Part Number Hot Search : 
2EZ24D5 2SA19 C4IDC JPM160 LSM6DSM 4PH100 PM070WX9 TGH13A
Product Description
Full Text Search
 

To Download AT88SA10HS-TH-T Datasheet File
  If you can't view the Datasheet, Please click here to try to view without PDF Reader .  
 
 

  Datasheet File OCR Text:
  features ? secure key storage to complement at88sa100 s and at88sa102 s devices ? superior sha - 256 hash algorithm ? guaranteed unique 48 bit serial number ? high speed single wire interface, optionally shared with client ? supply voltage : 2. 7 ? 5. 2 5v ? 1.8v ? 5.5 v comm unications voltage ? <100na sleep current ? 4kv esd protection ? multi - level hardware security ? secure personalization ? green compliant (exceeds rohs) 3 pin sot -23 and 8 pin tssop or soic package s applications ? consumable device (battery, toner, other supplies) aut hentication ? network & computer access control ? authenticated communications for control networks ? anti - clone authentication for daughter cards ? physical access control (electronic lock & key) 1. introduction the cryptoauthentication family of chips is the first cost - effective authentication devices to implement the sha - 256 hash algorithm, which is part of the latest set of recommended algorithms by the us government. the 256 bit key space renders an y exhaustive attacks impossible. the at88sa10hs host version of c ryptoauthentication chips is capable of validating the response coming from the sha -256 engine within an authentic cryptoauthentication client (sa100s or sa102s) , even if that response includes within the computation the serial number of the client. for de tailed information on the cryptographic protocols, algorithm test values and usage models refer to ? at88sa100 s ? and ? at88sa102 s ? datasheets, along with the application notes dedicated to this product family. the host cryptoauthentication performs 3 separat e operations (named host0, host1 & host2) to implement this validation. the at88sa10hs chip takes both the challenge and response as inputs and returns a single boolean indicating whether or not the response is valid, in order to prevent the host chip from being used to model a valid client. the host system is responsible for generating the random challenge that is sent to both the client and host cryptoauthentication devices as the at88sa10hs does not include a random number generator. atmel? cryptoauthentication ? host security chip at88sa10 hs 8595e ? smem ? 6 / 10
2 at8 8sa10hs host auth entication chip 8595e ? smem ? 6 / 10 note : the chip impl ements a failsafe internal watchdog timer that forces it into a very low power mode after a certain time interval regardless of any current activity. system programming must take this into consideration. refer to sect ion 4.5 for mo re details. 1.1. memory resources fuse block of 128 fuse bits that can be written through the 1 wire interface. fuse[87] ha s special meanings, see section 1.2 for more details. fuse s [88:95] are part of the manufa cturer id value fixed by atmel. fuse s [96:127] are part of the serial number programmed by atmel which is guaranteed to be unique. see section 1.3 for more details on the manufacturing id and serial number. rom metal mask progra mmed memory. unrestricted reads are permitted on the first 64 bits of this array. the physical rom will be larger and will contain other information that cannot be read. the following three fields are stored in the rom: rom mfr id 2 bytes of rom that specif ies part of the manufacturing id code. this value is assigned by atmel and is always the same for all chips of a particular model number. for the at88sa10hs, this value is 0x 23 01 . (appears on the bus: 0x01 23) rom mfrid can be read by accessing rom bytes 0 & 1 of address 0. rom sn 2 bytes of rom that can be used to identify chips among others on the wafer. these bits reduce the number of fuses necessary to construct a unique serial number. the masksn is read by accessing rom bytes 2 & 3 of address 0. the serial number can always be read by the system but is never included in the message digested by the host command. revnum 4 bytes of rom that are used by atmel to identify the model mask and/or design revision of the at88sa10hs chip. these bytes can be free ly read as the four bytes returned by rom address 1, however system code should not depend on this value as it may change from time to time. 1.2. fuse map the at88sa10hs incorporates 128 one - time fuses within the chip. once burned, there is no way to reset the value of a fuse. all f uses, with the exception of the fuse mfrid and fuse sn bits initialized by atmel, have a value of 1 when ship ped from the atmel factory and transition to a 0 when they are burned. these fuses are burned at system personalization and cannot be changed after that time. table 1. fuse map : fuse # name description 0 ? 63 secret fuses these fuses can be securely written by the burnsecure command but can never be read with the read command 64 ? 86 status fuses these fuses can be written with the bu rnsecure command and can always be read with the read command. 87 fuse dis able the host commands ignore the values of fuse[0 - 63] until this bit is burned . once this bit is burned, the burnsecure command is disabled. 88 ? 95 fuse mfrid see section 1.3 . set by atmel, can?t be modified in the field 96 ? 127 fuse sn see section 1.3 . set by atmel, can?t be modified in the field
at88sa10 hs host authentication chip 3 8595e ? smem ? 6 / 10 secret fuses these 64 fuses are used to augment the m ask programmed keys stored in the chip by atmel. knowledge of both the m ask keys and the values of the secret fuses is required to calculate the response value expected by host2. the burnsecure command can be used to burn an arbitrary selection of these 64 bits. status fuses these 23 fuses should be used to store information which is not secret, as their value can always be determined using the read command. typical usage would be model or configuration information. they cannot be automatically included in the message s to be hashed by the host commands, but the system may read them and pass them back to host1 in the input stream if desired. fuse dis able this fuse is used to prevent access to fuses on chips in which a partial set of fuses has been burned. this fuse must be burned using the burnsecure command. 1.3. chip identification the chip includes a total of 72 - bits of information that can be used to distinguish between individual chips in a reliable manner. the information is distributed between the rom and fuse bloc ks in the following manner. serial number this 48 bit value is composed of rom sn (16 - bits) and fuse sn (32- bits). together they form a serial number that is guaranteed to be unique for all devices ever manufactured within the cryptoauthentication family. this value is optionally included in the mac calculation. manufacturing id this 24 - bit value is composed of rom mf rid (16 - bits) and fuse mfrid (8- bits). typically this value is the same for all chips of a given type. it is always included in the cryptogr aphic computations. 1.4. key values the values stored in the at88sa10 h s internal key array are hardwired into the masking layers of the chip during wafer manufacture. all chips have the same keys stored internally, though the value of a particular key cannot be determined externally from the chip. for this reason, customers should ensure that they program a unique (and secret) number into the 64 secret fuses and they should store the atmel provided key values securely. individual key values are made available to qualified customers upon request to atmel and are always transmitted in a secure manner. when the serial number is included in the mac calculation , the response is considered to be diversified and the host needs to know the base secret in order to be able to verify the authenticity of the client. a diversified response can also be obtained by including the serial number in the computation of the value written to the secret fuses. the atmel at88sa10hs provides a secure hardware mechanism to validate respons es to determine if they are authentic. 1.5. sha - 256 computation the at88sa10hs perform s only one cryptographic calculation ? a keyed digest of an input challenge. it optionally includes various other information stored on the chip within the digested message. t he at88sa10hs computes the sha - 256 digest based on the algorithm documented here: http://csrc.nist.gov/publications/fips/fips180 - 2/fips180- 2.pdf as a security measure , the 24 - bit mfrid code (both rom and fuse bits) is automatically included in every message digested by the at88sa10hs . the secret fuses are conditionally appended, depending on the parameters to the host command. for complete sample calculations, refer to? at88sa100 s? and/or ? at88sa102 s ? datasheets.
