atmel at88sa102s atmel cryptoauthentication product authentication chip datasheet features ? secure authentication and key exchange ? superior sha - 256 hash algorithm ? best in class 256 - bit key length ? guaranteed unique 48- bit serial number ? high speed single wir e interface ? supply voltage : 2.7 ? 5.25 v ? 1.8 ? 5. 2 5 v communications ? < 150 na sleep current ? multi - level hardware security ? secure personalization ? green compliant (exceeds rohs ) 3 - pin sot - 23 and 8 - pin tssop or soic packages applications ? authentication of rep laceable items ? software anti - piracy ? network and computer access control ? portable media player and gps system ? key exchange for encrypted downloads ? prevention of clones for demo and eval uation boards ? authenticated communications for control networks ? anti - clo ne authentication for daughter cards ? physical a ccess control (electronic lock and key) 8584g ? crypto ? 9 /11
atmel at88sa102s [ datasheet ] 2 8584g ? crypto ? 9 /11 figure 1. pin c onfigurations pin name function signal serial data , single - wire clock and data gnd ground vcc power supply 1. introduction the atmel ? at88sa102s is a member of the atmel cryptoauthentication ? family of cost - effective authentication chips designed to securely authenticate an item to which it is attached. it can also be used to exchange sess ion keys with some remote entity so that the system microprocessor can securely encrypt/decrypt data. each at88sa102s chip contains a pre - programmed serial number which is guaranteed to be unique. in addition, it has been designed to permit secure personal ization so that third parties can build devices containing an oem secret without concern for the theft of that secret. it is the first small standard product to implement the sha - 256 hash algorithm, which is part of the latest set of recommended algorithms by the us government. the 256 - bit key space renders any exhaustive attacks impossible. the cryptoauthentication family uses a standard challenge response protocol to simplify programming. the system generates a random number challenge and sends it to the at88sa102s chip. the chip hashes that with a 256 - bit key using the sha - 256 algorithm to generate a keyed 256 - bit response which is sent back to the system. the chip includes 128 - single bit one time programmable fuses that can be used for personalization, s tatus or consumption logging. atmel programs 40 of these bits prior to the chip leaving the factory, leaving 88 for user purposes. see section 1.3 for more information. note: the chip implements a failsafe internal w atchdog timer that forces it into a very low power mode after a certain time interval regardless of any command execution or io transfers that may be happening at the time the timer expires. system programming must take this into consideration. see section 5.4 for more details 1.1 usage there are many different ways in which the at88sa102s can add an authentication capability to a system. for more information, see the ?atmel cryptoauthentication usage examples? appli cations note . in general, however, all these security models usually employ one of two general key management strategies: ? fixed challenge response number pair stored in the host. in this case, the host sends its particular challenge and only an authentic at88sa102s can generate the correct response. since no secret is stored on the host, there is no security cost on the host. depending on the particulars of the system, each host may have a different challenge response pair and/or each client may have the s ame key. ? host computes the response that should be provided for a particular client against a random challenge and/or include the client id number in the calculation. in this case, the host needs to have the capability to securely store the secret from whi ch diversified response will be computed. one way to do this is to use a cryptoauthentication host chip. since each client is unique, the host can maintain a dynamic black list of clients that have been found to be fraudulent. nc nc nc gnd 1 2 3 4 8 7 6 5 8- lead soic vcc nc nc signal 3 2 1 gnd vcc signal 3 - lead nc nc nc gnd 1 2 3 4 8 7 6 5 8- lead tssop vcc nc nc signal
atmel at88sa102s [ datasheet ] 3 8584g ? crypto ? 9 /11 1.2 memory resources fuse bloc k of 128 - fuse bits that can be written through the one wire interface. fuse[1] and fuse[87] have special meanings, see section 1.3 for more details. fuse[88:95] are part of the manufacturing id value fixed by at mel. fuse[96:127] are part of the serial number programmed by atmel which is guaranteed to be unique. see section 1.4 for more details on the manufacturing id and serial number. rom metal mask programmed memo ry. unrestricted reads are permitted on the first 64 - bits of this array. the physical rom will be larger and will contain other information that cannot be read. rom mfrid 2 - bytes of rom that specifies part of the manufacturing id code. this value is assi gned by atmel and is always the same for all chips of a particular model number. for the at88s a102s, this value is 0x23 01 (a ppears on the bus: 0x01 23) , rom mfrid can be read by accessing rom bytes 0 and 1 of address 0 . rom sn 2 - bytes of rom that can be used to identify chips among others on the wafer. these bits reduce the number of fuses necessary to construct a unique serial number. the rom sn is read by accessing rom bytes 2 and 3 of address 0 . rom sn can always be read by the system and is optionally included in the message digested by the mac command. revnum 4 - bytes of rom that are used by atmel to identify the model mask and/or design revision of the at88sa102s chip. these bytes can be freely read as the four bytes returned rom address one, howeve r system code should not depend on this value as it may change from time to time. 1.3 fuse map the at88sa102s incorporates 128 one - time fuses within the chip. once burned, there is no way to reset the value of a fuse. fuses, with the exception of the manufactu rer id and serial number bits initialized by atmel have a value of one when shipped from the atmel factory and transition to a zero when they are burned. bits 0 - 63 can never be read, while bits 64- 128 can always be read. table 1 -1. the 128 fuses in t he atmel at88sa10 2s chip a re a rranged in the following manner fuse # name description 1 burnfuse enable if this fuse is one , then the burnfuse command is enabled. if it is burned to zero , then t he burnfuse command is disabled 0 and 2 ? 63 secret fuses these fuses can be securely written by the burnsecure command but can never be read directly with the read command 64 ? 83 status fuses these fuses can be written with the burnsecure command and can alway s be read with the read command . they are totally user - defined. 84 ? 8 6 status fuses these fuses can be written with the burnsecure command and can alway s be read with the read command. they are user - defined, but have special significance f or the pause long command . s ee s ection 6.6 . 87 fuse d isable the mac command ignores the values of fuse[0 - 86] while this fuse is an one once it is burned to zero , the burnsecure command is disabled 88 ? 95 fuse mfrid see section 1.4 . set by atmel; cannot be modif ied in the field 96 ? 127 fuse sn see section 1.4 . set by atmel; cannot be modified in the field burnfuse enable this fuse is used to prevent operation of the burnfuse command in the application. this fuse may only be burned to 0 using the burnsecure command.
