Top

DeepCover Secure Authenticator with 1-Wire SHA-256 and 2Kb User EEPROM

Protect Your Development Investment with Crypto-Strong Authentication and Advanced Physical Security

Product Details

DeepCover® embedded security solutions cloak sensitive data under multiple layers of advanced physical security to provide the most secure key storage possible.

The DeepCover Secure Authenticator (DS28E22) combines crypto-strong, bidirectional, secure challenge-and-response authentication functionality with an implementation based on the FIPS 180-3-specified Secure Hash Algorithm (SHA-256). A 2Kb user-programmable EEPROM array provides nonvolatile storage of application data and additional protected memory holds a read-protected secret for SHA-256 operations and settings for user memory control. Each device has its own guaranteed unique 64-bit ROM identification number (ROM ID) that is factory programmed into the chip. This unique ROM ID is used as a fundamental input parameter for cryptographic operations and also serves as an electronic serial number within the application. A bidirectional security model enables two-way authentication between a host system and slave-embedded DS28E22. Slave-to-host authentication is used by a host system to securely validate that an attached or embedded DS28E22 is authentic. Host-to-slave authentication is used to protect DS28E22 user memory from being modified by a nonauthentic host. The SHA-256 message authentication code (MAC), which the DS28E22 generates, is computed from data in the user memory, an on-chip secret, a host random challenge, and the 64-bit ROM ID. The DS28E22 communicates over the single-contact 1-Wire® bus at overdrive speed. The communication follows the 1-Wire protocol with the ROM ID acting as node address in the case of a multiple device 1-Wire network.

Our Secure Drug Delivery video shows how Maxim security products can be used to authenticate remote drug delivery.

Key Features

  • Symmetric Key-Based Bidirectional Secure Authentication Model Based on SHA-256
  • Dedicated Hardware-Accelerated SHA Engine for Generating SHA-256 MACs
  • Strong Authentication with a High Bit Count, User-Programmable Secret, and Input Challenge
  • 2048 Bits of User EEPROM Partitioned Into 8 Pages of 256 Bits
  • User-Programmable and Irreversible EEPROM Protection Modes Including Authentication, Write and Read Protect, and OTP/EPROM Emulation
  • Unique, Factory-Programmed 64-Bit Identification Number
  • Single-Contact 1-Wire Interface Communicates with Host at Up to 76.9kbps
  • Operating Range: 3.3V ±10%, -40°C to +85°C
  • Low-Power 5μA (typ) Standby
  • ±8kV Human Body Model ESD Protection (typ)
  • 6-Pin TDFN, 6-Lead TSOC Packages

Applications/Uses

  • Authentication of Network-Attached Appliances
  • Key Generation and Exchange for Cryptographic Systems
  • Printer Cartridge ID/Authentication
  • Reference Design License Management
  • Secure Feature Setting for Configurable Systems
  • Sensor/Accessory Authentication and Calibration
  • System Intellectual Property Protection
Parametric specs for Secure Authenticators
Crypto Engine Symmetric
Applications IP Protection
Medical Consumable ID
PCB ID and Authentication
Print Cartridge Authentication
Bus Type 1-Wire
Memory Type EEPROM
Memory Size 2K x 1
Deep Cover Yes
Oper. Temp. (°C) -40 to +85
Package/Pins TDFN/6
TSOC/6
Budgetary
Price (See Notes)
$0.98 @1k
View More

Simplified Block Diagram

DS28E22: Typical Application Circuit DS28E22: Typical Application Circuit Zoom icon

Design & Development

Click any title below to view the detail page where available.

Additional Resources
Programming Options
Programming Secure Authenticators

Description

The DS28E22 evaluation system (EV system) provides the hardware and software necessary to evaluate and program the DS28E22 DeepCover® Secure Authenticator. EV system operation requires a host PC for user-friendly evaluation.
This evaluation system includes a DS9400 USB-to-I2C PC adapter, a DS2465 EV board, a DS9120Q+ evaluation socket board for a TDFN DS28E22, and five DS28E22 sample devices in a TDFN package. The EV software runs on Windows® 8, Windows 7, Windows Vista®, and Windows XP® operating systems. Detailed instructions for downloading and installing software, as well as general EV system operation are included in the EV system data sheet; software and documentation are available at the link above.
Note: The DS2465 EV board and DS9400# subcomponents are not available for direct sale outside of evaluation systems. A data sheet specific to DS9400# is not available.

