Abridged Data Sheet DS2460 SHA-1 Coprocessor with EEPROM www.maxim-ic.com GENERAL DESCRIPTION FEATURES The DS2460 SHA-1 Coprocessor with EEPROM is a hardware implementation of the ISO/IEC 10118-3 Secure Hash Algorithm (SHA-1), eliminating the need to develop software to perform the complex SHA computation required for authenticating SHA devices and for performing the validation of digitally signed service data. The DS2460 communicates with a microcontroller through the popular I²C interface. Applications include hosts of access control and electronic payment systems for token authentication and service data validation as well as generation of one-time-use encryption keys for short message encryption and decryption for messages not exceeding the length of a SHA-1 result, which is 20 bytes. APPLICATIONS License Management Secure Feature Control System Authentication Clone Prevention Door Locks Utility Meters ORDERING INFORMATION TYPICAL OPERATING CIRCUIT VCC RP PART DS2460S DS2460S/T&R DS2460S+ DS2460S+T&R TEMP RANGE -40°C to +85°C -40°C to +85°C -40°C to +85°C -40°C to +85°C PIN-PACKAGE 8 SO (150 mils) 8 SO (150 mils) 8 SO (150 mils) 8 SO (150 mils) + Indicates lead-free compliance. RP VCC Request full data sheet at: www.maxim-ic.com/fullds/DS2460 SDA SCL µC Dedicated Hardware-Accelerated SHA Engine for Generating SHA-1 MACs 112 Bytes User EEPROM for Storing End Equipment Property Data I²C Host Interface, Supports 100kHz and 400kHz Communication Speeds Three Address Inputs for I²C Address Assignment Single-Byte to 8-Byte EEPROM Write Sequences 64-Bit Unique Registration Number EEPROM Endurance: 200k Cycles per 8-Byte Block at 25°C 10ms max EEPROM Write Cycle Wide Operating Range: 2.7V to 5.5V, -40°C to +85°C ±4kV IEC 1000-4-2 ESD Protection Level on All Pins 8-Pin SO (150 mils) Package VCC SDA SCL AD0 AD1 GND PIN CONFIGURATION AD2 GND AD0 1 8 VCC AD1 2 7 SCL AD2 3 6 SDA GND 4 5 N.C. Note: Some revisions of this device may incorporate deviations from published specifications known as errata. Multiple revisions of any device may be simultaneously available through various sales channels. For information about device errata, click here: www.maxim-ic.com/errata. 1 of 8 REV: 080807 Abridged Data Sheet DS2460 ABSOLUTE MAXIMUM RATINGS Voltage Range on Any Pin Relative to Ground Maximum Current Into Any Pin Operating Temperature Range Junction Temperature Storage Temperature Range Soldering Temperature -0.5V, +6V ±20mA -40°C to +85°C +150°C -55°C to +125°C See IPC/JEDEC J-STD-020 Stresses beyond those listed under “Absolute Maximum Ratings” may cause permanent damage to the device. These are stress ratings only, and functional operation of the device at these or any other conditions beyond those indicated in the operational sections of the specifications is not implied. Exposure to the absolute maximum rating conditions for extended periods may affect device. ELECTRICAL CHARACTERISTICS (-40°C to +85°C, see Note 1) PARAMETER Supply Voltage SYMBOL CONDITIONS VCC MIN TYP 2.7 Bus idle MAX UNITS 5.5 3 V Standby Current ICCS Operating Current Programming Current ICCA IPROG SHA-1 Computation Current ISHA See full version of data sheet mA tSHA See full version of data sheet ms Bus idle, +25°C Bus active at 400kHz 250 500 1 500 1000 µA µA µA SHA-1 Engine SHA-1 Computation Time EEPROM Programming Time Endurance Data Retention tPROG NCYCLE 10 At +25°C (Notes 2, 3) tRET At +85°C (Notes 4, 5, 6) LOW Level Input Voltage VIL (Note 8) HIGH Level Input Voltage VIH (Notes 8, 9) Vhys (Note 9) ms 200k 40 years I²C-Pins (Note 7) See Figure 6 Hysteresis of Schmitt Trigger Inputs LOW Level Output Voltage at 4mA Sink Current Output Fall Time from VIhmin to VILmax with a Bus Capacitance from 10pF to 400pF Pulse Width of Spikes that are Suppressed by the Input Filter Input Current Each I/O Pin with an Input Voltage Between 0.1VCCmax and 0.9VCCmax Input Capacitance SCL Clock Frequency Hold Time (Repeated) START Condition. After this Period, the First Clock Pulse is Generated. LOW Period of the SCL Clock HIGH Period of the SCL Clock -0.5 0.7 × VCC 0.05 × VCC VOL tof (Note 9) tSP SDA and SCL pins only (Note 9) Ii (Notes 8, 10) Ci fSCL (Notes 8, 9) 0.3 × VCC VCC + 0.5V V V V 0.4 V 250 ns 50 ns -10 10 µA 0 10 400 pF kHz 20 + 0.1Cb tHD:STA 0.6 µs tLOW tHIGH 1.3 0.6 µs µs 2 of 8 Abridged Data Sheet PARAMETER SYMBOL Setup Time for a Repeated START Condition Data Hold Time Data Setup Time Setup Time for STOP Condition Bus Free