|
DS28C36 Datasheet, PDF (1/5 Pages) Maxim Integrated Products – FIPS 180 SHA-256 Compute Engine | |||
|
DS28C36
ABRIDGED DATA SHEET
EVALUATION KIT AVAILABLE
DeepCover Secure Authenticator
General Description
The DS28C36 is a secure authenticator that provides a
core set of cryptographic tools derived from integrated
asymmetric (ECC-P256) and symmetric (SHA-256) secu-
rity functions. In addition to the security services provided
by the hardware implemented crypto engines, the device
integrates a FIPS/NIST true random number genera-
tor (RNG), 8Kb of secured EEPROM, a decrement-only
counter, two pins of configurable GPIO, and a unique
64-bit ROM identification number (ROM ID).
The ECC public/private key capabilities operate from
the NIST defined P-256 curve and include FIPS 186
compliant ECDSA signature generation and verification
to support a bidirectional asymmetric key authentication
model. The SHA-256 secret-key capabilities are compli-
ant with FIPS 180 and are flexibly used either in conjunc-
tion with ECDSA operations or independently for multiple
HMAC functions.
Two GPIO pins can be independently operated under
command control and include configurability supporting
authenticated and nonauthenticated operation including
an ECDSA-based crypto-robust mode to support secure-
boot of a host processor.
DeepCover embedded security solutions cloak sensitive
data under multiple layers of advanced security to provide
the most secure key storage possible. To protect against
device-level security attacks, invasive and noninvasive
countermeasures are implemented including active die
shield, encrypted storage of keys, and algorithmic methods.
Applications
ââ IoT Node Crypto-Protection
ââ Accessory and Peripheral Secure Authentication
ââ Secure Storage of Cryptographic Keys for a Host
Controller
ââ Secure Boot or Download of Firmware and/or System
Parameters
Benefits and Features
ââ ECC-256 Compute Engine
⢠FIPS 186 ECDSA P256 Signature and Verification
⢠ECDH Key Exchange with Authentication Prevents
Man-in-the-Middle Attacks
⢠ECDSA Authenticated R/W of Configurable
Memory
ââ FIPS 180 SHA-256 Compute Engine
⢠HMAC
ââ SHA-256 OTP (One-Time Pad) Encrypted R/W of
Configurable Memory Through ECDH Established Key
ââ Two GPIO Pins with Optional Authentication Control
⢠Open-Drain, 4mA/0.4V
⢠Optional SHA-256 or ECDSA Authenticated On/Off
and State Read
⢠Optional ECDSA Certificate to Set On/Off after
Multiblock Hash for Secure Boot
ââ RNG with NIST SP 800-90B Compliant Entropy
Source with Function to Read Out
ââ Optional Chip Generated Pr/Pu Key Pairs for ECC
Operations
ââ 17-Bit One-Time Settable, Nonvolatile Decrement-
Only Counter with Authenticated Read
ââ 8Kbits of EEPROM for User Data, Keys, and
Certificates
ââ Unique and Unalterable Factory Programmed 64-Bit
Identification Number (ROM ID)
⢠Optional Input Data Component to Crypto and Key
Operations
ââ I2C Communication, 100kHz and 400kHz
ââ Operating Range: 3.3V ±10%, -40°C to +85°C
ââ 6-Pin TDFN Package
Ordering Information appears at end of data sheet.
Typical Application Circuit appears at end of data sheet.
19-8546; Rev 0; 6/16
|
▷ |