应用笔记 5741

Using the DS28E35 Authenticator


摘要 : The DS28E35 is a DeepCover® Secure Authenticator that provides a FIPS 186 based ECDSA public-key crypto-authentication method. Additional features including a 1Kb User EEPROM array, decrement-only counter, and advanced physical security combine to provide the ultimate in cost-effective IP protection, clone prevention, and peripheral authentication. Step-by-step this application note describes the necessary device setup procedure, the authentication process, and discusses user memory functions and the device’s software-controlled down-counter. An appendix includes byte-level communication sequences that correspond to each of these steps.

Introduction

The DS28E35 (Figure 1) is a DeepCover ECDSA (elliptic curve digital signature algorithm) authenticator, which is operated with Maxim’s single-contact 1-Wire® interface. The private and public key for signature generation and verification can be computed by the device or installed by the user and optionally locked. Separate memory space is set aside to store and lock a public-key certificate. The 1Kb user EEPROM memory is organized as four pages of 256 bits and can be left unprotected or irreversibly write-protected, read-protected, or set up for EPROM emulation mode. The DS28E35 also features a one-time settable, nonvolatile 17-bit decrement-on-command counter, which can be used to electronically control the lifetime of the object to which the DS28E35 is attached. Each device has its own guaranteed unique 64-bit ROM ID (identification number) that is factory programmed into the chip. This ROM ID is a fundamental input parameter for cryptographic operations. The ROM ID also functions as network address when communicating with the DS28E35.
DS28E35 block diagram.
Figure 1. DS28E35 block diagram.

Device Setup

A DS28E35 “fresh from the factory” is not ready for use. It must first be set up. Required setup steps are the installation of a key pair (private and public key) and the installation of a public-key certificate. To prevent unauthorized changes, the key pair and certificate must be write-protected. Although used in the authentication process, the actual contents of the user memory (factory default is 00h or undefined) is not critical. Programming the memory, therefore, is an optional step. The device’s 17-bit counter is not initialized. If needed in the application, the counter must first be preset before it can decrement. The device setup including user memory programming and counter initialization can be performed by Maxim’s factory personalization service as a value-added option.

Obtaining the ROM ID

A precondition for all communication, setup and the authentication process is knowing the ROM ID of the individual DS28E35 being used. If the application environment has exactly a single device on the 1-Wire bus, the ROM ID can simply be read using the Read ROM command. See Appendix, step GRIDA, for communication details. In case of multiple 1-Wire devices on the bus (DS28E35 or other overdrive-only parts), a more complex algorithm called Search ROM is needed. See Appendix, step GRIDB, for communication details.

Key Pair Installation

A key pair consists of a 24-byte private key and a 2 x 24-byte public key. The easiest way to install a key pair is through the DS28E35 Generate Key Pair command, which creates a key pair as shown in Figure 2 and loads the keys into the designated memory locations. This method ensures unique key pairs for each device and does not expose the private key. See Appendix, step GKP for communication details. The DS28E35 has a memory location to store the X value of the public key. When the DS28E35 is commanded to generate its own key pair (see next paragraph), instead of storing the full Y value of the public key, the device stores a single bit as a hint on which of the two possible Y values applies, i.e. from the applicable elliptic curve equation: Y2 = X3 + aX + b. The two possible Y values of the public key are later computed from the X value using elliptic curve mathematics. Depending on the hint bit one knows which of these values is to be used for signature verification. If desired, the key pair can be write-protected during installation or in a separate step (see the Protections section). Note that Maxim’s factory service to personalize the DS28E35 with a key pair provides the option to store the full Y value of the public key, not the hint bit, into 24 bytes of the 128 byte user EEPROM array.
Key pair generation.
Figure 2. Key pair generation.
If desired, the key pair can be computed externally and directly written to the respective memory locations in the DS28E35. The installation of an externally computed private key requires two accesses to the DS28E35. First the key is written to a buffer (see Appendix, step WBPRK) and then copied to the designated read-protected memory location (see Appendix, step CPB). The installation of the public key also requires two accesses. First the key is written to a buffer (see Appendix, step WBPUK) and then copied to the designated memory location (see Appendix, step CPBPUK). The parameter byte of the copy command conveys the value of the extra bit. Alternatively, instead of the hint bit, the full Y value of the public key could be written to user EEPROM.

