Connect One CO2128互联网加密控制方案

Connect One公司的iChip CO2128SEC 是一款功能强大、低成本的加密以太网控制器。C02128SEC 可以作为协处理器工作，分担主处理器的加密和 IP 连接功能, 具有完整的因特网协议栈和3DES, SHA-1/256, AES-128/192/256, SSL3/TLSI 加密能力, 硬件 UDP 加速, 10/100BaseT 以太网 MAC和丰富接口。对于通讯加密、10/100BaseT 局域或 802.11b/g 无线 LAN IP 网络接入以及高速数据吞吐，CO2128SEC 一个理想的选择。本文介绍了CO2064/CO2128/CO2144的主要特性,方框图以及典型主机和互联网环境, II-EVB-600W主板电路图,材料清单和II-DB-W2SW1 子板材料清单.

iChip CO2064/CO2128/CO2144

iChip CO2128SEC 加密联网控制器芯片

iChip CO2128SEC 是一款功能强大、低成本的加密以太网控制器。C02128SEC 可以作为协处理器 工作，分担主处理器的加密和 IP 连接功能。对于通讯加密、10/100BaseT 局域或 802.11b/g 无线LAN IP 网络接入以及高速数据吞吐，CO2128SEC 一个理想的选择。通常情况，使用CO2128SEC，一名硬件工程师在1 月内就可以增加IP 连接到原有应用中。CO2128SEC固件支持10个同时主动的TCP/UDP Socket 连接、两个侦听Socket 和一个加密 SSL3/TLS1 Socket。CO2128SEC 加密特性包括一个硬件随机数字产生器， SHA-1/256 加密Hash 加速器，AES-128/192/256 加密加速器，3DES,和SSL3/TLSI、WEP、WPA 和 WPA2 WiFi 加密。CO2128SEC 配置了在LAN/WiFi 和 PSTN/GRPS/CDMA 间路由IP 包。在这种称为 iRouter 的模式下，多个iChip 在没有 AP 的情况下能组成一个ad-hoc 网络。CO2128SEC 可以在主处理器的内存中保存Internet 协议栈和配置参数。固件能从CO2128SEC 外部 SPI Flash 运行。可以通过RS-232、两线制接口、SPI 或 USB 来装载固件。固件也可以远程通过Socket、FTP 或 HTTP 来升级。CO2128SEC 芯片内部包括一个32 位 ARM7TDMI RISC 处理器内核、256KB 的 SRAM 和访问外 部存储器或通讯设备的 BUS。集成 BootLoader 能通过接口从主处理装载固件。CO2128SEC 外围设备包括带RMII 的10/100 BaseT 以太网 MAC、一个USART、两个SPI、两线 制接口、HPI 和 EBI 高速并行接口。

CO2128SEC 有多种节能工作模式，能关闭不使用的功能块。它的封装是 RoHS 兼容的 128-pin 的 LQFP，含一个内部 1.2V LDO 电源并能工作在工业级温度范围。

主要特征：

具有完整的因特网协议栈

具有3DES, SHA-1/256, AES-128/192/256, SSL3/TLSI 加密能力

硬件UDP 加速

丰富接口

10/100BaseT 以太网MAC

因特网协议：

TCP/IP 协议：IP、UDP、TCP、PING、DNS、NTP、SMTP、POP3、MIME、FTP、HTTP、Telnet

加密协议：SSL3/TLS1、FTPS、HTTPS、AES-128/256、SHA-128/192/256、2DES、WEP、WPA、WPA2

Modem 协议：PPP、LCP、IPCP、PAP、CHAP 或脚本权限

LAN 协议：ARP, ICMP, 和 DHCP

包含支持两个网址的Web服务器（32KB）

包含一个WAP服务器，它借助浏览器进行设备管理

应用程序接口：

AT+i 协议省去了对网络编程的工作要求，并最大程度地减少了对主处理器应用的修改。在 SerialNET 模式，串口-IP 网桥则让用户不必对主处理器应用做修改。iChip 截取 AT+i 命令并让主设 备进入 Internet 模式。从 iChip 将透明发送主设备来的任何 AT 命令到通讯设备。

硬件描述：

封装：128-pin LQFP

大小：14x 20 x 1.4 mm, 0.5 mm 间距

处理器内核：32-bit RISC ARM7TDMI, 0.13 微米, low-leakage

I/O 工作电压：3.3V +/- 10%

核工作电压：1.2v +/- 10%

工作频率：最高 48MHz

工作湿度：最大90%（非结露）

工作温度：-40°to 85℃

功耗（带外部 VDD，内核工作 1.2V）:200mW (典型的),

休眠模式电流：<50uA

接口：2 个USART、两线制串口、两个 SPIs 、HPI 、EBI 、RMII

RoHs-compliant

iChip CO2064, CO2128 and CO2144 are full-featured programmable IP Communication Controller chips that act as coprocessors to offload security and IP connectivity tasks from any host processor. They are ideal for enabling devices to achieve secure, high-speed throughput and access to IP networks via 10/100BaseT LAN or 802.11b/g wireless LAN, and cellular or dial-up modems. Typically only one man-month is needed for hardware engineering and adding IP connectivity commands to the host application. While the CO2128/CO2144 include a complete set of features, the CO2064 uses an open software architecture that enables users to select and program different firmware flavors, each providing a unique subset of Internet protocols and features. The CO2128/CO2144 firmware supports up to 10 simultaneous active TCP/UDP sockets and two listening sockets; HTTP, SMTP, MIME, POP3, FTP and TELNET clients; a web server with two websites: one for configuring the CO2128/CO2144 and one for the application; and serial-to-IP bridging. The CO2064 comes in two firmware flavors:

