ATECC108A Atmel CryptoAuthentication Device SUMMARY DATASHEET Features CryptoAuthentication Ensures Things and Code are Real, Untampered, and Confidential Crypto Element Devices with Secure Hardware-based Key Storage Performs High-Speed Public Key (PKI) Algorithms – ECDSA: FIPS186-3 Elliptic Curve Digital Signature Algorithm NIST Standard P256, B283 and K283 Elliptic Curve Support SHA-256 Hash Algorithm with HMAC Option Host and Client Operations 256-bit and 283-bit Key Length Storage for up to 16 Keys Guaranteed Unique 72-bit Serial Number Internal High-quality FIPS Random Number Generator (RNG) 10Kb EEPROM Memory for Keys, Certificates, and Data Storage for up to 16 Keys Multiple Options for Consumption Logging and One Time Write Information Authentication and Protect Code In-transit Intrusion Latch for External Tamper Switch or Power-on Chip Enablement. Multiple I/O Options: – High-speed Single Pin Interface, with One GPIO Pin – 1MHz Standard I2C Interface 2.0V to 5.5V Supply Voltage Range Ecosystem Control 1.8V to 5.5V IO levels Ensure Only OEM/Licensed Nodes and Accessories Work <150nA Sleep Current Secure Download and Boot Anti-cloning Prevent Building with Identical BOM or Stolen Code 8-pad UDFN, 8-lead SOIC, and 3-lead CONTACT Packages Applications Message Security Authentication, Message Integrity, and Confidentiality of Network Nodes (IoT) Secure Download and Boot Ecosystem Control Message Security Anti-Cloning This is a summary document. The complete document is available under NDA. For more information, please contact your local Atmel sales office. Atmel-8895BS-CryptoAuth-ATECC108A-Datasheet-Summary_012016 Pin Configuration and Pinouts Table 1. Pin Configuration Pin Function NC No Connect GND Ground SDA Serial Data SCL Serial Clock Input VCC Power Supply Figure 1. 2 Pinouts ATECC108A [Summary Datasheet] 2 Atmel-8895BS-CryptoAuth-ATECC108A-Datasheet-Summary_012016 1 Introduction 1.1 Applications ™ ® The Atmel ATECC108A is a member of the Atmel CryptoAuthentication family of crypto engine authentication devices with highly secure hardware-based key storage. The ATECC108A has a flexible command set that allows use in many applications, including the following, among many others: 1.2 Network/IoT Node Protection Authenticates node IDs and ensures the integrity of messages. Anti-Counterfeiting Validates that a removable, replaceable, or consumable client is authentic. Examples of clients could be system accessories, electronic daughter cards, or other spare parts. It can also be used to validate a software/firmware module or memory storage element. Protecting Firmware or Media Validates code stored in flash memory at boot to prevent unauthorized modifications, encrypt downloaded program files as a common broadcast, or uniquely encrypt code images to be usable on a single system only. Storing Secure Data Store secret keys for use by crypto accelerators in standard microprocessors. The ATECC108A can be used to store small quantities of data necessary for configuration, calibration, ePurse value, consumption data, or other secrets. Programmable protection is available using encrypted/authenticated reads and writes. Checking User Password Validates user-entered passwords without letting the expected value become known, maps memorable passwords to a random number, and securely exchanges password values with remote systems. Device Features The ATECC108A includes an EEPROM array which can be used for storage of up to 16 keys, certificates, miscellaneous read/write, read-only or secret data, consumption logging, and security configurations. Access to the various sections of memory can be restricted in a variety of ways and then the configuration can be locked to prevent changes. The ATECC108A features a wide array of defense mechanisms specifically designed to prevent physical attacks on the device itself, or logical attacks on the data transmitted between the device and the system. Hardware restrictions on the ways in which keys are used or generated provide further defense against certain styles of attack. 