Time Between a STOP and START Condition Capacitive Load for Each Bus Line Note 1: Note 2: Note 3: Note 4: Note 5: Note 6: Note 7: Note 8: Note 9: Note 10: Note 11: Note 12: Note 13: Note 14: CONDITIONS tSU:STA tHD:DAT tSU:DAT tSU:STO MIN TYP MAX 0.6 (Notes 11, 12) (Note 13) UNITS µs 0.9 tBUF CB DS2460 100 0.6 µs ns µs 1.3 µs (Note 14) 400 pF Specification at -40°C is guaranteed by design and characterization only and not production tested. Write-cycle endurance is degraded as TA increases. Not 100% production-tested; guaranteed by reliability monitor sampling. Data retention is degraded as TA increases. Guaranteed by 100% production test at elevated temperature for a shorter amount of time; equivalence of this production test to data sheet limit at operating temperature range is established by reliability testing. EEPROM writes can become nonfunctional after the data-retention time is exceeded. Long-term storage at elevated temperatures is not recommended; the device can lose its write capability after 10 years at +125°C or 40 years at +85°C. All values are referred to VIHmin and VILmax levels. Applies to SDA, SCL, AD2, AD1, AD0. Guaranteed by simulation only, not production tested. I/O pins of the DS2460 do not obstruct the SDA and SCL lines if VCC is switched off. The DS2460 provides a hold time of at least 300ns for the SDA signal (referred to the VIHmin of the SCL signal) to bridge the undefined region of the falling edge of SCL. The maximum tHD:DAT has only to be met if the device does not stretch the LOW period (tLOW) of the SCL signal. A Fast-mode I²C-bus device can be used in a standard-mode I²C-bus system, but the requirement tSU:DAT ≥250ns must then be met. This is automatically the case if the device does not stretch the LOW period of the SCL signal. If such a device does stretch the LOW period of the SCL signal, it must output the next data bit to the SDA line tr max + tSU:DAT = 1000 + 250 = 1250ns (according to the standard-mode I²C-bus specification) before the SCL line is released. CB = total capacitance of one bus line in pF. If mixed with HS-mode devices, faster fall-times according to I²C-Bus Specification v2.1 are allowed. PIN DESCRIPTION PIN 1 2 3 4 5 6 7 8 NAME AD0 AD1 AD2 GND NC SDA SCL VCC FUNCTION I²C Address Inputs; must be tied to VCC or GND. These inputs determine the I²C slave address of the device, see Figure 5. Ground Reference Not Connected I²C Serial Data Input/Output; must be tied to VCC through a pullup resistor. I²C Serial Clock Input; must be tied to VCC through a pullup resistor. Power Supply Input OVERVIEW The block diagram in Figure 1 shows the relationships between the major control and memory sections of the DS2460. The DS2460 communicates with a host processor through its I²C bus interface in standard-mode or in fast-mode. The logic state of three address pins determines the I²C slave address of the DS2460, allowing up to 8 devices to operate on the same bus segment without requiring a hub. For more information (including Figure 2) refer to the full version of the data sheet. 3 of 8 Abridged Data Sheet DS2460 Figure 1. Block Diagram 64-bit Unique Number SCL SDA ADx 2-wire Function Control MAC Output Buffer 64-Byte Input Buffer Command Buffer and SHA-1 Engine Control SHA-1 Engine S-Secret E-Secret1 E-Secret2 8-Byte EEPROM Write Buffer E-Secret3 112-Byte User EEPROM DETAILED REGISTER DESCRIPTION For this section (including Figure 3) please refer to the full version of the data sheet. DEVICE OPERATION The typical use of the DS2460 in an application involves writing, reading, running the SHA-1 engine, transferring secrets and comparing MACs. All these activities are controlled through the I²C serial interface. I²C Serial Communication Interface General Characteristics The I²C bus uses a data line (SDA) plus a clock signal (SCL) for communication. Both SDA and SCL are bidirectional lines, connected to a positive supply voltage through a pullup resistor. When there is no communication, both lines are HIGH. The output stages of devices connected to the bus must have an open-drain or open-collector to perform the wired-AND function. Data on the I²C bus can be transferred at rates of up to 100kbps in the Standardmode, up to 400kbps in the Fast-mode. The DS2460 works in both modes. A device that sends data on the bus is defined as a transmitter, and a device receiving data as a receiver. The device that controls the communication is called a “master.” The devices that are controlled by the master are “slaves.” To be individually accessed, each device must have a slave address that does not conflict with other devices on the bus. Data transfers may be initiated only when the bus is not busy. The master generates the serial clock (SCL), controls the bus access, generates the START and STOP conditions, and determines the number of data bytes transferred between START and STOP (Figure 4). Data is transferred in bytes with the most significant bit being transmitted first. After each byte follows an acknowledge bit to allow synchronization between master and slave. 