AT88SA-ADK1 Datasheet AT88SA102S-TH-T, AT88SA102S-SH-T, AT88SA102S-TSU-T | P4-P6

Atmel AT88SA102S [DATASHEET] 4

8584H−CRYPTO−9/2012

Secret Fuses These 63-fuses are used to augment the keys stored elsewhere in the chip. Knowledge of both the

internally stored keys and the values of the Secret Fuses are required to generate the correct response

to the Cryptographic command of the AT88SA102S. An arbitrary selection of these fuses is burned

during personalization via the BurnSecure command.

Within this document, “Secret Fuses” is used to refer to the entire array of 64-bits: Fuse[0-63], even

though the value of Fuse[1] is fixed for most applications and its value can be derived from the

operation of the chip.

Status Fuses These 23-fuses can be used to store information which is not secret, as their value can always be

determined using the read command. They can be written at the same time as the secret fuses using

the BurnSecure command, or they can be individually burned at a later time with the BurnFuse

command. Two common usage models for these fuses are:

1. Calibration or model number information. In this situation, the 23-bits are written at the factory. This

method can also be used for feature enabling. In this case, the BurnFuse command should not be

run in the field, and the BurnFuse Enable bit should be zero.

2. Consumption logging, i.e. burn one bit after every n uses, the host system keeps track of the

number of uses so far for this serial number. In this case, the BurnFuse command is necessary to

individually burn one of these 23-bits, and the BurnFuse enable bit should be a one.

Within this document, “Status Fuses” is used to refer to the entire array of 24-bits: Fuse[64-87], even

though the value of Fuse[87] is fixed after personalization and cannot be modified in the field.

Fuse Disable This fuse is used to disable/enable the ability of the MAC command to read the fuse values until the

BurnSecure command has completed properly. When it has a value of one (unburned), the bit values in

the message that would normally have been filled in with Fuse values are all set to a one. When

FuseDisable is burned, the MAC command fills in the message with the requested fuse values.

Additionally, this bit, when burned, disables the BurnSecure command to prevent modification of the

secret fuses and BurnFuse enable bit in the end customer application.

1.4 Chip Identification

The chip includes a total of 72-bits of information that can be used to distinguish between individual chips in a reliable manner.

The information is distributed between the ROM and fuse blocks in the following manner.

Serial Number This 48-bit value is composed of ROM SN (16-bits) and Fuse SN (32-bits). Together they form a serial

number that is guaranteed to be unique for all devices ever manufactured within the Atmel

CryptoAuthentication family. This value is optionally included in the MAC calculation.

Manufacturing ID This 24-bit value is composed of ROM MfrID (16-bits) and Fuse MfrID (8-bits). Typically this value is

the same for all chips of a given type. It is always included in the cryptographic computations.

1.5 Key Values

The values stored in the Atmel AT88SA102S internal key array are hardwired into the masking layers of the chip during wafer

manufacture. All chips have the same keys stored internally, though the value of a particular key cannot be determined

externally from the chip. For this reason, customers should ensure that they program a unique (and secret) number into the

64-secret fuses and they should store the Atmel provided key values securely.

Individual key values are made available to qualified customers upon request to Atmel and are always transmitted in a secure

manner.

When the serial number is included in the MAC calculation then the response is considered to be diversified and the host

needs to know the base secret in order to be able to verify the authenticity of the client. A diversified response can also be

obtained by including the serial number in the computation of the value written to the secret fuses. A CryptoAuthentication host

chip provides a secure hardware mechanism to validate responses to determine if they are authentic.

Atmel AT88SA102S [DATASHEET] 5

8584H−CRYPTO−9/2012

1.6 SHA-256 Computation

AT88SA102S performs only one cryptographic calculation – a keyed digest of an input challenge. It includes optionally various

other information stored on the chip within the digested message.

AT88SA102S computes the SHA-256 digest based on the algorithm documented here:

http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf

Throughout this document, the complete message processed by the AT88SA102S chip is documented. According to the

above specification, this always includes a single bit of ‘1’ pad after the message, followed by a 64-bit value representing the

total number of bits being hashed (less pad and length). If the length is less than 447 (512-64-1), then the necessary number

of ‘0’ bits are included between the ‘1’ pad and ‘length’ to stretch the last message block out to 512-bits.

