ATAES132-SH-ER Atmel, ATAES132-SH-ER Datasheet - Page 14

ATAES132-SH-ER

Manufacturer Part Number

ATAES132-SH-ER

Description

EEPROM AES 32Kbit EE I2C

Manufacturer

Atmel

Datasheet

1.ATAES132-SH-EQ.pdf (166 pages)

Specifications of ATAES132-SH-ER

Rohs

yes

Maximum Clock Frequency

1 MHz

Operating Supply Voltage

6 V

Maximum Operating Temperature

- 40 C to + 85 C

Mounting Style

SMD/SMT

Package / Case

SOIC-8

Interface Type

I2C

Factory Pack Quantity

2300

Current page: 14 of 166
Download datasheet (2Mb)

3.4.

3.4.1.

3.5.

3.5.1.

3.5.2.

Data Encryption/Decryption

A key can be configured to allow encryption/decryption of small packets of data using AES-CCM with an internally stored key.

The encrypt command encrypts 16 or 32 bytes of plaintext data provided by the host; the encrypted data and MAC are

returned to the host. The decrypt command decrypts 16 or 32 bytes of encrypted data after verifying the MAC; the data is

returned to the host only if the MAC is valid. When these commands are used, none of the data is stored in the internal

EEPROM.

AES-ECB Encryption/Decryption

A key can be configured to allow AES-ECB mode operations using the legacy command. A single AES-ECB operation is

performed using an internally stored key and the 16 byte input packet received with the AES-ECB command. The 16 byte

result is returned to the host. No input or output formatting is performed by this command, and no data is stored in the internal

EEPROM.

Keys

The ATAES132 securely stores sixteen 128 bit keys in the EEPROM. Keys can only be used for the cryptographic functions

enabled in the ZoneConfig, CounterConfig or KeyConfig register bits in the configuration memory. Key values can never be

read from the ATAES132 under any circumstances. Any key can be used with any user zone.

A seventeenth key register in the internal SRAM can be used for session keys.

See section 7.11 for the EncWrite command. See section 7.19 for the lock command.

Key Management

The key registers can be written with plaintext data or with encrypted data before the key memory is locked. After the key

memory is locked, a key register can only be updated if the corresponding KeyConfig register allows updates.

Several key management commands are available for updating or generating the keys:

Limited Use Keys

To prevent exhaustive attacks on the keys, the ATAES132 can be configured to limit the key usage with a monotonic counter.

If a key is configured with a usage counter, then the following steps are performed for any command using that key:

By default, the counters are configured to allow two million counts, allowing two million operations using a key with the usage

limits enabled. Atmel recommends that the customer configure key usage counters at personalization to a smaller number;

the appropriate key usage limit is dependent on the application. See Appendix H for additional information.

An encrypted key provided by the host can be written to an internal key register after validating the MAC. The

Plaintext data provided by the host can be encrypted and returned to the host along with the MAC; this packet can

The internal random number generator can be used to create a key for use as a session key or for storage in an

The contents of the session key register can be encrypted and returned to the host along with the MAC. The

Keys stored in the user memory can be transferred to an internal key register or used as a session key. A user zone

Read the counter from memory to check if the count has reached the maximum count value

If the maximum count has been reached, then the command is not executed and an error code is returned

If the maximum count has not been reached, then the counter is incremented and the command is executed

KeyImport command and KeyLoad command perform this function.

be used as the encrypted key input to another ATAES132 device. The KeyExport command performs this function.

internal key register. The new key can also be encrypted and returned to the host for use as the encrypted key input

to another ATAES132 device. The KeyCompute command and KeyExport command perform this function.

KeyExport command performs this function.

configured as extended key memory can be used to store eight keys. The KeyTransfer command performs this

function.

Atmel ATAES132 Preliminary Datasheet

8760A−CRYPTO−5/11

ATAES132-SH-ER Atmel, ATAES132-SH-ER Datasheet - Page 14

ATAES132-SH-ER

Specifications of ATAES132-SH-ER

Related parts for ATAES132-SH-ER