Flavor A offers 10 active TCP/UDP sockets and two listening sockets; sending ASCII e-mails; sending and retrieving data from an FTP server, and serial-to-IP bridging in SerialNet mode.

Flavor B supports one secure TCP/UDP socket plus 9 non-secure sockets.

Flavors can be quickly interchanged simply by sending an AT+icommand. Security features in the CO2064 include the hardware implementation of a random number generator, SHA-1 secure hash accelerator, AES-128/256 encryption accelerator, 3DES, SSL3/TLS1, RSA, RC-4 and MD-5. The CO2128 includes, in addition to the above, WEP, WPA, and WPA2 encryption for WiFi. CO2064 loads its firmware and Internet configuration parameters either from an external SPI flash memory, or accepts it from the host via one of the supported interfaces. Firmware can be updated locally via RS232. CO2128/CO2144 load their firmware from an external EBI flash memory. Firmware can be remotely updated via sockets, FTP or HTTP. All three iChips include a 32-bit ARM7TDMI RISC processor and 256KB of embedded high-speed SRAM. Basic peripherals for all models include USB v. 2.0 full-speed host and device port; 10/100BaseT Ethernet MAC with MII/RMII, USART and SPI interfaces. Both CO2064 and CO2128/CO2144 feature Sleep mode for energy savings. The iChips come in a 64-pin (CO2064), 128-pin (CO2128) or 144-pin (CO2144) LQFP RoHS-compliant package.

Key Features

Complete Internet protocol stack
    
RSA, AES-128/256, 3DES, RC-4, SHA-1, MD-5 and SSL3/TLS1 encryption

10/100BaseT Ethernet MAC

USB v2.0 full-speed host and device

USART, SPI interfaces

Application Program Interface

Connect One‘s AT+i protocol eliminates the need for Internet programming and minimizes changes to the host application, while the SerialNET serial-to-IP bridging mode eliminates the need for any change to the host application. AT+i commands are intercepted by iChip, which puts the host device into Internet mode.

CO2064 Features

Key Features
    
Acts as a security gap between the application and the network

Two firmware flavors for greater flexibility

Up to 10 simultaneous TCP/UDP sockets and two listening sockets

One secure SSL3/TLS1 socket

Supports multiple Certificate Authorities and both client-side and server-side authentication

Includes a true random number generator in hardware

Sending plain-text email

SerialNet mode for serial-to-IP bridging

FTP client

DHCP client

Locally updateable firmware

Retrieval of time data from a Network Time Server

Software and hardware flow control

Performance Specifications

Host Data Rate: Up to 3 Mbps in serial mode

Serial Data Format (AT+i mode): Async. character; binary; 8 data bits; no parity; 1 stop bit

Serial Data Format (SerialNET mode): Async. character; binary; 7 or 8 data bits; odd, even, or no parity; 1 stop bit

Flow Control: hardware (DTR, RTS, CTS, DCD) and software flow control

Internet Protocols

ARP, ICMP, DHCP, IP, UDP acceleration in hardware, TCP, DNS, NTP, SSL3/TLS1, SMTP, FTP

Hardware Description

Package: 64-pin LQFP, RoHS-compliant

Dimensions: 10x10x1.4mm, 0.5mm pitch

Core CPU: 32-bit RISC ARM7TDMI, 0.13 micron, low-leakage

I/O Operating Range: 3.3V+/-10%; Core Operating Range: 1.2V+/-10%

Operating Frequency: Up to 48MHz

Operating Humidity: 90% max. (non-condensing)

Operating Temperature Range: -40° to 85℃ (-40°to 185°F)

Power Consumption with external VDD Core @ 1.2V: 200mW (typical)

Sleep mode current: <2mA

Interfaces: USART, SPI

CO2128/CO2144 Features

Key Features

Acts as a security gap between the host application and the network

Provides dialup, cellular, LAN and WiFi connectivity

Non-volatile, on-chip operational parameter database

Up to 10 simultaneous TCP/UDP sockets and two listening sockets

One secure SSL3/TLS1 socket

Supports multiple Certificate Authorities and both client-side and server-side authentication

