Top
/content/maximintegrated/en/products/embedded-security/secure-authenticators

It can be a very hostile world for electronic equipment to operate within. Systems with replaceable or limited life sensors, peripherals, modules, or consumables are commonly targeted by unauthorized aftermarket companies. These counterfeit replacements can introduce safety concerns, reduce quality, and negatively impact OEM revenue. Similarly, with relentless attacks and serious consequences for breaches, the security requirements for medical and industrial IoT products have never been more important. With DeepCover® secure authenticators, a cryptographic solution to eliminate these issues can easily be implemented for any system.

With over 4 billion secure authentication units shipped, we are experts at helping you implement hardware-based physical security to achieve low-cost counterfeit protection, peripheral device authentication, secure feature setting, and more.

  Maxim Security Lab: Explore security topics and test drive secure authenticators ›

Asymmetric Authenticators

Asymmetric encryption algorithms use a combination of public and private keys for encryption and decryption of data.

Symmetric Authenticators

Symmetric encryption algorithms use a single private key for encryption and decryption of data.

Featured Videos


Security Short Subjects (Part 1): The Basics of Authentication
4:24 August 30, 2019


Security Short Subjects (Part 2): Symmetric Cryptography
3:02 August 30, 2019


Security Short Subjects (Part 3): Asymmetric Cryptography
3:04 August 30, 2019



Featured Technical Documents

Browse Popular Technical Documents:

Technical Documentation

*Required

Technical Documentation

Technical Documents

Showing 10 of View Top 100 Results View All Results

Part Number Title Document Type Date

Featured Blogs

Latest Blogs

What Makes Cryptography Easier? Secure Authenticators and Coprocessors

September 17, 2020

See how secure authenticators and coprocessors make it easier for you to integrate cryptography to protect your embedded designs.

Understand and Address Threats to Cryptographic Systems

September 10, 2020

Understand the threats that cryptographic systems face and how you can guard against these threats.

Why Hardware-Based Cryptography Offers Stronger IoT Design Protection

August 18, 2020

Learn why a hardware-based approach to cryptography provides more robust protection of IoT designs than software cryptography.

Here’s an Easier Way to Keep Your IoT Devices Safe from Hackers

August 06, 2020

Learn how a new cryptographic coprocessor makes it easy to implement end-to-end encryption and other cybersecurity features for IoT devices.

What Makes PUF Technology One of the Best Protections in Cryptography?

July 02, 2020

Learn how physically unclonable function (PUF) technology works and what makes it a robust security solution for embedded systems.

How Cryptographic Algorithms Protect Embedded Designs

June 16, 2020

Understand how cryptography algorithms, including symmetric keys and asymmetric keys, work their magic to protect designs from security threats.

The Keys to How Modern Cryptography Keeps Transactions Safe

June 09, 2020

Get a better understanding of how modern cryptography works, with special emphasis on asymmetric and symmetric keys.

What’s All the Fuss About Cryptography?

May 07, 2020

Get up to speed on the basics of cryptography, so you can protect your IoT designs from hackers and other security threats.

How Secure Authentication Protects Your Automotive Designs from Counterfeiting

April 09, 2020

Counterfeit vehicle parts are a potential safety hazard. Read this blog post to learn how secure authentication easily protects your automotive designs from security threats.

See If You Can Steal These Keys

September 03, 2019

Ben Smith narrates a 30-second video that explains how ChipDNA physically unclonable function technology secures embedded designs.

