ATMEL AT88SC018 User Manual

BDTIC www.BDTIC.com/ATMEL

Features

• Companion Chip to CryptoRF® and CryptoMemory®
⎯ Securely implements host algorithms

⎯ Securely stores host secrets
⎯ Verifies Host Firmware Digests

• High Security Features in Hardware
⎯ CryptoMemory and CryptoRF F2 Algorithm

⎯ SHA-1 Standard Cryptographic Algorithm
⎯ 64-bit Mutual Authentication Protocol (Under License of ELVA)
⎯ Permanently Coded Serial Numbers
⎯ High Quality Random Number Generator (RNG)
⎯ Metal Shield Over Memory
⎯ Data Scrambling in Nonvolatile Memory
⎯ Delay Penalties to prevent Systematic Attacks
⎯ Reset Locking to prevent Illegal Power Cycling
⎯ Voltage and Frequency Monitors

• Host-side Crypto Functions
⎯ Authentication Challenge Generation

⎯ Device Challenge Response
⎯ Message Authentication Codes (MAC) Generation
⎯ Data Encryption and Decryption
⎯ Secure Authentication Key Management

• Secure Storage and Key Management
⎯ Up to 16 sets of 64-bits Diversified Host Keys

⎯ Eight Sets of Two 24-bit Passwords
⎯ Secure and Custom Personalization
⎯ Up to 232-Byte Read/Write Configurable User Data Area

• Nonvolatile Up Counters
⎯ Four sets Unidirectional Counters

⎯ 64 Million Maximum Counts Per Counter

• Application Features
⎯ Low Voltage Supply: 2.7V – 3.6V

⎯ 2-Wire Serial Interface (TWI, 5V Compatible)
⎯ Standard 8-lead SOIC Plastic Package, Green compliant (exceeds RoHS)

• High Reliability
⎯ Endurance : 100,000 Cycles

⎯ Data Retention : 10 years
⎯ ESD Protection : 3,000 V min. HBM

CryptoCompanion
Chip for
CryptoMemory and
CryptoRF

AT88SC018
Summary

™

5277CS–CryptoCompanion–2/09

1. Product Overview

The CryptoCompanion™ Chip is designed as the mate to Atmel’s CryptoRF and CryptoMemory chips, collectively
referred to in the remainder of this document as CRF.

CryptoCompanion makes extensive use of the SHA-1 hash algorithm as specified in

http://www.itl.nist.gov/fipspubs/fip180-1.htm

to concatenate a, b & c in that order and then pad them to a block size of 64 bytes before computing the digest.
CryptoCompanion generates SHA-1 digests of single round datasets at a time.

1.1. General Operation

The CRF chip contains secrets that must be known or derived by a host system in order to establish a trusted link
between the two and permit communications to happen. Cryp toCompan ion stores these secrets in an obscured way in
nonvolatile memory and contains all the circuitry necessary to perform the authentication, password and
encryption/decryption functions specified in the CRF datasheet. In this manner, the secrets do not ever need to be
revealed.

The general cryptographic strategy is as follows:

• Each CRF chip has a serial or identification number (ID) and authentication secret G
freely readable while Gi can never be read and is unique for all tags.

• CryptoCompanion contains an EEPROM that holds a set of common secrets (F
with ID and K
ID, KID)

• G is further diversified by the inclusion of a number (K
Typically, it will be the result of a cryptographic operat ion on the CRF ID va lue calculated using other data, secrets
and/or algorithms external to CryptoCompanion. This permits scenarios that offer varying degrees of additional
security.

• CryptoCompanion includes a general purpose cryptographic qualit y random number generator which is used to
seed a mutual authentication process between CryptoCompanion and CRF. If the CRF confirms the
CryptoCompanion challenge, and the CryptoCompanion confirms the CRF response, then the host system
proceeds with CRF operations. In this way the host system may use the CRF without knowing the CRF's secrets
directly.

to compute a value of G that is expected to match that in the CRF chip. Specifically, G = SHA-1(Fn,

ID

and elsewhere. In this document, the nomenclature SHA-1(a, b, c) means

) generated by the host system in a manner of its choosing.

ID

stored in EEPROM. ID is

i

). CryptoCompanion combines Fn

n

1.2. CryptoCompanion Benefits

The following is a partial list of the benefits of using this chip versus storing the algorithms and secrets in standard
FLASH system memory.

• Keep confidential those core secrets that are used to authenticate with and communicate to/from CRF.
(Store them in EEPROM, use them on-chip)

• Flexible system implementation – multiple secrets and policies for different CRF locations within the system.
Multiple manufacturer setup options.

• Hardware encryption engines, avoids algorithm disclosure from reverse-compilation of system operating code.

