AT88SC118 - Complete

Atmel AT88SC118
CryptoCompanion Chip for
CryptoRF and CryptoMemory Products
DATASHEET
Features
 Atmel® CryptoCompanion™ Chip to Atmel CryptoRF® and Atmel CryptoMemory®
Securely implements Host algorithms
Securely stores Host secrets
 Verifies Host firmware digests


 High security features in hardware










CryptoMemory and CryptoRF F2 Algorithm
SHA-1 standard cryptographic algorithm
64-bit Mutual Authentication Protocol (Under License of ELVA)
Permanently coded serial numbers
High quality Random Number Generator (RNG)
Metal shield over memory
Data scrambling in nonvolatile memory
Delay penalties to prevent systematic attacks
Reset locking to prevent illegal power cycling
Voltage and frequency monitors
 Host-side crypto functions
Authentication challenge generation
Device challenge response
 Message Authentication Codes (MAC) generation
 Data encryption and decryption
 Secure authentication key management


 Secure storage and key management
Up to 16 sets of 64-bits diversified Host keys
Eight sets of two 24-bit passwords
 Secure and custom personalization
 Up to 232-byte Read/Write configurable user data area


 Nonvolatile up counters


Four sets unidirectional counters
6.4 million maximum counts per counter
 Application features
Low voltage supply: 2.7V – 3.6V
2-Wire Serial Interface (TWI, 5V compatible)
 Standard 8-lead SOIC plastic package, green compliant (exceeds RoHS)


 High reliability
Endurance: 100,000 cycles
Data retention: 10 years
 ESD protection: 3,000V min. HBM


Atmel-8857A-CryptoComp-AT88SC118-Datasheet_052013
1.
Product Overview
The Atmel AT88SC118 is designed as the mate to the CryptoRF (CRF) and CryptoMemory (CM) chips, collectively
referred to in the remainder of this document as CRF. Within the operation descriptions, the AT88SC118
CryptoCompanion chip is sometimes referred to as CMC or CryptoMemory Companion chip.
The AT88SC118 makes extensive use of the SHA-1 hash algorithm as specified in
http://www.itl.nist.gov/fipspubs/fip180-1.htm and elsewhere. In this document, the nomenclature SHA-1(a, b, c) means to
concatenate a, b, and c in that order and then pad them to a block size of 64 bytes before computing the digest. The
AT88SC118 does not ever generate a SHA-1 digest of datasets larger than a single round.
1.1
General Operation
The CRF chip contains secrets that must be known or derived by a Host system in order to establish a trusted link
between the two and permit communications to happen. The AT88SC118 stores these secrets in an obscured way in
nonvolatile memory and contains all the circuitry necessary to perform the authentication, password, and
encryption/decryption functions specified in the CRF datasheet. In this manner, the secrets do not ever need to be
revealed.
The general cryptographic strategy is as follows:
1.2

Each CRF chip has a serial or identification number (ID) and authentication secret Gi stored in EEPROM. ID is
freely readable; Gi can never be read and is unique for all tags.

The AT88SC118 contains an EEPROM that contains a set of common secrets (Fn). The
AT88SC118 combines Fn with ID and KID to compute a value of G that is expected to match that in the CRF chip.
Specifically, G = SHA-1(Fn, ID, KID).

G is further diversified by the inclusion of a number (KID) generated by the Host system in a manner of its
choosing. Typically, it will be the result of a cryptographic operation on the CRF ID value calculated using other
data, secrets, and/or algorithms external to the AT88SC118. This permits scenarios that offer varying degrees of
additional security.

The AT88SC118 includes a general purpose cryptographic quality Random Number Generator which is used to
seed a mutual authentication process between the AT88SC118 and CRF. If the CRF confirms the CMC challenge,
and the CMC confirms the CRF response, then the Host system proceeds with CRF operations. In this way, the
Host system may use the CRF without knowing the CRF’s secrets directly.
CryptoCompanion Benefits
The following is a partial list of the benefits of using this chip versus storing the algorithms and secrets in standard Flash
system memory.
2

Keep confidential those core secrets that are used to authenticate with and communicate to/from CRF.
(Store them in EEPROM and use them on-chip)

Flexible system implementation — multiple secrets and policies for different CRF locations within the system.
Multiple manufacturer setup options.

Hardware encryption engines, avoids algorithm disclosure from reverse-compilation of system operating code.

Full hardware security implementation makes it harder for an attacker (even with lab equipment) to get secrets
stored on the AT88SC118.

Global secrets are protected using strong security, standard algorithm (SHA-1).

Implements a crunching algorithm to prevent micro-controller based CRF replicas.

Robust Random Number Generation avoids accidental replay for all cryptographic operations using the system;
not just with respect to CRF.

Secure EEPROM storage for configuration information, etc. may permit reduction in the total BOM for the system.

Easy to use — little programming required, no knowledge of security algorithms or protocols, and fast time to
market.
Atmel AT88SC118 [DATASHEET]
Atmel-8857A-CryptoComp-AT88SC118-Datasheet_052013
1.3
CryptoCompanion Security
The following is a partial list of the security features on this chip.

Strong internal EEPROM encryption scheme.

Dynamically encrypted internal SRAM data.

Programmable power-up penalty.

Escalating attack penalty.

Authentication timeouts.

Anti-tearing counters.

Anti-tearing RNG Seed.

Secure Personalization.

Command usage limitations to prevent exhaustive attacks.

Uniquely encrypted F Secrets inside chip.

High security internal clocking scheme.

Over and under voltage detection tampers.

Internal data integrity validation.

