Atmel AT88SC118 CryptoCompanion Device for CryptoRF and CryptoMemory Products SUMMARY DATASHEET Features Atmel® CryptoCompanion™ Device to Atmel CryptoRF® and Atmel CryptoMemory® Securely implements Host algorithms Securely stores Host secrets Verifies Host firmware digests High security features in hardware CryptoMemory and CryptoRF F2 Algorithm SHA-1 standard cryptographic algorithm 64-bit Mutual Authentication Protocol (Under License of ELVA) Permanently coded serial numbers High quality Random Number Generator (RNG) Metal shield over memory Data scrambling in nonvolatile memory Delay penalties to prevent systematic attacks Reset locking to prevent illegal power cycling Voltage and frequency monitors Host-side crypto functions Authentication challenge generation Device challenge response Message Authentication Codes (MAC) generation Data encryption and decryption Secure authentication key management Secure storage and key management Up to 16 sets of 64-bits diversified Host keys Eight sets of two 24-bit passwords Secure and custom personalization Up to 232-byte Read/Write configurable user data area Nonvolatile up counters Four sets unidirectional counters 6.4 million maximum counts per counter Application features Low voltage supply: 2.7V – 3.6V 2-Wire Serial Interface (TWI, 5V compatible) Standard 8-lead SOIC plastic package, green compliant (exceeds RoHS) High reliability Endurance: 100,000 cycles Data retention: 10 years ESD protection: 3,000V min. HBM This is a summary document. The complete document is available on the Atmel website at www.atmel.com. Atmel-8858AS-CryptoComp-AT88SC118-Datasheet-Summary_042013 1. Product Overview The CryptoCompanion is designed as the mate to the CryptoRF (CRF) and CryptoMemory (CM) devices, collectively referred to in the remainder of this document as CRF. The CryptoCompanion makes extensive use of the SHA-1 hash algorithm as specified in http://www.itl.nist.gov/fipspubs/fip180-1.htm and elsewhere. In this document, the nomenclature SHA-1(a, b, c) means to concatenate a, b, and c in that order and then pad them to a block size of 64 bytes before computing the digest. The CryptoCompanion does not ever generate a SHA-1 digest of datasets larger than a single round. 1.1 General Operation The CRF device contains secrets that must be known or derived by a Host system in order to establish a trusted link between the two and permit communications to happen. The CryptoCompanion stores these secrets in an obscured way in nonvolatile memory and contains all the circuitry necessary to perform the authentication, password, and encryption/decryption functions specified in the CRF datasheet. In this manner, the secrets do not ever need to be revealed. The general cryptographic strategy is as follows: 1.2 Each CRF device has a serial or identification number (ID) and authentication secret Gi stored in EEPROM. ID is freely readable; Gi can never be read and is unique for all tags. The CryptoCompanion contains an EEPROM that contains a set of common secrets (Fn). The AT88SC118 combines Fn with ID and KID to compute a value of G that is expected to match that in the CRF device. Specifically, G = SHA-1(Fn, ID, KID). G is further diversified by the inclusion of a number (KID) generated by the Host system in a manner of its choosing. Typically, it will be the result of a cryptographic operation on the CRF ID value calculated using other data, secrets, and/or algorithms external to the AT88SC118. This permits scenarios that offer varying degrees of additional security. The CryptoCompanion includes a general purpose cryptographic quality Random Number Generator which is used to seed a mutual authentication process between the AT88SC118 and CRF. If the CRF confirms the CryptoCompanion challenge, and the CryptoCompanion confirms the CRF response, then the Host system proceeds with CRF operations. In this way, the Host system may use the CRF without knowing the CRF’s secrets directly. CryptoCompanion Benefits The following is a partial list of the benefits of using this device versus storing the algorithms and secrets in standard Flash system memory. Keep confidential those core secrets that are used to authenticate with and communicate to/from CRF. (Store them in EEPROM and use