/

/

/

/

Product Details

The DS28C36 is a DeepCover^® secure authenticator that provides a core set of cryptographic tools derived from integrated asymmetric (ECC-P256) and symmetric (SHA-256) security functions. In addition to the security services provided by the hardware implemented crypto engines, the device integrates a FIPS/NIST true random number generator (RNG), 8Kb of secured EEPROM, a decrement-only counter, two pins of configurable GPIO, and a unique 64-bit ROM identification number (ROM ID).

The ECC public/private key capabilities operate from the NIST defined P-256 curve and include FIPS 186 compliant ECDSA signature generation and verification to support a bidirectional asymmetric key authentication model. The SHA-256 secret-key capabilities are compliant with FIPS 180 and are flexibly used either in conjunction with ECDSA operations or independently for multiple HMAC functions.

Two GPIO pins can be independently operated under command control and include configurability supporting authenticated and nonauthenticated operation including an ECDSA-based crypto-robust mode to support secure-boot of a host processor.

DeepCover embedded security solutions cloak sensitive data under multiple layers of advanced security to provide the most secure key storage possible. To protect against device-level security attacks, invasive and noninvasive countermeasures are implemented including active die shield, encrypted storage of keys, and algorithmic methods.

Explore security topics and test drive secure authenticators with the Maxim Security Lab

Secure Boot and Secure Download -
Part 1: Protecting IoT Devices with Secure Authentication

Secure Boot and Secure Download -
Part 3: Using the DS28C36

Secure Boot and Secure Download -
Part 2: Technologies Behind Embedded Security

Key Features

ECC-256 Compute Engine
- FIPS 186 ECDSA P256 Signature and Verification
- ECDH Key Exchange with Authentication Prevents Man-in-the-Middle Attacks
- ECDSA Authenticated R/W of Configurable Memory
FIPS 180 SHA-256 Compute Engine
- HMAC
SHA-256 OTP (One-Time Pad) Encrypted R/W of Configurable Memory Through ECDH Established Key
Two GPIO Pins with Optional Authentication Control
- Open-Drain, 4mA/0.4V
- Optional SHA-256 or ECDSA Authenticated On/Off and State Read
- Optional ECDSA Certificate to Set On/Off after Multiblock Hash for Secure Boot
RNG with NIST SP 800-90B Compliant Entropy Source with Function to Read Out
Optional Chip Generated Pr/Pu Key Pairs for ECC Operations
17-Bit One-Time Settable, Nonvolatile Decrement-Only Counter with Authenticated Read
8Kbits of EEPROM for User Data, Keys, and Certificates
Unique and Unalterable Factory Programmed 64-Bit Identification Number (ROM ID)
- Optional Input Data Component to Crypto and Key Operations
I²C Communication Up to 1MHz
Operating Range: 2.2V to 3.63V, -40°C to +85°C
6-Pin TDFN Package

Applications/Uses

Accessory and Peripheral Secure Authentication
IoT Node Crypto-Protection
Secure Boot or Download of Firmware and/or System Parameters
Secure Storage of Cryptographic Keys for a Host Controller

See parametric specs for Secure Authenticators

See parametric specs for Secure Authenticators

Simplified Block Diagram

DS28C36: Typical Application Circuit

DS28C36: Typical Application Circuit

Similar products you might be interested in

Exact equivalent in functionality and parametrics to the compared device:

Part No.	Description
DS2476	DeepCover Secure Coprocessor

Technical Docs

	Data Sheet	DeepCover Secure Authenticator	Mar 01, 2019
	Tutorial	How Secure Authenticators and Coprocessors Can Simplify Cryptography
	Tutorial	Cryptography: Planning for Threats and Countermeasures
	Tutorial	Cryptography: Is a Hardware or Software Implementation More Effective?
	Tutorial	Cryptography: A Closer Look at the Algorithms
	Tutorial	Cryptography: Fundamentals on the Modern Approach
	App Note	Cryptography: How It Helps in Our Digital World
	App Note	Back to Basics: Secure Hash Algorithms
	App Note	Why Now is a Good Time to Secure Your Embedded Systems with SHA-3
	App Note	Secure Authentication for Medical Disposables
	User Guide	DS28E39 Security User Guide
	App Note	How to Generate a DS28C36 Session Key
	App Note	How to Authenticate DS28C36 Data (User Memory/GPIO/Decrement Counter) with ECDSA
	App Note	How to Verify the DS28C36 ECDSA Certificate
	App Note	The Fundamentals of Secure Boot and Secure Download: How to Protect Firmware and Data within Embedded Devices
	App Note	Implementing Secure Authentication Without Being a Cryptography Expert
	User Guide	MAXREFDES155# Quick Start Guide
	App Note	Injection Molding an IC into a Connector or Consumable Item
	Tutorial	Easily Add Memory, Security, Monitoring, and Control to Medical Sensors and Consumables

