Responses to unsupported commands 
When a command with an unsupported CLA or INS byte is received, the following responses will be returned: 
Functionallity included from MULTOS v4.3


Checksum primitive 
When running in TCL ResetWWT primitive must be called before calling Checksum primitive. If the checksum is to be done over large blocks, then the block must be broken into blocks of maximum length 0x7500, with each call preceded by a call to ResetWWT. 
Codelets Available
Click here for a table of codelets available.