Datasheet ATECC608B Datasheet

This is a summary document. A

complete document is available under

NDA. For more information, please
contact your local Microchip sales

office.

ATECC608B

CryptoAuthentication™ Device Summary Data Sheet

Features

• Cryptographic Co-Processor with Secure Hardware-Based Key Storage:
– Protected storage for up to 16 keys, certificates or data

• Hardware Support for Asymmetric Sign, Verify, Key Agreement:
– ECDSA: FIPS186-3 Elliptic Curve Digital Signature
– ECDH: FIPS SP800-56A Elliptic Curve Diffie-Hellman
– NIST Standard P256 Elliptic Curve Support

• Hardware Support for Symmetric Algorithms:
– SHA-256 & HMAC Hash including off-chip context save/restore
– AES-128: Encrypt/Decrypt, Galois Field Multiply for GCM

• Networking Key Management Support:
– Turnkey PRF/HKDF calculation for TLS 1.2 & 1.3
– Ephemeral key generation and key agreement in SRAM
– Small message encryption with keys entirely protected

• Secure Boot Support:
– Full ECDSA code signature validation, optional stored digest/signature
– Optional communication key disablement prior to secure boot
– Encryption/Authentication for messages to prevent on-board attacks

• Internal High-Quality NIST SP 800-90A/B/C Random Number Generator (RNG)

• Two High-Endurance Monotonic Counters

• Unique 72-Bit Serial Number

• Two Interface Options Available:
– High-Speed Single Wire Interface with One GPIO Pin
– 1 MHz Standard I2C Interface

• 1.8V to 5.5V IO Levels, 2.0V to 5.5V Supply Voltage

• Two Temperature Ranges Available:
– Standard Industrial Temperature Range: -40℃ to +85℃
– Extended Industrial Temperature Range: -40℃ to +100℃

• <150 nA Sleep Current

• Packaging Options
– 8-pad UDFN, 8-lead SOIC and 3-Lead Contact Package Options
– Die-on-Tape and Reel and WLCSP for Qualified Customers (Contact Microchip Sales)

Applications

• IoT network endpoint key management & exchange

• Encryption for small messages and PII data

• Secure Boot and Protected Download

• Ecosystem Control, Anti-cloning

© 2020 Microchip Technology Inc.

Summary Datasheet

DS40002239A-page 1

Pin Configuration and Pinouts

Table 1. Pin Configuration

Pin Function I2C Interface Function SWI Interface

NC No Connect No Connect

GND Ground Ground

SDA Serial Data Serial Data

SCL Serial Clock Input GPIO

ATECC608B

V

CC

Power Supply Power Supply

Figure 1. Package Types

NC
NC

NC

GND

8-lead SOIC

(Top View)

1
2

3
4

8

V

CC

7

NC

6

SCL

5

SDA

NC
NC
NC

GND

8-pad UDFN

(Top View)

1

2
3
4

V

CC

8

NC

7

SCL

6

SDA

5

Note:  The UDFN backside paddle is recommended to be connected to GND.

3-lead Contact

(Top View)

1

2

3

SDA

GND

V

CC

© 2020 Microchip Technology Inc.

Summary Datasheet

DS40002239A-page 2

ATECC608B

Table of Contents

Features......................................................................................................................................................... 1

Applications.................................................................................................................................................... 1

1. Introduction............................................................................................................................................. 4

1.1. Applications..................................................................................................................................4

1.2. Device Features........................................................................................................................... 4

1.3. Cryptographic Operation.............................................................................................................. 5

Pin Configuration and Pinouts........................................................................................................................2

2. Electrical Characteristics.........................................................................................................................6

2.1. Absolute Maximum Ratings..........................................................................................................6

2.2. Reliability......................................................................................................................................6

2.3. AC Parameters: All I/O Interfaces................................................................................................ 6

2.3.1. AC Parameters: Single-Wire Interface...........................................................................7

2.3.2. AC Parameters: I2C Interface........................................................................................ 9

2.4. DC Parameters: All I/O Interfaces.............................................................................................. 10

2.4.1. VIH and VIL Specifications............................................................................................10

3. Compatibility..........................................................................................................................................12

3.1. Microchip ATECC608A...............................................................................................................12

3.2. Microchip ATECC508A...............................................................................................................12

3.3. Microchip ATSHA204A, ATECC108A.........................................................................................13

4. Package Marking Information............................................................................................................... 14

5. Package Drawings................................................................................................................................ 15

5.1. 8-lead SOIC................................................................................................................................15

5.2. 8-pad UDFN............................................................................................................................... 18

5.3. 3 Lead Contact...........................................................................................................................21

6. Revision History.................................................................................................................................... 23

The Microchip Website.................................................................................................................................24

Product Change Notification Service............................................................................................................24

Customer Support........................................................................................................................................ 24

Product Identification System.......................................................................................................................25

Microchip Devices Code Protection Feature................................................................................................ 26

Legal Notice................................................................................................................................................. 26

Trademarks.................................................................................................................................................. 26

Quality Management System....................................................................................................................... 27

Worldwide Sales and Service.......................................................................................................................28

© 2020 Microchip Technology Inc.