4 at8 8sa10hs host auth entication chip 8595e ? smem ? 6 / 10 1.6. security features the at88sa10hs incorporates a number of physical security features designed to protect the keys from release. these include an active shield over the entire surface of the part, internal memory encryption, internal clock generation, glitch protection, voltage tamper detection and other physical design features. pre - programmed keys stored on the at88sa10hs are encrypted in such a way as to make retrieval of their values via outside analysis very difficult. both the clock and logic supply voltage are internally generated, preventing any direct attack via the pins on these two signals. 2. io protocol communications to and from the at88sa10hs take place over a single asynchronously timed wire using a pulse count s cheme . the overall communications structure is a hierarchy: table 2. io hierarchy tokens implement a single data bit transmitted on the bus, or the wake - up event. flags c omprised of eight tokens (bits) which convey the direction and meaning of the next group of bi ts (if any) which may be transmitted. blocks d ata follow ing the command and t ransmit flags. they incorporate both a byte count and a checksum to ensure proper data transmission . packets b ytes form ing the core of the block without the count and crc. they are either the input or output parameters of the at88sa10hs command or status information from the at88sa10hs . refer to applications notes on atmel?s website for more details on how to use any microprocessor to easily generate the signaling necessary to send these values to the chip. 2.1. io tokens there are a number of io tokens input: (to at88sa10hs ) that may be transmitted along the bus: wake wake the at88sa10hs up from sleep (low power) state zero send a single bit from system to the at88sa10hs with a valu e of 0 one send a single bit from system to the at88sa10hs with a value of 1 output: (from at88sa10hs ) zeroout send a single bit from the at88sa10hs to the system with a value of 0 oneout send a single bit from the at88sa10hs to the system with a value of 1 the waveforms are the same in either direction, however there are some differences in timing based on the expectation that the host has a very accurate and consistent clock while the at88sa10hs has significant variation in its internal clock generator du e to normal manufacturing and environmental fluctuations. the bit timings are designed to permit a standard uart running at 230.4k baud to transmit and receive the tokens efficiently. each byte transmitted or received by the uart corresponds to a single bi t received or transmitted by the at88sa10hs . refer to applications notes on atmel?s website for more details.
at88sa10 hs host authentication chip 5 8595e ? smem ? 6 / 10 2.2. ac parameters t start t zhi t zlo data comm wake logic ? t start t bit logic 1 t lignore t hignore noise suppresion t wlo t whi 3. absolute maximum ratings * operating temperature ............................ ? 40c to +85c storage temperature ........................... ? 65c to + 150c voltage on any pin with respect to ground ......................... ? 0. 5 to v cc +0. 5 v * notice: stresses beyond those listed under ?absolute maximum ratings? may cause permanent damage to the device. this is a stress rating onl y and functional operation of the device at these or any other condition beyond those indicated in the operational sections of this specification is not implied. exposure to absolute maximum rating conditions for extended periods of time may affect device reliability .
6 at8 8sa10hs host auth entication chip 8595e ? smem ? 6 / 10 table 3. ac parameters parameter symbol direction min typ max unit notes wake low duration t wlo to cryptoauthentication 60 - s signal can be stable in either high or low levels during extended sleep intervals. wake delay to data comm. t whi to c ryptoauthentication 2.5 45 ms signal should be stable high for this entire duration. t whi must not exceed t timeout or the chip will transition to sleep. start pulse duration t start to cryptoauthentication 4.1 4.34 4.5 s from cryptoauthentication 4 .6 6.0 8.6 s zero transmission high pulse t zhi to cryptoauthentication 4.1 4.34 4.5 s from cryptoauthentication 4.6 6.0 8.6 s zero transmission low pulse t zlo to cryptoauthentication 4.1 4.34 4.5 s from cryptoauthentication 4.6 6.0 8.6 s bit time ? t bit to cryptoauthentication 37 39 - s if the bit time exceeds t timeout then cryptoauthentication will enter sleep mode and the w ake token must be resent. from cryptoauthentication 4 1 54 7 8 s turn around delay t turnaround from crypto authentication 2 8 60 95 s cryptoauthentication will initiate the first low going transition after this time interval following the end of the transmit flag to cryptoauthentication 15 s 4 6 ms after cryptoauthentication transmits the last bit of a blo ck, system must wait this interval before sending the first bit of a flag high side glitch filter @ active t hignore_a to cryptoauthentication 45 ns pulses shorter than this in width will be ignored by the chip, regardless of its state when active low side glitch filter @ active t lignore_a to cryptoauthentication 45 ns pulses shorter than this in width will be ignored by the chip, regardless of its state when active low side glitch filter @ sleep t lignore_s to cryptoauthentication 2 s pulses sho rter than this in width will be ignored by the chip when in sleep mode io timeout t timeout to cryptoauthentication 45 65 85 ms refer to section 4.4.1 . watchdog reset t watchdog to cryptoauthentication 3 4 5.7 s max. time from w ake until chip is forced into sleep mode. refer to section 4.5 pause length t pause - 18 25 32 ms duration during which the chip will ignore io on the bus. refer to pauseshort command , section 5.7 .
