Information
DS28E22
DeepCover Secure Authenticator with
1-Wire SHA-256 and 2Kb User EEPROM
General Description
DeepCover
M
embedded security solutions cloak sensitive
data under multiple layers of advanced physical security
to provide the most secure key storage possible.
The DeepCover Secure Authenticator (DS28E22) com-
bines crypto-strong, bidirectional, secure challenge-
and-response authentication functionality with an imple-
mentation based on the FIPS 180-3-specified Secure
Hash Algorithm (SHA-256). A 2Kb user-programmable
EEPROM array provides nonvolatile storage of applica-
tion data and additional protected memory holds a read-
protected secret for SHA-256 operations and settings
for user memory control. Each device has its own guar-
anteed unique 64-bit ROM identification number (ROM
ID) that is factory programmed into the chip. This unique
ROM ID is used as a fundamental input parameter for
cryptographic operations and also serves as an elec-
tronic serial number within the application. A bidirectional
security model enables two-way authentication between
a host system and slave-embedded DS28E22. Slave-to-
host authentication is used by a host system to securely
validate that an attached or embedded DS28E22 is
authentic. Host-to-slave authentication is used to protect
DS28E22 user memory from being modified by a non-
authentic host. The SHA-256 message authentication
code (MAC), which the DS28E22 generates, is computed
from data in the user memory, an on-chip secret, a host
random challenge, and the 64-bit ROM ID. The DS28E22
communicates over the single-contact 1-Wire
M
bus at
overdrive speed. The communication follows the 1-Wire
protocol with the ROM ID acting as node address in the
case of a multiple-device 1-Wire network.
Applications
Authentication of Network-Attached Appliances
Printer Cartridge ID/Authentication
Reference Design License Management
System Intellectual Property Protection
Sensor/Accessory Authentication and Calibration
Secure Feature Setting for Configurable Systems
Key Generation and Exchange for Cryptographic
Systems
Features
S Symmetric Key-Based Bidirectional Secure
Authentication Model Based on SHA-256
S Dedicated Hardware-Accelerated SHA Engine for
Generating SHA-256 MACs
S Strong Authentication with a High Bit Count, User-
Programmable Secret, and Input Challenge
S 2048 Bits of User EEPROM Partitioned Into 8
Pages of 256 Bits
S User-Programmable and Irreversible EEPROM
Protection Modes Including Authentication, Write
and Read Protect, and OTP/EPROM Emulation
S Unique, Factory-Programmed 64-Bit Identification
Number
S Single-Contact 1-Wire Interface Communicates
with Host at Up to 76.9kbps
S Operating Range: 3.3V ±10%, -40NC to +85NC
S Low-Power 5µA (typ) Standby
S ±8kV Human Body Model ESD Protection (typ)
S 6-Pin TDFN, 6-Lead TSOC Packages
Typical Application Circuit
219-0020; Rev 2; 12/12
Ordering Information appears at end of data sheet.
DeepCover and 1-Wire are registered trademark of Maxim Integrated Products, Inc.
For related parts and recommended products to use with this part, refer to: www.maximintegrated.com/DS28E22.related
EVALUATION KIT AVAILABLE
SDA
V
CC
SCL
SLPZ IO
R
P
R
P
= 1.1kΩ
MAXIMUM I
2
C BUS CAPACITANCE 320pF
3.3V
1-Wire LINE
µC
(I
2
C PORT)
DS2465
DS28E22
For pricing, delivery, and ordering information, please contact Maxim Direct at
1-888-629-4642, or visit Maxim Integrated’s website at www.maximintegrated.com.
ABRIDGED DATA SHEET