ATECC108
Atmel CryptoAuthentication
NOT RECOMMENDED
FOR NEW DESIGNS
SUMMARY DATASHEET
Features
Replaced by
ATECC108A
Secure authentication and product validation device
High-Speed Public Key Algorithm (PKI) Crypto Engine
-
FIPS186-3 Elliptic Curve Digital Signature Algorithm (ECDSA)
NIST Standard P256, B283, and K283 Elliptic Curve support
Superior SHA-256 Hash Algorithm; HMAC option
Integrated capability for both Host and Client operations
Best in class 256/283-bit key length, storage for up to 16 keys
Guaranteed unique 72-bit serial number
Internal high-quality FIPS Random Number Generator (RNG)
8.5Kb EEPROM memory for keys, certificates, and data
512 One Time Programmable (OTP) bits for fixed information or
consumption logging
Multiple I/O options
-
High-Speed single pin interface, with one GPIO pin
-
1MHz standard I
2
C interface
Integrated temperature sensor
-
Uncalibrated accuracy, -40C to +85C (±3C)
2.0V – 5.5V supply voltage range
1.8V – 5.5V communications
<150nA sleep current
Extended multi-level hardware security
8-lead SOIC, 8-pad UDFN, and 3-lead CONTACT packages
Applications
Anti-clone for accessories, daughter cards, and consumables
Secure boot validation — software anti-piracy
Network and computer access control and password handling
Authenticated/encrypted network communications
This is a summary document.
The complete document is
available under NDA. For more
information, please contact
your local Atmel sales office.
Atmel-8873BS-CryptoAuth-ATECC108-Datasheet-Summary_102013
Figure 1.
Pin Name
NC
GND
SDA
SCL
V
CC
Pin Configurations
Function
No Connect
Ground
Serial Data
Serial Clock Input
Power Supply
8-lead SOIC
NC
NC
NC
GND
1
2
3
4
8
7
6
5
8-pad UDFN
V
CC
NC
SCL
SDA
V
CC
8
NC
7
SCL
6
SDA
5
1
2
3
4
3-lead Contact
NC
NC
NC
GND
2
1
SDA
Top View
Bottom View
GND
3
V
CC
Bottom View
2
ATECC108 [SUMMARY DATASHEET]
Atmel-8873BS-CryptoAuth-ATECC108-Datasheet-Summary_102013
1.
1.1
Introduction
Applications
The Atmel
®
ATECC108 is a member of the Atmel CryptoAuthentication
™
family of high-security hardware
authentication devices. It has a flexible command set that allows use for many applications, including the following:
Anti-Counterfeiting —
Validates that a removable, replaceable, or consumable client is authentic.
Examples of clients could be system accessories, electronic daughter cards, or other spare parts. It can also
be used to validate a software/firmware module or memory storage element.
Protection for Firmware or Media —
Validate code stored in flash memory at boot to prevent unauthorized
modifications, encrypt downloaded program files as a common broadcast, or uniquely encrypt code images
to be usable on a single system only.
Secure Data Storage —
Store secret keys for use by crypto accelerators in standard microprocessors.
ATECC108 can also be used to store small quantities of data necessary for configuration, calibration, ePurse
value, consumption data, or other secrets. Programmable protection is available using
encrypted/authenticated reads and writes.
User Password Checking —
Validates user entered passwords without letting the expected value become
known, map memorable passwords to random number, and securely exchange password values with
remote system.
1.2
Device Features
ATECC108 includes an EEPROM array that can be used for storage of up to 16 keys, miscellaneous read/write,
read-only or secret data, consumption logging, and security configuration. Access to the various sections of
memory can be restricted in a variety of ways and then the configuration locked to prevent changes.
ATECC108 features a wide array of defensive mechanisms specifically designed to prevent physical attacks on the
device itself or logical attacks on the data transmitted between the device and the system. Hardware restrictions on
the ways in which keys are used or generated provide further defense against certain styles of attack.
Access to the device is through a standard I
2
C Interface at speeds up to 1Mb/sec. It is compatible with standard
Serial EEPROM I
2
C interface specifications. The device also supports a Single-Wire Interface that can reduce the
number of GPIOs required on the system processor and/or reduce the number of pins on connectors. Additionally,
the device supports an alternative Single-Wire Interface compatible with other single-wire devices. If either Single-
Wire Interface is enabled, the remaining pin is available for use as a GPIO. Contact Atmel for more details.
Using either the I
2
C or Single-Wire Interface, multiple ATECC108 devices can share the same bus which saves
processor GPIO usage in system with multiple clients such as different color ink tanks or multiple spare parts.
Each ATECC108 ships with a guaranteed unique 72-bit serial number. Using the cryptographic protocols
supported by the device, a Host system or remote server can verify a signature to prove that the serial number is
both authentic and not a copy. Serial numbers are often stored in a standard Serial EEPROM but these can be
easily copied, and there is no way for the Host to know if the serial number is authentic or if it's a clone.
ATECC108 can generate high-quality FIPS random numbers and employ them for any purpose, including usage
as part of the device’s crypto protocols. Because each random number is guaranteed to be essentially unique from
all numbers ever generated on this or any other device, their inclusion in the protocol calculation ensures that
replay attacks (re-transmitting a previously successful transaction) always fails.