• Full hardware security implementation makes it harder for an attacker (even with lab equipment) to get secrets

stored on CryptoCompanion.

• Global secrets are protected using strong security, standard algorithm (SHA-1).

• Robust random number generation avoids accidental replay for all cryptographic operations usin g the system, not

just with respect to CRF.

• Secure EEPROM storage for configuration i nformatio n, etc. Ma y permit reduction in the total BOM for the system.

• Easy to use – little programming required; no knowledge of security algorithms or protocols, fast time to market.

2 CryptoCompanion™ Chip

5277CS–CryptoCompanion–2/09

1.3. Package, Pin Definition & IO

1.3.1. Pin Definition

CryptoCompanion™ Chip

1.3.1.1. V

Power supply is 2.7 – 3.6V. Supply current less than 5 mA.
CryptoCompanion will be available to accept commands 60 ms after the later of V

driven high if CryptoCompanion is in a security delay then this interval is significantly longer.
During Power Up, V

level. During Power Down, V
below the 2.5V boundary. CryptoCompanion does not support hot s wapping or hot plugging.

VCC must be bypassed with high quality surface mount capacitors that are properly located on the board. Atmel
recommends two capacitors connected in parallel having a value of 1μF and 0.01μF. The capacitors should be

manufactured using X5R or X7R dielectric material. These capacitors shou ld be connected to CryptoCompanion using
a total of no more than 1cm PC board traces. Atmel recommends the use of a ground plane and a trace length of less
than 0.5cm between the capacitors and the V
operation.

CC

, Gnd

rising above 2.7V or Reset being

CC

must exhibit a monotonic ramp at a minimum rate of 50 mV/mS until VCC has crossed the 2.7V

CC

must exhibit a monotonic ramp at a minimum rate of 50 mV/mS once it has dropped

CC

pin. Failure to follow these recommendations may result in improper

CC

1.3.1.2. SDA

Two wire interface data pin, 5 V compatible. Minimum data setup time = 0.1 μs, and minimum data hold time = 0 μs min.
The system board must include an external pull-up resistor.

1.3.1.3. SCL

Two wire interface clock pin, 5 V compatible. Maximum SCL rate is 400KHz, minimum T

= 0.6 μs. The system board must include an external pull-up resistor.

T

HIGH

= 1.2 μs, minimum

LOW

1.3.1.4. Reset (RST)

This active low input will reset all states within CryptoCompanion. Honored regardless of the state of PowerDown.

1.3.1.5. PowerDown (PDN)

When held low, the part operates normally. When held high the part will go to sleep and ign ore all transitions on SDA
and SCL, power consumption will drop to less than 10 μA. There is a 50 ms delay between this pin falling and the first
transition on SDA or SCL that will be accepted by the chip.

3

5277CS–CryptoCompanion–2/09

1.3.2. Package

CryptoCompanion is packaged in an 8 lead SOIC package with the following pin defi nition:

Table 1. 8 lead SOIC package pin definition

Pin Number Pin Name

1 VCC
5 Gnd
7 SDA
8 SCL
4 RST
3 PDN

2,6 NC

Pins 2 & 6 are not internally connected and should be connected to ground on the PC board.

1.3.3. Connection Diagram

Figure 1. Connection Diagram

2.7v - 5.5v

2.7v - 3.6v

Microprocessor CryptoCompanion

SDA

SCL

1.3.4. Environmental

CryptoCompanion is guaranteed to operate over the industrial temperature range of -40° to 85° C. ESD is rated at 3KV,
Human Body Model.

1.3.5. TWI Input/Output Operation

CryptoCompanion communicates to the system using a two wire interface (TWI), which is similar to SMBus. The chip
operates as a slave and does not support clock stretching. This two wire protoco l is identical to that supported by the
Atmel AT24C16B serial EEPROM chips. Please see that datasheet on the Atmel web site for detailed timing and
protocol information.

4 CryptoCompanion™ Chip

5277CS–CryptoCompanion–2/09

The system processor is expected to properly format commands for CryptoCompanion (which may include information
from the CRF chip), and then process the outputs of CryptoCompanion (which may include sending some of the
outputs to the CRF chip).

CryptoCompanion cannot directly communicate with CRF chips. Both CRF and CryptoCompanion ar e slave devices.
The bus master may use one or two busses to communicate with them. Separate TWI addresses must be used if both
chips are on the same bus.

2. AC & DC Characteristics (Preliminary)

CryptoCompanion™ Chip

Table 2. DC Characteristics

Applicable over recommended operating range from VCC = +2.7 to 3.6 V,
TAC = -40o C to 85o C (unless otherwise noted)

Symbol Parameter Test Condition Min Typ Max Units

VCC Supply Voltage 2.7 3.6 V
ICC Supply Current 400kHz 5 mA

ISB Standby Current VIN = VCC or GND 10 μA
VIL SDA Input Low Voltage 0 VCC x 0.2 V
VIL CLK Input Low Voltage 0 VCC x 0.2 V
VIL RST Input Low Voltage 0 VCC x 0.2 V
VIL PDN Input Low Voltage 0 VCC x 0.2 V
VIH SDA Input High Voltage VCC x 0.7 5.5 V
VIH SCL Input High Voltage VCC x 0.7 5.5 V
VIH RST Input High Voltage VCC x 0.7 5.5 V
VIH PDN Input High Voltage VCC x 0.7 5.5 V
IIL SDA Input Low Current 0 < V
IIL SCL Input Low Current 0 < V
IIL RST Input Low Current 0 < V
IIL PDN Input Low Current 0 < V
IIH SDA Input High Current VCC x 0.7 < VIH < VCC
IIH SCL Input High Current VCC x 0.7 < VIH < VCC
IIH RST Input High Current VCC x 0.7 < VIH < VCC
IIH PDN Input High Current VCC x 0.7 < VIH < VCC
VOL SDA Output Low Voltage IOL = 1mA 0 VCC x 0.15 V

(1)

< VCC x 0.15 15 μA

IL

< VCC x 0.15 15 μA

IL

< VCC x 0.15 15 μA

IL

< VCC x 0.15 15 μA

IL

20
20
20
20

μA
μA
μA
μA

Note: 1. Typical values at 25° C. Maximum values are characterized values and not test limits in production.

5277CS–CryptoCompanion–2/09

5

Table 3. AC Characteristics

Applicable over recommended operating range from V

= -40o C to 85o C, CL = 30pF (unless otherwise noted)

T

AC

(1)

= +2.7 to 3.6 V,

CC

Symbol Parameter Min Max Units

f

Clock Frequency 0 400 kHz

CLK

Clock Duty cycle
tR Rise Time - SDA, RST, PDN
tF Fall Time - SDA, RST, PDN
tR Rise Time - SCL
tF Fall Time - SCL

(2)

40 60 %

(2)

300 nS

(2)

300 nS

(2)

300 nS

(2)

300 nS
tAA Clock Low to Data Out Valid 900 nS
t

Start Hold Time 600 nS

HD.STA

t

Start Set-up Time 600 nS

SU.STA

t

Data In Hold Time 100 nS

HD.DAT

t

Data In Set-up T ime 100 nS

SU.DAT

t

Stop Set-up Time 600 nS

SU.STO

tDH Data Out Hold Time 50 900 nS

Note: 1. Typical values at 25° C. Maximum values are characterized values and not test limits in production.

2. This parameter is not tested. Values are based on characterization and/or simulation data.

Figure 2. SCL: Serial Clock, SDA: Serial Data I/O®

6 CryptoCompanion™ Chip

5277CS–CryptoCompanion–2/09

3. Ordering Codes

Table 4. Ordering Codes

CryptoCompanion™ Chip

Ordering Code Package

ATD88SC018-SU-CM 8S1 2.7V – 3.6V 00 (Unlocked)

ATD88SC018-SU-CM-T 8S1 2.7V – 3.6V 00 (Unlocked)

ATD88SC018-SU-CN 8S1 2.7V – 3.6V 10 (Unlocked/Confidential)

ATD88SC018-SU-CN-T 8S1 2.7V – 3.6V 10 (Unlocked/Confidential)

Table 5. Package Type

Package Type Description

8S1 8-lead, 0.150” Wide, Plastic Gull Wing Small Outline Package (JEDEC SOIC)

Voltage

Range

Memory Locking

(see full specification:

Sections 1.5.1 for Lock Definitions)

Temperature Range

Green compliant (exceeds
RoHS), Industrial (-400 C – 85
C), Bulk

Green compliant (exceeds
RoHS), Industrial (-40
C), Tape and Reel

Green compliant (exceeds
RoHS), Industrial (-40
C), Bulk

Green compliant (exceeds
RoHS), Industrial (-40
C), Tape and Reel

0

C – 85

0

C – 85

0

C – 85

0

0

0

0

5277CS–CryptoCompanion–2/09

7

4. Package Drawing

Figure 3. 8S1 – SOIC

8 CryptoCompanion™ Chip

5277CS–CryptoCompanion–2/09

5. Revision History

Doc. Rev. Date Comments

5277CS 02/2009 Document updated.
5277BS 12/2008 Document updated.

CryptoCompanion™ Chip

5277CS–CryptoCompanion–2/09

9