ATAES132-SH-ER Atmel, ATAES132-SH-ER Datasheet - Page 15

ATAES132-SH-ER

Manufacturer Part Number

ATAES132-SH-ER

Description

EEPROM AES 32Kbit EE I2C

Manufacturer

Atmel

Datasheet

1.ATAES132-SH-EQ.pdf (166 pages)

Specifications of ATAES132-SH-ER

Rohs

yes

Maximum Clock Frequency

1 MHz

Operating Supply Voltage

6 V

Maximum Operating Temperature

- 40 C to + 85 C

Mounting Style

SMD/SMT

Package / Case

SOIC-8

Interface Type

I2C

Factory Pack Quantity

2300

Current page: 15 of 166
Download datasheet (2Mb)

3.5.3.

3.5.3.1. Key Diversification

3.6.

3.6.1.

Secure Personalization

The ATAES132 is designed to allow personalization of keys using encryption, so the secret key values cannot be determined

by a third party. AES encryption of the keys prevents them from being determined by observation of data communicated to or

from the ATAES132.

A transport key is programmed into the KeyID 00 register by Atmel during the chip manufacturing process. This transport key

is securely exchanged between the customer and Atmel. During personalization, the secret keys are encrypted using the

transport key before being written to the ATAES132.

Atmel also offers a secure personalization service at additional cost which uses a hardware security module (HSM) to store

the customer secrets.

Atmel recommends that each unit should contain one or more unique keys to minimize the potential impact of cloning. The

keys stored in the ATAES132 should be a cryptographic combination of a root secret not stored in the chip along with the

unique ATAES132 SerialNum register value. The host must have a secure place to store the root secret to protect the

integrity of the diversified keys.

It may also be beneficial for the ATAES132 devices to contain secrets for validating the authenticity of the host. These secrets

may need to be the same on all ATAES132 devices for a particular application to permit any client to validate any host.

Random Numbers

The ATAES132 includes a high quality random number generator (RNG) for nonce generation, child key creation, and for the

general random number generation. The ATAES132 commands can generate random numbers for internal or external use.

Sixteen byte random numbers for external use are generated using the internal RNG and the AES engine as described in

NIST SP800-90.

The RNG can be used to generate the nonce for cryptographic operations. A mechanism is also provided to synchronize the

nonces in two ATAES132 devices using random numbers generated by both devices. A key can be configured to require that

cryptographic operations using the key use a nonce generated with the internal RNG.

Random Number Generation

The RNG architecture includes both a hardware random number generator and a stored random seed. On power up, the

stored seed is read from the EEPROM, cryptographically combined with the hardware random number generator output, and

then stored in SRAM. Whenever a random number is required, this SRAM seed is cryptographically combined with the

hardware random number generator output and the optional input seed to create both a new SRAM seed and the random

number.

For highest security, the EEPROM seed should be updated every power cycle in which the RNG is used. However the

EEPROM seed register has a maximum life expectancy of 100,000 writes per unit. The host system is expected to manage

the EEPROM seed by using the command mode option to suppress automatic EEPROM seed updates.

Atmel ATAES132 Preliminary Datasheet

8760A−CRYPTO−5/11

ATAES132-SH-ER Atmel, ATAES132-SH-ER Datasheet - Page 15

ATAES132-SH-ER

Specifications of ATAES132-SH-ER

Related parts for ATAES132-SH-ER