DS28E36Q+U

Request Security User Guide and Developer Software › DS28E36 General Description The DS28E36 is a DeepCover® secure authenticator that provides a core set of cryptographic tools derived from integrated asymmetric (ECC-P256) and symmetric (SHA-256) security functions. In addition to the security services provided by the hardware implemented crypto engines, the device integrates a FIPS/NIST true random number generator (RNG), 8Kb of secured EEPROM, a decrement-only counter, two pins of configurable GPIO, and a unique 64-bit ROM identification number (ROM ID). This unique ROM ID is used as a fundamental input parameter for cryptographic operations and also serves as an electronic serial number within the application. The DS28E36 communicates over the single-contact 1-Wire® bus at overdrive speed. The communication follows the 1-Wire protocol with the ROM ID acting as node address in the case of a multidevice 1-Wire network. The ECC public/private key capabilities operate from the NIST defined P-256 curve and include FIPS 186 compliant ECDSA signature generation and verification to support a bidirectional asymmetric key authentication model. The SHA-256 secret-key capabilities are compliant with FIPS 180 and are flexibly used either in conjunction with ECDSA operations or independently for multiple HMAC functions. Two GPIO pins can be independently operated under command control and include configurability supporting authenticated and nonauthenticated operation including an ECDSA-based crypto-robust mode to support secureboot of a host processor. DeepCover embedded security solutions cloak sensitive data under multiple layers of advanced security to provide the most secure key storage possible. To protect against device-level security attacks, invasive and noninvasive countermeasures are implemented including active die shield, encrypted storage of keys, and algorithmic methods. EVALUATION KIT AVAILABLE DeepCover Secure Authenticator Benefits and Features ●● ECC-256 Compute Engine • FIPS 186 ECDSA P256 Signature and Verification • ECDH Key Exchange with Authentication Prevents Man-in-the-Middle Attacks • ECDSA Authenticated R/W of Configurable Memory ●● SHA-256 Compute Engine • FIPS 180 MAC for Secure Download/Boot Operations • FIPS 198 HMAC for Bidirectional Authentication and Optional GPIO Control ●● Two GPIO Pins with Optional Authentication Control • Open-Drain, 4mA/0.4V • Optional SHA-256 or ECDSA Authenticated On/Off and State Read • Optional Set On/Off after Multiblock Hash for Secure Boot/Download ●● RNG with NIST SP 800-90B Compliant Entropy Source with Function to Read Out ●● Optional Chip Generated Pr/Pu Key Pairs for ECC Operations ●● 17-Bit One-Time Settable, Nonvolatile DecrementOnly Counter with Authenticated Read ●● 8Kbits of EEPROM for User Data, Keys, and Certificates ●● Unique and Unalterable Factory Programmed 64-Bit Identification Number (ROM ID) • Optional Input Data Component to Crypto and Key Operations ●● Single-Contact 1-Wire Interface Communication with Host at 11.7kbps and 62.5kbps ●● Operating Range: 3.3V ±10%, -40°C to +85°C ●● 6-Pin TDFN-EP Package (3mm x 3mm) Applications ●● IoT Node Crypto-Protection ●● Accessory and Peripheral Secure Authentication ●● Secure Storage of Cryptographic Keys for a Host Controller ●● Secure Boot or Download of Firmware and/or System Parameters 1-Wire and DeepCover are registered trademarks of Maxim Integrated Products, Inc. 19-100170; Rev 3; 3/20 Ordering Information and Typical Application Circuit appear at end of data sheet. DS28E36 DeepCover Secure Authenticator Absolute Maximum Ratings Voltage Range on Any Pin Relative to GND...........-0.5V to 4.0V Maximum Current into Any Pin...........................................20mA Operating Temperature Range............................ -40°C to +85°C Junction Temperature.......................................................+125°C Storage Temperature Range............................. -55°C to +125°C Lead temperature (soldering, 10s)................................... +300°C Soldering Temperature (reflow)....................................... +260°C Stresses beyond those listed under “Absolute Maximum Ratings” may cause permanent damage to the device. These are stress ratings only, and functional operation of the device at these or any other conditions beyond those indicated in the operational sections of the specifications is not implied. Exposure to absolute maximum rating conditions for extended periods may affect device reliability. Package Information 6 TDFN-EP PACKAGE CODE T633+2 Outline Number 21-0137 Land Pattern Number 90-0058 Thermal Resistance, Single-Layer Board: Junction to Ambient (θJA) 55ºC/W