Part Number Hot Search : 
E222M C552L 2SA186 331M1 SR3045CS 120910NK CTQ080 1001S
Product Description
Full Text Search
 

To Download AT98SC008CT Datasheet File
  If you can't view the Datasheet, Please click here to try to view without PDF Reader .  
 
 

  Datasheet File OCR Text:
  1 secure your embedded devices 1. introduction high-tech goods counterfeiting, multimedia content copying, and identity theft are all major concerns today. the proven cryptographic protocols implement ed in atmel?s tamper-resis- tant microcontrollers offer a powerful turnkey solution to fight these threats. this paper presents examples of efficient and cost effective ip protection applications utilizing secure chips in various embedded systems. 1.1. high-tech goods counterfeiting according to the 2005 report [kmpg05] by accounting firm kpmg? international, fake high-tech goods (cell phones, computers, printer cartridges, etc.) account for about $100 billion in sales lost to counterfeiters each year. this means that around 10 percent of all high-tech goods sold each year worldwide are fakes! therefore, 10 percent of all high-tech sales are lost to the intellectual property (ip) owners. besides financial considerations, counterfeiting presents noticeable collateral risks for the consumers ? no guarantee that faulty goods will be replaced and fake goods may even injure the customer due to improper testing, poor quality of consumables, etc. counterfeit goods can also severely degrade the public image of companies by deteriorating cus- tomer satisfaction not to mention that fake automotive or aeronautic spares present a real concern for public health and safety. examples of the counterfeiting of high-tech goods are given in [merc]. some renowned companies have been targeted by international criminal organizations, which have sold thou- sands of counterfeit-branded products in several countries. generally speaking, famous brand-name products are more exposed to counterfeiting because they are seen as ?must have? goods and therefore are easier to sell on the counter- feit market. many accessories and peripherals (for mobile phones, personal digital assistants, portable mp3 and video players) are the target of criminals that use increasingly sophisticated manufacturing means and industrial production techniques. any high-tech product, whatever the market (mass marketed items such as music players or even industrial equipment, machines, etc.) is vulnerable to counterfeiters who aim at secure microcontrollers application note rev. 6528a?17 may 06
2 secure your embedded devices 6528a?smic?17 may 06 making money, taking advantage of the public image of famous brands by cloning equipment/parts and selling similar products at a much lower price. another strategy may only be cost reduction. some companies may prefer cloning expensive equipment (e.g. network equipment) they have already purchased for their own use, thus steali ng ip, rather than buying new certified products. 1.2. digital content copy intellectual and artistic property (music, movies and so ftware) piracy is also a real problem for the electronics industry. even if the full cost of illegal multimedia content duplication cannot be quanti- fied, the availability of multiple perfect copies of copyrighted materials is seen by most of the media industry as a threat to its viability and prof itability. digital media publishers have business models based around charging a fee for each copy or performance of the multimedia product. as a conse- quence, digital rights management (drm) was designed as a means to allow them to control any duplication and dissemination of the content. however, hackers are actively trying to crack the drm systems. the famous content scrambling system (css) algorithm used for dvd copy protection was revealed three years after its creation to be easily susceptible to a brute force attack ( refer to [wpd-de] ). many other recent copy protec- tion systems have already failed. for example, the hacker of the css system has also hacked a famous music store system, allowing the removal of the copy protection from the purchased music files ( refer to [cnn] ). governments are now backing the fight against counterfeiting. among these initiatives are the us strategy targeting organized piracy (stop [uspto] ), the european association for the protec- tion of encrypted work s and services (aepoc [aepoc] , and the uk foundation for art and creation technology (fact [fact] ). 1.3. identity theft another burning issue is the identity theft of web applications. according to [jav06], the amount lost to fraud over a one-year period for online applic ations (banking, shopping, etc.) is estimated at $54.4 billion in 2005 in the u.s. alone. user credentials are mainly stolen through offline means (stolen wallet, theft of paper mail, misap- propriation by friends). online attacks are relatively rare (11.6%), but according to [gar05], phishing (1) attacks are growing exponentially. in reaction to the growing threat, the us federal financial institution exam ination council (ffiec) has established a guidance ruling for user online authentication to banking services. as reported in [fine], us banks will have to comply with these rules by the end of 2006 and deploy two-factor authentication solutions ( explained below ) whenever needed. microsoft? also believes that passwords are no longer reliable and will enforce new strong authen- tication means in its new windows vista? oper ating system. with strong authentication, each party involved in the transaction process can be confident of the other party?s identity. this enables trusted e-commerce and transactions, secure logon, protection against phishing, pharm- ing (2) and more. 1. phishing: technique consisting in stealing user credentials (login/password) through fake e-mails 2. pharming: advanced technique consisting of the creation of fake web sites (e.g. banking) that perfectly mimic the real ones. users are seamlessly directed to these fake sites, and enter their login and password that are recorded by hackers! seamless redirection can be achi eved through false urls (that surprisingly look like the right one) sent by e-mail, or by internet domain name servers hacking (dns cache poisonin g) that will errone- ously translate good urls to the hackers ip address.
