Origa Product Brief

Release, Version 1.50, June 2009
ORIGATM SLE95050
Original Product Authentication and
Brand Protection Solution
Short Product Information
www.infineon.com/ORIGA
Industrial & Multimarket
ASIC & Power IC
SLE95050
All characteristics described in this document might change without further notice.
Published by Infineon Technologies AG
Am Campeon 1-12
85579 Neubiberg, Germany
© Infineon Technologies AG 2008.
All Rights Reserved.
Attention please!
The information herein is given to describe certain components and shall not be considered as a guarantee of
characteristics.
Terms of delivery and rights to technical change reserved.
We hereby disclaim any and all warranties, including but not limited to warranties of non-infringement, regarding circuits,
descriptions and charts stated herein.
Infineon Technologies is an approved CECC manufacturer.
Information
For further information on technology, delivery terms and conditions and prices please contact your nearest Infineon
Technologies Office in Germany or our Infineon Technologies Representatives worldwide (see address list).
Warnings
Due to technical requirements components may contain dangerous substances. For information on the types in question
please contact your nearest Infineon Technologies Office.
Infineon Technologies Components may only be used in life-support devices or systems with the express written approval
of Infineon Technologies, if a failure of such components can reasonably be expected to cause the failure of that lifesupport device or system, or to affect the safety or effectiveness of that device or system. Life support devices or systems
are intended to be implanted in the human body, or to support and/or maintain and sustain and/or protect human life. If
they fail, it is reasonable to assume that the health of the user or other persons may be endangered.
ORIGATM SLE95050
Original Product Authentication
and Brand Protection Solution
1
1.1
1.2
Overview.................................................................................................... 4
Advantages................................................................................................. 4
Application Domains ................................................................................... 5
2
System Configuration .............................................................................. 6
3
3.1
3.2
3.3
3.4
3.5
3.6
3.7
3.8
System Features ....................................................................................... 7
Strong Asymmetric Cryptography Engine .................................................. 7
Temperature and/or Voltage Monitor.......................................................... 7
Non-Volatile Memory .................................................................................. 7
Single-Wire Interface as I/O Interface ........................................................ 7
Clock........................................................................................................... 8
Power Supply – Low Power........................................................................ 8
Decrease-only counter / Lifespan indicator ................................................ 8
Others ......................................................................................................... 8
4
4.1
4.2
4.3
4.4
Electrical Characteristics......................................................................... 9
Input/Output Signals ................................................................................... 9
Thermistor Characteristics.......................................................................... 9
Operating Characteristics ........................................................................... 9
Device Configuration and Electrical Schematics ...................................... 10
5
5.1
Single-Wire Interface .............................................................................. 12
Single-Wire Transaction ........................................................................... 12
6
6.1
6.2
6.3
Packaging................................................................................................ 13
Pin Out...................................................................................................... 13
Package Dimensions of WQFN-6............................................................. 14
Tape & Reel, Marking and Soldering Info................................................. 15
7
Evaluation Kit.......................................................................................... 16
8
Authentication Implementation & Cryptographic Details................... 16
9
Personalization and Key Management ................................................. 18
10
Summary ................................................................................................. 19
http://www.infineon.com
http://www.infineon.com/ORIGA
ORIGATM SLE95050
Original Product Authentication
and Brand Protection Solution
1
Overview
Infineon Technologies’ ORIGATM SLE95050 is an authentication chip that offers a robust
cryptographic solution, designed to assist system manufacturers to ensure the authenticity
and safety of their original products, and protection of their investments against aftermarket replacements.
It leverages Infineon’s market leading security knowhow into the battery and accessory
authentication markets. With its innovative asymmetric cryptography approach, it
significantly reduces system cost whilst making a leap up in security.
SLE95050 is available in two versions. In SLE95050F1 the integrated temperature sensor
with built-in Analog-to-Digital Convertor (ADC) allows convenient monitoring of
temperature through the single wire interface which enhances the safety of the system.
