AT88SA102S_10

Manufacturer Part NumberAT88SA102S_10
DescriptionAtmel CryptoAuthentication
ManufacturerATMEL [ATMEL Corporation]
AT88SA102S_10 datasheet
 
1
Page 1
2
Page 2
3
Page 3
4
Page 4
5
Page 5
6
Page 6
7
Page 7
8
Page 8
9
Page 9
10
Page 10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
Page 1/24

Download datasheet (263Kb)Embed
Next
Features
• Secure authentication & key exchange
• Superior SHA-256 Hash Algorithm
• Best in class 256-bit key length
• Guaranteed Unique 48-bit Serial Number
• High speed single wire interface
• Supply Voltage: 2.7 – 5.25V
• 1.8 – 5.5 V Communications
• <100nA Sleep Current
• 4KV ESD protection
• Multi-level hardware security
• Secure personalization
• Green compliant (exceeds RoHS) 3-pin SOT-23 and 8-pin TSSOP or SOIC packages
Applications
• Authentication of Replaceable Items
• Software anti-piracy
• Network & Computer Access control
• Portable Media Player & GPS System
• Key exchange for encrypted downloads
• Prevention of clones for demo and eval boards
• Authenticated communications for control networks
• Anti-clone authentication for daughter cards
• Physical access control (electronic lock & key)
1.
Introduction
®
The Atmel
AT88SA102S is a member of the Atmel CryptoAuthentication family of
cost-effective authentication chips designed to securely authenticate an item to
which it is attached. It can also be used to exchange session keys with some
remote entity so that the system microprocessor can securely encrypt/decrypt data.
Each AT88SA102S chip contains a pre-programmed serial number which is
guaranteed to be unique. In addition, it has been designed to permit secure
personalization so that third parties can build devices containing an OEM secret
without concern for the theft of that secret.
It is the first small standard product to implement the SHA-256 hash algorithm,
which is part of the latest set of recommended algorithms by the US Government.
The 256-bit key space renders any exhaustive attacks impossible.
The CryptoAuthentication family uses a standard challenge response protocol to
simplify programming. The system generates a random number challenge and
sends it to the Atmel® AT88SA102S chip. The chip hashes that with a 256-bit key
using the SHA-256 algorithm to generate a keyed 256-bit response which is sent
back to the system.
Atmel
CryptoAuthentication
Atmel AT88SA102S
Product
Authentication Chip
8584F–SMEM–8/10

AT88SA102S_10 Summary of contents

  • Page 1

    Features • Secure authentication & key exchange • Superior SHA-256 Hash Algorithm • Best in class 256-bit key length • Guaranteed Unique 48-bit Serial Number • High speed single wire interface • Supply Voltage: 2.7 – 5.25V • 1.8 – ...

  • Page 2

    ... Atmel which is guaranteed to be unique. See Section the Manufacturing ID and Serial Number. ROM Metal mask programmed memory. Unrestricted reads are permitted on the first 64-bits of this array. The physical ROM will be larger and will contain other information that cannot be read. ROM MfrID 2-bytes of ROM that specifies part of the manufacturing ID code ...

  • Page 3

    Fuse Map ® The Atmel AT88SA102S incorporates 128 one-time fuses within the chip. Once burned, there is no way to reset the value of a fuse. Fuses, with the exception of the manufacturer ID and serial number bits initialized ...

  • Page 4

    Fuse Disable This fuse is used to disable/enable the ability of the MAC command to read the fuse values until the BurnSecure command has completed properly. When it has a value of one (unburned), the bit values in the message ...

  • Page 5

    ... The Atmel AT88SA102S incorporates a number of physical security features designed to protect the keys from release. These include an active shield over the entire surface of the part, internal memory encryption, internal clock generation, glitch protection, voltage tamper detection and other physical design features. Pre-programmed keys stored on the AT88SA102S are encrypted in such a way as to make retrieval of their values via outside analysis very difficult ...

  • Page 6

    IO Protocol Communications to and from the Atmel a pulse count scheme. The overall communications structure is a hierarchy: Table 2-1. IO Hierarchy Implement a single data bit transmitted on the bus, or the wake-up event Tokens Flags Comprised ...

  • Page 7

    AC Parameters WAKE LOGIC Ø LOGIC 1 NOISE SUPPRESION 3. Absolute Maximum Ratings* Operating Temperature................... −40°C to +85°C Storage Temperature .................. −65° 150°C Voltage on Any Pin with Respect to Ground ............... − 0 8584F–SMEM–8/10 ...