at88sa10 hs host authentication chip 7 8595e ? smem ? 6 / 10 4. dc parameters table 4. dc parameters parameter symbol min typ max unit notes operating temperature t a -40 85 c power supply voltage v cc 2. 7 5. 2 5 v fuse burning voltage v burn 3. 0 5. 2 5 v vo ltage is applied to v cc pin active power supply current i cc - 6 ma sleep power supply current @ - 40c to 55c i sleep 100 na when chip is in sleep mode, v cc = 5.25 v, vsig = 0.0 to 0.5 v or vsig = v cc - 0.5v to v cc . sleep power supply current @ 85c i sle ep 1 a when chip is in sleep mode, v cc = 5.25v, vsig = 0.0 to 0.5 v or vsig = v cc - 0.5v to v cc . input low voltage @ v cc = 5. 2 5v v il - 0.5 . 1 5 * v cc v voltage levels for w ake token when chip is in sleep mode input low voltage @ v cc = 2. 7 v v il - 0.5 0. 5 v voltage levels for w ake token when chip is in sleep mode input high voltage @ v cc = 5. 2 5v v ih .25 * v cc 5.25 v voltage levels for w ake token when chip is in sleep mode input high voltage @ v cc = 2. 7 v v ih 1.0 3.0 v voltage levels for w ake token wh en chip is in sleep mode input low voltage when active v il - 0.5 0. 5 v when chip is in active mode, v cc = 2. 7 ? 5. 2 5v input high voltage when active v ih 1.2 5.25 v when chip is in active mode, v cc = 2. 7 ? 5. 2 5v output low voltage v ol 0.4 v when chi p is in active mode, v cc = 2. 7 ? 5. 2 5v maximum input voltage v max 5 .25 v esd v esd 4 kv human body model, sig & v cc pins.
8 at8 8sa10hs host auth entication chip 8595e ? smem ? 6 / 10 4.1. io flags the system is always the bus master, so before any io transaction, the system must send an 8 bit flag to the chip to indicate the io operation that is to be performed, as follows: value name meaning 0x66 command after this flag, the system starts sending a command block to the chip. the first bit of the block can follow immediately after the last bit of the flag. 0x99 transmit after a turn - around delay, the chip will start transmitting the response for a previously transmitted command block. 0xcc sleep upon receipt of a sleep flag, the chip will enter a low power mode until the next w ake token is received. all o ther values are reserved and will be ignored. note that the values of flag for the at88sa10hs host are different from that of the two clients, the at88sa100 s and at88sa102 s . in this manner, both the at88sa102 s (or at88sa100 s ) and at88sa10hs can share the s ame communications pin on the system controller. while the at88sa10hs will wake up when communications are sent to the client, it will ignore all such transactions. it is possible that data values transmitted to a client authentication chip (either the at88 ss100s or the at88sa102 s) could be interpreted by the at88sa10hs host chip as a legal t ransmit flag. in this case there could be a bus conflict as both the host and client chips drive the signal wire at the same time. to prevent this, the pauseshort comman d should be used to prevent the at88sa10 hs host chip from looking at the signal wire during any io transaction to the client. 4.1.1. command timing after a command flag is transmitted, a command block should be sent to the chip. during parsing of the parameters a nd subsequent execution of a properly received command, the chip will be busy and not respond to transitions on the signal pin. the delays for these operations are listed in the table below: table 5. command timing parameter symbol max unit notes parsing delay t p arse 100 s delay to check crc and parse opcode and parameters before an error indication will be available host 0 delay t exec_host 0 1 3 ms delay to execute any of the host 0 command host 1 delay t exec_host 1 7 ms delay to execute any of the host 1 command host 2 delay t exec_host 2 0.5 ms delay to execute any of the host 2 command memorydelay t exec_read 3 m s delay to execute read command securedelay t exec_secure 3 6 ms max d elay to execute burnsecure command at v cc > 4.5v. see section 5.6 f or more details. personalizedelay t person 1 3 ms delay to execute genpersonalizationkey in this document, t exec is used as shorthand for the delay corresponding to whatever command has been sent to the chip.
at88sa10 hs host authentication chip 9 8595e ? smem ? 6 / 10 4.1.2. transm it flag the t ransmit flag is used to tu rn around the signal so that the at88sa10hs can send data back to the system, depending on its current state. the bytes that the at88sa10hs returns to the system depend on its current state as follows: table 6. return codes state description error/status descriptio n after w ake, but prior to first command 0x11 indication that a proper w ake token has been received by the at88sa10hs . after successful command execution ? return bytes per ?output parameters? in command section of this document. in some cases this is a single byte with a value of 0x00 indicating success. the t ransmit flag can be resent to the at88sa10hs repeatedly if a re - read of the output is necessary. execution error 0x0f command was properly received but could not be executed by the at88sa10hs . chan ges in the at88sa10hs state or the value of the command bits must happen before it is re - attempted. after crc or other communications error 0xff command was not properly received by the at88sa10hs and should be re - issued by the system. no attempt was made to execute the command. the at88sa10hs always transmits complete blocks to the system, so in the above table , the status/error bytes result in 4 bytes going to the system ? count, error, crc x 2. after receipt of a command block, the at88sa10hs will par se the command for errors, a process which takes t parse ( refer to section 4.1.1 ). after this interval the system can send a t ransmit token to the at88sa10hs ? if there was an error , the at88sa10hs will respond w ith an error code. if there is no error , the at88sa10hs internally transitions automatically from t parse to t exec and will not respond to any t ransmit tokens until both delays are complete. 4.1.3. sleep flag the sleep flag is used to transition the at88sa10hs t o the low power state, which causes a complete reset of the at88sa10hs ?s internal command engine and input/output buffer. it can be sent to the at88sa10hs at any time when the at88sa10hs will accept a flag. to achieve the specified i sleep , atmel recommend s that the input signal be brought below v il when the chip is asleep. to achieve i sleep if the sleep state of the input pin is high, the voltage on the input signal should be within 0.5v of v cc to avoid additional leakage on the input circuit of the chip. the system must calculate the total time required for all commands to be sent to the at88sa10hs during a single session, including any inter - bit/byte delays. if this total time exceeds t watchdog then the system must issue a partial set of commands, then a sleep flag, then a wake token, and finally after the w ake delay , issue the remaining commands.
10 at8 8sa10hs host auth entication chip 8595e ? smem ? 6 / 10 4.2. io blocks commands are sent to the chip, and responses received from the chip, within a block that is constructed in the following way : byte number name me aning 0 count number of bytes to be transferred to the chip in the block, including count, packet and checksum, so this byte should always have a value of (n+1). the maximum size block is 39 and the minimum size block is 4. values outside this range will cause unpredictable operation . 1 to (n -2) packet command, parameters and data, or response. r efer to section 4.1.2 & section 4 for more details. n - 1, n checksum crc - 16 verification of the count and packet bytes. the crc polynomial is 0x8005, the initial register value should be 0 and after the last bit of the count and packet have been transmitted the internal crc register should have a value that matc hes that in the block. the first byte transmitted (n - 1) is the least significant byte of the crc value so the last byte of the block is the most significant byte of the crc. 4.3. io flow the general io flow for the commands is as follows: 1. system sends wake tok en. 2. system sends transmit flag. 3. receive 0x11 value from the at88sa10hs to verify proper wakeup synchronization. 4. system sends command flag. 5. system sends complete command block. 6. system waits t parse for the at88sa10hs to check for command formation errors. 7. s ystem sends transmit flag. if command format is ok, the at88sa10hs ignores this flag because the computation engine is busy. if there was an error, the at88sa10hs responds with an error code. 8. system waits t exec , refer t o se ction 4.1.1 . 9. system sends transmit flag. 10. receive output block from the at88sa10hs , system checks crc. 11. if crc from the at88sa10hs is incorrect, indication transmission error, system resends transmit flag. 12. system sends sleep flag to the at88sa10hs . where the command in question has a short execution delay the system should omit steps s ix , s even & e ight and replace this with a wait of duration t parse + t exec . 4.4. synchronization because the communications protocol is half dup lex, there is the possibility that the system and the at88sa10hs will fall out of synchronization with each other. in order to speed recovery, the at88sa10hs implements a timeout that forces the at88sa10hs to sleep.
at88sa10 hs host authentication chip 11 8595e ? smem ? 6 / 10 4.4.1. io timeout after a leading transitio n for any data token has been received, the at88sa10hs will expect another token to be transmitted within a t timeout interval. if the leading edge of the next token is not received within this period of time, the at88sa10hs assumes that the synchronization with the host is lost and transitions to a sleep state. after the at88sa10hs receives the last bit of a command block, this timeout circuitry is disabled. if the command is properly formatted, then it is re - enabled with the first t ransmit token that occur s after t parse + t exec . if there is an error in the command, then it is re - enabled with the first t ransmit token that occurs after t parse . in order to limit the active current if the at88sa10hs is inadvertently awakened, the io timeout is also enabled whe n the at88sa10hs wakes up. if the first token does not come within the t timeout interval, then the at88sa10hs will go back to sleep without performing any operations. 4.4.2. synchronization procedures when the system and the at88sa10hs fall out of synchronization , the system will ultimately end up sending a t ransmit flag which will not generate a response from the at88sa10hs . the system should implement its own timeout which waits for t timeout during which time the at88sa10hs should go to sleep automatically. at t his point, the system should send a wake token and after t wlo + t whi , a transmit token. the 0x11 status indicates that the resynchronization was successful. it may be possible that the system does not get the 0x11 code from the at88sa10hs for one of the fo llowing reasons: 1. the system did not wait a full t timeout delay with the io signal idle in which case the at88sa10hs may have interpreted the w ake token and t ransmit flag as data bits. recommended resolution is to wait twice the t timeout delay and re - issue the wake token. 2. the at88sa10hs went into the sleep mode for some reason while the system was transmitting data. in this case, the at88sa10hs will interpret the next data bit as a w ake token, but ignore some of the subsequently transmitted bits during its w ake - up delay. if any bytes are transmitted after the wake- up delay, they may be interpreted as a legal flag, though the following bytes would not be interpreted as a legal command due to an incorrect count or the lack of a correct crc. recommended resoluti on is to wait the t timeout delay and re - issue the wake token. 3. there are some internal error condition s within the at88sa10hs which will be automatically reset after a t watchdog interval, see below . there is no way to externally reset the at88sa10hs ? the system should leave the io pin idle for this interval and issue the wake token. 4.5. watchdog failsafe after the w ake token has been received by the at88sa10hs , a watchdog counter is started within the chip. after t watchdog , the chip will enter sleep m ode, regardless of whether it is in the middle of execution of a command and/or whether some io transmission is in progress. there is no way to reset the counter other than to put the chip to sleep and wake it up again. this is implemented as a fail - safe s o that no matter what happens on either the system side or inside the various state machines of the at88sa10hs including any io synchronization issue, power consumption will fall to the low sleep level automatically. 4.6. byte & bit ordering the at88sa10hs is a little - endian chip: ? all multi - byte aggregate elements within this spec are treated as arrays of bytes and are processed in the order received. ? data is transferred to/from the at88sa10hs least significant bit first on the bus. ? in this document, the most si gnificant bit and/or byte appears towards the left hand side of the page.