View Details

Features

  • EV Kit Contains
    • Five DS28E22 Devices in a TDFN-EP Package
    • One USB-to-I2C PC Adapter (DS9400#) Provides PC Connection
    • DS2465EVKIT# Evaluation Board Provides 1-Wire Interface and SHA-256 Coprocessor
    • One EV Board (DS9120Q+) with TDFN-EP Socket Provides Easy Chip Evaluation
  • USB-to-I2C Module Contains Prolific PL-2303HXD USB-to-UART Chip
    • Enumerates as a Virtual PC COM Port
    • Windows-Certified Logo USB Device Driver Available
    • Standard USB Cable Interface
  • EV Board Contains Convenient On-Board Test Points
  • Evaluation Software Will Be Provided Along with Full Evaluation Kit Data Sheet

/en/design/design-tools/ee-sim.html?

Support & Training

Search our knowledge base for answers to your technical questions.

Filtered Search

Our dedicated team of Applications Engineers are also available to answer your technical questions. Visit our support portal

Parameters

Parametric specs for Secure Authenticators
Crypto Engine Symmetric
Applications IP Protection
Medical Consumable ID
PCB ID and Authentication
Print Cartridge Authentication
Bus Type 1-Wire
Memory Type EEPROM
Memory Size 2K x 1
Deep Cover Yes
Oper. Temp. (°C) -40 to +85
Package/Pins TDFN/6
TSOC/6
Budgetary
Price (See Notes)
$0.98 @1k

Key Features

  • Symmetric Key-Based Bidirectional Secure Authentication Model Based on SHA-256
  • Dedicated Hardware-Accelerated SHA Engine for Generating SHA-256 MACs
  • Strong Authentication with a High Bit Count, User-Programmable Secret, and Input Challenge
  • 2048 Bits of User EEPROM Partitioned Into 8 Pages of 256 Bits
  • User-Programmable and Irreversible EEPROM Protection Modes Including Authentication, Write and Read Protect, and OTP/EPROM Emulation
  • Unique, Factory-Programmed 64-Bit Identification Number
  • Single-Contact 1-Wire Interface Communicates with Host at Up to 76.9kbps
  • Operating Range: 3.3V ±10%, -40°C to +85°C
  • Low-Power 5μA (typ) Standby
  • ±8kV Human Body Model ESD Protection (typ)
  • 6-Pin TDFN, 6-Lead TSOC Packages

Applications/Uses

  • Authentication of Network-Attached Appliances
  • Key Generation and Exchange for Cryptographic Systems
  • Printer Cartridge ID/Authentication
  • Reference Design License Management
  • Secure Feature Setting for Configurable Systems
  • Sensor/Accessory Authentication and Calibration
  • System Intellectual Property Protection

Description

DeepCover® embedded security solutions cloak sensitive data under multiple layers of advanced physical security to provide the most secure key storage possible.

The DeepCover Secure Authenticator (DS28E22) combines crypto-strong, bidirectional, secure challenge-and-response authentication functionality with an implementation based on the FIPS 180-3-specified Secure Hash Algorithm (SHA-256). A 2Kb user-programmable EEPROM array provides nonvolatile storage of application data and additional protected memory holds a read-protected secret for SHA-256 operations and settings for user memory control. Each device has its own guaranteed unique 64-bit ROM identification number (ROM ID) that is factory programmed into the chip. This unique ROM ID is used as a fundamental input parameter for cryptographic operations and also serves as an electronic serial number within the application. A bidirectional security model enables two-way authentication between a host system and slave-embedded DS28E22. Slave-to-host authentication is used by a host system to securely validate that an attached or embedded DS28E22 is authentic. Host-to-slave authentication is used to protect DS28E22 user memory from being modified by a nonauthentic host. The SHA-256 message authentication code (MAC), which the DS28E22 generates, is computed from data in the user memory, an on-chip secret, a host random challenge, and the 64-bit ROM ID. The DS28E22 communicates over the single-contact 1-Wire® bus at overdrive speed. The communication follows the 1-Wire protocol with the ROM ID acting as node address in the case of a multiple device 1-Wire network.

Our Secure Drug Delivery video shows how Maxim security products can be used to authenticate remote drug delivery.

Simplified Block Diagram

DS28E22: Typical Application Circuit DS28E22: Typical Application Circuit Zoom icon

Support & Training

Search our knowledge base for answers to your technical questions.

Filtered Search

Our dedicated team of Applications Engineers are also available to answer your technical questions. Visit our support portal