AT88SA10HS_10

Manufacturer Part NumberAT88SA10HS_10
DescriptionAtmel CryptoAuthentication Host Security Chip
ManufacturerATMEL [ATMEL Corporation]
AT88SA10HS_10 datasheet
 
1
Page 1
2
Page 2
3
Page 3
4
Page 4
5
Page 5
6
Page 6
7
Page 7
8
Page 8
9
Page 9
10
Page 10
11
12
13
14
15
16
17
18
19
20
21
22
23
Page 1/23

Download datasheet (283Kb)Embed
Next
Features
• Secure key storage to complement Atmel AT88SA100S and Atmel AT88SA102S
Devices
• Superior SHA-256 Hash Algorithm
• Guaranteed Unique 48-bit Serial Number
• High speed single wire interface, optionally shared with client
• Supply Voltage: 2.7 – 5.25V
• 1.8V – 5.5V communications voltage
• <100nA Sleep Current
• 4KV ESD protection
• Multi-level hardware security
• Secure personalization
• Green compliant (exceeds RoHS) 3-pin SOT-23 and 8-pin TSSOP or SOIC packages
Applications
• Consumable device (battery, toner, other supplies) authentication
• Network & Computer Access control
• Authenticated communications for control networks
• Anti-clone authentication for daughter cards
• Physical access control (electronic lock & key)
1.
Introduction
®
The Atmel
CryptoAuthentication family of chips is the first cost-effective
authentication devices to implement the SHA-256 hash algorithm, which is part of
the latest set of recommended algorithms by the US Government. The 256-bit key
space renders any exhaustive attacks impossible.
The Atmel AT88SA10HS host version of CryptoAuthentication chips is capable of
validating the response coming from the SHA-256 engine within an authentic
CryptoAuthentication client (SA100S or SA102S), even if that response includes
within the computation the serial number of the client. For detailed information on
the cryptographic protocols, algorithm test values and usage models refer to “Atmel
AT88SA100S” and “Atmel AT88SA102S” Datasheets, along with the application
notes dedicated to this product family.
The host CryptoAuthentication performs three separate operations (named HOST0,
HOST1 & HOST2) to implement this validation. The AT88SA10HS chip takes both
the challenge and response as inputs and returns a single Boolean indicating
whether or not the response is valid, in order to prevent the host chip from being
used to model a valid client.
The host system is responsible for generating the random challenge that is sent to
both the client and host CryptoAuthentication devices as AT88SA10HS does not
include a random number generator.
Note:
The chip implements a failsafe internal watchdog timer that forces it into a very low
power mode after a certain time interval regardless of any current activity. System
programming must take this into consideration. Refer to Section 4.5 for more details.
Atmel
CryptoAuthentication
Host Security Chip
Atmel AT88SA10HS
8595F–SMEM–8/10

AT88SA10HS_10 Summary of contents

  • Page 1

    ... For detailed information on the cryptographic protocols, algorithm test values and usage models refer to “Atmel AT88SA100S” and “Atmel AT88SA102S” Datasheets, along with the application notes dedicated to this product family. The host CryptoAuthentication performs three separate operations (named HOST0, HOST1 & ...

  • Page 2

    ... See Section 1.3 for more details on the Manufacturing ID and Serial Number. ROM Metal mask programmed memory. Unrestricted reads are permitted on the first 64-bits of this array. The physical ROM will be larger and will contain other information that cannot be read. The following three fields are stored in the ROM: ROM MfrID 2-bytes of ROM that specifies part of the manufacturing ID code ...

  • Page 3

    ... As a security measure, the 24-bit MfrID code (both ROM and Fuse bits) is automatically included in every message digested by the AT88SA10HS. The secret fuses are conditionally appended, depending on the parameters to the HOST command. For complete sample calculations, refer to”Atmel AT88SA100S” and/or “Atmel AT88SA102S” datasheets. 8595F–SMEM–8/10 Atmel AT88SA10HS Host Authentication Chip ® ...

  • Page 4

    ... Atmel AT88SA10HS incorporates a number of physical security features designed to protect the keys from release. These include an active shield over the entire surface of the part, internal memory encryption, internal clock generation, glitch protection, voltage tamper detection and other physical design features. Pre-programmed keys stored on AT88SA10HS are encrypted in such a way as to make retrieval of their values via outside analysis very difficult ...

  • Page 5

    AC Parameters WAKE LOGIC Ø LOGIC 1 NOISE SUPPRESION 3. Absolute Maximum Ratings* Operating Temperature .................. −40°C to +85°C Storage Temperature .................. −65° 150°C Voltage on Any Pin with Respect to Ground ............... − 0 ...

  • Page 6

    Table 3-1. AC Parameters Parameter Symbol Wake Low t WLO Duration Wake Delay to t WHI Data Comm. Start pulse t START duration Zero t ZHI transmission high pulse Zero t ZLO transmission low pulse ‡ Bit time t BIT ...

