ATAES132A 32K AES Serial EEPROM Specification SUMMARY DATASHEET Features CryptoAuthentication Crypto Element Device with Secure Hardware-based Key Storage Ensures Things and Code are Real, Untampered, and Confidential 32Kb Standard Serial EEPROM Memory Compatible with the Atmel(R) AT24C32D and the Atmel AT25320B 16 User Zones of 2Kb Each High-security Features AES Algorithm with 128-bit Keys AES-CCM for Authentication Message Authentication Code (MAC) Capability Guaranteed Unique Die Serial Number Secure Storage for up to Sixteen 128-bit Keys Encrypted User Memory Read and Write Internal High-quality FIPS Random Number Generator (RNG) 16 High-Endurance Monotonic EEPROM Counters Flexible User Configured Security User Zone Access Rights Independently Configured Authentication Prior to Zone Access Secure Download and Boot Read/Write, Encrypted, or Read-only User Zone Options Authentication and Protect Code In-transit High-speed Serial Interface Options Ecosystem Control Ensure Only OEM/Licensed Nodes and Accessories Work 10MHz SPI (Mode 0 and 3) 1MHz Standard I2C Interface 2.5V to 5.5V Supply Voltage Range Anti-cloning <250nA Sleep Current Prevent Building with Identical BOM or Stolen Code 8-pad UDFN and 8-lead SOIC Package Options Message Security Authentication, Message Integrity, and Confidentiality of Network Nodes (IoT) Temperature Range: -40C to +85C Benefits Easily Add Security by Replacing Existing Serial EEPROM Authenticate Consumables, Components, and Network Access Protect Sensitive Firmware Securely Store Sensitive Data and Enable Paid-for Features Prevent Contract Manufacturers from Overbuilding Manage Warranty Claims Securely Store Identity Data (i.e. Fingerprints and Pictures) This is a summary document. The complete document is available on the Atmel website at www.atmel.com. Atmel-8914BS-CryptoAuth-ATAES132A-Datasheet-Summary_022016 Description The Atmel ATAES132A is a high-security, Serial Electrically-Erasable and Programmable Read-Only Memory (EEPROM) providing both authentication and confidential nonvolatile data storage capabilities. Access restrictions for the 16 user zones are independently configured, and any key can be used with any zone. In addition, keys can be used for standalone authentication. This flexibility permits the ATAES132A to be used in a wide range of applications. The AES-128 cryptographic engine operates in AES-CCM mode to provide authentication, stored data encryption/decryption, and Message Authentication Codes. Data encryption/decryption can be performed for internally stored data or for small external data packets, depending upon the configuration. Data encrypted by one ATAES132A device can be decrypted by another, and vice versa. 2 The ATAES132A pinout is compatible with standard SPI and I C Serial EEPROMs to allow placement on existing 2 PC boards. The SPI and I C instruction sets are identical to the Atmel Serial EEPROMs. The extended security functions are accessed by sending command packets to the ATAES132A using standard write instructions, and reading responses using standard read instructions. The ATAES132A secure Serial EEPROM architecture allows it to be inserted into existing applications. The ATAES132A device incorporates multiple physical security mechanisms to prevent the release of the internally stored secrets. Secure personalization features are provided to facilitate third-party product manufacturing. Pin Descriptions and Configurations Table 1. Name Pin Descriptions Description SPI Chip Select Bar Input SO Serial Data Out NC No Connect VSS Ground SI/SDA Serial Data In SCK Serial Clock Input NC No Connect VCC Supply Voltage Table 2. 