atmel at88sa102s [ datasheet ] 4 8584g ? crypto ? 9 /11 secret fuses these 63 - fuses are used to augment the keys stored elsewhere in the chip. knowledge of both the internally stored keys and the values of the secret fuses are required to generate the correct response to the cryptographic command of the at88sa102s. an arbitrary selection of these fuses is burned during personalization via the burnsecure command. within this document, ?secret fuses? is used to refer to the entire array of 64 - bits: f use[0- 63], even though the value of fuse[1] is fixed for most applications and its value can be derived from the operation of the chip. status fuses these 23 - fuses can be used to store information which is not secret, as their value can always be determi ned using the read command. they can be written at the same time as the secret fuses using the burnsecure command, or they can be individually burned at a later time with the burnfuse command. two common usage models for these fuses are: 1. calibration or model number information. in this situation, the 23 - bits are written at the factory. this method can also be used for feature enabling. in this case, the burnfuse command should not be run in the field, and the burnfuse enable bit should be zero . 2. consum ption logging, i.e. burn one bit after every n uses, the host system keeps track of the number of uses so far for this serial number. in this case, the burnfuse command is necessary to individually burn one of t hese 23 - bits, and the burnfuse e nable bit sho uld be a one. within this document, ?status fuses? is used to refer to the en tire array of 24 - bits: fuse[64 - 87], even though the value of fuse[87] is fixed after personal ization and cannot be modified in the field. fuse disable this fuse is used to disable/enable the ability of the mac command to read the fuse values until the burnsecure command has completed properly. when it has a value of one (unburned), the bit values in the message that would normally have been filled in with fuse values are all set to a one. when fusedisable is burned, the mac command fills in the message with the requested fuse values. additionally, this bit, when burned, disables the burnsecure command to prevent modification of the secret fuses and burnfuse enable bit in the end customer application . 1.4 chip identification the chip includes a total of 72 - bits of information that can be used to distinguish between individual chips in a reliable manner. the information is distributed between the rom and fuse blocks in the following manner. serial number this 48 - bit value is composed of rom sn (16- bits) and fuse sn (32- bits). together they form a serial number that is guaranteed to be unique for all devices ever manufactured within the atmel cryptoauthentication family. this value i s optionally included in the mac calculation. manufacturing id this 24 - bit value is composed of rom mfrid (16- bits) and fuse mfrid (8 - bits). typically this value is the same for all chips of a given type. it is always included in the cryptographic computa tions. 1.5 key values the values stored in the atmel at88sa102s internal key array are hardwired into the masking layers of the chip during wafer manufacture. all chips have the same keys stored internally, though the value of a particular key cannot be determ ined externally from the chip. for this reason, customers should ensure that they program a unique (and secret) number into the 64- secret fuses and they should store the atmel provided key values securely. individual key values are made available to qualif ied customers upon request to atmel and are always transmitted in a secure manner. when the serial number is included in the mac calculation then the response is considered to be diversified and the host needs to know the base secret in order to be able to verify the authenticity of the client. a diversified response can also be obtained by including the serial number in the computation of the value written to the secret fuses. a cryptoauthentication host chip provides a secure hardware mechanism to validat e responses to determine if they are authentic.
atmel at88sa102s [ datasheet ] 5 8584g ? crypto ? 9 /11 1.6 sha - 256 computation at88sa102s performs only one cryptographic calculation ? a keyed digest of an input challenge. it includes optionally various other information stored on the chip within the digested mess age. at88sa102s computes the sha - 256 digest based on the algorithm documented here: http://csrc.nist.gov/publications/fips/fips180 - 2/fips180 - 2.pdf throughout this document, the complete message processed by the at88sa102s chip is documented. according to the above specification, this always includes a single bit of ?1? pad after the message, followed by a 64 - bit value representing the total number of bits being hashed (less p ad and length). if the length is less than 447 (512 -64- 1), then the necessary number of ?0? bits are included between the ?1? pad and ?length? to stretch the last message block out to 512 - bits. when using standard libraries to calculate the sha - 256 digest, these pad and length bits should probably not be passed to the library as most standard software implementations of the algorithm add them in automatically. 1.6.1 sha computation example in order to ensure that there is no ambiguity, the following example vecto r is provided in addition to the sample vectors in the nist document. in this example, all values are listed in hex format. for all but the key, bytes are listed in the order that they appear on the bus ? first on the bus is listed on the left side of the page. the key value below is listed in the same order as the challenge, so the 01 at the left of the key string corresponds to the first byte in the sha - 256 document. sha computation example key 01030507090b0d0f11131517191b1d1f21232527292b2d2f31333537 393b3d3f challenge 020406080a0c0e10121416181a1c1e20222426282a2c2e30323436383a3c3e40 opcode 08 mode 50 (all optional information included in message) keyid secret fuses 0000111122223333 status fuses 445566 fuse mfrid 77 fuse sn 8899a abb rommfrid ccdd rom sn eeff the 88 - bytes over which the digest is calculated are: 0103?3d3f0204?3e400850ffff00001111?eeff and the resulting digest is: 6ca7129c8da9ce80ea6357ddcfb1ddcbbbd89ed373419a5a332d728b42642c62 1.7 security featu res the at88sa102s incorporates a number of physical security features designed to protect the keys from release. these include an active shield over the entire surface of the part, internal memory encryption, internal clock generation, glitch protection, voltage tamper detection and other physical design features. pre - programmed keys stored on the at88sa102s are encrypted in such a way as to make retrieval of their values via outside analysis very difficult. both the clock and logic supply voltage are int ernally generated, preventing any direct attack via the pins on these two signals.