Public Key Certificate Installation

Typically, the certificate is computed at the same time and location where the private/public key pair is installed. Maxim recommends that the certificate is computed with the SHA-256 input data that includes the full device public 2 x 24-byte key plus a 16-byte system constant for the first message block and includes the ROM ID plus 16-bit manufacturer ID for the second message block (Figure 3). For the certificate, the ECDSA computation uses the system private key. In the end application, the corresponding system public key and the 16-byte system constant must be known to the host controller operating with the DS28E35 to verify the public key’s authenticity using the certificate.
Before the certificate can be computed and installed, the host key-management system in charge of this task needs to know the full public key and the system private key. If the private/public key pair was installed using the Generate Key Pair command, the public key and the extra bit needs to be read from the DS28E35. See Appendix, steps RPK and RPB for the communication details. The extra bit is located in the MS bit of the PB2 (see the DS28E35 data sheet). Next the host computes the Y value of the public key from the applicable elliptic curve equation: Y2 = X3 + aX + b. Then the host computes the certificate like a signature with the SHA-256 input data from Table 1. The resulting values (r = certificate part 1, s = certificate part 2) are then written to the DS28E35’s certificate memory. For communication details see Appendix, and execute steps WBC1, CPB, WBC2, and CPB in exactly this sequence.
Certificate generation by a key management system.
Figure 3. Certificate generation by a key management system.
Table 1. SHA-256 Input Data for ECDSA Certificate Generation/Verification/Preprogramming
Message, first block
M01[31:24] = (PX+3) M01[23:16] = (PX+2) M01[15:8] = (PX+1) M01[7:0] = (PX+0)
M11[31:24] = (PX+7) M11[23:16] = (PX+6) M11[15:8] = (PX+5) M11[7:0] = (PX+4)
M21[31:24] = (PX+11) M21[23:16] = (PX+10) M21[15:8] = (PX+9) M21[7:0] = (PX+8
M31[31:24] = (PX+15) M31[23:16] = (PX+14) M31[15:8] = (PX+13) M31[7:0] = (PX+12)
M41[31:24] = (PX+19) M41[23:16] = (PX+18) M41[15:8] = (PX+17) M41[7:0] = (PX+16)
M51[31:24] = (PX+23) M51[23:16] = (PX+22) M51[15:8] = (PX+21) M51[7:0] = (PX+20)
M61[31:24] = (PY+3) M61[23:16] = (PY+2) M61[15:8] = (PY+1) M61[7:0] = (PY+0)
M71[31:24] = (PY+7) M71[23:16] = (PY+6) M71[15:8] = (PY+5) M71[7:0] = (PY+4)
M81[31:24] = (PY+11) M81[23:16] = (PY+10) M81[15:8] = (PY+9) M81[7:0] = (PY+8)
M91[31:24] = (PY+15) M91[23:16] = (PY+14) M91[15:8] = (PY+13) M91[7:0] = (PY+12)
M101[31:24] = (PY+19) M101[23:16] = (PY+18) M101[15:8] = (PY+17) M101[7:0] = (PY+16)
M111[31:24] = (PY+23) M111[23:16] = (PY+22) M111[15:8] = (PY+21) M111[7:0] = (PY+20)
M121[31:24] = CB+3 M121[23:16] = CB+2 M121[15:8] = CB+1 M121[7:0] = CB+0
M131[31:24] = CB+7 M131[23:16] = CB+6 M131[15:8] = CB+5 M131[7:0] = CB+4
M141[31:24] = CB+11 M141[23:16] = CB+10 M141[15:8] = CB+9 M141[7:0] = CB+8
M151[31:24] = CB+15 M151[23:16] = CB+14 M151[15:8] = CB+13 M151[7:0] = CB+12
Message, second block
M02[31:24] = (RN+3) M02[23:16] = (RN+2) M02[15:8] = (RN+1) M02[7:0] = (RN+0)
M12[31:24] = (RN+7) M12[23:16] = (RN+6) M12[15:8] = (RN+5) M12[7:0] = (RN+4)
M22[31:24] = 00h M22[23:16] = 00h M22[15:8] = MAN_ID_H M22[7:0] = MAN_ID_L
M32[31:24] = 00h M32[23:16] = 00h M32[15:8] = 00h M32[7:0] = 80h
M42[31:24] = 00h M42[23:16] = 00h M42[15:8] = 00h M42[7:0] = 00h
M52[31:24] = 00h M52[23:16] = 00h M52[15:8] = 00h M52[7:0] = 00h
M62[31:24] = 00h M62[23:16] = 00h M62[15:8] = 00h M62[7:0] = 00h
M72[31:24] = 00h M72[23:16] = 00h M72[15:8] = 00h M72[7:0] = 00h
M82[31:24] = 00h M82[23:16] = 00h M82[15:8] = 00h M82[7:0] = 00h
M92[31:24] = 00h M92[23:16] = 00h M92[15:8] = 00h M92[7:0] = 00h
M102[31:24] = 00h M102[23:16] = 00h M102[15:8] = 00h M102[7:0] = 00h
M112[31:24] = 00h M112[23:16] = 00h M112[15:8] = 00h M112[7:0] = 00h
M122[31:24] = 00h M122[23:16] = 00h M122[15:8] = 00h M122[7:0] = 00h
M132[31:24] = 00h M132[23:16] = 00h M132[15:8] = 00h M132[7:0] = 00h
M142[31:24] = 00h M142[23:16] = 00h M142[15:8] = 00h M142[7:0] = 00h
M152[31:24] = 00h M152[23:16] = 00h M152[15:8] = 02h M152[7:0] = 78h
Legand
Mt Input Buffer of SHA Engine; 0 ≤ t ≤ 15; 32-Bit Words
(PX + N) Byte N of Public Key X-coordinate; 0 ≤ N ≤ 23
(PY + N) Byte N of Public Key Y-coordinate; 0 ≤ N ≤ 23
(RN + N) Byte N of the ROM ID; RN + 0 corresponds to the family code.
(CB + N) Byte N of System Constant (customer specific) field; 0 ≤ N ≤ 15
MAN_ID_L
MAN_ID_H
16-bit manufacturer ID. The value is 0000h for parts that are not factory pre-programmed.

