AT88SA102S_11 ATMEL [ATMEL Corporation], AT88SA102S_11 Datasheet - Page 4

AT88SA102S_11

Manufacturer Part Number

AT88SA102S_11

Description

Atmel CryptoAuthentication Product Authentication Chip

Manufacturer

ATMEL [ATMEL Corporation]

Datasheet

1.AT88SA102S_11.pdf (26 pages)

Current page: 4 of 26
Download datasheet (251Kb)

1.4

1.5

Secret Fuses

Status Fuses

Fuse Disable

Chip Identification

The chip includes a total of 72-bits of information that can be used to distinguish between individual chips in a reliable manner.

The information is distributed between the ROM and fuse blocks in the following manner.

Serial Number

Manufacturing ID

Key Values

The values stored in the Atmel AT88SA102S internal key array are hardwired into the masking layers of the chip during wafer

manufacture. All chips have the same keys stored internally, though the value of a particular key cannot be determined

externally from the chip. For this reason, customers should ensure that they program a unique (and secret) number into the

64-secret fuses and they should store the Atmel provided key values securely.

Individual key values are made available to qualified customers upon request to Atmel and are always transmitted in a secure

manner.

When the serial number is included in the MAC calculation then the response is considered to be diversified and the host

needs to know the base secret in order to be able to verify the authenticity of the client. A diversified response can also be

obtained by including the serial number in the computation of the value written to the secret fuses. A CryptoAuthentication host

chip provides a secure hardware mechanism to validate responses to determine if they are authentic.

These 63-fuses are used to augment the keys stored elsewhere in the chip. Knowledge of both the

internally stored keys and the values of the Secret Fuses are required to generate the correct response

to the Cryptographic command of the AT88SA102S. An arbitrary selection of these fuses is burned

during personalization via the BurnSecure command.

Within this document, “Secret Fuses” is used to refer to the entire array of 64-bits: Fuse[0-63], even

though the value of Fuse[1] is fixed for most applications and its value can be derived from the

operation of the chip.

These 23-fuses can be used to store information which is not secret, as their value can always be

determined using the read command. They can be written at the same time as the secret fuses using

the BurnSecure command, or they can be individually burned at a later time with the BurnFuse

command. Two common usage models for these fuses are:

Within this document, “Status Fuses” is used to refer to the entire array of 24-bits: Fuse[64-87], even

though the value of Fuse[87] is fixed after personalization and cannot be modified in the field.

This fuse is used to disable/enable the ability of the MAC command to read the fuse values until the

BurnSecure command has completed properly. When it has a value of one (unburned), the bit values in

the message that would normally have been filled in with Fuse values are all set to a one. When

FuseDisable is burned, the MAC command fills in the message with the requested fuse values.

Additionally, this bit, when burned, disables the BurnSecure command to prevent modification of the

secret fuses and BurnFuse enable bit in the end customer application.

This 48-bit value is composed of ROM SN (16-bits) and Fuse SN (32-bits). Together they form a serial

number that is guaranteed to be unique for all devices ever manufactured within the Atmel

CryptoAuthentication family. This value is optionally included in the MAC calculation.

This 24-bit value is composed of ROM MfrID (16-bits) and Fuse MfrID (8-bits). Typically this value is

the same for all chips of a given type. It is always included in the cryptographic computations.

Calibration or model number information. In this situation, the 23-bits are written at the factory. This

method can also be used for feature enabling. In this case, the BurnFuse command should not be

run in the field, and the BurnFuse Enable bit should be zero.

Consumption logging, i.e. burn one bit after every n uses, the host system keeps track of the

number of uses so far for this serial number. In this case, the BurnFuse command is necessary to

individually burn one of these 23-bits, and the BurnFuse enable bit should be a one.

Atmel AT88SA102S [DATASHEET]

8584G−CRYPTO−9/11

AT88SA102S_11 ATMEL [ATMEL Corporation], AT88SA102S_11 Datasheet - Page 4

AT88SA102S_11

Related parts for AT88SA102S_11