atmel at88sa102s [ datasheet ] 6 8584g ? crypto ? 9 /11 2. io protocol communications to and from the at88sa102s take place over a single asynchronously timed wire using a pulse count scheme. the overall communications structure is a hierarchy: table 2 -1. io hierarchy tokens implement a single data bit transmitted on the bus, or the wake - up event . flags c omprised of eight tokens (bits) which convey the direction and meaning of the next group of bits (if any) which may be transmitted . blocks o f data follow the command and t ransmit flags. they incorporate both a byte count and a checksum to ensure proper data transmissio n . packets o f bytes form the core of the block without the count and crc. they are either the input or output parameters of a n atmel at88sa102s command or status information from the atmel at88sa102s . see applications notes on the atmel website for more details on how to use any microprocessor to easily generate the signaling necessary to send these values to the chip. 2.1 io toke ns there are a number of io tokens input: (to at88sa102s) that may be transmitted along the bus: wake wake at88sa102s up from sleep (low power) state zero send a single bit from system to at88sa102s with a value of zero one send a single bit from syste m to at88sa102s with a value of one output: (from at88sa102s) zeroout send a single bit from at88sa102s to the system with a value of zero oneout send a single bit from at88sa102s to the system with a value of one the waveforms are the same in either dir ection, however there are some differences in timing based on the expectation that the host has a very accurate and consistent clock while at88sa102s has significant part to part variability in its internal c lock generator due to normal manufacturing and e nvironmental fluctuations. the bit timings are designed to permit a standard uart running at 230.4k baud to transmit and receive the tokens efficiently. each byte transmitted or received by the uart corresponds to a single bit received or transmitted by at 88sa102s. see applications notes on the atmel website for more details.
atmel at88sa102s [ datasheet ] 7 8584g ? crypto ? 9 /11 2.2 ac parameters t start t zhi t zlo data comm wake logic ? t start t bit logic 1 t lignore t hignore noise suppresion t wlo t whi 3. absolute maximum ratings* operating temperature .................. ? 40 c to + 8 5 c storage temperature ................. ? 65 c to + 150 c voltage on any pin with respect to ground ................ ? 0.5 to v cc +0.5 v *notice: stresses beyond those listed under ?absolute maximum ratings? may cause permanent damage to the device. this is a stress rating only and functional operation of the device at these or any other condition beyond those indicated in the operational sections of this specification is not implied. exposure to absolute maximum rating conditions for extended periods of time may affect device reliability.
atmel at88sa102s [ datasheet ] 8 8584g ? crypto ? 9 /11 4. ac parameters table 4 -1. ac parameters parameter symbol direction min typ max unit notes wake low durati on t wlo to atmel at88sa102s 60 - s signal can be stable in either high or low levels during extended sleep intervals. wake delay to data comm. t whi to atmel at88sa102s 2.5 45 ms signal should be stable high for this entire duration. t whi must not ex ceed t timeout or the chip will transition to sleep. start pulse duration t start to atmel at88sa102s 4.1 4.34 4.56 s from atmel at88sa102s 4.6 6.0 8.6 s zero transmission high pulse t zhi to atmel at88sa102s 4.1 4.34 4.56 s from atmel at88sa1 02s 4.6 6.0 8.6 s zero transmission low pulse t zlo to atmel at88sa102s 4.1 4.34 4.56 s from atmel at88sa102s 4.6 6.0 8.6 s bit time t bit to atmel at88sa102s 37 39 - s if the bit time exceeds t timeout then the at88sa102s will enter sleep mod e and the wake token must be resent. from atmel at88sa102s 41 54 78 s turn around delay t turnaround from atmel at88sa102s 28 60 95 s the at88sa102s will initiate the first low going transition after this time interval following the end of the trans mit flag to atmel at88sa102s 15 s 45 ms after the at88sa102s transmits the last bit of a block, system must wait this interval before sending the first bit of a flag high side glitch filter @ active t hignore_a to atmel at88sa102s 45 ns pulses sho rter than this in width will be ignored by the chip, regardless of its state when active low side glitch filter @ active t lignore_a to atmel at88sa102s 45 ns pulses shorter than this in width will be ignored by the chip, regardless of its state when ac tive low side glitch filter @ sleep t lignore_s to atmel at88sa102s 500 ns pulses shorter than this in width will be ignored by the chip when in sleep mode io timeout t timeout to atmel at88sa102s 45 65 85 ms see section 5.3.1 watchdog reset t watchdog to atmel at88sa102s 3 4 5.7 s max time from wake until chip is forced into sleep mode. see section 5.4
atmel at88sa102s [ datasheet ] 9 8584g ? crypto ? 9 /11 5. dc parameters table 5 -1. dc param eters parameter symbol min typ max unit notes operating temperature t a - 40 85 c power supply voltage vcc 2.7 5.25 v fuse burning voltage vburn 3.0 5.25 v voltage applied to vcc pin . see s ections 6.3 and 6.5. active power supply current icc - 6 ma sleep power supply current @ - 40c to 55c i sleep 150 na when chip is in sleep mode, vcc = 5.25 v, vsig = 0.0 to 0.3 v or vsig = vcc - 0.3 v to vcc sleep power supply current @ 85c i sleep 1 a when chip is in sleep mode, vcc = 5.25 v vsig = 0.0 to 0.3 v or vsig = vcc - 0.3 v to vcc input low voltage @ vcc = 5.25 v vil - 0.5 0.75 v voltage levels for wake token when chip is in sleep mode input low voltage @ vcc = 2.7 v vil - 0.5 0.5 v volt age levels for wake token when chip is in sleep mode input high voltage @ vcc = 5.25 v vih 1.5 5.25 v voltage levels for wake token when chip is in sleep mode input high voltage @ vcc = 2.7 v vih 1.25 3.0 v voltage levels for wake token when chip is in sleep mode input low voltage when active vil - 0.5 0.5 v when chip is in active mode, vcc = 2.7 ? 5.25 v input high voltage when active vih 1.2 5.25 v when chip is in active mode, vcc = 2.7 ? 5.25 v output low voltage vol 0.4 v when chip is in a ctive mode, vcc = 2.7 ? 5.25 v maximum input voltage vmax 5.25 v 5.1 io flags the system is always the bus master, so before any io transaction, the system must send an 8 - bit flag value to the chip to indicate the io operation that is to be performed, as foll ows : name meaning 0x77 command after this flag, the system starts sending a command block to the chip. the first bit of the block can follow immediately after the last bit of the flag. 0x88 transmit after a turn - around delay, the chip will start t ransmitting the response block for a previously transmitted command block. 0xcc sleep upon receipt of a sleep flag, the chip will enter a low power mode until the next w ake token is received. all other values are reserved and will be ignored. as the sin gle signal wire may be shared with a cryptoauthentication host chip, the at88sa102s chip includes a pauselong command which causes it to ignore all activity on the signal pin until the expiration of the watchdog timer.