This feature is especially useful in applications like battery authentication and may be
mandatory in the future in markets like Japan, where there is a pending legislation
requiring temperature monitoring of Lithium batteries. The SLE95050 is available also
without the temperature sensing feature in the SLE95050F2 version.
1.1
Advantages
Infineon Technologies’ ORIGATM SLE95050 family offers the following advantages:
•
Improved security using unique asymmetrical public/private key cryptography with
two different keys for encryption and decryption
•
Improved total system cost by allowing a host-side software implementation without
compromising security and reducing maintenance or support efforts created by
wrong accessories
•
Improved safety of the system by ensuring system integrity and control
•
Large Non-Volatile Memory (NVM) of 576bit (standard customer NVM of 512bit +
64 bits protected NVM) for storage of device behavior or logistic information (e.g.
store number of usage cycles, store data for logistic chain traceability)
•
Convenient Temperature Monitoring (only for SLE9505F1). The built-in ADC of the
specific SLE95050F1 version can provide the internal temperature value or the
value read from a connected external thermistor, or any other analog value like
battery cell voltage or other sensor output
http://www.infineon.com
http://www.infineon.com/ORIGA
ORIGATM SLE95050
Original Product Authentication
and Brand Protection Solution
1.2
Application Domains
The main area of application is authentication leading to increased safety, functionality and
reliability of the accessories, replacement parts and disposables.
The Infineon Technologies’ ORIGATM family lends itself for use in multiple application
domains which use its safety and highly reliable authentication features. These protect the
systems from unauthorized accessories, replacement parts and disposables. Such
unauthorized accessories will be easily and immediately detected, allowing the systems
decide a suitable next execution step.
Application Domain Examples:
•
Batteries
o Computing Devices, Digital Imaging, Mobile Phones
•
Printer Cartridges
•
Accessories
o Earphones, Speakers, Docking Stations, Game Controller, Chargers
•
Other Peripherals
•
Original Replacement Parts
•
Medical Equipment & Diagnostic Supplies
•
Authentication of system services, functionalities and parts in networked systems
http://www.infineon.com
http://www.infineon.com/ORIGA
ORIGATM SLE95050
Original Product Authentication
and Brand Protection Solution
2
System Configuration
The ORIGATM devices are a compact design which encompasses the authentication
function and analog function in a single solution.
The entire functionality of the SLE95050 ORIGATM devices is supported via Infineon’s
proprietary smart Single-Wire Interface protocol which supports three communication
modes: Uni-cast, Multi-cast and Broadcast communication. Unicast mode allows
commands to be sent, written and read to a single device, while Multicast mode allows
commands for multiple devices, and Broadcast for all devices.
The authentication system (Figure 1) consists of a host device serving as the master
communicating through the Single Wire Interface (SWI) to the accessory(ies) containing
the SLE95050.
Figure 1
System Building Blocks of SLE95050F1 – Indirect Powered via Single-Wire-Interface.
http://www.infineon.com
http://www.infineon.com/ORIGA
ORIGATM SLE95050
Original Product Authentication
and Brand Protection Solution
3
System Features
Main Features:
• Strong Asymmetric Cryptography Engine
• Temperature and/or Voltage Monitor
• Non-volatile Memory
• Infineon Technologies Single Wire Interface (SWI) as I/O interface
• Power Management – Low Power Consumption
• Power Supply – Single Wire Interface powered or Battery powered solution.
