ABRIDGED DATA SHEET
Evaluation Kit
Available
Design
Resources
Tools
and Models
Support
Click here to ask an associate for production status of specific part numbers.
DS28E22
DeepCover Secure Authenticator with
1-Wire SHA-256 and 2Kb User EEPROM
General Description
DeepCoverM embedded security solutions cloak sensitive
data under multiple layers of advanced physical security to
provide the most secure key storage possible.
The DeepCover Secure Authenticator (DS28E22) combines crypto-strong, bidirectional, secure challenge-andresponse authentication functionality with an implementation based on the FIPS 180-3-specified Secure Hash
Algorithm (SHA-256). A 2Kb user-programmable EEPROM
array provides nonvolatile storage of application data and
additional protected memory holds a read-protected secret
for SHA-256 operations and settings for user memory
control. Each device has its own guaranteed unique 64-bit
ROM identification number (ROM ID) that is factory programmed into the chip. This unique ROM ID is used as a
fundamental input parameter for cryptographic operations
and also serves as an electronic serial number within
the application. A bidirectional security model enables
two-way authentication between a host system and slaveembedded DS28E22. Slave-to-host authentication is used
by a host system to securely validate that an attached or
embedded DS28E22 is authentic. Host-to-slave authentication is used to protect DS28E22 user memory from being
modified by a nonauthentic host. The SHA-256 message
authentication code (MAC), which the DS28E22 generates, is computed from data in the user memory, an onchip secret, a host random challenge, and the 64-bit ROM
ID. The DS28E22 communicates over the single-contact
1-WireM bus at overdrive speed. The communication follows the 1-Wire protocol with the ROM ID acting as node
address in the case of a multiple-device 1-Wire network.
Features
● Symmetric Key-Based Bidirectional Secure
Authentication Model Based on SHA-256
● Dedicated Hardware-Accelerated SHA Engine for
Generating SHA-256 MACs
● Strong Authentication with a High Bit Count, UserProgrammable Secret, and Input Challenge
● 2048 Bits of User EEPROM Partitioned Into 8 Pages
of 256 Bits
● User-Programmable and Irreversible EEPROM
Protection Modes Including Authentication, Write and
Read Protect, and OTP/EPROM Emulation
● Unique, Factory-Programmed 64-Bit Identification
Number
● Single-Contact 1-Wire Interface Communicates with
Host at Up to 76.9kbps
● Operating Range: 3.3V ±10%, -40NC to +85NC
● Low-Power 5µA (typ) Standby
● ±8kV Human Body Model ESD Protection (typ)
● 6-Pin TDFN, 6-Lead TSOC Packages
Typical Application Circuit
3.3V
RP
Authentication of Network-Attached Appliances
Printer Cartridge ID/Authentication
Reference Design License Management
System Intellectual Property Protection
Sensor/Accessory Authentication and Calibration
Secure Feature Setting for Configurable Systems
Key Generation and Exchange for Cryptographic
Systems
RP = 1.1kΩ
MAXIMUM I2C BUS CAPACITANCE 320pF
VCC
DS2465
µC
Applications
●
●
●
●
●
●
●
SDA
SCL
(I2C PORT)
SLPZ
IO
1-Wire LINE
DS28E22
Ordering Information appears at end of data sheet.
DeepCover and 1-Wire are registered trademarks of Maxim Integrated Products, Inc.
219-0020; Rev 3; 7/21
© 2021 Analog Devices, Inc. All rights reserved. Trademarks and registered trademarks are the property of their respective owners.
One Analog Way, Wilmington, MA 01887 U.S.A.
|
Tel: 781.329.4700
|
© 2021 Analog Devices, Inc. All rights reserved.
ABRIDGED DATA SHEET
DeepCover Secure Authenticator with
1-Wire SHA-256 and 2Kb User EEPROM
DS28E22
ABSOLUTE MAXIMUM RATINGS
IO Voltage Range to GND....................................... -0.5V to 4.0V
IO Sink Current....................................................................20mA
Operating Temperature Range........................... -40NC to +85NC
Junction Temperature......................................................+150NC
Storage Temperature Range............................. -55NC to +125NC
Lead Temperature (soldering, 10s).................................+300NC
Soldering Temperature (reflow).......................................+260NC
Stresses beyond those listed under “Absolute Maximum Ratings” may cause permanent damage to the device. These are stress ratings only, and functional operation
of the device at these or any other conditions beyond those indicated in the operational sections of the specifications is not implied. Exposure to absolute maximum
rating conditions for extended periods may affect device reliability.
