### **DS28E35**

# DeepCover Secure Authenticator with 1-Wire ECDSA and 1Kb User EEPROM

### **General Description**

DeepCover<sup>®</sup> embedded security solutions cloak sensitive data under multiple layers of advanced physical security to provide the most secure key storage possible.

The DeepCover Secure Authenticator (DS28E35) provides a highly secure solution for a host controller to authenticate peripherals based on the industry standard (FIPS 186) public-key based Elliptic Curve Digital Signature Algorithm (ECDSA). The ECDSA engine computes keys and signatures using a pseudorandom curve over a prime field according to the "Standards for Efficient Cryptography (SEC)". The private and public key can be computed by the device or installed by the user and optionally locked. Separate memory space is set aside to store and lock a public-key certificate as it is needed to verify authenticity. In addition to ECDSA-related memory, the device has 1024 bits of user memory that is organized as four pages of 256 bits. Page protection modes include write protection, read protection, and one-time-programmable (OTP) memory emulation modes. The DS28E35 also features a one-time settable, nonvolatile 17-bit decrement-on-command counter, which can be used to keep track of the lifetime of the object to which the DS28E35 is attached. Each device has its own guaranteed unique 64-bit ROM identification number (ROM ID) that is factory programmed into the chip. This unique ROM ID is used as a fundamental input parameter for cryptographic operations and also serves as an electronic serial number within the application. The DS28E35 communicates over the single-contact 1-Wire® bus at overdrive speed. The communication follows the 1-Wire protocol with the ROM ID acting as node address in the case of a multi-device 1-Wire network.

### **Applications**

- Authentication of Consumables
- Peripheral Authentication
- Medical Sensors
- Printer Cartridge Identification and Authentication

Ordering Information appears at end of data sheet.

For related parts and recommended products to use with this part, refer to <u>www.maximintegrated.com/DS28E35.related</u>.

DeepCover and 1-Wire are registered trademarks of Maxim Integrated Products, Inc.

#### **Features**

- ECDSA Engine for Public-Key Signature Using a Defined SEC Domain Parameter Set
- On-Chip Hardware Random Number Generator
- Private and Public Key Can Be Computed by the Device or Loaded from Outside with Optional Automatic Locking
- Separate User-Programmable and Lockable Memory Space to Store a Public-Key Certificate
- 17-Bit One-Time Settable, Nonvolatile Decrement-On-Command Counter
- SHA-256 Engine to Compute a Hash of EEPROM Page Data and Host Challenge for Subsequent ECDSA Signing
- 1024 Bit of User EEPROM Organized as Four Pages of 256 Bits
- Programmable and Irreversible User EEPROM Protection Modes Including Write Protection, Read Protection, and OTP/EPROM Emulation for Individual Memory Pages
- Unique Factory-Programmed 64-Bit Identification
  Number
- Single-Contact 1-Wire Interface Communicates with Host at Up to 76.9kbps
- Operating Range: 3.3V ±10%, -40°C to +85°C
- ±8kV HBM ESD Protection (typ) for IO Pin
- 8-Pin TDFN and 6-Pin TSOC Packages

### **Typical Application Circuit**





219-0028; Rev 4; 4/14

# **ABRIDGED DATA SHEET**

## DS28E35

# DeepCover Secure Authenticator with 1-Wire ECDSA and 1Kb User EEPROM

### **Absolute Maximum Ratings**

| IO Voltage Range to GND     | 0.5V to +4.0V |
|-----------------------------|---------------|
| IO Sink Current             | 20mA          |
| Operating Temperature Range | 40°C to +85°C |
| Junction Temperature        | +150°C        |

| Storage Temperature Range         | 55°C to +125°C |
|-----------------------------------|----------------|
| Lead Temperature (soldering, 10s) | +300°C         |
| Soldering Temperature (reflow)    | +260°C         |

Stresses beyond those listed under "Absolute Maximum Ratings" may cause permanent damage to the device. These are stress ratings only, and functional operation of the device at these or any other conditions beyond those indicated in the operational sections of the specifications is not implied. Exposure to absolute maximum rating conditions for extended periods may affect device reliability.