  • Page 8

    Table 3-1. AC Parameters Parameter Symbol t Wake Low Duration WLO t Wake Delay to Data WHI Comm. t Start pulse duration START t Zero transmission ZHI high pulse t Zero transmission low ZLO pulse t ‡ BIT Bit time ...

  • Page 9

    DC Parameters Table 4-1. DC Parameters Parameter Operating temperature Power Supply Voltage Fuse Burning Voltage Active Power Supply Current Sleep Power Supply Current @ -40C to 55C Sleep Power Supply Current @ 85C Input Low Voltage @ V = ...

  • Page 10

    ... The delays for these operations are listed in the table below: Table 4-1. Command Timing Parameter Symbol Parsing Delay t PARSE MacDelay t EXEC_MAC MemoryDelay t EXEC_READ Fuse Delay t EXEC_FUSE SecureDelay t EXEC_SECURE PersonalizeDelay t PERSON ...

  • Page 11

    Table 4-1. Return Codes State Description After Wake, but prior to first command After successful command execution Execution error After CRC or other communications error AT88SA102S always transmits complete blocks to the system the above table the status/error ...

  • Page 12

    IO Blocks Commands are sent to the chip, and responses received from the chip, within a block following way: Byte Name 0 Count 1 to (N-2) Packet N-1, N Checksum 4.3. IO Flow The general IO flow for the ...

  • Page 13

    In order to limit the active current if Atmel also enabled when AT88SA102S receives a wake-up. If the first token does not come within the t then AT88SA102S will go back to the sleep mode without performing any operations. The ...

  • Page 14

    Commands The command packet is broken down in the following way: Byte Name Meaning 0 Opcode The Command code 1 Param1 The first parameter – always present 2-3 Param2 The second parameter – always present 4 + Data Optional ...

  • Page 15

    Table 5-2. Output Parameters Name Size Response 32 Regardless of the value of <mode> the first 512-bit block of the message that will be hashed with the SHA-256 algorithm will consist of: 256-bits key[KeyID] 256-bits challenge The second block consists ...

  • Page 16

    ... Size Notes 4 The contents of the specified memory location Notes Reads four bytes from the ROM. Bit one of the address parameter must be zero Reads the value of 32-fuses. Bit one of the address parameter must be one. The input address parameter << 5 provides the fuse number corresponding to the LSB of the first returned byte ...

  • Page 17

    ... GenPersonalizationKey Loads a personalization key into internal memory and then uses that key along with an input seed to generate a decryption digest using SHA-256. Neither the key nor the decryption digest can be read from the chip. Upon completion, an internal bit is set indicating that a secure personalization digest has been loaded and is ready for use by BurnSecure ...

  • Page 18

    To facilitate secure personalization of the AT88SA102S, this map may be encrypted before being sent to the chip. If this mode is desired, then the Decrypt parameter should be set to one in the input parameter list. The decryption (transport) ...

  • Page 19

    PauseLong Forces the chip into the pause state until the watchdog timer expires, after which it will automatically enter into the sleep state. During execution of this command and while in the pause state the chip will ignore all ...

  • Page 20

    Packaging Information 3TS1 – Shrink SOT SEATING PLANE Notes: 1. Dimension D does not include mold flash, protrusions or gate burrs. Mold flash, protrusions or gate burrs shall not exceed 0.25mm per end. Dimension E1 does not include interlead ...

  • Page 21

    TSSOP Pin 1 indicator this corner N Top View Side View Notes: 1. This drawing is for general information only. Refer to JEDEC Drawing MO-153, Variation AA, for proper dimensions, tolerances, datums, ...

  • Page 22

    SOIC Notes: This drawing is for general information only. Refer to JEDEC Drawing MS-012, Variation AA for proper dimensions, tolerances, datums, etc. Package Drawing Contact: packagedrawings@atmel.com Atmel AT88SA102S 22 SYMBOL ...

  • Page 23

    Ordering Codes Atmel AT24C256C Ordering Information Ordering Code AT88SA102S-TSU-T AT88SA102S-TH-T AT88SA102S-SH-T 9. Revision History Doc. Rev. Date 8584F 08/2010 8584E 06/2010 8584D 05/2010 8584C 04/2010 8584B 02/2010 8584A 03/2009 8584F–SMEM–8/10 Package Type Voltage Range SOT, Tape & Reel 2.7V–5.25V ...

  • Page 24

    He adq Atmel Corporation 2325 Orchard Parkway San Jose, CA 95131 USA Tel: (+1) (408) 441-0311 Fax: (+1) (408) 487-2600 www.atmel.com Disclaimer: The information in this document is provided in connection with Atmel products. No license, ...