atmel at88sa102s [ datasheet ] 10 8584g ? crypto ? 9 /11 5.1.1 command timing after a command flag i s transmitted, a command block should be sent to the chip. during parsing of the parameters and subsequent execution of a properly received command, the chip will be busy and not respond to transitions on the signal pin. the delays for these operations are listed in the table below: table 5 -2. command timing (guaranteed by design; not tested) parameter symbol max unit notes parsing delay t parse 100 s delay to check crc and parse opcode and parameters before an error indication will be available macdelay t exec_mac 30 ms delay to execute mac command memorydelay t exec_read 3 ms delay to execute read command fuse delay t exec_fuse 7 00 s delay to execute burnfuse command see section 6.3 for more details. securedelay t exec_secure 36 ms max d elay to execute burnsecure command see section 6.5 for more details. personalizedelay t person 1 3 ms delay to execute genpersonalizationkey in this document, t exec is used as shorthand for the delay cor responding to whatever command has been sent to the chip. 5.1.2 transmit flag the transmit flag is used to turn arou nd the signal so that the at88sa102s can send data back to the system, depending on its current state. the bytes that the at88sa102s returns to th e system depend on its current state as follows: table 5 -3. return codes state description error/status description after w ake, but prior to first command 0x11 indication that a proper w ake token has been received by atmel at88sa102s after successful command execut ion ? return bytes per ?output parameters? in section 6 , c ommand s . in some cases this is a single byte with a value of 0x00 indicating success. the t ransmit flag can be resent to the at88sa102s repeatedly if a re - read of the ou tput is necessary. execution error 0x0f command was properly received but could not be executed by the at88sa102s . changes in the at88sa102s state or the value of the command bits must happen before it is re - attempted. after crc or other communications e rror 0xff command was not properly received by the at88sa102s and should be re - issued by the system. no attempt was made to execute the command the at88sa102s always transmits complete blocks to the system, so in the above table the status/error bytes re sult in 4 - bytes going to the system ? count, status/error, crc x 2. after receipt of a command block, at88sa102s will parse the command for errors, a process which takes t parse ( see section 5.1.1 ). after this i nterval the system can send a transmit token to at88sa102s ? if there was an error , then at88sa102s will respond with an error code. if there is no error , then at88sa102s internally transitions automatically from t parse to t exec and will not respond to any transmit tokens until both delays are complete.
atmel at88sa102s [ datasheet ] 11 8584g ? crypto ? 9 /11 5.1.3 sleep flag the sleep flag is used to transition at88sa102s to the low power state, which causes a complete reset of the at88sa102s internal command engine and input/output buffer. it can be sent to at88sa102 s at any time when at88sa102s will accept a flag. to achieve the specified i sleep , atmel recommends that the input signal be brought below v il when the chip is asleep. to achieve i sleep if the sleep state of the input pin is high, the voltage on the input signal should be within 0.3 v of v cc to avoid additional leakage on the input circuit of the chip. the system must calculate the total time required for all commands to be sent to at88sa102s during a single session, including any inter - bit/byte delays. if this total time exceeds t watchdog then the system must issue a partial set of commands, then a sleep flag, then a wake token, and finally after the wake delay the remaining commands. 5.1.4 pause state the pause state is entered via the pauselong command and can be exited only when the watchdog timer has expired and the chip transitions to a sleep state. when in the pause state, the chip ignores all transitions on the signal pin but does not e nter a low power consumption mode. the pause state provides a mechanism for multiple at88sa102s chips on the same wire to be selected and to exchange data with the host microprocessor. the pauselong command includes an optional address field which is compared to the values in fuses 84 - 87. if the two matches, then the chip ente r the pause state, otherwise it continues to monitor the bus for subsequent commands. the host would selectively put all but one at88sa102s? in the pause state before executing the mac command on the active chip. after the end of the watchdog interval all the chips will have entered the sleep state and the selection process can be started with a wake token (which will then be honored by all chips) and selection of a subsequent chip. 5.2 io blocks commands are sent to the chip, and responses received from the ch ip, within a block that is constructed in the following way: the general io flow for the mac command is as follows: 1. system sends wake token 2. system sends transmit flag 3. receive 0x11 value from the at88sa102s to verify proper wakeup synchronization 4. system sen ds command flag 5. system sends complete command block 6. system waits t parse for the at88sa102s to check for command formation errors 7. system sends transmit flag. if command format is ok, the at88sa102s ignores this flag because the computation engine is busy. i f there was an error, the at88sa102s responds with an error code 8. system waits t exec , see section 5.1.1 9. system sends transmit flag 10. receive output block from the at88sa102s, system checks crc 11. if crc from the at88s a102s is incorrec t, indicating a transmission error, system resends transmit flag 12. system sends sleep flag to the at88sa102s all commands other than mac have a short execution delay. in these cases, the system should omit steps six, seven , and eight and r eplace this with a wait of duration t parse + t exec . 5.3 synchronization because the communications protocol is half duplex, there is the possibility that the system and at88sa102s will fall out of synchronization with each other. in order to speed recovery, a t88sa102s implements a timeout that forces the chip to sleep.
