Atmel AT88SA10HS Atmel CryptoAuthentication Host Security Chip DATASHEET Not Recommended for New Designs Replaced by ATSHA204 Features Secure key storage to complement the Atmel AT88SA100S and the Atmel AT88SA102S devices Superior SHA-256 hash algorithm Guaranteed Unique 48-bit serial number High speed single wire interface, optionally shared with client Supply voltage: 2.7V 5.25V 1.8V 5.5V communications voltage <150nA sleep current 4KV ESD protection Multi-level hardware security Secure personalization Green compliant (exceeds RoHS) 3-pin SOT-23 or 8-lead SOIC packages Applications Consumable device (battery, toner, other supplies) authentication Network and computer access control Authenticated communications for control networks Anti-clone authentication for daughter cards Physical access control (electronic lock and key) Figure 1. Pin Configurations Pin name Function SIGNAL Serial data, single-wire clock and data GND Ground VCC Power supply 3-lead SOT23 8-lead SOIC NC 1 8 VCC 2 VCC NC 2 7 NC GND 3 NC 3 6 NC SIGNAL 1 GND 4 5 SIGNAL 8595H CRYPTO 9/2012 1. Introduction The Atmel CryptoAuthentication family of chips is the first cost-effective authentication devices to implement the SHA-256 hash algorithm, which is part of the latest set of recommended algorithms by the US Government. The 256-bit key space renders any exhaustive attacks impossible. The AT88SA10HS host version of CryptoAuthentication chips is capable of validating the response coming from the SHA-256 engine within an authentic CryptoAuthentication client (SA100S or SA102S), even if that response includes within the computation the serial number of the client. For detailed information on the cryptographic protocols, algorithm test values and usage models. See Atmel AT88SA100S and Atmel AT88SA102S datasheets, along with the application notes dedicated to this product family. The host CryptoAuthentication performs three separate operations (named HOST0, HOST1, and HOST2) to implement this validation. The AT88SA10HS chip takes both the challenge and response as inputs and returns a single Boolean indicating whether or not the response is valid, in order to prevent the host chip from being used to model a valid client. The host system is responsible for generating the random challenge that is sent to both the client and host CryptoAuthentication devices as AT88SA10HS does not include a random number generator. Note: The chip implements a failsafe internal watchdog timer that forces it into a very low power mode after a certain time interval regardless of any current activity. System programming must take this into consideration. See Section 5.5 for more details. 1.1 Memory Resources Fuse Block of 128-fuse bits that can be written through the one wire interface. Fuse 87 has special meanings. See Section 1.2 for more details. Fuses 88:95 are part of the manufacturer ID value fixed by Atmel. Fuses 96:127 are part of the serial number programmed by Atmel which is guaranteed to be unique. See Section 1.3 for more details on the Manufacturing ID and Serial Number. ROM Metal mask programmed memory. Unrestricted reads are permitted on the first 64-bits of this array. The physical ROM will be larger and will contain other information that cannot be read. The following three fields are stored in the ROM: ROM MfrID 2-bytes of ROM that specifies part of the manufacturing ID code. This Atmel assigned value is always the same for all chips of a particular model number. For the AT88SA10HS, this value is 0x2301. (Appears on the bus: 0x0123), ROM MfrID can be read by accessing ROM bytes 0 and 1 of Address 0. ROM SN 2-bytes of ROM that can be used to identify chips among others on the wafer. These bits reduce the number of fuses necessary to construct a unique serial number. The MaskSN is read by accessing ROM bytes 2 and 3 of Address 0. The serial number can always be read by the system but is never included in the message digested by the HOST command. RevNum 4-bytes of ROM that are used by Atmel to identify the model mask and/or design revision of the AT88SA10HS chip. These bytes can be freely read as the four bytes returned by ROM Address 1 however, system code should not depend on this value as it may change from time to time. Atmel AT88SA10HS DATASHEET 2 8595HCRYPTO 9/2012