Junction to Case (θJC) 9ºC/W Thermal Resistance, Four-Layer Board: Junction to Ambient (θJA) 42ºC/W Junction to Case (θJC) 9ºC/W For the latest package outline information and land patterns (footprints), go to www.maximintegrated.com/packages. Note that a “+”, “#”, or “-” in the package code indicates RoHS status only. Package drawings may show a different suffix character, but the drawing pertains to the package regardless of RoHS status. Package thermal resistances were obtained using the method described in JEDEC specification JESD51-7, using a four-layer board. For detailed information on package thermal considerations, refer to www.maximintegrated.com/thermal-tutorial Electrical Characteristics Limits are 100% production tested at TA = +25°C and TA = +85°C. Typical values are at TA = +25°C. Limits over the operating temperature range and relevant supply voltage range are guaranteed by design and characterization. Specifications marked GBD are guaranteed by design and not production tested. Specifications to the minimum operating temperature are guaranteed by design and are not production tested. PARAMETER SYMBOL CONDITIONS MIN TYP MAX UNITS 3.3 3.63 V IO PIN: GENERAL DATA 1-Wire Pullup Voltage VPUP (Note 1) 2.97 1-Wire Pullup Resistance RPUP (Notes 1, 2) 300 Input Capacitance CIO (Note 3) Capacitor External CX (Note 1) Input Load Current IL IO pin at VPUP Computation Current ISPU During tRM, tWM, tCMP, tVES, tGKP or tGES (Note 20) Computation Voltage VSPU Voltage at IO pin during tRM, tWM, tCMP, tVES, tGKP, or tGES (Note 20) High-to-Low Switching Threshold VTL (Notes 4, 5, 6) Input Low Voltage VIL (Note 7) www.maximintegrated.com 1000 0.1 + Cx 399.5 Ω nF 470 540.5 nF 6 250 µA 7.5 mA 2.2 V 0.65 x VPUP V 0.10 x VPUP V Maxim Integrated │  2 DS28E36 DeepCover Secure Authenticator Electrical Characteristics (continued) Limits are 100% production tested at TA = +25°C and TA = +85°C. Typical values are at TA = +25°C. Limits over the operating temperature range and relevant supply voltage range are guaranteed by design and characterization. Specifications marked GBD are guaranteed by design and not production tested. Specifications to the minimum operating temperature are guaranteed by design and are not production tested. PARAMETER SYMBOL CONDITIONS MIN TYP MAX UNITS Low-to-High Switching Threshold VTH (Notes 4, 5, 8) 0.75 x VPUP V Switching Hysteresis VHY (Notes 4, 5, 9) 0.3 V Output Low Voltage VOL IOL = 4mA (Note 10) Recovery Time (Notes 1, 11, 12) tREC Rising-Edge Hold-off Time (Notes 4, 13) tREH Time Slot Duration (Notes 1, 14) tSLOT 0.4 Standard speed, RPUP = 1000Ω 25 Overdrive speed, RPUP = 1000Ω 10 Applies to standard speed only µs 1 Standard speed 85 Overdrive speed 16 V µs µs IO PIN: 1-Wire RESET, PRESENCE-DETECT CYCLE Reset Low Time (Note 1) tRSTL Reset High Time (Notes 1, 15) tRSTH Presence Detect Fall Time (Notes 4, 16) tFPD Presence-Detect Sample Time (Notes 1, 17) tMSP Standard speed 480 640 Overdrive speed 48 80 Standard speed 480 Overdrive speed 48 µs µs Standard speed 1.25 Overdrive speed 0.15 µs Standard speed 65 75 Overdrive speed 7 10 Standard speed 60 120 Overdrive speed 6 16 Standard speed 0.25 15 Overdrive speed 0.25 2 Standard speed 0.25 15 - δ Overdrive speed 0.25 2-δ Standard speed tRL + δ 15 Overdrive speed tRL + δ 2 µs IO PIN: 1-Wire WRITE Write-Zero Low Time (Notes 1, 18) tW0L Write-One Low Time (Notes 1, 18) tW1L µs µs IO PIN: 1-Wire READ Read Low Time (Notes 1, 19) Read Sample Time (Notes 1, 19) tRL tMSR µs µs PIOA AND PIOB PINS Output Low PIOVOL Input Low PIOVIL Input High Leakage Current www.maximintegrated.com PIOIOL = 4mA (Note 10) 0.4 V -0.3 0.15 x VPUP V PIOVIH 0.7 x VPUP VPUP + 0.3 V PIOIL -1 +1 µA Maxim Integrated │  3 DS28E36 DeepCover Secure Authenticator Electrical Characteristics (continued) Limits are 100% production tested at TA = +25°C and TA = +85°C. Typical values are at TA = +25°C. Limits over the operating temperature range and relevant supply voltage range are guaranteed by design and characterization. Specifications marked GBD are guaranteed by design and not production tested. Specifications to the minimum operating temperature are guaranteed by design and are not production tested. PARAMETER SYMBOL CONDITIONS MIN TYP MAX UNITS STRONG PULLUP OPERATION Generate ECDSA Signature Time tGES (Note 1) 50 ms Generate ECC Key Pair tGKP (Note 1) 100 ms Verify ECDSA Signature or Compute ECDH Time tVES (Note 1) 150 ms Computation Time (HMAC or RNG) tCMP (Note 1) 3 ms Read Memory Time tRM (Note 1) 1 ms Write Memory Time tWM (Note 1) 15 ms Write/Erase Cycles (Endurance) NCY (Note 21) Data Retention tDR TA = +85°C (Note 22) EEPROM 100k — 10 Years POWER-UP Power-Up Time tOSCWUP (Notes 1, 