Maxim
Products
Embedded Security
Secure Authentication
DS28C36

DS28C36

DeepCover Secure Authenticator

Provides Affordable Elliptic-Curve Public-Key Authentication Security to Protect Your Development Investment

Data Sheet
Subscribe

Please check latest availability status for a specific part variant.

Overview

Description

The DS28C36 is a DeepCover® secure authenticator that provides a core set of cryptographic tools derived from integrated asymmetric (ECC-P256) and symmetric (SHA-256) security functions. In addition to the security services provided by the hardware implemented crypto engines, the device integrates a FIPS/NIST true random number generator (RNG), 8Kb of secured EEPROM, a decrement-only counter, two pins of configurable GPIO, and a unique 64-bit ROM identification number (ROM ID).

The ECC public/private key capabilities operate from the NIST defined P-256 curve and include FIPS 186 compliant ECDSA signature generation and verification to support a bidirectional asymmetric key authentication model. The SHA-256 secret-key capabilities are compliant with FIPS 180 and are flexibly used either in conjunction with ECDSA operations or independently for multiple HMAC functions.

Two GPIO pins can be independently operated under command control and include configurability supporting authenticated and nonauthenticated operation including an ECDSA-based crypto-robust mode to support secure-boot of a host processor.

DeepCover embedded security solutions cloak sensitive data under multiple layers of advanced security to provide the most secure key storage possible. To protect against device-level security attacks, invasive and noninvasive countermeasures are implemented including active die shield, encrypted storage of keys, and algorithmic methods.


Secure Boot and Secure Download -
Part 1: Protecting IoT Devices with Secure Authentication


Secure Boot and Secure Download -
Part 3: Using the DS28C36


Secure Boot and Secure Download -
Part 2: Technologies Behind Embedded Security

DS28C36: Typical Application Circuit DS28C36: Typical Application Circuit Enlarge+

Key Features

  • ECC-256 Compute Engine
    • FIPS 186 ECDSA P256 Signature and Verification
    • ECDH Key Exchange with Authentication Prevents Man-in-the-Middle Attacks
    • ECDSA Authenticated R/W of Configurable Memory
  • FIPS 180 SHA-256 Compute Engine
    • HMAC
  • SHA-256 OTP (One-Time Pad) Encrypted R/W of Configurable Memory Through ECDH Established Key
  • Two GPIO Pins with Optional Authentication Control
    • Open-Drain, 4mA/0.4V
    • Optional SHA-256 or ECDSA Authenticated On/Off and State Read
    • Optional ECDSA Certificate to Set On/Off after Multiblock Hash for Secure Boot
  • RNG with NIST SP 800-90B Compliant Entropy Source with Function to Read Out
  • Optional Chip Generated Pr/Pu Key Pairs for ECC Operations
  • 17-Bit One-Time Settable, Nonvolatile Decrement-Only Counter with Authenticated Read
  • 8Kbits of EEPROM for User Data, Keys, and Certificates
  • Unique and Unalterable Factory Programmed 64-Bit Identification Number (ROM ID)
    • Optional Input Data Component to Crypto and Key Operations
  • I2C Communication Up to 1MHz
  • Operating Range: 2.2V to 3.63V, -40°C to +85°C
  • 6-Pin TDFN Package

Applications/Uses

  • Accessory and Peripheral Secure Authentication
  • IoT Node Crypto-Protection
  • Secure Boot or Download of Firmware and/or System Parameters
  • Secure Storage of Cryptographic Keys for a Host Controller

Parametric Specs

Part NumberCrypto EngineApplicationsMemory TypeMemory SizeBus TypeVSUPPLY
(V)		Deep CoverOper. Temp.
(°C)		Package/PinsBudgetary
Price
See Notes
DS28C36 
Asymmetric
Symmetric
IP Protection
Medical Consumable ID
Medical Sensor Authentication and Calibration
PCB ID and Authentication
Print Cartridge Authentication
Printer Cartridge Configuration and Monitoring
Rack Card Security
EEPROM4K x 1I2C2.97 to 3.63Yes-40 to +85
TDFN-EP/6
$1.08 @1k
See All Secure Authenticators (28)
Pricing Notes:
This pricing is BUDGETARY, for comparing similar parts. Prices are in U.S. dollars and subject to change. Quantity pricing may vary substantially and international prices may differ due to local duties, taxes, fees, and exchange rates. For volume-specific and version-specific prices and delivery, please see the price and availability page or contact an authorized distributor.

