AT88SA10HS-TSU-T Atmel, AT88SA10HS-TSU-T Datasheet
AT88SA10HS-TSU-T
Specifications of AT88SA10HS-TSU-T
Related parts for AT88SA10HS-TSU-T
AT88SA10HS-TSU-T Summary of contents
Page 1
... The host system is responsible for generating the random challenge that is sent to both the client and host CryptoAuthentication devices as the AT88SA10HS does not include a random number generator. CryptoAuthentication Host Security Chip AT88SA10HS Preliminary 8595B– ...
Page 2
... Fuse Map The AT88SA10HS incorporates 128 one-time fuses within the chip. Once burned, there is no way to reset the value of a fuse. All fuses, with the exception of the Fuse MfrID and Fuse SN bits initialized by Atmel, have a value of 1 when shipped from the Atmel factory and transition when they are burned. These fuses are burned at system personalization and cannot be changed after that time ...
Page 3
... Key Values The values stored in the AT88SA10HS internal key array are hardwired into the masking layers of the chip during wafer manufacture. All chips have the same keys stored internally, though the value of a particular key cannot be determined externally from the chip. For this reason, customers should ensure that they program a unique (and secret) number into the 64 secret fuses and they should store the Atmel provided key values securely ...
Page 4
... These include an active shield over the entire surface of the part, internal memory encryption, internal clock generation, glitch protection, voltage tamper detection and other physical design features. Pre-programmed keys stored on the AT88SA10HS are encrypted in such a way as to make retrieval of their values via outside analysis very difficult. ...
Page 5
... AT88SA10HS Host Authentication Chip [Preliminary] 2.2. AC Parameters WAKE LOGIC Ø LOGIC 1 NOISE SUPPRESION 8595B–SMEM–09/09 data comm t t WLO WHI START ZHI ZLO t BIT t START t t LIGNORE HIGNORE 5 ...
Page 6
... Watchdog t WATCHDOG reset t Pause Length PAUSE ‡ START, ZLO, ZHI & BIT are designed to be compatible with a standard UART running at 230.4K baud for both transmit and receive. AT88SA10HS Host Authentication Chip [Preliminary] 6 Direction Min Typ Max Unit To 60 CryptoAuthentication To 1 CryptoAuthentication To 4 ...
Page 7
... AT88SA10HS Host Authentication Chip [Preliminary Parameters Table 4. DC Parameters Parameter Operating temperature Power Supply Voltage Fuse Burning Voltage Active Power Supply Current Sleep Power Supply Current Input Low Voltage @ V = 5.5V cc Input Low Voltage @ V = 2.5V cc Input High Voltage @ V = 5.5V cc Input High Voltage @ ...
Page 8
... It is possible that data values transmitted to a client authentication chip (either theAT88SS100S or the AT88SA102S) could be interpreted by the AT88SA10HS host chip as a legal transmit flag. In this case there could be a bus conflict as both the host and client chips drive the signal wire at the same time. To prevent this, the PauseShort command should be used to prevent the AT88SA10HS host chip from looking at the signal wire during any IO transaction to the client ...
Page 9
... After receipt of a command block, the AT88SA10HS will parse the command for errors, a process which takes t (Refer to 3.1.1). After this interval the system can send a transmit token to the AT88SA10HS – if there was an error, the AT88SA10HS will respond with an error code. If there is no error, the AT88SA10HS internally transitions ...
Page 10
... Synchronization Because the communications protocol is half duplex, there is the possibility that the system and the AT88SA10HS will fall out of synchronization with each other. In order to speed recovery, the AT88SA10HS implements a timeout that forces the AT88SA10HS to sleep. AT88SA10HS Host Authentication Chip [Preliminary] ...
Page 11
... TIMEOUT send a Wake token and after t successful. It may be possible that the system does not get the 0x11 code from the AT88SA10HS for one of the following reasons: 1. The system did not wait a full t interpreted the Wake token and Transmit flag as data bits. Recommended resolution is to wait twice the t delay and re-issue the Wake token ...
Page 12
... The value of that byte will be all 1’s. In this situation, the system should re-transmit the command block including the proceeding Transmit flag – providing there is sufficient time before the expiration of the watchdog timeout. If the opcode is invalid, one of the parameters is illegal, or the AT88SA10HS illegal state for the execution of this command, then immediately after t single byte packet ...
Page 13
... Concatenates the key stored in the AT88SA10HS with an input 256 bit challenge and generates the digest of this message. The result is left in internal memory and cannot be read. In general, the challenge should be a random number generated by the host system, which will be sent to both the host (AT88SA10HS) and client (AT88SA100S or AT88SA102S). ...
Page 14
... HOST1 Completes the two block SHA-256 digest started by HOST0 and leaves the resulting digest within the internal memory of the AT88SA10HS. This command returns an error if HOST0 has not been successfully run previously within this wake cycle security precaution, this command does not return the digest. A subsequent command is required to compare the response generated by the client with the one generated by the host ...
Page 15
... AT88SA10HS Host Authentication Chip [Preliminary] Mode Encoding Bit 5 of the mode is used to indicate whether or not the secret fuse bits are to be included in the calculation. The remaining bits of the mode field are ignored by the AT88SA10HS and should be 0. Table 11. Mode Encoding Bit[5] No fuse values inserted ...
Page 16
... HOST1 has not been previously successfully run within this wake cycle. If the two digests do not match, the AT88SA10HS provides no information as to the source of the mismatch, which must be deduced from the inputs to the three HOSTX commands match failure, the entire set of HOST0, HOST1 & ...
Page 17
... AT88SA10HS Host Authentication Chip [Preliminary] 4.4. Read Reads 4 bytes from Fuse or ROM. Returns an error if an attempt is made to read any fuses or ROM locations which are illegal. Table 14. Input Parameters Name Read Opcode Mode Param1 Address Param2 Ignored Data Table 15. Output Parameters Name ...
Page 18
... AT88SA10HS Host Authentication Chip [Preliminary] 18 Size 1 0x20 1 Must be 0x00 2 Identification number of the personalization key to be loaded. Seed for digest generation. The least significant bit of the last byte is 16 ignored by the AT88SA10HS. Upon successful execution, a value of 0 will be returned by the AT88SA10HS. Notes Notes 8595B–SMEM–09/09 ...
Page 19
... If 1, decrypt Map data before usage the map is transmitted in plain text. 2 Must be 0x00 00 if Vcc > 4.5V, must be 0x80 00 otherwise. 11 Which fuses to burn, may be encrypted. Upon successful execution, a value of 0 will be returned by the AT88SA10HS. when the fuse element is actually being burned. The Notes Notes 19 ...
Page 20
... During execution of this command the chip will ignore all PAUSE. Size 1 0x00 1 Must be 0x00 2 Must be 0x00 00 0 After a delay the AT88SA10HSS will return a value response to a PAUSE transmit flag. Notes Notes Description for proper communications. When the chip is not Refer to Applications Notes on Atmel’s website for SS 8595B– ...
Page 21
... AT88SA10HS Host Authentication Chip [Preliminary] 6. Package Drawing 3TS1 - Shrink SOT 8595B–SMEM–09/09 21 ...
Page 22
... Revision History Table 24. Revision History Doc. Rev. Date 8595A 04/2009 AT88SA10HS Host Authentication Chip [Preliminary] 22 Initial document release. Comments 8595B–SMEM–09/09 ...
Page 23
... OF THE POSSIBILITY OF SUCH DAMAGES. Atmel makes no representations or warranties with respect to the accuracy or completeness of the contents of this document and reserves the right to make changes to specifications and product descriptions at any time without notice. Atmel does not make any commitment to update the information contained herein. Unless specifically provided otherwise, Atmel products are not suitable for, and shall not be used in, automotive applications. Atmel’ ...