See more

Videos


Security Short Subjects (Part 1): The Basics of Authentication
4:24 August 30, 2019


Security Short Subjects (Part 2): Symmetric Cryptography
3:02 August 30, 2019


Security Short Subjects (Part 3): Asymmetric Cryptography
3:04 August 30, 2019


Security Short Subjects (Part 4): Symmetric Key Authentication
4:30 August 30, 2019


Security Short Subjects (Part 5): Asymmetric Authentication
5:04 August 30, 2019


Security Short Subjects (Part 6): Asymmetric Authentication Details
5:24 August 30, 2019


Security Short Subjects (Part 7): Symmetric Authentication Details
5:03 August 30, 2019


Security Short Subjects (Part 8): Secure Firmware Download for Embedded Systems
4:10 August 30, 2019


ChipDNA–Defend Your IoT Designs from Hackers
2:14 November 17, 2017


Demonstrating Cryptographic Hash, Signatures, and Authentication
11:53 October 31, 2017


Securely Manage Disposable Medical Accessories with DS28E36 and MAX66242
8:17 March 09, 2018


Secure Boot and Secure Download - Part 1: Protecting IoT Devices with Secure Authentication
5:36 February 14, 2018


Automotive DeepCover Secure Authenticators Stop Counterfeit Parts
0:30 December 04, 2019

Featured Products

Symmetric Key Authenticators

Product Device Type Crypto Engine Interface Features
DS28E50
DS28C50
Authenticator SHA-3 1-Wire®
I2C
SHA-3 bi-directional authentication with ChipDNA™ PUF protection, 2Kb of secure EEPROM, authenticated decrement counter, secure GPIO, NIST compliant TRNG
DS28E16
DS28C16
Authenticator SHA-3 1-Wire®
I2C
SHA-3 authentication with 256b of EEPROM and decrement counter
DS2477 Coprocessor SHA-3 I2C, 1-Wire SHA-3, secure I²C coprocessor with built-in 1-Wire master
MAX66242 Tag Authenticator SHA-256 NFC, I2C IEC 15693 HF and I²C dual interfaces, SHA-256 two-way authentication, 4Kb of secure EEPROM, RF energy harvesting for external supply
MAX66300 Reader Coprocessor SHA-256 NFC, SPI, UART NFC transceiver, SHA-256 coprocessor and secure host side key storage for MAX66240/MAX66242

Asymmetric Key Authenticators

Product Device Type Crypto Engine Interface Features
DS28E39
DS28C39
Authenticator ECC-P256 1-Wire
I2C
ECDSA P256 bi-directional authentication with ChipDNA™ PUF protection, 2Kb secure EEPROM, authenticated decrement counter, NIST compliant TRNG
DS28E36
DS28C36
Authenticator ECC-P256, SHA-256 1-Wire
I2C
ECDSA P256 or SHA-256 bi-directional authentication, ECDH key establishment, NIST compliant TRNG, secure GPIOs, 4Kb secure EEPROM, secure download processing
DS28E83 Authenticator ECC-P256, SHA-256 1-Wire Radiation sterilization tolerant, ECDSA P256 or SHA-256 bi-directional authentication, 10Kb secure OTP, secure download, NIST compliant TRNG source, secure GPIO
DS28E84 Authenticator ECC-P256, SHA-256 1-Wire DS28E83 equivalent with an additional 15Kb of FRAM
DS28E40
DS28C40
Authenticator ECC-P256, SHA-256 1-Wire
I2C
Automotive AECQ-100 G1, ECDSA P256 or SHA-256 bi-directional authentication, 6Kb secure OTP, ECDH key establishment, NIST compliant TRNG, secure GPIOs, secure download processing
DS2476 Coprocessor ECC-P256, SHA-256 I2C ECDSA/SHA-256 coprocessor, secure host-side key storage for DS28E38/DS28C36/DS28E36/DS28E83

Authenticators for IoT

Product Crypto Engine Interface Features
DS28S60 ECC-P256, SHA-256, AES-128 SPI Protected with ChipDNA PUF, ECDSA sign/verify, ECDH key establishment, SHA-256 MAC/HMAC, AES-128 GCM, SP 800-90B TRNG, 3.6K Bytes Secure NVM for application/keys/certificates, 100nA low power mode, high-speed 20MHz SPI
MAXQ1061
MAXQ1062
ECC-P256/384/521, ECC BP-256/384/512, ECDH, SHA-256/384/512, AES-128/256 I2C, SPI Full TLS 1.2 toolbox, 32KB (MAXQ1061) or 8KB (MAXQ1062) EEPROM-based file system, life cycle management of certificates and keys, AES-128/256 (ECB, CBC, GCM), ECC NIST & Brainpool, ECDSA sign/verify, ECDH key establishment, SHA-2 MAC/HMAC/ECIES, TRNG
MAXQ1065 ECC-P256, SHA-256, AES-128/256 SPI Protected with ChipDNA PUF, ECDSA sign/verify, ECDH key establishment, SHA-256 MAC/HMAC, AES-128/256 (ECB, CBC, GCM), SP800-90A/C TRNG, 8KB Secure NVM, 100nA low power mode, 10MHz SPI

