ABRIDGED DATA SHEET DS28EL15 DeepCover Secure Authenticator with 1-Wire SHA-256 and 512-Bit User EEPROM General Description DeepCoverK embedded security solutions cloak sensitive data under multiple layers of advanced physical security to provide the industry’s most secure key storage possible. The Deepcover Secure Authenticator (DS28EL15) combines crypto-strong bidirectional secure challenge-and-response authentication functionality with an implementation based on the FIPS 180-3-specified Secure Hash Algorithm (SHA-256). A 512-bit userprogrammable EEPROM array provides nonvolatile storage of application data. Additional protected memory holds a read-protected secret for SHA-256 operations and settings for memory protection control. Each device has its own guaranteed unique 64-bit ROM identification number (ROM ID) that is factory programmed into the chip. This unique ROM ID is used as a fundamental input parameter for cryptographic operations and also serves as an electronic serial number within the application. A bidirectional security model enables two-way authentication between a host system and slave-embedded DS28EL15. Slave-to-host authentication is used by a host system to securely validate that an attached or embedded DS28EL15 is authentic. Host-to-slave authentication is used to protect DS28EL15 user memory from being modified by a nonauthentic host. The DS28EL15 communicates over the single-contact 1-WireM bus at overdrive speed. The communication follows the 1-Wire protocol with the ROM ID acting as node address in the case of a multidevice 1-Wire network. Applications Authentication of Consumables Features S Symmetric-Key-Based Bidirectional Secure Authentication Model Based on SHA-256 S Strong Authentication with a High-Bit-Count UserProgrammable Secret and Input Challenge S 512 Bits of User EEPROM Partitioned Into Two Pages of 256 Bits S User-Programmable and Irreversible EEPROM Protection Modes Including Authentication, Write and Read Protect, and OTP/EPROM Emulation S Unique Factory-Programmed, 64-Bit Identification Number S Single-Contact 1-Wire Interface S Operating Range: 1.8V ±5%, -40°C to +85°C S ±8kV HBM ESD Protection (typ) S 6-Pin TDFN-EP Package Typical Application Circuit RP = 820Ω MAXIMUM I2C BUS CAPACITANCE 400pF 1.8V RP (I2C PORT) VCC SDA SCL DS24L65 µC SLPZ IO 1-Wire LINE Secure Feature Control Ordering Information appears at end of data sheet. DS28EL15 1-Wire is a registered trademark and DeepCover is a trademark of Maxim Integrated Products, Inc. For related parts and recommended products to use with this part, refer to: www.maximintegrated.com/DS28EL15.related For pricing, delivery, and ordering information, please contact Maxim Direct at 1-888-629-4642, or visit Maxim Integrated’s website at www.maximintegrated.com. 219-0021; Rev 0; 12/12 ABRIDGED DATA SHEET DS28EL15 DeepCover Secure Authenticator with 1-Wire SHA-256 and 512-Bit User EEPROM ABSOLUTE MAXIMUM RATINGS IO Voltage Range to GND.....................................-0.5V to +4.0V IO Sink Current....................................................................20mA Operating Temperature Range........................... -40NC to +85NC Junction Temperature......................................................+150NC Storage Temperature Range............................. -55NC to +125NC Lead Temperature (soldering, 10s).................................+300NC Soldering Temperature (reflow).......................................