Active shield over security sensitive blocks
1.4
Package, Pinout, and I/O
1.4.1
Pinout
All pins not otherwise specified are considered Test pins and should be grounded on the board.
Table 1-1.
Pin
Pin Descriptions
Description
Power Supply and Ground. Power supply is 2.7 – 3.6V and the supply current is less than 5mA.
CryptoCompanion will be available to accept commands 60ms after the later of VCC rising above 2.7V or
Reset being driven high if CryptoCompanion is in a security delay then this interval is significantly longer.
VCC and
GND
During power-up, VCC must exhibit a monotonic ramp at a minimum rate of 50mV/ms until VCC has crossed
the 2.7V level. During power-down, VCC must exhibit a monotonic ramp at a minimum rate of 50mV/ms once
it has dropped below the 2.5V boundary. CryptoCompanion does not support hot swapping or hot plugging.
VCC must be bypassed with high quality surface mount capacitors that are properly located on the board.
Atmel recommends two capacitors connected in parallel having a value of 1mF and 0.01mF. The capacitors
should be manufactured using X5R or X7R dielectric material. These capacitors should be connected to the
AT88SC118 using a total of no more than 1cm PC board traces. Atmel recommends the use of a ground
plane and a trace length of less than 0.5cm between the capacitors and the VCC pin.
Caution:
Failure to follow these recommendations may result in improper operation.
SDA
2-Wire Interface Data pin and 5V compatible. Data setup time = 0.1μs minimum and data hold time = 0 μs
minimum.The system board must include an external pull-up resistor.
SCL
2-Wire Interface Clock pin and 5V compatible. Maximum SCL rate is 400KHz, min. TLOW = 1.2μs,
min. THIGH = 0.6μs. The system board must include an external pull-up resistor.
RST
Reset. This active low input will reset all states within the AT88SC118. It is honored regardless of the state
of PowerDown.
PDN
PowerDown. When held low, the part operates normally. When held high the part will go to sleep and ignore
all transitions on SDA and SCL, power consumption will drop to less than 10μA. There is a 50ms delay
between this pin falling and the first transition on SDA or SCL that will be accepted by the chip.
Atmel AT88SC118 [DATASHEET]
Atmel-8857A-CryptoComp-AT88SC118-Datasheet_052013
3
1.4.2
Package
The AT88SC118 is packaged in an 8-lead SOIC package. The pinout is as follows:
Table 1-2.
Pin Number
Pin Name
1
PDN
2
RST
3 and 7
NC
4
GND
5
SDA
6
SCL
8
VCC
Note:
1.4.3
8-lead SOIC package pinout
Pins 3 and 7 are not internally connected and should be connected to ground on the PC board.
Connection Diagram
Figure 1-1. Connection Diagram
2.7V – 5.5V
2.7V – 3.6V
Microprocessor
CryptoCompanion
SDA
SCL
1.4.4
Environmental
The AT88SC118 is guaranteed to operate over the industrial temperature range of -40C to 85C. ESD is rated at 2KV,
Human Body Model.
4
Atmel AT88SC118 [DATASHEET]
Atmel-8857A-CryptoComp-AT88SC118-Datasheet_052013
1.4.5
TWI Input/Output Operation
The AT88SC118 communicates to the system using a 2-Wire Interface (TWI), which is similar to SMBus™. The chip
operates as a slave and does not support clock stretching. This 2-Wire protocol is identical to that supported by the Atmel
AT24C16B Serial EEPROM chips. Refer to the datasheet on the Atmel website for detailed timing and protocol
information.
The system processor is expected to properly format commands for the AT88SC118 (which may include information
from the CRF chip), and then process the outputs of the AT88SC118 (which may include sending some of the outputs to
the CRF chip).
The AT88SC118 cannot directly communicate with CRF or CM chips. Both CRF/CM and the
AT88SC118 are slave devices. The bus master may use one or two busses to communicate with them. Separate TWI
addresses must be used if both chips are on the same bus.
Table 1-3.
AT88SC118 Communications Packets Naming Conventions.
AT88SC118 Name
TWI Name
Description
This byte selects a particular chip on the 2-Wire bus.
Bit 1 of this byte on the AT88SC118 selects between accesses to:
If 1 = Command/Data or
If 0 = The Status Register.
Device Address
Device Name
Cmd
Word Address
If the device address specified a command input (TWI Write), then this byte
specifies the command to be executed by the AT88SC118. This byte doesn’t
exist on Read operations.
Size
DataN
The total number of bytes to follow this byte may be zero in the case that there
are no operand bytes. This byte doesn’t exist on status read operations.
Data
DataN+1, …
Operand input or output bytes as specified in the command descriptions in
Section 3., “Command Descriptions”
Bit 0 of this byte is the standard 2-wire R/W pin.
If 1 = The bytes following the device address travel from the slave to the
master (Read).
If 0 = These bytes flow to the slave (Write).
If the upper six bits of the device address byte sent over the TWI match the upper six bits of the Dev field in the
EEPROM, then the AT88SC118 may respond to this transmission; otherwise, it will NACK this byte. Dev is set to a value
of 0xC0 on shipment from Atmel.
In general, the AT88SC118 will fail to ACK (NACK) the device address byte if bit 1 of the device address is zero
(command/data transfer) and the AT88SC118 is busy.
The AT88SC118 is designed in such a way that the TWI Size field should be consistent with the count values specified in
the command parameter descriptions from Section 3., “Command Descriptions”. If the TWI Size field is inconsistent with
the command parameter count value, the AT88SC118 will respond in different ways depending on the specific
command. Some of these responses may include security penalties, other error indications, or some input bytes may be
silently ignored.
Atmel AT88SC118 [DATASHEET]
Atmel-8857A-CryptoComp-AT88SC118-Datasheet_052013
5
1.4.5.1 Command Input
Table 1-4.
Byte
Command Input Byte Sequence
Direction
Name
Description
This byte selects a particular chip on the 2-Wire bus.
0
To Slave
Device
Address
Bit 1 should be zero to indicate a command transfer to the AT88SC118.
1
To Slave
Cmd
The ordinal of the command to be executed by the AT88SC118, from Table 1-5.
2
To Slave
Size
The total number of bytes to follow this byte may be zero in the case that there are no
operand bytes.
3, …
To Slave
Data
Operand bytes as specified in Section 3., “Command Descriptions”.
Bit 0 should be zero to indicate the data bytes travel from the master to the slave (TWI
Write).
If the command ordinal is legal, the AT88SC118 will ACK the command input and start processing. It takes a variable
amount of time to process the command, up to 20ms depending on the number of EEPROM pages to be written. If an
illegal command ordinal (≥0x15) is sent to the chip, it will lock up for a “security delay”, then resume normal operation.
See Section 1.6.4, “Security Delay”.
Values in the Cmd byte are chosen from the table below:
Table 1-5.
6
Cmd Byte Values
Command
Value
VerifyFlash
0x01
Startup
0x02
ChallengeResponse
0x03
Auth_1
0x04
Auth_2
0x05
EncryptPassword
0x06
Encryption_1
0x07
Encryption_2
0x08
GrindBytes
0x09
GetRandom
0x0A
IncrementCounter
0x0B
ReadCounter
0x0C
WriteMemory
0x0D
WriteMemoryEncrypted
0x0E
WriteMemoryAuthorized
0x0F
ReadMemory
0x10
ReadMemoryDigest
0x11
ReadManufacturingID
0x12
Lock
0x13
Clear
0x14
Crunch
0x15
Atmel AT88SC118 [DATASHEET]
Atmel-8857A-CryptoComp-AT88SC118-Datasheet_052013
1.4.5.2 Command Output
The command output can be extracted from the AT88SC118 using the following byte sequence.
Table 1-6.
Byte
0
Command Output Byte Sequence
Direction
Name
To Slave
Device
Address
Description
This byte selects a particular chip on the 2-Wire bus.
Bit 1 should be zero to indicate that this is a command output.
Bit 0 should be one to indicate that the data will travel from the slave to the master.
1
To Master
Size
The total number of bytes to follow this byte may be zero in the case that there are no
output bytes.
2, …
To Master
Data
Output bytes as specified in Section 3., “Command Descriptions”.
Command output bytes can be repeatedly read from the AT88SC118 as they remain valid until a new command is sent
to the AT88SC118. Until <size> bytes of the new command have been sent, DataAvailable will remain set, and that
number of bytes can be read from the SRAM output buffer, though the new input bytes will overwrite the old output bytes.
Some commands do not have any data output, for instance ‘Clear’. On completion of these commands, the
DataAvailable bit will be cleared, and the system can read just the size byte, which will have a value of zero.
1.4.5.3 Status
This register can be read to determine the current status or the error information using the following byte stream. This
sequence can be run at any time, regardless of whether or not the AT88SC118 is busy or locked.
Table 1-7.
Byte
Byte Stream Sequence
Direction
Name
Description
This byte selects a particular chip on the 2-Wire bus.
0
To Slave
Device
Address
Bit 1 should be one to select the status register.
1
To Master
Status
Returns the current value of the status register.