12 at8 8sa10hs host auth entication chip 8595e ? smem ? 6 / 10 5. commands the command packet is broken down in the following way: byte name meaning 0 opcode the command code 1 param1 the first parameter ? always present 2 - 3 param2 the second parameter ? always present 4 + data optional remaining input data if a command fails because the crc within the block is incorrect or there is some other communications error , then immediately after t parse the system will be able to retrieve an error response block containing a single byte packet. the value of that byte will be all 1?s. in this situation, the system should re - transmit the command block including the proceeding t ransmit flag ? providing there is sufficient time before the expiration of the watchdog timeout. if the opcode is invalid, one of the parameters is illegal, or the at88sa10hs is in an illegal state for the execution of this command , then immediately after t parse the system will be able to retrieve an error response block containi ng a single byte packet. the value of that byte will be 0x0f. in this situation, the condition must be corrected before the (modified) command is sent back to the at88sa10hs . if a command is received successfully , the system will be able to retrieve the ou tput block as described in the individual command descriptions below after the appropriate execution delay . in the individual command description tables following , the ? size ? column describes the number of bytes in the parameter documented in each particu lar row. the total size of the block for each of the commands is fixed, though that value is different for each command. if the block size for a particular command is incorrect, the chip will not attempt the command execution and return s an error.
at88sa10 hs host authentication chip 13 8595e ? smem ? 6 / 10 5.1. host0 c oncatenates the key stored in the at88sa10hs with an input 256 bit challenge and generates the digest of this message. the result is left in internal memory and cannot be read. in general, the challenge should be a random number generated by the host syste m, which will be sent to both the host ( at88sa10 hs ) and client ( at88sa100 s or at88sa102 s). table 7. input parameters name size notes opcode host0 1 0x08 param1 overwrite 1 if non - zero, overwrite part of internally generated key with secret fuses param2 keyid 2 the internal key to be used to generate the digest. data challenge 32 challenge to be sent to the client at88sa100s or at88sa102s . table 8. output parameters name size notes success 1 upon successful completion of host0 , a value of 0 will be returned by the at8 8sa10hs . the 512 bit message block that will be hashed with the sha - 256 algorithm will consist of : 256 bits key[keyid] 256 bits challenge if the overwrite parameter is 0, then the 512 bit message block that will be hashed using the sha - 256 algorithm w ill consist of 256 bits key[keyid] 256 bits challenge if the overwrite parameter has a value of 0x01, then the 512 bit message block that will be hashed using the sha - 256 algorithm will consist of 192 bits key[keyid] 64 bits fuse[0 -63] 256 bits chal lenge all other values of the overwrite parameter are not recommended for use.
14 at8 8sa10hs host auth entication chip 8595e ? smem ? 6 / 10 5.2. host1 completes the two block sha - 256 digest started by host0 and leaves the resulting digest within the internal memory of the at88sa10hs . this command returns an error if host0 has not been successfully run previously within this w ake cycle. as a security precaution, t his command does not return the digest . a subsequent command is required to compare the response generated by the client with the one generated by the host . table 9. input parameters name size notes opcode host1 1 0x40 param1 mode 1 controls composition of message, see below for details. param2 zero 2 must be 0x00 00 data otherinfo 13 input portion of message to be digested. table 10. output parameters name size notes suc cess 1 upon successful completion of host1 , a value of 0 will be returned by at88sa10hs . the contents of the second block to be digested are listed below. note that to simplify this documentation; the bit addresses for otherinfo are listed in the table b elow. size source notes 32 bits otherinfo[0 - 31] opcode, param1 & param2 values sent to the at88sa100 s / at88sa102 s 64 bits fuse[0 -63] if enabled by bit 5 of the input mode parameter and if fuse[87] is burned, else forced to 0 24 bits otherinfo[32 - 55] sta tus fuse values from atsa100s/ at88sa102 s , or 0?s 8 bits fuse[88 - 95] fuse mfrid , should match between at88sa10hs and at88sa100 s / at88sa102 s . 32 bits otherinfo[56 - 87] fuse sn from at88sa100 s / at88sa102 s (fuse[96 - 127]), or 0?s 16 bits rom mfrid should match between at88sa10hs and at88sa100 s / at88sa102 s . 16 bits otherinfo[88 - 103] rom sn from at88sa100 s / at88sa102 s , or 0?s these bits are followed by the necessary ?1? bit, ?0? padding and 64 bit length as specified in the sha - 256 specification.