When using standard libraries to calculate the SHA-256 digest, these pad and length bits should probably not be passed to the

library as most standard software implementations of the algorithm add them in automatically.

1.6.1 SHA Computation Example

In order to ensure that there is no ambiguity, the following example vector is provided in addition to the sample vectors in the

NIST document. In this example, all values are listed in hex format. For all but the key, bytes are listed in the order that they

appear on the bus – first on the bus is listed on the left side of the page. The key value below is listed in the same order as the

challenge, so the 01 at the left of the key string corresponds to the first byte in the SHA-256 document.

SHA Computation Example

Key 01030507090B0D0F11131517191B1D1F21232527292B2D2F31333537393B3D3F

Challenge 020406080A0C0E10121416181A1C1E20222426282A2C2E30323436383A3C3E40

Opcode 08

Mode 50 (all optional information included in message)

KeyID

Secret Fuses 0000111122223333

Status Fuses 445566

Fuse MfrID 77

Fuse SN 8899AABB

ROMMfrID CCDD

ROM SN EEFF

The 88-bytes over which the digest is calculated are:

0103…3D3F0204…3E400850FFFF00001111…EEFF

And the resulting digest is:

6CA7129C8DA9CE80EA6357DDCFB1DDCBBBD89ED373419A5A332D728B42642C62

1.7 Security Features

The AT88SA102S incorporates a number of physical security features designed to protect the keys from release. These

include an active shield over the entire surface of the part, internal memory encryption, internal clock generation, glitch

protection, voltage tamper detection and other physical design features.

Pre-programmed keys stored on the AT88SA102S are encrypted in such a way as to make retrieval of their values via outside

analysis very difficult.

Both the clock and logic supply voltage are internally generated, preventing any direct attack via the pins on these two signals.

Atmel AT88SA102S [DATASHEET] 6

8584H−CRYPTO−9/2012

2. IO Protocol

Communications to and from the AT88SA102S take place over a single asynchronously timed wire using a pulse count

scheme. The overall communications structure is a hierarchy:

Table 2-1. IO Hierarchy

Tokens

Implement a single data bit transmitted on the bus, or the wake-up event.

Flags

Comprised of eight tokens (bits) which convey the direction and meaning of the next group of bits (if any)

which may be transmitted.

Blocks

Of data follow the command and Transmit flags. They incorporate both a byte count and a checksum to

ensure proper data transmission.

Packets

Of bytes form the core of the block without the count and CRC. They are either the input or output parameters

of an Atmel AT88SA102S command or status information from the Atmel AT88SA102S.

See applications notes on the Atmel website for more details on how to use any microprocessor to easily generate the

signaling necessary to send these values to the chip.

2.1 IO Tokens

There are a number of IO tokens that may be transmitted along the bus:

Input: (To AT88SA102S)

Wake Wake AT88SA102S up from sleep (low power) state

Zero Send a single bit from system to AT88SA102S with a value of zero

One Send a single bit from system to AT88SA102S with a value of one

Output: (From AT88SA102S)

ZeroOut Send a single bit from AT88SA102S to the system with a value of zero

OneOut Send a single bit from AT88SA102S to the system with a value of one

The waveforms are the same in either direction, however there are some differences in timing based on the expectation that

the host has a very accurate and consistent clock while AT88SA102S has significant part to part variability in its internal clock

generator due to normal manufacturing and environmental fluctuations.

The bit timings are designed to permit a standard UART running at 230.4K baud to transmit and receive the tokens efficiently.

Each byte transmitted or received by the UART corresponds to a single bit received or transmitted by AT88SA102S. See

applications notes on the Atmel website for more details.

P1-P3 P4-P6 P7-P9 P10-P12 P13-P15 P16-P18 P19-P21 P22-P24 P25-P25

AT88SA-ADK1

Mfr. #:

Buy AT88SA-ADK1

Manufacturer:

Description:

KIT EVAL CRYPTOAUTHENTICATION

Lifecycle:

New from this manufacturer.

Delivery:

DHL FedEx Ups TNT EMS

Payment:

T/T Paypal Visa MoneyGram Western Union

AT88SA-ADK1

AT88SA-ADK1

Products related to this Datasheet