atmel at88sa102s [ datasheet ] 12 8584g ? crypto ? 9 /11 5.3.1 io timeout after a leading transition for any data token has been received, the at88sa102s will expect the remaining bits of the token to be properly received by the chip within the t timeout in terval. failure to send enough bits or the transmission of an illegal token (a low pulse exceeding t zlo ) will cause the chip to enter the sleep state after the t timeout interval. the same timeout applies during the transmission of the command block. after the transmission of a legal command flag, the io timeout circuitry is enabled until the last expected data bit is received. note: t he timeout counter is reset after every legal token, so the total time to transmit the command may exceed the t timeout interval while the time between bits may not. in order to limit the active current if at88sa102s is inadvertently awakened, the io timeout circuitry is also enabled when at88sa102s receives a wake - up. if the first token does not come within the t timeout interval, then at88sa102s will go back to the sleep mode without performing any operations. the io timeout circuitry is disabled when the chip is busy executing a command. 5.3.2 synchronization procedures when the system and the at88sa102s fall out of synchronization, the system will ultimately end up sending a transmit flag which will not generate a response from at88sa102s. the system should implement its own timeout which waits for t timeout during which time at88sa102s should go to sleep automatically. at this point, th e system should send a wake token and after t wlo + t whi , a transmit token. the 0x11 status indicates that the resynchronization was successful. it may be possible that the system does not get the 0x11 code from a t88sa102s for one of the following reasons: 1. the system did not wait a full t timeout delay with the io signal idle in which case at88sa102s may have interpreted the wake token and transmit flag as data bits. recommended resolution is to wait twice the t timeout delay and re - issue the wake token. 2. at88s a102s went into the sleep mode for some reason while the system was transmitting data. in this case, at88sa102s will interpret the next data bit as a wake token, but ignore some of the subsequently transmitted bits during its wake - up delay. if any bytes ar e transmitted after the wake - up delay, they may be interpreted as a legal flag, though the following bytes would not be interpreted as a legal command due to an incorrect count or the lack of a correct crc. recommended resolution is to wait the t timeout de lay and re- issue the wake token. 3. there is some internal error condition within at88sa102s which will be automatically reset after a t watchdog interval, see section 5.4 . there is no way to externally reset at88sa102s ? the syste m should leave the io pin idle for this interval and issue the wake token. 5.4 watchdog failsafe after the wake token has been received by at88sa102s, a watchdog counter is s tarted within the chip. after t watchdog , the chip will enter sleep mode, regardless of whether it is in the middle of execution of a command and/or whether some io transmission is in progress. there is no way to reset the counter other than to put the chip to sleep and wake it up again. this is implemented as a fail - safe so that no matter w hat happens on either the system side or inside the various state machines of at88sa102s including any io synchronization issue, power consumption will fall to the low sleep level automatically. 5.5 byte and bit ordering at88sa102s is a little - endian chip: ? all multi - byte aggregate elements within this spec are treated as arrays of bytes and are processed in the order received ? data is transferred to/from the at88sa102s least significant bit first on the bus ? in this document, the most significant bit and/or byte appears towards the left hand side of the page
atmel at88sa102s [ datasheet ] 13 8584g ? crypto ? 9 /11 6. commands the command packet is broken down in the following way: byte name meaning 0 opcode the command code 1 param1 the first parameter ? always present 2 -3 param2 the second parameter ? always present 4 + data optional remaining input data if a command fails because the crc within the block is incorrect or there is some other communications error then immediately after t parse the system will be able to retrieve an error response block containing a sin gle byte packet. the value of that byte will be all ones. in this situation, the system should re - transmit the command block including the proceeding transmit flag ? providing there is sufficient time before the expiration of the watchdog timeout. if the o pcode is invalid, one of the parameters is illegal, or the at88sa102s is in an illegal state for the execution of this command then immediately after t parse the system will be able to retrieve an error response block containing a single byte packet. the va lue of that byte will be 0x0f. in this situation, the condition must be corrected before the (modified) command is sent back to at88sa102s. if a command is received successfully then after the appropriate execution delay the system will be able to retrieve the output block as described in the individual command descriptions below. in the individual command description tables below, the size column describes the number of bytes in the parameter documented in each particular row. the total size of the block for each of the commands is fixed, though that value is different for each command. if the block size for a particular command is incorrect, the chip will not attempt the command execution and return an error.