Bit 0 is the standard 2-Wire R/W pin and should be one (data bytes travel from the slave
to the master).
Atmel AT88SC118 [DATASHEET]
Atmel-8857A-CryptoComp-AT88SC118-Datasheet_052013
7
The status register value is described in the following table:
Table 1-8.
Status Register Value
Byte
Name
Description
0
Data Available
The AT88SC118 has completed processing of the command, and data is available in the output
buffer. A successfully completed command that does not have any output will not set this bit.
1
Busy
The AT88SC118 is processing a command and is unable to accept more input or provide
output, or it is in some sort of security penalty period.
2
StartupDone
The ChallengeResponse command has successfully run this power cycle. Once set, this bit will
remain set until the next reset or power cycle.
3–4
Reserved
Will always be zero.
5–7
Error
An error occurred during prior input or command processing. The value of these three bits
denotes the particular condition that occurred.
The eight error codes are used as follows:
Table 1-9.
Name
Error Codes
Value
Description
OK
0
Enabled, no error.
RstLocked
1
The AT88SC118 is disabled until the next power cycle or reset assertion. Whenever the error
bits are in this state, the Busy bit in the status register will also be asserted.
BadCmd
2
The formatting of the command was invalid, or one of the operands had an unacceptable value.
TimeDelay
3
The AT88SC118 is disabled up for a certain period of time and will respond to commands after
this delay has elapsed. This delay may be a Power Delay (Section 1.6.2, “Reset Protection and
Power Delay”) or Security Delay (Section 1.6.3, “Reset Locking”). Whenever the error bits are
in this state, the Busy bit in the status register will also be asserted.
AuthFail
4
Either authentication must be completed prior to the execution of this command or there was a
problem during the execution of the auth commands themselves.
—
5
¾
6
¾
7
The system must poll this register (using TWI reads) after sending a command to the chip before attempting to read the
result.
This register cannot be written, attempts to do so will result in a NACK.
1.4.6
Byte Order
The AT88SC118 uses a big-endian byte order for all large integers (addresses, counters) which means that the most
significant byte appears first on the bus. Within this document, that byte is shown on the left side of the page. Arrays (F
values, cryptograms, passwords, digests) appear in index order, byte 0 first (or on the left of the page).
The 2-Wire protocol specifies that the most significant bit within a byte appears first on the bus and it appears on the left
side of the page.
8
Atmel AT88SC118 [DATASHEET]
Atmel-8857A-CryptoComp-AT88SC118-Datasheet_052013
1.5
Memory Architecture
The 4Kb (512 byte) EEPROM within the AT88SC118 is organized into a number of sections, each of which have different
access restrictions.
1.5.1
Memory Locking
On shipment from Atmel, certain locations are preloaded by Atmel, per Section 1.5.13, “Memory Initialization Values”. All
other data locations are unknown. The system manufacturer should load all areas important for proper system operation
with the desired initial values.
When this initialization is complete, the Lock command should be executed which limits access to the memory per the
restrictions listed later in this section. The system can determine the current lock value by using the
ReadManufacturingID command to read out the ManufacturingID value (MfrID) and the lock byte.
The table below describes the encoding of the least significant two bits of the Lock byte. On shipment from Atmel,
Lock[1:0] will have a value of either 10 or 00, depending on the part number ordered. An AT88SC118 in either of these
two states is considered unlocked. It is not possible to change from one of these unlocked states to the other.
After the Lock command has been executed, the Lock byte will have the value 0xFF. Subsequent changes to the Lock
byte are impossible.
Table 1-10. Memory Locking
1.5.2
LockBit
1
LockBit
0 (LSB)
1
1
Locked. ReadMemory and WriteMemory enabled, subject to the restrictions in this section.
WriteMemoryEncrypted and ReadMemoryDigest disabled.
1
0
Unlocked/Confidential. ReadMemoryDigest, WriteMemory, and WriteMemoryEncrypted enabled.
ReadMemory disabled.
0
0
Unlocked. ReadMemory and WriteMemory enabled. WriteMemoryEncrypted and
ReadMemoryDigest disabled.
Meaning
Secure Personalization
Customers desiring to write secrets into the AT88SC118 during personalization without exposing these secrets to
attackers should purchase the version of the chip in which Lock[1:0] is 10.
In these parts, Atmel will write a transport key into the EncKey location within EEPROM during wafer probe. Once the
AT88SC118 leaves the Atmel factory, the EncKey location cannot be written under any circumstances.
When the part is unlocked and therefore in the personalization phase, the WriteMemoryEncrypted command permits the
incoming data to be encrypted using EncKey as the encryption key. Data can also be written unencrypted if desired.
Verification of the EEPROM contents must use the ReadMemoryDigest command as ReadMemory is prohibited in these
parts as shipped. Once locked, the WriteMemoryEncrypted and ReadMemoryDigest commands are prohibited —
WriteMemory and ReadMemory are then enabled over a restricted address space.
The value written into EncKey will be the first 16 bytes of the SHA-1 digest of the concatenation of the 15 byte
ManufacturingID with a 16 byte secret provided to Atmel by the system manufacturer. The upper six bits of the Lock byte
will contain a secret tag assigned by Atmel to differentiate between various secrets that may have been used to generate
EncKey. This tag will be erased when the AT88SC118 is locked, leaving the Lock byte with the value 0xFF.
Atmel AT88SC118 [DATASHEET]
Atmel-8857A-CryptoComp-AT88SC118-Datasheet_052013
9
1.5.3
ManufacturingID (MfrID)
These 15 bytes contain unique wafer manufacturing information. This data can be used as the AT88SC118 serial
number if desired and can also be used by Atmel to track production of the part. It is written by Atmel at wafer test and
cannot be modified by the customer, regardless of whether or not the part has been locked.
The ManufacturingID value can only be obtained by executing the ReadManufacturingID command.
Note:
1.5.4
If Lock[1:0] is ‘10’, then the contents of the second 32 byte block which includes this value can be accessed with
ReadMemoryDigest. ReadMemory can never be used to access the first 48 bytes of memory (SHA Constant,
EncKey, MfrID, and Lock).
Passwords
P0 – P15. These are the passwords used to enable reading and/or writing of various zones in CRF. For example, CP0 is
the configuration byte for P0, and determines the particular attributes which govern the use of P0. The password
configuration bytes are organized as below:
Table 1-11. Password Configuration Bits.
Bit
Name
Description
0
Encrypt
If 1 = EncryptPassword will return this password value in the clear. In this situation, the
password offers little security value but may be useful for mapping.
1
Connect
2–3
Reserved
Must be zero.
4–7
F Number
The secret to which this password is connected. Unless the current authentication
session has been computed using this secret this password cannot be read in either clear
or encrypted mode.
If 1 = Then obey the “F number” restrictions below.
If 0 = Ignore “F Number”.
Once the AT88SC118 is locked, these elements (P0 – P15 and CP0 – CP15) can never be read directly, nor can they be
written.
1.5.5
Nonvolatile Counters
The AT88SC118 implements four counters that can each increment to a maximum value of 6.4 million. They cannot be
reset, nor can they be decremented. Their current state can be read using the ReadCounter command and they are
incremented with the IncrementCounter command. It is recommended that the IncrementCounter command not be
issued after the counter has reached a value of 6.4 million. Access to these two commands does not require
authorization to have completed.
The above constraints only apply to a locked CMC. In an unlocked AT88SC118, the contents of the EEPROM locations
that hold the current state of the various counters can be freely read and/or written using ReadMemory
(ReadMemoryDigest) or WriteMemory (WriteMemoryEncrypted).
They should be initialized to a count of zero before the AT88SC118 is locked, by writing the following values into all four
of the 16 byte counter areas:
0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0x00 0x00 0x00 0x00 0xFF 0x00 0x00 0x00” at addresses “x0, x1, …
Atmel recommends that all counters be properly initialized even if the application does not utilize all of them.
10
Atmel AT88SC118 [DATASHEET]
Atmel-8857A-CryptoComp-AT88SC118-Datasheet_052013
1.5.6
RNGSeed
This location within the EEPROM is initialized during Atmel manufacturing with a 16 byte random number obtained from
an external high quality hardware random number generator. It is used as part of the input to the random number