3 secure your embedded devices 6528a?smic?17 may 06 1.4. atmel?s secure microcontroller family this paper will show how to prev ent the threats mentioned with th e use of atmel?s secure micro- controllers. the high-level examples presented herein only show principle methods. detailed references will be given for full technical explanations and implementation recommendations. moreover, the solutions exposed herein may be patented. the proven technology used in atmel secure microcontrollers is already widespread and used in national id/health cards, e-passports, bank card s (storing user personal identification number, account numbers, authentication keys among others), pay-tv access control and cell phone sim cards (allowing the storage of subscribers? unique id, pin code, and authentication to the net- work), where cloning must definitely be prevented. more than one billion (1) of such microcontrollers have been already sold by atmel and successfully implemented in many secure systems. atmel?s secure products will advantageously replace complex and expensive proprietary anti-tam- pering protection system. their advantages include low cost, ease of integration, higher security, proven technology. versatility three secure microcontroller families are av ailable: at90sc, at91sc and at98sc. the at90sc and at91sc are ?open? solutions where the implementer can develop their own on-chip applica- tion using available atmel software libraries. beyond this, the at98sc family chips feature comprehensive embedded firmware that provides standard, public domain-proven cryptographic algorithms. this is deemed safer than using proprietary algorithms, since their strengths or weak- nesses are well studied by the scientific communi ty. the at98sc will be further described later in this paper. tampering resistance at9xsc microcontrollers are designed to keep c ontents secure and avoid leaking information dur- ing code execution. while on regular cpus, measuring current consumption, radio emissions and other side channels attacks may give precious information on the processed data or allow the manipulation of the data. atmel?s secure microcontrollers? security features include voltage, fre- quency and temperature detectors, illegal code exec ution prevention, tampering monitors and protection against side channel attacks and probing. the chips can detect tampering attempts and destroy sensitive data on such events, thus avoiding data confidentiality being compromised. these features make cryptographic computations secure in comparison with regular microcontrol- lers whose memories can be easily duplicated. it is much safer to delegate cryptographic operations and storage of secret data (keys, identifiers, etc.) to an atmel secure microcontroller. success stories atmel secure microcontrollers already have successfully been integrated into embedded systems using various form factors. applications includ e franking machines, tachographs, set-top boxes, network routers, etc. 1. the billionth was sold in march 2006
4 secure your embedded devices 6528a?smic?17 may 06 2. secure your hardware ? anti-cloning solutions atmel secure microcontrollers are perfectly designed to secure embedded systems. for example, the at98sc is especially good at preventing the connection of an unauthorized/fake sub-system to a wider system of interconnected devices ( refer to figure 2-1 ). this applies to scenarios as sim- ple as a mobile phone authenticating its battery (ensuring the battery is genuine), or a little more complex such as a server authenticating a network device. when an unauthorized/counterfeit part is detected by the system, the overall functionality can be limited or even denied depending on the manufacturer?s policy. anti-cloning protection does not need not to be 100% efficient as the research presented in the june 2006 rsa? conference by cryptographic res earch [cri06] explains. the implemented pro- tections must make cloning unprofitable to hackers: ?[?therefore] using hardware tamper-resistant microcontrollers forces attackers to be invasive, or use very complex and expensive equipment.? figure 2-1. authentication 2.1. prevent the cloning of your high-tech goods anticloning is safely implemented through one-way or mutual strong authentication (1) . various authentication protocols exist ( refer to [iso9798], [fips196] ), but the principle method is the following: 1. the authenticator sends a challenge (e.g. a random number) to the equipment that must be authenticated (?the claimant?). 2. the claimant computes a digital signature of the combination of this challenge with an optional identifier, using a private or secret key. the requested signature is then returned to the authenticator. 3. the authenticator checks the signature using either the same secret key or the public key associated to the claimant?s private key and decides whether the claimant is authorized or not based on the signature verification result. let us illustrate this process with the example of a cell phone (the authenticator) authenticating a battery (the claimant). this example ( refer to figure 2-2 ) is based on the iso/iec 9798 standard [iso9798]. this application can be implemented using two at98sc chips ? one in the phone and one in the battery. the battery-side at98sc chip contains a secret key (loaded during battery manufacturing) that can never be extracted and is utilized to compute signatures. consequently, the at98sc must be cloned in order to make counterfeit batteries which is practically impossible. 1. strong authentication: exchange of messages during which a claimant proves its identity to a verifier by demonstrating its kn owledge of a secret but without revealing it. device host atmel are you a genuine device? are you a trusted host? atmel
5 secure your embedded devices 6528a?smic?17 may 06 the phone?s at98sc contains the same secret key, either loaded during phone manufacturing, or remotely updated through an encrypted communication channel. the battery does not need a microcontroller other than the at98sc ? the phone can be connected directly to the battery?s secure microcontroller through the battery contacts. figure 2-2. cell phone battery anti-cloning system example a more detailed description of the scenario is shown below: 1. the phone sends a challenge (random number) to the battery. ? the phone sends a ?get challenge? command to its at98sc. the at98sc sends back the requested challenge. ? the phone sends an ?internal authenticate? command to the battery?s at98sc with the generated challenge. the battery?s at98sc then computes a signature of this challenge using the secret key. 2. the phone receives the battery?s computed signature and forwards it to its own at98sc for verification: ? the phone sends an ?external authenticate? command, with the battery?s signature, to its at98sc. ? the phone?s at98sc returns the validation. the same technique can be applied to printers authenticating cartridges, a video game console authenticating a joystick, a pc (or remote web site) authenticating a portable mp3 player, a server authenticating a network device, etc. depending on the customer?s infrastructure, symmetric key systems (des) may be preferred to public key systems (rsa?). as a general rule, the host must be carefully designed so that the peripheral authentication process cannot be bypassed. smart phone (authenticator) signature sign challenge with secret key verify signature with secret key atmel atmel battery secret key get challenge ok / not ok internal authenticate (ch) battery (claimant) challenge ch generate a random ? ch ? external authenticate + signature a r e y o u g e n u i n e ? battery secret key
6 secure your embedded devices 6528a?smic?17 may 06 3. secure your digital content ? drm and software copy protection atmel secure microcontrollers will help when protecting multimedia data. they are designed for key and certificate management used in drm, and software protection areas. drm systems that do not run on tamper-resistant hardware cannot, theoretically, be secure since digital content can be copied at a hardware level. 3.1. digital rights management as an example ( refer to figure 3-1 ), let us see how to bind a music file to a single music player by using an at98sc microcontroller. the ultimate goal of drm is to prevent access to a digital clear- text music file that could be copied infinitely without any degradation in sound quality. figure 3-1. secure media player 1. provisioning (1) : in a preliminary personalization phase, the manufacturer makes the equipment generate a specific key pair. ? the manufacturing equipment sends a ?generate key pair? command to the at98sc. the generated ?user private key? remains internally stored in a file on the at98sc and can never be extracted. the associated ?user public key? is read from the equipment and certified (i.e. signed with a ?certification authority? private key). the certificate is stored back in the at98sc. this makes it impossible to have valid public keys generated by something else other than an at98sc personalized for this purpose. moreover, this certificate binds the generated public key to the equipment identifier. 1. provisioning: activity consisting in loading/generating user credentials, cryptographic keys, identifiers into equipment. internet purchased music file media player main controller online music store user private key user certification authority is public key valid? yes equipment part id user public key encrypted decryption key encrypted data purchase order purchased music file download i d : 1 2 3 4 decryption key atmel secure micro controller decrypted decryption key play music! 1) 2) 3) 4) 5) 6) equipment part id user public key
7 secure your embedded devices 6528a?smic?17 may 06 2. the customer sends a purchase order ( refer to step 1) in figure 3-1 ) together with its equip- ment part id and public key certificate. the media player sends the command: ? ?read record? to fetch the certificate from the at98sc file system. 3. the music provider checks the ?user public key? validity ( steps 2 and 3 ). verifying the public key is necessary otherwise anyone could create their own public key pair, send it to the music store and then decrypt music files outside of drm-enabled products. 4. the music provider encrypts the purchased mu sic file with a random, single-usage ?encryp- tion key? that is in turn encrypted with the customer?s ?user public key? (as a consequence, no one else can decrypt this decryption key). 5. the customer downloads the encrypted music file into their media player ( step 4 ). to play it, the player?s main controller sends the following command: ? ?decrypt data?, where the provided data is the encrypted ?decryption key?. the ?decryption key? is decrypted thanks to the customer?s ?user private key?. 6. the decrypted ?decryption key? is sent back to the main controller ( step 5 ). the main con- troller can now decrypt the music data and play it ( step 6 ). as a general design rule, the transmission of the decrypted keys between the secure microcontroller and the main controller must be secured either logically, by encrypting the commu- nications, or physically (offering tamper protection), or both. however, storing cryptographic keys into a controller that is not designed to be secure is dangerous. 3.2. on-the-fly encryption atmel secure microcontrollers feature on-the-fl y encryption/decryption functions that can be applied to data streams with a reasonable baud rate, for example, encrypted voice communications. on-the-fly encryption requires the use of a symmetr ic cipher algorithm (3des, aes, etc.), because public key algorithms are too slow. in such applications, a symmetric session key is exchanged using a public key cryptographic protocol ( refer to step 1) in figure 3-2 ). for the sake of simplicity, this step is not detailed here. some of the possible protocols include kerberos, authenticated key exchange protocol, diffie-hellman, el-gamal, and more. figure 3-2. encrypted voice communication once the phones have established a communication channel with symmetric session keys: 1. load the encryption/decryption key into the at98sc: ? each phone sends a ?manage security environment? command containing the session key to its at98sc. 1: initiate call (session key exchange) 2: encrypted voice stream atmel atmel
8 secure your embedded devices 6528a?smic?17 may 06 2. then voice stream can be ciphered/deciphered for as long as the communication lasts ( step 2 ): ? for an outgoing voice stream, the at98sc will instantly encrypt the digitized voice stream with the ?encrypt data? command. ? for an incoming voice stream, the at98sc will instantly decrypt the digitized voice stream with the ?decrypt data? command. 3.3. software protection software copy protection is securely achieved by putting vital sensitive functions into a secure microcontroller integrated in a usb dongle. if the dongle cannot be cloned, the software is use- less. the software design needs to be resistant to reverse engineering so the dongle is always mandatory to the software functioning.
9 secure your embedded devices 6528a?smic?17 may 06 4. secure your privacy ? multi-factor user au thentication solutions the methods to authenticate humans are generally classified into three cases: physical attribute (e.g. fingerprint, retinal pattern, facial scan, etc.), security device (e.g. id card, security token, soft- ware token or cell phone), and something the user knows (e.g. a password/passphrase or a personal identification number). to fight against identity theft, the multi-factor aut hentication is a stronger alternative to the classi- cal login/password authentication (called weak authentication). it combines two or more authentication methods (often a password combined with a security token). two-factor systems greatly reduce the likelihood of fraud by requiring the presence of a physical device used together with a password. if the physical device is lost or the password is compromised, security is still intact. the reader can refer to nist?s [sp800-63] for further details. multi-factor authentication requires a strong authentication. anticloning is safely implemented through one-way or mutual strong authentication. various authentication protocols exist (refer to [iso9798], [fips196]), but the principle method is the following: method to complement the pass- word authentication and this strong authentication method requires storing secret data. pure software multi-factor solutions are thus not reliable. if sensitive data is stored in files on a hard disk, even if those files are encrypted, the files can be stolen, cloned and subjected to various kinds of attacks (e.g. brute force or dictionary attack (1) on passwords). therefore secure microcon- trollers-based hardware tokens are a must. placing secrets outside the computer avoids risking exposure to malicious software, security breaches in web browsers, files stealing, etc. numerous companies are now providing authentic ation solutions based on usb tokens. tokens connected through usb are a convenient solution since they require no additional hardware. atmel?s turnkey usb secure microcontroller solutions can help providers focus on their security model and their application without loosing too much time on tamper protection and other complex hardware security concerns. 4.1. usb tokens common features the usb tokens are generally able to ( refer to figure 4-2 ): ?perform challenge response authentication this challenge response protocol is considered a strong authentication method. as shown in figure 4-1, h k is a digital signature operation (such as des, rsa, elliptic curve (ecc) signa- ture, etc.). the ?||? operator is the ?concat enation? operator. figure 4-1shows how a device can require assistance from a secure microcontroller to identify itself to the host. note that the usage of ?challenges? (random numbers, in fact) prevents obvious replay attacks. in such a protocol, the claimant entity (in this case, the device) can produce a correct signature only if it knows the right secret/private key. if many devices share the same key, identifiers can also be involved in the authentication process to distinguish between devices. 1. brute force attack, dictionary attack: hacking techniques that consist in trying commonly used passwords (dictionary attack) or every character com- bination (brute force) to guess a password.
10 secure your embedded devices 6528a?smic?17 may 06 figure 4-1. challenge-response unilateral authentication ?perform one-time password generation . one-time password (otp) is another strong authentication method that has the advantage of being usable over simple media such as phones (the otp is dialed). this method does not require complex computations as with challenge-response authentication. the principle method of one-time passwords is as follows ( please refer to [rfc 1760] for fur- ther details ). let us assume we have a client and a server. in a preliminary provisioning step, a list of passwords is generated on the client side using a client?s secret passphrase and a seed (1) from the server (it is computationally infeasible to guess password n+1 from password n, but on the server side, verifying that password n+1 is correct is straightforward knowing password n). then, during normal usage, the user identifies himself to the ?authenticator? and provides the next password in the list. since a new password is used on each authentication attempt, and this password cannot be re-used, there is no risk of it being compromised. besides rfc 1760, many other otp implementations exist but standardization is pending to enable interoperability between various authentication systems ( refer to [oath], [rsa-otp] ). ?perform token holder authentication . this feature is used to unlock the token and protect against loss or theft. this authentication can be done using a simple password, or through biometric authentication, and is necessary to prevent token access when lost or stolen. note that biometric authentication methods must never be used in place of a password for online submission (if stolen, your identity is compromis ed forever) but they prove useful for offline usage (e.g. unlock hardware) because: ? they have no risk of being forgotten ? there is no need to write it down somewhere ? they are impossible to counterfeit (whereas bad passwords can be guessed) 1. seed: (pseudo-)random number device secure microcontroller internal authenticate + c h mutual authentication request + host challenge (c h ) host d e v i c e s i g n a t u r e device signature h k (c d ||c h ) + device challenge (c d ) generate signature using host challenge, device challenge and a private/secret key generate a random host challenge generate a random device challenge verify signature using host challenge, device challenge and a public/secret key
11 secure your embedded devices 6528a?smic?17 may 06 figure 4-2. hardware token common features besides the multi-factor authentication, the following secondary features are often used in such tokens: ? single sign-on. single sign-on enables users to enter , once, a master login/password on the usb token and then gain access to a personal database of login/password entries associated to web site urls. this enables a seamless user login on various web sites during browsing. ? certificate storage. usb tokens can store user certificates for authentication and private keys for document signature. storing private keys on a protected hardware token prevents anyone other than the legitimate user signing documents. ? token sharing. currently, most web applications require their own hardware token (one for each bank, one for the online book store, etc.). the multiplication of tokens currently deters their utilization. so token sharing is an attempt to put multiple authentication applications into a single token. ? pkcs #11 api (rsa?) or ms-capi (microsoft ? ). these are standardized pc computer software libraries that offer high-level cryptographic services (digital signature, key generation and storage, encryption/decryption, etc.) that are mostly used by web browsers but are available to vi rtually any application. the cryptographic services can be implemented as pure softwar e or rely on a hardware token through a dedicated driver. atmel secure microcontrollers perfectly fit as [pkcs11] or [ms-capi] compliant hardware tokens. laptop usb token biometric sensor flash memory secure microcontroller usb interface web server user u n l o c k s authentication b r o w s e s u sb file system certificates passwords keys web browser pkcs#11 api pkcs#11 driver crypto authentication signature digest encryption random local area network login
12 secure your embedded devices 6528a?smic?17 may 06 4.2. implement a high-end usb token the following example shows how to use an atmel secure microcontroller to rapidly develop sim- ple, yet very secure, hardware tokens for multi-factor authentication solutions. as a comprehensive example, we are going to show how to interface an atmel usb secure microcontroller with atmel fingerprint sensors ( refer to [atm-fin] ) and atmel flash memory mass storage through an spi bus (subsets of this comprehensive solution can be even more easily implemented). refer to figure 4-3 below. figure 4-3. otp-enabled, mass storage biometric usb token scenario #1: the user wants to log into thei r favorite e-banking web site which requires a one-time password. 1. the user connects their usb token to the pc. 2. the user provides a password/fingerprint to t heir usb token to prove they are a legitimate user. in the case of a password lock and depending on the system, the password may be entered on the usb token device, if it has an entry device, or typed on the pc and transmit- ted to the token. direct entry is the preferred method because when entered on a pc, keyboard loggers or usb spies may intercept t he user?s secret data. a fingerprint must always be captured directly on to the usb token. in the case of a password lock, the follow- ing sequence of commands must be sent to the secure microcontroller: ? select the authentication application (select command) ? request a random number (get challenge command) ? combine the password with the challenge (using a mathematical function called ?hash?) and submit the combination (submit password command). if successful, access to the secure microcontroller cryptographic features and user personal data is then unlocked. pc applications (e.g. web browser) can then request cryptographic operations through the pkcs#11 api. 3. the user types the url of the online banking web site into the web browser and enters its identifier on the user identification screen. 4. the web browser application now calls the pkcs#11 api to retrieve an otp using the c_sign function. in turn, the pkcs#11 driver sends a ?getotp(n)? command to the usb token which will return the nth otp, since the user has unlocked their token. this password is then transmitted to the web site. a user two-factor strong authentication has been performed. flash atmel usb spi bus fingerprint sensor
13 secure your embedded devices 6528a?smic?17 may 06 scenario #2: the user signs an important document stored on a flash mass storage device. 1. as in scenario #1, the user connects the to ken and unlocks it through the relevant holder authentication method. 2. special commands now allow the pc to access the flash memory, decrypted on-the-fly by the secure microcontroller, which holds the encryption keys. the user gets the document onto their pc. 3. upon the user?s request, the document is signed by the token using the ?generate signa- ture? command.
14 secure your embedded devices 6528a?smic?17 may 06 5. the new at98sc family the at98sc is a new microcontroller family based on the technology implemented on the at90sc and at91sc series. its embedded firmware provides a turnkey solution for the applica- tions explained above and many more! the at98s c family provides a generic solution to the security threats stated in this paper. the at98sc family is an alternative to trusted platform modules (tpm) for the embedded market ( refer to [atm-tpm] ). at98sc family members offer more-flexible interfaces than tpms with a lower pin count. the key management can also be freely customized and is not as stringent as on tpms. 5.1. flexibility. rapid developm ent/integration for embedded products currently, the at98sc family members feature ( refer to [atm-at98] for further details ): ? various communication interfaces including spi (serial protocol interface) and usb (universal serial bus) ? low pin count (reset, vcc, gnd, and communication interface specific pins) so integration into an existing board is simple. at98sc chips ar e available in small packages (qfn44) to fit into the most size-constrained devices. ? low power consumption , in order to extend battery life in portable devices and low-power systems. at98sc devices consume less than 100 a in standby mode, and only 5 to 15 ma during cpu (1) -intensive operations depending on the required action. ? embedded firmware that provides advanced functions: ? secure file system: a fully user-defined nonvolatile storage of sensitive or secret data. parts of the file system can be password-protected. it also stores the configuration of the cryptoalgorithms. ? administration mode to manage chip internals, security features, cryptographic configuration and file system contents. it allows downloading data into the at98sc file system using an encrypted channel with session keys. ? command set to perform cryptographic operations using keys and data from the file system including: authentication, digital signature, encryption/decryption, hash, random, public key pair generation. ? cryptographic algorithms: rsa pkcs#1 v2.1 [pkcs1], ec-dsa [fips186], [iso9797] mac using 3des. ? cryptographic protocols: [iso9798] secret-key unilateral or mutual authentication and [fips196] public key based unilateral or mutual authentication. ? robust communication protocol stacked over the physical communication interfaces. ? an evaluation kit (at98sc-ev1) please refer to the at98sc family roadmap (2) for a detailed schedule of new features such as: ? x.509 certificate verification/generation ? hotp algorithm ( refer to [oath] ) ? twi (two-wire interface), uart(unive rsal asynchronous receiver transmitter) ? soic-8 package or similar 1. cpu: central processing unit 2. contact your local atmel sales office.
15 secure your embedded devices 6528a?smic?17 may 06 5.2. customize your security? currently, it is not possible to load user code on the at98sc devices. for that reason, the python? programming language support is planned. a virtual machine-based python execution environment will allow a full customization of the at98sc operation. customers will be able to easily develop their own set of applications embedde d in the at98sc chips using a high-level lan- guage without bothering with low-level hardware considerations. the python language is already successfully used wi thin the industry (philips?, nasa, lucasfilms ltd, astrazeneca? international, nokia?, etc.) and offers a low-cost solution because it is license- free. the python language is also used in portabl e devices, the most famous example being the nokia series 60 smartphone embedding a full python interpreter ( see [nokia] ). moreover, free yet efficient development tools are already availa ble (based on ibm??s eclipse? ide). python is appreciated for its fast learning curve, fast appl ication development, maintainability, and readabil- ity of source code ( see [pyth-st] ). 6. conclusion high-tech goods counterfeiting, multimedia content copying and identity theft have an increasing cost to industry and consumers. besides the few examples presented herein, at9xsc series microcontrollers can successfully protect a broad range of applications against these threats among others. typically, the extra cost of a security chip remains negligible compared to the derived benefits. with their embedded firmware, at98sc microcontrollers allow an even easier implementation of secured embedded systems.
16 secure your embedded devices 6528a?smic?17 may 06 7. references [ aepoc ] european association for the protection of encrypted works and services, web: http://www.aepoc.org [ atm-at98 ] AT98SC008CT description, atmel, web: http://www.atmel.com/dyn/products/product_card.asp?part_id=3882 [ atm-fin ] at77c105a- fingerchip sensor description, atmel, web: http://www.atmel.com/dyn/products/product_card.asp?part_id=3609 [ atm-tpm ] trusted platforms for homeland security, web: http://www.atmel.com/dyn/resources/prod_documents/doc5062.pdf [ cnn ] web: http://www.cnn.com/2003/tech/internet/11/27/itunes.code.ap [ cri06 ]attack of the clones: building clone-resistant products, rsa 2006, web: http://www.cryptography.com/resources/whitepapers/clone-resistance2006.pdf [ fact ] foundation for art and creative technology, web: http://www.fact.co.uk [ fine ] us banks given authentication deadline, oct 2005, web: http://www.finextra.com/fullstory.asp?id=14389 [ fips186 ] fips-pub 186, digital signature standard, 1994, web: http://www.itl.nist.gov/fipspubs/fip186.htm [ fips196 ] entity authentication using public key cryptography, 1997 february 18, web: http://www.itl.nist.gov/fipspubs/fip196.htm [ gar05 ] gartner survey shows frequent data security lapses and increased cyber attacks damage consumer trust in online commerce, 2005 press releases, web: http://www.gartner.com/press_releases/asset_129754_11.html [ iso9797 ] iso/iec 9797, ?information technology ? security techniques ? data integrity mecha- nism using a cryptographic check function empl oying a block cipher algorithm?, international organization for standardization, genev a, switzerland, 1994 (second edition). [ iso9798 ] iso/iec 9798-2, ?information technology ? security techniques ? entity authentication ? part 2: mechanisms using symmetric encipherment algorithms?, international organization for standardization, geneva, switzerland,1994 (first edition). [ jav06 ] 2006 identity fraud survey report, javelin strategy and research, january 2006. [ kpmg05 ] kpmg report - managing the risks of counterfeiting in the information technology industry, 2005 [ merc ] counterfeits inundating high-tech market, d. takahashi (mercury news), web: http://www.siliconvalley.com/mld/siliconvalley/13774284.htm [ ms-capi ] the cryptography api, or how to keep a secret, robert coleridge (msdn technology group), august 19, 1996, web: http://msdn.microsoft.com/library/default.asp?url=/library/en- us/dncapi/html/msdn_cryptapi.asp [ nokia ] python tm for series 60, web: http://www.forum.nokia.com/python [ oath ] ietf hmac otp draft 4 - initiative for open authentication, web: http://www.openauthentication.org/pdfs/hmac_otp_draft_4.pdf [ pkcs1 ] pkcs #1: rsa cryptography standard, web: ftp://ftp.rsasecurity.com/pub/pkcs/pkcs- 1/pkcs-1v2-1.pdf [ pkcs11 ] pkcs #11 v2.20 : cryptographic token interface standard, web: ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/v2-20/pkcs-11v2-20.pdf
17 secure your embedded devices 6528a?smic?17 may 06 [ pyth-st ] python success stories, web: http://www.python.org/about/success [ rfc 1760 ] the s/key one-time password system february 1995, web: http://rfc.net/rfc1760.html [ rsa-otp ] pkcs #11 v2.20 amendment 1: pkcs #11 mechanisms for one-time password tokens, web: ftp://ftp.rsasecurity.com/pub/p kcs/pkcs-11/v2-20/pkcs-11v2-20a1.pdf [ sp800-63 ] electronic authentication guideline, nist special publication 800-63, web: http://csrc.nist.gov/publications/nistpubs/800-63/sp800-63v6_3_3.pdf [ uspto ] united states patents and trademarks office, web: http://www.uspto.gov/main/profiles/stopfakes.htm [ wpd-de ] decss article, web: http://www.wikipedia.org/wiki/decss
6528a?smic?17 may 06 ? atmel corporation 2006 . all rights reserved. atmel ? , logo and combinations thereof, everywhere you are ? and others, are registered trademarks or trademarks of atmel corporation or its subsidiaries. other terms and product names may be trademarks of others. disclaimer: the information in this document is provided in connection with atmel products. no license, express or implied, by estoppel or otherwise, to any intellectual property right is granted by this document or in connecti on with the sale of atmel products. except as set forth in atmel?s terms and condi- tions of sale located on atmel?s web site, atmel assumes no liability whatsoever and disclaims any express, implied or statutor y warranty relating to its products including, but not limited to, the implied warranty of merchantability, fitness for a particu lar purpose, or non-infringement. in no event shall atmel be liable for any direct, indirect, consequential, punitive, special or i nciden- tal damages (including, without limitation, damages for loss of profits, business interruption, or loss of information) arising out of the use or inability to use this document, even if atmel has been advised of the possibility of such damages. atmel makes no representations or warranties with respect to the accuracy or completeness of the contents of this document and reserves the rig ht to make changes to specifications and product descriptions at any time without notice. atmel does not make any commitment to update the information contained her ein. atmel?s products are not intended, authorized, or warranted for us e as components in applications intended to support or sustain life. atmel corporation atmel operations 2325 orchard parkway san jose, ca 95131, usa tel: 1(408) 441-0311 fax: 1(408) 487-2600 regional headquarters europe atmel sarl route des arsenaux 41 case postale 80 ch-1705 fribourg switzerland tel: (41) 26-426-5555 fax: (41) 26-426-5500 asia room 1219 chinachem golden plaza 77 mody road tsimshatsui east kowloon hong kong tel: (852) 2721-9778 fax: (852) 2722-1369 japan 9f, tonetsu shinkawa bldg. 1-24-8 shinkawa chuo-ku, tokyo 104-0033 japan tel: (81) 3-3523-3551 fax: (81) 3-3523-7581 memory 2325 orchard parkway san jose, ca 95131, usa tel: 1(408) 441-0311 fax: 1(408) 436-4314 microcontrollers 2325 orchard parkway san jose, ca 95131, usa tel: 1(408) 441-0311 fax: 1(408) 436-4314 la chantrerie bp 70602 44306 nantes cedex 3, france tel: (33) 2-40-18-18-18 fax: (33) 2-40-18-19-60 asic/assp/smart cards zone industrielle 13106 rousset cedex, france tel: (33) 4-42-53-60-00 fax: (33) 4-42-53-60-01 1150 east cheyenne mtn. blvd. colorado springs, co 80906, usa tel: 1(719) 576-3300 fax: 1(719) 540-1759 scottish enterprise technology park maxwell building east kilbride g75 0qr, scotland tel: (44) 1355-803-000 fax: (44) 1355-242-743 rf/automotive theresienstrasse 2 postfach 3535 74025 heilbronn, germany tel: (49) 71-31-67-0 fax: (49) 71-31-67-2340 1150 east cheyenne mtn. blvd. colorado springs, co 80906, usa tel: 1(719) 576-3300 fax: 1(719) 540-1759 biometrics/imaging/hi-rel mpu/ high speed converters/rf datacom avenue de rochepleine bp 123 38521 saint-egreve cedex, france tel: (33) 4-76-58-30-00 fax: (33) 4-76-58-34-80 literature requests www.atmel.com/literature


▲Up To Search▲   

 
Price & Availability of AT98SC008CT

All Rights Reserved © IC-ON-LINE 2003 - 2022  
[Add Bookmark] [Contact Us] [Link exchange] [Privacy policy]
Mirror Sites :  [www.datasheet.hk]   [www.maxim4u.com]  [www.ic-on-line.cn] [www.ic-on-line.com] [www.ic-on-line.net] [www.alldatasheet.com.cn] [www.gdcy.com]  [www.gdcy.net]
 . . . . .
  We use cookies to deliver the best possible web experience and assist with our advertising efforts. By continuing to use this site, you consent to the use of cookies. For more information on cookies, please take a look at our Privacy Policy. X