## DeepCover Secure SHA-3 Coprocessor with ChipDNA PUF Protection

### **General Description**

The DS2477 secure I<sup>2</sup>C coprocessor with built-in 1-Wire<sup>®</sup> master combines FIPS202-compliant secure hash algorithm (SHA-3) challenge and response authentication with Maxim's patented ChipDNA<sup>™</sup> feature, a physically unclonable technology (PUF) to provide a cost-effective solution with the ultimate protection against security attacks. The ChipDNA implementation utilizes the random variation of semiconductor device characteristics that naturally occur during wafer fabrication. The ChipDNA circuit generates a unique output value that is repeatable over time, temperature, and operating voltage. Attempts to probe or observe ChipDNA operation modifies the underlying circuit characteristics thus preventing discovery of the unique value used by the chip cryptographic functions. The DS2477 utilizes the ChipDNA output as key content to cryptographically secure all device-stored data. With ChipDNA capability, the device provides a core set of cryptographic tools derived from integrated blocks including a SHA-3 engine, a FIPS/NIST compliant true random number generator (TRNG), 2Kb of secured EEPROM, and a unique 64-bit ROM identification number (ROM ID). The unique ROM ID is used as a fundamental input parameter for cryptographic operations and serves as an electronic serial number within the application. The DS2477 provides the SHA-3 and memory functionality required by a host system to communicate with and operate a 1-Wire SHA-3 slave. In addition, it performs protocol conversion between the I<sup>2</sup>C master and any attached 1-Wire SHA-3 slaves. For 1-Wire line driving, internal user-adjustable timers relieve the system host processor from generating time-critical 1-Wire waveforms, supporting both standard and overdrive 1-Wire communication speeds. The 1-Wire line can be powered down under software control. Strong pullup features support 1-Wire power delivery for commands that require higher current consumption.

### **Applications**

- Authentication of Medical Sensors and Tools
- Secure Management of Limited Use Consumables
- IoT Node Authentication
- Peripheral Authentication
- Reference Design License Management
- Printer Cartridge Identification and Authentication

#### **Benefits and Features**

- Robust Countermeasures Protect Against Security Attacks
  - Patented Physically Unclonable Function Secures
     Device Data
  - Actively Monitored Die Shield Detects and Reacts to Intrusion Attempts
  - All Stored Data Cryptographically Protected from Discovery
- Efficient Secure Hash Algorithm Authenticates and Manages Peripherals
  - FIPS 202-Compliant SHA-3 Algorithm for Bidirectional Authentication
  - FIPS 198-Compliant Keyed-Hash Message Authentication Code (HMAC)
  - TRNG with NIST SP 800-90B Compliant Entropy Source
- Supplemental Features Enable Easy Integration into End Applications
  - 2Kb of EEPROM for User Data, Key, and Control Registers
  - One Open-Drain GPIO Pin
  - Unique and Unalterable Factory-Programmed 64-Bit Identification Number (ROM ID)
  - Large 1-Wire Block Buffer (126 Bytes) for Efficient
    Data Transfer
  - 1-Wire Standard and Overdrive Timing Communication Speeds
  - I<sup>2</sup>C Communication, up to 1MHz
  - Operating Range: 3.3V ±10%, -40°C to +85°C
  - 6-Pin TDFN-EP Package (3mm x 3mm)

# Request DS2477 Security User Guide

Ordering Information appears at end of data sheet.

1-Wire is a registered trademark and ChipDNA is a trademark of Maxim Integrated Products, Inc.



# DeepCover Secure SHA-3 Coprocessor with ChipDNA PUF Protection

## **Typical Application Circuit**



# DeepCover Secure SHA-3 Coprocessor with ChipDNA PUF Protection

### **TABLE OF CONTENTS**

| General Description                        |
|--------------------------------------------|
| Applications                               |
| Benefits and Features                      |
| Typical Application Circuit                |
| Absolute Maximum Ratings                   |
| Package Information                        |
| 6 TDFN-EP                                  |
| Electrical Characteristics                 |
| Pin Configuration                          |
| Pin Description                            |
| Detailed Description                       |
| Design Resource Overview                   |
| Memory                                     |
| Open-Drain GPIO                            |
| 1-Wire Master                              |
| Transaction Sequence                       |
| Initialization                             |
| 1-Wire Signaling and Timing                |
| Read/Write Time Slots                      |
| Master-to-Slave                            |
| Slave-to-Master                            |
| Strong Pullup                              |
| Active Pullup (APU)                        |
| Active Pullup for 1-Wire Reset Cycle 15    |
| Active Pullup for Read/Write Time Slots 16 |
| I <sup>2</sup> C                           |
| General Characteristics                    |
| Slave Address                              |
| I <sup>2</sup> C Definitions               |
| Bus Idle or Not Busy                       |
| START Condition                            |
| STOP Condition                             |
| Repeated START Condition                   |
| Data Valid                                 |
| Ordering Information                       |
| Revision History                           |

# DeepCover Secure SHA-3 Coprocessor with ChipDNA PUF Protection

### LIST OF FIGURES

| Figure 1. Block Diagram                            | 11 |
|----------------------------------------------------|----|
| -igure 2. 1-Wire Reset/Presence-Detect Cycle       | 12 |
| -igure 3. Read/Write Timing Diagrams               | 14 |
| -igure 4. Strong Pullup Timing                     | 15 |
| Figure 5. Active Pullup for a 1-Wire Reset Cycle   | 15 |
| Figure 6. Active Pullup for 1-Wire Write Time Slot | 16 |
| Figure 7. Active Pullup for 1-Wire Read Time Slot  | 17 |
| -igure 8. I <sup>2</sup> C Protocol Overview       | 18 |
| Figure 9. DS2477 I <sup>2</sup> C Slave Address    | 18 |
| -igure 10. I <sup>2</sup> C Timing Diagram         | 19 |

### **Absolute Maximum Ratings**

| Voltage Range on Any Pin Relative to GND | 0.5V to 4.0V  |
|------------------------------------------|---------------|
| Maximum Current into Any Pin             | 20mA to 20mA  |
| Operating Temperature Range              | 40°C to +85°C |
| Junction Temperature                     | +150°C        |

| Storage Temperature Range         | 40°C to +125°C |
|-----------------------------------|----------------|
| Lead Temperature (soldering, 10s) | +300°C         |
| Soldering Temperature (reflow)    | +260°C         |

Stresses beyond those listed under "Absolute Maximum Ratings" may cause permanent damage to the device. These are stress ratings only, and functional operation of the device at these or any other conditions beyond those indicated in the operational sections of the specifications is not implied. Exposure to absolute maximum rating conditions for extended periods may affect device reliability.

### **Package Information**

#### 6 TDFN-EP

| Package Code                            | T633+2                                |  |  |  |  |
|-----------------------------------------|---------------------------------------|--|--|--|--|
| Outline Number                          | <u>21-0137</u>                        |  |  |  |  |
| Land Pattern Number                     | <u>90-0058</u>                        |  |  |  |  |
| Thermal Resistance, Single-Layer Board: |                                       |  |  |  |  |
| Junction to Ambient ( $\theta_{JA}$ )   | 55°C/W                                |  |  |  |  |
| Junction to Case ( $\theta_{JC}$ )      | 9°C/W                                 |  |  |  |  |
| Thermal Resistance, Four-Layer Board:   | Thermal Resistance, Four-Layer Board: |  |  |  |  |
| Junction to Ambient ( $\theta_{JA}$ )   | 42°C/W                                |  |  |  |  |
| Junction to Case ( $\theta_{JC}$ )      | 9°C/W                                 |  |  |  |  |

For the latest package outline information and land patterns (footprints), go to <u>www.maximintegrated.com/packages</u>. Note that a "+", "#", or "-" in the package code indicates RoHS status only. Package drawings may show a different suffix character, but the drawing pertains to the package regardless of RoHS status.

Package thermal resistances were obtained using the method described in JEDEC specification JESD51-7, using a four-layer board. For detailed information on package thermal considerations, refer to <u>www.maximintegrated.com/thermal-tutorial</u>.

### **Electrical Characteristics**

(Limits are 100% production tested at  $T_A = +25$ °C and/or  $T_A = +85$ °C. Limits over the operating temperature range and relevant supply voltage range are guaranteed by design and characterization. Typical values are not guaranteed.)

| PARAMETER                          | SYMBOL           | CONDITIONS                                           | MIN                       | ТҮР                       | MAX  | UNITS |
|------------------------------------|------------------|------------------------------------------------------|---------------------------|---------------------------|------|-------|
| Supply Voltage                     | V <sub>CC</sub>  | ( <u>Note 1</u> )                                    | 2.97                      | 3.3                       | 3.63 | V     |
| Supply Current                     | laa              | Standby                                              |                           |                           | 400  | μA    |
|                                    | ICC              | Communicating/active (Note 2)                        |                           |                           | 10   | mA    |
| 1-Wire Input High                  |                  | Low configuration                                    | 0.6 x<br>V <sub>CC</sub>  |                           |      |       |
|                                    | V <sub>IH1</sub> | Medium configuration                                 | 0.6 x<br>V <sub>CC</sub>  |                           |      | V     |
|                                    |                  | High configuration                                   | 0.85 x<br>V <sub>CC</sub> |                           |      |       |
| Low-to-High Switching<br>Threshold |                  | Low configuration ( <i>Note 3, Note 4</i> )          |                           | 0.25 x<br>V <sub>CC</sub> |      |       |
|                                    | V <sub>TH</sub>  | Medium configuration (Note 3, Note 4)                |                           | 0.4V x<br>V <sub>CC</sub> |      | V     |
|                                    |                  | High configuration ( <i>Note 3</i> , <i>Note 4</i> ) |                           | 0.75 x<br>V <sub>CC</sub> |      |       |

### **Electrical Characteristics (continued)**

(Limits are 100% production tested at  $T_A = +25^{\circ}$ C and/or  $T_A = +85^{\circ}$ C. Limits over the operating temperature range and relevant supply voltage range are guaranteed by design and characterization. Typical values are not guaranteed.)

