ABRIDGED DATA SHEET
An NDA is required for full disclosure of details. Contact factory for full data sheet.
DS5240
High-Speed Secure Microcontroller
www.maxim-ic.com
FEATURES
♦
Security Features
Designed to Meet the Physical Security
Requirements of FIPS140 and Common
Criteria Certifications
Fine-Line, Top-Level Metal Pattern Detects
Intrusion of the Chip’s Cryptographic
Boundary
Additional On-Chip Sensors Detect Out-of-Range
Environmental Conditions That Generate a
Tamper Response
Equipment Enclosure Can Be Monitored by
Tamper Response Inputs for Added
Protection
Fast Write SRAM Technology Causes Rapid
“Zeroization” of Secure Information as a
Tamper Response
Eavesdropping on the External Memory Bus
Prevented by Single or Triple-DES
Encryption of the Programs
Internal Chip Clock Isolated from External System
Clock by Phase-Locked Loop
Asynchronous Internal Ring Oscillator Provides
Clock for Arithmetic Operations
Resources Inside Cryptographic Boundary Include:
Modulo Arithmetic Accelerator (MAA) for Up
to 4096-Bit (e.g., PKI) DES and 112-Bit
Key Triple-DES Engines Available for
Secret Key Cryptography
Random Number Generator
Memory Management Unit and 1kB Cache
Firmware Bootstrap Loader Resides in a
16kB Factory-Programmed ROM
♦
8051-Compatible with Expanded Addressing
Linear Address Space Directly Accesses Up to
8MB of External Memory
Dedicated Memory and Parallel I/O Bus Saves
Port Pins
Four 8-Bit Ports, One 6-Bit Port
Advanced Features
CRC-16/32 Generator Provides Strong Error
Detection of Memory Contents
True-Time Clock with Alarm Interrupt and Wakeup
5kB Internal SRAM with 1kB That Can Be
Allocated to a Stack for High-Level Language
Support
Programmable Length MOVX Instructions Allow a
Combination of Fast and Slow Devices
On-Chip Power Detection/Selection Circuits
Provide Power-Up/Down Processor Reset and
Early-Warning Power-Fail Interrupt
Watchdog Timer
Proven 4-Clock/Machine Cycle Architecture
Single-Cycle Instruction Executes in 160ns
Runs Up to 25MHz Clock Rates
Dual Data Pointers Can Increment or Decrement
Independently
Automatic Data Pointer Selection Available
♦
♦
PIN CONFIGURATIONS
64
41
80
81
51
50
65
40
DS5240
(Top View)
80
25
DS5240
(Top View)
31
1
100-pin QFP
30
100
1
24
80-pin QFP
Note:
Some revisions of this device may incorporate deviations from published specifications known as errata. Multiple revisions of any device
may be simultaneously available through various sales channels. For information about DS5240 device errata, contact the factory.
1 of 3
REV: 041802
ABRIDGED DATA SHEET
An NDA is required for full disclosure of details. Contact factory for full data sheet.
DS5240
DESCRIPTION
The DS5240 is a high-speed 8051 compatible security processor with built-in system features designed to meet the
stringent FIPS-140 and Common Criteria validations required by banking regulations worldwide. Based on Dallas
Semiconductor’s battery-backed technology and fast-erase SRAM design, the DS5240 supports rapid “zeroization”
of secure information as a tamper response. Security-related features included on-chip are a fine-line top-level
metal grid to protect underlying circuitry from tampering, a Modulo Arithmetic Accelerator (MAA) using words up to
4096-bits in length for calculations including Public Key Infrastructure (PKI), a random number generator for key
creation, multiple on-chip environmental sensors to detect out-of-range conditions and generate a tamper
response, and a user-available DES engine for arbitrary data encryption. The user DES engine supports both
single and triple-DES (3DES) cryptographic operations. Other on-chip features include a true-time clock with alarm
interrupt/wake-up capability, a CRC-16/32 generator, a phase-locked loop (PLL) to simplify crystal selection and to
isolate internal chip clocks from external system clock, extended memory addressing of up to 4MB program and
4MB data and a 1kB stack (part of 5kB total SRAM) for high-level language support, circuitry to control battery
backing of certain internal circuits and external SRAM for storage of program and/or data, and sleep, idle and
power management modes for low power applications.
The DS5240’s comprehensive security measures create a trusted computing environment for the most sensitive
applications. These measures include an array of features specifically designed to resist known threats including
observation, analysis, and physical attack. They are designed such that a massive effort would be required to
obtain information about the contents of the chip (e.g., stored encryption keys) and/or external memory.
Furthermore, the “soft” nature of the DS5240 (SRAM storage) allows frequent modification of secure information,
either program or data.
The DS5240 implements a physical and logical security system that is more extensive than found in its
predecessor, the DS5002 secure microcontroller. Like the DS5002, the DS5240 executes application software from
encrypted storage. However, on the DS5240, the encryption implemented is a true block cipher, according to the
Data Encryption Standard (DES or triple-DES). Attempts to discover the keys through physical tampering result in
their erasure, rendering the encrypted contents of external memory useless. Up to 4MB of program space and 4MB
of data space can be accessed through a dedicated, nonmultiplexed byte-wide bus leaving all port pins available
for I/O functions. The contents of external memory are maintained during power-off by power from a battery
connected to the DS5240. In the absence of V
CC
, battery power maintains the memory. A small lithium coin cell can
provide more than 10 years of data retention.
All the security features of the DS5002 are implemented in the DS5240, with two distinctions. First, encryption of
the address bus is not employed for external program memory (only the program information on the data bus is
encrypted) and second, there are no dummy read cycles performed on the embedded bus. Strong new security
measures are added to the DS5240, including selectable 3DES encryption of program memory where the
encryption is based on 112-bit (two word) keys that are automatically generated by the random number generator.
There are also two self-destruct inputs (SDI) provided. One SDI controls destruction of external program and data,
cache memory, key registers and selected areas of internal SRAM. The second SDI functions as an interrupt,
allowing the user to take advantage of the DS5240’s ability to respond to a detected attack under software control.
The DS5240 also offers a number of selectable built-in countermeasures against known attack methodologies. The
device incorporates on-chip sensors to monitor “out-of-range” conditions, and these sensors can force the device
to undergo a special destructive reset if desired. Finally, the DS5240 supports optional timed-access write
operations to the parallel I/O port pins, making certain attack approaches ineffective.
2 of 3
京公网安备 11010802033920号
EEWORLD