2 Access to the device is made through a standard I C Interface at speeds of up to 1Mb/s. The interface is 2 compatible with standard Serial EEPROM I C interface specifications. The device also supports a Single-Wire Interface (SWI), which can reduce the number of GPIOs required on the system processor, and/or reduce the number of pins on connectors. If the Single-Wire Interface is enabled, the remaining pin is available for use as a GPIO, an authenticated output or tamper input. 2 Using either the I C or Single-Wire Interface, multiple ATECC108A devices can share the same bus, which saves processor GPIO usage in systems with multiple clients such as different color ink tanks or multiple spare parts, for example. ATECC108A [Summary Datasheet] Atmel-8895BS-CryptoAuth-ATECC108A-Datasheet-Summary_012016 3 3 Each ATECC108A ships with a guaranteed unique 72-bit serial number. Using the cryptographic protocols supported by the device, a host system or remote server can verify a signature of the serial number to prove that the serial number is authentic and not a copy. Serial numbers are often stored in a standard Serial EEPROM; however, these can be easily copied with no way for the host to know if the serial number is authentic or if it is a clone. The ATECC108A can generate high-quality FIPS random numbers and employ them for any purpose, including usage as part of the device’s crypto protocols. Because each random number is guaranteed to be essentially unique from all numbers ever generated on this or any other device, their inclusion in the protocol calculation ensures that replay attacks (i.e. re-transmitting a previously successful transaction) will always fail. System integration is easy due to a wide supply voltage range (of 2.0V to 5.5V) and an ultra-low sleep current (of <150nA). Multiple package options are available (See Sections 4, Ordering Information and Section 5, Package Drawings). See Section 3 for information regarding compatibility with the Atmel ATSHA204 and ATECC108. 1.3 Cryptographic Operation The ATECC108A implements a complete asymmetric (public/private) key cryptographic signature solution based upon Elliptic Curve Cryptography and the ECDSA signature protocol. The device features hardware acceleration for the NIST standard P256 prime curve and supports the complete key life cycle from high quality private key generation, to ECDSA signature generation, and ECDSA public key signature verification. The hardware accelerator can implement such asymmetric cryptographic operations from ten to one-thousand times faster than software running on standard microprocessors, without the usual high risk of key exposure that is endemic to standard microprocessors. The device is designed to securely store multiple private keys along with their associated public keys and certificates. The signature verification command can use any stored or an external ECC public key. Public keys stored within the device can be configured to require validation via a certificate chain to speed-up subsequent device authentications. Random private key generation is supported internally within the device to ensure that the private key can never be known outside of the device. The public key corresponding to a stored private key is always returned when the key is generated and it may optionally be computed at a later time. The ATECC108A also supports a standard hash-based challenge-response protocol in order to simplify programming. In its most basic instantiation, the system sends a challenge to the device, which combines that challenge with a secret key and then sends the response back to the system. The device uses a SHA-256 cryptographic hash algorithm to make that combination so that an observer on the bus cannot derive the value of the secret key, but preserving that ability of a recipient to