23) 2 ms Note 1: System requirement. Note 2: Maximum allowable pullup resistance is a function of the number of 1-Wire devices in the system and 1-Wire recovery times. The specified value here applies to systems with only one device and with the minimum 1-Wire recovery times. Note 3: Value represents the internal parasite capacitance when VPUP is first applied. Once the parasite capacitance is charged, it does not affect normal communication. Typically, during normal communication, the internal parasite capacitance is effectively ~100pF. Note 4: Guaranteed by design and/or characterization only. Not production tested. Note 5: VTL, VTH, and VHY are a function of the internal supply voltage, which is a function of VPUP, RPUP, 1-Wire timing, and capacitive loading on IO. Lower VPUP, higher RPUP, shorter tREC, and heavier capacitive loading all lead to lower values of VTL, VTH, and VHY. Note 6: Voltage below which, during a falling edge on IO, a logic-zero is detected. Note 7: The voltage on IO must be less than or equal to VILMAX at all times the master is driving IO to a logic-zero level. Note 8: Voltage above which, during a rising edge on IO, a logic-one is detected. Note 9: After VTH is crossed during a rising edge on IO, the voltage on IO must drop by at least VHY to be detected as logic-zero. Note 10: The I-V characteristic is linear for voltages less than 1V. Note 11: Applies to a single device attached to a 1-Wire line. Note 12: tREC min covers operation at worst-case temperature VPUP, RPUP, CX, tRSTL, tWOL, and tRL. tRECMIN can be significantly reduced under less extreme conditions. Contact the factory for more information. Note 13: The earliest recognition of a negative edge is possible at tREH after VTH has been previously reached. Note 14: Defines maximum possible bit rate. Equal to 1/(tW0LMIN + tRECMIN). Note 15: An additional reset of communication sequence sequence cannot begin until the reset high time has expired. Note 16: Time from V(IO) = 80% of VPUP and V(IO) = 20% of VPUP at the negative edge on IO at the beginning of the Presence Detect pulse. Note 17: Interval after tRSTL during which a bus master can read a logic 0 on IO if there is a DS28E36 present. Note 18: ε in Figure 6 represents the time required for the pullup circuitry to pull the voltage on IO up from VIL to VTH. Note 19: δ in Figure 6 represents the time required for the pullup circuitry to pull the voltage on IO up from VIL to the input-high threshold of the bus master. Note 20: ISPU is the current drawn from IO during a strong pullup (SPU) operation. The pullup circuit on IO during the SPU operation should be such that the voltage at IO is greater than or equal to VSPUMIN. A low-impedance bypass of RPUP activated during the SPU operation is the recommended way to meet this requirement. Note 21: Write-cycle endurance is tested in compliance with JESD47H. Note 22: Data retention is tested in compliance with JESD47H. Note 23: 1-Wire communication should not take place for at least tOSCWUP after VPUP reaches VPUP min. www.maximintegrated.com Maxim Integrated │  4 DS28E36 DeepCover Secure Authenticator Pin Configuration Pin Description TOP VIEW N.C. 1 IO GND 2 3 6 CEXT DS28E36 *EP 5 PIOA 4 PIOB TDFN-EP (3mm x 3mm) Detailed Description The DS28E36 is a secure authenticator that supports multiple asymmetric (ECC-P256) and symmetric (SHA256) security functions. In addition to the security services provided by the hardware implemented ECC and SHA256 engines, the device integrates a FIPS/NIST true random number generator (RNG), 8Kb of secured EEPROM, a decrement-only counter, two pins of configurable GPIO, and a unique 64-bit serial number. The ECC public/private key capabilities operate from the NIST defined P-256 curve and include FIPS 186 compliant ECDSA signature generation and verification for bidirectional asymmetric key authentication. Additionally, through FIPS/NIST 80056B ECDH-based key agreement, the device supports secure storage and host communication of sensitive data, such as application-specific crypto keys that would be used independently by a host processor. The SHA256 secret-key capabilities are compliant with FIPS 180 and are flexibly used either in conjunction with ECDSA operations or independently for multiple MAC and HMAC functions. Through the integrated RNG, the device further enhances system crypto functionality with the ability to supply FIPS-grade random numbers to a host processor along with internal-only functions including nonce values for ECDSA operation and optional generation of its ECC private keys. Two pins of GPIO can be independently www.maximintegrated.com PIN NAME 1 N.C. 2 IO FUNCTION No Connection 1-Wire IO 3 GND