DeepCover Secure Authenticator with SHA-256 and 3Kb User EEPROM

Protect Your Development Investment with SHA-256 Crypto-Strong Authentication and Encryption

Description

DeepCover^® embedded security solutions cloak sensitive data under multiple layers of advanced physical security to provide the most secure key storage possible. The DeepCover Secure Authenticator (DS28C22) combines crypto-strong, bidirectional, secure challenge-and-response authentication functionality with an implementation based on the FIPS 180-3-specified Secure Hash Algorithm (SHA-256). A 3Kb user-programmable EEPROM array provides nonvolatile storage of application data and additional protected memory holds two read-protected secrets for SHA-256 operations and settings for user memory control. Each device has its own guaranteed unique 64-bit ROM identification number (ROM ID) that is factory programmed into the chip. This unique ROM ID is used as a fundamental input parameter for cryptographic operations and also serves as an electronic serial number within the application. A bidirectional security model enables two-way authentication between a host system and slave-embedded DS28C22. Slave-to-host authentication is used by a host system to securely validate that an attached or embedded DS28C225 is authentic. Host-to-slave authentication is used to protect DS28C22 user memory from being modified by a nonauthentic host. The SHA-256 message authentication code (MAC), which the DS28C22 generates, is computed from data in the user memory, an on-chip secret, a host random challenge, and the 64-bit ROM ID. When not in use, the DS28C22 can be put in sleep mode where power consumption is minimal.

Key Features

Symmetric Key-Based Bidirectional Secure Authentication Model Based on SHA-256
Dedicated Hardware-Accelerated SHA Engine for Generating SHA-256 MACs
Strong Authentication with a High Bit Count, User-Programmable Secret, and Input Challenge
3072 Bits of User EEPROM Partitioned Into 12 Pages of 256 Bits
User-Programmable and Irreversible EEPROM Protection Modes Including Authentication, Write and Read Protect, Encryptions, and OTP/EPROM Emulation
Operating Range: 3.3V ±10%, -40°C to +85°C
8-Pin TDFN Package

DS28E35

DeepCover Secure Authenticator with 1-Wire ECDSA and 1Kb User EEPROM

Provides Affordable Elliptic-Curve Public-Key Authentication Security to Protect Your Development Investment

Description

DeepCover^® embedded security solutions cloak sensitive data under multiple layers of advanced physical security to provide the most secure key storage possible.

The DeepCover Secure Authenticator (DS28E35) provides a highly secure solution for a host controller to authenticate peripherals using the industry standard (FIPS 186) public-key based Elliptic Curve Digital Signature Algorithm (ECDSA). The ECDSA engine computes keys and signatures using a pseudorandom curve over a prime field according to the “Standards for Efficient Cryptography (SEC)”. The private and public key can be computed by the device or installed by the user and optionally locked. Separate memory space is set aside to store and lock a public-key certificate as it is needed to verify authenticity. In addition to ECDSA-related memory, the device has 1024 bits of user memory that is organized as four pages of 256 bits. Page protection modes include write protection, read protection, and one-time-programmable (OTP) memory emulation modes. The DS28E35 also features a one-time settable, nonvolatile 32-bit decrement-on-command counter, which can be used to keep track of the lifetime of the object to which the DS28E35 is attached. Each device has its own guaranteed unique 64-bit ROM identification number (ROM ID) that is factory programmed into the chip. This unique ROM ID is used as a fundamental input parameter for cryptographic operations and also serves as an electronic serial number within the application. The DS28E35 communicates over the single-contact 1-Wire^® bus at overdrive speed. The communication follows the 1-Wire protocol with the ROM ID acting as node address in the case of a multi-device 1-Wire network.

Key Features

ECDSA Engine for Public-Key Signature Using a Defined SEC Domain Parameter Set
On-Chip Hardware Random Number Generator
Private and Public Key Can Be Computed by the Device or Loaded from Outside with Optional Automatic Locking
Separate User-Programmable and Lockable Memory Space to Store a Public-Key Certificate
32-Bit One-Time Settable, Nonvolatile Decrement-On-Command Counter
SHA-256 Engine to Compute a Hash of EEPROM Page Data and Host Challenge for Subsequent ECDSA Signing
1024 Bit of User EEPROM Organized as Four Pages of 256 Bits
Programmable and Irreversible User EEPROM Protection Modes Including Write Protection, Read Protection, and OTP/EPROM Emulation for Individual Memory Pages
Unique Factory-Programmed 64-Bit Identification Number
Single-Contact 1-Wire Interface Communicates with Host at Up to 76.9kbps
Operating Range: 3.3V ±10%, -40°C to +85°C
±8kV HBM ESD Protection (typ) for IO Pin
8-Pin TDFN and 6-Pin TSOC Packages