Routing of IP packets between dialup/cellular and LAN/WiFi platforms using NAPT

Supports infrasturcture and ad-hoc wireless LAN networks

Enables roaming among Access Points sharing the same SSID

Provides WEP, WPA and WPA2 wireless LAN security

Includes a true hardware random number generator

Triple DES, AES and SHA implemented in hardware

Includes 10/100BaseT Ethernet MAC

Sending and receiving textual email and binary email with MIME attachments

HTTP client

HTTP web server with two on-chip websites: configuration site and application site

SerialNet mode for serial-to-IP bridging (port server mode)

FTP and Telnet clients

Secure FTP client (over SSL3)

DHCP client and server

RAS server

Locally updateable firmware

Remote configuration and firmware update over the Internet

Retrieval of time data from a Network Time Server

Performance Specifications

Host Data Rate: Up to 3 Mbps in serial mode

Serial Data Format (AT+i mode): Asynchronous character; binary; 8 data bits; no parity; 1 stop bit

Serial Data Format (SerialNET mode): Asynchronous character; binary; 7 or 8 data bits; odd, even, or no parity; 1 stop bit

Flow Control: Hardware (RTSH, CTSH, DCH) and software flow control

Internet Protocols

ARP, ICMP, IP, UDP, TCP, DHCP, DNS, NTP, SMTP, POP3, MIME, HTTP, FTP, Telnet
    
Security protocols: SSL3/TLS1, HTTPS, FTPS, RSA, AES-128/256, 3DES, RC-4, SHA-1, MD-5, WEP, WPA and WPA2

Hardware Description
    
CO2128 Size: 64.5 x 27.4 x 11.0mm (2.54 x 1.0 x 0.43)
    
CO2144 Size: 10.0 x 10.0 x 1.4 mm, 0.8mm pitch
    
Core CPU: 32-bit RISC ARM7TDMI, low-leakage, 0.13 micron, running at 48MHz
    
Operating Voltage: +3.3V+/-10%
    
Operating Humidity: 90% maximum (non-condensing)
    
Operating Temperature Range: -40° to 85℃ (-40°to 185°F)
    
Power Consumption with External VDD Core: 200mW (typical), Sleep Mode current:

<2mA
    
Host Interface: USART, USB host and USB device
    
RoHS-compliant; lead-free



图1.CO2128/CO2144 方框图



图2.CO2064 方框图



图3.CO2128/CO2144 典型主机和互联网环境



图4.CO2064典型主机和互联网环境

Connect One’s II-EVB-630W offloads IP connectivity tasks from a host processor or device. II-EVB-630W supports effortless integration of many upper-layer Internet protocols using either AT+icommands or the iChipConfig Utility, both of which are described in this document. II-EVB-630W features include the ability to stream data over TCP or UDP sockets (up to 10 simultaneous active sockets are available) and manage two listening sockets. A secure socket (SSL3/TLS1) is fully supported. Additional features include the ability to send and receive emails with or without attachments, a built-in web server with two internal websites, one for remote control and management of the II-EVB-630W and the other for the device; HTTP, FTP, and Telnet clients; and the SerialNET (Device Server) mode, a plug-and-play operating mode that enables the connection of any device with an RS232 interface to the Internet without changing anything on the device’s hardware or software.

iChip CO2128SEC — The II-EVB-630W Internet Engine

The host processor communicates with the II-EVB-630W via Connect One’s high-level AT+i command set. AT+i commands are simple ASCII characters that are sent across the RS232 interface. The AT+i Application Programming Interface (API) requires writing just a few lines of code on the host processor to implement Internet connectivity. AT+i commands make it very easy to configure, test, and implement high-level Internet protocols with virtually no understanding of TCP/IP or other Internet protocols. Using AT+i commands, the device only needs to tell the II-EVB-630W what task to perform, but not how to perform it. For example, if the device has to send textual email, after a one-time short configuration of subject, recipient, mail account, etc., the device sends AT+iEMA: . The iChip CO2128SEC inside the II-EVB-630W establishes a connection or uses the existing one, builds the email (headers and content), connects to the SMTP server and sends the email. A status report is sent to the device upon completion. All these actions are completely hidden from the device and only require sending a few characters in addition to the email content. This mode of operation is applicable for all features of the II-EVB-630W.

The II-EVB-630W is a turnkey boxed solution and, as such, is supplied with all necessary accessories. The package includes the following items:

II-EVB-600W motherboard
    
WiFi 802.11b/g daughterboard (BRD-IIDB-W2SW1)

RS232 male/female cable

RJ45 Cat 5 100BaseT cable

RJ11 Phone Cable
    
USB A to B Cable

110V or 220V power supply

Two extra iChips CO2128SEC



图5.II-EVB-600W主板外形图



图6.II-EVB-600W主板电路图(1)



图7.II-EVB-600W主板电路图(2)



图8.II-EVB-600W主板电路图(3)



图9.II-EVB-600W主板电路图(4)



图10.II-EVB-600W主板电路图(5)



图11.II-EVB-600W主板电路图(6)



图12.II-EVB-600W主板电路图(7)



图13.II-EVB-600W主板电路图(8)

II-EVB-600W主板材料清单(BOM):







II-DB-W2SW1 子板材料清单: