DS28C36Q+U DeepCover Secure Authenticator

By Maxim Integrated 235

DS28C36Q+U DeepCover Secure Authenticator

Maxim's DS28C36Q+U is a secure authenticator that provides a core set of cryptographic tools derived from integrated, asymmetric (ECC-P256) and symmetric (SHA-256) security functions. In addition to the security services provided by the hardware-implemented crypto engines, the device integrates a FIPS/NIST true random number generator (RNG), 8 Kb of secured EEPROM, a decrement-only counter, two configurable general-purpose input/output (GPIO) pins, and a unique 64-bit ROM identification number (ROM ID).

The ECC public and private key capabilities operate from the NIST-defined, P-256 curve and include FIPS-186-compliant ECDSA signature generation and verification to support a bidirectional, asymmetric key authentication model. The SHA-256's secret-key capabilities are compliant with FIPS 180 and are flexibly used either in conjunction with ECDSA operations or independently for multiple HMAC functions.

Two GPIO pins can be independently operated under command control and include configurability supporting authenticated and non-authenticated operation, including an ECDSA-based, crypto-robust mode to support secure-boot of a host processor.

DeepCover embedded security solutions cloak sensitive data under multiple layers of advanced security to provide the most secure key storage possible. To protect against device-level security attacks, invasive and noninvasive countermeasures are implemented including an active die shield, encrypted storage of keys, and algorithmic methods.

How Unclonable, Turnkey Embedded Security Protects Designs from the Ground Up

Isolate Software Execution with a DeepCover Security Framework 

DeepCover Embedded Security Solution Guide

Features
  • ECC-256 compute engine
    • FIPS 186 ECDSA P256 signature and verification
    • ECDH key exchange with authentication prevents man-in-the-middle attacks
    • ECDSA authenticated R/W of configurable memory
  • FIPS 180 SHA-256 compute engine
    • HMAC
  • SHA-256 OTP (one-time pad) encrypted R/W of configurable memory through ECDH established key
  • Unique and unalterable, factory-programmed, 64-bit identification number (ROM ID)
    • Optional input data component to crypto and key operations
  • Two GPIO pins with optional authentication control
    • Open-drain, 4 mA / 0.4 V
    • Optional SHA-256 or ECDSA authenticated on/off and state read
    • Optional ECDSA certificate to set on/off after multiblock hash for secure boot
  • RNG with NIST SP 800-90B compliant entropy source with function to read out
  • Optional chip-generated Pr/Pu key pairs for ECC operations
  • 17-bit, one-time-settable, nonvolatile, decrement-only counter with authenticated read
  • 8 Kbits of EEPROM for user data, keys, and certificates
  • I2C communication: 100 kHz and 400 kHz
Applications
  • IoT node crypto-protection
  • Secure boot or download of firmware, system parameters, or both
  • Accessory and peripheral secure authentication
  • Secure storage of cryptographic keys for a host controller

Categories

Top