them on-chip) Flexible system implementation — multiple secrets and policies for different CRF locations within the system. Multiple manufacturer setup options. Hardware encryption engines, avoids algorithm disclosure from reverse-compilation of system operating code. Full hardware security implementation makes it harder for an attacker (even with lab equipment) to get secrets stored on the CryptoCompanion. Global secrets are protected using strong security, standard algorithm (SHA-1). Implements a crunching algorithm to prevent micro-controller based CRF replicas. Robust Random Number Generation avoids accidental replay for all cryptographic operations using the system; not just with respect to CRF. Secure EEPROM storage for configuration information, etc. may permit reduction in the total BOM for the system. Easy to use — little programming required, no knowledge of security algorithms or protocols, and fast time to market. Atmel AT88SC118 [Summary Datasheet] Atmel-8858AS-CryptoComp-AT88SC118-Datasheet-Summary_042013 2 1.3 Package, Pinout, and I/O 1.3.1 Pinout All pins not otherwise specified are considered Test pins and should be grounded on the board. Table 1-1. Pin Descriptions Pin Description Power Supply and Ground. Power supply is 2.7 – 3.6V and the supply current is less than 5mA. The CryptoCompanion will be available to accept commands 60ms after the later of VCC rising above 2.7V or Reset being driven high if CryptoCompanion is in a security delay then this interval is significantly longer. During power-up, VCC must exhibit a monotonic ramp at a minimum rate of 50mV/ms until VCC has crossed the 2.7V level. During power-down, VCC must exhibit a monotonic ramp at a minimum rate of 50mV/ms once it has dropped below the 2.5V boundary. CryptoCompanion does not support hot swapping or hot plugging. VCC and GND VCC must be bypassed with high quality surface mount capacitors that are properly located on the board. Atmel recommends two capacitors connected in parallel having a value of 1mF and 0.01mF. The capacitors should be manufactured using X5R or X7R dielectric material. These capacitors should be connected to the AT88SC118 using a total of no more than 1cm PC board traces. Atmel recommends the use of a ground plane and a trace length of less than 0.5cm between the capacitors and the VCC pin. Caution: 1.3.2 Failure to follow these recommendations may result in improper operation. SDA 2-Wire Interface Data pin and 5V compatible. Data setup time = 0.1μs minimum and data hold time = 0 μs minimum.The system board must include an external pull-up resistor. SCL 2-Wire Interface Clock pin and 5V compatible. Maximum SCL rate is 400KHz, min. TLOW = 1.2μs, min. THIGH = 0.6μs. The system board must include an external pull-up resistor. RST Reset. This active low input will reset all states within the AT88SC118. It is honored regardless of the state of PowerDown. PDN PowerDown. When held low, the part operates normally. When held high the part will go to sleep and ignore all transitions on SDA and SCL, power consumption will drop to less than 10μA. There is a 50ms delay between this pin falling and the first transition on SDA or SCL that will be accepted by the device. Package The CryptoCompanion is packaged in an 8-lead SOIC package. The pinout is as follows: Table 1-2. 8-lead SOIC package pinout Pin Number Pin Name 1 PDN 2 RST 3 and 7 NC 4 GND 5 SDA 6 SCL 8 VCC Note: Pins 3 and 7 are not internally connected and should be connected to ground on the PC board. Atmel AT88SC118 [SUMMARY DATASHEET] Atmel-8858AS-CryptoComp-AT88SC118-Datasheet-Summary_042013 3 1.3.3 Connection Diagram Figure 1-1. Connection Diagram 2.7V – 5.5V 2.7V – 3.6V Microprocessor CryptoCompanion SDA SCL 1.3.4 TWI Input/Output Operation The CryptoCompanion communicates to the system using a 2-Wire Interface (TWI), which is similar to SMBus™. The device operates as a slave and does not support clock stretching. This 2-Wire protocol is identical to that supported by the Atmel AT24C16B Serial EEPROM devices. Refer to the datasheet on the Atmel website for detailed timing and protocol information. The system processor is expected to properly format commands for the AT88SC118 (which may include information from the CRF device), and then process