2 Pin Configurations ATAES132A [Summary Datasheet] Atmel-8914BS-CryptoAuth-ATAES132A-Datasheet-Summary_022016 1. Introduction The ATAES132A is the first device in a family of high-security Serial EEPROMs using the Advanced Encryption Standard (AES) cryptographic algorithm. The ATAES132A provides 32Kb of EEPROM user data memory, sixteen 128-bit Key Registers, sixteen high-endurance monotonic EEPROM Counters, factory unique Die Identification Numbers, and a Configuration Memory. The Configuration Memory registers control access to the User Memory, as well as the restrictions on Key and Counter functionality. 2 The User Memory can be accessed directly with standard SPI or I C commands if a user zone is configured for open or read-only access. If the user zone security is activated, then the extended ATAES132A command set is used to access the contents of a user zone. The extended ATAES132A commands are executed by writing the 2 command packet to the virtual memory using standard SPI or I C Write commands. The response packet is 2 retrieved by reading it from the virtual memory using standard SPI or I C Read commands. 2 The ATAES132A packages are compatible with standard SPI and I C EEPROM footprints. This allows the ATAES132A to be inserted into many existing Serial EEPROM applications. 2. Security Features All ATAES132A security features are optional. Each feature is enabled or disabled by programming configuration bits in the EEPROM Configuration Memory. Each user zone, Key, and Counter is separately and independently configured. 2.1 Architecture ATAES132A contains all circuitry for performing authentication, encryption, and decryption using keys stored securely in the internal EEPROM. Since the secrets are stored securely in the ATAES132A, they do not have to be exchanged prior to executing cryptographic operations. ATAES132A has fixed cryptographic functionality; it is not a microcontroller and cannot accept customer firmware. ATAES132A contains a hardware AES cryptographic engine and has a fixed command set. Although the functionality is fixed, it is also flexible because each feature is enabled or disabled by the customer by programming registers in the EEPROM Configuration Memory. After personalization is complete, fuses lock the configuration so it cannot be changed. 2.1.1 AES The ATAES132A cryptographic functions are implemented with a hardware cryptographic engine using AES in CCM mode with a 128-bit key. AES-CCM mode provides both confidentiality and integrity checking with a single key. The integrity MAC includes both the encrypted data and additional authenticate-only data bytes, as described in each command definition. Each MAC is unique due to inclusion of a Nonce and an incrementing MacCount Register in the MAC calculation. 2.1.2 Hardware Security Features The ATAES132A device contains physical security features to prevent an attacker from determining the internal secrets. ATAES132A includes tamper detectors for voltage, temperature, frequency, and light, as well as an active metal shield over the circuitry, internal memory encryption, and other various features. The ATAES132A physical design and cryptographic protocol are designed to prevent or significantly complicate most algorithmic, timing, and side-channel attacks. ATAES132A [Summary Datasheet] Atmel-8914BS-CryptoAuth-ATAES132A-Datasheet-Summary_022016 3 2.2 Authentication The authentication commands utilize AES-CCM to generate or validate a MAC value computed using an internally stored key. The command set supports both one-way and mutual authentication. One ATAES132A device can generate packets for authentication of a second ATAES132A device containing the same key. The internal authentication status register remembers only the most recent authentication attempt. A user zone can be configured to require prior authentication of a designated key before access to the user zone is permitted. 