generation capability within the AT88SC118. It may be read and/or written when the part is unlocked.
Caution:
1.5.7
Atmel does not recommend that it be written to a fixed value.
Read-Only Memory
When the part is locked, the memory in this area can be read but never written except as described in the next
paragraph. After the system has properly responded to the startup challenge, there are no restrictions on the reading of
this memory. This memory section starts at address 0x110 and extends to 0x100 | RW-Bound – 1.
RW-Bound must be at least 0x10 and less than 0xF8 or F-Bound, whichever is smaller.
1.5.8
Read/Write Memory
The memory in this area has general Read/Write permissions, similar to a standard Serial EEPROM. After the system
has properly responded to the startup challenge, there are no restrictions on the access to this memory.
The first byte in this section is at address 0x100 | RW-Bound. If RW-Bound is less than 0x10, the results will be
unpredictable.
1.5.9
Secrets
F0 – F15. These secrets are used to generate the GC value for the particular CM/CRF chip based on the F1 algorithm,
SHA-1. Up to 16 F values that can be supported by the AT88SC118.
The low byte of the memory address of the first should be written into F-Bound. The three least significant bits of F-bound
are ignored. The first F value is always F0, independent of F-Bound. If F-bound is < RW-Bound or if F-Bound is < 0x80,
the results will be unpredictable.
Example:
If F-Bound is 0xD0, the first F value is F0 at memory address 0x1D0. The last F value is F5 at address
0x1F8.
Example:
If 0xFF is written into F-Bound, CMC will use only a single secret, named F0, which will be located at
address 0x1F8 (since the low three bits of F-bound are ignored).
These elements can never be read directly, nor can they be written after the part has been locked.
1.5.10 CF0 – CF15
This location within the EEPROM is initialized during Atmel manufacturing with a 16 byte random number obtained from
an external high quality hardware random number generator. It is used internally within the AT88SC118. It may be read
and/or written when the part is unlocked.
Caution:
Atmel does not recommend that it be written to a fixed value.
1.5.11 Restricted Bytes
These locations within the EEPROM are initialized during Atmel manufacturing with a four byte random number obtained
from an external high quality hardware random number generator. It is used internally within the AT88SC118. It cannot
be read and/or written when the part is unlocked or locked. When reading from these locations, the result will be 0xFF for
these four bytes.
Atmel AT88SC118 [DATASHEET]
Atmel-8857A-CryptoComp-AT88SC118-Datasheet_052013
11
1.5.12 Memory Map
Figure 1-2. Memory Map
Most Significant Address Bits
0
12
0x000
0x008
0x010
0x018
0x020
0x028
0x030
0x038
0x040
0x048
0x050
0x058
0x060
0x068
0x070
0x078
0x080
0x088
0x090
0x098
0x0A0
0x0A8
0x0B0
0x0B8
0x0C0
0x0C8
0x0D0
0x0D8
0x0E0
0x0E8
0x0F0
0x0F8
0x100
0x108
0x110
…
0x178
0x180
0x188
0x190
0x198
0x1A0
0x1A8
0x1B0
0x1B8
0x1C0
0x1C8
0x1D0
0x1D8
0x1E0
0x1E8
0x1F0
0x1F8
1
2
Least Significant Address Bits
3
4
5
6
7
SHA Constant
EncKey
ManufacturingID
P0
P2
P4
P6
P8
P10
P12
P14
CP0
CP2
CP4
CP6
CP8
CP10
CP12
CP14
Lock
CP1
CP3
CP5
CP7
CP9
CP11
CP13
CP15
P1
P3
P5
P7
P9
P11
P13
P15
Counter0
Counter1
Counter2
Counter3
SystemSecret
CmcSecret
RNGSeed
FlashDigest
CF0
CF8
Mode
CF1
CF9
PwrDelay
CF2
CF10
spare
RstProt
CF3
CF4
CF11
CF12
spare
Restricted
Read-Only Memory
Read/Write Memory
F0
F1
Atmel AT88SC118 [DATASHEET]
Atmel-8857A-CryptoComp-AT88SC118-Datasheet_052013
F2
F3
F4
F5
F6
F7
F8
F9
F10
F11
F12
F13
F14
F15
RW-Bound
CF5
CF13
Restricted
F-Bound
CF6
CF14
Restricted
Dev
CF7
CF15
Restricted
1.5.13 Memory Initialization Values
Upon shipment from the Atmel factory, the following locations will have predefined values. The contents of all other
locations are not guaranteed by Atmel.
Table 1-12. Predefined Initial Memory Values
Name
Initial Value
SHA Constant
Defined by FIPS PUB 180-1.This is written at the Atmel factory and cannot subsequently be changed.
EncKey
Customer Specific, Contact Atmel. See Section 1.5.2, “Secure Personalization”.
ManufacturingID
A unique value for all AT88SC118 chips. See Section 1.5.3, “ManufacturingID (MfrID)”.
Lock
xxxx_xx10 or xxxx_xx00, per Section 1.5.1, “Memory Locking” and Section 1.5.2, “Secure
Personalization”. Consult Atmel for ordering information.
RNGSeed
Random values for each AT88SC118. See Section 1.5.6, “RNGSeed”.
Dev
TWI bus address, shipped as 0xC0. See Section 1.5.4, “Passwords”.
CF0 – CF15
Random values for each AT88SC118. See Section 1.5.10, “CF0 – CF15 ”.
Certain values within the AT88SC118 memory array must be properly programmed prior to locking of the memory.
Failure to properly initialize these locations will result in unpredictable and/or unsecure operation of the part.
Table 1-13. Customer Defined Memory Values
Name
Initial Value
SystemSecret,
CmcSecret
These values are used to perform a mutual authentication between the AT88SC118 and the system
processor. See Section 3.2, “Startup Command” and Section 3.3, “ChallengeResponse Command”.
RW_Bound
The boundary between ReadOnly and ReadWrite memory. See Section 1.5.7, “Read-Only Memory”
and Section 1.5.8, “Read/Write Memory”.
F_Bound
Controls the number of F secrets in the array. See Section 1.5.9, “Secrets” for value limitations.
Mode
FlashDigest
The lower two bits control the way in which VerifyFlash is run, see Section 3.1, “VerifyFlash
Command”.
The upper five bits must be zero for proper operation; other values may result in security or functional
issues.
If Mode.Bit[1:0] is set to zero, then this must be set to the proper value per the descriptions in the
VerifyFlash command, see Section 3.1, “VerifyFlash Command”.
Atmel AT88SC118 [DATASHEET]
Atmel-8857A-CryptoComp-AT88SC118-Datasheet_052013
13
1.6
Security Features
1.6.1
Environmental Detectors
The AT88SC118 contains an over and under voltage detector for VCC and includes a POR detector to prevent any
unknown startup states. If this detector is triggered, the AT88SC118 will be held in reset until the condition is cleared.
The operating clock is internally generated independent of SDA and SCL and glitches on those pins are filtered out. The
AT88SC118 includes a metal obfuscation pattern over the memory block.
1.6.2
Reset Protection and Power Delay
There is a Reset Protection Register in EEPROM (RstProt) that normally has a value of one before power is applied. On
reset, the AT88SC118 writes this register in the EEPROM to a value of zero, and starts a counter. That counter counts
1MHz clocks up to a total delay interval of approximately 67 seconds, and at that time, the AT88SC118 writes the
protection register to a value of one. If a command is in progress when this time interval is reached, the register will be
updated at the completion of the command. After this write, the reset protection circuit goes idle until the next reset.
If at the time of reset or power-up, the Protection Register already has a value of zero, then the AT88SC118 goes into a
Power Delay state for the same amount of time during which it will neither accept nor acknowledge any command. At the
end of the time interval, it will reset the register to a value of one and resume normal operation. A power-up or pin reset
during the Power Delay interval will restart the delay counter and start a new interval during which commands will be
ignored.
The AT88SC118 is designed to permit the system to execute the reset operation (and operate for at least 67 seconds) a
minimum of one million times. If the part is continuously reset every 67 seconds, this limit will be reached in about two
years.
The Power Delay of 67 seconds is the maximum delay that the AT88SC118 can support. The actual delay is derived
from the contents PwrDelay byte within the EEPROM, according to the following table. The measured delay will vary by
up to +/- 25% over manufacturing and operating conditions.
Table 1-14. Reset Protection and Power Delay
PwrDelay
Nominal Delay Interval
PwrDelay
Nominal Delay Interval
0x00
262ms
0x10
4.5s
0x01
524ms
0x20
8.7s
0x02
785ms
0x40
17s
0x04
1.3s
0x80
34s
0x08
2.4s
0xFF
67s
Other
Unpredictable
Note:
1.
Short power delay times may decrease the overall security of the system.
The reset protection circuit and associated power delay operates regardless of whether the AT88SC118 is locked or
unlocked.
Failure to meet Power-Up and Power-Down conditions listed inTable 1-1, for the VCC and GND pins may result in
invoking a reset protection state, causing a Power Delay interval.
14
Atmel AT88SC118 [DATASHEET]
Atmel-8857A-CryptoComp-AT88SC118-Datasheet_052013
1.6.3
Reset Locking
Certain conditions cause the AT88SC118 to lock up until the Reset pin is asserted or the power is cycled. Depending on
the time interval from the last power-up, this action may or may not cause a delay to be enforced. During this time, the
Status Register will show the RstLocked error state and the Busy pin will be asserted.
1.6.4