Summary Datasheet

DS40002239A-page 3

1. Introduction

The ATECC608B is a member of the Microchip CryptoAuthentication™ family of high-security cryptographic devices,
which combine world-class, hardware-based key storage with hardware cryptographic accelerators to implement
various authentication and encryption protocols.

The ATECC608B provides security enhancements over that of the ATECC608A, while providing complete backwards
compatibility. All configuration settings, commands, packages and functionality of the ATECC608A are still available
in the ATECC608B, making migration from the ATECC608A a simple process. For new designs, it is recommended
that customers start directly with the ATECC608B device. For designs that are being upgraded and currently use the
ATECC508A or the ATECC608A, it is recommended that they move to the ATECC608B. For designs not planned to
be upgraded, it is recommended that customers review their designs to see if they would benefit from the enhanced
security of the ATECC608B. For assistance with migrating a design to the ATECC608B, see the Migrations

References section.

For more information on compatibility with other Microchip CryptoAuthentication products, please see Section 3.

Compatibility.

Migration References:

1. AN3539: Provides guidance on migrating from the ATECC508A to the ATECC608B

2. AN2237: Provides guidance on migrating from the ATECC608A to the ATECC608B

ATECC608B

Introduction

1.1 Applications

The ATECC608B has a flexible command set that allows use in many applications, including the following:

• Network/IoT Node Endpoint Security

Manages node identity authentication and session key creation and management. Supports the entire
ephemeral session key-generation flow for multiple protocols, including TLS 1.2 (and earlier) and TLS 1.3.

• Secure Boot

Supports the MCU host by validating code digests and optionally enabling communication keys on success.
Various configurations to offer enhanced performance are available.

• Small Message Encryption

Contains a hardware AES engine to encrypt and/or decrypt small messages or data such as PII information.
Supports the AES-ECB mode directly. Other modes can be implemented with the help of the host
microcontroller. There is an additional GFM calculation function to support AES-GCM.

• Key Generation for Software Download

Supports local protected key generation for downloaded images. Both broadcast of one image to many systems,
each with the same decryption key, or point-to-point download of unique images per system are supported.

• Ecosystem Control and Anti-Counterfeiting

Validates that a system or component is authentic and came from the OEM shown on the nameplate.

1.2 Device Features

The ATECC608B includes an EEPROM array which can be used for storage of up to 16 keys, certificates,
miscellaneous read/write, read-only or secret data, consumption logging and security configurations. Access to the
various sections of memory can be restricted in a variety of ways and then the configuration can be locked to prevent
changes.

Access to the device is made through a standard I2C Interface at speeds of up to 1 Mbps. The interface is compatible
with standard Serial EEPROM I2C interface specifications. The device also supports a Single-Wire Interface (SWI),
which can reduce the number of GPIOs required on the system processor, and/or reduce the number of pins on
connectors. If the Single-Wire Interface is enabled, the remaining pin is available for use as a GPIO, an authenticated
output or tamper input.

Each ATECC608B ships with an ensured unique 72-bit serial number. Using the cryptographic protocols supported
by the device, a host system or remote server can verify a signature of the serial number to prove that the serial

© 2020 Microchip Technology Inc.

Summary Datasheet

DS40002239A-page 4

number is authentic and not a copy. Serial numbers are often stored in a standard Serial EEPROM; however, these
can be easily copied with no way for the host to know if the serial number is authentic or if it is a clone.

The ATECC608B features a wide array of defense mechanisms specifically designed to prevent physical attacks on
the device itself, or logical attacks on the data transmitted between the device and the system. Hardware restrictions
on the ways in which keys are used or generated provide further defense against certain styles of attack.

1.3 Cryptographic Operation

The ATECC608B implements a complete asymmetric (public/private) key cryptographic signature solution based
upon Elliptic Curve Cryptography and the ECDSA signature protocol. The device features hardware acceleration for
the NIST standard P256 prime curve and supports the complete key life cycle from high quality private key
generation, to ECDSA signature generation, ECDH key agreement and ECDSA public key signature verification.

The hardware accelerator can implement such asymmetric cryptographic operations from ten to one-thousand times
faster than software running on standard microprocessors, without the usual high risk of key exposure that is
endemic to standard microprocessors.

