General Description
The DS28E83 is a radiation-resistant secure authentica-
tor that provides a core set of cryptographic tools derived
from integrated asymmetric (ECC-P256) and symmetric
(SHA-256) secu rity functions. In addition to the security
services provided by the hardware implemented crypto
engines, the device integrates a FIPS-compatible true
random number genera tor (TRNG), 10Kb of secured
OTP, one configurable GPIO, and a unique 64-bit ROM
identification number (ROM ID).
The ECC public/private key capabilities operate from the
NIST defined P-256 curve and include FIPS 186-compliant
ECDSA signature generation and verification to support
a bidirectional asymmetric key authentication model. The
SHA-256 secret key capabilities are compli ant with FIPS
180 and are flexibly used either in conjunc tion with ECDSA
operations or independently for multiple HMAC functions.
The GPIO pin can be operated under command control and
include configurability supporting authenticated and nonau-
thenticated operation, including an ECDSA-based crypto-
robust mode to support secure boot of a host processor.
DeepCover® embedded security solutions cloak sensitive
data under multiple layers of advanced security to provide
the most secure key storage possible. To protect against
device-level security attacks, invasive and noninvasive
countermeasures are implemented including active die
shield, encrypted storage of keys, and algorithmic methods.
Applications
● Medical Consumables Secure Authentication
● Medical Tools/Accessories Identification and
Calibration
● Accessory and Peripheral Secure Authentication
● Secure Storage of Cryptographic Keys for Host
Controllers
● Secure Boot or Download of Firmware and/or System
Parameters
Ordering Information appears at end of data sheet.
DeepCover® is a registered trademark of Maxim Integrated
Products, Inc.
19-100287; Rev 0; 3/18
Benets and Features
● High Radiation Resistance Allows User-
Programmable Manufacturing or Calibration Data
Before Medical Sterilization
• Resistant Up to 75kGy (kiloGray) of Radiation
• One Time Programmable (OTP) 10kb of User
Data, Keys, and Certicates
● ECC-P256 Compute Engine
• FIPS 186 ECDSA P256 Signature and Verication
• ECDH Key Exchange for Session Key Establishment
• ECDSA Authenticated R/W of Congurable Memory
● SHA-256 Compute Engine
• FIPS 180 MAC for Secure Download/Boot
• FIPS 198 HMAC for Bidirectional Authentication
and Optional GPIO Control
● SHA-256 OTP (One-Time Pad) Encrypted R/W of
Configurable Memory Through ECDH Established Key
● One GPIO Pin with Optional Authentication Control
• Open-Drain, 4mA/0.4V
• Optional SHA-256 or ECDSA Authenticated On/O
and State Read
• Optional ECDSA Certicate to Set On/O After
Multiblock Hash for Secure Download
● TRNG with NIST SP 800-90B Compliant Entropy
Source with Function to Read Out
● Optional Chip Generated Pr/Pu Key Pairs for ECC
Operations or Secrets for SHA256 Functions
● Unique and Unalterable Factory Programmed 64-Bit
Identification Number (ROM ID)
• Optional Input Data Component to Crypto and Key
Operations
● Advanced 1-Wire Protocol Minimizes Interface to
Just Single Contact
● Operating Range: 3.3V ±10%, 0°C to +50°C
● ±8kV HBM ESD Protection of 1-Wire IO Pin
● 6-Pin, 3mm x 3mm TDFN
DS28E83 DeepCover Radiation Resistant
1-Wire Authenticator
EVALUATION KIT AVAILABLE