Ground 4 PIOB General-Purpose IO 5 PIOA General-Purpose IO 6 CEXT Input for External Capacitor — EP Exposed Pad (TDFN Only). Solder evenly to the board’s ground plane for proper operation. Refer to Application Note 3273: Exposed Pads: A Brief Introduction for additional information. operated under command control and include configurability supporting authenticated and nonauthenticated operation including an ECDSA-based crypto-robust mode to support secure-boot of a host processor. The DS28E36 integrates an 8Kb secured EEPROM array to store keys, certificates, general-purpose data and control registers. Multiple user-programmable protection modes exist for the general-purpose memory space including open, ECDSA R/W authentication protection, SHA-256 HMAC R/W authentication protected, and SHA256 one-time-pad (OTP) R/W encryption in conjunction with an ECDH established key. With these options, general-purpose memory can be flexibly configured to store end application data ranging from nonsensitive calibration constants to critically sensitive host-system crypto keys. The DS28E36 also provides a dedicated 17-bit counter that operates in a decrement-only mode to support applications where limited use requirements exist and must be tracked. Once set and upon command, the device decrements the counter value by 1. After the counter reaches a value of 0, no additional changes are possible. To prevent reply attacks, a read of the counter is performed with userselectable ECDSA or SHA-256 HMAC authentication. The block diagram in Figure 1 shows the relationships between the circuit elements of the DS28E36. Maxim Integrated │  5 DS28E36 DeepCover Secure Authenticator PARASITE POWER CX Cext DS28E36 64-BIT ROM ID IO 1-Wire FUNCTION CONTROL And COMMAND BUFFER ECC (256) SHA-256 RNG USER MEMORY KEYS DECREMENT COUNTER COMPUTE CONTROL PIOA PIOB AUTHENTICATED GPIO Figure 1. Simplified Block Diagram Design Resource Overview Operation of the DS28E36 involves use of device EEPROM and execution of device function commands. The following provides an overview including the decrement counter and GPIO pins. Refer to the DS28E36 Security Guide for full details. Memory A secured 8kbit EEPROM array is divided into two 4kbit regions. One 4kbit space for user-programmable and configurable memory, the other 4kbit space for registers including ECC and SHA-256 keys, the decrement-only counter, and programmable device control functions. Depending on the register function, there are either default or user-programmable protection modes. Function Commands After a 1-Wire Reset/Presence cycle and ROM function command sequence is successful, a device function command can be accepted. These commands, in general, www.maximintegrated.com follow the state flow diagrams of Figure 2 and Figure 3. Within these flow diagrams, the data transfer is verified when writing and reading by a CRC of 16-bit type (CRC16). The CRC-16 is computed as described in Maxim’s Application Note 27. Decrement Counter The 17-bit decrement only counter can be written/initialized one time. If unwritten, it reads as random data and cannot be authenticated with a read. A dedicated device function command is used to decrement the count value by one with each call. Once the count value reaches a value of 0, no additional decrements are possible. GPIO Control State setting and/or reads of the two open-drain GPIO pins is controlled in accordance with user-programmable protection settings. Multiple protection options exist based on ECDSA, ECDH key establishment, or SHA256-HMAC. Maxim Integrated │  6 DS28E36 DeepCover Secure Authenticator MASTER Tx MEMORY FUNCTION COMMAND EX CMD DATA WRITE N Y FROM ROM FUNCTIONS FLOW CHART (FIGURE 7) READ MEMORY COMMAND MASTER Tx MEMORY FUNCTION COMMAND N Y FROM ROM FUNCTIONS FLOW CHART (FIGURE 7) MASTER Tx PARAMETER(S) MASTER Tx PARAMETER(S) MASTER Rx CRC-16 OF CMD AND PARAMETER(S) MASTER Rx CRC-16 OF CMD AND PARAMETER(S) N MASTER Tx DATA BYTE(S) MASTER Tx RELEASE? Y N MASTER Rx RELEASE? DELAY WITH STRONG PULLUP Y DELAY WITH STRONG PULLUP MASTER Rx MEMORY DATA BYTES MASTER Tx RESULT BYTE (AAh FOR SUCCESS) MASTER Rx CRC-16 OF DATA BYTE MASTER Rx CRC-16 OF RESULT BYTE MASTER Rx 1s N MASTER Tx RESET? Y FROM ROM FUNCTIONS FLOW CHART (FIGURE 7) Figure 2. 1-Wire Device Execute Command or Data Write Flow Chart www.maximintegrated.com MASTER Rx 1s N MASTER Tx RESET? Y FROM ROM FUNCTIONS FLOW CHART (FIGURE 7) Figure 3. 