Top

Security Supervisor with SP800-90A TRNG, Tamper Detection, and Cryptography

Small Footprint, Secure Memory with Advanced Security Protection

Product Details

Key Features

Applications/Uses

Parametric specs for Security Managers
# Digital Inputs Monitored 2
Internal Key Memory (Bytes) 1024
Deep Cover Yes
Package/Pins TQFN/68
Oper. Temp. (°C) -40 to +85
Budgetary
Price (See Notes)
0
View More

Technical Docs

Support & Training

Search our knowledge base for answers to your technical questions.

Filtered Search

Our dedicated team of Applications Engineers are also available to answer your technical questions. Visit our support portal .

Parameters

Parametric specs for Security Managers
# Digital Inputs Monitored 2
Internal Key Memory (Bytes) 1024
Deep Cover Yes
Package/Pins TQFN/68
Oper. Temp. (°C) -40 to +85
Budgetary
Price (See Notes)
0

Key Features

  • Low-Power Security Supervisor Enables Cost Effective Security Solution
    • 1KB Battery-Backed NV SRAM with High-Speed Erase on its AES-256 Encryption Key
    • 4KB Flash Data Storage
    • Battery-Backed Tamper Circuit and RTC
    • Low-Current Battery-Backup Operation
    • Operates from Single 3.3V Supply
  • Security Features Facilitate System-Level Protection
    • Tamper Detection with Fast Wipe Key/Data Destruction
    • Hardware Accelerators for AES (128/192/256), 3DES, RSA (1024/2048/4096), ECDSA (p256/p384/p521), SHA (1/224/256/384/512)
    • True Hardware Random-Number Generator (NIST SP800-90A)
    • Temperature, Voltage and Die Shield Sensors to Detect Attacks
    • 2 Pairs of External Sensor Tamper Detects
    • Time Stamp for Tamper Event
    • Encrypted NV SRAM Data Transfer
    • Authentication with Connected Host
    • 104-Bit Unique Serial Number
  • Integrated Peripherals Allows for Easy Integration into Applications
    • Programmable Alarm with External Output
    • CPU Supervisor
    • SPI, I²C, UART Interfaces
    • 4 GPIO Pins

Applications/Uses

  • Electronic Signature Generation
  • Gaming Machines
  • Internet Security
  • IP Protection
  • Point of Sales
  • Secure Access Control
  • Security and Banking Tokens
  • Smart Control Systems for Home Automation
  • Smart Factory for Industrial 4.0
  • Smart Grid Security

Description

As Internet connectivity and greater intelligence get integrated into more products, these products can also boast more potential points of vulnerability if left unprotected. Embedded security technologies, such as security supervisors, can safeguard these designs from hacking, counterfeiting, and other security breaches faced by Internet of things (IoT) designs. The MAX36210 is a low-power security supervisor designed for fiscal memory, internet security and IP protection applications that require certificate-based or other public key cryptography schemes. The device also incorporates a sophisticated security mechanism to protect sensitive information in secure memory; two pairs of external sensor input and environmental monitors (temperature, voltage, and die shield sensors) erase the on-chip secure memory when an attack condition is detected.

SPI, I²C, and UART interfaces (one each) are provided for secure, flexible communication to external system nodes. Device control and configuration are performed through an SPI, I²C, or UART interface.

The MAX36210 includes 1KB of battery-backed nonvolatile SRAM that is always protected by dynamic sensors and environmental sensors. This memory is provided for secure data storage where data is automatically encrypted/decrypted by a AES-256 master key upon access. When there is a tamper event, it causes the device to instantly wipe the AES-256 master key as well as other sensitive contents. Tamper source and time of tamper are recorded in battery-backed registers. In addition, the MAX36210 enters into a reset state until the source of the tamper is removed. With the combination of the above features and tamper detection circuit, the MAX36210 supports active tamper resistance, which is required by FIPS140 and PCI standards.

The MAX36210 also includes 4KB of flash for storing less critical information that the content needs to remain intact upon a tamper attack.

Sensitive data (such as secret keys and private keys) transfer between the MAX36210 and a host processor is protected by a AES-128 root key. Sensitive data in NVSRAM or flash is encrypted by the AES-128 root key before data is sent over SPI, I²C, or UART. The host processor must decrypt the data with the corresponding AES-128 root key to retrieve useful information.

The communication link between the MAX36210 and a host processor can also be secured by using an integrated authentication protocol as an additional layer of security to ensure the MAX36210 responds only to an authenticated device. Authentication is optional, but once it is enabled, it cannot be disabled.

A true random number generator (TRNG) is included for key generation and challenge generation. An SP800-90A compliant process is applied on the TRNG output.

A real-time clock (RTC) records the current date and time. When a tamper event occurs, the tamper time is read from the RTC and stored in a battery-backed register. The RTC has an alarm function. An alarm can be set 12 days in advance. Application could use the alarm to trigger the host processor on a daily-basis for regular checkups, status monitoring and time adjustment between the host processor and the MAX36210. When an alarm event occurs, an output pulse is sent to the ALM pin for external processing. The RTC comes with a trim function whereby clock cycles can be added or subtracted from the RTC counter for any time drift compensations required, such as when the external crystal is exposed to significant temperature changes.

The MAX36210 supports high-speed hardware accelerators for AES, DES, RSA, ECDSA, and SHA. The device acts as a coprocessor to perform encryption, decryption, signature generation and signature verification operations. To prevent cryptographic key hacking, side channel attack countermeasures are built into the device.

The device is powered by a 3.3V voltage supply. A battery connection is provided for applications that want to maintain secure memory data for years without draining the main power supply. In battery-backed mode, the secure memory and security sensors consume 2.9µA (typ).

Technical Docs

Support & Training

Search our knowledge base for answers to your technical questions.

Filtered Search

Our dedicated team of Applications Engineers are also available to answer your technical questions. Visit our support portal .