atmel at88sa102s [ datasheet ] 14 8584g ? crypto ? 9 /11 6.1 mac computes a sha - 256 digest o f a key stored inside the chip, an input challenge and other information on the chip. the output of this command is the digest of this message. if the message includes the serial number of the chip, then the response is said to be diversified. protocols th at utilize diversified responses may be more secure because two at88sa102s chips with same key will return different responses to an identical challenge based on their unique serial number. table 6 -1. input parameters name size notes opcode mac 1 0x08 param1 mode 1 controls which fields within t he chip are used in the message param2 keyid 2 which internal key is to be used in the message data challenge 32 input po rtion of message to be digested table 6 -2. output parameters name size notes response 32 sha - 256 digest reg ardless of the value of mode, the first 512 - bit block of the message that will be hashed with the sha - 256 algorithm will consist of: 256- bits key[keyid] 256- bits challenge the second block consists of the following information: 8 - bits opcode (always 0x0 8) 8 - bits mode 16- bits keyid 64- bits secret fuses including burnfu se and burnsecure enable (or zeros , see table 6 -3 ) 24- bits status fus es including fusedisable (or zeros , see table 6 -3 ) 8 - bits fuse mfrid fuses, (fuse[88:95]) (never zero?d out) 32- bits fuse sn, (fuse[96:127]) (or zeros , see table 6 -3 ) 16- bits rom mfrid (never zero?d out) 16- bits rom sn (or zeros , see table 6 -3 ) 1 - bit ?1? pad 255- bit ?0? pad 64- bit t otal length of message in bits (512+192=704), excluding pad and length
atmel at88sa102s [ datasheet ] 15 8584g ? crypto ? 9 /11 mode is encoded as follows: table 6 -3. mode encoding bits meaning 7 should be zero 6 if set , include the 48 - bit serial number (combination of fuses a nd rom values) in the message otherwise, the corresponding message bits are set to zero 5 if set , and fuse[87] is burned , include the 64 - secret fuses (fuse[0] th rough fuse[63]) in the message o therwise, the corresp onding message bits are set to zero if mo de[4] is set, then the va lue of this mode bit is ignored 4 if set , and fuse[87] is burned , include the 64 - secret fuses and 24- status fuses (fuse[0] through fuse[87]) in the message o therwise, the corresponding message bits are set to zero 3 -0 should be z ero
atmel at88sa102s [ datasheet ] 16 8584g ? crypto ? 9 /11 6.2 read reads 4 - bytes from fuse or rom and r eturns an error if an attempt is made to read any fuse address that is illegal. table 6 -4. input parameters name size notes opcode read 1 0x02 param1 mode 1 fuse or rom param2 address 2 which 4 - bytes within array. bits 2 -15 should be 0 data ignored 0 table 6 -5. output parameters name size notes contents 4 the contents o f the specified memory location table 6 -6. mode encoding name value notes rom 0x00 reads four bytes from the rom. bit one of the address parame ter must be zero fuse 0x01 reads the value of 32 - fuses. bit one of the address parameter must be one . the input address parameter << 5 provides the fuse number corresponding to the lsb of the first returned byte.
atmel at88sa102s [ datasheet ] 17 8584g ? crypto ? 9 /11 6.3 burnfuse burns a sing le one of the stat us fuse bits (fuse[64] ? fuse[86 ]). no other fuses can be burned with this command ? use burnsecure at personalization time to burn any of the first 88 fuses. if the burnfuse e nable bit (fuse 1) has been burned to a zero, then attempts to run this command will return an error. the power supply pin must meet the v burn specification during the entire burnfuse command in order to burn fuses reliably. if v cc is greater than or equal to 3.7 v, then the burntime parameter should be set to 0x00 an d the internal burn time will be up to 250 s. if v cc is less than 3.7 v but greater than v burn then the burntime parameter should be set to 0xffff and the internal burn time will be up to 262 ms. the chip does not internally check the supply voltage level. t here is a very small interval during t exec_burn when the fuse element is actually being burned. during this interval t he power supply must not be removed and the watchdog timer must not be allowed to expire ; or the fuse may end up in a state where it reads as un - burned but cannot be burned. table 6 -7. input parameters name size notes opcode burnfuse 1 0x04 param1 fusenum 1 which bit within fuse array, minimum value is 64, and maximum value is 86 param2 burntime 2 must be 0x00 00 if vcc > +3.7 v; must be 0xff ff othe rwise data ignored 0 table 6 -8. output parameters name size notes success 1 upon su ccessful execution, a value of zero will be returned by at88sa102s
atmel at88sa102s [ datasheet ] 18 8584g ? crypto ? 9 /11 6.4 genpersonalizationkey loads a personalization key into internal memory and then uses that key al ong with an input seed to generate a decryption digest using sha - 256. neither the key nor the decryption digest can be read from the chip. upon completion, an internal bit is set indicating that a secure personalization digest has been loaded and is ready for use by burnsecure. this bit is cleared (and the digest lost) when the watchdog timer expires or the power is cycled. this command will fail if fuse[87] has been burned. table 6 -9. input parameters name size notes opcode genpers 1 0x20 param1 zero 1 must be 0x0 0 param2 keyid 2 identification number of the personalization key to be loaded data seed 16 seed for digest generation. the least significant bit of the last byte is ignored by at88sa102s table 6 -10. output parameters name size notes success 1 upon successful exec ution , a value of 0 will be returned by at88sa102s the sha - 256 message body used to create the resulting digest internally stored in the chip consists of the following 512- bits: 256- bits personalizekey[keyid] 64- bits fixed value of all ones 127- bits s eed from input stream 1 - bits ?1? pad 64- bits length of message in bits, fixed at 447