1-Wire Device Data Read Flow Chart Maxim Integrated │  7 DS28E36 DeepCover Secure Authenticator 1-Wire Bus System The 1-Wire bus is a system that has a single bus master and one or more slaves. In all instances, the DS28E36 is a slave device. The bus master is typically a microcontroller. The discussion of this bus system is broken down into three topics: hardware configuration, transaction sequence, and 1-Wire signaling (signal types and timing). The 1-Wire protocol defines bus transactions in terms of the bus state during specific time slots, which are initiated on the falling edge of sync pulses from the bus master. Hardware Configuration The 1-Wire bus has only a single line by definition; it is important that each device on the bus be able to drive it at the appropriate time. To facilitate this, each device attached to the 1-Wire bus must have open-drain or threestate outputs. The 1-Wire port of the DS28E36 is open drain with an internal circuit equivalent to that shown in Figure 4. A multidrop bus consists of a 1-Wire bus with multiple slaves attached. The DS28E36 supports both a standard and overdrive communication speed of 11.7kbps (max) and 62.5kbps (max), respectively. The value of the pullup resistor primarily depends on the network size and load conditions. The DS28E36 requires a pullup resistor of 1kΩ (max) at any speed. The idle state for the 1-Wire bus is high. If for any reason a transaction needs to be suspended, the bus must be left in the idle state if the transaction is to resume. If this does not occur and the bus is left low for more than 16μs (overdrive speed) or more than 120μs (standard speed), one or more devices on the bus could be reset. Transaction Sequence The protocol for accessing the DS28E36 through the 1-Wire port is as follows: ●● Initialization ●● ROM function command ●● Memory function command ●● Transaction/data Initialization All transactions on the 1-Wire bus begin with an initialization sequence. The initialization sequence consists of a reset pulse transmitted by the bus master followed by presence pulse(s) transmitted by the slave(s). The presence pulse lets the bus master know that the DS28E36 is on the bus and is ready to operate. For more details, see the 1-Wire Signaling and Timing section. VPUP *SEE NOTE 1-WIRE SLAVE PORT BUS MASTER Tx PIOX Rx PIOY Tx BIDIRECTIONAL OPEN-DRAIN PORT CTL RPUP DATA Rx = RECEIVE Tx = TRANSMIT CX Rx IL Tx 100Ω MOSFET *NOTE: USE A LOW-IMPEDANCE BYPASS OR EQUALLY DRIVE LOGIC ‘1’ WITH PIOY Figure 4. Hardware Configuration www.maximintegrated.com Maxim Integrated │  8 DS28E36 DeepCover Secure Authenticator 1-Wire Signaling and Timing remains in overdrive mode. If the device is in overdrive mode and tRSTL is between 80μs and 480μs, the device resets, but the communication speed is undetermined. The DS28E36 requires strict protocols to ensure data integrity. The protocol consists of four types of signaling on one line: reset sequence with reset pulse and presence pulse, write-zero, write-one, and read-data. Except for the presence pulse, the bus master initiates all falling edges. The DS28E36 can communicate at two speeds: standard and overdrive. If not explicitly set into the overdrive mode, the DS28E36 communicates at standard speed. While in overdrive mode, the fast timing applies to all waveforms. After the bus master has released the line, it goes into receive mode. Now, the 1-Wire bus is pulled to VPUP through the pullup resistor or, in the case of a special driver chip, through the active circuitry. Now, the 1-Wire bus is pulled to VPUP through the pullup resistor. When the threshold VTH is crossed, the DS28E36 waits and then transmits a presence pulse by pulling the line low. To detect a presence pulse, the master must test the logical state of the 1-Wire line at tMSP. To get from idle to active, the voltage on the 1-Wire line needs to fall from VPUP below the threshold VTL. To get from active to idle, the voltage needs to rise from VILMAX past the threshold VTH. The time it takes for the voltage to make this rise is seen in Figure 6 as ε, and its duration depends on the pullup resistor (RPUP) used and the capacitance of the 1-Wire network attached. The voltage VILMAX is relevant for the DS28E36 when determining a logical level, not triggering any events. Immediately after tRSTH has expired, the DS28E36 is ready for data communication. In a mixed population network, tRSTH should be extended to a minimum 480μs at standard speed and a 48μs at overdrive speed to accommodate other 1-Wire devices. Read/Write Time Slots Data communication with the DS28E36 takes place in time slots that carry a single bit each. Write time slots transport data from bus master to slave. Read time slots transfer data from slave to master. Figure 6 illustrates the definitions of the write and read time slots. Figure 5 shows the initialization sequence required to begin any communication with the DS28E36. A reset pulse followed by a presence