Analog Devices / Maxim Integrated DS28E40 DeepCover® Automotive 1-Wire Authenticator
Analog Devices DS28E40 DeepCover® Automotive 1-Wire Authenticator is designed to ensure vehicle safety and reliability by authenticating automotive components. The DS28E40 provides a core set of cryptographic tools derived from integrated asymmetric (ECC-P256) and symmetric (SHA-256) security functions. In addition to the security services provided by the hardware-implemented cryptographic engines, the device integrates a FIPS/NIST True Random Number Generator (TRNG), 6Kb of One-Time Programmable (OTP) memory for user data, keys and certificates, one configurable General-Purpose Input/Output (GPIO), and a unique 64-bit ROM identification number (ROM ID).
The ECC public/private key capabilities operate from the NIST-defined P-256 curve and include FIPS 186 compliant ECDSA signature generation and verification to support a bidirectional asymmetric key authentication model. The SHA-256 secret-key capabilities comply with FIPS 180 and are flexibly used in conjunction with ECDSA operations or independently for multiple HMAC functions.
Two GPIO pins can be independently operated under command control and include configurability supporting authenticated and non-authenticated operation, including an ECDSA-based crypto-robust mode to support the secure boot of a host processor.
DeepCover embedded security solutions cloak sensitive data under multiple layers of advanced security to provide the most secure key storage possible. Countermeasures to protect against device-level security attacks are also implemented, including an active die shield, encrypted storage of keys, and algorithmic methods.
Analog Devices DS28E40 DeepCover Automotive 1-Wire Authenticator is available in a compact, side-wettable TDFN10 package and is AEC-Q100 Grade 1 qualified for use in automotive applications.
Features
- ECC-P256 compute engine
- FIPS 186 ECDSA P256 signature and verification
- ECDH key exchange for session key establishment
- ECDSA authenticated R/W of configurable memory
- SHA-256 compute engine
- FIPS 198 HMAC for bidirectional authentication
- SHA-256 one-time pad encrypted R/W of configurable memory through ECDH established key
- One GPIO pin with optional authentication control
- Open-drain, 4mA/0.4V
- Optional SHA-256 or ECDSA authenticated On/Off and state read
- Optional ECDSA certificate verification to set On/Off after multiblock hash for secure boot
- TRNG with NIST SP 800-90B compliant entropy source with function to readout
- Optional chip-generated Pr/Pu key pairs for ECC operations
- 6Kb of One-Time Programmable (OTP) for user data, keys, and certificates
- Unique and unalterable factory-programmed 64-bit identification number (ROM ID)
- Optional input data component to crypto and key operations
- Single-contact, 1-wire interface communication with host at 9.09kbps and 62.5kbps
- 3.3V ±10%, -40°C to +125°C operating range
- ±8kV HBM ESD protection of 1-wire IO pin
- 3.0mm x 3.0mm side-wettable TDFN10 package
- AEC-Q100 Grade 1 qualified
Applications
- Accessory and peripheral secure authentication
- Automotive secure authentication
- Identification and calibration of automotive parts, tools, and accessories
- IoT node crypto-protection
- Secure boot or download of firmware and/or system parameters
- Secure storage of cryptographic keys for a host controller
Development Tools
Analog Devices Inc. DS28E40EVKIT Evaluation Kit
Demonstration and development platform for the DS28E40 DeepCover® Automotive 1-Wire Authenticator.
Typical Application Circuit
