Atmel AT88SA102S Atmel CryptoAuthentication Product Authentication Chip DATASHEET Not Recommended for New Designs Replaced by ATSHA204 Features Secure authentication and key exchange Superior SHA-256 hash algorithm Best in class 256-bit key length Guaranteed unique 48-bit serial number High speed single wire interface Supply voltage: 2.7V 5.25V 1.8V 5.25V communications <150nA sleep current Multi-level hardware security Secure personalization Green compliant (exceeds RoHS) 3-pin SOT-23 or 8-lead SOIC packages Applications Authentication of replaceable items Software anti-piracy Network and computer access control Portable media player and GPS system Key exchange for encrypted downloads Prevention of clones for demo and evaluation boards Authenticated communications for control networks Anti-clone authentication for daughter cards Physical access control (electronic lock and key) 8584H CRYPTO 9/2012 Figure 1. Pin Configurations Pin name Function SIGNAL Serial data, single-wire clock and data GND Ground VCC Power supply 8-lead SOIC 3-lead NC 8 VCC 1 VCC 2 NC 2 7 NC GND 3 NC 3 6 NC GND 4 5 SIGNAL 1 SIGNAL 1. Introduction The Atmel AT88SA102S is a member of the Atmel CryptoAuthentication family of cost-effective authentication chips designed to securely authenticate an item to which it is attached. It can also be used to exchange session keys with some remote entity so that the system microprocessor can securely encrypt/decrypt data. Each AT88SA102S chip contains a pre- programmed serial number which is guaranteed to be unique. In addition, it has been designed to permit secure personalization so that third parties can build devices containing an OEM secret without concern for the theft of that secret. It is the first small standard product to implement the SHA-256 hash algorithm, which is part of the latest set of recommended algorithms by the US Government. The 256-bit key space renders any exhaustive attacks impossible. The CryptoAuthentication family uses a standard challenge response protocol to simplify programming. The system generates a random number challenge and sends it to the AT88SA102S chip. The chip hashes that with a 256-bit key using the SHA-256 algorithm to generate a keyed 256-bit response which is sent back to the system. The chip includes 128-single bit one time programmable fuses that can be used for personalization, status or consumption logging. Atmel programs 40 of these bits prior to the chip leaving the factory, leaving 88 for user purposes. See Section 1.3 for more information. Note: The chip implements a failsafe internal watchdog timer that forces it into a very low power mode after a certain time interval regardless of any command execution or IO transfers that may be happening at the time the timer expires. System programming must take this into consideration. See Section 5.4 for more details 1.1 Usage There are many different ways in which the AT88SA102S can add an authentication capability to a system. For more information, see the Atmel CryptoAuthentication Usage Examples applications note. In general, however, all these security models usually employ one of two general key management strategies: Fixed challenge response number pair stored in the host. In this case, the host sends its particular challenge and only an authentic AT88SA102S can generate the correct response. Since no secret is stored on the host, there is no security cost on the host. Depending on the particulars of the system, each host may have a different challenge response pair and/or each client may have the same key. Host computes the response that should be provided for a particular client against a random challenge and/or include the client ID number in the calculation. In this case, the host needs to have the capability to securely store the secret from which diversified response will be computed. One way to do this is to use a CryptoAuthentication host chip. Since each client is unique, the host can maintain a dynamic black list of clients that have been found to be fraudulent. Atmel AT88SA102S DATASHEET 2 8584HCRYPTO 9/2012