2.2.1 Key Authentication Individual keys can be configured to require a successful authentication prior to use. This requirement can be used to prevent some kinds of exhaustive attacks on the keys. The authentication requirement can be chained to require authentication of several keys prior to allowing a particular operation. The internal Authentication Status Registers remember only the most recent authentication attempt. 3. Electrical Characteristics 3.1 Absolute Maximum Ratings* Operating Temperature ....................... -40C to +85C Notice*: Storage Temperature......................... -65C to +150C Maximum Operating Voltage ................................ 6.0V DC Output Current ............................................. 5.0mA Voltage on any pin ...................... -0.7V to (VCC + 0.7V) HBM ESD ...............................................3kV minimum 3.2 tresses beyond those listed under "Absolute Maximum Ratings" may cause permanent damage to the device. This is a stress rating only, and the functional operation of the device at these or any other conditions beyond those indicated in the operational sections of this specification is not implied. Exposure to absolute maximum rating conditions for extended periods may affect device reliability. Reliability The ATAES132A is fabricated with the Atmel high reliability CMOS EEPROM manufacturing technology. The reliability ratings in Table 3-1 apply to each byte of the EEPROM memory. Table 3-1. (1) EEPROM Reliability Parameter Write Endurance (each byte) Min Max Units 100,000 Write Cycles Data Retention (at 55C) 10 Years Data Retention (at 35C) 30 Read Endurance Note: 4 Typical 1. 50 Years Unlimited Read Cycles These specifications apply to every byte of the User Memory, Configuration Memory, and Key Memory. The Write Endurance specification also applies to the RNG EEPROM Seed Register. ATAES132A [Summary Datasheet] Atmel-8914BS-CryptoAuth-ATAES132A-Datasheet-Summary_022016 3.3 DC Characteristics 3.3.1 Supply Characteristics Table 3-2. Supply Voltage and Current Characteristics Applicable over recommended operating range from TA = -40C to +85C, VCC = +2.5V to +5.5V (unless otherwise noted). Symbol VCC (1) Parameter Test Conditions Min Max Units 5.50 V 6 mA 10 mA 600 800 A (3) 0.10 0.25 A (3) 0.25 0.50 A Supply Voltage Typ (1) 2.50 (4) fmax ICC1 Supply Current VCC = 3.3V at (3) SO = Open , Read, Write, or AES operation. ICC2 Supply Current VCC = 5.5V at fmax (3) SO = Open , Read, Write, or AES operation. ICC3 Idle Current VCC = 3.3V or 5.5V at fmax (3) SO = Open , Waiting for a command. ISL1 Sleep Current VCC = 3.3V; = VCC , Sleep State ISL2 Sleep Current VCC = 5.5V; = VCC , Sleep State ISB1 Standby Current VCC = 3.3V; = VCC State 15 30 A ISB2 Standby Current VCC = 5.5V; = VCC , Standby State 20 40 A (4) (4) Notes: 1. (3) , Standby (3) Typical values are at 25C, and are for reference only. Typical values are not tested or guaranteed. 2. On power-up, VCC must rise continuously from VSS to the operating voltage, with a rise time no faster than 1V/s. 3. All input pins must be held at either Vss or Vcc during this measurement. In SPI interface mode, the 2 be at VCC. In I C interface mode, the pin may be in either state. 