ABRIDGED DATA SHEET EVALUATION KIT AVAILABLE Click here for production status of specific part numbers. DS2476 DeepCover Secure Coprocessor General Description Benefits and Features The DS2476 is a DeepCover secure ECDSA and HMAC ECC-256 Compute Engine FIPS 186 ECDSA P256 Signature and Verification SHA-256 coprocessor companion to the DS28C36. The coprocessor can compute any required HMACs or ECDSA ECDH Key Exchange with Authentication Prevents Man-in-the-Middle Attacks signatures to do any operation on the DS28C36. The ECDSA Authenticated R/W of Configurable DS2476 provides a core set of cryptographic tools derived Memory from integrated asymmetric (ECC-P256) and symmetric (SHA-256) security functions. In addition to the security FIPS 180 SHA-256 Compute Engine services provided by the hardware implemented crypto HMAC engines, the device integrates a FIPS/NIST true random SHA-256 OTP (One-Time Pad) Encrypted R/W of number generator (RNG), 8Kb of secured EEPROM, a Configurable Memory Through ECDH Established Key decrement-only counter, two pins of configurable GPIO, Two GPIO Pins with Optional Authentication Control and a unique 64-bit ROM identification number (ROM ID). Open-Drain, 4mA/0.4V The ECC public/private key capabilities operate from Optional SHA-256 or ECDSA Authenticated On/Off the NIST defined P-256 curve and include FIPS 186 and State Read compliant ECDSA signature generation and verification Optional ECDSA Certificate to Set On/Off after to support a bidirectional asymmetric key authentication Multiblock Hash for Secure Boot model. The SHA-256 secret-key capabilities are compli- RNG with NIST SP 800-90B Compliant Entropy ant with FIPS 180 and are flexibly used either in conjunc- Source with Function to Read Out tion with ECDSA operations or independently for multiple Optional Chip Generated Pr/Pu Key Pairs for ECC HMAC functions. Operations Two GPIO pins can be independently operated under 17-Bit One-Time Settable, Nonvolatile Decrement- command control and include configurability supporting Only Counter with Authenticated Read authenticated and nonauthenticated operation including an ECDSA-based crypto-robust mode to support secure- 8Kbits of EEPROM for User Data, Keys, and boot of a host processor. This secure boot method can Certificates also be used to enable the coprocessor functions. Unique and Unalterable Factory Programmed 64-Bit DeepCover embedded security solutions cloak sensitive Identification Number (ROM ID) data under multiple layers of advanced security to provide Optional Input Data Component to Crypto and Key the most secure key storage possible. To protect against Operations device-level security attacks, invasive and noninvasive 2 I C Communication Up to 1MHz countermeasures are implemented including active die Operating Range: 2.2V to 3.63V, -40C to +85C shield, encrypted storage of keys, and algorithmic methods. 6-Pin TDFN Package Applications IoT Node Crypto-Protection Ordering Information appears at end of data sheet. Accessory and Peripheral Secure Authentication Secure Storage of Cryptographic Keys for a Host Typical Application Circuit appears at end of data sheet. Controller Secure Boot or Download of Firmware and/or System Parameters DeepCover is a registered trademark of Maxim Integrated Products, Inc. 19-8589 Rev 3 12/20ABRIDGED DATA SHEET DS2476 DeepCover Secure Coprocessor Absolute Maximum Ratings Voltage Range on Any Pin Relative to GND ..........-0.5V to 4.0V Storage Temperature Range ............................ -55C to +125C Maximum Current into Any Pin...........................................20mA Lead temperature (soldering, 10s) ..................................+300C Operating Temperature Range ........................... -40C to +85C Soldering Temperature (reflow) ...................................... +260C Junction Temperature ......................................................+125C Stresses beyond those listed under Absolute Maximum Ratings may cause permanent damage to the device. These are stress ratings only, and functional operation of the device at these or any other conditions beyond those indicated in the operational sections of the specifications is not implied. Exposure to absolute maximum rating conditions for extended periods may affect device reliability. Package Information 6 TDFN-EP Package Code T633+2 Outline Number 21-0137 Land Pattern Number 90-0058 Thermal Resistance, Four-Layer Board: Junction to Ambient ( ) 42C/W JA Junction to Case ( ) 9C/W JC For the latest package outline information and land patterns (footprints), go to www.maximintegrated.com/packages. Note that a +, , or - in the package code indicates RoHS status only. Package drawings may show a different suffix character, but the drawing pertains to the package regardless of RoHS status. Package thermal resistances were obtained using the method described in JEDEC specification JESD51-7, using a four-layer board. For detailed information on package thermal considerations, refer to www.maximintegrated.com/thermal-tutorial. Electrical Characteristics (T = -40C to +85C.) (Note 1) A PARAMETER SYMBOL CONDITIONS MIN TYP MAX UNITS DS2476 2.97 Supply Voltage V V CC DS2476B 2.2 3.3 3.63 Active Supply Current I (Note 2) 300 A CC Standby Supply Current I 250 A CCS Computation Current I (Note 3) 7.5 mA CMP GPIO Output Low PIOV 0.4 V OL 0.3 x Input Low PIOV -0.3 V IL V CC 0.7 x V + CC Input High PIOV V IH V 0.3 CC DS2476 -10 +10 Leakage current I A L DS2476B -1 +1 ECC ENGINE Generate ECDSA Signature Time t 50 ms GES Generate ECC Key Pair t 100 ms GKP Verify ECDSA Signature or Compute t 150 ms VES ECDH Time SHA-256 ENGINE Computation Time (HMAC or RNG) t 3 ms CMP Maxim Integrated 2 www.maximintegrated.com