Protections

The key pair and certificate form an entity that needs to stay intact to allow authentication. Therefore, key pair and certificate must be write-protected after the correct installation is verified. For the communication details to write-protect the key pair and the certificate, see the Appendix and execute steps WPKP and WPC in any sequence.

Authentication Process

The purpose of the authentication is to verify a) that the DS28E35 is part of the system and b) that the host is communicating with a genuine authenticator that can compute a valid signature for any given challenge. Figure 4 shows the typical sequence of steps. First, the public key is verified using the certificate. Then the host uses the Compute Page Signature function and checks whether the signature is valid. Both tests need to be passed for a successful authentication.
Typical transaction flow.
Figure 4. Typical transaction flow.

Certificate Verification

To verify the certificate, besides the system public key and the system constant, the host needs to know the other ingredients that went into the SHA-256 hash computation to compute the certificate, and the certificate itself. Obtaining these data elements requires multiple accesses to the DS28E35. For communication details, see Appendix, steps GRIDA/GRIDB, RPK (public key X value), RUM (memory page 3 for public key Y value if device is factory preprogrammed), RPB, RC1, and RC2. If the public key Y value is not stored in memory, the host needs to compute it now. Having all the necessary data, the host performs the signature verification algorithm for the certificate (Figure 5) If the result is “pass”, the public key is valid in the system. If the result is “fail”, the part does not belong to the system and there is no need to verify the signature.
Certificate verification.
Figure 5. Certificate verification.

Signature Verification

A verified certificate alone does not guarantee that the host is communicating with a genuine DS28E35. The data used so far could as well have come from an emulator that tries to perform a replay attack. The purpose of the signature is to provide cryptographic proof that the device is genuine. The signature is computed in real-time from memory data, a 32-byte random challenge provided from the host, the DS28E35’s ROM ID, the manufacturer ID, formatting, and padding (Table 2). The SHA-256 hash feeds into the ECDSA engine together with the device’s private key and a random number that is automatically generated by the DS28E35. The resulting signature consists of two 24-byte components called R and S.
To verify the signature, the host first reads one of the user memory pages (Appendix step RUM). Any memory page can be chosen for this purpose. Next the host generates a 32-byte random number and writes it to the DS28E35 as a challenge (Appendix, step WCH). Next, in the step RPS, the host instructs the DS28E35 to compute and deliver a signature of the same memory page as was read in step RUM.
Step WCH should always be done, although the authentication does not fail if this step is skipped, as long as the host knows the contents of the challenge buffer. Since the signature computation also includes a random number that is automatically generated by the DS28E35, the signature is different every time, even if all the other ingredients are the same.
Now having all the necessary data including the signature, the host performs the signature verification algorithm (Figure 6) If the result is “pass”, the DS28E35 is successfully authenticated. If the result is “fail”, either because the public key is not valid for the DS28E35’s private key or the signature is not computed correctly, the authentication failed and the system rejects the device.
Table 2. SHA-256 Input Data for Page Signature Computation/Verification
Message, first block
M01[31:24] = (PP+3) M01[23:16] = (PP+2) M01[15:8] = (PP+1) M01[7:0] = (PP+0)
M11[31:24] = (PP+7) M11[23:16] = (PP+6) M11[15:8] = (PP+5) M11[7:0] = (PP+4)
M21[31:24] = (PP+11) M21[23:16] = (PP+10) M21[15:8] = (PP+9) M21[7:0] = (PP+8)
M31[31:24] = (PP+15) M31[23:16] = (PP+14) M31[15:8] = (PP+13) M31[7:0] = (PP+12)
M41[31:24] = (PP+19) M41[23:16] = (PP+18) M41[15:8] = (PP+17) M41[7:0] = (PP+16)
M51[31:24] = (PP+23) M51[23:16] = (PP+22) M51[15:8] = (PP+21) M51[7:0] = (PP+20)
M61[31:24] = (PP+27) M61[23:16] = (PP+26) M61[15:8] = (PP+25) M61[7:0] = (PP+24)
M71[31:24] = (PP+31) M71[23:16] = (PP+30) M71[15:8] = (PP+29) M71[7:0] = (PP+28)
M81[31:24] = (CB+3) M81[23:16] = (CB+2) M81[15:8] = (CB+1) M81[7:0] = (CB+0)
M91[31:24] = (CB+7) M91[23:16] = (CB+6) M91[15:8] = (CB+5) M91[7:0] = (CB+4)
M101[31:24] = (CB+11) M101[23:16] = (CB+10) M101[15:8] = (CB+9) M101[7:0] = (CB+8)
M111[31:24] = (CB+15) M111[23:16] = (CB+14) M111[15:8] = (CB+13) M111[7:0] = (CB+12)
M121[31:24] = (CB+19) M121[23:16] = (CB+18) M121[15:8] = (CB+17) M121[7:0] = (CB+16)
M131[31:24] = (CB+23) M131[23:16] = (CB+22) M131[15:8] = (CB+21) M131[7:0] = (CB+20)
M141[31:24] = (CB+27) M141[23:16] = (CB+26) M141[15:8] = (CB+25) M141[7:0] = (CB+24)
M151[31:24] = (CB+31) M151[23:16] = (CB+30) M151[15:8] = (CB+29) M151[7:0] = (CB+28)
Message, second block
M02[31:24] = (RN+3) M02[23:16] = (RN+2) M02[15:8] = (RN+1) M02[7:0] = (RN+0)
M12[31:24] = (RN+7) M12[23:16] = (RN+6) M12[15:8] = (RN+5) M12[7:0] = (RN+4)
M22[31:24] = 00h M22[23:16] = (PAGE#) M22[15:8] = MAN_ID_H M22[7:0] = MAN_ID_L
M32[31:24] = 00h M32[23:16] = 00h M32[15:8] = 00h M32[7:0] = 80h
M42[31:24] = 00h M42[23:16] = 00h M42[15:8] = 00h M42[7:0] = 00h
M52[31:24] = 00h M52[23:16] = 00h M52[15:8] = 00h M52[7:0] = 00h
M62[31:24] = 00h M62[23:16] = 00h M62[15:8] = 00h M62[7:0] = 00h
M72[31:24] = 00h M72[23:16] = 00h M72[15:8] = 00h M72[7:0] = 00h
M82[31:24] = 00h M82[23:16] = 00h M82[15:8] = 00h M82[7:0] = 00h
M92[31:24] = 00h M92[23:16] = 00h M92[15:8] = 00h M92[7:0] = 00h
M102[31:24] = 00h M102[23:16] = 00h M102[15:8] = 00h M102[7:0] = 00h
M112[31:24] = 00h M112[23:16] = 00h M112[15:8] = 00h M112[7:0] = 00h
M122[31:24] = 00h M122[23:16] = 00h M122[15:8] = 00h M122[7:0] = 00h
M132[31:24] = 00h M132[23:16] = 00h M132[15:8] = 00h M132[7:0] = 00h
M142[31:24] = 00h M142[23:16] = 00h M142[15:8] = 00h M142[7:0] = 00h
M152[31:24] = 00h M152[23:16] = 00h M152[15:8] = 02h M152[7:0] = 78h
Legend
Mt Input Buffer of SHA Engine; 0 ≤ t ≤ 15; 32-Bit Words
(PP + N) Byte N of selected Memory Page; 0 ≤ N ≤ 31
(CB + N) Byte N of Challenge Buffer; 0 ≤ N ≤ 31
(RN + N) Byte N of the ROM ID; RN + 0 corresponds to the family code.
(PAGE #) Page number as in the parameter byte, padded with 000000b in the upper bits.
MAN_ID_L
MAN_ID_H
16-bit manufacturer ID. The value is 0000h for parts that are not factory pre-programmed.
Signature verification.
Figure 6. Signature verification.

