ABRIDGED DATA SHEET
EVALUATION KIT AVAILABLE
Click here for production status of specific part numbers.
DS28C36
DeepCover Secure Authenticator
General Description
The DS28C36 is a DeepCover secure authenticator
Benefits and Features
● ECC-256 Compute Engine
®
• FIPS 186 ECDSA P256 Signature and Verification
• ECDH Key Exchange with Authentication Prevents
Man-in-the-Middle Attacks
• ECDSA Authenticated R/W of Configurable
Memory
that provides a core set of cryptographic tools derived
from integrated asymmetric (ECC-P256) and symmetric
(SHA-256) security functions. In addition to the security
services provided by the hardware implemented crypto
engines, the device integrates a FIPS/NIST true random
number generator (RNG), 8Kb of secured EEPROM, a
decrement-only counter, two pins of configurable GPIO,
and a unique 64-bit ROM identification number (ROM ID).
● FIPS 180 SHA-256 Compute Engine
• HMAC
● SHA-256 OTP (One-Time Pad) Encrypted R/W of
The ECC public/private key capabilities operate from
the NIST defined P-256 curve and include FIPS 186
compliant ECDSA signature generation and verification
to support a bidirectional asymmetric key authentication
model. The SHA-256 secret-key capabilities are compli-
ant with FIPS 180 and are flexibly used either in conjunc-
tion with ECDSA operations or independently for multiple
HMAC functions.
Configurable Memory Through ECDH Established Key
● Two GPIO Pins with Optional Authentication Control
• Open-Drain, 4mA/0.4V
• Optional SHA-256 or ECDSA Authenticated On/Off
and State Read
• Optional ECDSA Certificate to Set On/Off after
Multiblock Hash for Secure Boot
● RNG with NIST SP 800-90B Compliant Entropy
Two GPIO pins can be independently operated under
command control and include configurability supporting
authenticated and nonauthenticated operation including
an ECDSA-based crypto-robust mode to support secure-
boot of a host processor.
Source with Function to Read Out
● Optional Chip Generated Pr/Pu Key Pairs for ECC
Operations
● 17-Bit One-Time Settable, Nonvolatile Decrement-
Only Counter with Authenticated Read
DeepCover embedded security solutions cloak sensitive
data under multiple layers of advanced security to provide
the most secure key storage possible. To protect against
device-level security attacks, invasive and noninvasive
countermeasures are implemented including active die
shield, encrypted storage of keys, and algorithmic methods.
● 8Kbits of EEPROM for User Data, Keys, and
Certificates
● Unique and Unalterable Factory Programmed 64-Bit
Identification Number (ROM ID)
• Optional Input Data Component to Crypto and Key
Operations
Applications
● IoT Node Crypto-Protection
● Accessory and Peripheral Secure Authentication
2
● I C Communication Up to 1MHz
● Operating Range: 2.2V to 3.63V, -40°C to +85°C
● 6-Pin TDFN Package
● Secure Storage of Cryptographic Keys for a Host
Controller
● Secure Boot or Download of Firmware and/or System
Ordering Information appears at end of data sheet.
Parameters
Typical Application Circuit appears at end of data sheet.
DeepCover is a registered trademark of Maxim Integrated
Products, Inc.
19-8564; Rev 3; 12/20