verify that the response is correct by performing the same calculation with a stored copy of the secret on the recipient’s system. Due to the flexible command set of the ATECC108A, these basic operation sets (i.e. ECDSA signatures and SHA-256 challenge-response) can be expanded in many ways. In a host-client configuration where the host (for instance a mobile phone) needs to verify a client (for instance an OEM battery), there is a need to store the secret in the host in order to validate the response from the client. The CheckMac command allows the device to securely store the secret in the host system and hides the correct response value from the pins, returning only a yes or no answer to the system. All hashing functions are implemented using the industry-standard SHA-256 secure hash algorithm, which is part of the latest set of high-security cryptographic algorithms recommended by various government agencies and cryptographic experts. The ATECC108A employs full-sized 256 bit secret keys to prevent any kind of exhaustive attack. 4 ATECC108A [Summary Datasheet] 4 Atmel-8895BS-CryptoAuth-ATECC108A-Datasheet-Summary_012016 2 Electrical Characteristics 2.1 Absolute Maximum Ratings* Operating Temperature .......................... -40°C to 85°C Storage Temperature ........................... -65°C to 150°C Maximum Operating Voltage.................................6.0V DC Output Current ................................................5mA Voltage on any pin ...................... -0.5V to (VCC + 0.5V) 2.2 *Notice: Stresses beyond those listed under “Absolute Maximum Ratings” may cause permanent damage to the device. This is a stress rating only and functional operation of the device at these or any other conditions beyond those indicated in the operational sections of this specification are not implied. Exposure to absolute maximum rating conditions for extended periods may affect device reliability. Reliability The ATECC108A is fabricated with the Atmel high reliability of the CMOS EEPROM manufacturing technology. Table 2-1. EEPROM Reliability Parameter Min Write Endurance (Each Byte) Typical Units 400,000 Write Cycles Data Retention (At 55C) 10 Years Data Retention (At 35C) 30 Read Endurance 2.3 Max 50 Years Unlimited Read Cycles AC Parameters: All I/O Interfaces Figure 2-1. Parameter AC Parameters: All I/O Interfaces (1) Symbol Direction Min Typ Max Unit Notes Minimum time between VCC > VCC min prior to measurement of tWLO. Power-Up Delay tPU To Crypto Authentication 100 — µs Wake Low Duration tWLO To Crypto Authentication 60 — µs Wake High Delay to Data Comm. tWHI To Crypto Authentication 500 µs SDA should be stable high for this entire duration. High Side Glitch Filter at Active tHIGNORE_A To Crypto Authentication 45 (1) ns Pulses shorter than this in width will be ignored by the device, regardless of its state when active. Low Side Glitch Filter at Active tLIGNORE_A To Crypto Authentication 45 (1) ns Pulses shorter than this in width will be ignored by the device, regardless of its state when active. Low Side Glitch Filter at Sleep tLIGNORE_S To Crypto Authentication 15 (1) µs Pulses shorter than this in width will be ignored by the device when in sleep mode. Watchdog Timeout tWATCHDOG To Crypto Authentication 0.7 s Maximum time from wake until device is forced into sleep mode. Note: 1. 1.3 1.7 These parameters are guaranteed through characterization, but not tested. ATECC108A [Summary Datasheet] Atmel-8895BS-CryptoAuth-ATECC108A-Datasheet-Summary_012016 5 5 2.3.1 AC Parameters: Single-Wire Interface Table 2-2. AC Parameters: Single-Wire Interface Applicable from TA = -40°C to +85°C, VCC = +2.0V to +5.5V, CL =100pF (unless otherwise noted). Parameter Start Pulse Duration Zero Transmission High Pulse Zero Transmission Low Pulse Bit Time (1) Turn Around Delay IO Timeout Note: 6 1. Symbol tSTART tZHI tZLO tBIT Direction Min Typ Max Unit To Crypto Authentication 4.10 4.34 4.56 µs From Crypto Authentication 