3.1
•
•
•
•
•
3.2
•
•
•
•
•
•
3.3
•
•
3.4
•
•
Strong Asymmetric Cryptography Engine
Elliptic Curve Cryptography (ECC) – based authentication
Host challenge by software (master – slave)
Processing time of less than 60ms for authentication on ORIGA
Processing time of complete challenge/response: Less than 200ms (w/o precomputing of ECC challenge/response, depending on host microcontroller)
Library Concept for easy host side integration available
Temperature and/or Voltage Monitor
External temperature sensing -25 .. 85°C ambient @±2°C Junction temperature
accuracy (depending on external thermistor selection)
Full temperature range is -40 .. 110°C. @±10°C Junction temperature accuracy
Internal temperature sensing -25 .. 85°C ambient @±3°C Accuracy
12-bit ADC with clock frequency @ 1MHz ±10%
Internal / external temperature sensing
Voltage monitoring (e.g. for fuel gauge functionality or any other sensor) instead
of external temperature monitoring possible
Non-Volatile Memory
512-bits unprotected NVM for user mode area (704 bit for SLE95050F2)
Up to 192 bits protected NVM read-only space for customer specified
information which cannot be modified by the end user
Single-Wire Interface as I/O Interface
Up to 500kbit/s transmission speed and programmable
Supports adaptive learning mode
http://www.infineon.com
http://www.infineon.com/ORIGA
ORIGATM SLE95050
Original Product Authentication
and Brand Protection Solution
•
•
•
•
•
•
•
3.5
•
•
3.6
•
•
•
•
•
•
•
3.7
•
•
3.8
•
•
•
•
•
Powered directly (e.g. from Battery) or indirect via Single-Wire interface (SWI)
Multiple device capabilities in direct powered mode
Device ID search scheme and address manage for multiple device capabilities
Unique Chip ID of 96bits (16bit vendor, 16bit product, 64bit unique chip ID)
Power-up detection (within 10ms)
Power-down detection (175us ±10%).
Communication library concept for easy to use integration on host side available
Clock
ADC Operating frequency of 1MHz ±10%
Digital system operating frequency of 4 MHz ±10% (Programmable for 1/2/4/16
MHz)
Power Supply – Low Power
Typical usage of 0.8mArms – 1.3mArms@2VDD
Indirect (SWI) power supply: current consumption 1.3mArms @2VDDP during
signaling, 0.3mArms @2VDDP during idle
Wide operating conditions: 2.0 to 5.5V at VDDP Pin
For Single-Wire-Interface powered mode (indirect power) the communication
line has to be connected via pull-up to at least 3V (see VDD in figure 2)
Less than 1.0uA in power-down/sleep mode.
Power-up: 10ms for full system power up
Power-down: after continuous logic 0 for >500µs on SWI
Decrease-only counter / Lifespan indicator
Counter can be decremented on command by the system host, in conjunction
with certain events, such as expired time, dispensed units, charging cycles etc…
The counter value can only be read by the host, it cannot be reprogrammed
Others
ESD –
- HBM = 2kV
- CDM = 500V
EEPROM updating (erase and program) time @ 4ms per page (64 bits)
EEPROM endurance 105 write/erase cycles @ 25°C
Data retention for minimum of 10 years @ 25°C
Lifetime: 5 years / 100% duty cycle = 438000h
http://www.infineon.com
http://www.infineon.com/ORIGA
ORIGATM SLE95050
Original Product Authentication
and Brand Protection Solution
4
Electrical Characteristics
4.1
Input/Output Signals
Table 1 I/O & Power Signals.
Pin
No.
Pin
Name/
Pad Inst
4
VDD
PWR
-
5
6
1
SWIO
VSS
CAP
I/O
GND
PWR
OD
-
3
THM
I/O
AIO
4.2
Pin
Type
Buffer
Type
Function
2V to 5.5V power supply. I/O / VDDP power
supply.
Open-drain input and pull-down wired-AND.
Supports single-wire interface protoccol.
SWIO / VDD ground.
Digital power supply.
ADC measurement pad for temperature
(Voltage).
Thermistor Characteristics
Supports temperature measurement with external thermistors:
• Resistance @25°C: Typical 47kOhm (with limited temperature range 0-85°C also
10 and 100kOhm)
4.3
Operating Characteristics
Table 2 Power Supply.
Parameter
Symbol
Min
Digital Supply (internal)
VDIG
1.4
I/O / VDD Power Supply
VDDP
2.0
Standby Current1)
IVDDP
0.6
Operating Current2)
IVDD
Power-down Current3)
IVDD
Values
Typ Max
1.55
Unit
1.7
V
5.5
V
1.0
1.5
mArms
1.0
1.5
t.b.d.
mArms
0.1
0.5
1.0
uA
All Min, Typ and Max values contained in this table are preliminary. Final values are to be confirmed.