The ATECC608B also implements AES-128, SHA256 and multiple SHA derivatives such as HMAC(SHA), PRF (the
key derivation function in TLS) and HKDF in hardware. Support is included for the Galois Field Multiply (aka Ghash)
to facilitate GCM encryption/decryption/authentication.

The device is designed to securely store multiple private keys along with their associated public keys and certificates.
The signature verification command can use any stored or an external ECC public key. Public keys stored within the
device can be configured to require validation via a certificate chain to speed up subsequent device authentications.

Random private key generation is supported internally within the device to ensure that the private key can never be
known outside of the device. The public key corresponding to a stored private key is always returned when the key is
generated and it may optionally be computed at a later time.

The ATECC608B can generate high-quality random numbers using its internal random number generator. This
sophisticated function includes runtime health testing designed to ensure that the values generated from the internal
noise source contain sufficient entropy at the time of use. The random number generator is designed to meet the
requirements documented in the NIST 800-90A, 800-90B and 800-90C documents.

These random numbers can be employed for any purpose, including as part of the device’s cryptographic protocols.
Because each random number is ensured to be essentially unique from all numbers ever generated on this or any
other device, their inclusion in the protocol calculation ensures that replay attacks (i.e., re-transmitting a previously
successful transaction) will always fail.

The ATECC608B also supports a standard hash-based challenge-response protocol to allow its use across a wide
variety of additional applications. In its most basic instantiation, the system sends a challenge to the device, which
combines that challenge with a secret key via the MAC command and then sends the response back to the system.
The device uses a SHA-256 cryptographic hash algorithm to make that combination so that an observer on the bus
cannot derive the value of the secret key. At the same time, the recipient can verify that the response is correct by
performing the same calculation with a stored copy of the secret on the recipient’s system. There are a wide variety
of variations possible on this symmetric challenge/response theme.

ATECC608B

Introduction

© 2020 Microchip Technology Inc.

Summary Datasheet

DS40002239A-page 5

2. Electrical Characteristics

Data Comm

Wake

t

LIGNORE

t

HIGNORE

Noise

Suppresion

t

WLO

t

WHI

2.1 Absolute Maximum Ratings

Operating Temperature -40°C to +100°C

Storage Temperature -65°C to +150°C

Maximum Operating Voltage 6.0V

DC Output Current 5.0 mA

Voltage on any pin -0.5V to (VCC + 0.5V) -0.5V to (VCC + 0.5V)

ESD Ratings:

Human Body Model(HBM) ESD >4kV

Charge Device Model(CDM) ESD >1kV

Note:  Stresses beyond those listed under “Absolute Maximum Ratings” may cause permanent damage to the

device. This is a stress rating only and functional operation of the device at these or any other conditions beyond
those indicated in the operational sections of this specification are not implied. Exposure to absolute maximum rating
conditions for extended periods may affect device reliability.

ATECC608B

Electrical Characteristics

2.2 Reliability

The ATECC608B is fabricated with Microchip’s high reliability CMOS EEPROM manufacturing technology.

Table 2-1. EEPROM Reliability

Parameter Min. Typ. Max. Units

Write Endurance at +85°C (Each Byte) 400,000 — — Write Cycles

Data Retention at +55°C 10 — — Years

Data Retention at +35°C 30 50 — Years

Read Endurance Unlimited Read Cycles

2.3 AC Parameters: All I/O Interfaces

Figure 2-1. AC Timing Diagram: All Interfaces

© 2020 Microchip Technology Inc.

Summary Datasheet

DS40002239A-page 6

t

START

t

ZHI

t

ZLO

Logic Ø

t

START

t

BIT

Logic 1

t

START

t

TURNAROUND

t

START

SDA

Electrical Characteristics

Table 2-2. AC Parameters: All I/O Interfaces

Parameter Sym. Direction Min. Typ. Max. Units Conditions

Power-Up Delay

Wake Low Duration t

(2)

t

PU

WLO

To Crypto
Device

To Crypto
Device

100 — — µs Minimum time between VCC > VCC min

prior to start of t

60 — — µs

ATECC608B

.

WLO

Wake High Delay to
Data Comm

Wake High Delay
when SelfTest is

t

WHI

t

WHIST

To Crypto
Device

To Crypto
Device

Enabled

High-Side Glitch
Filter at Active

Low-Side Glitch
Filter at Active

Low-Side Glitch
Filter at Sleep

Watchdog Time-out t

t

HIGNORE_A

t

LIGNORE_A

t

LIGNORE_S

WATCHDOG

To Crypto
Device

To Crypto
Device

To Crypto
Device

To Crypto
Device

Notes: 

1. These parameters are characterized, but not production tested.

2. The power-up delay will be significantly longer if power-on self test is enabled in the Configuration zone.

2.3.1 AC Parameters: Single-Wire Interface

Figure 2-2. AC Timing Diagram: Single-Wire Interface

1500 — — µs SDA should be stable high for this entire

duration unless polling is implemented.
SelfTest is not enabled at power-up.