Design & Development

Click any title below to view the detail page where available.

Hardware Development

Evaluation Board

$ 29.00

Description

The DS28C36 evaluation system (EV system) provides the hardware and software necessary to evaluate the DS28C36 and DS2476. The EV system consists of five DS28C36/DS2476 devices in a 6-pin TDFN package, a DS9121AQ+ evaluation TDFN socket board, and a DS9481P-300# USB-to-I²C/1-Wire^® adapter. The evaluation software runs on Windows^® 10, Windows 8, and Windows 7 operating systems (64- and 32-bit versions). The EV system provides a handy user interface to exercise the features of the DS28C36 and DS2476.

Features

Demonstrates the Features of the DS28C36 DeepCover^® Secure Authenticator
Demonstrates the Features of the DS2476 DeepCover Secure Coprocessor
I²C Communication is Logged to Aid Firmware Designers Understanding of the DS2476 and DS28C36
I²C-USB Adapter Creates a Virtual COM Port on Any PC
Fully Compliant with USB Specification v2.0
Software Runs on Windows 10, Windows 8, and Windows 7 for Both 64-Bit and 32-Bit Versions
3.3V ±3% 1-Wire Operating Voltage
Convenient On-Board Test Points and TDFN Socket
Evaluation Software Available by Request
Proven PCB Layout
Fully Assembled and Tested

Evaluation Board

$ 29.00

Description

The MAXAUTHDEMO demonstrates use case examples for DeepCover^® Secure Authenticators. It comprises hardware (as pictured) that is operated from USB 2.0 and a web-based GUI to demonstrate how the functional capabilities of Maxim’s Secure Authenticators are used in various end equipment scenarios. The GUI operates from a web browser such as Chrome™.

Part	Application
MAXAUTHDEMO1	Asymmetric ECDSA and symmetric SHA-256 operation of DS28C36
MAXAUTHDEMO2	Asymmetric ECDSA operation of DS28E38

Watch video: Demonstrating Cryptographic Hash, Signatures, and Authentication ›

Features

USB 2.0 Connected Hardware for Simple Setup and Operation
Secure Authenticator Hardware Module for Use Case Demonstration
Web-Based GUI for Step-by-Step Explanation of Secure Authenticator Use Scenario

SYSTEM BOARD

MAXREFDES155#: DeepCover Embedded Security in an IoT: Public-Key Secured Data Paths

Additional Resources

ECDSA, HMAC SHA-256, ECDH and Secure Boot Asymmetric and Symmetric Crypto Security Functions ›

Design Solution: Operate General Purpose I/O with Strong Security

3 Cool Technologies for Virtual Healthcare

Security Short Subjects: Asymmetric Authentication

Security Short Subjects: Asymmetric Authentication Details

Security Short Subjects: Secure Firmware Download for Embedded Systems

Evaluation Board

$ 29.00

Description

The DS28C36 evaluation system (EV system) provides the hardware and software necessary to evaluate the DS28C36 and DS2476. The EV system consists of five DS28C36/DS2476 devices in a 6-pin TDFN package, a DS9121AQ+ evaluation TDFN socket board, and a DS9481P-300# USB-to-I²C/1-Wire^® adapter. The evaluation software runs on Windows^® 10, Windows 8, and Windows 7 operating systems (64- and 32-bit versions). The EV system provides a handy user interface to exercise the features of the DS28C36 and DS2476.

