AT88SC0104CA_11 ATMEL [ATMEL Corporation], AT88SC0104CA_11 Datasheet - Page 16

AT88SC0104CA_11

Manufacturer Part Number

AT88SC0104CA_11

Description

Atmel CryptoMemory Specification Datasheet

Manufacturer

ATMEL [ATMEL Corporation]

Datasheet

1.AT88SC0104CA_11.pdf (66 pages)

Current page: 16 of 66
Download datasheet (665Kb)

6.1.3

6.1.4

Data Encryption

CryptoMemory allows the use of encryption between a host system and the CryptoMemory device to protect the confidentiality

of data during read-write accesses and verify password operations. To enable encryption, the host must generate a challenge

using the session encryption key generated from the authentication activation step. The host then needs to call the verify

crypto command again with the device still in active authentication mode. The session encryption key must belong to the

active authentication key set. The host may enable encryption at any time after which data content of communication between

host and device user zones becomes encrypted. If a user zone configuration in the access register requires encryption,

however, then the host must enter encryption mode and must encrypt all data content to and from the zone in the remainder of

the active encryption session in order to communicate with the zone. CryptoMemory does not encrypt system zone data

except for password and password attempt counters. Passwords and password attempt counters require encryption during

active authentication or encryption modes.

Each successful entry into encryption mode renders the mode active for the current key set until the next call to the verify

crypto command or device reset. Only one key set may be active at anytime. Unsuccessful calls of the verify crypto command

exits both encryption and authentication modes and decrements the value of the authentication attempts counter (AAC)

corresponding user zone(s) under protection inaccessible. Activating encryption is similar in process to activating

authentication with the exception that the session encryption key replaces the secret seed. The process uses the verify

encryption variant of the verify crypto command (see Section 8.2,

Figure 6-3. Encryption Activation Process from Active Authentication Mode

Encrypted Checksum (Message Authentication Code, MAC)

CryptoMemory implements a data validity check function in the form of an encrypted checksum. This checksum provides a bi-

directional data integrity check and data origin authentication capability in the form of a Message Authentication Code (MAC):

only the host/device that carried out a valid authentication is capable of computing a valid MAC. When writing data to the

CryptoMemory device in authentication or encryption communication modes, the host must send a valid checksum

immediately following the write command. If the checksum is invalid, the device rejects the write command and resets the

device security privileges. The host must reinitiate entry into authentication and, if applicable, encryption modes to continue.

The use of checksum is optional when reading data. Calls to the read checksum command resets device security so its use is

recommended only at the completion of all data read operations from the device.

Session Key, Cryptogram

CryptoMemory Device

Compute Challenge A

Compute Challenge B

Verify Challenge A

Enable Encryption

Command/Communications

Atmel AT88SC0104CA/0204CA/0404CA/0808CA [Datasheet]

Read Config Zone

Verify Encryption

Command Set

and Section 10.3,

Session Key, Cryptogram

Generate Random Number

Compute Challenge A

Compute Challenge B

Read Challenge B

Verify Challenge B

Host Logic

Command

8664E−CRYPTO−12/11

Set)

AT88SC0104CA_11 ATMEL [ATMEL Corporation], AT88SC0104CA_11 Datasheet - Page 16

AT88SC0104CA_11

Related parts for AT88SC0104CA_11