AT88SA102S-TSU-T Atmel, AT88SA102S-TSU-T Datasheet

Page 1

... AT88SA10HS device is designed to be placed in the validating system (host). The AT88SA102S client device can be used with or without the host side device. When the AT88SA102S is used without the host side AT88SA10HS chip the host microcontroller must store secret information in order to perform the validation of the client. Having the secret information stored in the embedded source code presents a security risk as the secrets may be ascertained with little effort ...

Page 2

... Secure Key Exchange In addition, the AT88SA102S device can be used for secure key exchange. If the device is used in conjunction with a symmetric encryption algorithm such as AES or DES an end-to-end encrypted transmission can be created. In the case of symmetric encryption the weakest link is securely transferring the keys to encrypt and decrypt the data at each end. ...

Page 3

... The portable device then takes the random challenge it received with the media and feeds it into AT88SA102S and uses the response as the key to decrypt the media. Figure 2 shows this configuration. The files in transit could be multiple files destined for the same portable device or files to many portable devices ...

Page 4

... AT88SA102S as an onboard CryptoAuthentication device. To configure embedded software for anti-cloning protection the AT88SA102S is integrated into the host. At random intervals a challenge is sent to the CryptoAuthentication device. The response from the CryptoAuthentication is then compared to the expected response ...

Page 5

Development System Anti-cloning The AT88SC102S provides an exceptional method of preventing third parties from creating clones of evaluation and development boards. To implement anti-cloning each evaluation or development board should be embedded with its own AT88SC102S CryptoAuthentication device. The ...

Page 6

... Media Transmission Encryption Downloading files from internet sites has become common practice and in many cases the only way to get select software applications, upgraded features, extensions, or plug-ins. The AT88SA102S offers a solution to protect against theft of download content. The AT88SA102S CryptoAuthentication is attached to the downloading system, either embedded in hardware temporary attachable device ...

Page 7

... USB Security Dongles The AT88SA102S can enable security for a web application using an individualized USB dongle. This would provide web shopping, banking, and private member sites the ability to restrict user logon and usage to one individual and ensure that the user’s device is physically present before allowing them access to resources. This is extremely secure because unique challenges could be generated by the remote web application for each use. Since each challenge is unique and no challenges are stored on the user’ ...

Page 8

... To accomplish this would require placing AT88SA102S devices both sending and receiving nodes This would be done by sending a random challenge to the AT88SA102S device in the transmitting node and using the response as a symmetric encryption key to encrypt the transmitted data prior to transmitting. The transmitting node would send the random challenge along with the encrypted data packet ...

Page 9

... The devices on both ends of the communication need to be authenticated and validated. The low cost implementations using the AT88SA102S, such as shown in Figure 8, make it possible to authenticate many devices across the power grid expanding the capabilities of this new technology. ...

Page 10

... Figure 9. Building Security The AT88SA102S can be used to create an elaborate facility access control scheme. Unlike tumbler locks, CryptoAuthentication can be used to provide unlimited key combinations. The CryptoAuthentication device provides 62 bits of fuses that are one time programmable by the customer. The customer will use these fuse bits to customize access devices to their facility ...

Page 11

... Figure 10. Storage Lockers The customizable aspect of the AT88SA102S uses unique serial numbers in each device along with 62 bit customer implemented secrets and a 265 bit secret key. This enables each locker produced to have a unique worldwide keying combination, eliminating any possible overlap or key combination reuse as often occurs in tumbler lock solutions. ...

Page 12

... The AT88SA102S offers an additional level of security for hardware “two factor logon” low per user cost. Configuring the system to communicate with the AT88SA102S prior to allowing user access provides increased security over password authentication alone ...

Page 13

... The incremental burn fuses provided by the AT88SA102S can also be used to provide a consumable usage tracking or to limit device usage cycles. An additional level of security can be added to the system by using the AT88SA10HS in the host. The AT88SA10HS maintains the secret keys in hardware instead of embedding them into the host microprocessor code ...

Page 14

... The AT88SA102S is installed in the battery; on startup the host communicates to the client by sending a challenge; the client responds with a unique response. The AT88SA102S is also capable of configuration where one host can use multiple replacement batteries or battery models. Figure 13 displays the configuration of the AT88SA102S device for battery authentication ...

Page 15

... Integrated Development Environment (IDE) Software program which allows the use of different individual tools from one single development platform. Programming Services A system operated by Atmel to provide a secure method to insert customer’s secrets into devices as a part of the device manufacturing process. 1 National Institute of Standards and Technology, Nov 26, 2001. ...

Page 16

Supporting Documents CryptoAuthentication High Level Security Design CryptoAuthentication™ Product Uses 16 8663B–SMEM–3/09 ...

Page 17

Appendix B. Revision History Doc. Rev. 8663B 8663B–SMEM–3/09 CryptoAuthentication™ Product Uses Date 03/2009 Initial document release Comments 17 ...

Page 18

... OF THE POSSIBILITY OF SUCH DAMAGES. Atmel makes no representations or warranties with respect to the accuracy or completeness of the contents of this document and reserves the right to make changes to specifications and product descriptions at any time without notice. Atmel does not make any commitment to update the information contained herein. Unless specifically provided otherwise, Atmel products are not suitable for, and shall not be used in, automotive applications. Atmel’ ...