MAXQ1065 Ultra Low-Power Cryptographic Controller with ChipDNATM for Embedded Devices

The MAXQ1065 is a security coprocessor that provides turnkey cryptographic functions for root-of...
  • ECC Compute Engine Using Curve NIST P-256
    • FIPS-186 ECDSA
    • NIST SP800-56Ar3 Key Exchange with Static Unified Model, C(0e, 2s, ECC CDH) with One-Step Key Derivation Using SHA-256
    • On-Board EC Key Generation with SP800-90B/A
  • SHA-2 Compute Engine
    • NIST FIPS-180-4 SHA2-256, HMAC-SHA-256
  • AES Compute Engine with 128 and 256 Key Sizes
    • ECB, CBC, CCM, GCM Cipher Modes
    • CBC-MAC, CMAC Message Authentication Codes
    • Onboard AES Key Generation with SP800-90A/B
  • True Random Number Generator (TRNG)
    • NIST SP800-90A/C Compliant
    • NIST SP800-90B Entropy Source
  • Secure Communication
    • TLS/DTLS 1.2 Handshake and Record Layer
      • ECDSA Authentication
      • ECDHE Key Exchange
      • AES-GCM or CCM Record Layer
    • SP800-56Ar3-Based Key Exchange
  • X.509 v3 Certificate Support
    • Storage of Root and Device Certificates
    • Onboard Verification of Chains of Certificates
    • ECDSA Verification on Supported Curves
  • High-Speed Interface for Host Microcontroller Communication
    • 10MHz SPI with Mode 0 or Mode 3 Operation
  • 8KB User Flash Array with ChipDNA PUF Encryption
  • Unique, Unalterable Factory-Programmed ID Number
  • Tamper Input Detects System-Level Intrusion
  • Secure Factory Provisioning Service
  • 12-Pin, 3mm x 3mm TDFN Package
  • -40°C to +105°C, 1.62V to 3.63V
  • Low-Power Operation: 100nA (typ) in Standby

ChipDNA is a trademark of Maxim Integrated Products, Inc.
DeepCover is a registered trademark of Maxim Integrated Products, Inc.




DS28E18 1-Wire<sup>®</sup> to I<sup>2</sup>C/SPI Bridge with Command Sequencer

DS28E18 1-Wire® to I2C/SPI Bridge with Command Sequencer

The DS28E18 is a simple communications bridge that resides at a remote SPI or I2C sensor and all...
  • Operate Remote I2C or SPI Devices Using Single-Contact 1-Wire Interface
    • Extending I2C/SPI Communication Distance
    • Reduce Six Wires (for SPI) or Four Wires (for I2C) to Two Wires
    • 512-Byte Sequencer for Autonomous Operation of Attached Devices
    • Two Configurable GPIO Pins for Additional Peripheral Control
  • No External Power Required
    • DS28E18 Parasitically Powered from 1-Wire
    • I2C/SPI Peripheral Power Derived from the 1-Wire Line
  • Flexible 1-Wire and I2C/SPI Master Operational Modes
    • Supports Standard (11kbps) and Overdrive (90kbps) 1-Wire Communication
    • 100kHz, 400kHz, and 1MHz for I2C Slaves
    • Up to 2.3MHz for SPI Slaves
  • Easy to Integrate
    • Small, 2mm x 3mm x 0.75mm, 8-Pin TDFN Package
    • -40°C to +85°C Operation
    • 2.97V to 3.63V Operating Voltage Range
DS28E38 DeepCover<sup>&reg;</sup> Secure ECDSA Authenticator with ChipDNA PUF Protection

