DS28C36
DeepCover Secure Authenticator
Provides Affordable Elliptic-Curve Public-Key Authentication Security to Protect Your Development Investment
Maxim Confidential 
MyMaxim SubscriptionsProduct Details
The DS28C36 is a DeepCover® secure authenticator that provides a core set of cryptographic tools derived from integrated asymmetric (ECC-P256) and symmetric (SHA-256) security functions. In addition to the security services provided by the hardware implemented crypto engines, the device integrates a FIPS/NIST true random number generator (RNG), 8Kb of secured EEPROM, a decrement-only counter, two pins of configurable GPIO, and a unique 64-bit ROM identification number (ROM ID).
The ECC public/private key capabilities operate from the NIST defined P-256 curve and include FIPS 186 compliant ECDSA signature generation and verification to support a bidirectional asymmetric key authentication model. The SHA-256 secret-key capabilities are compliant with FIPS 180 and are flexibly used either in conjunction with ECDSA operations or independently for multiple HMAC functions.
Two GPIO pins can be independently operated under command control and include configurability supporting authenticated and nonauthenticated operation including an ECDSA-based crypto-robust mode to support secure-boot of a host processor.
DeepCover embedded security solutions cloak sensitive data under multiple layers of advanced security to provide the most secure key storage possible. To protect against device-level security attacks, invasive and noninvasive countermeasures are implemented including active die shield, encrypted storage of keys, and algorithmic methods.
 | Explore security topics and test drive secure authenticators with the Maxim Security Lab |
Secure Boot and Secure Download -
Part 1: Protecting IoT Devices with Secure Authentication
Secure Boot and Secure Download -
Part 3: Using the DS28C36
Secure Boot and Secure Download -
Part 2: Technologies Behind Embedded Security
Key Features
- ECC-256 Compute Engine
- FIPS 186 ECDSA P256 Signature and Verification
- ECDH Key Exchange with Authentication Prevents Man-in-the-Middle Attacks
- ECDSA Authenticated R/W of Configurable Memory
- FIPS 180 SHA-256 Compute Engine
- HMAC
- SHA-256 OTP (One-Time Pad) Encrypted R/W of Configurable Memory Through ECDH Established Key
- Two GPIO Pins with Optional Authentication Control
- Open-Drain, 4mA/0.4V
- Optional SHA-256 or ECDSA Authenticated On/Off and State Read
- Optional ECDSA Certificate to Set On/Off after Multiblock Hash for Secure Boot
- RNG with NIST SP 800-90B Compliant Entropy Source with Function to Read Out
- Optional Chip Generated Pr/Pu Key Pairs for ECC Operations
- 17-Bit One-Time Settable, Nonvolatile Decrement-Only Counter with Authenticated Read
- 8Kbits of EEPROM for User Data, Keys, and Certificates
- Unique and Unalterable Factory Programmed 64-Bit Identification Number (ROM ID)
- Optional Input Data Component to Crypto and Key Operations
- I2C Communication Up to 1MHz
- Operating Range: 2.2V to 3.63V, -40°C to +85°C
- 6-Pin TDFN Package
Applications/Uses
- Accessory and Peripheral Secure Authentication
- IoT Node Crypto-Protection
- Secure Boot or Download of Firmware and/or System Parameters
- Secure Storage of Cryptographic Keys for a Host Controller
| Crypto Engine | Asymmetric Symmetric |
| Applications | IP Protection Medical Consumable ID Medical Sensor Authentication and Calibration PCB ID and Authentication Print Cartridge Authentication Printer Cartridge Configuration and Monitoring Rack Card Security |
| Bus Type | I2C |
| Memory Type | EEPROM |
| Memory Size | 4K x 1 |
| Deep Cover | Yes |
| Oper. Temp. (°C) | -40 to +85 |
| Package/Pins | TDFN/6 |
| Budgetary Price (See Notes) | $1.13 @1k |
Technical Docs
Click any title below to view the detail page where available.
ECDSA, HMAC SHA-256, ECDH and Secure Boot Asymmetric and Symmetric Crypto Security Functions ›
Design Solution: Operate General Purpose I/O with Strong Security
3 Cool Technologies for Virtual Healthcare
Security Short Subjects: Asymmetric Authentication
Security Short Subjects: Asymmetric Authentication Details
Security Short Subjects: Secure Firmware Download for Embedded Systems
Description
The DS28C36 evaluation system (EV system) provides the hardware and software necessary to evaluate the DS28C36 and DS2476. The EV system consists of five DS28C36/DS2476 devices in a 6-pin TDFN package, a DS9121AQ+ evaluation TDFN socket board, and a DS9481P-300# USB-to-I2C/1-Wire® adapter. The evaluation software runs on Windows® 10, Windows 8, and Windows 7 operating systems (64- and 32-bit versions). The EV system provides a handy user interface to exercise the features of the DS28C36 and DS2476.
