Product Details Supplier Info More products

Atmel Corporation has announced its AT88SA range of low-cost, ultra-low power, super-secure cryptographic authentication ICs.

The first device in the range, the AT88SA102S, is a general purpose Cryptoauthentication IC designed to protect consumers from counterfeit electronic and medical consumables, such as batteries, ink cartridges, test strips, blood bags, breathing tubes and others.

They can be used to secure network transmissions such as satellite radio broadcasts or medical records, or any other kind of logical data such as firmware or media.

Modern MCU-based systems typically use non-volatile memory to store firmware/software.

Cryptoauthentication provides a low-cost way to ensure that the the stored code is authentic as well as protect downloads from snooping or modification.

Cryptoauthentication ICs can accompany AVR and ARM microcontrollers that include AES encryption engines as it can securely store an encryption key for information stored within various bulk memory devices on the system, while the controller can quickly encrypt or decrypt the data using this key.

When the system is part of a network, the Cryptoauthentication device can provide a way of exchanging encryption keys over an open network in such a way that an observer can’t see the keys but the processor can easily encrypt/decrypt the message.

Atmel’s AT88SA devices have an embedded SHA-256 engine and 256-bit cryptographic key.

The 256-bit size allows an enormous number of keys, making it essentially impossible to crack using brute force methods.

The AT88SA102S includes 23-bits of one-time-programmable fuses that can be used for personalisation, status, or consumption logging and a guaranteed unique 48-bit serial number.

The device has a high-speed single-wire interface that is compatible with all microcontrollers, supports a wide supply voltage range of 2.5V to 5.5V, and an even wider 1.8V to 5.5V communications voltage range.

Authentication is based on a ‘challenge/response’ protocol between the microcontroller host and client.

The host could be a portable power tool, printer, medical test equipment, or even a satellite radio transmitter.

The corresponding client could be the battery used in the power tool, an ink cartridge, a medical consumable or a satellite radio.

Each AT88SA102S client device has a unique serial number, a 256-bit key permanently stored inside the chip and an additional 64-bit secret stored in a fuse array.

At the beginning of a transaction, the AT88SA102S sends its serial number to the host microcontroller.

The host performs an SHA-256 hash based on the AT88SA102S’s serial number, an internally generated random number and the 256-bit key that resides in the host.

The host sends the random number to the client as a ‘challenge’.

The AT88SA102S client performs its own SHA-256 hash, based on the random number, its own serial number and its 256-bit key.

The resulting digest, or ‘response’, is sent back to the host.

The host microcontroller compares this response with the SHA-256 digest from its earlier calculation; if they match, the client is deemed to be authentic.

The output digest of the SHA-256 calculation is so sensitive to the original information that changing even a single bit will result in a completely different value.

In the case of an ink cartridge or medical consumable, the microcontroller in the printer or medical device can prevent system operation if the ‘client’ is not authentic, and allow normal system operation for authentic clients.

In the case of data, such as a broadcast to a satellite radio, the host uses the 256-bit value of the SHA-1 digest as the session encryption key for the radio transmission, based on a random value sent along with the data.

Only an authentic client-radio containing an AT88SA102S programmed with the correct secret will be able to translate the random number to the session key properly to decrypt the transmission.

Since the microprocessor generates a random number challenge for each transaction, intercepting the challenge/response pair that is sent back and forth over the bus is useless because a new response, based on a different random number, is generated for every transaction.

Products using the AT88SA devices can be configured with a single key or with unique keys for each unit.

Since the key is unreadable and is never transmitted, it is always secure in the AT88SA102S Cryptoauthentication IC.

With sleep-mode power consumption of less than 100nA, Atmel’s AT88SA Cryptoauthentication ICs have virtually no effect on system battery life.

The normal leakage current of the battery is substantially greater.

Supply voltage for the AT88SA102S is 2.5V to 5.5V.

In order to speed system design, Atmel provides complete source code libraries for the AVR microcontroller, which implements all necessary cryptographic modules to perform the host-side authentication capability.

The chip requires only a single GPIO pin on the host processor and only three wires on the connector to the consumable plus a standard bypass capacitor for a low overall BOM impact.

The AT88SA102S Cryptoauthentication IC is available now in production quantities in a 2.9mm x 2.1mm footprint, green-compliant (exceeds RoHS) three-pin SOT-23 package.

Atmel will introduce additional AT88SA devices during 2009.

View full profile