4 of 8 Abridged Data Sheet DS2460 Slave Address The slave address to which the DS2460 responds is shown in Figure 5. The logic states at the address pins AD0, AD1 and AD2 determine the value of the address bits A0, A2, and A4. The address pins allow the device to respond to one of eight possible slave addresses. The slave address is part of the slave-address/control byte. The last bit of the slave-address/control byte (R/W) defines the data direction. When set to a 0, subsequent data will flow from master to slave (write access mode); when set to a 1, data will flow from slave to master (read access mode). Figure 4. I²C Protocol Overview R/W MS-bit ACK bit ACK bit SDA Slave Address Acknowledgment from Receiver SCL 1 Idle 2 6 7 8 9 Repeated if more bytes are transferred 1 2 8 ACK START Condition 9 ACK STOP Condition Repeated START Condition Figure 5. DS2460 Slave Address 7-Bit Slave Address A6 A5 A4 A3 A2 A1 1 0 AD2 0 AD1 0 Most Significant Bit AD2, AD1, AD0 Pin States A0 AD0 R/W Determines Read or Write I²C Definitions The following terminology is commonly used to describe I²C data transfers. The timing references are defined in Figure 6. Bus Idle or Not Busy Both, SDA and SCL, are inactive and in their logic HIGH states. START Condition To initiate communication with a slave, the master has to generate a START condition. A START condition is defined as a change in state of SDA from HIGH to LOW while SCL remains HIGH. A valid slave address must be sent by the master and acknowledged by the slave before subsequent START conditions are recognized. STOP Condition To end communication with a slave, the master has to generate a STOP condition. A STOP condition is defined as a change in state of SDA from LOW to HIGH while SCL remains HIGH. A valid slave address must be sent by the master and acknowledged by the slave before subsequent STOP conditions are recognized. 5 of 8 Abridged Data Sheet DS2460 Repeated START Condition Repeated starts are commonly used for read accesses to select a specific data source or address to read from. The master can use a repeated START condition at the end of a data transfer to immediately initiate a new data transfer following the current one. A repeated START condition is generated the same way as a normal START condition, but without leaving the bus idle after a STOP condition. Data Valid With the exception of the START and STOP condition, transitions of SDA may occur only during the LOW state of SCL. The data on SDA must remain valid and unchanged during the entire high pulse of SCL plus the required setup and hold time (tHD:DAT after the falling edge of SCL and tSU:DAT before the rising edge of SCL, see Figure 6). There is one clock pulse per bit of data. Data is shifted into the receiving device during the rising edge of the SCL pulse. When finished with writing, the master must release the SDA line for a sufficient amount of setup time (minimum tSU:DAT + tR in Figure 6) before the next rising edge of SCL to start reading. The slave shifts out each data bit on SDA at the falling edge of the previous SCL pulse and the data bit is valid at the rising edge of the current SCL pulse. The master generates all SCL clock pulses, including those needed to read from a slave. Acknowledge Usually, a receiving device, when addressed, is obliged to generate an acknowledge after the receipt of each byte. The master must generate a clock pulse that is associated with this acknowledge bit. A device that acknowledges must pull SDA LOW during the acknowledge clock pulse in such a way that SDA is stable LOW during the HIGH period of the acknowledge-related clock pulse plus the required setup and hold time (tHD:DAT after the falling edge of SCL and tSU:DAT before the rising edge of SCL). Not Acknowledged by Slave A slave device may be unable to receive or transmit