Deep Cover Automotive 1-Wire Authenticator

The DS28E40 is a secure authenticator that provides a core set of cryptographic tools derived from integrated asymmetric (ECC-P256) and symmetric (SHA-256) secu­rity functions. In addition to the security services provided by the hardware-implemented cryptographic engines, the device integrates a FIPS/NIST True Random Number Genera­tor (TRNG), 6Kb of One-Time Programmable (OTP) memory for user data, keys and certificates, one configurable General-Purpose Input/Output (GPIO), and a unique 64-bit ROM identification number (ROM ID).

The ECC public/private key capabilities operate from the NIST-defined P-256 curve and include FIPS 186 compliant ECDSA signature generation and verification to support a bidirectional asymmetric key authentication model. The SHA-256 secret-key capabilities are compliant with FIPS 180 and are usable flexibly either in conjunc­tion with ECDSA operations or independently for multiple Hash-Based Message Authentication Code (HMAC) functions.

The GPIO pin is operated under command control and is configurable enabling support of authenticated and non-authenticated operation. The GPIO-authenticated operation supports ECDSA-based crypto-robust mode, enabling secure-boot of a host processor.

DeepCover embedded security solutions cloak sensitive data under multiple layers of advanced security to provide the most secure key storage possible. To protect against device-level security attacks, including invasive and noninvasive methods, countermeasures include active die shield, encrypted storage of keys, and algorithmic methods.

Applications

* Accessory and Peripheral Secure Authentication * Automotive Secure Authentication * Identification and Calibration Automotive Parts/Tools/Accessories * IoT Node Crypto-Protection * Secure Boot or Download of Firmware and/or System Parameters * Secure Storage of Cryptographic Keys for a Host Controller

* ECC-P256 Compute Engine

* FIPS 186 ECDSA P256 Signature and Verification * ECDH Key Exchange for Session Key Establishment * ECDSA Authenticated R/W of Configurable Memory

* SHA-256 Compute Engine

* FIPS 198 HMAC for Bidirectional Authentication

* SHA-256 One-Time Pad Encrypted R/W of Configurable Memory Through ECDH Established Key * One GPIO Pin with Optional Authentication Control

* Open-Drain, 4mA/0.4V * Optional SHA-256 or ECDSA Authenticated On/Off and State Read * Optional ECDSA Certificate Verification to Set On/Off after Multiblock Hash for Secure Boot

* TRNG with NIST SP 800-90B Compliant Entropy Source with Function to Read Out * Optional Chip-Generated Pr/Pu Key Pairs for ECC Operations * 6Kb of One-Time Programmable (OTP) for User Data, Keys, and Certificates * Unique and Unalterable Factory-Programmed 64-Bit Identification Number (ROM ID)

* Optional Input Data Component to Crypto and Key Operations

* Single-Contact, 1-Wire Interface Communication with Host at 9.09kbps and 62.5kbps * 3.3V ±10%, -40°C to +125°C Operating Range