  • Page 7

    DC Parameters Table 4-1. DC Parameters Parameter Operating temperature Power Supply Voltage Fuse Burning Voltage Active Power Supply Current Sleep Power Supply Current @ -40C to 55C Sleep Power Supply Current @ 85C Input Low Voltage @ V = ...

  • Page 8

    ... Command Timing Parameter Symbol Parsing Delay t PARSE Host0Delay t EXEC_HOST0 Host1Delay t EXEC_HOST1 Host2Delay t EXEC_HOST2 MemoryDelay t EXEC_READ SecureDelay t EXEC_SECURE PersonalizeDelay t PERSON In this document used as shorthand for the delay corresponding to whatever command has been sent to EXEC the chip. Atmel AT88SA10HS Host Authentication Chip 8 ...

  • Page 9

    Transmit Flag The Transmit flag is used to turn around the signal so that the Atmel system, depending on its current state. The bytes that the AT88SA10HS returns to the system depend on its current state as follows: Table ...

  • Page 10

    IO Blocks Commands are sent to the chip, and responses received from the chip, within a block following way: Byte Name Meaning Number 0 Count Number of bytes to be transferred to the chip in the block, including count, ...

  • Page 11

    In order to limit the active current if the Atmel is also enabled when the AT88SA10HS receives a wake-up. If the first token does not come within the t interval, the AT88SA10HS will go back to the sleep mode without ...

  • Page 12

    ... Concatenates the key stored in AT88SA10HS with an input 256-bit challenge and generates the digest of this message. The result is left in internal memory and cannot be read. In general, the challenge should be a random number generated by the host system, which will be sent to both the host (AT88SA10HS) and client (Atmel AT88SA100S or Atmel AT88SA102S) ...

  • Page 13

    ... HOST1 Completes the two block SHA-256 digest started by HOST0 and leaves the resulting digest within the internal ® memory of the Atmel AT88SA10HS. This command returns an error if HOST0 has not been successfully run previously within this Wake cycle security precaution, this command does not return the digest. A subsequent command is required to compare the response generated by the client with the one generated by the host ...

  • Page 14

    The contents of the second block to be digested are listed below. Note: To simplify this documentation; the bit addresses for OtherInfo are listed in the table below Size Source 32-bits OtherInfo[0-31] 64-bits Fuse[0-63] 24-bits OtherInfo[32-55] 8-bits Fuse[88-95] 32-bits OtherInfo[56-87] ...

  • Page 15

    ... GenPersonalizationKey Loads a personalization key into internal memory and then uses that key along with an input seed to generate a decryption digest using SHA-256. Neither the key nor the decryption digest can be read from the chip. Upon completion, an internal bit is set indicating that a secure personalization digest has been loaded and is ready to use by the BurnSecure command ...

  • Page 16

    Table 5-11. Input Parameters Name Opcode GenPers Param1 Zero Param2 KeyID Data Seed Table 5-12. Output Parameters Name Size Notes Success 1 Upon successful execution, a value of zero will be returned by Atmel AT88SA10HS The SHA-256 message body used ...

  • Page 17

    The total BurnSecure execution delay is directly proportional to the total number of fuses being burned less than 4.5V, then the total BurnSecure execution time may exceed the interval remaining before the expiration of the watchdog timer. In ...

  • Page 18

    Pinout Table 6-1. SOT Pin Definitions Pin # Name Description 1 Signal IO channel to the system, open drain output expected that an external pull-up resistor will be provided to pull this signal pin ...

  • Page 19

    Package Drawing 3TS1 – Shrink SOT E1 SEATING PLANE Notes: 1. Dimension D does not include mold flash, protrusions or gate burrs. Mold flash, protrusions or gate burrs shall not exceed 0.25mm per end. Dimension E1 does not include ...

  • Page 20

    Pin 1 indicator this corner Top View b D Side View Notes: 1. This drawing is for general information only. Refer to JEDEC Drawing MO-153, Variation AA, for proper dimensions, ...

  • Page 21

    JEDEC SOIC Top View e D Side View Note: These drawings are for general information only. Refer to JEDEC Drawing MS-012, Variation AA for proper dimensions, tolerances, datums, etc. 1150 E. Cheyenne Mtn. Blvd. Colorado Springs, CO 80906 ...

  • Page 22

    Ordering Codes Ordering Code AT88SA10HS-TSU-T AT88SA10HS-TH-T AT88SA10HS-SH-T 9. Revision History Doc. Rev. Date 8595F 08/2010 8595E 06/2010 8595D 05/2010 8595C 04/2010 8595B 02/2010 8595A 04/2009 Atmel AT88SA10HS Host Authentication Chip 22 Package Type Voltage Range SOT, Tape & Reel ...

  • Page 23

    He adq Atmel Corporation 2325 Orchard Parkway San Jose, CA 95131 USA Tel: (+1) (408) 441-0311 Fax: (+1) (408) 487-2600 www.atmel.com Disclaimer: The information in this document is provided in connection with Atmel products. No license, ...