4. Measurement is performed at the maximum serial clock frequency. In the I C interface mode, fmax is 1MHz. In the SPI interface mode, fmax is 10MHz. 5. The ATAES132A does not support hot swapping or hot plugging. Connecting or disconnecting this device to a system while power is energized can cause permanent damage to the ATAES132A. pin must 2 ATAES132A [Summary Datasheet] Atmel-8914BS-CryptoAuth-ATAES132A-Datasheet-Summary_022016 5 3.3.2 I/O Characteristics Table 3-3. DC Characteristics Applicable over recommended operating range from TA = -40C to +85C, VCC = +2.5V to +5.5V (unless otherwise noted). Symbol Test conditions Min Max Units ILI Input Current VIN = 0V or VCC -3.0 3.0 A ILO Output Leakage VOUT = 0V or VCC -3.0 3.0 A Input Low-Voltage -0.5 VCC x 0.3 V Input High-Voltage VCC x 0.7 VCC + 0.5 V VIL (1) VIH (1) VOL1 (2) VOH1 (2) VOL2 Notes: 1. 2. 6 Parameter Output Low-Voltage, 2 Except SI/SDA in I C Mode IOL = 3.0mA 0 0.4 V Output High-voltage, 2 Except SI/SDA in I C Mode IOH = -3.0mA VCC - 0.8 VCC V Output Low-voltage, 2 SI/SDA Pin in the I C Mode Only IOL = 3.0mA 0 0.4 V VIL min and VIH max are for reference only, and are not tested. 2 In the I C interface mode, if Auth signaling is enabled, the SO pin functions as the AuthO output. When AuthO is high, the VOH1 specification applies. When AuthO is not high, the pin is in the high-impedance state; the VOL1 specification is not applicable. ATAES132A [Summary Datasheet] Atmel-8914BS-CryptoAuth-ATAES132A-Datasheet-Summary_022016 3.4 AC Characteristics Table 3-4. AC Characteristics Applicable over recommended operating range from TA = -40C to + 85C, VCC = +2.5V to +5.5V. Symbol tWC1 Parameter User Zone Write Cycle Time tWC2 Key Zone Write Cycle Time (1) (1) Min Max Units 6.0 9.0 ms 12.0 16.0 ms Command Response Time Note: 3.4.1 1. The write cycle time includes the EEPROM Erase, Write, and Automatic Data Write verification operations. Power-Up, Sleep, Standby, and Wake-Up Timing Table 3-5. Power-Up, Sleep, and Wake-Up Timing Characteristics (1) Applicable over recommended operating range from TA = -40C to + 85C, VCC = +2.5V to +5.5V. Symbol Parameter Min Typ Max Units tPU.STATUS Power-Up Time, Status 500 600 s tPU.RDY Power-Up Ready Time 1200 1500 s tSB Sleep Time, Entering the Standby State 65 100 s tSL Sleep Time, Entering the Sleep State 55 90 s tWupSB.STATUS Wake-Up Status Time, Standby State 50 100 s tWupSB.RDY Wake-Up Ready Time, Standby State 200 240 s tWupSL.STATUS Wake-Up Status, Sleep State 500 600 s tWupSL.RDY Wake-Up Ready Time, Sleep State 1200 1500 s Note: 1. All values are based on characterization and are not tested. Typical values are at 25C and are for reference only. ATAES132A [Summary Datasheet] Atmel-8914BS-CryptoAuth-ATAES132A-Datasheet-Summary_022016 7 3.4.2 2 I C Interface Timing Table 3-6. 2 AC Characteristics of I C Interface Applicable over recommended operating range from TA = -40C to + 85C, VCC = +2.5V to +5.5V, CL = 1 TTL Gate and 100pF (unless otherwise noted). Symbol Parameter fSCK SCK Clock Frequency Max Units 1 MHz 70 percent SCK Clock Duty Cycle 30 tHIGH SCK High Time 400 ns tLOW SCK Low Time 400 ns tSU.STA Start Setup Time 250 ns tHD.STA Start Hold Time 250 ns tSU.STO Stop Setup Time 250 ns tSU.DAT Data in Setup Time 100 ns tHD.DAT Data in Hold Time 0 ns tR Input Rise Time (1) (1) tF Input Fall Time tAA Clock Low to Data Out Valid tDH Data Out Hold Time tBUF Time bus must be free before a new transmission can start. Notes: 1. 2. 