Some command other than VerifyFlash is attempted before Startup/ChallengeResponse has been run or some
command other than ChallengeResponse follows Startup.

ChallengeResponse is run but the preceding command is not Startup.

VerifyFlash fails for any reason other than that it has been disabled.

ChallengeResponse fails for any reason.

Second attempt to run VerifyFlash in a single power cycle.
Security Delay
When certain operations do not complete successfully, the AT88SC118 will enter a temporary security delay for a period
of time during which no commands will be honored by the AT88SC118. During this time, the system may read the Status
Register which will contain the TimeDelay error code and busy bit set.
The following conditions cause the AT88SC118 to enter a security delay when it is locked. Unlocked AT88SC118 chips
never enter the security delay sequence.

A second attempt to run Startup after the first has completed within the same power or reset cycle.

Some command other than Auth_2 follows Auth_1.

The values sent to the AT88SC118 for Auth_2 do not match those computed internally (authentication failed).

The values sent to the AT88SC118 for Encryption_2 do not match those computed internally (encryption key
verification failed).

An illegal command ordinal is sent to the AT88SC118.
The first time one of these conditions is detected after a power cycle or reset event, the AT88SC118 will delay ~260ms.
After each subsequent failure condition is detected, the AT88SC118 will delay for an interval twice the length of the
previous delay.
Once this doubling reaches a delay equal to or greater than PwrDelay, all subsequent failure conditions will trigger a
lockout interval equal to PwrDelay. The maximum Security Delay is 32s, regardless of the value of PwrDelay.
1.6.5
Command Sequencing
Depending on whether the AT88SC118 is locked or not, some commands must be executed in a certain order, this
section outlines those restrictions.
1.6.5.1 When AT88SC118 is Unlocked
When the AT88SC118 is unlocked, there is no security delay, and there is no requirement that Startup/Challenge be
executed prior to any other command. This strategy may facilitate quicker initialization.
Note:
The Power Delay continues to be active when unlocked and authentication must still be run for those commands
that require it (EncryptPassword, Encryption_1&2, GrindBytes).
When the AT88SC118 is unlocked, the following commands are enabled:

Read Memory can be run only if the least significant two bits of the lock byte in EEPROM are both zero. All
locations from 0x30 onwards can be read.

ReadMemoryDigest can be run on all locations within the EEPROM if Lock[1:0] has a value of 0x10.

WriteMemory can be run over all locations from 0x30 onwards.

WriteMemoryEncrypted can only be run if Lock[1:0] has a value of 0x10.

The Lock command can be run to exit the unlocked state.
1.6.5.2 When AT88SC118 is Locked
When the AT88SC118 is locked, the security delays from Section 1.6.3, “Reset Locking” apply.
Atmel AT88SC118 [DATASHEET]
Atmel-8857A-CryptoComp-AT88SC118-Datasheet_052013
15
The first command run after power-up or a reset must be either VerifyFlash or Startup. If the first command is Startup,
then VerifyFlash cannot be run until the next power cycle. If the first command is VerifyFlash, then the next command
must be Startup. After Startup, the next command must always be Challenge Response.
No other command can be run until ChallengeResponse has successfully completed. Any attempt to run another
command prior to ChallengeResponse or a failure of the ChallengeResponse command will cause the AT88SC118 to
lock up until the next power cycle or reset assertion.
A complete and successful authentication sequence (Auth_1 and Auth_2) must be run prior to those commands that
require it:

EncryptPassword

Encryption_1

Encryption_2

GrindBytes.
Failure to run the authentication sequence will result in an error code in the Status Register but no delay.
When the AT88SC118 is locked, the following commands are disabled:

WriteMemoryEncrypted

ReadMemoryDigest

Lock.
WriteMemory is available only for Read/Write memory (the region between RWBound and F-Bound). ReadMemory is
only available for ReadOnly + ReadWrite memory (the region between address 0x110 and F-Bound). Any attempt to
violate these restrictions will result in a BadCmd error message but no penalty.
16
Atmel AT88SC118 [DATASHEET]
Atmel-8857A-CryptoComp-AT88SC118-Datasheet_052013
2.
CMC ↔ CRF Authentication
The AT88SC118 supports the mutual authentication sequence of the CRF chip in a manner such that the shared secrets
are not ever exposed on theAT88SC118 or CRF busses. This section describes that mutual authentication sequence. To
be consistent with the parameter names in the command descriptions, the
AT88SC118 is referred to by its alternate name of CMC.
2.1
Nomenclature
Table 2-1.
Nomenclature
Symbol
Description
Xi
The subscript ‘i’ indicates a key index in the CRF memory array. CRF contains four sets of key values. Only
those from a single set can be used in a successful authentication sequence.
The superscripts ‘A’ and ‘E’ indicate the two possible phases of the crypto setup for CRF:
YA, YE
C

‘A’ indicates the authentication phase which prefaces all cryptographic communication with CRF.

‘E’ indicates the optional encryption phase.
The initial cryptogram state from CRF to CMC. It is the state generated as a result of a previous authentication
or encryption sequence and is unique.
These values are the challenge and response during the mutual authentication and encryption sequences:
CH, Ci

CHA is the authentication challenge to CRF from CMC.

CiA is the authentication response from CRF to CMC.

CA is the copy of this computed within CMC.

CHE is the encryption challenge to CRF from CMC.

CiE is the encryption response from CRF to CMC.

CE is the copy of this computed within CMC.
This is the Atmel proprietary algorithm implemented within CMC and CRF.
F2
[A, B, C] = F2(X, Y, Z) indicates that X, Y, and Z are inputs to the F2 algorithm, and that execution of the
algorithm on these inputs yields the set of outputs A, B, and C.
G, Gi
The secret stored in CRF or computed on CMC from ID and Fn.
ID
This is the unique serial or identification number for CRF which is obtained from the Nc register within the CRF
EEPROM.
KID
This is a constant generated by the external system in a manner of its choosing. It should typically be a function
of the ID number and an external secret, but may also include other information about the item to which CRF is
attached, the system configuration or other values held external to CMC. CMC treats KID as a constant and
does not interpret its value.
Q
These are random values created in the RNG of CMC which are used as part of the authentication and
encryption sequences.
These are the encryption keys generated as part of the authentication sequence:
SA, SiA

– SA is generated by CMC.

SiA is independently generated by CRF.
Their value should be identical. The S keys generated by the encryption sequence are ignored.
Atmel AT88SC118 [DATASHEET]
Atmel-8857A-CryptoComp-AT88SC118-Datasheet_052013
17
2.2
Authentication and Encryption Sequence
Table 2-2.
Authentication and Encryption Sequence
CMC Command
CMC Computation
A.
Dir.
←
CRF Computation
ID, C
CRF Command
Read Config
G = F1(Fn, KID, ID)
B.
Auth_1
QA = RNG
[CHA, CA, SA] = F2 (G, C, QA)
CHA, QA
→
[CH, CiA, SiA] = F2(Gi, Ci, QA)
CHA =? CH
C.
←
D.
Auth_2
A
Ci =? C
Ci
Verify Crypto
A
A
QE = RNG
E.
Encrypt_1
[CHE, CE, SE] = F2 (SA, CA, QE)
CHE, QE
→
[CH, CiE, SiE] = F2(SiA, CiA, QE)
CHE =? CH
F.
←
G.
18
Encrypt_2
CiE =? CE
Atmel AT88SC118 [DATASHEET]
Atmel-8857A-CryptoComp-AT88SC118-Datasheet_052013
Ci
E
Verify Crypto
3.
Command Descriptions
3.1
VerifyFlash Command
System sends information to the AT88SC118 which would typically be based on the state of an external nonvolatile (e.g.
Flash) program store. If the input digest indicates a problem, the AT88SC118 will set up the Status Register to indicate a
RstLocked error code but will accept no commands until the next reset or power cycle. This command can be run once
only per reset.

If Mode.Bit [1:0] == 00
This command simply verifies that the incoming digest matches that stored in memory. This is useful if the external
ASIC has hardware that can verify the boot code, in which case that hardware would respond to the return code of
this command. VerifyFlash must run before startup.

If Mode.Bit [1:0] == 01
This command implements a simple signature mechanism for an externally loaded module. In this case the
FlashDigest stored in EEPROM is a secret also known by the entity that generates legal download images. The
system sends both the download digest and the signature to the AT88SC118; the AT88SC118 generates a
comparison signature using its stored value and verifies that they are the same. This mode is useful if the external
system has some confidence in the boot code, but does not have sufficient space to implement a full public key
signature verification module. VerifyFlash must run before startup.

If Mode.Bit [1:0] == 11
This command is disabled.

Mode.Bit [1:0] == 10
This command should not be used.