atmel at88sa102s [ datasheet ] 19 8584g ? crypto ? 9 /11 6.5 burnsecure burns any combination of the first 88 - fuse bits. verification that the proper secret fuse bits have been burned must occur using the mac command ? there is no way to read the values in the first 64 - fuses to verify their state. the 24- status fuses can be verified with the read command. the fuses to be burned are specified by the 88 - bit input map parameter. if a bit in the map is set to a ?1?, then the corresponding fuse is burned. if a bit in the map parameter is set to zero , then the corresponding fuse is left in its current state. the first bit sent to the at88sa102s corresponds to fuse[0] and so on up to fuse[87]. note: s ince a ?1? bit in the map par ameter results in a ?0? data value in the actual fuse array, the value in the map parameter should generally be the inverse of the desired secret or status value. see section 1.3 for more details. to facilitate secure personal ization of at88sa102s, this map may be encrypted before being sent to the chip. if this mode is desired, then the decrypt parameter should be set to one in the input parameter list. the decryption (transport) key is computed by the genpersonalizationkey co mmand, which must have been run immediately prior to the execution of burnsecure. in this case, prior to burning any fuses, the input map param eter is xor?d with the first 88 bits of that digest from the genpersonalizationkey command. the genpersonalizatio nkey and burnsecure commands must be run within a single wake cycle prior to the expiration of the watchdog timer. the power supply pin must meet the v burn specification during the entire burnsecure command in orde r to burn fuses reliably. if v cc is greate r than or equal to 3.7 v, then the burntime parameter should be set to 0x00 and the internal burn time will be 250 s. if v cc is less than 3.7 v but greater than v burn then the burntime parameter should be set to 0xffff and the internal burn time will be 2 62 ms per fuse bit burned. the chip does not internally check the supply voltage level. the total burnsecure execution delay is directly proportional to the total number of fuses being burned. if v cc is less than 3.7 v, then the total burnsecure execution t ime may exceed the interval remaining before the expiration of the watchdog timer. in this case, the burnsecure command should be run repeatedly, with each repetition burning only as many fuses as there is time available. the system software is responsible for counting the number of ?1? bits in the clear - text version of the map parameter sent to the chip ? no error is returned if the fuse burn count is too high. other than fuse[87] (see below), the fuses may be burned in any order. prior to execution of bur nsecure, the at88sa102s verifies that fuse[87] is un - burned. if it has been burned, then the burnsecure command will return an error. fuse[87] must be burned during the last repetition of burnsecure as it can not be individually burned with burnfuse. there are a series of very small intervals during t exec_secure when the fuse element is actually being burned. during this interval, t he power supply must not be removed and the watchdog timer must not be allowed to expire or the fuse may end up in a state wher e it reads as un - burned but cannot be burned. table 6 -11. input parameters name size notes opcode burnsecure 1 0x10 param1 decrypt 1 if 1, decrypt map data before usage. if 0, the map is transmitted i n plain text param2 burntime 2 must be 0x00 00 if v cc > =3.7 v; m ust be 0xff ff otherwise data map 11 which fuses to burn, may be encrypted table 6 -12. output parameters name size notes success 1 upon successful execution, a value of zero will be returned by at88sa102s .
atmel at88sa102s [ datasheet ] 20 8584g ? crypto ? 9 /11 6.6 pauselong forces the chip into the pause state until the w atchdog timer expires, after which it will automatically enter into the sleep state. during execution of this command and while in the pause state the chip will ignore all activity on the io signal. this comman d is used to prevent bus conflicts in a system that also includes other at88sa102s chips or a cryptoauthentication host chip sharing the same signal wire. table 6 -13. input parameters name size notes opcode pauselong 1 0x01 param1 selector 1 which chip to put in to the pause state , 0x00 for all at88sa102s chips param2 zero 2 must be 0x00 00 data ignored 0 the selector parameter provides a mechanism to select which device will pause if there are multiple devices on the bus: ? if the selector parameter is 0x00, then every at88sa102s chip receiving this command w ill go into the pause state and no chip will return a success code. ? if any of the bits of the selector parameter are set, then the chip will read the values of fuse[84 - 87] and go into the pause state only if those fuse values match the least significant 4 - bits of the selector parameter. if the chip does not go into the pause state, it returns an error code of 0x0f. otherwise it goes into the pause state and never returns any code.
atmel at88sa102s [ datasheet ] 21 8584g ? crypto ? 9 /11 7. pinout table 7 -1. pin definitions soic/tssop sot -23 name descrip tion 5 1 signal io channel to the system, open drain output. it is expected that an external pull - up resistor will be provided to pull this signal up to v cc for proper communications. when the chip is not in use this pin can be pulled to either v cc or gn d . 8 2 v cc power supply, 2. 7 ? 5. 2 5 v. this pin should be bypassed with a high quality 0.1 f capacitor close to this pin with a short trace to gnd additional applications information at www.atmel.com 4 3 gnd connect to system ground 1,2,3,6,7 -- nc not connected
atmel at88sa102s [ datasheet ] 22 8584g ? crypto ? 9 /11 8. packaging information 3ts1 ? shrink sot p a c k a g e d r a w i n g c o n t a c t : p a c k a g e d r a w i n g s @ a t m e l . c o m t i t l e d r a w i n g n o . g p c r r e v . 3 t s 1 1 2 / 1 1 / 0 9 c o m m o n d i m e n s i o n s ( u n i t o f m e a s u r e = m m ) s y m b o l m i n n o m m a x n o t e e n d v i e w s i d e v i e w t o p v i e w 3 t s 1 , 3 - l e a d , 1 . 3 0 m m b o d y , p l a s t i c t h i n s h r i n k s m a l l o u t l i n e p a c k a g e ( s h r i n k s o t ) b t b g 0.89 0.01 0.88 2.80 2.10 1.20 0.30 a a1 a2 d e e1 l1 e1 b - - - 2.90 - 1.30 0.54 ref 1.90 bsc - 1.12 0.10 1.02 3.04 2.64 1.40 0.50 1,2 1,2 3 notes: 1. dimension d does not include mold flash, protrus ions or gate burrs. mold flash, protrusions or gate burrs shall not exceed 0.25mm per end. dimensi on e1 does not include interlead flash or protrus ion. interlead flash or protrusi on shall not exceed 0.25mm per side. 2. the package top may be smaller than the package bottom. dimensi ons d and e1 are determined at the outermo st extremes of the plastic body exclusive of mold flash, tie bar burrs, gate burrs and interlead flash, but including any mismatch between the top and bottom of the plastic body. 3. these dimensions apply to the flat section of the lead between 0.08 mm and 0.15mm from the lead tip. this drawing is for general information only. refer to jed ec drawing to-236, variation ab for additional information. c l l1 3 e e1 1 2 e1 seati ng pla ne b a2 a a1 e d gnd sd a v cc signal
