原标题：Atmel ATSHA204AUSB软件保护器(加密狗)解决方案

　　Atmel公司的ATAES132A,ATSHA204A和ATECC508A是完整的加密器件,包括分成16个区的4.5Kb EEPROM,用来存储密钥数据,各种读/写数据,仅读数据,密码或保密数据以及消耗跟踪控制.访问各个部分存储器由不同方法进行限制,主要用在安全下载和引导,加密控制,反复制和信息安全.本文介绍了ATSHA204A主要特性和应用框图,以及采用ATSHA204A, ATAES132A和ATECC508A的CryptoAuthentication™ USB加密狗评估板AT88CK590主要特性,电路图和材料清单.

　　The Atmel® ATSHA204A is a full turnkey security device. It includes a 4.5Kb EEPROM divided into 16 slots. This array can be used for storage of keys, miscellaneous read/write, read-only, password or secret data, and consumption tracking. Access to the various sections of memory can be restricted in a variety of ways and then the configuration locked to prevent changes.

　　Access to the chip is through a standard I²C interface at speeds up to 1Mb/sec. The chip also supports a single-wire interface that can reduce the number of GPIOs required on the system processor and/or reduce the number of pins on connectors. It is compatible with most UART or serial I/O controllers. System integration is eased with a wide supply voltage range and an ultra-low sleep current of less than 100nA.

　　The ATSHA204A device includes an Electrically Erasable Programmable Read-Only Memory (EEPROM) arraythat can be used for key storage, miscellaneous read/write data, read-only, secret data, consumption logging,and security configuration. Access to the various sections of memory can be restricted in a variety of ways, andthe configuration can then be locked to prevent changes.

　　The ATSHA204A features a wide array of defense mechanisms specifically designed to prevent physicalattacks on the device itself or logical attacks on the data transmitted between the device and the system. Hardware restrictions on the way keys are used or generatedprovide further defense against certain styles of attack.

　　Access to the device is made through a standard I2C interface at speeds of up to 1Mb/s. It is compatible with I2C interface specifications. The device also supports a Single-WireInterface (SWI) that can reduce the number of GPIOs required on the system processor and/or reduce the number of pins on connectors.

　　Using the Single-Wire Interface, multiple ATSHA204A devices can share the same bus, which saves processorGPIO usage in systems with multiple Clients such as different color ink tanks or multiple spare parts.

　　Each ATSHA204A ships with a guaranteed unique 9-byte (72-bit) serial number. Using the cryptographicprotocols supported by the device, a Host system or remote server can prove that the serial number is authenticand is not a copy. Serial numbers are often stored in a standard Serial EEPROM, which can be easily copiedwith no way for the Host to know if the serial number is authentic or if it is a clone. The entire serial number mustbe utilized to guarantee uniqueness.

　　The ATSHA204A can generate high-quality random numbers and employ them for any purpose, including aspart of the crypto protocols of this device. Because each 32-byte (256-bit) random number is not dependent onpast numbers generated on this or any other device, their inclusion in the protocol calculation ensures thatreplay attacks (i.e. re-transmitting a previously successful transaction) always fail.

　　System integration is made easy by a wide supply voltage range (of 2.0V through 5.5V) and an ultra-low sleepcurrent (of <150nA).

　　ATSHA204A主要特性:

　　 Crypto Element with Protected Hardware-based Key Storage

　　 Secure Symmetric Authentication Device Host and Client Operations

　　 Superior SHA-256 Hash Algorithm with Message Authentication Code (MAC)and Hash-Based Message Authentication Code (HMAC) Options

　　 Best-in-class, 256-bit Key Length; Storage for Up to 16 Keys

　　 Guaranteed Unique 72-bit Serial Number

　　 Internal, High-quality Random Number Generator (RNG)

　　 4.5Kb EEPROM for Keys and Data

　　 512 bit OTP (One Time Programmable) Bits for Fixed Information

　　 Multiple I/O Options

　　̶ UART-compatible High-Speed, Single-Wire Interface

　　̶ 1MHz I2C Interface

　　 2.0V to 5.5V Supply Voltage Range

　　 1.8V to 5.5V Communications Voltage Range

　　 <150nA Sleep Current

　　 Secure Download and Boot

　　̶ Ecosystem Control

　　̶ Message Security

　　̶ Anti-Cloning

　　 8-lead SOIC, 8-lead TSSOP, 3-lead SOT23, 8-pad UDFN, 8-pad XDFN, and3-lead CONTACT Packages

　　ATSHA204A应用:

　　 Secure Download and Boot

　　 Ecosystem Control

　　 Anti-cloning

　　 Message Security

　　图1.ATSHA204A身份验证框图

　　图2.ATSHA204A消费类产品随机身份验证框图

　　采用ATSHA204A, ATAES132A和ATECC508A的CryptoAuthentication™ USB加密狗评估板AT88CK590

　　The kits are USB dongles that allows the interested evaluator to plug it into a PC and use the evaluation and development software package called Atmel CryptoAuthentication Evaluation Studio (“ACES”) that is easily downloadable from the Atmel website.

　　Each kit includes an Atmel AT90USB1287 AVR® microcontroller which provides a convenient USB 2.0 Full Speed interface allowing users to understand and experiment with the CryptoAuthentication devices. Developers can use the provided 5-pin interface at the end of the board and can be used to monitor the I2C protocol. Atmel also offers a socketed board called the Atmel AT88CK101 for the purpose of firmware development, which allows the user to try differently configured devices on a target system. Typically, users will start with one of the USB Dongle kits for evaluation and part selection and then migrate to the AT88CK101 for the purpose of development. Both kits run the ACES configuration environment software package, which provides continuity from the evaluation to development stage.

　　图3.USB加密狗评估板AT88CK590外形图

　　USB加密狗评估板AT88CK590材料清单: