AT88SA10HS-TSU-T Atmel, AT88SA10HS-TSU-T Datasheet - Page 2

AT88SA10HS-TSU-T

Manufacturer Part Number

AT88SA10HS-TSU-T

Description

IC HOST AUTHENTICATION SOT23-3

Manufacturer

Atmel

Series

CryptoAuthentication™r

Type

Authentication Chipr

Datasheets

1.AT88SA102S-TSU-T.pdf (18 pages)

2.AT88SA10HS-TSU-T.pdf (23 pages)

3.AT88SA10HS-TSU-T.pdf (23 pages)

Specifications of AT88SA10HS-TSU-T

Applications

Networking & Communications

Mounting Type

Surface Mount

Package / Case

SOT-23-3

Operating Supply Voltage

2.5 V to 5.5 V

Maximum Operating Temperature

+ 85 C

Mounting Style

SMD/SMT

Interface Type

1 Wire

Minimum Operating Temperature

- 40 C

Number Of Timers

Program Memory Size

72 bit

Program Memory Type

ROM

Lead Free Status / RoHS Status

Lead free / RoHS Compliant

Current page: 2 of 18
Download datasheet (545Kb)

The AT88SA10HS/102S devices uses a cutting edge SHA-256 engine embedded in hardware as the heart of their

security architectures. In the most basic operation the device is sent a challenge to which it will respond with a unique

response that only it can produce. Since challenge and response pairs are nearly infinite for each device, each device

can be used indefinitely without fear of repeating the same challenge-response pair. The response generated by the

device is created by hashing the input challenge with a secret key stored in protected memory thus a particular device

will always respond exactly the same to a given challenge. A product using the AT88SA10HS/102S can be configured

so that the entire product line uses the same key or so that each device has a unique key. The response that a

particular device will produce can only be reproduced by something that knows the key that is stored in the device.

Secure Key Exchange

In addition, the AT88SA102S device can be used for secure key exchange. If the device is used in conjunction with a

symmetric encryption algorithm such as AES or DES an end-to-end encrypted transmission can be created. In the case

of symmetric encryption the weakest link is securely transferring the keys to encrypt and decrypt the data at each end.

The AT88SA102S can facilitate this by using the unique response produced by the device as a key to the symmetric

encryption algorithm. This is done be sending a random challenge to a system that contains the key stored in the

AT88SA102S and then encrypting the message with the system response. The message and the random challenge

are then sent to the client device where the challenge is feed into AT88SA102S and the response from the

CryptoAuthentication chip is used as a key to decrypt the message.

Key Diversification

Key diversification is highly recommended when using the CryptoAuthentication device. The device is designed with an

embedded 265bit key that is never exposed. This 256 bit key is always used during the MAC hashing operation of the

SHA-256 engine, however, additional bits can be incorporated into the result as well. CryptoAuthentication also

provides a 62 bit customer secret that can be burned into fuses in the device once, and after which can never be read.

In addition to the 62 bit secret an additional 23 bits of incremental blow fuses can be used as needed by the customer.

All of these methods as well as the incorporation of the devices unique serial number can be used in the key

diversification schema. When these values are added into the MAC the response then becomes an output of all of the

values. This makes a strong diversification configuration for the CryptoAuthentication device. When using diversified

keys a source of compromise can be isolated easier and a remedy implemented much more rapidly. The incremental

burn fuses provided by the AT88SA102S can also be used to provide a consumable usage tracking or to limit device

usage cycles.

Programming Services

To enable a greater scale of control of secrets when diversified keys are utilized, Atmel offers a secure programming

service. This programming service provides several key components which implement an end to end management and

secret insertion for production devices programmed during manufacturing at Atmel facilities. The service provides for

secure transport of customer secrets directly to the manufacturing facility and delivering their secrets to their devices.

This service enables customers to minimize the risk of secret compromise by limiting exposure of the secrets to key

personnel, maintaining confidentiality, providing accountability for units programmed, and by verifying that the devices

are locked down properly.

Note: For additional security information read the “CryptoAuthentication High Level Security Design” which gives a

detailed explanation of the security offered by the CryptoAuthentication family of devices.

CryptoAuthentication™ Product Uses

8663B–SMEM–3/09

AT88SA10HS-TSU-T Atmel, AT88SA10HS-TSU-T Datasheet - Page 2

AT88SA10HS-TSU-T

Specifications of AT88SA10HS-TSU-T

Related parts for AT88SA10HS-TSU-T