atmel at88sa102s [ datasheet ] 23 8584g ? crypto ? 9 /11 8 x ? tssop package drawing contact: packagedrawings@atmel.com dr a wing n o . re v . title gpc common dimensions (unit of measure = mm) symbo l min nom max note a - - 1.20 a1 0.05 - 0.15 a2 0.80 1.00 1.05 d 2.90 3.00 3.10 2, 5 e 6.40 bsc e1 4.30 4.40 4.50 3, 5 b 0.19 ? 0.30 4 e 0.65 bsc l 0.45 0.60 0.75 l1 1.00 ref c 0.09 - 0.20 side v iew end v iew t op v iew a2 a l l1 d 1 e1 n b pin 1 indicator� this corner e e notes: 1. this drawing is for general information onl y . refer to jedec drawing mo-153, v ariation aa, for proper dimensions, tolerances, datums, etc. 2. dimension d does not include mold flash, protrusions or gate burrs. mold flash, protrusions and gate burrs shall not exceed 0.15mm (0.006in) per side. 3. dimension e1 does not include inter-lead flash or protrusions. inter-lead flash and protrusions shall not exceed 0.25mm (0.010in) per side. 4. dimension b does not include dambar protrusion. allowable dambar protrusion shall be 0.08 mm total in excess of the b dimension at maximum material condition. dambar cannot be located on the lower radius of the foot. minimum space between protrusion and adjacent lead is 0.07mm. 5. dimension d and e1 to be determined at datum plane h. 8x d 6/22/11 8x, 8-lead 4.4mm bod y , plastic thin shrink small outline package (tssop) tnr c a1
atmel at88sa102s [ datasheet ] 24 8584g ? crypto ? 9 /11 8s1 ? soic package drawing contact: packagedrawings@atmel.com dra wing no . rev . title gpc common dimensions (unit of measure = mm) symbol min nom max note a1 0.10 ? 0.25 a 1.35 ? 1.75 b 0.31 ? 0.51 c 0.17 ? 0.25 d 4.80 ? 5.05 e1 3.81 ? 3.99 e 5.79 ? 6.20 e 1.27 bsc l 0.40 ? 1.27 0 ? 8 ? e 1 n top view c e1 end view a b l a1 e d side view 8s1 g 6/22/11 notes: this drawing is for general information onl y . refer to jedec drawing ms-012, v ariation aa for proper dimensions, tolerances, datums, etc. 8s1, 8-lead (0.150? wide body), plastic gull wing small outline (jedec soic) swb
atmel at88sa102s [ datasheet ] 25 8584g ? crypto ? 9 /11 9. ordering codes atmel at88sa102s ordering information atmel ordering code package type voltage range operating range at88sa102s - ts u - t so t, tape and reel 2.7 v? 5.25 v green compliant (exceeds rohs)/industrial (? 40c to 85 c) at88sa102s - th - t tssop, tape and reel 2.7 v? 5.25 v green compliant (exceeds rohs)/industrial (? 40c to 85 c) at88sa102s - sh -t soic , tape and reel 2.7 v? 5.25 v g reen compliant (exceeds rohs)/industrial (? 40c to 85 c) 10. revision history doc. rev. date comments 8584g 0 9 /2011 correct references and sections numbers section 5.1.3 , sleep flag, change ? within 0.5 v of v cc ? to ?within 0.3v of v cc? burnfuse ? correct fuse[87] to fuse[86] and remove 24 from 24 - status burnsecure ? change ?can either be burned during the last repetition of burnsecure or it can be individual?? to ?must be burned during the last repetition of burnsecure as it cann ot be individual?? 8584f 08/2010 update io timeout description 8584e 06/2010 update to table 3: ac parameters 8584 d 05/2010 expansion of io timeout specification 8584 c 04/2010 added 8ld tssop 8584 b 02/2010 updated parameter tables and added 8ld soic 8584a 0 3 /2009 initial document release
atmel corporation 2325 orchard parkway san jose, ca 95131 usa tel: (+1)(408) 441 - 0311 fax: (+1)(408) 487 - 2600 www.atmel.com atmel asia l imited unit 01 - 5 & 16, 19f bea tower, millennium city 5 418 kwun tong road kwun tong, kowloon hong kong tel: (+852) 2245 - 6100 fax: (+852) 2722 - 1369 atmel munich gmbh business campus parkring 4 d - 85748 garching b. munich germany tel: (+49) 89 - 31970 - 0 fax: ( +49) 89 - 3194621 atmel japan 9f, tonetsu shinkawa bldg. 1 - 24 - 8 shinkawa chuo - ku, tokyo 104 - 0033 japan tel: (+81)(3) 3523 - 3551 fax: (+81)(3) 3523 - 7581 ? 2011 atmel corporation. all rights reserved. / rev.: 8584g ? crypto ? 9 /11 atmel ? , logo and combinations thereof, and others are registered trademarks or trademarks of atmel corporation or its subsidiaries. other terms and product names may be trademarks of others. disclaimer: the information in this document is p rovided in connection with atmel products. no license, express or implied, by estoppel or otherwise, to any intellectual prop erty right is granted by this document or in connection with the sale of atmel products. except as set forth in the atmel terms and conditions of sales located on the atmel website, atmel assumes no liability whatsoever and disclaims any express, implied or statutory warranty relating to its products including, but not limited to, the implied warranty of merchantability, fitness for a particular purpose , or non - infringement. in no event shall atmel be liable for any direct, indirect, consequential, punitive, special or incidental damages (including, without limitation, damages for loss and profits, business interruption, or loss of inf ormation) arising out of the use or inability to use this document, even if atmel has been advised of the possibility of such damages. atmel makes no representations or warranties with respect to the accuracy or completeness of the contents of this documen t and reserves the right to make changes to specifications and products descriptions at any time without notice. atmel does not make any commitment to update the information contained herein. unless specifically provided o therwise, atmel products are not s uitable for, and shall not be used in, automotive applications. atmel products are not intended, authorized, or warranted for use as components in applications inte nded to support or sustain life.
|
