Analog Devices / Maxim Integrated MAXQ1065 DeepCover Crypto Controller

Analog Devices MAXQ1065 DeepCover Crypto Controller is a security coprocessor that provides turnkey cryptographic functions. These functions include root-of-trust, mutual authentication, data confidentiality and integrity, secure boot, secure firmware update, and secure communications. These feature generic key exchange and bulk encryption or complete TLS support. The MAXQ1065 integrates 8KB of secure storage for user data, keys, certificates, and counters with user-defined access control and life cycle management. It also has a configurable output pin and a tamper input pin. Commands are accessible through a standard SPI interface.

The MAXQ1065's low power consumption makes it suitable for battery-powered applications, and the extremely reduced footprint and pin count allow easy integration into medical and wearable devices. Its lifetime and operating range make it compatible with long-term deployments in harsh environments. The MAXQ1065 life cycle management allows flexible access control rules during the major life cycle stages of the device. Secure key loading protocol and secure factory preprogramming are available.

DeepCover® embedded security solutions cloak sensitive data under multiple layers of advanced security to provide the most secure key storage possible. To protect against device-level security attacks, invasive and noninvasive countermeasures are implemented, including active die shield, encrypted storage of keys using the ChipDNA PUF technology, and externally callable algorithmic subroutines.

The Analog Devices MAXQ1065 DeepCover Crypto Controller is offered in a compact 3.0mm x 3.0mm TDFN-12 package ideal for space-constrained applications.

Features

ECC compute engine using Curve NIST P-256
- FIPS-186 ECDSA
- NIST SP800-56Ar3 key exchange with static unified model, C(0e, 2s, ECC CDH) with one-step key derivation using SHA-256
- On-board EC key generation with SP800-90B/A
SHA-2 compute engine
- NIST FIPS-180-4 SHA2-256, HMAC-SHA-256
AES compute range with 128 and 256 key sizes
- ECB, CBC, CCM, and GCM cipher modes
- CBC-MAC, CMAC message authentication codes
- Onboard AES key generation with SP800-90A/B
Secure communication
- TLS/DTLS 1.2 handshake and record layer
  - ECDSA authentication
  - ECDHE key exchange
  - AES-GCM or CCM record layer
- SP800-56Ar3-based key exchange

True Random Number Generator (TRNG)
- NIST SP800-90A/C compliant
- NIST SP800-90B entropy source
X.509 v3 certificate support
- Storage of root and device certificates
- Onboard verification of chains of certificates
- ECDSA verification on supported curves
High-speed interface for host microcontroller communication
- 10MHz SPI with Mode 0 or Mode 3 operation
8KB user Flash array with ChipDNA PUF encryption
Unique, unalterable factory-programmed ID number
Tamper input detects system-level intrusion
Secure factory provisioning service
12-Pin, 3mm x 3mm TDFN package
-40°C to +105°C, 1.62V to 3.63V
100nA (typ) in standby low-power operation