User Memory Functions

As the name implies, the user memory is intended to store application related data, which duplicates as message input for the authentication process. Since host authentication is not required to write to the user memory, any critical data should be write-protected. The user memory is written in 4-byte segments. Each 32-byte memory page consists of eight segments (segments 0 to 7). For the communication details see Appendix step WRM. The device allows programming individual segments in random sequence (a separate WRM execution for each segment) or consecutive segments within a page, not exceeding the page boundary (a single WRM execution, repeating the four steps marked as “repeat for additional segments”).
The user memory supports three protection modes: write protection, EPROM emulation mode and read protection. The protection applies to an entire user memory page. EPROM emulation mode limits write access to changing bits from 1 to 0. As a precondition for EPROM mode, the memory page must first be programmed to all 1s (FFh). Write protection, if activated, prevents all write accesses from changing memory data. Read protection effectively converts the page into a “secret” that can be used internally to compute a signature, but not be read from the outside. A read-protected page should also be write-protected to prevent any changes. Read protection can coexist with write protection or EPROM emulation mode. For the communication details to protect a user memory page see Appendix step PRTM. The protection settings for each memory page are read accessible. To read the protection settings of all memory pages, see the Appendix, step RMPRT. To read the protection settings of the key pair, certificate or the counter, see step RPB.

Counter Functions

The DS28E35 has a counter that can be set once, decremented until it is down to 0, and be read at any time. If used to authenticate a consumable, the counter is an easy tool to electronically control the lifetime of the product. Setting the counter is a two-step process: first, load the preset value to the DS28E35’s buffer; second, copy the buffer value to the actual nonvolatile counter. For the communication details, see the Appendix, steps WBCNT and CPB. The steps must be executed in exactly this sequence. To read the counter, execute the step RCNT. To decrement the counter, use the communication sequence DCNT in the Appendix.

Summary

Traditionally, authentication systems relied on symmetric algorithms that required secret keys. The management and protection of the secret keys, however, can be challenging. The DS28E35 provides an alternative to this logistic problem by using the asymmetric elliptic curve digital signature algorithm (ECDSA), which is public key based. As this application note shows, the communication with the DS28E35 for device setup and authentication can be broken into short sequences (“steps”) that are easily implemented in a host processor. For the DS28E35 DeepCover secure authenticator, Maxim provides a trusted preprogramming service to factory personalize devices by installing the key pair, certificate, memory data and preset the decrement-only counter prior to shipment. For details about this secure service, submit a tech support request.

Appendix

Conventions
RST The master generates a reset pulse at overdrive speed.
PD The DS28E35 issues a presence detect pulse at overdrive speed.
Select The master addresses the DS28E35. There are 5 ways:
Search ROM: Command code F0h, followed by a 192-bit search sequence, always acceptable.
Match ROM: Command code 55h, followed by the DS28E35’s ROM ID, always acceptable.
Read ROM: Command code 33h, followed by 64 read data time slots, acceptable if there is exactly one DS28E35 on the bus.
Resume: Command code A5h, acceptable after the DS28E35 has been addressed successfully before using Match ROM or Search ROM.
Skip ROM: Command code CCh, acceptable if there is exactly one DS28E35 on the bus.
<Par Byte> The master transmits the parameter byte. See the step description for the actual value.
nnh The master transmits a byte of value “nn”.
<n bytes> The master transmits n bytes. See the step description for the function of these bytes.
<n bytes> The master reads n bytes. See the step description for the function of these bytes.
Bit The master reads 1 bit.
Bit The master writes 1 bit.
ROM ID The master reads the 8-byte ROM ID from the DS28E35. The family code is read first.
CRCS The master reads an inverted 16-bit CRC from the DS28E35. The master can verify the correctness of this CRC (recommended) or ignore its value (not recommended). See Application Note 27 for CRC computation details.
<R value> The master reads the R value of the signature.
<S value> The master reads the S value of the signature.
Release The master transmits a byte AAh.
SPU The master activates strong pullup for the time specified under “SPU duration”.
CS The master reads one byte that reports the command’s success.
Step GRIDA (Get ROM ID, Method A)
Description Identify one DS28E35 using the Read ROM method. This sequence also qualifies as “Select”.
Preconditions None
Command Code 33h (Read ROM)
Parameter Byte (N/A)
Data Involved 64-bit ROM ID read from the DS28E35
Error Conditions If there are multiple 1-Wire devices on the bus, the CRC in the 8th byte is usually invalid.
SPU Duration (N/A)
Communication Sequence
RST PD 33h ROM ID
Step GRIDB (Get ROM ID, Method B)
Description Identify one DS28E35 using the Search ROM method. This sequence also qualifies as “Select”.
Preconditions None
Command Code F0h (Search ROM)
Parameter Byte (N/A)
Data Involved 64 3-bit sequences (read bit, read inverted bit, write bit). See Application Note 187 for a detailed description of the process.
Error Conditions (N/A)
SPU Duration (N/A)
Communication Sequence
RST PD F0h Bit Bit\ Bit
 