## Package Thermal Characteristics (Note 1)

#### TSOC

Junction-to-Ambient Thermal Resistance  $(\theta_{JA}) \dots 126.7^{\circ}$ C/W Junction-to-Case Thermal Resistance  $(\theta_{JC}) \dots 37^{\circ}$ C/W

TDFN Junction-to-Ambient Thermal Resistance ( $\theta_{JA}$ ) .........60°C/W Junction-to-Case Thermal Resistance ( $\theta_{JC}$ )........11°C/W

Note 1: Package thermal resistances were obtained using the method described in JEDEC specification JESD51-7, using a four-layer board. For detailed information on package thermal considerations, refer to www.maximintegrated.com/thermal-tutorial.

### **Electrical Characteristics**

#### $(T_A = -40^{\circ}C \text{ to } +85^{\circ}C.)$ (Note 2)

| PARAMETER                       | SYMBOL                                            | CONDITIONS                             | MIN                                   | ТҮР                  | MAX          | UNITS |
|---------------------------------|---------------------------------------------------|----------------------------------------|---------------------------------------|----------------------|--------------|-------|
| IO PIN: GENERAL DATA            |                                                   |                                        |                                       |                      |              |       |
| 1-Wire Pullup Voltage           | V <sub>PUP</sub>                                  | (Note 3)                               | 2.97                                  |                      | 3.63         | V     |
| 1-Wire Pullup Resistance        | R <sub>PUP</sub>                                  | V <sub>PUP</sub> = 3.3V ±10% (Note 4)  | 300                                   |                      | 1500         | Ω     |
| Input Capacitance               | C <sub>IO</sub>                                   | (Notes 5, 6)                           |                                       | 1500                 |              | pF    |
| Input Load Current              | ١L                                                | IO pin at V <sub>PUP</sub>             |                                       | 5                    | 50           | μA    |
| High-to-Low Switching Threshold | V <sub>TL</sub>                                   | (Notes 6, 7, 8)                        | 0.65                                  | 5 x V <sub>PUP</sub> |              | V     |
| Input Low Voltage               | VIL                                               | (Notes 3, 9)                           |                                       |                      | 0.3          | V     |
| Low-to-High Switching Threshold | V <sub>TH</sub>                                   | (Notes 6, 7, 10)                       | 0.75 x V <sub>PUP</sub>               |                      |              | V     |
| Switching Hysteresis            | V <sub>HY</sub>                                   | (Notes 6, 7, 11)                       | 0.3                                   |                      |              | V     |
| Output Low Voltage              | V <sub>OL</sub>                                   | I <sub>OL</sub> = 4mA (Note 12)        |                                       |                      | 0.4          | V     |
| Recovery Time                   | t <sub>REC</sub>                                  | R <sub>PUP</sub> = 1500Ω (Notes 3, 13) | 5                                     |                      |              | μs    |
| Time Slot Duration              | t <sub>SLOT</sub>                                 | (Notes 3, 14)                          | 13                                    |                      |              | μs    |
| IO PIN: 1-Wire RESET, PRESENC   | E DETECT C                                        | YCLE                                   |                                       |                      |              |       |
| Reset Low Time                  | t <sub>RSTL</sub>                                 | (Note 3)                               | 48                                    |                      | 80           | μs    |
| Reset High Time                 | t <sub>RSTH</sub>                                 | (Note 15)                              | 48                                    |                      |              | μs    |
| Presence Detect Sample Time     | t <sub>MSP</sub>                                  | (Notes 3, 16)                          | 8                                     |                      | 10           | μs    |
| IO PIN: 1-Wire WRITE            |                                                   | <u>`</u>                               |                                       |                      |              |       |
| Write-Zero Low Time             | Zero Low Time t <sub>W0L</sub> (Notes 3, 17) 8 16 |                                        | 16                                    | μs                   |              |       |
| Write-One Low Time              | t <sub>W1L</sub>                                  | (Notes 3, 17)                          | 1                                     |                      | 2            | μs    |
| IO PIN: 1-Wire READ             |                                                   | ·                                      | · · · · · · · · · · · · · · · · · · · |                      |              |       |
| Read Low Time                   | t <sub>RL</sub>                                   | (Notes 3, 18)                          | 1                                     |                      | <b>2</b> - δ | μs    |
| Read Sample Time                | t <sub>MSR</sub>                                  | (Notes 3, 18)                          | t <sub>RL</sub> + δ                   |                      | 2            | μs    |