DS28E38 DeepCover® Secure ECDSA Authenticator with ChipDNA PUF Protection

The DS28E38 is an ECDSA public key-based secure authenticator that incorporates Maxim’s patented...
  • Robust Countermeasures Protect Against Security Attacks
    • Patented Physically Unclonable Function Secures Device Data
    • Actively Monitored Die Shield Detects and Reacts to Intrusion Attempts
    • All Stored Data Cryptographically Protected from Discovery
  • Efficient Public-Key Authentication Solution to Authenticate Peripherals
    • FIPS 186-Compliant ECDSA P256 Signature for Challenge/Response Authentication
    • Options for ECDSA Public/Private Key Pair Source Include ChipDNA Generated, Chip Computed, and User Installed
    • TRNG with NIST SP 800-90B Compliant Entropy Source
  • Supplemental Features Enable Easy Integration into End Applications
    • 17-Bit One-Time Settable, Nonvolatile Decrement-Only Counter with Authenticated Read
    • 2Kbits of EEPROM for User Data, Key, Control Registers, and Certificate
    • Unique and Unalterable Factory Programmed 64-Bit Identification Number (ROM ID)
    • Single-Contact, 1-Wire Interface Communication with Host at 11.7kbps and 62.5kbps
    • Operating Range: 3.3V ±10%, -40°C to +85°C
    • 6-Pin TDFN-EP Package (3mm x 3mm)
    • 2-Pad SFN Package (3.5mm x 6.5mm)
DS28C16 I&sup2;C Low-Voltage SHA-3 Authenticator

DS28C16 I²C Low-Voltage SHA-3 Authenticator

The DS28C16 secure authenticator combines FIPS202-compliant Secure Hash Algorithm (SHA-3) challe...
  • Robust Countermeasures Protect Against Security Attacks
    • All Stored Data Cryptographically Protected from Discovery
  • Efficient Secure Hash Algorithm Authenticates Peripherals
    • FIPS 202-Compliant SHA-3 Algorithm for Challenge/Response Authentication
    • FIPS 198-Compliant Keyed-Hash Message Authentication Code (HMAC)
  • Supplemental Features Enable Easy Integration into End Applications
    • 17-Bit One-Time Settable, Nonvolatile Decrement-Only Counter with Authenticated Read
    • Secure Storage for Secrets
    • 256 Bits of Secure EEPROM for User Data
    • Unique and Unalterable Factory Programmed 64-Bit Identification Number (ROM ID)
    • I²C Communications Up to 1MHz
    • Operating Range: 1.62V–3.63V, -40°C to +85°C
    • 8-Pin, 2mm x 2mm TDFN-EP Package
DS2477 DeepCover Secure SHA-3 Coprocessor with ChipDNA PUF Protection

DS2477 DeepCover Secure SHA-3 Coprocessor with ChipDNA PUF Protection

The DS2477 secure I²C coprocessor with built-in 1-Wire® master combines FIPS202-compliant secure...
  • Robust Countermeasures Protect Against Security Attacks
    • Patented Physically Unclonable Function Secures Device Data
    • Actively Monitored Die Shield Detects and Reacts to Intrusion Attempts
    • All Stored Data Cryptographically Protected from Discovery
  • Efficient Secure Hash Algorithm Authenticates and Manages Peripherals
    • FIPS 202-Compliant SHA-3 Algorithm for Bidirectional Authentication
    • FIPS 198-Compliant Keyed-Hash Message Authentication Code (HMAC)
    • TRNG with NIST SP 800-90B Compliant Entropy Source
  • Supplemental Features Enable Easy Integration into End Applications
    • 2Kb of EEPROM for User Data, Key, and Control Registers
    • One Open-Drain GPIO Pin
    • Unique and Unalterable Factory Programmed 64-Bit Identification Number (ROM ID)
    • Large 1-Wire Block Buffer (126 bytes) for Efficient Data Transfer
    • 1-Wire Standard and Overdrive Timing Communication Speeds
    • I²C Communication, Up to 1MHz
    • Operating Range: 3.3V ±10%, -40°C to +85°C
    • 6-Pin TDFN-EP Package (3mm x 3mm)
DS28E36 DeepCover Secure Authenticator