4.60 6 8.60 µs To Crypto Authentication 4.10 4.34 4.56 µs From Crypto Authentication 4.60 6 8.60 µs To Crypto Authentication 4.10 4.34 4.56 µs From Crypto Authentication 4.60 6 8.60 µs To Crypto Authentication 37 39 — µs From Crypto Authentication 41 54 78 µs From Crypto Authentication 64 96 131 µs ATECC108A will initiate the first low going transition after this time interval following the initial falling edge of the start pulse of the last bit of the transmit flag. µs After ATECC108A transmits the last bit of a group, system must wait this interval before sending the first bit of a flag. It is measured from the falling edge of the start pulse of the last bit transmitted by ATECC108A. ms ATECC108A may transition to the sleep mode if the bus is inactive longer than this duration. tTURNAROUND tTIMEOUT To Crypto Authentication 93 To Crypto Authentication 45 65 85 Notes If the bit time exceeds tTIMEOUT then ATECC108A may enter the sleep mode. START, ZLO, ZHI, and BIT are designed to be compatible with a standard UART running at 230.4Kbaud for both transmit and receive. The UART should be set to seven data bits, no parity and one Stop bit. ATECC108A [Summary Datasheet] 6 Atmel-8895BS-CryptoAuth-ATECC108A-Datasheet-Summary_012016 2.3.2 2 AC Parameters: I C Interface Table 2-3. 2 AC Characteristics of I C Interface Applicable over recommended operating range from TA = -40°C to + 85°C, VCC = +2.0V to +5.5V, CL = 1 TTL Gate and 100pF (unless otherwise noted). Symbol Parameter Min Max Units 1 MHz fSCK SCK Clock Frequency tHIGH SCK High Time 400 ns tLOW SCK Low Time 400 ns tSU.STA Start Setup Time 250 ns tHD.STA Start Hold Time 250 ns tSU.STO Stop Setup Time 250 ns tSU.DAT Data In Setup Time 100 ns tHD.DAT Data In Hold Time 0 ns tR Input Rise Time (1) (1) tF Input Fall Time tAA Clock Low to Data Out Valid 50 tDH Data Out Hold Time 50 tTIMEOUT SMBus Timeout Delay tBUF Note: 25 Time bus must be free before a new transmission can start. 1. (1) 300 ns 100 ns 550 ns ns 75 500 ms ns Values are based on characterization and are not tested. AC measurement conditions: RL (connects between SDA and VCC): 1.2k (for VCC +2.0V to +5.0V) Input pulse voltages: 0.3VCC to 0.7VCC Input rise and fall times: 50ns Input and output timing reference voltage: 0.5VCC ATECC108A [Summary Datasheet] Atmel-8895BS-CryptoAuth-ATECC108A-Datasheet-Summary_012016 7 7 2.4 DC Parameters: All I/O Interfaces Table 2-4. DC Parameters on All I/O Interfaces Parameter Symbol Min Typ Unit Notes Ambient Operating Temperature TA -40 85 C Power Supply Voltage 2.0 5.5 V 3 6 mA Waiting for I/O during I/O transfers or execution of non-ECC commands when ChipMode:3 is zero. — 16 mA During ECC command execution. µA When device is in idle mode, VSDA and VSCL < 0.4V or > VCC – 0.4 150 nA When device is in sleep mode, VCC 3.6V, VSDA and VSCL < 0.4V or > VCC – 0.4, TA 55°C 2 µA When device is in sleep mode. VCC Active Power Supply Current Idle Power Supply Current ICC IIDLE 800 30 Sleep Current ISLEEP Output Low Voltage VOL 0.4 V When device is in active mode, VCC = 2.5 – 5.5V Output Low Current IOL 4 mA When device is in active mode, VCC = 2.5 – 5.5V, VOL = 0.4V ƟJA Theta JA 2.4.2 Max 166 C/W SOIC (SSH) 173 C/W UDFN (MAH) 146 C/W RBH VIH and VIL Specifications The input voltage thresholds when in sleep or idle mode are dependent on the V CC level as shown in the graph below. When the device is active (i.e. not in sleep or idle mode), the input voltage thresholds are different depending upon the state of TTLenable (bit 1) within the ChipMode byte in the Configuration zone of the EEPROM. When a common voltage is used for the ATECC108A VCC pin and the input pull-up resistor, then this bit should be set to a one, which permits the input thresholds to track the supply. If the voltage supplied to the VCC pin of the ATECC108A is different than the system voltage to which the input pull-up resistor is connected, then the system designer may choose to set TTLenable