Repeat 64 times
Step GKP (Generate Key Pair)
Description Let the DS28E35 generate a new key pair
Preconditions None
Command Code 3Ch (Generate Key Pair)
Parameter Byte No locking: 00h
With locking: E0h
Data Involved None
Error Conditions CS = AAh: Command completed without error.
CS = 33h: Command failed due to internal conditions. Repeat command sequence.
CS = 55h: Command failed because the key pair is write-protected.
SPU Duration tGKP + 20 × tPROG starting after the release byte
Communication Sequence
RST PD Select 3Ch <Par Byte> CRCS Release SPU CS
Step WBPRK (Write Buffer Private Key)
Description Write the private key to the DS28E35’s buffer
Preconditions None
Command Code 0Fh (Write/Read Buffer)
Parameter Byte 00h (write data for private key)
Data Involved 24 bytes private key data written to DS28E35
Error Conditions None
SPU Duration (N/A)
Communication Sequence
RST PD Select 0Fh 00h CRCS <24 bytes> CRCS
Step CPB (Copy Buffer)
Description Copy the buffer data to the EEPROM location that was specified in the immediately preceding write buffer step.
Preconditions Step WBPRK or WBC1 or WBC2 or WBCNT must have been executed immediately prior to this step to specify the EEPROM location and to provide the data.
Command Code 33h (Load Data)
Parameter Byte 00h (any value is acceptable)
Data Involved None
Error Conditions CS = AAh: Command completed without error.
CS = 33h: Command failed because the precondition was not met.
CS = 55h: Command failed because the EEPROM is write-protected.
SPU Duration 1 × tPROG starting after the release byte if setting the counter (WBCNT)
10 × tPROG starting after the release byte all other cases (WBPRK, WBC1, WBC2)
Communication Sequence
RST PD Select 33h 00h CRCS Release SPU CS
Step WBPUK (Write Buffer Public Key)
Description Write the public key X value to the DS28E35’s buffer
Preconditions None
Command Code 0Fh (Write/Read Buffer)
Parameter Byte 20h (write data for public key)
Data Involved 24 bytes public key data written to DS28E35
Error Conditions None
SPU Duration (N/A)
Communication Sequence
RST PD Select 0Fh 20h CRCS <24 bytes> CRCS
Step CPBPUK (Copy Buffer Public Key)
Description Copy the buffer data to the public key memory
Preconditions Step WBPUK must have been executed immediately prior to this step.
Command Code 33h (Load Data)
Parameter Byte Extra bit is 0: 00h
Extra bit is 1: 80h
Data Involved None
Error Conditions CS = AAh: Command completed without error.
CS = 33h: Command failed because the precondition was not met.
CS = 55h: Command failed because the public key is write-protected.
SPU Duration 10 × tPROG starting after the release byte
Communication Sequence
RST PD Select 33h <Par Byte> CRCS Release SPU CS
Step RPK (Read Public Key)
Description Read the public key X value
Preconditions None
Command Code AAh (Read Administrative Data)
Parameter Byte 20h (public key)
Data Involved 24 bytes public key X value read from DS28E35
Error Conditions None
SPU Duration (N/A)
Communication Sequence
RST PD Select AAh 20h CRCS <24 bytes> CRCS
Step RPB (Read Personality Bytes)
Description Read all personality bytes
Preconditions None
Command Code AAh (Read Administrative Data)
Parameter Byte E0h (personality bytes)
Data Involved 4 bytes personality data read from DS28E35
Error Conditions None
SPU Duration (N/A)
Communication Sequence
RST PD Select AAh E0h CRCS <4 bytes> CRCS
Step WBC1 (Write Buffer Certificate Part 1)
Description Write the certificate part 1 value to the DS28E35’s buffer
Preconditions None
Command Code 0Fh (Write/Read Buffer)
Parameter Byte 40h (write data for certificate part 1)
Data Involved 24 bytes certificate part 1 data written to DS28E35
Error Conditions None
SPU Duration (N/A)
Communication Sequence
RST PD Select 0Fh 40h CRCS <24 bytes> CRCS
Step WBC2 (Write Buffer Certificate Part 2)
Description Write the certificate part 2 value to the DS28E35’s buffer
Preconditions None
Command Code 0Fh (Write/Read Buffer)
Parameter Byte 60h (write data for certificate part 2)
Data Involved 24 bytes certificate part 2 data written to DS28E35
Error Conditions None
SPU Duration (N/A)
Communication Sequence
