Hopping Encoder. HCS320 Datasheet
KEELOQ® Code Hopping Encoder
• Programmable 28-bit serial number
• Programmable 64-bit encryption key
• Each transmission is unique
• 66-bit transmission code length
• 32-bit hopping code
• 34-bit fixed code (28-bit serial number,
4-bit function code, 2-bit status)
• Encryption keys are read protected
• 3.5V - 13.0V operation
• Shift key and three inputs
• 16 functions available
• Selectable baud rate
• Automatic code word completion
• Battery low signal transmitted to receiver
• Battery low indication on LED
• Non-volatile synchronization data
• Easy-to-use programming interface
• On-chip EEPROM
• On-chip oscillator and timing components
• Button inputs have internal pull-down resistors
• Current limiting on LED output
• Low external component cost
The HCS320 is ideal for Remote Keyless Entry (RKE)
applications. These applications include:
• Automotive RKE systems
• Automotive alarm systems
• Automotive immobilizers
• Gate and garage door openers
• Identity tokens
• Burglar alarm systems
The HCS320 from Microchip Technology Inc. is a code
hopping encoder designed for secure Remote Keyless
Entry (RKE) systems. The HCS320 utilizes the code
hopping technology which incorporates high security, a
small package outline, and low cost, to make this
device a perfect solution for unidirectional remote key-
less entry systems and access control systems.
HCS320 BLOCK DIAGRAM
32-bit shift register
Button input port
SHIFT S2 S1 S0
The HCS320 combines a 32-bit hopping code gener-
ated by a nonlinear encryption algorithm, with a 28-bit
serial number and six status bits to create a 66-bit
transmission stream. The length of the transmission
eliminates the threat of code scanning and the code
hopping mechanism makes each transmission unique,
thus rendering code capture and resend (code grab-
bing) schemes useless.
© 2001 Microchip Technology Inc.
The crypt key, serial number and configuration data are
stored in an EEPROM array which is not accessible via
any external connection. The EEPROM data is pro-
grammable but read-protected. The data can be veri-
fied only after an automatic erase and programming
operation. This protects against attempts to gain
access to keys or manipulate synchronization values.
The HCS320 provides an easy-to-use serial interface
for programming the necessary keys, system parame-
ters and configuration data.
1.0 SYSTEM OVERVIEW
The following is a list of key terms used throughout this
data sheet. For additional information on KEELOQ and
Code Hopping, refer to Technical Brief 3 (TB003).
• RKE - Remote Keyless Entry
• Button Status - Indicates what button input(s)
activated the transmission. Encompasses the 4
button status bits S3, S2, S1 and S0 (Figure 4-2).
• Code Hopping - A method by which a code,
viewed externally to the system, appears to
change unpredictably each time it is transmitted.
• Code word - A block of data that is repeatedly
transmitted upon button activation (Figure 4-1).
• Transmission - A data stream consisting of
repeating code words (Figure 8-2).
• Crypt key - A unique and secret 64-bit number
used to encrypt and decrypt data. In a symmetri-
cal block cipher such as the KEELOQ algorithm,
the encryption and decryption keys are equal and
will therefore be referred to generally as the crypt
• Encoder - A device that generates and encodes
• Encryption Algorithm - A recipe whereby data is
scrambled using a crypt key. The data can only be
interpreted by the respective decryption algorithm
using the same crypt key.
• Decoder - A device that decodes data received
from an encoder.
• Decryption algorithm - A recipe whereby data
scrambled by an encryption algorithm can be
unscrambled using the same crypt key.
• Learn – Learning involves the receiver calculating
the transmitter’s appropriate crypt key, decrypting
the received hopping code and storing the serial
number, synchronization counter value and crypt
key in EEPROM. The KEELOQ product family facil-
itates several learning strategies to be imple-
mented on the decoder. The following are
examples of what can be done.
- Simple Learning
The receiver uses a fixed crypt key, common
to all components of all systems by the same
manufacturer, to decrypt the received code
word’s encrypted portion.