at88sa10 hs host authentication chip 15 8595e ? smem ? 6 / 10 mode encoding bit 5 of the mode is used to indicate whether or not the secret fuse bits are to be included in the calculation. the remaining bits of the mode field are ignored by the at88sa10hs and should be 0 . table 11. mode encoding bit[5] fuse block 0 no fuse values inserted. 1 insert the values of fuse[0 - 63] in the message. if fuse[87] has not been burned, then the values of fuse[0 - 63] will be replaced by 0?s in the above message generation step as a security measure. 5.3. host2 compares the value previously generated by the at 88sa10hs using host0 and host1 with that on the input stream coming from the client and returns status to indicate whether or not the two matched. this command returns an error if host1 has not been previously successfully run within this w ake cycle. if th e two digests do not match, the at88sa10hs provides no information as to the source of the mismatch, which must be deduced from the inputs to the three hostx commands. on a match failure, the entire set of host0, host1 & host2 commands must be re - executed ? host2 cannot be repeatedly executed. table 12. input parameters name size notes opcode host2 1 0x80 param1 zero1 1 must be 0x00 param2 zero2 2 must be 0x00 00 data clientresponse 32 response from the client. table 13. output parameters name size notes success 1 if th e input clientresponse matches the internally generated response, a value of 0 will be returned by the at88sa10hs after a t host delay. if the two digests do not match, a value of 0x0f will be returned after a t host delay.
16 at8 8sa10hs host auth entication chip 8595e ? smem ? 6 / 10 5.4. read reads 4 bytes from fuse or rom. returns an error if an attempt is made to read any fuses or rom locations which are illegal. table 14. input parameters name size notes opcode read 1 0x02 param1 mode 1 fuse or rom param2 address 2 which 4 bytes within array. only bits 0 & 1 are used, all others must be 0?s data ignored 0 table 15. output parameters name size notes contents 4 the contents of the specified memory location. table 16. mode encoding name value notes rom 0x00 reads four bytes from the rom. bit 1 of the address parameter must be 0. fuse 0x01 reads the value of 32 fuses. bit 1 of the address parameter must be 1.
at88sa10 hs host authentication chip 17 8595e ? smem ? 6 / 10 5.5. genpersonalizationkey loads a personalization key into internal memory and then use s that key along with an input seed to generate a decryption digest using sha - 256. neither the key nor the decryption digest can be read from the chip. upon completion, an internal bit is set indicating that a secure personalization digest has been loaded and is ready to use by the burnsecure command. this bit is cleared (and the digest lost) when the w atchdog timer expires or the power is cycled. this command will fail if fuse[ 87 ] has been burned. table 17. input parameters name size notes opcode genpers 1 0x20 param1 zero 1 must be 0x00 param2 keyid 2 identification number of the personalization key to be lo aded. data seed 16 seed for digest generation. the least significant bit of the last byte is ignored by the at88sa10hs . table 18. output parameters name size notes success 1 upon successful execution, a value of 0 will be returned by the at88sa10hs . the sha - 256 message body used to create the resulting digest internally stored in the chip consists of the following 512 bits: 256 bits personalizekey[keyid] 64 bits fixed value of all 1?s 127 bits seed from input stream 1 bits ?1? pad 64 bits length of mess age in bits, fixed at 447
18 at8 8sa10hs host auth entication chip 8595e ? smem ? 6 / 10 5.6. burnsecure burns any combination of the first 88 fuse bits. verification that the proper secret fuse bits have been burned must occur using the mac command ? there is no way to read the values in the first 64 fuses to verify th eir state. the 24 status fuses can be verified with the read command. the fuses to be burned are specified by the 88 bit input map parameter. if a bit in the map is set to a ?1?, then the corresponding fuse is burned. if a bit in the map parameter is 0, th en the corresponding fuse is left in its current state. the first bit sent to the at88sa10 h s corresponds to fuse[0] and so on up to fuse[87]. note that since a ?1? bit in the map parameter results in a ?0? data value in the actual fuse array, the value in the map parameter should be the inverse of the desired secret or status value. see section 1.2 for more details. to facilitate secure personalization of the at88sa10 h s, this map may be encrypted before being sent to the chip. i f this mode is desired, then the decrypt parameter should be set to 1 in the input parameter list. the decryption (transport) key is computed by the genpersonalizationkey command, which must have been run immediately prior to the execution of burnsecure. i n this case, prior to burning any fuses, the input map parameter is xor?d with the first 88 bits of that digest from the genpersonalizationkey command. the genpersonalizationkey and burnsecure commands must be run within a single w ake cycle prior to the ex piration of the watchdog timer. the power supply pin must meet the v burn specification during the entire burnsecure command in order to burn fuses reliably. if vcc is greater than 4.5v, then the burntime parameter should be set to 0x00 and the internal bur n time will be 250 s. if vcc is less than 4.5v but greater than v burn then the burntime parameter should be set to 0x 8 000 and th e internal burn time will be 1 9 0 ms per fuse bit burned the total b urnsecure execution delay is directly proportional to the total number of fuses being burned. if vcc is less than 4.5v, then the total burnsecure execution time may exceed the interval remaining before the expiration of the watchdog timer. in this case, th e burnsecure command should be run repeatedly, with each repetition burning only as many fuses as there is time available. the system software is responsible for counting the number of ?1? bits in the clear - text version of the map parameter sent to the chi p ? no error is returned if the fuse burn count is too high. other than fuse[87] (see below), the fuses may be burned in any order. . the chip does not internally check the supply voltage level. prior to execution of burnsecure, the at88sa10 h s verifies that fuse[87] is un - burned. if it has been burned, then the burnse cure command will return an error. fuse[87] must be burned during the last repetition of burnsecure, optionally in combination with other fuses. there are a series of very small intervals during t exec_secure when the fuse element is actually being burned. the power supply must not be removed during this interval and the watchdog timer must not be allowed to expire during this interval, or the fuse may end up in a state where it reads as un - burned but cannot be burned. table 19. input parameters name size notes op code burnsecure 1 0x10 param1 decrypt 1 if 1, decrypt map data before usage. if 0, the map is transmitted in plain text. param2 burntime 2 must be 0x00 00 if vcc > 4.5v, must be 0x8 0 00 otherwise. data map 11 which fuses to burn, may be encrypted. table 20. outp ut parameters name size notes success 1 upon successful execution, a value of 0 will be returned by the at88sa10hs . this command takes a constant time to execute regardless of the number of fuses being burned.