1) Standby Current: Origa is active, current consumption when idle (conditions: Vddp: 3.3V, fsys: 4MHz, T: 25°C)
2) Operating Current: Origa is active, current consumption during NVM, ECC operation (conditions: Vddp: 3.3V, fsys:
4MHz, T: 25°C)
3) Power-down Current: Origa is in power-down mode (conditions: Vddp: 3.3V, T: 25°C)
http://www.infineon.com
http://www.infineon.com/ORIGA
ORIGATM SLE95050
Original Product Authentication
and Brand Protection Solution
Table 3 Thermal Characteristics.
Parameter
Symbol
Ambient Temperature
Temperature Sensitivity
(-40°C to -20°C)
TA
Temperature Sensitivity
(85°C to 110°C)
Temperature Sensitivity at
Junction Temperature
(-20°C to 85°C)
Values
Min Typ Max
-25
25 85
Unit
°C
ATA(-40 to -20)
10
± °C
ATA(85 to 110)
10
± °C
ATA(-20 to -85)
2
± °C
All Min, Typ and Max values contained in this table are preliminary. Final values are to be confirmed.
Table 4 I/O Characteristics.
Parameter
Input High Voltage
Input Low Voltage
Input High Current
Input Low Current
Output Low Current
Output Low Voltage
Symbol
VIH
VIL
IIH
IIL
IOL
VOL
Values
Min Typ Max
2
5.5
0
0.8
1
1
10
0.4
Unit
V
V
uA
uA
mA
V
Conditions/
Remarks
LVTTL
LVTTL
IOL= 10mA
All Min, Typ and Max values contained in this table are preliminary. Final values are to be confirmed.
Output High Voltage and Current depend on external pull-up circuitry
4.4
Device Configuration and Electrical Schematics
The SLE95050 ORIGATM supports multiple configuration options:
1) Host Software to single SLE95050.
2) Host Software to multiple SLE95050.
Once initialized the host system may trigger a search ID sequence to identify ORIGATM
devices. After identification of such devices, the host can execute a challenge, verify the
response and then determine the success of the authentication.
The following figures illustrate the SLE95050F1 powering options.
http://www.infineon.com
http://www.infineon.com/ORIGA
ORIGATM SLE95050
Original Product Authentication
and Brand Protection Solution
Figure 2
Single Wire Interface (SWI) Powered (Indirect Power) using one GPIO
Figure 3
Single Wire Interface (SWI) Powered (Indirect Power) using two GPIOs
Figure 4
Direct Powered using two GPIOs
http://www.infineon.com
http://www.infineon.com/ORIGA
ORIGATM SLE95050
Original Product Authentication
and Brand Protection Solution
5
Single-Wire Interface
5.1
Single-Wire Transaction
Each SWI packet consists of 11 bits (3 command, 8 data bits). When logic 1 on the SWI is
seen for a time longer than the power-up time of 10ms, the chip is powered-up and reset.
٢ (tau) = 0.5 *(1/Data baud rate). The baud rate of SWI is represented by toggling of state of logic “1” voltage
level and logic “0” voltage level per second transferred.
Figure 5
A Typical Single Transaction of the SWI Protocol.
In power-up mode, the host can send instructions based on the SWI protocol. When the
communication is done, the host can decide to maintain the SWI line at logic 1 or to set it
to logic 0 for a time longer than the power-down time of 500µs to power-down the chip to
save power.
Figure 6
Power-Up Single Packet Transaction.
In power-down mode, the power sequence and timing is required again before the host
can start communication with the chip.
Figure 7
Back-to-Back Data Packet Transaction.
http://www.infineon.com
http://www.infineon.com/ORIGA
ORIGATM SLE95050
Original Product Authentication
and Brand Protection Solution
Interrupt can be enabled by the host controller. The host controller must first send an
interrupt enable control on the SWI to enable the interrupt on the device(s). Once the
device is allowed to interrupt, the host holds the line at logic 1 and if any interrupt- enabled
device needs an interrupt, it will pull the line low for a period no greater than the
designated interrupt period of 1٢. Once the host detects the logic 0, it interprets that there
is an interrupt and will initiate a check on the devices for the interrupt flag.