# **ABRIDGED DATA SHEET**

# DS28E35

# DeepCover Secure Authenticator with 1-Wire ECDSA and 1Kb User EEPROM

### **Electrical Characteristics (continued)**

(T<sub>A</sub> = -40°C to +85°C.) (Note 2)

| PARAMETER                     | SYMBOL            | CONDITIONS MIN                               |  | TYP | MAX   |
|-------------------------------|-------------------|----------------------------------------------|--|-----|-------|
| EEPROM                        |                   |                                              |  |     |       |
| Programming Current           | I <sub>PROG</sub> | V <sub>PUP</sub> = 3.63V (Notes 6, 19) 1     |  | 1   | mA    |
| Programming Time Unit         | t <sub>PROG</sub> | Refer to the full data sheet.                |  |     | ms    |
| Write/Erase Cycling Endurance | N <sub>CY</sub>   | T <sub>A</sub> = +85°C (Notes 21, 22) 100k   |  |     | _     |
| Data Retention                | t <sub>DR</sub>   | T <sub>A</sub> = +85°C (Notes 23, 24, 25) 10 |  |     | years |
| ECDSA ENGINE                  |                   |                                              |  |     |       |
| Computation Current           | I <sub>ECE</sub>  |                                              |  |     | mA    |
| Key Pair Computation Time     | t <sub>GKP</sub>  | Refer to the full data sheet.                |  | ms  |       |
| Signature Computation Time    | t <sub>GPS</sub>  |                                              |  |     | ms    |

**Note 2:** Limits are 100% production tested at  $T_A = +25^{\circ}C$  and  $T_A = +85^{\circ}C$ . Limits over the operating temperature range and relevant supply voltage range are guaranteed by design and characterization. Typical values are at  $T_A = +25^{\circ}C$ .

Note 3: System requirement.

**Note 4:** Maximum allowable pullup resistance is a function of the number of 1-Wire devices in the system and 1-Wire recovery times. The specified value here applies to systems with only one device and with the minimum 1-Wire recovery times.

- Note 5: Typical value represents the internal parasite capacitance when V<sub>PUP</sub> is first applied. Once the parasite capacitance is charged, it does not affect normal communication.
- Note 6: Guaranteed by design and/or characterization only; not production tested.

**Note 7:** V<sub>TL</sub>, V<sub>TH</sub>, and V<sub>HY</sub> are a function of the internal supply voltage, which is a function of V<sub>PUP</sub>, R<sub>PUP</sub>, 1-Wire timing, and capacitive loading on IO. Lower V<sub>PUP</sub>, higher R<sub>PUP</sub>, shorter t<sub>REC</sub>, and heavier capacitive loading all lead to lower values of V<sub>TL</sub>, V<sub>TH</sub>, and V<sub>HY</sub>.

- Note 8: Voltage below which, during a falling edge on IO, a logic-zero is detected.
- Note 9: The voltage on IO must be less than or equal to VILMAX at all times the master is driving IO to a logic-zero level.
- Note 10: Voltage above which, during a rising edge on IO, a logic-one is detected.
- Note 11: After V<sub>TH</sub> is crossed during a rising edge on IO, the voltage on IO must drop by at least V<sub>HY</sub> to be detected as logic-zero.
- **Note 12:** The I-V characteristic is linear for voltages less than 1V.
- Note 13: Applies to a single device attached to a 1-Wire line. 100% production tested at T<sub>A</sub> = +85°C, +25°C, and -40°C.
- **Note 14:** Defines maximum possible bit rate. Equal to  $1/(t_{WOLMIN} + t_{RECMIN})$ .
- Note 15: An additional reset or communication sequence cannot begin until the reset high time has expired.
- **Note 16:** Interval after t<sub>RSTL</sub> during which a bus master can read a logic-zero on IO if there is a DS28E35 present. The power-up presence detect pulse could be outside this interval, but is complete within 2ms after power-up.
- Note 17:  $\varepsilon$  in Figure 11 represents the time required for the pullup circuitry to pull the voltage on IO up from V<sub>IL</sub> to V<sub>TH</sub>. The actual maximum duration for the master to pull the line low is t<sub>W1LMAX</sub> + t<sub>F</sub>  $\varepsilon$  and t<sub>W0LMAX</sub> + t<sub>F</sub>  $\varepsilon$ , respectively.