RST PD Select 0Fh 60h CRCS <24 bytes> CRCS
Step WPKP (Write-Protect Private and Public Key)
Description Write-protect the private and public key
Preconditions None. However, if no valid key pair is installed, write protecting the key pair makes the DS28E35 useless as an authenticator.
Command Code C3h (Set Protection)
Parameter Byte 4Ch (write-protect the private and public key)
Data Involved None
Error Conditions None
SPU Duration 1 × tPROG starting after the release byte
Communication Sequence
RST PD Select C3h 4Ch CRCS Release SPU CS
Step WPC (Write-Protect Public Key Certificate)
Description Write-protect both parts of the public key certificate
Preconditions None. However, if no valid certificate is installed, write protecting the certificate prevents certificate verification, precluding the DS28E35’s use as authenticator.
Command Code C3h (Set Protection)
Parameter Byte 4Dh (write-protect both parts of the certificate)
Data Involved None
Error Conditions None
SPU Duration 1 × tPROG starting after the release byte
Communication Sequence
RST PD Select C3h 4Dh CRCS Release SPU CS
Step RUM (Read User Memory)
Description Read a user memory page
Preconditions None
Command Code F0h (Read Memory)
Parameter Byte Page 0: 00h
Page 1: 01h
Page 2: 02h
Page 3: 03h
Data Involved 32 bytes user memory page data read from DS28E35
Error Conditions None
SPU Duration (N/A)
Communication Sequence
RST PD Select F0h <Par Byte> CRCS <32 bytes> CRCS
Step WCH (Write Challenge)
Description Write 32 bytes to the challenge buffer
Preconditions None
Command Code 0Fh (Write/Read Buffer)
Parameter Byte 80h (write data for challenge buffer)
Data Involved 32 bytes challenge data written to DS28E35
Error Conditions None
SPU Duration (N/A)
Communication Sequence
RST PD Select 0Fh 80h CRCS <32 bytes> CRCS
Step RPS (Read Page Signature)
Description Obtain a page signature
Preconditions Step WCH must have been executed immediately prior to this step.
Command Code A5h (Compute & Read Page Signature)
Parameter Byte Page 0: 00h
Page 1: 01h
Page 2: 02h
Page 3: 03h
Data Involved 24 bytes signature part R data, 24 bytes signature part S data read from DS28E35
Error Conditions CS = AAh: Command completed without error.
CS = 55h: Command failed because the signature computation was not successful. No signature data available. The command must be repeated.
SPU Duration 1 × tGPS starting at the end of the first CRCS
Communication Sequence
RST PD Select A5h <Par Byte> CRCS SPU CS <R value> CRCS <S value> CRCS
Step RC1 (Read Public Key Certificate Part 1)
Description Read the public key certificate part 1 Preconditions
Preconditions None
Command Code AAh (Read Administrative Data)
Parameter Byte 40h (public key certificate part 1)
Data Involved 24 bytes certificate part 1 data read from DS28E35
Error Conditions None
SPU Duration (N/A)
Communication Sequence
RST PD Select AAh 40h CRCS <24 bytes> CRCS
Step RC2 (Read Public Key Certificate Part 2)
Description Read the public key certificate part 2
Preconditions None
Command Code AAh (Read Administrative Data)
Parameter Byte 60h (public key certificate part 2)
Data Involved 24 bytes certificate part 2 data read from DS28E35
Error Conditions None
SPU Duration (N/A)
Communication Sequence
RST PD Select AAh 60h CRCS <24 bytes> CRCS
Step WRM (Write User Memory)
Description Write 4 bytes (1 segment) to user memory page.
Preconditions None. However, the memory page must not be write-protected.
Command Code 55h (Write Memory)
Parameter Byte Page 0: lower nibble = 0h
Page 1: lower nibble = 1h
Page 2: lower nibble = 2h
Page 3: lower nibble = 3h
Segment 0: upper nibble = 0h
Segment 1: upper nibble = 2h
Segment 2: upper nibble = 4h
Segment 3: upper nibble = 6h
Segment 4: upper nibble = 8h
Segment 5: upper nibble = Ah
Segment 6: upper nibble = Ch
Segment 7: upper nibble = Eh
Data Involved 4 bytes to be written to memory page segment
Error Conditions CS = AAh: Command completed without error.
CS = 55h: Command failed because the memory page is write protected.
SPU Duration 1 × tPROG starting after the release byte
Communication sequence
RST PD Select 55h <Par Byte> CRCS <4 bytes> CRCS Release SPU CS
 