+260NC Stresses beyond those listed under “Absolute Maximum Ratings” may cause permanent damage to the device. These are stress ratings only, and functional operation of the device at these or any other conditions beyond those indicated in the operational sections of the specifications is not implied. Exposure to absolute maximum rating conditions for extended periods may affect device reliability. ELECTRICAL CHARACTERISTICS (TA = -40NC to +85NC, unless otherwise noted.) (Note 1) PARAMETER SYMBOL CONDITIONS MIN TYP MAX UNITS 1.89 V IO PIN: GENERAL DATA 1-Wire Pullup Voltage VPUP (Note 2) 1.71 1-Wire Pullup Resistance RPUP VPUP = 1.8V Q5% (Note 3) 300 Input Capacitance CIO Input Load Current IL (Notes 4, 5) 750 1500 IO pin at VPUP 5 I pF 19.5 0.65 x VPUP FA High-to-Low Switching Threshold VTL (Notes 6, 7) V Input Low Voltage VIL (Notes 2, 8) Low-to-High Switching Threshold VTH (Notes 6, 9) 0.75 x VPUP V Switching Hysteresis VHY (Notes 6, 10) 0.3 V Output Low Voltage VOL IOL = 4mA (Note 11) Recovery Time tREC RPUP = 750I (Notes 2, 12) 5 Fs Time Slot Duration tSLOT (Notes 2, 13) 13 Fs 0.3 0.4 V V IO PIN: 1-Wire RESET, PRESENCE-DETECT CYCLE Reset Low Time tRSTL (Note 2) 48 80 Reset High Time tRSTH (Note 14) 48 Presence-Detect Sample Time tMSP (Notes 2, 15) 8 10 Fs Write-Zero Low Time tW0L (Notes 2, 16) 8 16 Fs Write-One Low Time tW1L (Notes 2, 16) 1 2 Fs tRL (Notes 2, 17) 1 2-d Fs tMSR (Notes 2, 17) tRL + d 2 Fs VPUP = 1.89V (Notes 5, 18) 1 mA 10 ms Fs Fs IO PIN: 1-Wire WRITE IO PIN: 1-Wire READ Read Low Time Read Sample Time EEPROM Programming Current IPROG Programming Time for a 32-Bit Segment or Page Protection tPRD (Note 19) Programming Time for the Secret tPRS Refer to the full data sheet. Maxim Integrated ms 2 ABRIDGED DATA SHEET DS28EL15 DeepCover Secure Authenticator with 1-Wire SHA-256 and 512-Bit User EEPROM ELECTRICAL CHARACTERISTICS (continued) (TA = -40NC to +85NC, unless otherwise noted.) (Note 1) PARAMETER SYMBOL CONDITIONS Write/Erase Cycling Endurance NCY TA = +85NC (Notes 21, 22) Data Retention tDR TA = +85NC (Notes 23, 24, 25) MIN TYP MAX UNITS 100k — 10 Years SHA-256 ENGINE Computation Current ICSHA Computation Time tCSHA Refer to the full data sheet. mA ms Note 1: Limits are 100% production tested at TA = +25°C and/or TA = +85°C. Limits over the operating temperature range and relevant supply voltage range are guaranteed by design and characterization. Typical values are not guaranteed. Note 2: System requirement. Note 3: Maximum allowable pullup resistance is a function of the number of 1-Wire devices in the system and 1-Wire recovery times. The specified value here applies to systems with only one device and with the minimum 1-Wire recovery times. Note 4: Typical value represents the internal parasite capacitance when VPUP is first applied. Once the parasite capacitance is charged, it does not affect normal communication. Note 5: Guaranteed by design and/or characterization only. Not production tested. Note 6: VTL, VTH, and VHY are a function of the internal supply voltage, which is a function of VPUP, RPUP, 1-Wire timing, and capacitive loading on IO. Lower VPUP, higher RPUP, shorter tREC, and heavier capacitive loading all lead to lower values of VTL, VTH, and VHY. Note 7: Voltage below which, during a falling edge on IO, a logic 0 is detected. Note 8: The voltage on IO must be less than or equal to VIL(MAX) at all times the master is driving IO to a logic 0 level. Note 9: Voltage above which, during a rising edge on IO, a logic 1 is detected. Note 10: After VTH is crossed during a rising edge on IO, the voltage on IO must drop by at least VHY to be detected as logic 0. Note 11: The I-V characteristic is linear for voltages less than 1V. Note 12: Applies to a single device attached to a 1-Wire line. Note 13: Defines maximum possible bit rate. Equal to 1/(tW0L(MIN) + tREC(MIN)). Note 14: An additional reset or communication sequence cannot begin until the reset high time has expired. Note 15: Interval after tRSTL during which a bus master can read a logic 0 on IO if there is a DS28EL15 present. The power-up presence detect pulse could be outside this interval. See the Typical Operating Characteristics for details. Note 16: ε in Figure 11 represents the time required for the pullup circuitry to pull the voltage on IO up from VIL to VTH. The actual maximum duration for the master to pull the line low is tW1L(MAX) + tF - ε and tW0L(MAX) + tF - ε, respectively. Note 17: δ in Figure 11 represents the time required for the pullup