8 Min 50 (1) 100 ns 550 ns ns 500 ns AC measurement conditions: RL (connects between SDA and VCC): 2.0k (for VCC +2.5V to +5.0V) Input pulse voltages: 0.3VCC to 0.7VCC Input rise and fall times: 50ns Input and output timing reference voltage: 0.5VCC Atmel-8914BS-CryptoAuth-ATAES132A-Datasheet-Summary_022016 ns 50 Values are based on characterization, and are not tested. ATAES132A [Summary Datasheet] 300 3.4.3 SPI Interface Timing Table 3-7. AC Characteristics of SPI Interface Applicable over recommended operating range from TA = -40C to + 85C, VCC = +2.5V to +5.5V, CL = 1 TTL Gate and 30pF (unless otherwise noted). Symbol Parameter Min Max Units fSCK SCK Clock Frequency 0 10 MHz SCK Clock Duty Cycle 30 70 percent tWH SCK High Time 40 ns tWL SCK Low Time 40 ns tCS High Time 50 ns tCSS Setup Time 50 ns tCSH Hold Time 50 ns tSU Data In Setup Time 10 ns tH Data In Hold Time 10 ns tRI Input Rise Time (1) (1) tFI Input Fall Time tV Output Valid 0 tHO Output Hold Time 0 tDIS Output Disable Time Note: 1. 2 s 2 s 40 ns ns 50 ns Values are based on characterization, and are not tested. ATAES132A [Summary Datasheet] Atmel-8914BS-CryptoAuth-ATAES132A-Datasheet-Summary_022016 9 4. Ordering Information To increase security, ATAES132A packages are not marked with the ordering code. The ATAES132A standard packages are marked with a trace code which is unique for each manufacturing lot. Contact Atmel for additional information. A.1 Ordering Codes Atmel Ordering Code Interface Configuration ATAES132A-SHEQ-B SPI ATAES132A-SHER-B IC ATAES132A-SHEQ-T SPI ATAES132A-SHER-T IC ATAES132A-MAHEQ-T SPI ATAES132A-MAHER-T IC 2 Conditioning Bulk 8S1 NiPdAu Lead-free/Halogen-free (Exceeds RoHS Requirments) 2 2 Temperature Range (2) Industrial Temperature (-40C to 85C) 8MA2 -B = Bulk 2. Lead Finish (1) Tape and Reel Notes: 1. Package SOIC = 100 per tube. -T = Tape and Reel SOIC = 4,000 per reel. UDFN = 15,000 per reel. Package Type 10 8S1 8-lead, 0.150" wide body, Plastic Gull Wing mall Outline, Green (JEDEC SOIC) 8MA2 8-pad, 2.0mm x 3.0mm x 0.6mm body, Thermally Enhanced Plastic Ultra Thin Dual Flat No Lead, Green (UDFN) ATAES132A [Summary Datasheet] Atmel-8914BS-CryptoAuth-ATAES132A-Datasheet-Summary_022016 A.2 Mechanical Information A.2.1 8S1 -- 8-lead JEDEC SOIC C 1 E E1 L N O TOP VIEW END VIEW e b COMMON DIMENSIONS (Unit of Measure = mm) A A1 D SIDE VIEW Notes: This drawing is for general information only. Refer to JEDEC Drawing MS-012, Variation AA for proper dimensions, tolerances, datums, etc. SYMBOL MIN A - A1 0.10 NOM MAX - - 1.75 0.25 b 0.31 - 0.51 C 0.17 - 0.25 D 4.90 BSC E 6.00 BSC E1 3.90 BSC e 1.27 BSC L 0.40 - 1.27 0 - 8 NOTE 3/6/2015 Package Drawing Contact: packagedrawings@atmel.com TITLE 8 1, 8-lead (0.150" Wide Body), Plastic Gull Wing Small Outline (JEDEC SOIC) GPC SWB DRAWING NO. REV. 8S1 H ATAES132A [Summary Datasheet] Atmel-8914BS-CryptoAuth-ATAES132A-Datasheet-Summary_022016 11 A.2.2 8MA2 -- 8-pad UDFN E 1 8 Pin 1 ID 2 7 3 6 4 5 D C TOP VIEW A2 SIDE VIEW A C A1 E2 b (8x) 8 7 1 D2 6 3 5 4 e (6x) K L (8x) BOTTOM VIEW Notes: COMMON DIMENSIONS (Unit of Measure = mm) 2 Pin#1 ID 1. This drawing is for general information only. Refer to Drawing MO-229, for proper dimensions, tolerances, datums, etc. 2. The Pin #1 ID is a laser-marked feature on Top View. 3. Dimensions b applies to metallized terminal and is measured between 0.15 mm and 0.30 mm from the terminal tip. If the terminal has the optional radius on the other end of the terminal, the dimension should not be measured in that radius area. 4. The Pin #1 ID on the Bottom View is an orientation feature on the thermal pad. SYMBOL MIN NOM MAX A 0.50 0.55 0.60 A1 0.0 0.02 0.05 A2 - - 0.55 D 1.90 2.00 2.10 D2 1.40 1.50 1.60 E 2.90 3.00 3.10 E2 1.20 1.30 1.40 b 0.18 