VerifyFlash
It will return OK without any computation or comparison being performed.
Table 3-1.
Inputs
Name
Size
Digest
20
Digest of external memory.
Signature
20
SHA-1(Digest, FlashDigest), ignored if Mode.Bit [1:0] = 00.
Table 3-2.
Name
Description
Outputs
Size
Description
Atmel AT88SC118 [DATASHEET]
Atmel-8857A-CryptoComp-AT88SC118-Datasheet_052013
19
3.2
Startup Command
The AT88SC118 resets all internal state, generates a 20 byte random number, and sends to system as challenge start.
To permit the system processor to mutually authenticate the AT88SC118, it will also compute a response to a challenge
from the system.
CmcResponse = SHA-1(CmcChallenge, CmcSecret).
This command can be run only once per reset or power cycle.
Table 3-3.
Inputs
Name
Size
CmcChallenge
Table 3-4.
Authentication challenge to the AT88SC118 from system processor.
Outputs
Name
3.3
20
Description
Size
Description
SysChallenge
20
Authentication challenge to system processor from RNG.
CmcResponse
20
Challenge response to CmcChallenge.
ChallengeResponse Command
System sends 20 byte challenge response to the AT88SC118. The AT88SC118 computes SHA1 (SysChallenge,
SystemSecret) and compares with response. If incorrect, the AT88SC118 locks up until the next time the Reset pin is
asserted or power is removed.
The prior command must have been Startup, or the AT88SC118 will enter the RstLocked state.
Table 3-5.
Inputs
Name
Size
SysResponse
Table 3-6.
Name
20
20
Description
Calculated response from system.
Outputs
Size
Description
Atmel AT88SC118 [DATASHEET]
Atmel-8857A-CryptoComp-AT88SC118-Datasheet_052013
3.4
Auth_1 Command
Loads into the AT88SC118 the accessible information about the CRF for which authentication is to be computed and
builds the values needed for the CRF chip to perform its authentication sequence. This step computes the values of CA
and SA. These values are retained in volatile registers within the AT88SC118 (named C and S) for use during Auth_2 and
Encrypt_1. See Section 2.2, “Authentication and Encryption Sequence” or more details on the authentication algorithm.
Execution of this command automatically resets any previous state including C and S registers and causes a reset of the
crypto engine state.
After execution of Auth_1, the next command must be Auth_2. If it is not, the AT88SC118 locks up for some time. See
Section 1.6.3, “Reset Locking”.
Table 3-7.
Inputs
Name
Size
C
8
Initial cryptogram seed from CRF.
KID
16
Constant value to be included in G calculation.
ID
8
Serial number from which G is calculated. Referred to as Nc in CRF documentation.
Selector
1
Selects one of the F values from the EEPROM to be used for authentication.
Table 3-8.
Outputs
Name
3.5
Description
Size
Description
QA
8
Random number input to authentication sequence.
CHA
8
Authentication challenge from Cmc to CRF.
Auth_2 Command
Receives the output of the CRF authentication command and verifies that the CRF chip has knowledge of G. See
Section 2.2, “Authentication and Encryption Sequence” for more details on the authentication algorithm.
If the incoming CiA value is incorrect, the AT88SC118 locks up for some time. See Section 1.6.3, “Reset Locking”.
The authentication times out when a delay of one second expire; at this point one must re-authenticate.
Table 3-9.
Name
Inputs
Size
CiA
8
Description
Authentication response from CRF to the AT88SC118, second half of mutual authentication.
Table 3-10. Outputs
Name
Size
Description
Atmel AT88SC118 [DATASHEET]
Atmel-8857A-CryptoComp-AT88SC118-Datasheet_052013
21
3.6
EncryptPassword Command
Compute an encrypted password to be sent to the CRF, using the current state of the crypto engine. This can be run at
any time after the authentication sequence has completed. This command is optional.
Table 3-11. Inputs
Name
Size
Selector
1
Description
Which password to use.
Table 3-12. Outputs
Name
Size
EncPwd
3.7
3
Description
Encrypted password to be sent to CRF.
Encryption_1 Command
Similar to Auth_1, this sequence generates an intermediate value used for subsequent encryption of data to/from CRF.
This pass through the crypto engine is similar to the computation done during authentication with the exceptions that G is
replaced by S, the input C is replaced with the AT88SC118 register C, and QE is newly generated by the RNG on the
AT88SC118. See Section 2.2, “Authentication and Encryption Sequence” for more details on the encryption algorithm.
A valid authentication sequence must be run before these commands which will have set up the C and S registers. This
command (and its mate, Encryption_2) can be run multiple times per authentication sequence, but running it more than
once will cause the AT88SC118 to be out of synchronization with CRF until the next Auth_1/Auth_2 sequence is run.
After execution of Encryption_1, the next command must be Encryption_2. If not, the AT88SC118 will lock up for a
security delay.
Table 3-13. Inputs
Name
Size
Description
Table 3-14. Outputs
Name
22
Size
Description
QE
8
Random number for encryption sequence.
CHE
8
Encryption challenge from AT88SC118 to CRF.
Atmel AT88SC118 [DATASHEET]
Atmel-8857A-CryptoComp-AT88SC118-Datasheet_052013
3.8
Encryption_2 Command
Similar to Auth_2, this sequence takes the encryption response from CRF and compares it the value computed at the
end of Encryption_1.
This command can only be run after the execution of Encryption_1. If the incoming CiE value is incorrect, the AT88SC118
locks up for a security delay (see Section 1.6.3, “Reset Locking”) and sets the error code in the status register to
AuthFail.
Table 3-15. Inputs
Name
Size
CiE
8
Description
Authentication response from CRF to the AT88SC118.
Table 3-16. Outputs
Name
3.9
Size
Description
GrindBytes Command
Passes a variable number of bytes through the crypto engine on the AT88SC118 and sends the output of the crypto
engine back to the system. This command is used to keep the AT88SC118 in sync with the crypto engine on the CRF
chip, to decrypt encrypted data read from CRF, to encrypt data to be written to CRF, and to generate or verify a
checksum.
The AT88SC118 does not interpret these bytes, merely passes them through the crypto engine.
GrindBytes cannot be run prior to the successful execution of the Auth_2 nor after the execution of the Clear command.
There is a limit of 4096 for maximum number of GrindBytes that can be run per Authentication.
Table 3-17. Inputs
Name
Size
Description
One less than the number of bytes to be sent through crypto engine.
Size
1
If this byte is 0 grind 1 byte,
If 0x13 grind 20 bytes.
If  0x14, return BadCmd.
Data
¾
Crypto engine input bytes, maximum 20.
Table 3-18. Outputs
Name
Data
Size
¾
Description
Crypto engine output bytes, maximum 20.
Atmel AT88SC118 [DATASHEET]
Atmel-8857A-CryptoComp-AT88SC118-Datasheet_052013
23
3.10
GetRandom Command
The AT88SC118 generates a 20 byte random number using its internal high quality random number generator and
outputs this value. There is no restriction on the system as to where these random numbers may be used — their
cryptographic quality makes them suitable for any operation on the system in addition to the CRF operations.
When the AT88SC118 is unlocked, the random numbers generated will follow a predictable pattern based on the state of
the RNGSeed EEPROM value and the number of power cycles since this seed has been written. This mechanism
facilitates testing.
Table 3-19. Inputs
Name
Size
Description
Table 3-20. Outputs
Name
Size
Data
3.11
20
Description
Random bytes from the RNG.
IncrementCounter Command
Increment the value of the specified counter by one.
Table 3-21. Inputs
Name
Size
Counter