Note 18:  $\delta$  in Figure 11 represents the time required for the pullup circuitry to pull the voltage on IO up from V<sub>IL</sub> to the input-high threshold of the bus master. The actual maximum duration for the master to pull the line low is t<sub>RLMAX</sub> + t<sub>F</sub>.

- Note 19: Current drawn from IO during the EEPROM programming interval. The pullup circuit on IO during the programming interval should be such that the voltage at IO is greater than or equal to 2.5V.
- Note 20: Refer to the full data sheet.
- Note 21: Write-cycle endurance is tested in compliance with JESD47G.
- Note 22: Not 100% production tested; guaranteed by reliability monitor sampling.
- Note 23: Data retention is tested in compliance with JESD47G.
- **Note 24:** Guaranteed by 100% production test at elevated temperature for a shorter time; equivalence of this production test to the data sheet limit at operating temperature range is established by reliability testing.
- **Note 25:** EEPROM writes can become nonfunctional after the data-retention time is exceeded. Long-term storage at elevated temperatures is not recommended.
- Note 26: Refer to the full data sheet.
- Note 27: Refer to the full data sheet.
- Note 28: Refer to the full data sheet.

# **ABRIDGED DATA SHEET**

## DS28E35

# DeepCover Secure Authenticator with 1-Wire ECDSA and 1Kb User EEPROM

# **Pin Configuration**



### **Pin Description**

| Р    | IN      | NAME | FUNCTION                                                                                                                                                                           |  |
|------|---------|------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--|
| TSOC | TDFN-EP | NAME | FUNCTION                                                                                                                                                                           |  |
| 1    | 2       | GND  | Ground Reference                                                                                                                                                                   |  |
| 2    | 1       | IO   | 1-Wire Bus Interface. Open-drain signal that requires an external pullup resistor.                                                                                                 |  |
| 3–6  | 3–8     | N.C. | Not Connected                                                                                                                                                                      |  |
| _    | EP      | EP   | Exposed Pad. Solder evenly to the board's ground plane for proper operation. Refer to Application Note 3273: Exposed Pads: <i>A Brief Introduction</i> for additional information. |  |

# DS28E35

# DeepCover Secure Authenticator with 1-Wire ECDSA and 1Kb User EEPROM

### **Ordering Information**

| PART         | TEMP RANGE     | PIN-PACKAGE           |
|--------------|----------------|-----------------------|
| DS28E35Q+T** | -40°C to +85°C | 8 TDFN-EP* (2.5k pcs) |
| DS28E35P+    | -40°C to +85°C | 6 TSOC                |
| DS28E35P+T   | -40°C to +85°C | 6 TSOC (4k pcs)       |

+Denotes lead(Pb)-free/RoHS-compliant package.

T = Tape and reel.

\*EP = Exposed pad.

\*\*Future product—contact factory for availability.

### **Package Information**

For the latest package outline information and land patterns (footprints), go to <u>www.maximintegrated.com/packages</u>. Note that a "+", "#", or "-" in the package code indicates RoHS status only. Package drawings may show a different suffix character, but the drawing pertains to the package regardless of RoHS status.

| PACKAGE<br>TYPE | PACKAGE<br>CODE | OUTLINE<br>NO. | LAND<br>PATTERN NO. |
|-----------------|-----------------|----------------|---------------------|
| 6 TSOC          | D6+1            | <u>21-0382</u> | <u>90-0321</u>      |
| 8 TDFN-EP       | T823+1          | <u>21-0174</u> | <u>90-0091</u>      |

Note to readers: This document is an abridged version of the full data sheet. Additional device information is available only in the full version of the data sheet. To request the full data sheet, go to <a href="http://www.maximintegrated.com/DS28E35">www.maximintegrated.com/DS28E35</a> and click on Request Full Data Sheet.