ATECC508A [Summary Datasheet]
Atmel-8923BS-CryptoAuth-ATECC508A-Datasheet-Summary_102015
1 Introduction
1.1 Applications
The Atmel® ATECC508A is a member of the Atmel CryptoAuthentication™ family of crypto engine authentication
devices with highly secure hardware-based key storage.
The ATECC508A has a flexible command set that allows use in many applications, including the following,
among many others:
Network/IoT Node Protection
Authenticates node IDs, ensures the integrity of messages, and supports key agreement to create session
keys for message encryption.
Anti-Counterfeiting
Validates that a removable, replaceable, or consumable client is authentic. Examples of clients could be
system accessories, electronic daughter cards, or other spare parts. It can also be used to validate a
software/firmware module or memory storage element.
Protecting Firmware or Media
Validates code stored in flash memory at boot to prevent unauthorized modifications, encrypt downloaded
program files as a common broadcast, or uniquely encrypt code images to be usable on a single system
only.
Storing Secure Data
Store secret keys for use by crypto accelerators in standard microprocessors. Programmable protection is
available using encrypted/authenticated reads and writes.
Checking User Password
Validates user-entered passwords without letting the expected value become known, maps memorable
passwords to a random number, and securely exchanges password values with remote systems.
1.2 Device Features
The ATECC508A includes an EEPROM array which can be used for storage of up to 16 keys, certificates,
miscellaneous read/write, read-only or secret data, consumption logging, and security configurations. Access to
the various sections of memory can be restricted in a variety of ways and then the configuration can be locked to
prevent changes.
The ATECC508A features a wide array of defense mechanisms specifically designed to prevent physical attacks
on the device itself, or logical attacks on the data transmitted between the device and the system. Hardware
restrictions on the ways in which keys are used or generated provide further defense against certain styles of
attack.
Access to the device is made through a standard I2C Interface at speeds of up to 1Mb/s. The interface is
compatible with standard Serial EEPROM I2C interface specifications. The device also supports a Single-Wire
Interface (SWI), which can reduce the number of GPIOs required on the system processor, and/or reduce the
number of pins on connectors. If the Single-Wire Interface is enabled, the remaining pin is available for use as a
GPIO, an authenticated output or tamper input.
Using either the I2C or Single-Wire Interface, multiple ATECC508A devices can share the same bus, which saves
processor GPIO usage in systems with multiple clients such as different color ink tanks or multiple spare parts,
for example.
Each ATECC508A ships with a guaranteed unique 72-bit serial number. Using the cryptographic protocols
supported by the device, a host system or remote server can verify a signature of the serial number to prove that
the serial number is authentic and not a copy. Serial numbers are often stored in a standard Serial EEPROM;
however, these can be easily copied with no way for the host to know if the serial number is authentic or if it is a
clone.