DeepCover Cryptographic Coprocessor with ChipDNA

The DS28S60 Facilitates the Implementation of Full Security for Embedded, Connected Products

Please check latest availability status for a specific part variant.


The DS28S60 DeepCover® cryptographic coprocessor easily integrates into embedded systems enabling confidentiality, authentication and integrity of information. With a fixed command set and no device-level firmware development required, the DS28S60 makes it fast and easy to implement full security for IoT devices. Communication with the device is performed using the industry-standard SPI slave interface at up to 20Mbps with a simple set of commands that provide a comprehensive security toolbox utilizing hardware-based cryptographic blocks. As a co-processor to an SPI-interfaced host controller, the command functionality includes ECDSA-P256 signature and verification, SHA-256 based digital signature, AES-128 packet encryption/decryption, ECDHE key exchange for session key generation, and access to high-quality random numbers. An NIST SP800-90B compliant true random number generator (TRNG) is integrated for on-chip cryptographic operations as well as providing random data and nonces to the host controller, if required. Nonvolatile storage for secrets, certificates, public/private keys, and application-specific sensitive data is supported with 3.6KB of secured flash memory.

The DS28S60 integrates Maxim’s patented ChipDNA™ feature, a physically unclonable function (PUF) to provide a cost-effective solution with the ultimate protection against security attacks. Using the random variation of semiconductor device characteristics that naturally occur during wafer fabrication, the ChipDNA circuit generates a unique output value that is repeatable over time, temperature, and operating voltage. Attempts to probe or observe ChipDNA operation modifies the underlying circuit characteristics, preventing discovery of the unique value used by the chip's cryptographic functions. ChipDNA output is utilized as key content to cryptographically secure all device-stored data.

DS28S60: Simplified Block Diagram DS28S60: Simplified Block Diagram Enlarge+

Key Features

  • Secure Coprocessor with NIST-Compliant Hardware-Based Crypto
    • FIPS-180 SHA-256 MAC and FIPS-198 HMAC Hash
    • FIPS-197 AES-128 with GCM
    • FIPS-186 ECDSA-P256 Elliptic Curve Digital Signature/Verification
    • SP800-56A ECDHE-P256 Key Exchange
    • SP800-90B Compliant TRNG
  • Robust Countermeasures Protect Against Security Attacks
    • ChipDNA Produced Key Cryptographically Protects All Stored Data
    • Actively Monitored Die Shield Detects and Reacts to Intrusion Attempts
  • Enables Fast Time-to-Market with Easy End Application Integration
    • Fixed-Function Command Set, No Device-Level Firmware
    • C-Source Demos for Examples of SW Development
    • 3.6KB Flash Array for Secure Key, Certificate, and Data Storage
  • High-Speed Interface for Host Microcontroller Communication
    • 20MHz SPI with Mode 0 or Mode 3 Operation
  • Supplemental Features Enable Easy Integration into End Applications
    • Unique and Unalterable Factory-Programmed, 64-Bit Identification Number (ROM ID)
    • Low-Power Operation
      • 100nA Power-Down Mode
      • 0.35mA Idle
    • 12-Pin 3mm x 3mm TDFN
  • -40°C to +105°C, 1.62V to 3.63V
  • Applications/Uses

    • End-Point Authentication
    • End-to-End Encryption
    • Internet of Things (IoT) Device Security
    • Key Management and Exchange
    • Prevention of Counterfeit Products

    See parametric specs for Secure Authenticators (33)

    Part NumberCrypto EngineApplicationsMemory TypeMemory SizeBus TypeVSUPPLY
    Deep CoverOper. Temp.
    (See Notes)
    DS28S60 NEW!Asymmetric and Symmetric
    IP Protection
    IoT Node Crypto-Protection
    Secure Authentication of Accessories and Peripherals
    Secure Boot or Download
    Flash3.6 KBSPI1.71V to 3.63VYes-40 to 105 C
    $0.71 @1k

    Pricing Notes:
    This pricing is BUDGETARY, for comparing similar parts. Prices are in U.S. dollars and subject to change. Quantity pricing may vary substantially and international prices may differ due to local duties, taxes, fees, and exchange rates. For volume-specific and version-specific prices and delivery, please see the price and availability page or contact an authorized distributor.

    DS28S60EVKIT: Evaluation Kit for the DS28S60
    Request Reliability Report for: DS28S60 
    Device   Fab Process   Technology   Sample size   Rejects   FIT at 25°C   FIT at 55°C   Material Composition  

    Note : The failure rates are summarized by technology and mapped to the associated material part numbers. The failure rates are highly dependent on the number of units tested.

    Quality Management System >
    Environmental Management System >


    Related Resources

    1-Wire® to I2C/SPI Bridge with Command Sequencer

    • Operate Remote I2C or SPI Devices Using Single-Contact 1-Wire Interface
    • No External Power Required
    • Flexible 1-Wire and I2C/SPI Master Operational Modes
    • Easy to Integrate

    DeepCover Cryptographic Coprocessor with ChipDNA

    • Secure Coprocessor with NIST-Compliant Hardware-Based Crypto
    • Robust Countermeasures Protect Against Security Attacks
    • Enables Fast Time-to-Market with Easy End Application Integration
  • -40°C to +105°C, 1.62V to 3.63V

  • DS28C16
    I²C Low-Voltage SHA-3 Authenticator

    • Robust Countermeasures Protect Against Security Attacks
    • Efficient Secure Hash Algorithm Authenticates Peripherals
    • Supplemental Features Enable Easy Integration into End Applications