at88sa10 hs host authentication chip 19 8595e ? smem ? 6 / 10 5.7. pauseshort forces the chip into a busy mo de for a period of t pause . during execution of this command the chip will ignore all activity on the io signal. this command is used to prevent bus conflicts in a system that also includes one or more at88sa100 s or at88sa102 s client chips sharing the sam e signal wire. table 21. input parameters name size notes opcode pauseshort 1 0x00 param1 ignored 1 must be 0x00 param2 ignored 2 must be 0x00 00 data ignored 0 table 22. output parameters name size notes success 1 after a delay of t pause , the at88sa10hs will return a value of 0 in response to a t ransmit flag. 6. pinout table 23. sot pin definition s pin # name description 1 signal io channel to the system, open drain output. it is expected that an external pull - up resistor will be provided to pull this signal up to v cc for prope r communications. when the chip is not in use this pin can be pulled to either v cc or v ss . 2 v cc power supply, 2. 7 ? 5. 2 5v. this pin should be bypassed with a high quality 0.1 f capacitor close to this pin with a short trace to v ss . refer to applications notes on atmel?s website for more details. 3 v ss connect to system ground. table 24. tssop and soic pin definitions pin # name description 4 v ss connect to system ground. 5 signal io channel to the system, open drain output. it is expected that an external pull - up resistor will be provided to pull this signal up to v cc for proper communications. when the chip is not in use this pin can be pulled to either v cc or v ss . 8 v cc power supply, 2. 7 ? 5. 2 5v. this pin should be bypassed with a high quality 0.1 f capacitor close to this pin with a short trace to v ss . additional applications information at www.atmel.com .
20 at8 8sa10hs host auth entication chip 8595e ? smem ? 6 / 10 7. p ackage drawing 3ts1 - shrink sot package drawing contact: packagedrawings@atmel.com title dr a wing n o . gpc r re v . 3ts1 11/5/08 common dimensions (unit of measure = mm) symbol min nom max note end view side view top view 3ts1 , 3-lead , 1.30 mm bo d y , plastic thin sh r ink small outline p a c kage (sh r ink s o t) a tbg 0.89 0.01 0.88 2.80 2.10 1.20 0.30 a a1 a2 d e e1 l1 e1 b - - - 2.90 - 1.30 0.54 ref 1.90 bsc - 1.12 0.10 1.02 3.04 2.64 1.40 0.50 1,2 1,2 3 notes: 1. dimension d does not include mold flash, prot r usions or gate b urr s . mold flash, prot r usions or gate b urrs shall not e xceed 0.25 mm per end . dimension e1 does not include inte r lead flash or prot r usion . inte r lead flash or prot r usion shall not e xceed 0.25 mm per sid e . 2. the pa c kage top m a y be smaller than the pa c kage bottom . dimen - sions d and e1 are dete r mined at the oute r most e xtremes of the plastic body e xclusi v e of mold flash, tie bar b urr s , gate b urrs and inte r lead flash, b ut including a n y mismatch bet w een the top and bottom of the plastic bod y . 3. these dimensions apply to the flat section of the lead bet w een 0.08 mm and 0.15 mm from the lead ti p . this d r a wing is f or gene r al in f or mation onl y . ref er to jedec d r a wing t o-236, v ar iation ab f or additional in f or mation. c l l1 3 e e1 1 2 e1 seating plane b a2 a a1 e d
at88sa10 hs host authentication chip 21 8595e ? smem ? 6 / 10 8s2 8 lead t s s o p package figure 1. 8 - lead tssop package common dimensions (unit of measure = mm) symbol min nom max note d 2.90 3.00 3.10 2, 5 e 6.40 b sc e1 4. 30 4.40 4.50 3, 5 a ? ? 1.20 a2 0. 80 1.00 1.05 b 0.19 ? 0.30 4 e 0.65 bsc l 0.45 0.60 0.75 l1 1.00 re3 s i d e v i e w a2 a d b end view top view l l1 1 2 3 4 e1 pin 1 indicator this cor ner e e d r a w i n g n o . r e v . 8 a 2 d 1 2 / 1 1 / 0 9 t i t l e n o t e s : 1 . t h i s d r a w i n g i s f o r g e n e r a l i n f o r m a t i o n o n l y . r e f e r t o j e d e c d r a w i n g m o - 1 5 3 , v a r i a t i o n a a , f o r p r o p e r d i m e n s i o n s , t o l e r a n c e s , d a t u m s , e t c . 2 . d i m e n s i o n d d o e s n o t i n c l u d e m o l d f l a s h , p r o t r u s i o n s o r g a t e b u r r s . m o l d f l a s h , p r o t r u s i o n s a n d g a t e b u r r s s h a l l n o t e x c e e d 0 . 1 5 m m ( 0 . 0 0 6 i n ) p e r s i d e . 3 . d i m e n s i o n e 1 d o e s n o t i n c l u d e i n t e r - l e a d f l a s h o r p r o t r u s i o n s . i n t e r - l e a d f l a s h a n d p r o t r u s i o n s s h a l l n o t e x c e e d 0 . 2 5 m m ( 0 . 0 1 0 i n ) p e r s i d e . 4 . d i m e n s i o n b d o e s n o t i n c l u d e d a m b a r p r o t r u s i o n . a l l o w a b l e d a m b a r p r o t r u s i o n s h a l l b e 0 . 0 8 m m t o t a l i n e x c e s s o f t h e b d i m e n s i o n a t m a x i m u m m a t e r i a l c o n d i t i o n . d a m b a r c a n n o t b e l o c a t e d o n t h e l o w e r r a d i u s o f t h e f o o t . m i n i m u m s p a c e b e t w e e n p r o t r u s i o n a n d a d j a c e n t l e a d i s 0 . 0 7 m m . 5 . d i m e n s i o n d a n d e 1 t o b e d e t e r m i n e d a t d a t u m p l a n e h . p ac ka g e dra wing contact: 8a2, 8-lead, 4.4mm body , plastic thin shr ink small outline p ac kage (tssop) tnr g p c pac kagedr a wings@atmel.com 8 7 6 5
