ATSHA204 ATMEL [ATMEL Corporation], ATSHA204 Datasheet - Page 13

ATSHA204

Manufacturer Part Number

ATSHA204

Description

Atmel CryptoAuthentication

Manufacturer

ATMEL [ATMEL Corporation]

Datasheet

1.ATSHA204.pdf (65 pages)

Available stocks

Company

Part Number

Manufacturer

Quantity

Price

Company:

Bonase Electronics (HK) Co., Limited

Part Number:

ATSHA204-MAH-DA-T

Manufacturer:

NVIDIA

Quantity:

340

Company:

Meier Automation Equipment Co., Limited

Part Number:

ATSHA204-SH-DA-B

Manufacturer:

ATMEL/爱特梅尔

Quantity:

20 000

Company:

Meier Automation Equipment Co., Limited

Part Number:

ATSHA204-SH-DA-T

Manufacturer:

ATMEL/爱特梅尔

Quantity:

20 000

Company:

Bonase Electronics (HK) Co., Limited

Part Number:

ATSHA204-TSU-T

Manufacturer:

EPSON

Quantity:

418

Company:

Meier Automation Equipment Co., Limited

Part Number:

ATSHA204-TSU-T

Manufacturer:

ATMEL/爱特梅尔

Quantity:

20 000

Company:

Meier Automation Equipment Co., Limited

Part Number:

ATSHA204A

Manufacturer:

ATMEL/爱特梅尔

Quantity:

20 000

Company:

Meier Automation Equipment Co., Limited

Part Number:

ATSHA204A-MAHDA-T

Manufacturer:

Quantity:

20 000

Company:

H&T Electronics

Part Number:

ATSHA204A-MAHFD-T

Quantity:

14 270

Company:

H&T Electronics

Part Number:

ATSHA204A-MAHMF-S

Quantity:

2 973

Company:

Bonase Electronics (HK) Co., Limited

Part Number:

ATSHA204A-SSHDA-B

Manufacturer:

ATMEL

Quantity:

3 450

Company:

BOSTOCK HK LIMITED

Part Number:

ATSHA204A-SSHDA-B

Manufacturer:

Quantity:

21 810

Company:

H&T Electronics

Part Number:

ATSHA204A-SSHDA-B

Quantity:

50 000

Company:

Bonase Electronics (HK) Co., Limited

Part Number:

ATSHA204A-SSHDA-T

Manufacturer:

ATMEL

Quantity:

3 450

Company:

Bonase Electronics (HK) Co., Limited

Part Number:

ATSHA204A-STUCZ-T

Manufacturer:

ATMEL

Quantity:

12 000

Company:

H&T Electronics

Part Number:

ATSHA204A-TSU-T

Quantity:

569

Company:

H&T Electronics

Part Number:

ATSHA204A-XHDA-T

Quantity:

3 360

Current page: 13 of 65
Download datasheet (2Mb)

3.3.1

3.3.2

3.3.3

3.3.4

Diversified Keys

If the host or validating entity has a place to securely store secrets, the key values stored in the EEPROM slot(s) can be

diversified with the serial number embedded in the device (SN[0:8]). In this manner, every client device can have a unique key,

which can provide extra protection against known plaintext attacks and permit compromised serial numbers to be identified

and blacklisted.

To implement this, a root secret is externally combined with the device serial number during personalization using some

cryptographic algorithm and the result written to the ATSHA204 key slot.

The ATSHA204 CheckMac command provides a mechanism of securely generating and comparing diversified keys,

eliminating this requirement from the host system.

Consult the following application note for more details:

http://www.atmel.com/dyn/resources/prod_documents/doc8666.pdf

Rolled Keys

In order to prevent repeated use of the same key value, the ATSHA204 supports key rolling. Normally, after a certain number

of uses (perhaps as few as one), the current key value is replaced with the SHA-256 digest of its current value combined with

some offset, which may either be a constant, something related to the current system (for example, a serial number or model

number), or a random number.

This capability is implemented using the DeriveKey command. Prior to execution of the DeriveKey command, the Nonce

command must be run to load the offset into TempKey. Each time the roll operation is performed on slots 0-7, the

UpdateCount field for that slot is incremented.

One use for this capability is to permanently remove the original key from the device, replacing it with a key that is only useful

in a particular environment. After the key is rolled, there is no possible way to retrieve the old value, which improves the

security of the system.

Note:

Created Keys

In order to support unique ephemeral keys for every client, the ATSHA204 also supports key creation. In this mechanism, a

“parent” key (specified by slotConfig.writeKey) is combined with a fixed or random nonce to create a unique key, which is then

used for any cryptographic purpose.

The ability to create unique keys is especially useful if the parent key has usage restrictions (see “Single-use Keys” and

“Limited-use Key” in the following sections). In this mode, the limited use parent key can be employed to create an unlimited

use child key. Because the child key is useful only for this particular host-client pair, attacks on its value are less valuable.

This capability is also implemented using the DeriveKey command. Prior to execution of the DeriveKey command, the Nonce

command must be run to load the Nonce value into TempKey. Each time the create operation is performed on slots 0-7; the

UpdateCount field for that slot is incremented.

Single-use Keys

For the KeyID values corresponding to slots 0-7 in the data section of the EEPROM, repeated usage of the key stored in the

slot can be strictly limited. This feature is enabled if the SingleUse bit is set in the SlotConfig field. The SingleUse bit is ignored

for slots 8-14. The number of remaining uses is stored as a bit map in the UseFlag byte corresponding to the slot in question.

Prior to execution of any cryptographic command that uses this slot as a key, the following takes place:

•

If SlotConfig[keyId].SingleUse is set and UseFlag[KeyID] is 0x00, the device returns an error.

Starting at bit seven of UseFlag[keyID], clear to zero the first bit that is currently a one.

Any power interruption during the execution of the DeriveKey command in Roll mode may cause either the key

or the UpdateCount to have an unknown value. If writing to a slot is enabled using bit number 14 of SlotConfig,

such keys can be written in encrypted and authenticated form using the Write command. Alternatively, multiple

copies of the key can be stored in multiple slots so that failure of a single slot does not incapacitate the system.

Atmel ATSHA204 [DATASHEET]

8740D−CRYPTO−3/12

ATSHA204 ATMEL [ATMEL Corporation], ATSHA204 Datasheet - Page 13

ATSHA204

Available stocks

Related parts for ATSHA204