Features

Demonstrates the Features of the DS28C36 DeepCover^® Secure Authenticator
Demonstrates the Features of the DS2476 DeepCover Secure Coprocessor
I²C Communication is Logged to Aid Firmware Designers Understanding of the DS2476 and DS28C36
I²C-USB Adapter Creates a Virtual COM Port on Any PC
Fully Compliant with USB Specification v2.0
Software Runs on Windows 10, Windows 8, and Windows 7 for Both 64-Bit and 32-Bit Versions
3.3V ±3% 1-Wire Operating Voltage
Convenient On-Board Test Points and TDFN Socket
Evaluation Software Available by Request
Proven PCB Layout
Fully Assembled and Tested

Evaluation Board

$ 29.00

Description

The MAXAUTHDEMO demonstrates use case examples for DeepCover^® Secure Authenticators. It comprises hardware (as pictured) that is operated from USB 2.0 and a web-based GUI to demonstrate how the functional capabilities of Maxim’s Secure Authenticators are used in various end equipment scenarios. The GUI operates from a web browser such as Chrome™.

Part	Application
MAXAUTHDEMO1	Asymmetric ECDSA and symmetric SHA-256 operation of DS28C36
MAXAUTHDEMO2	Asymmetric ECDSA operation of DS28E38

Watch video: Demonstrating Cryptographic Hash, Signatures, and Authentication ›

Features

USB 2.0 Connected Hardware for Simple Setup and Operation
Secure Authenticator Hardware Module for Use Case Demonstration
Web-Based GUI for Step-by-Step Explanation of Secure Authenticator Use Scenario

SYSTEM BOARD

MAXREFDES155#: DeepCover Embedded Security in an IoT: Public-Key Secured Data Paths

ECDSA, HMAC SHA-256, ECDH and Secure Boot Asymmetric and Symmetric Crypto Security Functions ›

Design Solution: Operate General Purpose I/O with Strong Security

3 Cool Technologies for Virtual Healthcare

Security Short Subjects: Asymmetric Authentication

Security Short Subjects: Asymmetric Authentication Details

Security Short Subjects: Secure Firmware Download for Embedded Systems

Support & Training

Search our knowledge base for answers to your technical questions.

Filtered Search

Our dedicated team of Applications Engineers are also available to answer your technical questions. Visit our support portal.

Parameters

Parametric specs for Secure Authenticators

Crypto Engine	Asymmetric Symmetric
Applications	IP Protection Medical Consumable ID Medical Sensor Authentication and Calibration PCB ID and Authentication Print Cartridge Authentication Printer Cartridge Configuration and Monitoring Rack Card Security
Bus Type	I²C
Memory Type	EEPROM
Memory Size	4K x 1
Deep Cover	Yes
Oper. Temp. (°C)	-40 to +85
Package/Pins	TDFN/6
Budgetary Price (See Notes)	$1.13 @1k

See parametric specs for Secure Authenticators

Key Features

ECC-256 Compute Engine
- FIPS 186 ECDSA P256 Signature and Verification
- ECDH Key Exchange with Authentication Prevents Man-in-the-Middle Attacks
- ECDSA Authenticated R/W of Configurable Memory
FIPS 180 SHA-256 Compute Engine
- HMAC
SHA-256 OTP (One-Time Pad) Encrypted R/W of Configurable Memory Through ECDH Established Key
Two GPIO Pins with Optional Authentication Control
- Open-Drain, 4mA/0.4V
- Optional SHA-256 or ECDSA Authenticated On/Off and State Read
- Optional ECDSA Certificate to Set On/Off after Multiblock Hash for Secure Boot
RNG with NIST SP 800-90B Compliant Entropy Source with Function to Read Out
Optional Chip Generated Pr/Pu Key Pairs for ECC Operations
17-Bit One-Time Settable, Nonvolatile Decrement-Only Counter with Authenticated Read
8Kbits of EEPROM for User Data, Keys, and Certificates
Unique and Unalterable Factory Programmed 64-Bit Identification Number (ROM ID)
- Optional Input Data Component to Crypto and Key Operations
I²C Communication Up to 1MHz
Operating Range: 2.2V to 3.63V, -40°C to +85°C
6-Pin TDFN Package

