Written by Nelson Lunsford
Implementing security into your design may seem somewhat daunting and time-/resource-intensive at first glance. You may be thinking that you don’t have the luxury for it. Fortunately, Atmel makes it easy when using the turnkey Atmel CryptoAuthentication IC.
At its most basic, the CryptoAuthetication device receives a challenge from a host system and a response is sent back to that host system. That challenge is combined with a secret key stored in the secure memory of the CryptoAuthetication using the MAC command. Then the result or response is sent back to the host system. If the response is correct as determined by the host system, then the operation can proceed.
How does that secret get into the CryptoAuthetication IC in the first place? Well, the CryptoAuthetication device requires that it be personalized or programmed with a known configuration for the application that it is intended to solve. Personalization of the device simply means configuring it to do what you want it to do.
The following methods can be used to place secure information into the CryptoAuthentication device:
- You can program the IC using the available communications interfaces provided by the IC, namely SWI or TWI.
- Atmel provides a software package and a hardware kit. This package is the Atmel CryptoAuthentication Evaluation Studio (ACES) and the AT88CK101STK8 or AT88CK109STK8 hardware.
- Atmel has produced a Secure Personalization or Programmer Kit (combination hardware and software) that can be purchased to program the CryptoAuthentication in greater quantities than the ACES tool.
- Atmel has approved several 3rd party programmers that can be purchased program the CryptoAuthentication before deployment.
- Atmel has also approved several 3rd party companies that will program the CryptoAuthentication once the secrets have been securely received.
- Atmel provides a service to their larger customers enabling the CryptoAuthentication to be personalized at final package test.
- This service is for programming larger numbers of ICs where it is not conducive for you to manage it yourself.
Any of the 6 methods mentioned above will work for placing your specific data into the CryptoAuthentication device in order to protect your IP.