DS28E36 DeepCover Secure Authenticator

The DS28E36 is a DeepCover® secure authenticator that provides a core set of cryptographic tools...
  • ECC-256 Compute Engine
    • FIPS 186 ECDSA P256 Signature and Verification
    • ECDH Key Exchange with Authentication Prevents Man-in-the-Middle Attacks
    • ECDSA Authenticated R/W of Configurable Memory
  • SHA-256 Compute Engine
    • FIPS 180 MAC for Secure Download/Boot Operations
    • FIPS 198 HMAC for Bidirectional Authentication and Optional GPIO Control
  • Two GPIO Pins with Optional Authentication Control
    • Open-Drain, 4mA/0.4V
    • Optional SHA-256 or ECDSA Authenticated On/Off and State Read
    • Optional Set On/Off after Multiblock Hash for Secure Boot/Download
  • RNG with NIST SP 800-90B Compliant Entropy Source with Function to Read Out
  • Optional Chip Generated Pr/Pu Key Pairs for ECC Operations
  • 17-Bit One-Time Settable, Nonvolatile Decrement-Only Counter with Authenticated Read
  • 8Kbits of EEPROM for User Data, Keys, and Certificates
  • Unique and Unalterable Factory Programmed 64-Bit Identification Number (ROM ID)
    • Optional Input Data Component to Crypto and Key Operations
  • Single-Contact 1-Wire Interface Communication with Host at 11.7kbps and 62.5kbps
  • Operating Range: 3.3V ±10%, -40°C to +85°C
  • 6-Pin TDFN-EP Package (3mm x 3mm)

MAX66240 DeepCover Secure Authenticator with ISO 15693, SHA-256, and 4Kb User EEPROM

DeepCover® embedded security solutions cloak sensitive data under multiple layers of advanced ph...
  • Dedicated Hardware-Accelerated SHA Engine
  • Strong Authentication with a High Bit Count User-Programmable Secret and Input Challenge
  • 4096 Bits of User EEPROM with User-Programmable R/W Protection Options Including OTP/EPROM Emulation Mode
  • Unique Factory-Programmed 64-Bit Identification Number
  • ISO/IEC 15693: Up to 26kbps
  • ±2kV HBM ESD Protection for All Pins
Printable Data Sheet Evaluation Kit

DS28C39 DeepCover Secure ECDSA Bidirectional Authenticator with ChipDNA PUF Protection

The DS28C39 is an ECDSA public-key-based bidirectional secure authenticator that incorporates Ma...
  • Robust Countermeasures Protect Against Security Attacks
    • Patented Physically Unclonable Function Secures Device Data
    • Actively Monitored Die Shield Detects and Reacts to Intrusion Attempts
    • All Stored Data Cryptographically Protected from Discovery
  • ECDSA Authenticated R/W of Stored Data and Counter
  • Efficient Public-Key Authentication Solution to Authenticate Peripherals
    • FIPS 186-Compliant ECDSA P256 Signature for Challenge/Response Authentication
    • ChipDNA Generated Public/Private Key Pair.
    • TRNG with NIST SP 800-90B Compliant Entropy Source
  • Supplemental Features Enable Easy Integration into End Applications
    • 17-Bit One-Time Settable, Nonvolatile Decrement-Only Counter with Authenticated Read
    • 2Kb of EEPROM for User Data, Key, Control Registers, and Certificate
    • Unique and Unalterable Factory Programmed 64-Bit Identification Number (ROM ID)
    • I2C Communication: Up to 200kHz
    • Operating Range: 3.3V ±10%, -40°C to +85°C
    • 6-Pin TDFN-EP Package (3mm x 3mm)
DS28E16 1-Wire Secure SHA-3 Authenticator