ELECTRICAL CHARACTERISTICS
(TA = -40NC to +85NC, unless otherwise noted.) (Note 1)
PARAMETER
SYMBOL
CONDITIONS
MIN
TYP
MAX
UNITS
IO PIN: GENERAL DATA
1-Wire Pullup Voltage
VPUP
(Note 2)
2.97
3.63
V
1-Wire Pullup Resistance
RPUP
VPUP = 3.3V Q 10% (Note 3)
300
1500
I
Input Capacitance
Input Load Current
CIO
IL
(Notes 4, 5)
1500
IO pin at VPUP
pF
5
19.5
0.65 x VPUP
FA
High-to-Low Switching Threshold
VTL
(Notes 6, 7)
Input Low Voltage
VIL
(Notes 2, 8)
Low-to-High Switching Threshold
VTH
(Notes 6, 9)
0.75 x VPUP
V
Switching Hysteresis
VHY
(Notes 6, 10)
0.3
V
Output Low Voltage
VOL
IOL = 4mA (Note 11)
Recovery Time
tREC
Time-Slot Duration
tSLOT
0.4
Fs
(Notes 2, 13)
13
Fs
Reset High Time
tRSTH
(Note 14)
48
Presence-Detect Sample Time
tMSP
(Notes 2, 15)
IO PIN: 1-Wire WRITE
Write-Zero Low Time
tW0L
Write-One Low Time
EEPROM
Programming Current
80
Fs
8
10
Fs
(Notes 2, 16)
8
16
Fs
tW1L
(Notes 2, 16)
0.25
2
Fs
tRL
(Notes 2, 17)
0.25
2-d
Fs
tMSR
(Notes 2, 17)
tRL + d
2
Fs
1
mA
10
ms
100
ms
IPROG
VPUP = 3.63V (Notes 5, 18)
Programming Time for a 32-Bit
Segment or Page Protection
tPRD
Programming Time for the Secret
tPRS
Write/Erase Cycling Endurance
NCY
TA = +85NC (Notes 21, 22)
Data Retention
tDR
TA = +85NC (Notes 23, 24, 25)
www.analog.com
V
RPUP = 1500I (Notes 2, 12)
48
Read Sample Time
V
5
IO PIN: 1-Wire RESET, PRESENCE-DETECT CYCLE
(Note 2)
Reset Low Time
tRSTL
IO PIN: 1-Wire READ
Read Low Time
V
0.3
Refer to the full data sheet.
Fs
100k
—
10
Years
Analog Devices │ 2
ABRIDGED DATA SHEET
DeepCover Secure Authenticator with
1-Wire SHA-256 and 2Kb User EEPROM
DS28E22
ELECTRICAL CHARACTERISTICS (continued)
(TA = -40NC to +85NC, unless otherwise noted.) (Note 1)
PARAMETER
SYMBOL
SHA-256 ENGINE
Computation Current
ICSHA
Computation Time
tCSHA
CONDITIONS
Refer to the full data sheet.
MIN
TYP
MAX
UNITS
1
mA
3
ms
Note 1: Limits are 100% production tested at TA = +25°C and/or TA = +85°C. Limits over the operating temperature range and
relevant supply voltage range are guaranteed by design and characterization. Typical values are not guaranteed.
Note 2: System requirement.
Note 3: Maximum allowable pullup resistance is a function of the number of 1-Wire devices in the system and 1-Wire recovery
times. The specified value here applies to systems with only one device and with the minimum 1-Wire recovery times.
Note 4: Typical value represents the internal parasite capacitance when VPUP is first applied. Once the parasite capacitance is
charged, it does not affect normal communication.
Note 5: Guaranteed by design and/or characterization only; not production tested.
Note 6: VTL, VTH, and VHY are a function of the internal supply voltage, which is a function of VPUP, RPUP, 1-Wire timing, and
capacitive loading on IO. Lower VPUP, higher RPUP, shorter tREC, and heavier capacitive loading all lead to lower values
of VTL, VTH, and VHY.
Note 7: Voltage below which, during a falling edge on IO, a logic-zero is detected.
Note 8: The voltage on IO must be less than or equal to VILMAX at all times when the master is driving IO to a logic-zero level.
Note 9: Voltage above which, during a rising edge on IO, a logic-one is detected.
Note 10: After VTH is crossed during a rising edge on IO, the voltage on IO must drop by at least VHY to be detected as logic-zero.
Note 11: The I-V characteristic is linear for voltages less than 1V.
Note 12: Applies to a single device attached to a 1-Wire line.
Note 13: Defines maximum possible bit rate. Equal to 1/(tW0LMIN + tRECMIN).
Note 14: An additional reset or communication sequence cannot begin until the reset high time has expired.
Note 15: Interval after tRSTL during which a bus master can read a logic 0 on IO if there is a DS28E22 present. The power-up presence detect pulse could be outside this interval, but will be complete within 2ms after power-up.
Note 16: ε in Figure 11 represents the time required for the pullup circuitry to pull the voltage on IO up from VIL to VTH. The actual
maximum duration for the master to pull the line low is tW1LMAX + tF - ε and tW0LMAX + tF - ε, respectively.
Note 17: δ in Figure 11 represents the time required for the pullup circuitry to pull the voltage on IO up from VIL to the input-high
threshold of the bus master. The actual maximum duration for the master to pull the line low is tRLMAX + tF.
Note 18: Current drawn from IO during the EEPROM programming interval or SHA-256 computation. The pullup circuit on IO during
the programming interval or SHA-256 computation should be such that the voltage at IO is greater than or equal to 2.0V.
Note 19: Refer to the full data sheet.
Note 20: Refer to the full data sheet.
21: Write-cycle endurance is tested in compliance with JESD47G.
22: Not 100% production tested; guaranteed by reliability monitor sampling.
23: Data retention is tested in compliance with JESD47G.
24: Guaranteed by 100% production test at elevated temperature for a shorter time; equivalence of this production test to the
data sheet limit at operating temperature range is established by reliability testing.
Note 25: EEPROM writes can become nonfunctional after the data retention time is exceeded. Long-term storage at elevated temperatures is not recommended.
Note 26: Refer to the full data sheet.
Note
Note
Note
Note
www.analog.com
Analog Devices │ 3
ABRIDGED DATA SHEET
DeepCover Secure Authenticator with
1-Wire SHA-256 and 2Kb User EEPROM
DS28E22
Pin Configuration
TOP VIEW
TOP VIEW
+
1
IO
2
N.C.
3
DS28E22
6 N.C.
DS28E22
5
N.C.
4
N.C.
TSOC
N.C.
1
IO
2
GND
3
+
28E22
ymrrF
GND
EP
6
N.C.
5
N.C.
4
N.C.
TDFN
(3mm × 3mm)
Pin Description
PIN
TSOC
1
TDFN-EP
3
NAME
GND
2
2
IO
3, 4, 5, 6
1, 4, 5, 6
N.C.
—
—
EP
www.analog.com
FUNCTION
Ground Reference
1-Wire Bus Interface. Open-drain signal that requires an external pullup resistor.
Not Connected
Exposed Pad (TDFN only). Solder evenly to the board’s ground plane for proper operation.
Refer to Application Note 3273: Exposed Pads: A Brief Introduction for additional
information.
Analog Devices │ 4
ABRIDGED DATA SHEET
DeepCover Secure Authenticator with
1-Wire SHA-256 and 2Kb User EEPROM
DS28E22
Note to readers: This document is an abridged version of the full data sheet. Additional device information is available
only in the full version of the data sheet. To request the full data sheet, go to www.maximintegrated.com/DS28E22
and click on Request Full Data Sheet.
Ordering Information
PART
TEMP RANGE
Package Information
PIN-PACKAGE
DS28E22P+
-40°C to +85°C
DS28E22P+T
-40°C to +85°C
6 TSOC
6 TSOC (4k pcs)
DS28E22Q+T
-40°C to +85°C
6 TDFN-EP* (2.5k pcs)
+Denotes a lead(Pb)-free/RoHS-compliant package.
T = Tape and reel.
*EP = Exposed pad.
www.analog.com
For the latest package outline information and land patterns
(footprints), go to www.maximintegrated.com/packages. Note
that a “+”, “#”, or “-” in the package code indicates RoHS status
only. Package drawings may show a different suffix character, but
the drawing pertains to the package regardless of RoHS status.
PACKAGE
TYPE
PACKAGE
CODE
OUTLINE
NO.
LAND
PATTERN NO.
6 TSOC
D6+1
21-0382
90-0321
6 TDFN-EP
T633+2
21-0137
90-0058
Analog Devices │ 42
ABRIDGED DATA SHEET
DeepCover Secure Authenticator with
1-Wire SHA-256 and 2Kb User EEPROM
DS28E22
Revision History
REVISION
NUMBER
REVISION
DATE
PAGES
CHANGED
0
9/12
Initial release
1
11/12
Updated title of data sheet
2
12/12
Defined the EEPROM tPRD and added tPRS parameters in the Electrical
Characteristics table, thereby updating Figures 7a, 7b, 7e, 7f, 7g, 7h, and the 1-Wire
Communication Examples; removed future status from the TSOC packages in the
Ordering Information table; data retention parameter specified at TA = +85°C
3
7/21
Updated Electrical Characteristics table
DESCRIPTION
—
1–43
2, 3, 23, 24,
27–30, 38−42
2
Information furnished by Analog Devices is believed to be accurate and reliable. However, no responsibility is
assumed by Analog Devices for its use, nor for any infringements of patents or other rights of third parties that
may result from its use.Specifications subject to change without notice. No license is granted by implicationor
otherwise under any patent or patent rights of Analog Devices. Trademarks andregistered trademarks are the
property of their respective owners.
w w w . a n a l o g . c o m
Analog Devices │ 43