View DetailsFeatures
- Demonstrates the Features of the DS28C36 DeepCover® Secure Authenticator
- Demonstrates the Features of the DS2476 DeepCover Secure Coprocessor
- I2C Communication is Logged to Aid Firmware Designers Understanding of the DS2476 and DS28C36
- I2C-USB Adapter Creates a Virtual COM Port on Any PC
- Fully Compliant with USB Specification v2.0
- Software Runs on Windows 10, Windows 8, and Windows 7 for Both 64-Bit and 32-Bit Versions
- 3.3V ±3% 1-Wire Operating Voltage
- Convenient On-Board Test Points and TDFN Socket
- Evaluation Software Available by Request
- Proven PCB Layout
- Fully Assembled and Tested
Description
The MAXAUTHDEMO demonstrates use case examples for DeepCover® Secure Authenticators. It comprises hardware (as pictured) that is operated from USB 2.0 and a web-based GUI to demonstrate how the functional capabilities of Maxim’s Secure Authenticators are used in various end equipment scenarios. The GUI operates from a web browser such as Chrome™.
| Part | Application |
|---|---|
| MAXAUTHDEMO1 | Asymmetric ECDSA and symmetric SHA-256 operation of DS28C36 |
| MAXAUTHDEMO2 | Asymmetric ECDSA operation of DS28E38 |
Watch video: Demonstrating Cryptographic Hash, Signatures, and Authentication ›
Features
- USB 2.0 Connected Hardware for Simple Setup and Operation
- Secure Authenticator Hardware Module for Use Case Demonstration
- Web-Based GUI for Step-by-Step Explanation of Secure Authenticator Use Scenario
ECDSA, HMAC SHA-256, ECDH and Secure Boot Asymmetric and Symmetric Crypto Security Functions ›
Design Solution: Operate General Purpose I/O with Strong Security
3 Cool Technologies for Virtual Healthcare
Security Short Subjects: Asymmetric Authentication
Security Short Subjects: Asymmetric Authentication Details
Security Short Subjects: Secure Firmware Download for Embedded Systems
Support & Training
Search our knowledge base for answers to your technical questions.
Filtered SearchOur dedicated team of Applications Engineers are also available to answer your technical questions. Visit our support portal
Parameters
| Crypto Engine | Asymmetric Symmetric |
| Applications | IP Protection Medical Consumable ID Medical Sensor Authentication and Calibration PCB ID and Authentication Print Cartridge Authentication Printer Cartridge Configuration and Monitoring Rack Card Security |
| Bus Type | I2C |
| Memory Type | EEPROM |
| Memory Size | 4K x 1 |
| Deep Cover | Yes |
| Oper. Temp. (°C) | -40 to +85 |
| Package/Pins | TDFN/6 |
| Budgetary Price (See Notes) | $1.13 @1k |
Key Features
- ECC-256 Compute Engine
- FIPS 186 ECDSA P256 Signature and Verification
- ECDH Key Exchange with Authentication Prevents Man-in-the-Middle Attacks
- ECDSA Authenticated R/W of Configurable Memory
- FIPS 180 SHA-256 Compute Engine
- HMAC
- SHA-256 OTP (One-Time Pad) Encrypted R/W of Configurable Memory Through ECDH Established Key
- Two GPIO Pins with Optional Authentication Control
- Open-Drain, 4mA/0.4V
- Optional SHA-256 or ECDSA Authenticated On/Off and State Read
- Optional ECDSA Certificate to Set On/Off after Multiblock Hash for Secure Boot
- RNG with NIST SP 800-90B Compliant Entropy Source with Function to Read Out
- Optional Chip Generated Pr/Pu Key Pairs for ECC Operations
- 17-Bit One-Time Settable, Nonvolatile Decrement-Only Counter with Authenticated Read
- 8Kbits of EEPROM for User Data, Keys, and Certificates
- Unique and Unalterable Factory Programmed 64-Bit Identification Number (ROM ID)
- Optional Input Data Component to Crypto and Key Operations
- I2C Communication Up to 1MHz
- Operating Range: 2.2V to 3.63V, -40°C to +85°C
- 6-Pin TDFN Package
Applications/Uses
- Accessory and Peripheral Secure Authentication
- IoT Node Crypto-Protection
- Secure Boot or Download of Firmware and/or System Parameters
- Secure Storage of Cryptographic Keys for a Host Controller
Description
The DS28C36 is a DeepCover® secure authenticator that provides a core set of cryptographic tools derived from integrated asymmetric (ECC-P256) and symmetric (SHA-256) security functions. In addition to the security services provided by the hardware implemented crypto engines, the device integrates a FIPS/NIST true random number generator (RNG), 8Kb of secured EEPROM, a decrement-only counter, two pins of configurable GPIO, and a unique 64-bit ROM identification number (ROM ID).
The ECC public/private key capabilities operate from the NIST defined P-256 curve and include FIPS 186 compliant ECDSA signature generation and verification to support a bidirectional asymmetric key authentication model. The SHA-256 secret-key capabilities are compliant with FIPS 180 and are flexibly used either in conjunction with ECDSA operations or independently for multiple HMAC functions.
Two GPIO pins can be independently operated under command control and include configurability supporting authenticated and nonauthenticated operation including an ECDSA-based crypto-robust mode to support secure-boot of a host processor.
DeepCover embedded security solutions cloak sensitive data under multiple layers of advanced security to provide the most secure key storage possible. To protect against device-level security attacks, invasive and noninvasive countermeasures are implemented including active die shield, encrypted storage of keys, and algorithmic methods.
| Explore security topics and test drive secure authenticators with the Maxim Security Lab |
Secure Boot and Secure Download -
Part 1: Protecting IoT Devices with Secure Authentication
Secure Boot and Secure Download -
Part 3: Using the DS28C36
Secure Boot and Secure Download -
Part 2: Technologies Behind Embedded Security
Technical Docs
Support & Training
Search our knowledge base for answers to your technical questions.
Filtered SearchOur dedicated team of Applications Engineers are also available to answer your technical questions. Visit our support portal
Request a Quote