PRELIMINARY EVALUATION KIT AVAILABLE Request Security User Guide and Developer Software DS28E36 DeepCover Secure Authenticator General Description The DS28E36 is a DeepCover secure authenticator ECC-256 Compute Engine that provides a core set of cryptographic tools derived FIPS 186 ECDSA P256 Signature and Verification from integrated asymmetric (ECC-P256) and symmetric ECDH Key Exchange with Authentication Prevents Man-in-the-Middle Attacks (SHA-256) security functions. In addition to the security services provided by the hardware implemented crypto ECDSA Authenticated R/W of Configurable Memory engines, the device integrates a FIPS/NIST true random number generator (RNG), 8Kb of secured EEPROM, a SHA-256 Compute Engine decrement-only counter, two pins of configurable GPIO, FIPS 180 MAC for Secure Download/Boot and a unique 64-bit ROM identification number (ROM Operations ID). This unique ROM ID is used as a fundamental input FIPS 198 HMAC for Bidirectional Authentication parameter for cryptographic operations and also serves and Optional GPIO Control as an electronic serial number within the application. The Two GPIO Pins with Optional Authentication Control DS28E36 communicates over the single-contact 1-Wire Open-Drain, 4mA/0.4V bus at overdrive speed. The communication follows the Optional SHA-256 or ECDSA Authenticated On/Off 1-Wire protocol with the ROM ID acting as node address and State Read in the case of a multidevice 1-Wire network. Optional Set On/Off after Multiblock Hash for The ECC public/private key capabilities operate from Secure Boot/Download the NIST defined P-256 curve and include FIPS 186 RNG with NIST SP 800-90B Compliant Entropy compliant ECDSA signature generation and verification Source with Function to Read Out to support a bidirectional asymmetric key authentication Optional Chip Generated Pr/Pu Key Pairs for ECC model. The SHA-256 secret-key capabilities are compli- Operations ant with FIPS 180 and are flexibly used either in conjunc- tion with ECDSA operations or independently for multiple 17-Bit One-Time Settable, Nonvolatile Decrement- HMAC functions. Only Counter with Authenticated Read Two GPIO pins can be independently operated under 8Kbits of EEPROM for User Data, Keys, and command control and include configurability supporting Certificates authenticated and nonauthenticated operation including Unique and Unalterable Factory Programmed 64-Bit an ECDSA-based crypto-robust mode to support secure- Identification Number (ROM ID) boot of a host processor. Optional Input Data Component to Crypto and Key DeepCover embedded security solutions cloak sensitive Operations data under multiple layers of advanced security to provide Single-Contact 1-Wire Interface Communication with the most secure key storage possible. To protect against Host at 11.7kbps and 62.5kbps device-level security attacks, invasive and noninvasive Operating Range: 3.3V 10%, -40C to +85C countermeasures are implemented including active die shield, encrypted storage of keys, and algorithmic methods. 6-Pin TDFN-EP Package (3mm x 3mm) Applications Ordering Information appears at end of data sheet. IoT Node Crypto-Protection Accessory and Peripheral Secure Authentication Typical Application Circuit appears at end of data sheet. Secure Storage of Cryptographic Keys for a Host Controller Secure Boot or Download of Firmware and/or System Parameters 1-Wire and DeepCover are registered trademarks of Maxim Integrated Products, Inc. 19-100170 Rev 1 10/17PRELIMINARY DS28E36 DeepCover Secure Authenticator Absolute Maximum Ratings Voltage Range on Any Pin Relative to GND ..........-0.5V to 4.0V Storage Temperature Range ............................ -55C to +125C Maximum Current into Any Pin...........................................20mA Lead temperature (soldering, 10s) ..................................+300C Operating Temperature Range ........................... -40C to +85C Soldering Temperature (reflow) ...................................... +260C Junction Temperature ......................................................+125C Stresses beyond those listed under Absolute Maximum Ratings may cause permanent damage to the device. These are stress ratings only, and functional operation of the device at these or any other conditions beyond those indicated in the operational sections of the specifications is not implied. Exposure to absolute maximum rating conditions for extended periods may affect device reliability. Package Information 6 TDFN-EP PACKAGE CODE T633+2 Outline Number 21-0137 Land Pattern Number 90-0058 Thermal Resistance, Single-Layer Board: Junction to Ambient ( ) 55C/W JA Junction to Case ( ) 9C/W JC Thermal Resistance, Four-Layer Board: Junction to Ambient ( ) 42C/W JA Junction to Case ( ) 9C/W JC For the latest package outline information and land patterns (footprints), go to www.maximintegrated.com/packages. Note that a +, , or - in the package code indicates RoHS status only. Package drawings may show a different suffix character, but the drawing pertains to the package regardless of RoHS status. Package thermal resistances were obtained using the method described in JEDEC specification JESD51-7, using a four-layer board. For detailed information on package thermal considerations, refer to www.maximintegrated.com/thermal-tutorial Electrical Characteristics Limits are 100% production tested at T = +25C and T = +85C. Typical values are at T = +25C. Limits over the operating tem- A A A perature range and relevant supply voltage range are guaranteed by design and characterization. Specifications marked GBD are guaranteed by design and not production tested. Specifications to the minimum operating temperature are guaranteed by design and are not production tested. PARAMETER SYMBOL CONDITIONS MIN TYP MAX UNITS IO PIN: GENERAL DATA 1-Wire Pullup Voltage V (Note 1) 2.97 3.3 3.63 V PUP 1-Wire Pullup Resistance R (Notes 1, 2) 300 1000 PUP Input Capacitance C (Note 3) 0.1 + Cx nF IO Capacitor External C (Note 1) 399.5 470 540.5 nF X Input Load Current I IO pin at V 6 250 A L PUP During t , t , t , t , t or t RM WM CMP VES GKP GES Computation Current I 7.5 mA SPU (Note 20) Voltage at IO pin during t , t , t , RM WM CMP Computation Voltage V 2.2 V SPU t , t , or t (Note 20) VES GKP GES High-to-Low Switching 0.65 x V (Notes 4, 5, 6) V TL Threshold V PUP 0.10 x Input Low Voltage V (Note 7) V IL V PUP Maxim Integrated 2 www.maximintegrated.com