to zero, which enables a fixed input threshold according to the following table. The following applies only when the device is active: Table 2-5. VIL, VIH on All I/O Interfaces Parameter 8 Symbol Min Input Low Voltage VIL Input High Voltage VIH Typ Max Unit -0.5 0.5 V When device is active and TTLenable bit in configuration memory is zero. 1.5 VCC + 0.5 V When device is active and TTLenable bit in configuration memory is zero. ATECC108A [Summary Datasheet] 8 Atmel-8895BS-CryptoAuth-ATECC108A-Datasheet-Summary_012016 Notes 3 Compatibility 3.1 Atmel ATSHA204 If properly configured, it can be used in all situations where the ATSHA204 or ATSHA204A is currently employed. Because the Configuration zone is larger, the personalization procedures for the device must be updated when personalizing the ATSHA204 or ATSHA204A. 3.2 Atmel ATECC108 ATECC108A is designed to be fully compatible with the ATECC108. If properly configured, can be used in all situations where ATECC108 is currently employed. In many situations, the ATECC108A can also be used in an ATECC108 application without change. The new revisions provide significant advantages as outlined below: New Features in ATECC108A vs. ATECC108 Intrusion Detection Capability, Including Gating Key Use New SHA Command, Also Computes HMAC X.509 Certificate Verification Capability Programmable Watchdog Timer Length Shared Random Nonce and Key Configuration Validation (Gendig Command) Larger Slot 8 which is Extended to 416 bytes 4 Ordering Information Atmel Ordering Code (4) Package Interface Configuration ATECC108A-SSHCZ-T 8-lead SOIC, Tape and Reel ATECC108A-SSHCZ-B 8-lead SOIC, Bulk in Tubes (2) Single-Wire (1) Single-Wire (2) 2 ATECC108A-SSHDA-T 8-lead SOIC, Tape and Reel ATECC108A-SSHDA-B 8-lead SOIC, Bulk in Tubes ATECC108A-MAHCZ-T 8-pad UDFN, Tape and Reel (2) Single-Wire ATECC108A-MAHDA-T 8-pad UDFN, Tape and Reel (2) IC (3) ATECC108A-RBHCZ-T Notes: 1. 2. 3. 4. IC (1) 3-lead CONTACT, Tape and Reel 2 IC 2 (2) Single-Wire B = Bulk T = Tape and Reel SOIC = 4,000 units per reel. UDFN = 15,000 units per reel. RBH = 5,000 units per reel. Please contact Atmel for availability. Please contact Atmel for thinner packages. ATECC108A [Summary Datasheet] Atmel-8895BS-CryptoAuth-ATECC108A-Datasheet-Summary_012016 9 9 5 Package Drawings 5.1 8-lead SOIC C 1 E E1 L N Ø TOP VIEW END VIEW e b COMMON DIMENSIONS (Unit of Measure = mm) A A1 D SIDE VIEW Notes: This drawing is for general information only. Refer to JEDEC Drawing MS-012, Variation AA for proper dimensions, tolerances, datums, etc. SYMBOL MIN A – A1 0.10 NOM MAX – – 1.75 0.25 b 0.31 – 0.51 C 0.17 – 0.25 D 4.90 BSC E 6.00 BSC E1 3.90 BSC e 1.27 BSC L 0.40 – 1.27 0° – 8° NOTE 3/6/2015 Package Drawing Contact: [email protected] 10 TITLE 8S1, 8-lead (0.150” Wide Body), Plastic Gull Wing Small Outline (JEDEC SOIC) ATECC108A [Summary Datasheet] 1 Atmel-8895BS-CryptoAuth-ATECC108A-Datasheet-Summary_012016 0 GPC SWB DRAWING NO. REV. 8S1 H 5.2 8-pad UDFN E 1 8 Pin 1 ID 2 7 3 6 4 5 D C TOP VIEW A2 SIDE VIEW A C A1 E2 b (8x) 8 7 1 D2 6 3 5 4 e (6x) K L (8x) BOTTOM VIEW Notes: COMMON DIMENSIONS (Unit of Measure = mm) 2 Pin#1 ID 1. This drawing is for general information only. Refer to Drawing MO-229, for proper dimensions, tolerances, datums, etc. 2. The Pin #1 ID is a laser-marked feature on Top View. 3. Dimensions b applies to metallized terminal and is measured between 0.15 mm and 0.30 mm from the terminal tip. If the terminal has the optional radius on the other end of the terminal, the dimension should not be measured in that radius area. 4. The Pin #1 ID on the Bottom View is an orientation feature on the thermal pad. SYMBOL MIN NOM MAX A 0.50 0.55 0.60 A1 0.0 0.02 0.05 A2 - - 0.55 D 1.90 2.00 2.10 D2 1.40 1.50 1.60 E 2.90 3.00 3.10 E2 1.20 1.30 1.40 b 0.18 0.25 0.30 C L 3 0.152 REF 0.35 e K NOTE 0.40 0.45 0.50 BSC 0.20 - - 11/2/15 Package Drawing Contact: [email protected] TITLE 8MA2, 8-pad 2 x 3 x 0.6mm Body, Thermally