data, e.g., because it is busy performing a real-time function, such as MAC computation or EEPROM write cycle. In this case the slave device will not acknowledge its slave address and leave the SDA line HIGH. A slave device that is ready to communicate will acknowledge at least its slave address. However, some time later the slave may refuse to accept data, e.g., because of an invalid command or access mode, or to signal a nonmatching MAC. In this case the slave device will not acknowledge any of the bytes that it refuses and will leave SDA HIGH. In either case, after a slave has failed to acknowledge, the master first needs to generate a repeated START condition or a STOP condition followed by a START condition to begin a new data transfer. Not Acknowledged by Master At some time when receiving data, the master must signal an end of data to the slave device. To achieve this, the master does not acknowledge the last byte that it has received from the slave. In response, the slave releases SDA, allowing the master to generate the STOP condition. Figure 6. I²C Timing Diagram SDA tBUF tHD:STA tF tLOW tSP SCL tHD:STA tR tSU:STA tHIGH tHD:DAT tSU:DAT Repeated START STOP START 6 of 8 Spike Suppression tSU:STO NOTE: Timing is referenced to VILMAX and VIHMIN. Abridged Data Sheet DS2460 Read and Write This section discusses the read and write behavior of the various registers and the EEPROM. Please refer to the full data sheet for details. SHA-1 Engine Control This section describes the user’s view of the SHA-1 engine and how to operate it. For details refer to the full data sheet (includes Figures 7 to 9 and Tables 1 and 2). SHA-1 COMPUTATION ALGORITHM This description of the SHA computation is adapted from the Secure Hash Standard SHA-1 document that can be downloaded from the NIST website (www.itl.nist.gov/fipspubs/fip180-1.htm). Further details are found in the full version of the data sheet. Application Information SDA and SCL Pullup Resistors SDA is an open-drain output on the DS2460 that requires a pullup resistor (Figure 10) to realize high logic levels. Because the DS2460 uses SCL only as input (no clock stretching) the master can drive SCL either through an open-drain/collector output with a pullup resistor or a push-pull output. Figure 10. Application Schematic VCC RP VCC RP To additional 2-wire devices SDA SCL µC SDA SCL VCC AD0 AD1 GND AD2 Example slave address = 100 0101 GND Pullup Resistor RP Sizing According to the I²C specification, a slave device must be able to sink at least 3mA at a VOL of 0.4V. This DC condition determines the minimum value of the pullup resistor: RPMIN = (VCC - 0.4V)/3mA. With an operating voltage of 5.5V, the minimum value for the pullup resistor is 1.7kΩ. The "Minimum RP" line in Figure 11 shows how the minimum pullup resistor changes with the operating (pull-up) voltage. For I²C systems, the rise time and fall time are measured from 30% to 70% of the pullup voltage. The maximum bus capacitance CB is 400pF. The maximum rise time must not exceed 300ns. Assuming maximum rise time, the maximum resistor value at any given capacitance CB is calculated as: RPMAX = 300ns/(CB*ln(7/3)). For a bus capacitance of 400pF the maximum pullup resistor would be 885Ω. 7 of 8 Abridged Data Sheet DS2460 Since a 885Ω pullup resistor, as would be required to meet the rise time specification at 400pF bus capacitance, is lower than RPMIN at 5.5V, a different approach is necessary. The "Max. Load…" line in Figure 11 is generated by first calculating the minimum pullup resistor at any given operating voltage ("Minimum RP" line) and then calculating the respective bus capacitance that yields a rise time of 300ns. Only for pullup voltages of 3V and lower can the maximum permissible bus capacitance of 400pF be maintained. A reduced bus capacitance of 300pF is acceptable for pullup voltages of 4V and lower. For fast speed operation at any pullup voltage, the bus capacitance must not exceed 200pF. The corresponding pullup resistor value at the voltage is indicated by the "Minimum RP " line. Figure 11. I²C Fast Speed Pullup Resistor Selection Chart Max. Load at Min. Rp fast mode 2000 500 1600 400 1200 300 800 200 400 100 0 Load (pF) Minimum Rp (Ohms) "Minimum Rp" 0 1 2 3 4 5 Pull-up Voltage PACKAGE INFORMATION (The package drawing(s) in this data sheet may not reflect the most current specifications. For the latest package outline information, go to www.maxim-ic.com/DallasPackInfo.) 8 of 8