pulse indicates that the DS28E36 is ready to receive data, given the correct ROM and memory function command. If the bus master uses slewrate control on the falling edge, it must pull down the line for tRSTL + tF to compensate for the edge. A tRSTL duration of 480μs or longer exits the overdrive mode, returning the device to standard speed. If the DS28E36 is in overdrive mode and tRSTL is no longer than 80μs, the device All communication begins with the master pulling the data line low. As the voltage on the 1-Wire line falls below the threshold VTL, the DS28E36 starts its internal timing generator that determines when the data line is sampled during a write time slot and how long data is valid during a read time slot. MASTER TX “RESET PULSE” MASTER RX “PRESENCE PULSE” ε VPUP tMSP VIHMASTER VTH VTL VILMAX 0V tF tRSTL tREC tRSTH RESISTOR (RPUP) MASTER 1-WIRE SLAVE Figure 5. Initialization Procedure: Reset and Presence Pulse www.maximintegrated.com Maxim Integrated │  9 DS28E36 DeepCover Secure Authenticator WRITE-ONE TIME SLOT tW1L VPUP VIHMASTER VTH VTL VILMAX 0V tF ε tSLOT RESISTOR (RPUP) MASTER WRITE-ZERO TIME SLOT tW0L VPUP VIHMASTER VTH VTL VILMAX 0V tF ε tREC tSLOT RESISTOR (RPUP) MASTER READ-DATA TIME SLOT tMSR tRL VPUP VIHMASTER VTH VTL VILMAX 0V MASTER SAMPLING WINDOW tF δ tREC tSLOT RESISTOR (RPUP) MASTER 1-WIRE SLAVE Figure 6. Read/Write Timing Diagrams www.maximintegrated.com Maxim Integrated │  10 DS28E36 Master-to-Slave For a write-one time slot, the voltage on the data line must have crossed the VTH threshold before the writeone low time tW1LMAX is expired. For a write-zero time slot, the voltage on the data line must stay below the VTH threshold until the write-zero low time tW0LMIN is expired. For the most reliable communication, the voltage on the data line should not exceed VILMAX during the entire tW0L or tW1L window. After the VTH threshold has been crossed, the DS28E36 needs a recovery time tREC before it is ready for the next time slot. Slave-to-Master A read-data time slot begins like a write-one time slot. The voltage on the data line must remain below VTL until the read low time tRL is expired. During the tRL window, when responding with a 0, the DS28E36 starts pulling the data line low; its internal timing generator determines when this pulldown ends and the voltage starts rising again. When responding with a 1, the DS28E36 does not hold the data line low at all, and the voltage starts rising as soon as tRL is over. The sum of tRL + δ (rise time) on one side and the internal timing generator of the DS28E36 on the other side define the master sampling window (tMSRMIN to tMSRMAX), in which the master must perform a read from the data line. For the most reliable communication, tRL should be as short as permissible, and the master should read close to but no later than tMSRMAX. After reading from the data line, the master must wait until tSLOT is expired. This guarantees sufficient recovery time tREC for the DS28E36 to get ready for the next time slot. Note that tREC specified herein applies only to a single DS28E36 attached to a 1-Wire line. For multidevice configurations, tREC must be extended to accommodate the additional 1-Wire device input capacitance. Alternatively, an interface that performs active pullup during the 1-Wire recovery time such as the special 1-Wire line drivers can be used. 1-Wire ROM Function Commands Once the bus master has detected a presence, it can issue one of the seven ROM function commands that the DS28E36 supports. All ROM function commands are 8 bits long. A list of these commands follows (see the flowchart in Figure 7-1 and Figure 7-2). www.maximintegrated.com DeepCover Secure Authenticator Read ROM [33h] The Read ROM command allows the bus master to read the DS28E36’s 8-bit family code, unique 48-bit serial number, and 8-bit CRC. This command can only be used if there is a single slave on the bus. If more than one slave is present on the bus, a data collision occurs when all slaves try to transmit at the same time (open drain produces a wired-AND result). The resultant family code and 48-bit serial number result in a mismatch of the CRC. Match ROM [55h] The Match ROM command, followed by a 64-bit ROM sequence, allows the bus master to address a specific DS28E36 on a multidrop bus. Only the DS28E36 that exactly matches the 64-bit ROM sequence responds to the subsequent memory function command. All other slaves wait for a reset pulse. This command can be used with a single device or multiple devices on the bus. Search ROM [F0h] When a system is initially brought up, the bus master might not know the number of devices on the 1-Wire bus or their ROM ID numbers. By taking advantage of the wired-AND property of the bus, the master can use a process of elimination to identify the ID of all slave devices. For each bit in the ID number, starting with the least significant bit, the bus master issues a triplet of time slots. On the first slot, each slave device participating in the search outputs the true value of its ID number bit. On the second slot, each slave device participating in the search outputs the complemented value of its ID number bit. On the third slot, the master writes the true value of the bit to be selected. All slave devices that do not match the bit written by the master stop participating in the search. If both of the read bits are zero, the master knows that slave devices exist with both states of the bit. By choosing which state to write, the bus master branches in the search tree. After one complete pass, the bus master knows the ROM ID number of a single device. Additional passes identify the ID numbers of the remaining devices. Refer to Application Note 187: 1-Wire Search Algorithm for a detailed discussion, including an example. Maxim Integrated │  11 DS28E36 Skip ROM [CCh] This command can save time in a single-drop bus system by allowing the bus master to access the memory functions without providing the 64-bit ROM ID. If more than one slave is present on the bus and, for example, a read command is issued following the Skip ROM command, data collision occurs on the bus as multiple slaves transmit simultaneously (open-drain pulldowns produce a wired-AND result). Resume [A5h] To maximize the data throughput in a multidrop environment, the Resume command is available. This command checks the status of the RC bit and, if it is set, directly transfers control to the memory function commands, similar to a Skip ROM command. The only way to set the RC bit is by successfully executing the Match ROM, Search ROM, or Overdrive-Match ROM command. Once the RC bit is set, the device can repeatedly be accessed through the Resume command. Accessing another device on the bus clears the RC bit, preventing two or more devices from simultaneously responding to the Resume command. Overdrive-Skip ROM [3Ch] On a single-drop bus this command can save time by allowing the bus master to access the memory functions without providing the 64-bit ROM ID. Unlike the normal Skip ROM command, the Overdrive-Skip ROM command sets the DS28E36 into the overdrive mode (OD = 1). All communication following this command must occur at www.maximintegrated.com DeepCover Secure Authenticator overdrive speed until a reset pulse of minimum 480μs duration resets all devices on the bus to standard speed (OD = 0). When issued on a multidrop bus, this command sets all overdrive-supporting devices into overdrive mode. To subsequently address a specific overdrive-supporting device, a reset pulse at overdrive speed must be issued followed by a Match ROM or Search ROM command sequence. This speeds up the time for the search process. If more than one slave supporting overdrive is present on the bus and the Overdrive-Skip ROM command is followed by a read command, data collision occurs on the bus as multiple slaves transmit simultaneously (opendrain pulldowns produce a wired-AND result). Overdrive-Match ROM [69h] The Overdrive-Match ROM command followed by a 64-bit ROM sequence transmitted at overdrive speed allows the bus master to address a specific DS28E36 on a multidrop bus and to simultaneously set it in overdrive mode. Only the DS28E36 that exactly matches the 64-bit ROM sequence responds to the subsequent memory function command. Slaves already in overdrive mode from a previous Overdrive-Skip ROM or successful Overdrive-Match ROM command remain in overdrive mode. All overdrivecapable slaves return to standard speed at the next reset pulse of minimum 480μs duration. The Overdrive-Match ROM command can be used with a single device or multiple devices on the bus. Maxim Integrated │  12 DS28E36 DeepCover Secure Authenticator BUS MASTER Tx RESET PULSE FROM DEVICE FUNCTIONS FLOW CHART OD RESET PULSE? FROM ROM FUNCTION FLOW PART 2 N OD = 0 Y BUS MASTER Tx ROM FUNCTION COMMAND 33h READ ROM COMMAND? SLAVE Tx PRESENCE PULSE N 55h MATCH ROM COMMAND? F0h SEARCH ROM COMMAND? N N CCh SKIP ROM COMMAND? Y Y Y Y RC = 0 RC = 0 RC = 0 RC = 0 SLAVE Tx FAMILY CODE (1 BYTE) SLAVE Tx BIT 0 MASTER Tx BIT 0 N N BIT 0 MATCH? Y Y SLAVE Tx BIT 1 SLAVE Tx BIT 1 MASTER Tx BIT 1 MASTER Tx BIT 0 Y BIT 1 MATCH? N N Y SLAVE Tx CRC BYTE TO ROM FUNCTION FLOW PART 2 SLAVE Tx BIT 0 MASTER Tx BIT 0 BIT 0 MATCH? SLAVE Tx SERIAL NUMBER (6 BYTES) N BIT 1 MATCH? Y SLAVE Tx BIT 63 SLAVE Tx BIT 63 MASTER Tx BIT 63 MASTER Tx BIT 63 BIT 63 MATCH? RC = 1 N N BIT 63 MATCH? RC = 1 TO ROM FUNCTION FLOW PART 2 FROM ROM FUNCTION FLOW PART 2 Figure 7-1. ROM Functions Flow Chart www.maximintegrated.com Maxim Integrated │  13 DS28E36 DeepCover Secure Authenticator TO ROM FUNCTION FLOW PART 1 FROM ROM FUNCTION FLOW PART 1 A5h RESUME COMMAND? 