DS5003 Datasheet, PDF(15/24 Page) Maxim Integrated Products

English

English German Russian Spanish Italian Polish Chinese Japanese Korean French Portuguese	Language :

DS5003 Datasheet, PDF (15/24 Pages) Maxim Integrated Products – Secure Microprocessor Chip

◁

Secure Microprocessor Chip

Detailed Description

The DS5003 implements a security system that loads

and executes application software in encrypted form.

Up to 128kB of standard SRAM (64kB program + 64kB

data) can be accessed by its byte-wide bus. This

SRAM is converted by the DS5003 into lithium-backed

nonvolatile storage for program and data. Data can be

maintained for up to 10 years at room temperature with

a very small lithium cell. As a result, the contents of the

SRAM and the execution of the software appear unintel-

ligible to the outside observer. The encryption algorithm

uses an internally stored and protected key. Any

attempt to discover the key value results in its erasure,

rendering the encrypted contents of the SRAM useless.

The secure microprocessor chip provides a strong soft-

ware-encryption algorithm that incorporates elements of

DES encryption. The encryption is based on a 64-bit

key word, and the key can only be loaded from an on-

chip true random-number generator. As a result, the

user never knows the true key value. A self-destruct

input (SDI) pin is provided to interface to external tam-

per-detection circuitry. With or without the presence of

VCC, activation of the SDI pin has the same effect as

resetting the security lock: immediate erasure of the key

word and the 48-byte vector SRAM area. In addition, an

optional top coating of the die prevents access of infor-

mation using microprobing techniques.

When implemented as a part of an overall secure sys-

tem design, a system based on the DS5003 can typi-

cally provide a level of security that requires more time

and resources to defeat than necessary for unautho-

rized individuals who have reason to try.

Figure 8 is a block diagram illustrating the internal

architecture of the DS5003. The DS5003 operates in an

identical fashion to the DS5002FP, except where noted

in text.

Secure Operation Overview

The DS5003 incorporates encryption of the activity on its

byte-wide address/data bus to prevent unauthorized

access to the program and data information contained

in the external SRAM. Loading an application program

in this manner is performed by the bootstrap loader

using the general sequence described as follows:

1) Activate bootstrap loader by asserting the PROG pin

low for at least 48 clocks.

2) Clear security lock.

3) Set memory map configuration. These settings are

identical to those used for DS5002FP-based

designs.

4) Load application software.

5) Set security lock.

6) Exit loader by taking the PROG pin high again.

Loading of application software into the program/data

SRAM is performed while the DS5003 is in its bootstrap

load mode. Loading is only possible when the security

lock is clear. If the security lock was previously set, it

must be cleared by issuing the U command from the

bootstrap loader. Clearing the security lock instantly

clears the previous key word and the contents of the

vector SRAM. In addition, the bootstrap ROM writes

zeros into the first 32kB of external SRAM.

The userâs application software is loaded into user-sup-

plied external SRAM by the L command in âscrambledâ

form through on-chip encryptor circuits. Each external

SRAM address is an encrypted representation of an on-

chip logical address. Thus, the sequential instructions

of an ordinary program or data table are stored nonse-

quentially in SRAM memory. The contents of the pro-

gram/data SRAM are also encrypted. Each byte in

SRAM is encrypted by a key- and address-dependent

encryptor circuit such that identical bytes are stored as

different values in different memory locations.

The encryption of the program/data SRAM is depen-

dent on an on-chip 64-bit key word. The key is automat-

ically generated by the ROM firmware just prior to the

time that the application software is loaded, and is

retained as nonvolatile information in the absence of

VCC by the lithium-backup circuits. After the application

software loading is complete, the key is protected by

setting the on-chip security lock, which is also retained

as nonvolatile information in the absence of VCC. Any

attempt to tamper with the key word and, thereby, gain

access to the true program/data SRAM contents results

in the erasure of the key word as well as the SRAM

contents.

During execution of the application software, logical

addresses on the DS5003 that are generated from the

program counter or data pointer registers are encrypt-

ed before they are presented on the byte-wide address

bus. Op codes and data are read back and decrypted

before they are operated on by the CPU. Similarly, data

values written to the external NV SRAM storage during

program execution are encrypted before they are pre-

sented on the byte-wide data bus during the write oper-

ation. This encryption/decryption process is performed

in real time such that no execution time is lost, so the

operation of the encryptor circuitry is transparent to the

application software.

The DS5003âs security features are always enabled.

______________________________________________________________________________________ 15

▷