1
Description
Counter index to be incremented, must be from 0 – 3. The upper four bits of this parameter are
ignored.
Table 3-22. Outputs
Name
24
Size
Description
Atmel AT88SC118 [DATASHEET]
Atmel-8857A-CryptoComp-AT88SC118-Datasheet_052013
3.12
ReadCounter Command
Returns the 32 bit current state of the specified counter. There are no read restrictions on the counters.
Table 3-23. Inputs
Name
Size
Counter
1
Description
Counter index to be read, must be from 0 – 3. The upper four bits of this parameter are ignored.
Table 3-24. Outputs
3.13
Name
Size
Value
4
Description
Current value of counter.
WriteMemory Command
Writes the contents of the specified address and those following it up to the end of the Read/Write memory space. Prior
to locking, any byte after the lock byte can be written with this command. After the AT88SC118 has been locked, only the
Read/Write space can be written with this command.
The input data must always be 16 bytes long, though fewer bytes may be written into the EEPROM. While the
AT88SC118 ignores these pad bytes, Atmel recommends that they always be 0xFF.
Table 3-25. Inputs
Name
Size
Address
2
Count
1
Description
Address in EEPROM of the first byte of data to be written. The most significant seven bits are
ignored.
If zero, write 1 byte…
if 0x0F, write 16 bytes.
The upper four bits are ignored.
Data
16
Clear text bytes; padded to 16 bytes total.
Table 3-26. Outputs
Name
Size
Description
Atmel AT88SC118 [DATASHEET]
Atmel-8857A-CryptoComp-AT88SC118-Datasheet_052013
25
3.14
WriteMemoryEncrypted Command
Writes a 16 byte page of the EEPROM, using the encryption algorithm described below. Smaller blocks of memory
cannot be written using this command.
This command cannot be run after theAT88SC118 has been locked.
Table 3-27. Inputs
Name
Size
Description
Address
2
Address of the 16 byte page within EEPROM to which data is to be written. The least significant
four and most significant seven bits are ignored.
Data
16
Encrypted data.
Nonce
16
Random value used to seed encryption.
Table 3-28. Outputs
Name
Size
Description
The AT88SC118 will compute the SHA-1 hash of (Address, EncKey, Nonce). The first 16 bytes of the resulting digest will
be used as an XOR key to decrypt the incoming data, which will then be written to the specified page in EEPROM.
3.15
ReadMemory Command
Reads the contents of the EEPROM from the specified address and those following it up to the end of R/W EEPROM.
Once locked, only the read-only and Read/Write spaces can be read. Addresses 0 through 0x2F may never be read.
Up to 16 bytes may be accessed within a single Read operation.
This command can be run prior to locking of the memory only if the least two significant bits of the lock byte have a value
of zero.
Table 3-29. Inputs
Name
Size
Address
2
Count
1
Description
Address in EEPROM of the first byte of data to be read. The most significant seven bits are
ignored.
If zero, read 1 byte…
If 0x0F, read 16 bytes.
The upper four bits are ignored.
Table 3-30. Outputs
Name
Data
26
Size
¾
Description
Clear text bytes, maximum of 16.
Atmel AT88SC118 [DATASHEET]
Atmel-8857A-CryptoComp-AT88SC118-Datasheet_052013
3.16
ReadMemoryDigest Command
Reads the specified 32 byte block from the EEPROM, computes the SHA-1 digest of that block, and returns that digest to
the user. This command provides a mechanism of verifying that the personalization of the chip completed correctly
before the one-time lock has been run.
Note:
Specifying an address of zero requires that the verifier know the value of EncKey.
This command cannot be run after the AT88SC118 has been locked or if the unlocked state is Lock[1:0] == 00. When it
can be run it can access all locations within the EEPROM.
Table 3-31. Inputs
Name
Size
Address
2
Description
Address of the 32 byte block within EEPROM which should be read. The least significant five
and most significant seven bits are ignored.
Table 3-32. Outputs
Name
Size
Data
3.17
20
Description
Digest of the selected 32 byte block of the EEPROM.
ReadManufacturingID Command
Reads the contents of the ManufacturingID and Lock Byte from the EEPROM. This command can always be executed,
regardless of whether or not the AT88SC118 has been locked.
Table 3-33. Inputs
Name
Size
Description
Table 3-34. Outputs
Name
Size
MfrID
16
Description
ManufacturingID and Lock Byte.
Atmel AT88SC118 [DATASHEET]
Atmel-8857A-CryptoComp-AT88SC118-Datasheet_052013
27
3.18
Lock Command
Locks the current memory values into the AT88SC118, per the description in Section 1.5.1, “Memory Locking”. Once
Locked, the AT88SC118 cannot be unlocked. After the execution of this command, the Lock Byte will have a value of
0xFF. This command has no effect on locked parts.
There are no inputs or outputs to this command.
3.19
Clear Command
Clears the current authentication state, empties the C and S registers and prepares the chip for a new authentication. A
new startup challenge/response is not required. There are no input or output arguments to this command.
After execution of this command, the Auth_1 / Auth_2 sequence must be successfully completed before subsequent
execution of EncryptPassword, Encryption_1 and 2, and/or GrindBytes.
3.20
Crunch Command
Passes a random number of eight bytes through the crunch engine on the AT88SC118 and sends the output of the
crunch engine back to the system. This command is used to ensure the AT88SC118 is talking with an actual CRF chip,
which should respond with the same answer in the given time frame
The AT88SC118 does not interpret these bytes, merely passes them through the crunch engine.
Table 3-35. Inputs
Name
Size
Description
Iterations
1
A maximum of 255 iterations can be run through the crunch engine. A one in this filed will
compute one Iteration through the crunch engine.
Data
8
Crunch engine input bytes.
Table 3-36. Outputs
Name
Data
28
Size
8
Description
Crunch engine output bytes.
Atmel AT88SC118 [DATASHEET]
Atmel-8857A-CryptoComp-AT88SC118-Datasheet_052013
4.
Command Execution Times
The following table lists the nominal execution times for the various commands in Section 3., “Command Descriptions”,
subject to the assumptions following the table.
Some of the commands take a variable amount of time based on the input parameters and/or the current state of the
AT88SC118. In general, the table below shows the worst case operational flow, subject to the list of assumptions
following the table. Actual execution time will vary from the nominal by ±25% due to variations of the internal oscillator.
This preliminary data is advisory in nature. Designs should not depend on the specific execution times below, but rather
use the standard handshake mechanisms described above. The values below are characterized on the part but are not
tested in production.
Table 4-1.
Nominal Execution Times
Command
Nominal Time
VerifyFlash
4000μs
Startup
8000μs
ChallengeResponse
4000μs
Auth_1
8000μs
Auth_2
60μs
EncryptPassword
100μs
Encryption_1
4100μs
Encryption_2
60μs
GrindBytes
50μs
GetRandom
4000μs
IncrementCounter
50μs+ 10ms
Notes
(5 EE writes worst case)
ReadCounter
50μs
WriteMemory
200μs + 4ms
(2 EE writes, if not within a page)
WriteMemoryEncrypted
4100μs + 2ms
(1 EE write)
ReadMemory
200μs
ReadMemoryDigest
4000μs
ReadManufacturingID
200μs
Lock
8000μs+ 36ms
Clear
5μs
(18 EE write worst case)
Assumptions:
1.
TWI clock assumed to be at 400KHz.
2.
TWI command times — zero bytes of data ~ 75μs. Additional byte ~ 25μs.
3.
VerifyFlash command is run with Mode.Bit [1:0] = 01 case.
4.
GrindBytes command assumes 20 bytes of data.
5.
WriteMemory and ReadMemory commands assume 16 bytes of data.
6.