Repeat for additional segments
Step PRTM (Protect User Memory)
Description Protect a user memory page
Preconditions None. However, the memory page should first be programmed with the appropriate application data. The protection does not affect the usability of the DS28E35 as authenticator.
Command Code C3h (Set Protection)
Parameter Byte Page 0: Lower nibble = 0h
Page 1: Lower nibble = 1h
Page 2: Lower nibble = 2h
Page 3: Lower nibble = 3h
EPROM emulation mode: Upper nibble = 2h
Write protect: Upper nibble = 4h
Read protect: Upper nibble = 8h
Data Involved None
Error Conditions None
SPU Duration 1 × tPROG starting after the release byte
Communication Sequence
RST PD Select C3h <Par Byte> CRCS Release SPU CS
Step RMPRT (Read User Memory Protections)
Description Read the user memory protection settings. To read the protection settings of the key pair, the certificate and the counter, see step RPB.
Preconditions None
Command Code AAh (Read Administrative Data)
Parameter Byte 00h (page protection settings for all 4 pages)
Data Involved 4 bytes page protection settings read from DS28E35
Error Conditions None
SPU Duration (N/A)
Communication Sequence
RST PD Select AAh 00h CRCS <4 bytes> CRCS
Step WBCNT (Write Buffer Counter Value)
Description Write the preset value of the 17-bit down counter to the DS28E35’s buffer
Preconditions None
Command Code 0Fh (Write/Read Buffer)
Parameter Byte A0h (write data for counter)
Data Involved 4 bytes counter start value data written to DS28E35. Only the lower 17 bits are used internally.
Error Conditions None
SPU Duration (N/A)
Communication Sequence
RST PD Select 0Fh A0h CRCS <4 bytes> CRCS
Step RCNT (Read Counter)
Description Read the 17-bit counter value
Preconditions None
Command Code AAh (Read Administrative Data)
Parameter Byte A0h (17-bit counter)
Data Involved 4 bytes counter value read from DS28E35
Error Conditions None
SPU Duration (N/A)
Communication Sequence
RST PD Select AAh A0h CRCS <4 bytes> CRCS
Step DCNT (Decrement Counter)
Description Decrement the 17-bit counter
Preconditions The counter must have a value that is greater than 0.
Command Code 69h (Decrement Counter)
Parameter Byte 00h (any value is acceptable)
Data Involved None
Error Conditions CS = AAh: Command completed without error.
CS = 33h: Command failed because the counter is already at 0.
CS = 55h: Command failed because the counter is not preset.
CS = 77h: Counter has been tampered with
SPU Duration 1 × tPROG starting after the release byte
Communication Sequence
RST PD Select 69h 00h CRCS Release SPU CS

Contact Information



Name: *
公司: *
Company division
Title/Position: *
Address: *
城市: *
State:
邮编: *
国家: *
E-mail地址: *
Email Address (Confirm): *
Phone Number: *


Your Project

Project Name: *
Project Description and Application: *
Projected Volume: *
Estimated Design Freeze Date: (optional)
Estimated Product Start Date: (optional)
Comments:
* = Required



应用笔记 5741, AN5741, AN 5741, APP5741, Appnote5741, Appnote 5741


相关型号
DS28E35 免费样品

应用笔记 5741,AN5741, AN 5741, APP5741, Appnote5741, Appnote 5741