Applications/Uses

Accessory and Peripheral Secure Authentication
IoT Node Crypto-Protection
Secure Boot or Download of Firmware and/or System Parameters
Secure Storage of Cryptographic Keys for a Host Controller

Description

The DS28C36 is a DeepCover^® secure authenticator that provides a core set of cryptographic tools derived from integrated asymmetric (ECC-P256) and symmetric (SHA-256) security functions. In addition to the security services provided by the hardware implemented crypto engines, the device integrates a FIPS/NIST true random number generator (RNG), 8Kb of secured EEPROM, a decrement-only counter, two pins of configurable GPIO, and a unique 64-bit ROM identification number (ROM ID).

The ECC public/private key capabilities operate from the NIST defined P-256 curve and include FIPS 186 compliant ECDSA signature generation and verification to support a bidirectional asymmetric key authentication model. The SHA-256 secret-key capabilities are compliant with FIPS 180 and are flexibly used either in conjunction with ECDSA operations or independently for multiple HMAC functions.

Two GPIO pins can be independently operated under command control and include configurability supporting authenticated and nonauthenticated operation including an ECDSA-based crypto-robust mode to support secure-boot of a host processor.

DeepCover embedded security solutions cloak sensitive data under multiple layers of advanced security to provide the most secure key storage possible. To protect against device-level security attacks, invasive and noninvasive countermeasures are implemented including active die shield, encrypted storage of keys, and algorithmic methods.

Explore security topics and test drive secure authenticators with the Maxim Security Lab

Secure Boot and Secure Download -
Part 1: Protecting IoT Devices with Secure Authentication

Secure Boot and Secure Download -
Part 3: Using the DS28C36

Secure Boot and Secure Download -
Part 2: Technologies Behind Embedded Security

Simplified Block Diagram

DS28C36: Typical Application Circuit

DS28C36: Typical Application Circuit

Technical Docs

	Data Sheet	DeepCover Secure Authenticator	Mar 01, 2019
	Tutorial	How Secure Authenticators and Coprocessors Can Simplify Cryptography
	Tutorial	Cryptography: Planning for Threats and Countermeasures
	Tutorial	Cryptography: Is a Hardware or Software Implementation More Effective?
	Tutorial	Cryptography: A Closer Look at the Algorithms
	Tutorial	Cryptography: Fundamentals on the Modern Approach
	App Note	Cryptography: How It Helps in Our Digital World
	App Note	Back to Basics: Secure Hash Algorithms
	App Note	Why Now is a Good Time to Secure Your Embedded Systems with SHA-3
	App Note	Secure Authentication for Medical Disposables
	User Guide	DS28E39 Security User Guide
	App Note	How to Generate a DS28C36 Session Key
	App Note	How to Authenticate DS28C36 Data (User Memory/GPIO/Decrement Counter) with ECDSA
	App Note	How to Verify the DS28C36 ECDSA Certificate
	App Note	The Fundamentals of Secure Boot and Secure Download: How to Protect Firmware and Data within Embedded Devices
	App Note	Implementing Secure Authentication Without Being a Cryptography Expert
	User Guide	MAXREFDES155# Quick Start Guide
	App Note	Injection Molding an IC into a Connector or Consumable Item
	Tutorial	Easily Add Memory, Security, Monitoring, and Control to Medical Sensors and Consumables

Support & Training

Search our knowledge base for answers to your technical questions.

Filtered Search

Our dedicated team of Applications Engineers are also available to answer your technical questions. Visit our support portal.

Subscriptions and Interests

Stay informed on the latest product developments, technical events and technology training. It’s easy! Just select your preferences below, and start your free email subscriptions today.

Preferred Language English 中文日本語
If a subscription is not available in your preferred language, you will receive the English language version.

Email Subscriptions

Subscribe	Description	Examples
EE-Mail	Timely updates on new products, reference designs, design tools, technical articles and design resources.
MyMaxim Newsletter	Information on new and popular products and resources, customized to specific markets, applications, and technologies.
Events and Promotions	Be the first to learn about upcoming events such as contests, webinars, seminars, and tradeshows. Also learn about new tools and technical training resources.

Areas of Interests

Please tell us your interests by selecting the products and markets below.