3Ch OVERDRIVESKIP ROM? N Y RC = 1? N Y N Y RC = 0; OD = 1 RC = 0; OD = 1 N 69h OVERDRIVEMATCH ROM? MASTER Tx BIT 0 MASTER Tx RESET? Y N OD = 0 Y N MASTER Tx RESET? BIT 0 MATCH? MASTER Tx BIT 1 Y N BIT 1 MATCH? N OD = 0 Y SLAVE Tx BIT 63 BIT 63 MATCH? FROM ROM FUNCTION FLOW PART 1 N OD = 0 RC = 1 TO ROM FUNCTION FLOW PART 1 TO DEVICE FUNCTIONS FLOW CHART Figure 7-2. ROM Functions Flow Chart (continued) www.maximintegrated.com Maxim Integrated │  14 DS28E36 DeepCover Secure Authenticator Improved Network Behavior (Switchpoint Hysteresis) The DS28E36’s 1-Wire front-end has the following features: In a 1-Wire environment, line termination is possible only during transients controlled by the bus master (1-Wire driver). 1-Wire networks, therefore, are susceptible to noise of various origins. Depending on the physical size and topology of the network, reflections from end points and branch points can add up or cancel each other to some extent. Such reflections are visible as glitches or ringing on the 1-Wire communication line. Noise coupled onto the 1-Wire line from external sources can also result in signal glitching. A glitch during the rising edge of a time slot can cause a slave device to lose synchronization with the master and, consequently, result in a Search ROM command coming to a dead end or cause a device-specific function command to abort. For better performance in network applications, the DS28E36 uses a 1-Wire frontend that is less sensitive to noise. ●● The falling edge of the presence pulse has a controlled slew rate to reduce ringing. The slew rate control is specified by tFPD. ●● There is a hysteresis at the low-to-high switching threshold VTH. If a negative glitch crosses VTH, but does not go below VTH - VHY, it is not recognized (Figure 8, Case A). The hysteresis is effective at any 1-Wire speed. ●● There is a time window specified by the rising edge hold-off time tREH during which glitches are ignored, even if they extend below the VTH - VHY threshold (Figure 8, Case B, tGL < tREH). Deep voltage drops or glitches that appear late after crossing the VTH threshold and extend beyond the tREH window cannot be filtered out and are taken as the beginning of a new time slot (Figure 8, Case C, tGL ≥ tREH). tREH tREH VPUP VTH VHY CASE A 0V CASE B tGL CASE C tGL Figure 8. Noise Suppression Scheme www.maximintegrated.com Maxim Integrated │  15 DS28E36 DeepCover Secure Authenticator Typical Application Circuit VCC 100kΩ VCC PIOX 1kΩ Q1 PIOA PIOB *PMV65XP µC PIOY GND BIDIRECTIONAL OPEN-DRAIN PORT RP RPUP IO DS28E36 IO CEXT GND IO CX *NOTE: USE A Q1 LOW-IMPEDANCE BYPASS OR EQUALLY DRIVE LOGIC 1 WITH PIOY Package Information Ordering Information PART TEMP RANGE PIN-PACKAGE DS28E36Q+T† -40°C to +85°C 6 TDFN-EP* (2.5k pcs) DS28E36BQ+T -40°C to +85°C 6 TDFN-EP* (2.5k pcs) +Denotes a lead(Pb)-free/RoHS-compliant package. T= Tape and reel. *EP = Exposed pad. †Not recommended for new designs. www.maximintegrated.com For the latest package outline information and land patterns (footprints), go to www.maximintegrated.com/ packages. Note that a “+”, “#”, or “-” in the package code indicates RoHS statusonly. Package drawings may show a different suffix character, but the drawing pertains to the package regardless of RoHS status. PACKAGE TYPE PACKAGE CODE OUTLINE NO. LAND PATTERN NO. 6 TDFN-EP* T633+2 21-0137 90-0058 Maxim Integrated │  16 DS28E36 DeepCover Secure Authenticator Revision History REVISION NUMBER REVISION DATE 0 10/17 Initial release 1 10/17 Updated Package Information section 2 2 11/18 Updated Ordering Information section 16 3 3/20 Updated Typical Application Circuit 16 DESCRIPTION PAGES CHANGED — For pricing, delivery, and ordering information, please contact Maxim Direct at 1-888-629-4642, or visit Maxim Integrated’s website at www.maximintegrated.com. Maxim Integrated cannot assume responsibility for use of any circuitry other than circuitry entirely embodied in a Maxim Integrated product. No circuit patent licenses are implied. Maxim Integrated reserves the right to change the circuitry and specifications without notice at any time. The parametric values (min and max limits) shown in the Electrical Characteristics table are guaranteed. Other parametric values quoted in this data sheet are provided for guidance. Maxim Integrated and the Maxim Integrated logo are trademarks of Maxim Integrated Products, Inc. © 2018 Maxim Integrated Products, Inc. │  17