| PARAMETER                                                    | SYMBOL            | CONDITIONS                                                  | MIN | TYP                       | MAX                       | UNITS |
|--------------------------------------------------------------|-------------------|-------------------------------------------------------------|-----|---------------------------|---------------------------|-------|
| 1-Wire Input Low                                             |                   | Low configuration                                           |     |                           | 0.15 x<br>V <sub>CC</sub> |       |
|                                                              | V <sub>IL1</sub>  | Medium configuration                                        |     |                           | 0.3 x<br>V <sub>CC</sub>  | V     |
|                                                              |                   | High configuration                                          |     |                           | 0.3 x<br>V <sub>CC</sub>  |       |
| High-to-Low Switching<br>Threshold                           | V <sub>TL</sub>   | ( <u>Note 3, Note 5</u> )                                   |     | 0.65 x<br>V <sub>CC</sub> |                           | V     |
| Switching Hysteresis                                         | V <sub>HY</sub>   | ( <u>Note 3, Note 6</u> )                                   |     | 0.3                       |                           | V     |
|                                                              |                   | Ultra-low range                                             | 250 | 333                       | 675                       |       |
| 1-Wire Weak Pullup<br>Resistor ( <u>Note 3</u> , <u>Note</u> | <b>D</b>          | Low range                                                   | 375 | 500                       | 750                       | Ω     |
| <u>Z</u> )                                                   | R <sub>WPU</sub>  | High range                                                  | 750 | 1000                      | 1400                      |       |
| —,                                                           |                   | External high impedance                                     |     | 10M                       |                           |       |
| 1-Wire Output Low                                            | V <sub>OL1</sub>  | V <sub>CC</sub> = 2.97V, 4mA sink current                   |     |                           | 0.28                      | V     |
|                                                              |                   | Low configuration (Note 3)                                  |     | 0.25 x<br>V <sub>CC</sub> |                           |       |
| Active Pullup on<br>Threshold                                | V <sub>IAPO</sub> | Medium configuration ( <i>Note 3</i> )                      |     | 0.4 x<br>V <sub>CC</sub>  |                           | V     |
|                                                              |                   | High configuration ( <i>Note 3</i> )                        |     | 0.75 x<br>V <sub>CC</sub> |                           |       |
| Active Pullup on Time                                        | t <sub>APU</sub>  | 1-Wire standard speed (default value)                       |     | 2.5                       |                           |       |
| ( <u>Note 3</u> , <u>Note 8</u> )                            |                   | 1-Wire overdrive speed (default value)                      |     | 0.5                       |                           | μs    |
| Active Pullup<br>Impedance                                   | R <sub>APU</sub>  | V <sub>CC</sub> = 2.97V, 10mA load ( <u><i>Note 3</i></u> ) |     |                           | 50                        | Ω     |
| Operation Time                                               | t <sub>OP</sub>   | ( <u>Note 3</u> )                                           |     |                           | 5                         | ms    |
| IO PIN: 1-Wire TIMING (                                      | lote 9)           |                                                             | •   |                           |                           |       |
| 1-Wire Output Fall Time<br>( <u>Note 3</u> )                 | t <sub>F</sub>    | Standard and overdrive                                      |     | Settable                  |                           | μs    |
| Reset Low Time                                               | t <sub>RSTL</sub> | Standard and overdrive                                      | -5% | Settable                  | +5%                       | μs    |
| Reset High Time                                              | t <sub>RSTH</sub> | Standard and overdrive (Note 10)                            | -5% | Settable                  | +5%                       | μs    |
| Presence-Detect<br>Sample Time                               | t <sub>MSP</sub>  | Standard and overdrive                                      | -5% | Settable                  | +5%                       | μs    |
| Sampling for Short and Interrupt                             | t <sub>MSI</sub>  | Standard and overdrive                                      | -5% | Settable                  | +5%                       | μs    |
| Write-One/Read Low<br>Time                                   | t <sub>W1L</sub>  | Standard and overdrive                                      | -5% | Settable                  | +5%                       | μs    |
| Read Sample Time                                             | t <sub>MSR</sub>  | Standard and overdrive                                      | -5% | Settable                  | +5%                       | μs    |
| Write-Zero Low Time                                          | t <sub>WOL</sub>  | Standard and overdrive                                      | -5% | Settable                  | +5%                       | μs    |
| Recovery Time                                                | t <sub>REC</sub>  | Standard and overdrive (Note 10)                            | -5% | Settable                  | +5%                       | μs    |

### **Electrical Characteristics (continued)**

(Limits are 100% production tested at  $T_A = +25^{\circ}$ C and/or  $T_A = +85^{\circ}$ C. Limits over the operating temperature range and relevant supply voltage range are guaranteed by design and characterization. Typical values are not guaranteed.)

| PARAMETER                                                                                      | SYMBOL               | CONDITIONS                                         | MIN                      | TYP                                                | MAX                       | UNITS |
|------------------------------------------------------------------------------------------------|----------------------|----------------------------------------------------|--------------------------|----------------------------------------------------|---------------------------|-------|
| 1-Wire Time Slot                                                                               | <sup>t</sup> SLOT    | Standard and overdrive                             |                          | Equal to<br><sup>t</sup> W0L +<br><sup>t</sup> REC |                           | μs    |
| CRYPTO FUNCTIONS                                                                               |                      |                                                    |                          |                                                    |                           |       |
| Computation Current                                                                            | ICMP                 | ( <u>Note 3, Note 11</u> )                         |                          |                                                    | 10                        | mA    |
| Computation Time                                                                               | t <sub>CMP</sub>     | ( <u>Note 3</u> )                                  |                          |                                                    | 5                         | ms    |
| TRNG Generation                                                                                | t <sub>RNG</sub>     |                                                    |                          |                                                    | 25                        | ms    |
| TRNG On-Demand<br>Check                                                                        | todc                 |                                                    |                          |                                                    | 50                        | ms    |
| EEPROM                                                                                         |                      |                                                    | ·                        |                                                    |                           | •     |
| Read Memory                                                                                    | t <sub>RM</sub>      |                                                    |                          |                                                    | 50                        | ms    |
| Write Memory                                                                                   | t <sub>WM</sub>      |                                                    |                          |                                                    | 100                       | ms    |
| Write State                                                                                    | t <sub>WS</sub>      |                                                    |                          |                                                    | 15                        | ms    |
| Write/Erase Cycles<br>(Endurance)                                                              | N <sub>CY</sub>      | T <sub>A</sub> = +85°C ( <u>Note 12</u> )          | 100k                     |                                                    |                           |       |
| Data Retention                                                                                 | t <sub>DR</sub>      | T <sub>A</sub> = +85°C ( <u>Note 13, Note 14</u> ) | 10                       |                                                    |                           | years |
| GPIO PIN                                                                                       |                      |                                                    |                          |                                                    |                           |       |
| Output Low                                                                                     | GPIO V <sub>OL</sub> | GPIOI <sub>OL</sub> = 4mA ( <u>Note 15</u> )       |                          |                                                    | 0.4                       | V     |
| Input Low                                                                                      | GPIO V <sub>IL</sub> |                                                    | -0.3                     |                                                    | 0.2 x<br>V <sub>CC</sub>  | V     |
| Input High                                                                                     | GPIO V <sub>IH</sub> |                                                    | 0.7 x<br>V <sub>CC</sub> |                                                    | V <sub>CC</sub> +<br>0.3  | V     |
| Leakage Current                                                                                | GPIO IL              |                                                    | -1                       |                                                    | +1                        | μA    |
| I <sup>2</sup> C SCL AND SDA PINS                                                              | ( <u>Note 16</u> )   |                                                    |                          |                                                    |                           |       |
| Low-Level Input Voltage                                                                        | V <sub>IL</sub>      |                                                    | -0.3                     |                                                    | 0.2 ×<br>V <sub>CC</sub>  | V     |
| High-Level Input Voltage                                                                       | VIH                  |                                                    | 0.7 ×<br>V <sub>CC</sub> |                                                    | V <sub>CC</sub> +<br>0.3V | V     |
| Hysteresis of Schmitt<br>Trigger Inputs                                                        | V <sub>HYS</sub>     | ( <u>Note 3</u> )                                  |                          | 0.05 ×<br>V <sub>CC</sub>                          |                           | V     |
| Low-Level Output<br>Voltage at 4mA Sink<br>Current                                             | V <sub>OL</sub>      | ( <u>Note 15</u> )                                 |                          |                                                    | 0.4                       | v     |
| Output Fall Time from $V_{IH(MIN)}$ to $V_{IL(MAX)}$ with a Bus Capacitance from 10pF to 400pF | t <sub>OF</sub>      | ( <u>Note 3</u> )                                  |                          | 30                                                 |                           | ns    |
| Pulse Width of Spikes<br>that are Suppressed by<br>the Input Filter                            | t <sub>SP</sub>      | ( <u>Note 3</u> )                                  |                          |                                                    | 50                        | ns    |

### **Electrical Characteristics (continued)**

(Limits are 100% production tested at  $T_A = +25^{\circ}$ C and/or  $T_A = +85^{\circ}$ C. Limits over the operating temperature range and relevant supply voltage range are guaranteed by design and characterization. Typical values are not guaranteed.)

| PARAMETER                                                                                                | SYMBOL              | CONDITIONS                         | MIN  | TYP | MAX  | UNITS |
|----------------------------------------------------------------------------------------------------------|---------------------|------------------------------------|------|-----|------|-------|
| Input Current with an<br>Input Voltage Between<br>0.1V <sub>CC(MAX)</sub> and<br>0.9V <sub>CC(MAX)</sub> | II                  | ( <u>Note 3, Note 17</u> )         | -1   |     | +1   | μA    |
| Input Capacitance                                                                                        | Cl                  | ( <u>Note 3</u> )                  |      | 10  |      | pF    |
| SCL Clock Frequency                                                                                      | f <sub>SCL</sub>    | ( <u>Note 1</u> )                  | 0    |     | 1    | MHz   |
| Hold Time (Repeated)<br>START Condition                                                                  | <sup>t</sup> HD:STA |                                    | 0.45 |     |      | μs    |
| Low Period of the SCL<br>Clock                                                                           | tLOW                | ( <u>Note 18</u> )                 | 0.65 |     |      | μs    |
| High Period of the SCL<br>Clock                                                                          | tніgн               | ( <u>Note 3</u> )                  | 0.35 |     |      | μs    |
| Setup Time for a<br>Repeated START<br>Condition                                                          | <sup>t</sup> SU:STA | ( <u>Note 3</u> )                  | 0.35 |     |      | μs    |
| Data Hold Time                                                                                           | thd:dat             | (Note 3, Note 18, Note 19)         |      |     | 0.35 | μs    |
| Data Setup Time                                                                                          | <sup>t</sup> SU:DAT | (Note 3, Note 18, Note 20)         | 100  |     |      | ns    |
| Setup Time for STOP<br>Condition                                                                         | tsu:sto             | ( <u>Note 3</u> )                  | 0.35 |     |      | μs    |
| Bus Free Time Between<br>a STOP and START<br>Condition                                                   | <sup>t</sup> BUF    | ( <u>Note 3</u> )                  | 0.6  |     |      | μs    |
| Capacitive Load for<br>Each Bus Line                                                                     | CB                  | ( <u>Note 1, Note 21</u> )         |      |     | 400  | pF    |
| Warm-Up Time                                                                                             | toscwup             | ( <u>Note 1</u> , <u>Note 22</u> ) |      |     | 1    | ms    |

Note 1: System requirement.

- Note 2: Operating current with 1-Wire write byte sequence followed by continuous write/read of 1-Wire Block command at 1MHz in overdrive.
- Note 3: Guaranteed by design and/or characterization only. Not production tested.
- Note 4: Voltage above which, during a rising edge on IO, a logic-one is detected.
- Note 5: Voltage below which, during a t<sub>F</sub> on IO, a logic-zero is detected.
- Note 6: After V<sub>TH</sub> is crossed during a rising edge on IO for high configuration only, the voltage on IO must drop by at least V<sub>HY</sub> to be detected as logic-zero.
- **Note 7:** Active pullup or resistive pullup and range are configurable.
- **Note 8:** The active pullup does not apply to the rising edge of a presence pulse outside of a 1-Wire reset cycle or during the recovery after a short on the 1-Wire line.
- Note 9: All 1-Wire timing specifications are derived from the same timing circuit.
- Note 10: Up to an additional 10µs of idle high time may occur between a 1-Wire Reset Cycle and the first time slot or between each 1-Wire byte during a command sequence.
- Note 11: Current drawn from V<sub>CC</sub> during the EEPROM programming interval or SHA-3 computation.
- Note 12: Write-cycle endurance is tested in compliance with JESD47G.
- Note 13: Not 100% production tested; guaranteed by reliability monitor sampling.
- Note 14: Data retention is tested in compliance with JESD47G.
- **Note 15:** The I-V characteristic is linear for voltages less than 1V.

## DeepCover Secure SHA-3 Coprocessor with ChipDNA PUF Protection

- Note 16: All I<sup>2</sup>C timing values are referred to  $V_{IH(MIN)}$  and  $V_{IL(MAX)}$  levels.
- Note 17: I/O pins of the DS2477 do not obstruct the SDA and SCL lines if V<sub>CC</sub> is switched off.
- Note 18:  $t_{LOW}$  min =  $t_{HD:DAT}$  max + 200ns for rise or fall time +  $t_{SU:DAT}$  min. Values greater than these can be accommodated by extending  $t_{LOW}$  accordingly.
- Note 19: The DS2477 provides a hold time of at least 100ns for the SDA signal (referenced to the V<sub>IH(MIN)</sub> of the SCL signal) to bridge the undefined region of the falling edge of SCL.
- **Note 20:** The DS2477 can be used in a standard-mode I<sup>2</sup>C-bus system, but the requirement  $t_{SU:DAT} \ge 250$ ns must then be met. Also, the acknowledge timing must meet this setup time (I<sup>2</sup>C bus specification Rev. 03, 19 June 2007).
- Note 21:  $C_B$  = Total capacitance of one bus line in pF. The maximum bus capacitance allowable may vary from this value depending on the actual operating voltage and frequency of the application (I<sup>2</sup>C bus specification Rev. 03, 19 June 2007).
- Note 22: I<sup>2</sup>C communication should not take place for the max t<sub>OSCWUP</sub> time following a power-on reset.

## **Pin Configuration**



### **Pin Description**

| PIN | NAME            | FUNCTION                                                                                                                                                                                        |
|-----|-----------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| 1   | GPIO            | Open-Drain, General-Purpose Input/Output. Requires external pullup resistor to $V_{\mbox{CC}}$ when used as an output.                                                                          |
| 2   | Ю               | 1-Wire Input/Output Driver. The 1-Wire line can be pulled up by an internal weak pullup (R <sub>WPU</sub> ), an external pullup, or have both an external pullup and internal weak pullup.      |
| 3   | GND             | Ground                                                                                                                                                                                          |
| 4   | SCL             | I <sup>2</sup> C Serial Clock Input. Must be connected to V <sub>CC</sub> through a pullup resistor.                                                                                            |
| 5   | SDA             | Open-Drain, I <sup>2</sup> C Serial Data Input/Output. Must be connected to V <sub>CC</sub> through a pullup resistor.                                                                          |
| 6   | V <sub>CC</sub> | Power Supply Input                                                                                                                                                                              |
|     | EP              | Exposed Pad (TDFN Only). Solder evenly to the board's ground plane for proper operation. Refer to <u>Application Note 3273</u> : Exposed Pads: A Brief Introduction for additional information. |

## DeepCover Secure SHA-3 Coprocessor with ChipDNA PUF Protection

### **Detailed Description**

The DS2477 integrates the Maxim ChipDNA capability to protect all device stored data from invasive discovery. In addition to the PUF, the device integrates a FIPS/NIST compliant TRNG, 2Kb EEPROM for user memory, secret storage, and control registers. The self-timed 1-Wire master function supports advanced 1-Wire waveform features including standard and overdrive speeds, active pullup, and strong pullup for power delivery. The active pullup affects rising edges on the 1-Wire side. The strong pullup function uses the same pullup transistor as the active pullup, but with a different control algorithm. Once supplied with command and data, the input/output controller of the DS2477 performs time-critical 1-Wire communication functions such as reset/presence-detect cycle, read-byte, write-byte, read-block, write-block, single-bit R/W, triplets for ROM Search, and full command sequences for 1-Wire authenticators, without requiring interaction with the host processor. The GPIO pin can be independently operated under command control. All secrets, GPIO control, ROM memory, and user memory are located in a linear address space. The DS2477 communicates with a host processor through its I<sup>2</sup>C bus interface in standard mode or in fast mode.



Figure 1. Block Diagram

#### **Design Resource Overview**

Operation of the DS2477 involves use of device EEPROM and execution of specified device commands. Refer to the DS2477 Security User Guide for details.

#### Memory

A 2Kb secured EEPROM array provides SHA-3 secret storage and/or general-purpose, user-programmable memory. Depending on the memory area, there are either default or user-programmable options to set protection modes.

## DeepCover Secure SHA-3 Coprocessor with ChipDNA PUF Protection

#### **Open-Drain GPIO**

A dedicated volatile memory region is used to control and/or read the open-drain GPIO pin. Upon power-up, the GPIO pin is high impedance. Refer to the <u>DS2477 Security User Guide</u> for details.

#### **1-Wire Master**

The 1-Wire master reports data and status from the 1-Wire side to the host processor. Refer to the <u>DS2477 Security User</u> <u>Guide</u> for details.

#### **Transaction Sequence**

The protocol for accessing a connected slave device through the 1-Wire master is as follows:

- Initialization
- ROM Function command
- Device Function command
- Transaction/data

#### Initialization

All transactions on the 1-Wire bus begin with an initialization sequence. The initialization sequence consists of a reset pulse transmitted by the 1-Wire master followed by presence pulse(s) transmitted by the slave(s). The presence pulse lets the bus master know that the slave is on the bus and is ready to operate. For more details, see the <u>1-Wire Signaling</u> and <u>Timing</u> section.

#### 1-Wire Signaling and Timing

The 1-Wire protocol consists of four types of signaling on one line: reset sequence with reset pulse and presence pulse, write-zero, write-one, and read-data. Except for the presence pulse, the 1-Wire master initiates all falling edges. The 1-Wire master can communicate at two speeds: standard and overdrive. While in overdrive mode, the fast timing applies to all waveforms.

Figure 2 shows the initialization sequence required to begin any communication. A reset pulse followed by a presence pulse indicates that a slave is ready to receive data, given the correct ROM and device function command.



Figure 2. 1-Wire Reset/Presence-Detect Cycle

#### **Read/Write Time Slots**

Data communication on the 1-Wire bus takes place in time slots that carry a single bit each. Write time slots transport

## DeepCover Secure SHA-3 Coprocessor with ChipDNA PUF Protection

data from 1-Wire master to a connected slave. Read time slots transfer data from slave to the 1-Wire master. Figure 3 illustrates the definitions of the write and read time slots.

All communication begins with the master pulling the data line low. As the voltage on the 1-Wire line falls below the threshold  $V_{TL}$ , the slave starts its internal timing generator that determines when the data line is sampled during a write time slot and how long data is valid during a read time slot.

#### Master-to-Slave

For a write-one time slot, the voltage on the data line must have crossed the V<sub>TH</sub> threshold before the write-one low time  $t_{W1LMAX}$  is expired. For a write-zero time slot, the voltage on the data line must stay below the V<sub>TH</sub> threshold until the write-zero low time  $t_{W0LMIN}$  is expired. For the most reliable communication, the voltage on the data line should not exceed V<sub>ILMAX</sub> during the entire  $t_{W0L}$  or  $t_{W1L}$  window required by the slave. After the V<sub>TH</sub> threshold has been crossed, the DS2477 needs a recovery time  $t_{REC}$  before it is ready for the next time slot.

#### Slave-to-Master

A read-data time slot begins like a write-one time slot. The voltage on the data line must remain below  $V_{TL}$  until the read low time  $t_{RL}$  (read low time) is expired. During the  $t_{RL}$  window, when responding with a 0, the slave starts pulling the data line low; its internal timing generator determines when this pulldown ends and the voltage starts rising again. When responding with a 1, the slave does not hold the data line low at all, and the voltage starts rising as soon as  $t_{RL}$  is over. Note that the slave  $t_{RL}$  during a logic 1 is adequately an approximation of the 1-Wire master  $t_{W1L}$  setting.

The slave  $t_{RL}$  plus the bus rise time on the near end and the internal timing generator of the slave on the far end define the 1-Wire master sampling window, in which the 1-Wire master performs a read from the data line. After reading from the data line, the 1-Wire master waits until  $t_{SLOT}$  is expired. This guarantees sufficient recovery time  $t_{REC}$  for the slave to get ready for the next time slot. Note that  $t_{REC}$  specified herein applies only to a single slave attached to a 1-Wire line. For multidevice configurations,  $t_{REC}$  must be extended to accommodate the additional 1-Wire device input capacitance.

## DeepCover Secure SHA-3 Coprocessor with ChipDNA PUF Protection



Figure 3. Read/Write Timing Diagrams

#### Strong Pullup

The strong pullup function can be activated prior to a 1-Wire Write Byte, 1-Wire Read Byte, 1-Wire Single Bit, 1-Wire Block or 1-Wire Write Block command. Strong pullup is commonly used with 1-Wire EEPROM devices when copying buffer data to the main memory or when performing a SHA computation. The respective device data sheets specify the location in the communications protocol after which the strong pullup should be applied. The strong pullup can be enabled immediately prior to issuing the command that puts the 1-Wire device into the state where it needs the extra power for primitive 1-Wire commands or as an integral part of advanced commands. The strong pullup uses the same internal pullup transistor as the active pullup feature. See the R<sub>APU</sub> parameter in the *Electrical Characteristics* table to determine whether the voltage drop is low enough to maintain the required 1-Wire voltage at a given load current and supply voltage. If the strong pullup is enabled, the DS2477 treats the rising edge of the time slot in which the strong pullup starts as if the active pullup was activated. However, in contrast to the active pullup, the strong pullup (i.e., the internal pullup transistor) remains conducting, as shown in Figure 4, until the DS2477 receives a command that generates 1-Wire communication (the typical case), or until the strong pullup is disabled or the 1-Wire master is reset. When the strong pullup ends, it is automatically disabled. Using the strong pullup feature does not change the active pullup settings.

## DeepCover Secure SHA-3 Coprocessor with ChipDNA PUF Protection



Figure 4. Strong Pullup Timing

#### Active Pullup (APU)

The APU is a function that accelerates the rise-time during a 1-Wire reset cycle, write time slot, or read time slot. The 1-Wire master triggering mechanism is always ready after the initial low time of a 1-Wire reset cycle or time slot completes. This rise-time acceleration is accomplished by an active pullup impedance ( $R_{APU}$ ) that begins driving once the active pullup on threshold ( $V_{IAPO}$ ) is crossed from low to high. APU does not apply to the rising edge of a recovery from a short on the line, a power-up presence pulse of a slave, or any other event outside of a 1-Wire reset cycle or a time slot. Enabling APU is generally recommended for best 1-Wire performance.

#### Active Pullup for 1-Wire Reset Cycle

<u>Figure 5</u> illustrates an active pullup for a 1-Wire reset cycle. A 1-Wire reset cycle begins by driving the line low for a  $t_{RSTL}$  period. When the  $t_{RSTL}$  expires, the APU triggering mechanism is on and triggers when the  $V_{IAPO}$  level is crossed from low to high. APU then remains on for the remaining duration of  $t_{APU}$ . After the completion of  $t_{APU}$ , the APU trigger mechanism is reset to be on again and triggers when the  $V_{IAPO}$  level is crossed from low to high upon a presence pulse completing. APU then remains on until the duration of  $t_{RSTH}$  expires.



Figure 5. Active Pullup for a 1-Wire Reset Cycle

#### Active Pullup for Read/Write Time Slots

<u>Figure 6</u> illustrates an active pullup for a 1-Wire write-zero or write-one time slot. A write-zero time slot begins by the 1-Wire master driving the line low for a  $t_{W0L}$  period. When the  $t_{W0L}$  expires, the APU triggering mechanism is on and triggers when the  $V_{IAPO}$  level is crossed from low to high. APU then remains on until  $t_{REC}$  expires. A write-one time slot begins by the 1-Wire master driving the line low for a  $t_{W1L}$  period. When the  $t_{W1L}$  expires, the APU triggering mechanism is on and triggers when the  $V_{IAPO}$  level is crossed from low to high. Unlike the write-zero time slot, the write-one time slot begins by the 3-Wire master driving the line low for a two to high. Unlike the write-zero time slot, the write-one time slot has APU for a much longer recovery duration defined by ( $t_{W0L} - t_{W1L}$ ) +  $t_{REC}$ .



Figure 6. Active Pullup for 1-Wire Write Time Slot

<u>Figure 7</u> illustrates an active pullup for 1-Wire read time slots. On a 1-Wire read-zero time slot, the master pulls the line low. The slave detects the low, and takes over driving the line. At that point, both the master and slave are driving the line low until  $t_{W1L}$  expires. After  $t_{W1L}$ , the master turns on the normal pullup ( $R_{WPU}$ ), and enables the APU triggering mechanism. The master samples the read data at  $t_{MSR}$ . After the slave response time ( $t_{SPD}$ ) expires, the slave releases the line. The APU triggers when the  $V_{IAPO}$  level is crossed from low to high. The APU remains on until the end of the slot as defined in <u>Figure 7</u>. On a 1-Wire read-one time slot, the master turns on the normal pullup, and enables the APU triggering mechanism. The APU triggers when the  $t_{W1L}$  expires, the master turns on the normal pullup, and enables the APU triggering mechanism. The APU triggers when the  $V_{IAPO}$  level is crossed from low to high. The APU remains on until the end of the slot as defined by ( $t_{W0L} - t_{W1L}$ ) +  $t_{REC}$ . The read-one recovery time is longer than the read-zero case.

## DeepCover Secure SHA-3 Coprocessor with ChipDNA PUF Protection



Figure 7. Active Pullup for 1-Wire Read Time Slot

### l<sup>2</sup>C

#### **General Characteristics**

The I<sup>2</sup>C bus uses a data line (SDA) plus a clock signal (SCL) for communication. Both SDA and SCL are bidirectional lines, connected to a positive supply voltage through a pullup resistor. When there is no communication, both lines are high. The output stages of devices connected to the bus must have an open drain or open collector to perform the wired-AND function. Data on the I<sup>2</sup>C bus can be transferred at rates of up to 100kbps in standard mode and up to 400kbps in fast mode. The DS2477 works in both modes or up to a clock rate of 1MHz. A device that sends data on the bus is defined as a transmitter, and a device receiving data is defined as a receiver. The device that controls the communication is called a master. The devices that are controlled by the master are slaves. To be individually accessed, each device must have a slave address that does not conflict with other devices on the bus. Data transfers can be initiated only when the bus is not busy. The master generates the serial clock (SCL), controls the bus access, generates the START and STOP conditions, and determines the number of data bytes transferred between START and STOP Figure 8. Data is transferred in bytes with the most significant bit being transmitted first. After each byte follows an acknowledge bit to allow synchronization between master and slave.

#### **Slave Address**

The slave address to which the DS2477 responds is shown in <u>Figure 9</u>. The slave address is part of the slave address/ control byte. The last bit of the slave address/control byte (R/W) defines the data direction. When set to 0, subsequent data flows from master to slave (write access); when set to 1, data flows from slave to master (read access).

## DeepCover Secure SHA-3 Coprocessor with ChipDNA PUF Protection



Figure 8. I<sup>2</sup>C Protocol Overview



Figure 9. DS2477 I<sup>2</sup>C Slave Address

#### I<sup>2</sup>C Definitions

The following terminology is commonly used to describe  $I^2C$  data transfers. The timing references are defined in Figure <u>10</u>.

#### **Bus Idle or Not Busy**

Both SDA and SCL are inactive and in their logic-high states.

#### **START Condition**

To initiate communication with a slave, the master must generate a START condition. A START condition is defined as a change in state of SDA from high to low while SCL remains high.

#### **STOP Condition**

To end communication with a slave, the master must generate a STOP condition. A STOP condition is defined as a change in state of SDA from low to high while SCL remains high.

#### **Repeated START Condition**

Repeated STARTs are commonly used for read accesses after having specified a memory address to read from in a preceding write access. The master can use a repeated START condition at the end of a data transfer to immediately initiate a new data transfer following the current one. A repeated START condition is generated the same way as a normal

## DeepCover Secure SHA-3 Coprocessor with ChipDNA PUF Protection

START condition, but without leaving the bus idle after a STOP condition.

#### **Data Valid**

With the exception of the START and STOP condition, transitions of SDA can occur only during the low state of SCL. The data on SDA must remain valid and unchanged during the entire high pulse of SCL plus the required setup and hold time ( $t_{HD:DAT}$  after the falling edge of SCL and  $t_{SU:DAT}$  before the rising edge of SCL; see Figure 10). There is one clock pulse per bit of data. Data is shifted into the receiving device during the rising edge of the SCL pulse.

When finished with writing, the master must release the SDA line for a sufficient amount of setup time (minimum  $t_{SU:DAT}$ , +  $t_R$  in Figure 10) before the next rising edge of SCL to start reading. The slave shifts out each data bit on SDA at the falling edge of the previous SCL pulse and the data bit is valid at the rising edge of the current SCL pulse. The master generates all SCL clock pulses, including those needed to read from a slave.



Figure 10. I<sup>2</sup>C Timing Diagram

# DeepCover Secure SHA-3 Coprocessor with ChipDNA PUF Protection

## **Ordering Information**

| PART      | TEMP RANGE     | PIN-PACKAGE       |
|-----------|----------------|-------------------|
| DS2477Q+T | -40°C to +85°C | 6 TDFN (2.5k pcs) |

+Denotes a lead(Pb)-free/RoHS-compliant package.

T = Tape and reel.

# DeepCover Secure SHA-3 Coprocessor with ChipDNA PUF Protection

### **Revision History**

| REVISION<br>NUMBER | REVISION<br>DATE | DESCRIPTION                                                | PAGES<br>CHANGED |
|--------------------|------------------|------------------------------------------------------------|------------------|
| 0                  | 9/18             | Initial release                                            | —                |
| 0.1                |                  | Added Security User Guide and Developer Software hyperlink | 1                |
| 1                  | 3/19             | Updated Benefits and Features section                      | 1                |
| 2                  | 11/20            | Updated t <sub>APU</sub> time description                  | 12               |

For pricing, delivery, and ordering information, please visit Maxim Integrated's online storefront at https://www.maximintegrated.com/en/storefront/storefront.html.

Maxim Integrated cannot assume responsibility for use of any circuitry other than circuitry entirely embodied in a Maxim Integrated product. No circuit patent licenses are implied. Maxim Integrated reserves the right to change the circuitry and specifications without notice at any time. The parametric values (min and max limits) shown in the Electrical Characteristics table are guaranteed. Other parametric values quoted in this data sheet are provided for guidance.

# **X-ON Electronics**

Largest Supplier of Electrical and Electronic Components

Click to view similar products for Security ICs / Authentication ICs category:

Click to view products by Maxim manufacturer:

Other Similar products are found below :

RJM8L151F6P6R AT97SC3204T-X2A1B-10 SLS32AIA020A4USON10XTMA2 AT97SC3205T-G3M4C-00 AT97SC3205T-H3M4C-20 AT97SC3204-U4A14-20 AT97SC3205T-H3M4C20B AT97SC3205-X3A12-10 AT97SC3204-U2MA-20 AT97SC3204-X2A1A-10 ATAES132-SH-EQ ATECC508A-MAHDA-S DS2401+ DS1990A-F3+ DS1990A-F5+ DS2401P+T&R DS2401Z+T&R DS2411P+ DS2411P+T&R ATSHA204-TH-CZ-T DS28CM00R-A00+T DS28C22Q+T ATTPM20P-G3MA1-10-B HCS515-IP HCS515P MCS3122-I/ST MIKROE-3047 ATECC508A-SSHDA-T ATSHA204A-SSHDA-B ATAES132A-SHEQ-B ATECC108A-SSHCZ-B ATSHA204A-SSHDA-T W74M32FVSSIQ IPL-CHP1.8V ATSHA204A-STUCZ-T DS2411R+T&R RJM8L151K8Q6Y CW3802 RJGT102WDP8 FM15160 508-03 RJGT102WDT6 RJMU401FH0 ATECC108A-RBHCZ-T IPL-CHP 404726X AT88SC0808CA-Y6H-T AT88SA102S-SH-T MAX66240ESA+