Design Resources


DS28C36EVKIT: Evaluation Kit for the DS28C36 and DS2476
MAXAUTHDEMO: DeepCover Secure Authenticator Demonstration Kit

Technical Documents

App Note 6896 Why Now is a Good Time to Secure Your Embedded Systems with SHA-3
App Note 6465 How to Generate a DS28C36 Session Key
App Note 6435 How to Authenticate DS28C36 Data (User Memory/GPIO/Decrement Counter) with ECDSA
App Note 6434 How to Verify the DS28C36 ECDSA Certificate
App Note 6426 The Fundamentals of Secure Boot and Secure Download: How to Protect Firmware and Data within Embedded Devices
App Note 6391 Implementing Secure Authentication Without Being a Cryptography Expert
User Guide 6389 MAXREFDES155# Quick Start Guide
App Note 4717 Injection Molding an IC into a Connector or Consumable Item
Tutorial 4702 Easily Add Memory, Security, Monitoring, and Control to Medical Sensors and Consumables

Quality and Environmental Data

Request Reliability Report for: DS28C36 
Lead-Free Package Tin (Sn) Whisker Reports

Additional Resources

ECDSA, HMAC SHA-256, ECDH and Secure Boot Asymmetric and Symmetric Crypto Security Functions ›

Design Solution: Operate General Purpose I/O with Strong Security

3 Cool Technologies for Virtual Healthcare


Software
MAXAUTHDEMO1 Software  
Security Lab Software  

CAD Symbols and Footprints

  • DS28C36Q+T
  • DS28C36Q+U
    •

    Quality And Environmental

    Device   Fab Process   Technology   Sample size   Rejects   FIT at 25°C   FIT at 55°C  

    Note : The failure rates are summarized by technology and mapped to the associated material part numbers. The failure rates are highly dependent on the number of units tested.

    Quality Management System >
    Environmental Management System >

    Order

     
    Status:
    Package:
    Temperature:

    Related Resources

    Related Products

    New Products


    DS28E16
    1-Wire SHA-3 Secure Authenticator

    • Robust Countermeasures Protect Against Security Attacks
    • Efficient Secure Hash Algorithm Authenticates Peripherals
    • Supplemental Features Enable Easy Integration into End Applications

    DS28E84
    DeepCover Radiation Resistant, High-Capacity 1-Wire Secure Authenticator

    • High Radiation Resistance Allows User-Programmable Manufacturing or Calibration Data Before Medical Sterilization
    • ECC-P256 Compute Engine
    • SHA-256 Compute Engine

    DS28E39
    DeepCover Secure ECDSA Bidirectional Authenticator with ChipDNA PUF Protection

    • Robust Countermeasures Protect Against Security Attacks
    • ECDSA Authenticated R/W of Stored Data and Counter
    • Efficient Public-Key Authentication Solution to Authenticate Peripherals

    DS2477
    DeepCover Secure SHA-3 Coprocessor with ChipDNA PUF Protection

    • Robust Countermeasures Protect Against Security Attacks
    • Efficient Secure Hash Algorithm Authenticates and Manages Peripherals
    • Supplemental Features Enable Easy Integration into End Applications

    Technical Docs

    Reference Designs

    Events


    Electronics in Vehicles (ELIV) 2019
    10/18/2019 - 10/19/2019, Bonn, Germany
    The international VDI Congress ELIV (Electronics In Vehicles) is THE event for all experts in the field of electrical and electronical car engineering and integration of mechanical and electronical systems.

    RSVP