20 — — ms SDA should be stable high for this entire

duration unless polling is implemented.

(1)

45

— — ns Pulses shorter than this in width will be

ignored by the device, regardless of its state
when active.

(1)

45

— — ns Pulses shorter than this in width will be

ignored by the device, regardless of its state
when active.

(1)

15

— — µs Pulses shorter than this in width will be

ignored by the device when in Sleep mode.

0.7 1.3 1.7 s Time from wake until device is forced into
Sleep mode if Config.ChipMode[2] is 0.

Table 2-3. AC Parameters: Single-Wire Interface

Unless otherwise specified, applicable from TA = -40°C to +100°C, V

© 2020 Microchip Technology Inc.

Summary Datasheet

= +2.0V to +5.5V, CL = 100 pF.

CC

DS40002239A-page 7

ATECC608B

Electrical Characteristics

Parameter Symbol Direction Min. Typ. Max. Unit Conditions

Start Pulse Duration t

Zero Transmission
High Pulse

Zero Transmission
Low Pulse

(1)

Bit Time

Turn Around Delay t

TURNAROUND

START

t

ZHI

t

ZLO

t

BIT

To Crypto Device 4.10 4.34 4.56 µs —

From Crypto
Device

To Crypto Device 4.10 4.34 4.56 µs —

From Crypto
Device

To Crypto Device 4.10 4.34 4.56 µs —

From Crypto
Device

To Crypto Device 37 39 — µs If the bit time exceeds t

From Crypto
Device

From Crypto
Device

To Crypto Device 93 — — µs After ATECC608B transmits the last bit

4.60 6 8.60 µs —

4.60 6 8.60 µs —

4.60 6 8.60 µs —

TIMEOUT

ATECC608B may enter Sleep mode.

41 54 78 µs —

64 96 131 µs ATECC608B will initiate the first low

going transition after this time interval
following the initial falling edge of the
start pulse of the last bit of the transmit
flag.

of a group, the system must wait this
interval before sending the first bit of a
flag. It is measured from the falling
edge of the start pulse of the last bit
transmitted by ATECC608B.

,

IO Timeout

t

TIMEOUT

To Crypto Device 45 65 85 ms ATECC608B may transition to the

Sleep mode if the bus is inactive
longer than this duration.

Note: 

1. t

START

, t

, t

ZLO

ZHI

and t

are designed to be compatible with a standard UART running at 230.4 kBaud for both

BIT

transmit and receive. The UART must be set to seven data bits, no parity and one Stop bit.

© 2020 Microchip Technology Inc.

Summary Datasheet

DS40002239A-page 8

2.3.2 AC Parameters: I2C Interface

SCL

SDA IN

SDA OUT

t

F

t

HIGH

t

LOW

t

LOW

t

R

t

AA

t

DH

t

BUF

t

SU.STO

t

SU.DAT

t

HD.DAT

t

HD.STA

t

SU.STA

Figure 2-3. I2C Synchronous Data Timing

ATECC608B

Electrical Characteristics

Table 2-4. AC Characteristics of I2C Interface

(2)

Unless otherwise specified, applicable over recommended operating range from TA = -40°C to +100°C, VCC = +2.0V to +5.5V, C
= 1 TTL Gate and 100 pF.

Parameter Sym. Min. Max. Units

SCL Clock Frequency f

SCL High Time t

SCL Low Time t

Start Setup Time t

Start Hold Time t

Stop Setup Time t

Data In Setup Time t

Data In Hold Time t

Input Rise Time

Input Fall Time

1

1

SU.STA

HD.STA

SU.STO

SU.DAT

HD.DAT

Clock Low to Data Out Valid t

Data Out Hold Time t

SMBus Time-Out Delay t

Time bus must be free before a new transmission can start

1

TIMEOUT

SCL

HIGH

LOW

t

R

t

F

AA

DH

t

BUF

0 1 MHz

400 — ns

400 — ns

250 — ns

250 — ns

250 — ns

100 — ns

0 — ns

— 300 ns

— 100 ns

50 550 ns

50 — ns

25 75 ms

500 — ns

L

Notes: 

1. Values are based on characterization and are not tested.

2. AC measurement conditions:
– RL (connects between SDA and VCC): 1.2 kΩ (for VCC = +2.0V to +5.0V)
– Input pulse voltages: 0.3VCC to 0.7V

CC

– Input rise and fall times: ≤ 50 ns
– Input and output timing reference voltage: 0.5V

© 2020 Microchip Technology Inc.

CC

Summary Datasheet

DS40002239A-page 9