Analog Devices / Maxim Integrated DS28E36 DeepCover® Secure Authenticator
Analog Devices DS28E36 DeepCover® Secure Authenticator provides a core set of cryptographic tools derived from integrated asymmetric (ECC-P256) and symmetric (SHA-256) security functions. In addition to the security services offered by the hardware-implemented crypto engines, the device incorporates a FIPS/NIST true random number generator (RNG), 8Kb of secured EEPROM, a decrement-only counter, two pins of configurable GPIO, and a unique 64-bit ROM identification number (ROM ID). This unique ROM ID is used as a fundamental input parameter for cryptographic operations and as an electronic serial number within the application. The Analog Devices DS28E36 DeepCover Secure Authenticator communicates over the single-contact 1-Wire® bus at overdrive speed. The communication follows the 1-Wire protocol with the ROM ID acting as node address in the case of a multi-device 1-Wire network.
The ECC public/private key capabilities operate from the NIST-defined P-256 curve, including FIPS 186 compliant ECDSA signature generation and verification to support a bidirectional asymmetric key authentication model. The SHA-256 secret-key capabilities comply with FIPS 180 and are flexibly used in conjunction with ECDSA operations or independently for multiple HMAC functions.
Two GPIO pins can be independently operated under command control and include configurability supporting authenticated and non-authenticated operation, including an ECDSA-based crypto-robust mode to support secure-boot of a host processor.
DeepCover embedded security solutions cloak sensitive data under multiple layers of advanced security to provide the most secure key storage possible. To protect against device-level security attacks, invasive and noninvasive countermeasures are implemented, including active die shield, encrypted storage of keys, and algorithmic methods.
Features
- ECC-256 compute engine
- FIPS 186 ECDSA P256 signature and verification
- ECDH key exchange with authentication prevents man-in-the-middle attacks
- ECDSA authenticated R/W of configurable memory
- SHA-256 compute engine
- FIPS 180 MAC for secure download/boot operations
- FIPS 198 HMAC for bidirectional authentication and optional GPIO control
- Two GPIO Pins with optional authentication control
- Open-Drain, 4mA/0.4V
- Optional SHA-256 or ECDSA authenticated on/off and state read
- Optional set on/off after multiblock hash for secure boot/download
- RNG with NIST SP 800-90B compliant entropy source with function to read out
- Optional chip-generated Pr/Pu key pairs for ECC operations
- 17-bit one-time settable, nonvolatile decrement-only counter with authenticated read
- 8Kbits of EEPROM for User Data, Keys, and certificates
- Unique and unalterable factory-programmed 64-bit identification number (ROM ID) with optional input data component to crypto and key operations
- Single-contact 1-wire interface communication with host at 11.7kbps and 62.5kbps
- 3.3V ±10% operating voltage range
- -40°C to +85°C operating temperature range
- TDFN-EP-6 package type
- 3mm x 3mm package dimensions
- Lead (Pb) free and RoHS compliant
Applications
- Accessory and peripheral secure authentication
- Secure boot or download of firmware and/or system parameters
- IoT node crypto-protection
- Secure storage of cryptographic keys for a host controller
Videos
Development Tool
Analog Devices / Maxim Integrated DS28E36EVKIT Evaluation System
Provides an evaluation platform for the DS28E36 and DS2476 DeepCover Security devices.
Block Diagram