- Normal Learning
The receiver uses information transmitted
during normal operation to derive the crypt
key and decrypt the received code word’s
- Secure Learn
The transmitter is activated through a special
button combination to transmit a stored 60-bit
seed value used to generate the transmitter’s
crypt key. The receiver uses this seed value
to derive the same crypt key and decrypt the
received code word’s encrypted portion.
• Manufacturer’s code – A unique and secret 64-
bit number used to generate unique encoder crypt
keys. Each encoder is programmed with a crypt
key that is a function of the manufacturer’s code.
Each decoder is programmed with the manufac-
turer code itself.
The HCS320 code hopping encoder is designed specif-
ically for keyless entry systems; primarily vehicles and
home garage door openers. The encoder portion of a
keyless entry system is integrated into a transmitter,
carried by the user and operated to gain access to a
vehicle or restricted area. The HCS320 is meant to be
a cost-effective yet secure solution to such systems,
requiring very few external components (Figure 2-1).
Most low-end keyless entry transmitters are given a
fixed identification code that is transmitted every time a
button is pushed. The number of unique identification
codes in a low-end system is usually a relatively small
number. These shortcomings provide an opportunity
for a sophisticated thief to create a device that ‘grabs’
a transmission and retransmits it later, or a device that
quickly ‘scans’ all possible identification codes until the
correct one is found.
The HCS320 on the other hand, employs the KEELOQ
code hopping technology coupled with a transmission
length of 66 bits to virtually eliminate the use of code
‘grabbing’ or code ‘scanning’. The high security level of
the HCS320 is based on the patented KEELOQ technol-
ogy. A block cipher based on a block length of 32 bits
and a key length of 64 bits is used. The algorithm
obscures the information in such a way that even if the
transmission information (before coding) differs by only
one bit from that of the previous transmission, the next
© 2001 Microchip Technology Inc.
coded transmission will be completely different. Statis-
tically, if only one bit in the 32-bit string of information
changes, greater than 50 percent of the coded trans-
mission bits will change.
As indicated in the block diagram on page one, the
HCS320 has a small EEPROM array which must be
loaded with several parameters before use; most often
programmed by the manufacturer at the time of produc-
tion. The most important of these are:
• A 28-bit serial number, typically unique for every
• A crypt key
• An initial 16-bit synchronization value
• A 16-bit configuration value
The crypt key generation typically inputs the transmitter
serial number and 64-bit manufacturer’s code into the
key generation algorithm (Figure 1-1). The manufac-
turer’s code is chosen by the system manufacturer and
must be carefully controlled as it is a pivotal part of the
overall system security.
CREATION AND STORAGE OF CRYPT KEY DURING PRODUCTION
The 16-bit synchronization counter is the basis behind
the transmitted code word changing for each transmis-
sion; it increments each time a button is pressed. Due
to the code hopping algorithm’s complexity, each incre-
ment of the synchronization value results in greater
than 50% of the bits changing in the transmitted code
Figure 1-2 shows how the key values in EEPROM are
used in the encoder. Once the encoder detects a button
press, it reads the button inputs and updates the syn-
chronization counter. The synchronization counter and
crypt key are input to the encryption algorithm and the
output is 32 bits of encrypted information. This data will
change with every button press, its value appearing
externally to ‘randomly hop around’, hence it is referred
to as the hopping portion of the code word. The 32-bit
hopping code is combined with the button information
and serial number to form the code word transmitted to
the receiver. The code word format is explained in
greater detail in Section 4.0.
A receiver may use any type of controller as a decoder,
but it is typically a microcontroller with compatible firm-
ware that allows the decoder to operate in conjunction
with an HCS320 based transmitter. Section 7.0
provides detail on integrating the HCS320 into a sys-
A transmitter must first be ‘learned’ by the receiver
before its use is allowed in the system. Learning
includes calculating the transmitter’s appropriate crypt
key, decrypting the received hopping code and storing
the serial number, synchronization counter value and
crypt key in EEPROM.
In normal operation, each received message of valid
format is evaluated. The serial number is used to deter-
mine if it is from a learned transmitter. If from a learned
transmitter, the message is decrypted and the synchro-
nization counter is verified. Finally, the button status is
checked to see what operation is requested. Figure 1-
3 shows the relationship between some of the values
stored by the receiver and the values received from the
© 2001 Microchip Technology Inc.