circuitry to pull the voltage on IO up from VIL to the input-high threshold of the bus master. The actual maximum duration for the master to pull the line low is tRL(MAX) + tF. Note 18: Current drawn from IO during the EEPROM programming interval or SHA-256 computation. The pullup circuit on IO during the programming and computation interval should be such that the voltage at IO is greater than or equal to VPUP(MIN). A low-impedance bypass of RPUP activated during programming and computation is the recommended way to meet this requirement. Note 19: Refer to the full data sheet. Note 20: Refer to the full data sheet. 21: Write-cycle endurance is tested in compliance with JESD47G. 22: Not 100% production tested; guaranteed by reliability monitor sampling. 23: Data retention is tested in compliance with JESD47G. 24: Guaranteed by 100% production test at elevated temperature for a shorter time; equivalence of this production test to thedata sheet limit at operating temperature range is established by reliability testing. Note 25: EEPROM writes can become nonfunctional after the data-retention time is exceeded. Long-term storage at elevated temperatures is not recommended. Note Note Note Note Maxim Integrated 3 ABRIDGED DATA SHEET DS28EL15 DeepCover Secure Authenticator with 1-Wire SHA-256 and 512-Bit User EEPROM ELECTRICAL CHARACTERISTICS (continued) (TA = -40NC to +85NC, unless otherwise noted.) (Note 1) Note 26: Refer to the full data sheet. Typical Operating Characteristics Pin Configuration (VPUP = 1.71V, VIL = 0.3V) TOP VIEW POWER-UP TIME DS28EL15 toc01 120 100 DS28EL15 N.C. 1 IO 2 GND 3 + TIME (ms) 28L15 ymrrF 80 60 40 *EP 6 N.C. 5 N.C. 4 N.C. 20 0 -40 -20 0 20 40 60 80 *EXPOSED PAD TDFN-EP (3mm × 3mm) TEMPERATURE (°C) Pin Description PIN NAME 1, 4, 5, 6 N.C. 2 IO 3 GND — Maxim Integrated EP FUNCTION Not Connected 1-Wire Bus Interface. Open-drain signal that requires an external pullup resistor. Ground Reference Exposed Pad. Solder evenly to the board’s ground plane for proper operation. Refer to Application Note 3273: Exposed Pads: A Brief Introduction for additional information. 4 ABRIDGED DATA SHEET DS28EL15 DeepCover Secure Authenticator with 1-Wire SHA-256 and 512-Bit User EEPROM Note to readers: This document is an abridged version of the full data sheet. Additional device information is available only in the full version of the data sheet. To request the full data sheet, go to www.maximintegrated.com/DS28EL15 and click on Request Full Data Sheet. Ordering Information PART DS28EL15Q+T TEMP RANGE PIN-PACKAGE -40NC to +85NC 6 TDFN-EP* (2.5k pcs) +Denotes a lead(Pb)-free/RoHS-compliant package. T = Tape and reel. *EP = Exposed pad. Maxim Integrated Package Information For the latest package outline information and land patterns (footprints), go to www.maximintegrated.com/packages. Note that a “+”, “#”, or “-” in the package code indicates RoHS status only. Package drawings may show a different suffix character, but the drawing pertains to the package regardless of RoHS status. PACKAGE TYPE PACKAGE CODE OUTLINE NO. LAND PATTERN NO. 6 TDFN-EP T633+2 21-0137 90-0058 42 ABRIDGED DATA SHEET DS28EL15 DeepCover Secure Authenticator with 1-Wire SHA-256 and 512-Bit User EEPROM Revision History REVISION NUMBER REVISION DATE 0 12/12 DESCRIPTION Initial release PAGES CHANGED — Maxim Integrated cannot assume responsibility for use of any circuitry other than circuitry entirely embodied in a Maxim Integrated product. No circuit patent licenses are implied. Maxim Integrated reserves the right to change the circuitry and specifications without notice at any time. The parametric values (min and max limits) shown in the Electrical Characteristics table are guaranteed. Other parametric values quoted in this data sheet are provided for guidance. Maxim Integrated 160 Rio Robles, San Jose, CA 95134 USA 1-408-601-1000 © 2013 Maxim Integrated Products, Inc. 43 Maxim Integrated and the Maxim Integrated logo are trademarks of Maxim Integrated Products, Inc.