DS28E16 1-Wire Secure SHA-3 Authenticator

The DS28E16 secure authenticator combines FIPS202-compliant Secure Hash Algorithm (SHA-3) challe...
  • Robust Countermeasures Protect Against Security Attacks
    • All Stored Data Cryptographically Protected from Discovery
  • Efficient Secure Hash Algorithm Authenticates Peripherals
    • FIPS 202-Compliant SHA-3 Algorithm for Challenge/Response Authentication
    • FIPS 198-Compliant Keyed-Hash Message Authentication Code (HMAC)
  • Supplemental Features Enable Easy Integration into End Applications
    • 17-Bit One-Time Settable, Nonvolatile Decrement-Only Counter with Authenticated Read
    • Secure Storage for Secrets
    • 256 Bits of Secure EEPROM for User Data
    • Unique and Unalterable Factory Programmed 64-Bit Identification Number (ROM ID)
    • Advanced 1-Wire Protocol Minimizes Interface to Single Contact
    • Full-Time Overdrive Communication Speed
    • Internal Parasite Power Capacitor
    • Operating Range: 1.71V–3.63V, -40°C to +85&degC
    • WLP, TDFN-EP, and SFN Packages
    • ±8kV HBM ESD Protection (typ)
    • 3.5&microA (typ) Input Load Current
DS28C50 DeepCover I<SUP>2</SUP>C Secure SHA-3 Authenticator with ChipDNA PUF Protection

DS28C50 DeepCover I2C Secure SHA-3 Authenticator with ChipDNA PUF Protection

The DS28C50 secure authenticator combines FIPS202-compliant secure hash algorithm (SHA-3) challe...
  • Robust Countermeasures Protect Against Security Attacks
    • Patented Physically Unclonable Function Secures Device Data
    • Actively Monitored Die Shield Detects and Reacts to Intrusion Attempts
    • All Stored Data Cryptographically Protected from Discovery
  • Efficient Secure Hash Algorithm Authenticates Peripherals
    • FIPS 202-Compliant SHA-3 Algorithm for Challenge/Response Authentication
    • FIPS 198-Compliant Keyed-Hash Message Authentication Code (HMAC)
    • TRNG with NIST SP 800-90B Compliant Entropy Source
  • Supplemental Features Enable Easy Integration into End Applications
    • 17-Bit One-Time Settable, Nonvolatile Decrement Only Counter with Authenticated Read
    • One GPIO Pin with Optional Authentication Control
    • 2Kb of EEPROM for User Data, Key, and Control Registers
    • Unique and Unalterable Factory Programmed 64-Bit Identification Number (ROM ID)
    • Operating Range: 3.3V ±10%, -40°C to +85°C
    • 6-Pin TDFN-EP Package (3mm x 3mm)
    • I2C Communication, up to 1MHz
See more

Reference Designs

Product Image

MAXREFDES143

Demonstrates an authenticated data chain from a protected sensor node to a web server.
Product Image

MAXREFDES44

Protects IP and authenticates peripherals to Xilinx Zynq™ FPGAs.
Product Image

DS28E40EVKIT

Provides the hardware and software necessary to exercise the features of the DS28E40.
Product Image

MAXREFDES9001

The MAXREFDES9001 is designed to easily integrate into embedded systems enabling confidentiality...
Product Image

MAXREFDES34 (Alcatraz)

This design implements SHA-256 authentication function using the 1-Wire protocol.
Product Image

DS28C40EVKIT

Provides the hardware and software necessary to exercise the features of the DS28C40.
Product Image

DS28E38EVKIT

ECDSA asymmetric authentication with ChipDNA PUF protection and 2Kb user EEPROM.
Product Image

MAX66242EVKIT

Includes ISO 15693, I2C, SHA-256 tag/transponder with 4Kb user EEPROM, RF/I2C interface and ener...
See more