General Description
The DS28E36 is a DeepCover
®
secure authenticator
that provides a core set of cryptographic tools derived
from integrated asymmetric (ECC-P256) and symmetric
(SHA-256) security functions. In addition to the security
services provided by the hardware implemented crypto
engines, the device integrates a FIPS/NIST true random
number generator (RNG), 8Kb of secured EEPROM, a
decrement-only counter, two pins of configurable GPIO,
and a unique 64-bit ROM identification number (ROM
ID). This unique ROM ID is used as a fundamental input
parameter for cryptographic operations and also serves
as an electronic serial number within the application. The
DS28E36 communicates over the single-contact 1-Wire
®
bus at overdrive speed. The communication follows the
1-Wire protocol with the ROM ID acting as node address
in the case of a multidevice 1-Wire network.
The ECC public/private key capabilities operate from
the NIST defined P-256 curve and include FIPS 186
compliant ECDSA signature generation and verification
to support a bidirectional asymmetric key authentication
model. The SHA-256 secret-key capabilities are compli-
ant with FIPS 180 and are flexibly used either in conjunc-
tion with ECDSA operations or independently for multiple
HMAC functions.
Two GPIO pins can be independently operated under
command control and include configurability supporting
authenticated and nonauthenticated operation including
an ECDSA-based crypto-robust mode to support secure-
boot of a host processor.
DeepCover embedded security solutions cloak sensitive
data under multiple layers of advanced security to provide
the most secure key storage possible. To protect against
device-level security attacks, invasive and noninvasive
countermeasures are implemented including active die
shield, encrypted storage of keys, and algorithmic methods.
Applications
● IoT Node Crypto-Protection
● Accessory and Peripheral Secure Authentication
● Secure Storage of Cryptographic Keys for a Host
Controller
● Secure Boot or Download of Firmware and/or System
Parameters
Benets and Features
● ECC-256 Compute Engine
• FIPS 186 ECDSA P256 Signature and Verication
• ECDH Key Exchange with Authentication Prevents
Man-in-the-Middle Attacks
• ECDSA Authenticated R/W of Congurable
Memory
● SHA-256 Compute Engine
• FIPS 180 MAC for Secure Download/Boot
Operations
• FIPS 198 HMAC for Bidirectional Authentication
and Optional GPIO Control
● Two GPIO Pins with Optional Authentication Control
• Open-Drain, 4mA/0.4V
• Optional SHA-256 or ECDSA Authenticated On/O
and State Read
• Optional Set On/O after Multiblock Hash for
Secure Boot/Download
● RNG with NIST SP 800-90B Compliant Entropy
Source with Function to Read Out
● Optional Chip Generated Pr/Pu Key Pairs for ECC
Operations
● 17-Bit One-Time Settable, Nonvolatile Decrement-
Only Counter with Authenticated Read
● 8Kbits of EEPROM for User Data, Keys, and
Certificates
● Unique and Unalterable Factory Programmed 64-Bit
Identification Number (ROM ID)
• Optional Input Data Component to Crypto and Key
Operations
● Single-Contact 1-Wire Interface Communication with
Host at 11.7kbps and 62.5kbps
● Operating Range: 3.3V ±10%, -40°C to +85°C
● 6-Pin TDFN-EP Package (3mm x 3mm)
Ordering Information and Typical Application Circuit appear
at end of data sheet.
19-100170; Rev 1; 10/17
1-Wire and DeepCover are registered trademarks of Maxim
Integrated Products, Inc.
Request Security User Guide and Developer Software ›
DS28E36 DeepCover Secure Authenticator
EVALUATION KIT AVAILABLE