System integration is eased with a wide supply voltage range (2.0V – 5.5V) and an ultra-low sleep current of
<150nA.
ATECC108 [SUMMARY DATASHEET]
Atmel-8873BS-CryptoAuth-ATECC108-Datasheet-Summary_102013
3
1.3
Cryptographic Operation
ATECC108 implements a complete asymmetric (public/private) key cryptographic signature solution based on
Elliptic Curve Cryptography and the ECDSA signature protocol. The device features hardware acceleration for the
NIST standard P256, B283, and K283 binary curves and supports the complete key life cycle from high quality
private key generation, ECDSA signature generation and public key signature verification. The hardware
accelerator can implement these asymmetric cryptographic operations 10 to 1,000 times faster than software
running on standard microprocessors without the usual high risk of key exposure.
The device is designed to be able to securely store multiple private keys along with their public keys and the
signature components of the corresponding certificates. The signature verification command can use any stored or
external ECC public key. Public keys stored within the device can be configured to require validation via a
certificate chain to speed up future device authentication.
Random private key generation is supported internally within the device to ensure that the private key can never be
known outside the device. The public key corresponding to a stored private key is always returned when the key is
generated and may optionally be computed at a later time.
ATECC108 also supports a standard hash-based challenge response protocol to simplify programming. At its most
basic, the system sends a challenge to the device which combines that challenge with a secret key via the
MAC
command from the system, and sends the response back to the system. The device uses a
SHA-256 cryptographic hash algorithm for the combination such that an observer on the bus cannot derive the
value of the secret key, but the recipient can verify that the response is correct by performing the same calculation
with a stored copy of the secret.
Due to the flexible command set of the ATECC108, these two basic operation sets (ECDSA signatures and SHA-
256 challenge-response) can be expanded in many ways. Using the
GenDig
command, the values in other slots
can be included in the response digest or signature, which provides an effective way of proving that a data read
really did come from the device, as opposed to being inserted by a man-in-the-middle attacker. This same
command can be used to combine two keys with the challenge, which is useful when there are multiple layers of
authentication to be performed.
The
DeriveKey
command implements a key rolling scheme. Depending on the command mode parameter, the
resulting operation can be similar to that implemented in a remote-controlled garage door opener. Each time the
key is used, the current value of the key is cryptographically combined with a value specific to that system, and the
result forms the key for the next cryptographic operation. Even if an attacker gets the value of one key, with the
next use, that key will be gone forever.
The
DeriveKey
command can also be used to generate new random keys that might be valid only for a particular
Host ID, for a particular time period, or for some other restricted environment. Each generated key is different than
any other key ever generated on any device. By activating a Host-Client pair in the field in this manner, a clone of a
single client will not work on any other Host.
In a Host-Client configuration, where the Host (for instance a mobile phone) needs to verify a client (for instance an
OEM battery), there is a need to store the secret in the Host in order to validate the response from the client. The
CheckMac
command allows the device to securely store the secret in the Host system and hides the correct
response value from the pins, returning only a
yes
or
no
answer to the system.
Where a user entered password is required, the
CheckMac
command also provides a way to both verify the
password without exposing it on the communications bus, as well as, mapping the password into a stored value
that can have a much higher entropy.
Finally, the hash combination of a challenge and secret key can be kept on the device and XOR’d with the contents
of a slot to implement an encrypted
Read
command, or it can be XOR’d with encrypted input data to implement an
encrypted
Write
command.
All hashing functions are implemented using the industry-standard SHA-256 secure hash algorithm, which is part
of the latest set of high-security cryptographic algorithms recommended by various governments and
cryptographic experts. If desired, the SHA-256 algorithm can also be included in a HMAC sequence. ATECC108
employs full-sized 256 bit secret keys to prevent any kind of exhaustive attack.
4
ATECC108 [SUMMARY DATASHEET]
Atmel-8873BS-CryptoAuth-ATECC108-Datasheet-Summary_102013
2.
2.1
Electrical Characteristics
Absolute Maximum Ratings*
Operating Temperature . . . . . . . . . . . . . -40C to 85C
Storage Temperature . . . . . . . . . . . . . -65C to 150C
Maximum Operating Voltage . . . . . . . . . . . . . . . . 6.0V
DC Output Current. . . . . . . . . . . . . . . . . . . . . . . 5.0mA
Voltage on any pin. . . . . . . . . . . -0.5V to (V
CC
+ 0.5V)
*Notice: Stresses beyond those listed under “Absolute
Maximum Ratings” may cause permanent damage
to the device. This is a stress rating only and
functional operation of the device at these or any
other condition beyond those indicated in the
operational sections of this specification is not
implied. Exposure to absolute maximum rating
conditions for extended periods may affect device
reliability.
2.2
Reliability
ATECC108 is fabricated with the high reliability of the Atmel CMOS EEPROM manufacturing technology.
Table 2-1.
Parameter
Write Endurance (each byte)
Data Retention (at 55C)
Data Retention (at 35C)
Read Endurance
EEPROM Reliability
Min
100,000
10
30
50
Unlimited
Typical
Max
Units
Write Cycles
Years
Years
Read Cycles
ATECC108 [SUMMARY DATASHEET]
Atmel-8873BS-CryptoAuth-ATECC108-Datasheet-Summary_102013
5
京公网安备 11010802033920号
EEWORLD
