Datasheet
DS28E25
DeepCover Secure Authenticator with
1-Wire SHA-256 and 4Kb User EEPROM
General Description
DeepCover™ embedded security solutions cloak sensi-
tive data under multiple layers of advanced physical
security to provide the most secure key storage possible.
The DeepCover Secure Authenticator (DS28E25) com-
bines crypto-strong, bidirectional, secure challenge-
and-response authentication functionality with an imple-
mentation based on the FIPS 180-3-specified Secure
Hash Algorithm (SHA-256). A 4Kb user-programmable
EEPROM array provides nonvolatile storage of applica-
tion data and additional protected memory holds a read-
protected secret for SHA-256 operations and settings
for user memory control. Each device has its own guar-
anteed unique 64-bit ROM identification number (ROM
ID) that is factory programmed into the chip. This unique
ROM ID is used as a fundamental input parameter for
cryptographic operations and also serves as an elec-
tronic serial number within the application. A bidirectional
security model enables two-way authentication between
a host system and slave-embedded DS28E25. Slave-to-
host authentication is used by a host system to securely
validate that an attached or embedded DS28E25 is
authentic. Host-to-slave authentication is used to protect
DS28E25 user memory from being modified by a non-
authentic host. The SHA-256 message authentication
code (MAC), which the DS28E25 generates, is computed
from data in the user memory, an on-chip secret, a host
random challenge, and the 64-bit ROM ID. The DS28E25
communicates over the single-contact 1-Wire
M
bus at
overdrive speed. The communication follows the 1-Wire
protocol with the ROM ID acting as node address in the
case of a multiple-device 1-Wire network.
Applications
Authentication of Network-Attached Appliances
Printer Cartridge ID/Authentication
Reference Design License Management
System Intellectual Property Protection
Sensor/Accessory Authentication and Calibration
Secure Feature Setting for Configurable Systems
Key Generation and Exchange for Cryptographic
Systems
Features
S Symmetric Key-Based Bidirectional Secure
Authentication Model Based on SHA-256
S Dedicated Hardware-Accelerated SHA Engine for
Generating SHA-256 MACs
S Strong Authentication with a High Bit Count, User-
Programmable Secret, and Input Challenge
S 4096 Bits of User EEPROM Partitioned Into 16
Pages of 256 Bits
S User-Programmable and Irreversible EEPROM
Protection Modes Including Authentication, Write
and Read Protect, and OTP/EPROM Emulation
S Unique, Factory-Programmed 64-Bit Identification
Number
S Single-Contact 1-Wire Interface Communicates
with Host at Up to 76.9kbps
S Operating Range: 3.3V ±10%, -40NC to +85NC
S Low-Power 5µA (typ) Standby
S ±8kV Human Body Model ESD Protection (typ)
S 2-Pin SFN, 2-Pin TO-92, 6-Pin TDFN, and 6-Pin
TSOC Packages
Typical Application Circuit
219-0019; Rev 3; 12/12
Ordering Information appears at end of data sheet.
DeepCover is a trademark and 1-Wire is a registered trademark of Maxim Integrated Products, Inc.
For related parts and recommended products to use with this part, refer to: www.maximintegrated.com/DS28E25.related
EVALUATION KIT AVAILABLE
SDA
V
CC
SCL
SLPZ IO
R
P
R
P
= 1.1kΩ
MAXIMUM I
2
C BUS CAPACITANCE 320pF
3V
1-Wire LINE
µC
(I
2
C PORT)
DS2465
DS28E25
For pricing, delivery, and ordering information, please contact Maxim Direct at
1-888-629-4642, or visit Maxim Integrated’s website at www.maximintegrated.com.
ABRIDGED DATA SHEET