EVALUATION KIT AVAILABLE Request Security User Guide and Developer Software Click here for production status of specific part numbers. DS28E84 DeepCover Radiation-Resistant, High-Capacity, 1-Wire Authenticator General Description Benefits and Features The DS28E84 is a radiation-resistant secure authentica- High Radiation Resistance Allows User- tor that provides a core set of cryptographic tools derived Programmable Manufacturing or Calibration Data from integrated asymmetric (ECC-P256) and symmetric Before Medical Sterilization (SHA-256) secu rity functions. In addition to the security Resistant Up to 50kGy (kiloGray) of Radiation services provided by the hardware implemented crypto 10kb of One Time Programmable (OTP) for User Data, Keys, and Certificates engines, the device integrates a FIPS-compatible true random number genera tor (TRNG), 10Kb of secured 15Kb of Secure FRAM for User Data and Certificates OTP, 15Kb of FRAM, one configurable GPIO, and a unique 64-bit ROM identification number (ROM ID). ECC-P256 Compute Engine The ECC public/private key capabilities operate from the FIPS 186 ECDSA P256 Signature and Verification ECDH Key Exchange for Session Key Establishment NIST defined P-256 curve and include FIPS 186-compliant ECDSA signature generation and verification to support ECDSA Authenticated R/W of Configurable Memory a bidirectional asymmetric key authentication model. The SHA-256 Compute Engine SHA-256 secret key capabilities are compli ant with FIPS FIPS 180 MAC for Secure Download/Boot 180 and are flexibly used either in conjunc tion with ECDSA FIPS 198 HMAC for Bidirectional Authentication operations or independently for multiple HMAC functions. and Optional GPIO Control The GPIO pin can be operated under command control and SHA-256 OTP (One-Time Pad) Encrypted R/W of include configurability supporting authenticated and nonau- Configurable Memory Through ECDH Established Key thenticated operation, including an ECDSA-based crypto- One GPIO Pin with Optional Authentication Control robust mode to support secure boot of a host processor. Open-Drain, 4mA/0.4V DeepCover embedded security solutions cloak sensitive Optional SHA-256 or ECDSA Authenticated On/Off data under multiple layers of advanced security to provide and State Read the most secure key storage possible. To protect against Optional ECDSA Certificate to Set On/Off After device-level security attacks, invasive and noninvasive Multiblock Hash for Secure Download countermeasures are implemented including active die TRNG with NIST SP 800-90B Compliant Entropy shield, encrypted storage of keys, and algorithmic methods. Source with Function to Read Out Optional Chip Generated Pr/Pu Key Pairs for ECC Applications Operations or Secrets for SHA256 Functions Medical Consumables Secure Authentication 17-Bit One-Time Settable, Nonvolatile Decrement- Medical Tools/Accessories Identification and Only Counter with Authenticated Read Calibration Unique and Unalterable Factory Programmed 64-Bit Accessory and Peripheral Secure Authentication Identification Number (ROM ID) Secure Storage of Cryptographic Keys for Host Optional Input Data Component to Crypto and Key Controllers Operations Secure Boot or Download of Firmware and/or System Advanced 1-Wire Protocol Minimizes Interface to Parameters Just Single Contact Operating Range: 3.3V 10%, 0C to +50C 8kV HBM ESD Protection of 1-Wire IO Pin 6-Pin, 3mm x 3mm TDFN DeepCover is a registered trademark of Maxim Integrated Products, Inc. Ordering Information appears at end of data sheet. 19-100469 Rev 1 1/19DS28E84 Deep Cover Radiation-Resistant, High-Capacity, 1-Wire Authenticator Simplified Block Diagram C X PARASITE POWER CEXT DS28E84 64-BIT ROM ID RNG IO 1-WIRE FUNCTION BUFFER ECC-P256 CONTROL SHA-256 AND COMMAND 10Kb OTP ARRAY USER MEMORY 15Kb FRAM ARRAY KEYS & CERTIFICATES USER MEMORY KEYS & CERTIFICATES DECREMENT COUNTER COMPUTE CONTROL AUTHENTICATED PIO GPIO Maxim Integrated 2 www.maximintegrated.com