EVALUATION KIT AVAILABLE Request Security User Guide and Developer Software DS28E83 DeepCover Radiation Resistant 1-Wire Authenticator General Description Benefits and Features The DS28E83 is a radiation-resistant secure authentica- High Radiation Resistance Allows User- tor that provides a core set of cryptographic tools derived Programmable Manufacturing or Calibration Data from integrated asymmetric (ECC-P256) and symmetric Before Medical Sterilization (SHA-256) secu rity functions. In addition to the security Resistant Up to 75kGy (kiloGray) of Radiation services provided by the hardware implemented crypto One Time Programmable (OTP) 10kb of User Data, Keys, and Certificates engines, the device integrates a FIPS-compatible true random number genera tor (TRNG), 10Kb of secured ECC-P256 Compute Engine OTP, one configurable GPIO, and a unique 64-bit ROM FIPS 186 ECDSA P256 Signature and Verification identification number (ROM ID). ECDH Key Exchange for Session Key Establishment The ECC public/private key capabilities operate from the ECDSA Authenticated R/W of Configurable Memory NIST defined P-256 curve and include FIPS 186-compliant SHA-256 Compute Engine ECDSA signature generation and verification to support FIPS 180 MAC for Secure Download/Boot a bidirectional asymmetric key authentication model. The FIPS 198 HMAC for Bidirectional Authentication SHA-256 secret key capabilities are compli ant with FIPS and Optional GPIO Control 180 and are flexibly used either in conjunc tion with ECDSA SHA-256 OTP (One-Time Pad) Encrypted R/W of operations or independently for multiple HMAC functions. Configurable Memory Through ECDH Established Key The GPIO pin can be operated under command control and One GPIO Pin with Optional Authentication Control include configurability supporting authenticated and nonau- Open-Drain, 4mA/0.4V thenticated operation, including an ECDSA-based crypto- Optional SHA-256 or ECDSA Authenticated On/Off robust mode to support secure boot of a host processor. and State Read DeepCover embedded security solutions cloak sensitive Optional ECDSA Certificate to Set On/Off After data under multiple layers of advanced security to provide Multiblock Hash for Secure Download the most secure key storage possible. To protect against TRNG with NIST SP 800-90B Compliant Entropy device-level security attacks, invasive and noninvasive Source with Function to Read Out countermeasures are implemented including active die Optional Chip Generated Pr/Pu Key Pairs for ECC shield, encrypted storage of keys, and algorithmic methods. Operations or Secrets for SHA256 Functions Applications Unique and Unalterable Factory Programmed 64-Bit Medical Consumables Secure Authentication Identification Number (ROM ID) Optional Input Data Component to Crypto and Key Medical Tools/Accessories Identification and Operations Calibration Advanced 1-Wire Protocol Minimizes Interface to Accessory and Peripheral Secure Authentication Just Single Contact Secure Storage of Cryptographic Keys for Host Operating Range: 3.3V 10%, 0C to +50C Controllers 8kV HBM ESD Protection of 1-Wire IO Pin Secure Boot or Download of Firmware and/or System Parameters 6-Pin, 3mm x 3mm TDFN DeepCover is a registered trademark of Maxim Integrated Ordering Information appears at end of data sheet. Products, Inc. 19-100287 Rev 0 3/18DS28E83 DeepCover Radiation Resistant 1-Wire Authenticator Simplified Block Diagram CX PARASITE POWER C EXT DS28E83 64-BIT ROM ID 1-WIRE FUNCTION IO CONTROL BUFFER AND ECC-P256 COMMAND SHA-256 RNG 10Kb OTP ARRAY USER MEMORY KEYS & CERTIFICATES COMPUTE AUTHENTICATED PIO CONTROL GPIO Maxim Integrated 2 www.maximintegrated.com