22 at8 8sa10hs host auth entication chip 8595e ? smem ? 6 / 10 8 - lead soic note: common dimensions (unit of measure = mm) symbol min nom max note a1 0.1 0 ? 0.25 these drawings are for general information only. refer to jedec drawing ms-012, variation aa for proper dimensions, tolerances, datums, etc. a 1.3 5 ? 1.75 b 0.3 1 ? 0.51 c 0.1 7 ? 0.25 d 4.8 0 ? 5.05 e1 3.8 1 ? 3.99 e 5.7 9 ? 6.20 e 1.27 bsc l 0.4 0 ? 1.27 0? ? 8 ? top view end view side view e d a a1 n e 1 c e1 l dr a wing n o . 1150 e. cheyenne mtn. blvd. colorado springs, co 80906 re v . 8s1 c 3/17/05 title 8s1, 8-lead (0.150" wide body), plastic gull wing small outline (jedec soic) b
at88sa10 hs host authentication chip 23 8595e ? smem ? 6 / 10 8. ordering code s table 25. ordering codes ordering code package type voltage range temperature range at88sa10hs - tsu -t so t, tape & reel 2.7v ? 5.25 v green compliant (exceeds rohs)/industrial ( ? 40c to 85c) at88sa10hs -t h -t tssop, tape & reel 2.7v ? 5.25 v green compliant (exceeds rohs)/industrial (? 40c to 85c) at88sa10hs -sh -t soic , tape & reel 2.7v ? 5.25 v green compliant (exceeds rohs)/industrial ( ? 40c to 85c) 9. revision history table 26. revision history doc. rev. date comments 8595e 06/2010 update to table 3: ac parameters. 8595d 05/2010 expansion of io timeout specification. 8595c 04/2010 added 8ld tssop. 8595b 02/2010 updated parameter tables and added 8ld soic. 8595a 04/2009 initial document release.
8595e ? smem ? 6 / 10 headquarters international atmel corporation 2325 orchard parkw ay san jose, ca 95131 usa tel: 1(408) 441 - 0311 fax: 1(408) 487 - 2600 atmel asia unit 1 - 5 & 16, 19/f bea tower, millennium city 5 418 kwun tong road kwun tong, kowloon hong kong tel: (+852) 2245 - 6100 fax: (+852) 2722 - 1369 atmel europe atmel munich gmbh business campus, parkring 4 d - 85748 garching bei munich germany tel: (+49) 89 - 31970- 0 fax: (+49) 89 - 31946- 21 atmel japan 9f, tonetsu shinkawa bldg. 1 - 24- 8 shinkawa chuo - ku, tokyo 104 - 0033 japan tel: (+81) 3 - 3523- 3551 fax: (+81) 3 - 3523- 7581 product contact web site www.atmel.com technical support securemem@atmel.com sales contact www.atmel.com/contacts literature requ ests www.atmel.com/literature disclaimer: the information in this document is provided in connection with atmel products. no license, express or implied, by estoppel o r otherwise, to any intellectual prop erty right is granted by this document or in connection with the sale of atmel products. except as set forth in atmel? s terms and condi tions of sale located on atmel?s web site, atmel assumes no liability whatsoever and disclaims any express, implied or st atutory warranty relating to its products including, but not limited to, the implied warranty of merchantability, fitness for a particular purpose, or non - infringement. in no event shall atmel be liable for any direct, indirect, consequential, punitive, sp ecial or inciden - tal damages (including, without limitation, damages for loss of profits, business interruption, or loss of information) arising out of the use or inab ility to use this document, even if atmel has been advised of the possibility of such damages. atmel makes no representations or warranties with respect to the accuracy or completeness of the contents of this document and reserves the right to make changes to specifications and product descriptions at any time without notice. atmel does not make any commitment to update the information contained herein. unless specifically provided otherwise, atmel products are not suitable for, and sha ll not be used in, au tomotive applications. atmel?s products are not intended, authorized, or warranted for use as components in applications intended to s upport or sustain life. ? 20 10 atmel corporation. all rights reserved. atmel?, atmel logo and combinations thereof, and ot hers are registered trademarks , cryptoauthentication?, and others, a r e trademarks of atmel corporation or its subsidiaries. other terms and product names may be trademarks of others.


▲Up To Search▲   

 
Price & Availability of AT88SA10HS-TH-T

All Rights Reserved © IC-ON-LINE 2003 - 2022  
[Add Bookmark] [Contact Us] [Link exchange] [Privacy policy]
Mirror Sites :  [www.datasheet.hk]   [www.maxim4u.com]  [www.ic-on-line.cn] [www.ic-on-line.com] [www.ic-on-line.net] [www.alldatasheet.com.cn] [www.gdcy.com]  [www.gdcy.net]
 . . . . .
  We use cookies to deliver the best possible web experience and assist with our advertising efforts. By continuing to use this site, you consent to the use of cookies. For more information on cookies, please take a look at our Privacy Policy. X