the outputs of the AT88SC118 (which may include sending some of the outputs to the CRF device). The CryptoCompanion cannot directly communicate with CRF devices. Both CRF and the CryptoCompanion are slave devices. The bus master may use one or two busses to communicate with them. Separate TWI addresses must be used if both devices are on the same bus. Atmel AT88SC118 [Summary Datasheet] Atmel-8858AS-CryptoComp-AT88SC118-Datasheet-Summary_042013 4 1.4 Memory Locking When this initialization is complete, the Lock command should be executed which limits access to the memory per the restrictions listed later in this section. The system can determine the current lock value by using the ReadManufacturingID command to read out the ManufacturingID value (MfrID) and the lock byte. The table below describes the encoding of the least significant two bits of the Lock byte. On shipment from Atmel, Lock[1:0] will have a value of either 10 or 00, depending on the part number ordered. An Atmel AT88SC118 in either of these two states is considered unlocked. It is not possible to change from one of these unlocked states to the other. After the Lock command has been executed, the Lock byte will have the value 0xFF. Subsequent changes to the Lock byte are impossible. Table 1-3. Memory Locking LockBit 1 LockBit 0 (LSB) 1 1 Locked. ReadMemory and WriteMemory enabled, subject to the restrictions in this section. WriteMemoryEncrypted and ReadMemoryDigest disabled. 1 0 Unlocked/Confidential. ReadMemoryDigest, WriteMemory, and WriteMemoryEncrypted enabled. ReadMemory disabled. 0 0 Unlocked. ReadMemory and WriteMemory enabled. WriteMemoryEncrypted and ReadMemoryDigest disabled. Meaning Atmel AT88SC118 [SUMMARY DATASHEET] Atmel-8858AS-CryptoComp-AT88SC118-Datasheet-Summary_042013 5 2. AC and DC Characteristics Table 2-1. DC Characteristics(1) Applicable over recommended operating range from VCC = +2.7 to 3.6 V, TAC = -40o C to 85o C (unless otherwise noted). Symbol Parameter VCC Supply Voltage ICC Supply Current ISB Standby Current VIL SDA Input Low Voltage VIL Max Units 3.6 V 400kHz 5 mA VIN = VCC or GND 15 A -0.3 VCC x 0.3 V CLK Input Low Voltage -0.3 VCC x 0.3 V VIL RST Input Low Voltage -0.3 VCC x 0.3 V VIL PDN Input Low Voltage -0.3 VCC x 0.3 V VIH SDA Input High Voltage VCC x 0.7 5.25 V VIH SCL Input High Voltage VCC x 0.7 5.25 V VIH RST Input High Voltage VCC x 0.7 5.25 V VIH PDN Input High Voltage VCC x 0.7 5.25 V IIL SDA Input Low Current 0 < VIL < VCC x 0.15 -10 10 A IIL SCL Input Low Current 0 < VIL < VCC x 0.15 -10 10 A IIL RST Input Low Current 0 < VIL < VCC x 0.15 -10 10 A IIL PDN Input Low Current 0 < VIL < VCC x 0.15 -10 10 A IIH SDA Input High Current VCC x 0.7 < VIH < VCC -10 10 A IIH SCL Input High Current VCC x 0.7 < VIH < VCC -10 10 A IIH RST Input High Current VCC x 0.7 < VIH < VCC -10 10 A IIH PDN Input High Current VCC x 0.7 < VIH < VCC -10 10 A VOH SDA Output High Voltage 20k Ohm External Pull-up VCC x 0.8 V VOL SDA Output Low Voltage IOL = 1mA, Vcc=2.7V 0.4 V Note: 1. Test Condition Min 2.7 Typ Typical values at 25C. Maximum values are characterized values and not test limits in production. Atmel AT88SC118 [Summary Datasheet] Atmel-8858AS-CryptoComp-AT88SC118-Datasheet-Summary_042013 6 Table 2-2. AC Characteristics(1) Applicable over recommended operating range from VCC = +2.7 to 3.6 V, TAC = -40o C to 85o C, CL = 30pF (unless otherwise noted). Symbol Parameter Min Max Units fCLK Clock Frequency 0 400 kHz Clock Duty Cycle(2) 40 60 % tR Rise Time: SDA, RST, PDN(2) 300 nS tF Fall Time: SDA, RST, PDN(2) 300 nS 300 nS (2) tR Rise Time: SCL tF Fall Time: SCL(2) 300 nS tAA Clock Low to Data Out Valid 900 nS tHD.STA Start Hold Time 600 nS tSU.STA Start Set-up Time 600 nS tHD.DAT Data In Hold Time 100 nS tSU.DAT Data In Set-up Time 100 nS tSU.STO Stop Set-up Time 600 nS tDH Data Out Hold Time 50 Notes: 1. 2. 