These processing times do not include data transfer on the TWI.
Atmel AT88SC118 [DATASHEET]
Atmel-8857A-CryptoComp-AT88SC118-Datasheet_052013
29
5.
AC and DC Characteristics
Table 5-1.
DC Characteristics(1)
Applicable over recommended operating range from VCC = +2.7 to 3.6 V, TAC = -40o C to 85o C (unless otherwise noted).
Symbol
Parameter
VCC
Supply Voltage
ICC
Supply Current
ISB
Standby Current
VIL
SDA Input Low Voltage
VIL
Max
Units
3.6
V
400kHz
5
mA
VIN = VCC or GND
15
A
-0.3
VCC x 0.3
V
CLK Input Low Voltage
-0.3
VCC x 0.3
V
VIL
RST Input Low Voltage
-0.3
VCC x 0.3
V
VIL
PDN Input Low Voltage
-0.3
VCC x 0.3
V
VIH
SDA Input High Voltage
VCC x 0.7
5.25
V
VIH
SCL Input High Voltage
VCC x 0.7
5.25
V
VIH
RST Input High Voltage
VCC x 0.7
5.25
V
VIH
PDN Input High Voltage
VCC x 0.7
5.25
V
IIL
SDA Input Low Current
0 < VIL < VCC x 0.15
-10
10
A
IIL
SCL Input Low Current
0 < VIL < VCC x 0.15
-10
10
A
IIL
RST Input Low Current
0 < VIL < VCC x 0.15
-10
10
A
IIL
PDN Input Low Current
0 < VIL < VCC x 0.15
-10
10
A
IIH
SDA Input High Current
VCC x 0.7 < VIH < VCC
-10
10
A
IIH
SCL Input High Current
VCC x 0.7 < VIH < VCC
-10
10
A
IIH
RST Input High Current
VCC x 0.7 < VIH < VCC
-10
10
A
IIH
PDN Input High Current
VCC x 0.7 < VIH < VCC
-10
10
A
VOH
SDA Output High Voltage
20k Ohm External Pull-up
VCC x 0.8
V
VOL
SDA Output Low Voltage
IOL = 1mA, Vcc=2.7V
0.4
V
Note:
30
1.
Test Condition
Min
2.7
Typ
Typical values at 25C. Maximum values are characterized values and not test limits in production.
Atmel AT88SC118 [DATASHEET]
Atmel-8857A-CryptoComp-AT88SC118-Datasheet_052013
Table 5-2.
AC Characteristics(1)
Applicable over recommended operating range from VCC = +2.7 to 3.6 V, TAC = -40o C to 85o C,
CL = 30pF (unless otherwise noted).
Symbol
Parameter
Min
Max
Units
fCLK
Clock Frequency
0
400
kHz
Clock Duty Cycle(2)
40
60
%
tR
Rise Time: SDA, RST, PDN(2)
300
nS
tF
Fall Time: SDA, RST, PDN(2)
300
nS
300
nS
(2)
tR
Rise Time: SCL
tF
Fall Time: SCL(2)
300
nS
tAA
Clock Low to Data Out Valid
900
nS
tHD.STA
Start Hold Time
600
nS
tSU.STA
Start Set-up Time
600
nS
tHD.DAT
Data In Hold Time
100
nS
tSU.DAT
Data In Set-up Time
100
nS
tSU.STO
Stop Set-up Time
600
nS
tDH
Data Out Hold Time
50
Notes: 1.
2.
900
nS
Typical values at 25C. Maximum values are characterized values and not test limits in production.
This parameter is not tested. Values are based on characterization and/or simulation data.
Figure 5-1. SCL: Serial Clock, SDA: Serial Data I/O
tHIGH
tF
tR
tLOW
tLOW
SCL
tSU.STA
tHD.STA
tHD.DAT
tSU.DAT
tSU.STO
SDA In
tAA
tDH
tBUF
SDA Out
Atmel AT88SC118 [DATASHEET]
Atmel-8857A-CryptoComp-AT88SC118-Datasheet_052013
31
6.
Transport Key
Certain operational modes of CryptoCompanion chip require knowledge of a key for proper custom configuration. When
applicable, Atmel shall program customer provided key values at the factory for production orders. For generic and
sample orders, this key, available as a transport key, shall be:
0x17 0x44 0x1A 0x48 0xDA 0xDB 0x23 0xFB 0x70 0xCC 0xB8 0x43 0x09 0x20 0x59 0xEB
7.
Ordering Codes
Ordering Code
AT88SC118-SH-CM
Bulk
AT88SC118-SH-CM-T
Tape and Reel
AT88SC118-SH-CN
Bulk
AT88SC118-SH-CN-T
Tape and Reel
Package
8S1
32
Memory Locking
Package
Voltage Range
00
(Unlocked)
8S1
10
(Unlocked/Confidential)
Description
8-lead, 0.150" Wide, Plastic Gull Wing Small Outline (JEDEC SOIC)
Atmel AT88SC118 [DATASHEET]
Atmel-8857A-CryptoComp-AT88SC118-Datasheet_052013
2.7V – 3.6V
Temperature Range
Green Compliant
(exceeds RoHS)
Industrial
(-40C to 85C)
8.
Package Drawing
8.1
8S1 — 8-lead JEDEC SOIC
C
1
E
E1
L
N
Ø
TOP VIEW
END VIEW
e
b
COMMON DIMENSIONS
(Unit of Measure = mm)
A
A1
D
SIDE VIEW
Notes: This drawing is for general information only.
Refer to JEDEC Drawing MS-012, Variation AA
for proper dimensions, tolerances, datums, etc.
SYMBOL MIN
A
1.35
NOM
MAX
–
1.75
A1
0.10
–
0.25
b
0.31
–
0.51
C
0.17
–
0.25
D
4.80
–
5.05
E1
3.81
–
3.99
E
5.79
–
6.20
e
NOTE
1.27 BSC
L
0.40
–
1.27
Ø
0°
–
8°
6/22/11
Package Drawing Contact:
[email protected]
TITLE
8S1, 8-lead (0.150” Wide Body), Plastic Gull Wing
Small Outline (JEDEC SOIC)
GPC
SWB
DRAWING NO.
REV.
8S1
G
Atmel AT88SC118 [DATASHEET]
Atmel-8857A-CryptoComp-AT88SC118-Datasheet_052013
33
9.
Command Flow Diagrams
Figure 9-1. Command Input
Host
Device
Device Adress
Device
Host
0 0
Command
Number of bytes N
Data
N data
bytes
...
Data
Figure 9-2. Command Output
Host
Device
Device Adress
Device
Host
0 1
NACK if busy...
Number of bytes N
Data
...
Data
Figure 9-3. Command Status
Host
Device
Device Adress
Device
1 1
STATUS
34
Atmel AT88SC118 [DATASHEET]
Atmel-8857A-CryptoComp-AT88SC118-Datasheet_052013
Host
10.
Revision History
Doc. Rev.
Date
8857A
05/2013
Comments
Initial document release.
Atmel AT88SC118 [DATASHEET]
Atmel-8857A-CryptoComp-AT88SC118-Datasheet_052013
35
X X X X
Atmel Corporation
1600 Technology Drive, San Jose, CA 95110 USA
T: (+1)(408) 441.0311
F: (+1)(408) 436.4200
|
www.atmel.com
© 2013 Atmel Corporation. All rights reserved. / Rev.: Atmel-8857A-CryptoComp-AT88SC118-Datasheet_052013.
Atmel®, Atmel logo and combinations thereof, Enabling Unlimited Possibilities®, CryptoAuthentication™, CryptoCompanion™, CryptoRF®, CryptoMemory®, and others
are registered trademarks or trademarks of Atmel Corporation or its subsidiaries. Other terms and product names may be trademarks of others.
DISCLAIMER: The information in this document is provided in connection with Atmel products. No license, express or implied, by estoppel or otherwise, to any intellectual property right
is granted by this document or in connection with the sale of Atmel products. EXCEPT AS SET FORTH IN THE ATMEL TERMS AND CONDITIONS OF SALES LOCATED ON THE
ATMEL WEBSITE, ATMEL ASSUMES NO LIABILITY WHATSOEVER AND DISCLAIMS ANY EXPRESS, IMPLIED OR STATUTORY WARRANTY RELATING TO ITS PRODUCTS
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. IN NO EVENT
SHALL ATMEL BE LIABLE FOR ANY DIRECT, INDIRECT, CONSEQUENTIAL, PUNITIVE, SPECIAL OR INCIDENTAL DAMAGES (INCLUDING, WITHOUT LIMITATION, DAMAGES
FOR LOSS AND PROFITS, BUSINESS INTERRUPTION, OR LOSS OF INFORMATION) ARISING OUT OF THE USE OR INABILITY TO USE THIS DOCUMENT, EVEN IF ATMEL HAS
BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Atmel makes no representations or warranties with respect to the accuracy or completeness of the contents of this
document and reserves the right to make changes to specifications and products descriptions at any time without notice. Atmel does not make any commitment to update the information
contained herein. Unless specifically provided otherwise, Atmel products are not suitable for, and shall not be used in, automotive applications. Atmel products are not intended,
authorized, or warranted for use as components in applications intended to support or sustain life.
SAFETY-CRITICAL, MILITARY, AND AUTOMOTIVE APPLICATIONS DISCLAIMER: Atmel products are not designed for and will not be used in connection with any applications where
the failure of such products would reasonably be expected to result in significant personal injury or death (“Safety-Critical Applications”) without an Atmel officer's specific written
consent. Safety-Critical Applications include, without limitation, life support devices and systems, equipment or systems for the operation of nuclear facilities and weapons systems.
Atmel products are not designed nor intended for use in military or aerospace applications or environments unless specifically designated by Atmel as military-grade. Atmel products are
not designed nor intended for use in automotive applications unless specifically designated by Atmel as automotive-grade.
Similar pages