Request Security User Guide and Developer Software EVALUATION KIT AVAILABLE Click here for production status of specific part numbers. DS28E39 DeepCover Secure ECDSA Bidirectional Authenticator with ChipDNA PUF Protection General Description Benefits and Features The DS28E39 is an ECDSA public-key-based bidirec- Robust Countermeasures Protect Against Security tional secure authenticator that incorporates Maxims Attacks patented ChipDNA feature, a physically unclonable Patented Physically Unclonable Function Secures function (PUF) to provide a cost-effective solution with Device Data the ultimate protection against security attacks. Using the Actively Monitored Die Shield Detects and Reacts to Intrusion Attempts random variation of semiconductor device characteristics that naturally occur during wafer fabrication, the ChipDNA All Stored Data Cryptographically Protected from Discovery circuit generates a unique output value that is repeatable over time, temperature, and operating voltage. Attempts ECDSA Authenticated R/W of Stored Data and to probe or observe ChipDNA operation modifies the Counter. underlying circuit characteristics, preventing discovery Efficient Public-Key Authentication Solution to of the unique value used by the chip cryptographic func- Authenticate Peripherals tions. The DS28E39 utilizes the ChipDNA output as key FIPS 186-Compliant ECDSA P256 Signature for content to cryptographically secure all device stored data Challenge/Response Authentication and optionally, under user control, as the private key for ChipDNA Generated Public/Private Key Pair. the ECDSA signing operation. With ChipDNA capabil- TRNG with NIST SP 800-90B Compliant Entropy ity, the device provides a core set of cryptographic tools Source derived from integrated blocks including an asymmetric Supplemental Features Enable Easy Integration into (ECC-P256) hardware engine, a FIPS/NIST-compliant End Applications true random number generator (TRNG), 2Kb of secured 17-Bit One-Time Settable, Nonvolatile Decrement- EEPROM, a decrement-only counter and a unique 64-bit Only Counter with Authenticated Read ROM identification number (ROM ID). The ECC public/ 2Kbits of EEPROM for User Data, Key, Control private key capabilities operate from the NIST-defined Registers, and Certificate P-256 curve to provide a FIPS 186-compliant ECDSA Unique and Unalterable Factory Programmed signature generation function. The unique ROM ID is 64-Bit Identification Number (ROM ID) used as a fundamental input parameter for cryptographic Single-Contact, 1-Wire Interface Communication operations and serves as an electronic serial number with Host at 11.7kbps and 62.5kbps within the application. The DS28E39 communicates over Operating Range: 3.3V 10%, -40C to +85C the single-contact 1-Wire bus at both standard and 6-Pin TDFN-EP Package (3mm x 3mm) overdrive speeds. The communication follows the 1-Wire protocol with the ROM ID acting as node address in the case of a multidevice 1-Wire network. Ordering Information appears at end of data sheet. Applications Authentication of Medical Sensors and Tools Secure Management of Limited Use Consumables DeepCover and 1-Wire are registered trademarks and ChipDNA is a trademark of Maxim Integrated Products, Inc. IoT Node Authentication Peripheral Authentication Reference Design License Management Printer Cartridge Identification and Authentication 19-100444 Rev 0 12/18DS28E39 DeepCover Secure ECDSA Bidirectional Authenticator with ChipDNA PUF Protection Typical Application Circuit V CC 100k R PUP Q1 V 1k CC PIOX *PMV65XP DS28E39 BIDIRECTIONAL PIOY IO C EXT OPEN DRAIN PORT C X GND V CC C Rp V CC 2 I C PIOA IO SDA PORT SCL PIOB IO DS2476 GND *NOTE: USE A Q1 LOW-IMPEDANCE BYPASS OR EQUALLY DRIVE LOGIC 1 WITH PIOY. Maxim Integrated 2 www.maximintegrated.com