Figure 8
Device-ID Search Data Packet Transaction.
6
Packaging
The SLE95050 comes in a WQFN-6 type package.
6.1
Pin Out
Pin
No.
4
Pin Name/
Pad Inst
VDDP
5
6
SWIO
VSS
Pin
Type
Pad Description
Supply 2.0V - 5.5V power supply
Bi-dir pad with input and open-drain pull
I/O
output driver
GND
Digital ground
1
CAP
O
3
THM
I/O
Table 5
1,5V supply pad
Empty bi-dir pad with only ESD
protection in output and an additional
400ohm resistor input
Domain
VDDP
VDDP
VDDP
VDD
VDD
Pin Assignment and Pin Description. Non mentioned pins are not connected.
http://www.infineon.com
http://www.infineon.com/ORIGA
ORIGATM SLE95050
Original Product Authentication
and Brand Protection Solution
6.2
Package Dimensions of WQFN-6
http://www.infineon.com
http://www.infineon.com/ORIGA
ORIGATM SLE95050
Original Product Authentication
and Brand Protection Solution
Figure 9
6.3
WQFN-6
Tape & Reel, Marking and Soldering Info
IFX Logo
Pin 1
Type
Date Code
Figure 10
Tape & Reel: 13” with 4” hub, 4x4mm; 6.000 units/reel, reels/box: 1;
http://www.infineon.com
http://www.infineon.com/ORIGA
ORIGATM SLE95050
Original Product Authentication
and Brand Protection Solution
7
Evaluation Kit
ORIGATM SLE95050 Evaluation Kit makes it as convenient as possible for the customer to
install ORIGA™ on a host microcontroller platform.
It consists of the ORIGA EvalKit USB Stick, which comes with pre-loaded PC GUI,
Application Notes and Databook plus the libraries for ECC, SWI and ADC. A valid NonDisclosure Agreement is required to receive the EvalKit and the full documentation. An
Evaluation Agreement is needed for the usage of the Libraries.
No installation of software is required to use the EvalKit, it runs directly from USB device.
8
Authentication Implementation & Cryptographic Details
The Infineon ORIGATM SLE95050 is a novel asymmetric key authentication device offering
superior cryptography and functionality at reduced system cost compared to other
solutions.
It is based on Infineon’s long standing experience and market leadership in security
solutions. It offers a cost effective level of physical hardware security, e.g. versus bus
probing and memory analysis attacks and shares the same highly secure front-end
facilities, logistics & personalization processes as high security application devices, such
as banking and PayTV smart cards.
Due to its unique asymmetric cryptography implementation the Infineon authentication chip
http://www.infineon.com
http://www.infineon.com/ORIGA
ORIGATM SLE95050
Original Product Authentication
and Brand Protection Solution
can be used in a software-to-hardware authentication configuration - No hardware master
device on the host side is needed in this configuration.
In this lowest system cost configuration (software-to-hardware authentication), the
implementation on the host side can be done with a small piece of code library (about 3kB
of code, needing less than 2kB of RAM for execution on preferably 16bit or 32bit, but also
possible with 8bit microcontrollers). The host-side implementation runs on the host
processor in Software without compromising the security of the system, unlike in a
symmetrical cryptography system (e.g. SHA/DES/TDES/AES).
The reference code can be licensed by Infineon for use in conjunction with the ORIGATM
device.
Device 3
Main System
Multiple ORIGA usage
Device 2
Host controller
Device 1
SWI
Challenge
Random
Generator
Infineon
Infineon
SLE95050
SLD9605
SLD9605
SKey
ECC
2..4.2V
Response
ECC
PKey
Comparison of
both results
Figure 11
3…5V
Accessories
Batter
Batter
Encapsulated
with
SLE95050F1
ECC: Elliptic curve cryptography
PKey: Public Key
SKey: Secret Key
Software-to-Hardware Authentication Implementation
Symmetric vs. Asymmetric Cryptography
In symmetric cryptography the same key is used for encryption and decryption. If one key
is hacked, the entire security protection is broken. Software stored keys can be
comparably easy to read out. Typically, symmetric algorithms are used in situations where
a secure surrounding environment can be established, like in banking and data
transmission.