Enhanced Plastic Ultra Thin Dual Flat No-Lead Package (UDFN) GPC DRAWING NO. REV. YNZ 8MA2 H ATECC108A [Summary Datasheet] Atmel-8895BS-CryptoAuth-ATECC108A-Datasheet-Summary_012016 11 1 1 5.3 3-lead CONTACT COMMON DIMENSIONS (Unit of Measure = mm) SYMBOL MIN NOM MAX D 2.40 2.50 2.60 E 6.40 6.50 6.60 A 0.45 0.50 0.55 e 1.60 1.70 1.80 b 1.90 2.00 2.10 L 2.10 2.20 2.30 f 0.30 0.40 0.50 g 0.05 0.15 0.25 h 2.30 2.40 2.50 4.30 4.40 j NOTE 4.50 1/31/11 TITLE Package Drawing Contact: [email protected] 12 3RB, 3-lead 2.5x6.5mm Body, 2.0 mm pitch, CONTACT PACKAGE. (Sawn) ATECC108A [Summary Datasheet] 1 Atmel-8895BS-CryptoAuth-ATECC108A-Datasheet-Summary_012016 2 GPC RHB DRAWING NO. 3RB REV. 01 6 Revision History Doc. Rev. Date Comments 8895BX 01/2016 Updated write endurance from write cycles of 100,000 to 400,000 minimum and the 8S1 and 8MA2 package drawings. 8895AX 02/2015 Initial summary document release. The complete document is available under NDA. For more information, please contact your local Atmel sales office. ATECC108A [Summary Datasheet] Atmel-8895BS-CryptoAuth-ATECC108A-Datasheet-Summary_012016 13 1 3 Atmel Corporation 1600 Technology Drive, San Jose, CA 95110 USA T: (+1)(408) 441.0311 F: (+1)(408) 436.4200 │ www.atmel.com © 2016 Atmel Corporation. / Rev.:Atmel-8895BS-CryptoAuth-ATECC108A-Datasheet-Summary_012016. Atmel®, Atmel logo and combinations thereof, Enabling Unlimited Possibilities®, CryptoAuthentication™, and others are registered trademarks or trademarks of Atmel Corporation in U.S. and other countries. DISCLAIMER: The information in this document is provided in connection with Atmel products. No license, express or implied, b y estoppel or otherwise, to any intellectual property right is granted by this document or in connection with the sale of Atmel products. EXCEPT AS SET FORTH IN THE ATMEL TERMS AND CONDITIONS OF SALES LOCATED ON THE ATMEL WEBSITE, ATMEL ASSUMES NO LIABILITY WHATSOEVER AND DISCLAIMS ANY EXPRESS, IMPLIED OR STATUTORY WARRANTY RELATING TO ITS PRODU CTS INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON -INFRINGEMENT. IN NO EVENT SHALL ATMEL BE LIABLE FOR ANY DIRECT, INDIRECT, CONSEQUENTIAL, PUNITIVE, SPECIAL OR INCIDENTAL DAMAGES (INCLUDING, WITHOUT LIMITATION, DAMAG ES FOR LOSS AND PROFITS, BUSINESS INTERRUPTION, OR LOSS OF INFORMATION) ARISING OUT OF THE USE OR INABILITY TO USE THIS DOCUMENT, EVEN IF ATM EL HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Atmel makes no representations or warranties with respect t o the accuracy or completeness of the contents of this document and reserves the right to make changes to specifications and products descriptions at any time without notice. Atmel does not make any com mitment to update the information contained herein. Unless specifically provided otherwise, Atmel products are not suitable for, and shall not be used in, automotive applications. Atme l products are not intended, authorized, or warranted for use as components in applications intended to support or sustain life. SAFETY-CRITICAL, MILITARY, AND AUTOMOTIVE APPLICATIONS DISCLAIMER: Atmel products are not designed for and will not be used in conne ction with any applications where the failure of such products would reasonably be expected to result in significant per sonal injury or death (“Safety-Critical Applications”) without an Atmel officer's specific written consent. Safety-Critical Applications include, without limitation, life support devices and systems, equipment or systems for the operation o f nuclear facilities and weapons systems. Atmel products are not designed nor intended for use in military or aerospace applications or environments unless specifically designated by Atmel as military-grade. Atmel products are not designed nor intended for use in automotive applications unless specifically designated by Atmel as automotive-grade. Atmel-8895BS-CryptoAuth-ATECC108A-Datasheet-Summary_012016 14 ATECC108A [Summary Datasheet] 1 4