AT88SC0104CA_11 ATMEL [ATMEL Corporation], AT88SC0104CA_11 Datasheet - Page 15

no-image

AT88SC0104CA_11

Manufacturer Part Number
AT88SC0104CA_11
Description
Atmel CryptoMemory Specification Datasheet
Manufacturer
ATMEL [ATMEL Corporation]
Datasheet
6.1.2
Authentication Protocol
The use of a mutual authentication protocol further protects access to user zones. Any one of four key sets is available for
assignment to any user zone through configuration of access registers. Each key set consists of a secret seed, a cryptogram,
and a session encryption key. A verify crypto command exists to allow the use of any one of the key sets to enter
authentication mode. Each successful entry into authentication mode renders the mode active for the current key set until the
next call to the verify crypto command or device reset. Only one key set may be active at anytime. Unsuccessful calls of the
verify crypto command exits authentication mode and decrements the value of the authentication attempts counter (AAC)
register. Decrementing AAC to $00 permanently disables the corresponding key set and permanently renders the
corresponding user zone(s) under protection inaccessible.
Entry into authentication mode is a process through which the host and CryptoMemory device mutually authenticate one
another. First, the host generates a 64-bit random number, reads a current cryptogram and identification information from the
device, and uses this information in conjunction with the corresponding secret seed to generate a 64-bit challenge for the
device. The host also generates a new cryptogram and session encryption key in the process. The host then sends the
challenge and random number to the device by calling the verify crypto command. The device utilizes the random number
from the host to generate its own challenge, new cryptogram and session encryption key. It then compares the challenge to
the one from the host. If the challenges match, then the device declares the host authentic, overwrites its corresponding
current cryptogram and session encryption key with the new ones. To complete the mutual authentication, the host reads the
new cryptogram from the device and compares it with its new cryptogram. The new cryptogram from the device serves as a
challenge to the host. If the cryptograms match then the device is authentic. Only an authentic pair of host and device can
generate the same challenges and cryptograms. Activating mutual authentication requires the use of the verify authentication
variant of the verify crypto command (see Section 8.2,
Figure 6-2. The Mutual Authentication Process
CryptoMemory Device
Device Info, Cryptogram
Compute Session Key
Compute Challenge A
Compute Challenge B
Verify Challenge A
[Secret Seed]
Allow Access
Command/Communications
Atmel AT88SC0104CA/0204CA/0404CA/0808CA [Datasheet]
Verify Authentication
Read Config Zone
Read Config Zone
Command Set
and Section 10.3,
Read Device Info, Cryptogram
Compute Secret Seed
Generate Random Number
Compute Challenge A
Compute Challenge B
Compute Session Key
Read Challenge B
Verify Challenge B
Allow Access
Command
Host Logic
Set).
8664E−CRYPTO−12/11
15

Related parts for AT88SC0104CA_11