Analog Devices DS28E40 Product Info

• ECC-P256 Compute Engine
  • FIPS 186 ECDSA P256 Signature and Verification
  • ECDH Key Exchange for Session Key Establishment
  • ECDSA Authenticated R/W of Configurable Memory
• SHA-256 Compute Engine
  • FIPS 198 HMAC for Bidirectional Authentication
• SHA-256 One-Time Pad Encrypted R/W of Configurable Memory Through ECDH Established Key
• One GPIO Pin with Optional Authentication Control
  • Open-Drain, 4mA/0.4V
  • Optional SHA-256 or ECDSA Authenticated On/Off and State Read
  • Optional ECDSA Certificate Verification to Set On/Off after Multiblock Hash for Secure Boot
• TRNG with NIST SP 800-90B Compliant Entropy Source with Function to Read Out
• Optional Chip-Generated Pr/Pu Key Pairs for ECC Operations
• 6Kb of One-Time Programmable (OTP) for User Data, Keys, and Certificates
• Unique and Unalterable Factory-Programmed 64-Bit Identification Number (ROM ID)
  • Optional Input Data Component to Crypto and Key Operations
• Single-Contact, 1-Wire Interface Communication with Host at 9.09kbps and 62.5kbps
• 3.3V ±10%, -40°C to +125°C Operating Range

• ±8kV HBM ESD protection of 1-Wire IO Pin
• 10-Pin TDFN Package
• 3mm x 4mm TDFN Package
• 3mm x 3mm, Side-Wettable TDFN Package
• AEC-Q100 Grade 1

The DS28E40 is a secure authenticator that provides a core set of cryptographic tools derived from integrated asymmetric (ECC-P256) and symmetric (SHA-256) secu­rity functions. In addition to the security services provided by the hardware-implemented cryptographic engines, the device integrates a FIPS/NIST True Random Number Genera­tor (TRNG), 6Kb of One-Time Programmable (OTP) memory for user data, keys and certificates, one configurable General-Purpose Input/Output (GPIO), and a unique 64-bit ROM identification number (ROM ID).

The ECC public/private key capabilities operate from the NIST-defined P-256 curve and include FIPS 186 compliant ECDSA signature generation and verification to support a bidirectional asymmetric key authentication model. The SHA-256 secret-key capabilities are compliant with FIPS 180 and are usable flexibly either in conjunc­tion with ECDSA operations or independently for multiple Hash-Based Message Authentication Code (HMAC) functions.

The GPIO pin is operated under command control and is configurable enabling support of authenticated and non-authenticated operation. The GPIO-authenticated operation supports ECDSA-based crypto-robust mode, enabling secure-boot of a host processor.

DeepCover embedded security solutions cloak sensitive data under multiple layers of advanced security to provide the most secure key storage possible. To protect against device-level security attacks, including invasive and noninvasive methods, countermeasures include active die shield, encrypted storage of keys, and algorithmic methods.

Applications

• Accessory and Peripheral Secure Authentication
• Automotive Secure Authentication
• Identification and Calibration Automotive Parts/Tools/Accessories
• IoT Node Crypto-Protection
• Secure Boot or Download of Firmware and/or System Parameters
• Secure