0.25 0.30 C L 3 0.152 REF 0.35 e K NOTE 0.40 0.45 0.50 BSC 0.20 - - 11/2/15 Package Drawing Contact: packagedrawings@atmel.com 12 TITLE 8MA2, 8-pad 2 x 3 x 0.6mm Body, Thermally Enhanced Plastic Ultra Thin Dual Flat No-Lead Package (UDFN) ATAES132A [Summary Datasheet] Atmel-8914BS-CryptoAuth-ATAES132A-Datasheet-Summary_022016 GPC DRAWING NO. REV. YNZ 8MA2 H 5. Revision History Doc. Rev. Date Comments 8914BS 02/2016 Corrected ordering codes ATAES132A-SHEQ-B and ATAES132A-SHER-B by adding "-B". Updated 8MA2 package drawing. Added a high-feature bullet, "Guaranteed Unique Die Serial Number." 8914AS 03/2015 Initial summary document release. ATAES132A [Summary Datasheet] Atmel-8914BS-CryptoAuth-ATAES132A-Datasheet-Summary_022016 13 Atmel Corporation 1600 Technology Drive, San Jose, CA 95110 USA T: (+1)(408) 441.0311 F: (+1)(408) 436.4200 www.atmel.com (c) 2016 Atmel Corporation. / Rev.:Atmel-8914BS-CryptoAuth-ATAES132A-Datasheet-Summary_022016. Atmel(R), Atmel logo and combinations thereof, Enabling Unlimited Possibilities(R), ryptoAuthenticationTM, and others are registered trademarks or trademarks of Atmel Corporation in U.S. and other countries. Other terms and product names may be trademarks of others. DISCLAIMER: The information in this document is provided in connection with Atmel products. No license, express or implied, by estoppel or otherwise, to any intellectual property right is granted by this document or in connection with the sale of Atmel products. EXCEPT AS SET FORTH IN THE ATMEL TERMS AND CONDITIONS OF SALES LOCATED ON THE ATMEL WEBSITE, ATMEL ASSUMES NO LIABILITY WHATSOEVER AND DISCLAIMS ANY EXPRESS, IMPLIED OR STATUTORY WARRANTY RELATING TO ITS PRODUCTS INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. IN NO EVENT SHALL ATMEL BE LIABLE FOR ANY DIRECT, INDIRECT, CONSEQUENTIAL, PUNITIVE, SPECIAL OR INCIDENTAL DAMAGES (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS AND PROFITS, BUSINESS INTERRUPTION, OR LOSS OF INFORMATION) ARISING OUT OF THE USE OR INABILITY TO USE THIS DOCUMENT, EVEN IF ATMEL HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Atmel makes no representations or warranties with respect to the accuracy or completeness of the contents of this document and reserves the right to make changes to specifications and products descriptions at any time without notice. Atmel does not make any commitment to update the information contained herein. Unless specifically provided otherwise, Atmel products are not suitable for, and shall not be used in, automotive applications. Atmel products are not intended, authorized, or warranted for use as components in applications intended to support or sustain life. 14 SAFETY-CRITICAL, MILITARY, AND AUTOMOTIVE APPLICATIONS DISCLAIMER: Atmel products are not designed for and will not be used in connection with any applications where the failure of such products would reasonably be expected to result in significant personal injury or death (" afety- ritical Applications") without an Atmel officer's specific written consent. afetyCritical Applications include, without limitation, life support devices and systems, equipment or systems for the operation of nuclear facilities and weapons systems. Atmel products are not designed nor intended for use in military or aerospace applications or environments unless specifically designated by Atmel as military-grade. Atmel products are not designed nor intended for use in automotive applications unless specifically designated by Atmel as automotive-grade. Atmel-8914BS-CryptoAuth-ATAES132A-Datasheet-Summary_022016 ATAES132A [Summary Datasheet]