AT88SA102S_11 ATMEL [ATMEL Corporation], AT88SA102S_11 Datasheet - Page 2

AT88SA102S_11

Manufacturer Part Number

AT88SA102S_11

Description

Atmel CryptoAuthentication Product Authentication Chip

Manufacturer

ATMEL [ATMEL Corporation]

Datasheet

1.AT88SA102S_11.pdf (26 pages)

Current page: 2 of 26
Download datasheet (251Kb)

1.1

Figure 1.

Introduction

The Atmel

designed to securely authenticate an item to which it is attached. It can also be used to exchange session keys with some

remote entity so that the system microprocessor can securely encrypt/decrypt data. Each AT88SA102S chip contains a pre-

programmed serial number which is guaranteed to be unique. In addition, it has been designed to permit secure

personalization so that third parties can build devices containing an OEM secret without concern for the theft of that secret.

It is the first small standard product to implement the SHA-256 hash algorithm, which is part of the latest set of recommended

algorithms by the US Government. The 256-bit key space renders any exhaustive attacks impossible.

The CryptoAuthentication family uses a standard challenge response protocol to simplify programming. The system generates

a random number challenge and sends it to the AT88SA102S chip. The chip hashes that with a 256-bit key using the SHA-256

algorithm to generate a keyed 256-bit response which is sent back to the system.

The chip includes 128-single bit one time programmable fuses that can be used for personalization, status or consumption

logging. Atmel programs 40 of these bits prior to the chip leaving the factory, leaving 88 for user purposes. See Section 1.3 for

more information.

Note:

Usage

There are many different ways in which the AT88SA102S can add an authentication capability to a system. For more

information, see the “Atmel CryptoAuthentication Usage Examples” applications note.

In general, however, all these security models usually employ one of two general key management strategies:

Pin name

SIGNAL

GND

VCC

GND

•

Fixed challenge response number pair stored in the host. In this case, the host sends its particular challenge and

Host computes the response that should be provided for a particular client against a random challenge and/or

only an authentic AT88SA102S can generate the correct response. Since no secret is stored on the host, there is no

security cost on the host. Depending on the particulars of the system, each host may have a different challenge

response pair and/or each client may have the same key.

include the client ID number in the calculation. In this case, the host needs to have the capability to securely store

the secret from which diversified response will be computed. One way to do this is to use a CryptoAuthentication

host chip. Since each client is unique, the host can maintain a dynamic black list of clients that have been found to

be fraudulent.

8-lead SOIC

AT88SA102S is a member of the Atmel CryptoAuthentication family of cost-effective authentication chips

Pin Configurations

The chip implements a failsafe internal watchdog timer that forces it into a very low power mode after a certain

time interval regardless of any command execution or IO transfers that may be happening at the time the timer

expires. System programming must take this into consideration. See Section 5.4 for more details

Function

Serial data, single-wire clock and data

Ground

Power supply

VCC

SIGNAL

GND

3-lead

VCC

SIGNAL

GND

8-lead TSSOP

Atmel AT88SA102S [DATASHEET]

VCC

SIGNAL

8584G−CRYPTO−9/11

AT88SA102S_11 ATMEL [ATMEL Corporation], AT88SA102S_11 Datasheet - Page 2

AT88SA102S_11

Related parts for AT88SA102S_11