Click here to ask about the production status of specific part numbers. DS28E40 Deep Cover Automotive 1-Wire Authenticator General Description Benefits and Features The DS28E40 is a secure authenticator that provides a ECC-P256 Compute Engine core set of cryptographic tools derived from integrated FIPS 186 ECDSA P256 Signature and Verification asymmetric (ECC-P256) and symmetric (SHA-256) secu- ECDH Key Exchange for Session Key rity functions. In addition to the security services provided Establishment by the hardware-implemented cryptographic engines, the ECDSA Authenticated R/W of Configurable Memory device integrates a FIPS/NIST True Random Number SHA-256 Compute Engine Generator (TRNG), 6Kb of One-Time Programmable FIPS 198 HMAC for Bidirectional Authentication (OTP) memory for user data, keys and certificates, one SHA-256 One-Time Pad Encrypted R/W of configurable General-Purpose Input/Output (GPIO), and a Configurable Memory Through ECDH Established Key unique 64-bit ROM identification number (ROM ID). One GPIO Pin with Optional Authentication Control The ECC public/private key capabilities operate from the Open-Drain, 4mA/0.4V NIST-defined P-256 curve and include FIPS 186 compli- Optional SHA-256 or ECDSA Authenticated On/Off ant ECDSA signature generation and verification to sup- and State Read port a bidirectional asymmetric key authentication model. Optional ECDSA Certificate Verification to Set On/ The SHA-256 secret-key capabilities are compliant with Off after Multiblock Hash for Secure Boot FIPS 180 and are usable flexibly either in conjunction with TRNG with NIST SP 800-90B Compliant Entropy ECDSA operations or independently for multiple Hash- Source with Function to Read Out Based Message Authentication Code (HMAC) functions. Optional Chip-Generated Pr/Pu Key Pairs for ECC The GPIO pin is operated under command control and is Operations configurable enabling support of authenticated and non- 6Kb of One-Time Programmable (OTP) for User Data, authenticated operation. The GPIO-authenticated opera- Keys, and Certificates tion supports ECDSA-based crypto-robust mode, enabling Unique and Unalterable Factory-Programmed 64-Bit secure-boot of a host processor. Identification Number (ROM ID) DeepCover embedded security solutions cloak sensitive Optional Input Data Component to Crypto and Key data under multiple layers of advanced security to provide Operations the most secure key storage possible. To protect against Single-Contact, 1-Wire Interface Communication with device-level security attacks, including invasive and non- Host at 9.09kbps and 62.5kbps invasive methods, countermeasures include active die 3.3V 10%, -40C to +125C Operating Range shield, encrypted storage of keys, and algorithmic meth- 8kV HBM ESD protection of 1-Wire IO Pin ods. 10-Pin TDFN Package 3mm x 4mm TDFN Package Applications 3mm x 3mm, Side-Wettable TDFN Package Automotive Secure Authentication AEC-Q100 Grade 1 Identification and Calibration Automotive Parts/Tools/ Accessories IoT Node Crypto-Protection Accessory and Peripheral Secure Authentication Request DS28E40 Secure Storage of Cryptographic Keys for a Host Controller Security User Guide Secure Boot or Download of Firmware and/or System Parameters Ordering Information appears at end of data sheet. DeepCover is a registered trademark of Maxim Integrated Products, Inc. 19-100901 Rev 1 1/21DS28E40 Deep Cover Automotive 1-Wire Authenticator Simplified Block Diagram C X PARASITE POWER Cext DS28E40DS28E40 64-BIT ROM ID 1-WIRE IO BUFFER INFC & ECC-P256 CMD SHA-256 TRNG OTP ARRAY USER MEMORY KEYS & CERTIFICATES maxim integrated TM AUTHENTICATED GPIO GPIO Figure 1. DS28E40 Block Diagram www.maximintegrated.com Maxim Integrated 2