Asymmetric cryptography uses two different keys for encryption and decryption. One key,
the so called public key (PKey), can be made public (and therefore used in the Software
implementation), as long as the other key, the secret key (SKey, sometimes also called
private key), is still in the safe hardware environment of the chip. Asymmetric cryptography
is typically used in applications requiring a high level of security in a critical environment
http://www.infineon.com
http://www.infineon.com/ORIGA
ORIGATM SLE95050
Original Product Authentication
and Brand Protection Solution
like military or government implementations and it is used for identity protection in
electronic passports worldwide.
Leveraging the advantages of asymmetric cryptography, Infineon has implemented the
most modern and suitable for embedded applications asymmetric cryptography algorithm.
The ORIGATM device from Infineon uses discrete elliptic curve cryptography (ECC)
logarithm implementation, a mathematically very complex and highly secure form of ECC.
It combines top level operational security with cost efficient implementation. It protects
data such as the Private Key, the unique chip ID and other customer information in a
protected memory space, which is secured from modification. Also up to 192bit of read
only data can be written into this space.
Additionally, the Infineon ORIGATM SLE95050F1 devices offer unprotected and freely
usable NVM of 512 bit (SLE9505F2 offers 704 bit) for different purposes such as
traceability of manufacturing and logistics chain, personalization data for the accessory or
other end-user behavior like charging cycle documentation.
9
Personalization and Key Management
Authentication Chips are produced in a standard version. For different customers and
different applications these chips have to be individualized / personalized.
This is done by configuring chips with customer specific information (keys, etc).
IFX test and personalization facility
Secure
Infineon
Environment
Single die
Customer
personalization
procedures
• Loading Secret key
• Loading Unique ID
• Loading other
Customer Data
Figure 12
After Wafer test
the secure
storage is locked,
the UID can not
be changed, the
secret key can
not be accessed
from the outside.
Personalization
http://www.infineon.com
http://www.infineon.com/ORIGA
Customer
Environment
Only the
unprotected NVM
can be accessed
or written at this
point
ORIGATM SLE95050
Original Product Authentication
and Brand Protection Solution
Personalization must be performed in a controlled, trusted and protected environment, to
prevent any misuse or illegal use of chips. Customer parameters must be protected
against unauthorized knowledge or use.
Infineon‘s security chip manufacturing and testing facility is security certified and evaluated
by a third party authority, and it meets the requirements for performing the critical
personalization flow.
ORIGATM SLE95050 customers (or their approved contracted manufacturers) receive
unique sets of key pairs associated with customers’ products.
The secret key should be the same for one accessory product type (e.g. headset) or
across a range of products (battery, headset, docking station) to assure interoperability.
The corresponding host side public key will be provided to the customer with the host side
personalization package.
10
Summary
Infineon Technologies ORIGATM Original Product Authentication and Brand Protection
Solution provides superior security at improved system cost compared to other solutions
by using unique asymmetrical cryptography with two different keys for encryption and
decryption.
With this novel approach it can protect your products and brand, while improving the safety
of the overall system.
The temperature monitoring feature on the SLE95050F1 supports temperature sensing on
detachable accessories without increasing pin count by reading out over the Single Wire
Interface, either the chip’s internal temperature or that measured from an external
thermistor. The integrated ADC provides convenient temperature monitoring by just
sending a command.
Its non-volatile memory (NVM) of 512bit can be used for storage of device behavior (e.g.
number of usage cycles or data for logistic chain traceability).
The Single Wire Interface is easy to implement without design changes to peripherals or
the target accessory interface. The device supports host powered mode via SWI as well as
battery powered mode.
http://www.infineon.com
http://www.infineon.com/ORIGA