900 nS Typical values at 25C. Maximum values are characterized values and not test limits in production. This parameter is not tested. Values are based on characterization and/or simulation data. Figure 2-1. SCL: Serial Clock, SDA: Serial Data I/O tHIGH tF tR tLOW tLOW SCL tSU.STA tHD.STA tHD.DAT tSU.DAT tSU.STO SDA In tAA tDH tBUF SDA Out Atmel AT88SC118 [SUMMARY DATASHEET] Atmel-8858AS-CryptoComp-AT88SC118-Datasheet-Summary_042013 7 3. Ordering Codes Ordering Code Memory Locking AT88SC118-SH-CM Bulk AT88SC118-SH-CM-T Tape and Reel AT88SC118-SH-CN Bulk AT88SC118-SH-CN-T Tape and Reel Package 8S1 Package Voltage Range 00 (Unlocked) 8S1 10 (Unlocked/Confidential) 2.7V – 3.6V Temperature Range Green Compliant (exceeds RoHS) Industrial (-40C to 85C) Description 8-lead, 0.150" Wide, Plastic Gull Wing Small Outline (JEDEC SOIC) Atmel AT88SC118 [Summary Datasheet] Atmel-8858AS-CryptoComp-AT88SC118-Datasheet-Summary_042013 8 4. Package Drawing 4.1 8S1 — 8-lead JEDEC SOIC C 1 E E1 L N Ø TOP VIEW END VIEW e b COMMON DIMENSIONS (Unit of Measure = mm) A A1 D SIDE VIEW Notes: This drawing is for general information only. Refer to JEDEC Drawing MS-012, Variation AA for proper dimensions, tolerances, datums, etc. SYMBOL MIN A 1.35 NOM MAX – 1.75 A1 0.10 – 0.25 b 0.31 – 0.51 C 0.17 – 0.25 D 4.80 – 5.05 E1 3.81 – 3.99 E 5.79 – 6.20 e NOTE 1.27 BSC L 0.40 – 1.27 Ø 0° – 8° 6/22/11 Package Drawing Contact: [email protected] TITLE 8S1, 8-lead (0.150” Wide Body), Plastic Gull Wing Small Outline (JEDEC SOIC) GPC SWB DRAWING NO. REV. 8S1 G Atmel AT88SC118 [SUMMARY DATASHEET] Atmel-8858AS-CryptoComp-AT88SC118-Datasheet-Summary_042013 9 5. Revision History Doc. Rev. Date 8858AS 04/2013 Comments Initial summary document release. Atmel AT88SC118 [Summary Datasheet] Atmel-8858AS-CryptoComp-AT88SC118-Datasheet-Summary_042013 10 X X X X Atmel Corporation 1600 Technology Drive, San Jose, CA 95110 USA T: (+1)(408) 441.0311 F: (+1)(408) 436.4200 | www.atmel.com © 2013 Atmel Corporation. All rights reserved. / Rev.: Atmel-8858AS-CryptoComp-AT88SC118-Datasheet-Summary_042013 Atmel®, Atmel logo and combinations thereof, Enabling Unlimited Possibilities®, CryptoAuthentication™, CryptoCompanion™, CryptoRF®, CryptoMemory®, and others are registered trademarks or trademarks of Atmel Corporation or its subsidiaries. Other terms and product names may be trademarks of others. DISCLAIMER: The information in this document is provided in connection with Atmel products. No license, express or implied, by estoppel or otherwise, to any intellectual property right is granted by this document or in connection with the sale of Atmel products. EXCEPT AS SET FORTH IN THE ATMEL TERMS AND CONDITIONS OF SALES LOCATED ON THE ATMEL WEBSITE, ATMEL ASSUMES NO LIABILITY WHATSOEVER AND DISCLAIMS ANY EXPRESS, IMPLIED OR STATUTORY WARRANTY RELATING TO ITS PRODUCTS INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. IN NO EVENT SHALL ATMEL BE LIABLE FOR ANY DIRECT, INDIRECT, CONSEQUENTIAL, PUNITIVE, SPECIAL OR INCIDENTAL DAMAGES (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS AND PROFITS, BUSINESS INTERRUPTION, OR LOSS OF INFORMATION) ARISING OUT OF THE USE OR INABILITY TO USE THIS DOCUMENT, EVEN IF ATMEL HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Atmel makes no representations or warranties with respect to the accuracy or completeness of the contents of this document and reserves the right to make changes to specifications and products descriptions at any time without notice. Atmel does not make any commitment to update the information contained herein. Unless specifically provided otherwise, Atmel products are not suitable for, and shall not be used in, automotive applications. Atmel products are not intended, authorized, or warranted for use as components in applications intended to support or sustain life. SAFETY-CRITICAL, MILITARY, AND AUTOMOTIVE APPLICATIONS DISCLAIMER: Atmel products are not designed for and will not be used in connection with any applications where the failure of such products would reasonably be expected to result in significant personal injury or death (“Safety-Critical Applications”) without an Atmel officer's specific written consent. Safety-Critical Applications include, without limitation, life support devices and systems, equipment or systems for the operation of nuclear facilities and weapons systems. Atmel products are not designed nor intended for use in military or aerospace applications or environments unless specifically designated by Atmel as military-grade. Atmel products are not designed nor intended for use in automotive applications unless specifically designated by Atmel as automotive-grade.