Tip / Sign in to post questions, reply, level up, and achieve exciting badges. Know more

cross mob

OPTIGA™ Trust M protocol stack

OPTIGA™ Trust M protocol stack

First comment on blog 250 sign-ins 25 likes received

Data transfer over the network, from one device to another, takes place through multiple layers of the protocol stack. The Open Systems Interconnection (OSI) model standardized by ISO has seven layers in the protocol stack, working in collaboration to transfer data from one point to another. Data travels from application layer to physical layer on the sender side and vice versa on the receiver side.

Layers of OSI model

  1. Application layer: This layer is the top most layer in the OSI model which interacts directly with users. This includes software applications like web browser, mail box, and media applications to support various distributed information services like email and file transfer. Whenever these applications are started, they collect data from the user and send to the lower layers of the stack.
  2. Presentation layer: This layer receives data from the application layer and modifies according to the requested services. This layer helps in Translation, Encryption/Decryption and Compression/Decompression of data. This is called syntax layer as it deals with the data syntax.
  3. Session layer: This layer is responsible for creating, managing, and terminating a session or connection. It is also responsible for flow control and token management, which prevents both parties from performing the same critical operation simultaneously.
  4. Transport layer: This layer provides services such as connection-oriented communication, flow control, and congestion control to ensure reliable transfer of data packets. It also performs packet segmentation and reassembly, when the size of data packet is large. The common transport layer protocols are Transmission Control Protocol (TCP) for connection-oriented service and User Datagram Protocol (UDP) for connection-less service.
  5. Network layer: This layer is responsible for packet routing when the sender and receiver are located on different networks. It routes the packets to the destination network with the help of routing tables. Other functions include fragmentation, congestion controls, and error handling. Common network layer protocols are Internet Protocol version 4 (IPv4) and Internet Protocol version 6 (IPv6).
  6. Data link layer: This layer is responsible for the node-to-node delivery of the message. When a packet arrives in a network, this layer transmits it to the appropriate host using its MAC address.

The data link layer is further divided into two sublayers:

  • Logical link control (LLC): This sublayer is responsible for flow control and error control to ensure that data transmission is error-free and accurate between the network nodes.
  • Media access control (MAC): This sublayer is responsible for managing access permissions to transmit data between the network nodes.
  1. Physical layer: This layer is responsible for the transmission and reception of raw data bits to or from a physical channel by converting the digital bits into electrical, radio, or optical signals and vice versa. Bit rate control, bit synchronization, physical topology, and transmission mode are defined in this layer.

In case of OPTIGA™ Trust M, the OSI layers used in the protocol stack are application, presentation (optional), transport, network, data link, and physical layers. The data flow from application layer to physical layer is shown in Figure 1.


Figure 1   OPTIGA™ protocol stack

API calls are used to establish the communication and data flow between these layers as shown in Figure 2. See Host library documentation.


Figure 2     APIs used through different layers

On the host MCU, when an application is started, an I2C communication starts between the host and OPTIGA™. This initializes all other layers serially. For example, if the application requires reading data from OPTIGA™, the command to read data flows from presentation layer to physical layer on the host side. Once the physical layer of OPTIGA™ receives the command, buffer is loaded with appropriate data and the upper layer is notified by a callback function. Similarly, all other layers notify their upper layers through an associated callback function.

  • The presentation layer is involved only when shielded communication is required and performs the encryption/decryption of data on the sender or the receiver side.

Layers of OPTIGA™ stack with respect to I2C communication:

  1. The application layer is defined by each application and consists of the Application Protocol Data Unit (APDU). The command and response APDU fields are shown in Figure 3 and Figure 4 respectively.

Figure  3  Command APDU


Figure  4   Response APDU

  1. The presentation layer is optional and is present when a master or slave network channel requires confidentiality or integrity services. The presence or absence of this layer is indicated by the bit 3 of pocket control (PCTR) byte as shown in Figure 5.

Figure  5   Definition of PCTR in presentation layer

The security control (SCTR) byte controls the security services of the presentation layer. This helps in establishing a secure channel (Handshake), protected and transparent communication for the application layer, managing the session context and sending alert messages. Bits 0-1 of SCTR define the type of protection, bits 2-4 define the type of message that is sent and bits 5-7 define the protocol that is used (see Figure 6).





Figure  6    Definition of SCTR

  1. The transport layer handles error and packet chaining. To simplify, chaining a bit-field (i.e., bits 0-2) in the PCTR is used to mark the first, intermediate, and the last packet of a multipacket APDU. The different chaining conditions are shown in Figure 7.

Figure  7  Definition of PCTR in transport layer

  1. Data link layer performs error handling and sequential transmission of data packets. The data packets of a maximum size are received from the sender framed and transmitted sequentially. This will also acknowledge frames sent back by the receiver. Checksum is added to detect the destroyed or incomplete frames.

A frame starts with the frame type including the frame number (FCTR) followed by the packet length (LEN) and the packet data. After the packet data, a 2-byte checksum (FCS) is added to the end.


Figure   8 Data frame structure


Figure 9   Definition of FCTR

  1. The IFX physical layer is used to establish several sub addresses under a single I2C base address and the I2C slave uses different address locations for status, control, and data communication registers. The data is sent over the channel based on the I2C state. I2C state register is shown in Figure 10.

Figure  10     Definition of I2C state

For more details on each layer and protocol stack, see the IFX I2C Protocol and OPTIGAä Trust M solution reference manual.