Customer Information Notification 201804019I
Issue Date: 01-May-2018 Effective Date: 10-May-2018
Dear Product Data,
Here's your personalized quality information concerning products Mouser Electronics purchased from NXP. For detailed information we invite you to view this notification online
Management Summary
NXP Semiconductors announces a data sheet update for the A1006 to revision 2.
Change Category
Wafer Fab Process
Assembly Process
Product Marking Test Location
Design
Wafer Fab Materials
Assembly Materials
Mechanical Specification Test Process Errata
Wafer Fab Location
Assembly Location Packing/Shipping/Labeling
Test Equipment
Electrical spec./Test coverage
Firmware Other
A1006 Datasheet Update
Description
NXP Semiconductors announces a data sheet update for the A1006 to revision 2. The revision history included in the updated document provides a detailed description of the changes. Changes are summarized below.
Data Sheet Changes: - Updated OWI data rate from 100 kbps to 125 kbps- Updated Figure 6 "OWI bit coding", Figure 7 "Timing of OWI bit coding", Figure 27 "Application diagram for OWI", Figure 28 "Application diagram for using I2C-bus interface"- Table 7 "Timing constraints for OWI": removed voltage parameters for OWI from and created new Table 17 "Static characteristics of OWI"; updated table notes- Deleted Section 9.8 "Memory map overview"- Updated Table 10 "Command set", Table 11 "Memory access rights with ReadMemory and WriteMemory command", Table 14 "Static characteristics"- Section 9.10 "Deep-sleep mode" updated- Section 9.12.1 "Execute ECCAuthenticate" updated- Figure 27 "Application diagram for OWI" updated- Correct miscellaneous text throughout
Reason
The data sheet has been updated to correct errors and / or provide additional technical clarification on some device features.
Page 1 of 2ePCN Print: Customer Information Notification 201804019I
4/27/2018https://extranet.nxp.com/pcn/private/print?pcnId=39967008
Anticipated Impact on Form, Fit, Function, Reliability or Quality
No impact on form, fit, function, reliability or quality. - Customer application should take into account the identified data sheet change(s).
Data Sheet Revision
A new datasheet will be issued
Additional information
Additional documents: view online
Contact and Support
For all inquiries regarding the ePCN tool application or access issues, please contact NXP "Global Quality Support Team".
For all Quality Notification content inquiries, please contact your local NXP Sales Support team.
For specific questions on this notice or the products affected please contact our specialist directly: Name Jose ArauzPosition Quality Engineere-mail address [email protected]
At NXP Semiconductors we are constantly striving to improve our product and processes to ensure they reach the highest possible Quality Standards.Customer Focus, Passion to Win.
NXP Quality Management Team.
About NXP Semiconductors
NXP Semiconductors N.V. (NASDAQ: NXPI) provides High Performance Mixed Signal and Standard Product solutions that leverage its leading RF, Analog, Power Management, Interface, Security and Digital Processing expertise. These innovations are used in a wide range of automotive, identification, wireless infrastructure, lighting, industrial, mobile, consumer and computing applications.
NXP SemiconductorsHigh Tech Campus, 5656 AG Eindhoven, The Netherlands
© 2006-2010 NXP Semiconductors. All rights reserved.
Page 2 of 2ePCN Print: Customer Information Notification 201804019I
4/27/2018https://extranet.nxp.com/pcn/private/print?pcnId=39967008
1. Introduction
The A1006 Secure Authenticator IC is a secure, easy to use authentication IC for use in electronic accessories such as AC/DC adapters, cables, keyboards, docking stations, batteries, digital headsets, electronic cigarettes etc., for authentication and anti-counterfeiting purposes.
NXP Semiconductors has a long track record and extensive portfolio of security ICs. NXP security ICs have been used in many high security applications including bank cards, health insurance cards, and electronic passports. They are also being used as embedded secure elements in mobile phones.
The A1006 secure authentication IC extends this portfolio for applications requiring tamper-resistant, secure, one-way authentication.
The A1006 authentication IC is a secure solution built with many tamper resistant features and security countermeasures to deter common invasive and non-invasive attacks.
2. General description
The A1006 Secure Authenticator Solution is a complete embedded security platform for electronic accessories, mobile phones, portable devices, computing and consumer electronic devices, and embedded systems where a strong security infrastructure is required for authentication and counterfeit detection and prevention. The A1006 provides an outstanding level of security, while overcoming the challenges of performance, power consumption and solution footprint.
The A1006 security solution is based on industry standard asymmetric cryptographic challenge-response protocols, using NIST approved elliptic curves, Elliptic Curve Diffie-Hellman challenge response (ECDH), and customizable X.509 certificates signed using the Elliptic Curve Digital Signature Algorithm (ECDSA). Advanced anti-tampering countermeasures are incorporated into the A1006 to prevent various attacks and minimize the scalability of any attempts to clone the A1006.
The A1006 is offered as a turnkey solution that provides customers easy integration into their end products. A 400 kbps I2C-bus interface along with a one-wire interface provide simple options for interfacing to most embedded systems. A reference host library is provided to simplify host code implementation, and keys and certificates can be programmed in NXP's secure manufacturing facilities, eliminating the need for creating and managing private key insertion and certificate signing in the system designer's supply chain.
A1006Secure Authenticator ICRev. 2 — 19 April 2018 374620 Product data sheet
NXP Semiconductors A1006Secure Authenticator IC
3. Features and benefits
Advanced security using unique asymmetrical public/private key based Diffie-Hellman authentication protocol based on ECC (Elliptic Curve Cryptography) with a NIST B-163 bit strong binary field curve
Authentication time (on-chip calculations) < 50 milliseconds
Each A1006 is provisioned with a fixed unique Private Key and a corresponding Public Key in a certificate that contains the Public Key and additional information including a unique identifier and the customizable product-specific fields.
A1006 certificates are digitally signed using ECDSA (Elliptic Curve Digital Signature Algorithm) based on the NIST P-224 curve and the SHA-224 digest hash, with the customer's desired certificate authority key
Non-Volatile Memory (NVM) for storage of device behavior, usage data, logistic information or any other arbitrary data
Protection against Simple Power Analysis (SPA), Differential Power Analysis (DPA) and fault attacks
One-Wire Interface (OWI) at 125 kbps, with ability to support bus-powered operation
400 Kbps I2C Fast-mode interface
Power consumption: Maximum of 550 µA active
Deep Sleep mode with very low power consumption of less than 3.3 µA at 3.3 V and < 1 µA at 1.8 V
Entry to and exit from the Deep Sleep mode through I2C/OWI interface1
ESD protection 8kV IEC61000-4-2 contact discharge (on OWI pin)
EEPROM sections (4 Kbit total)
2 Kbit certificates (2 1 Kbit)
1 Kbit user memory
1 Kbit system memory
Minimum 10 years memory retention at 85 C 500,000 write/erase endurance
Multiple Package options available
HXSON6: Plastic thermal enhanced extremely thin small outline package, no leads
WLCSP4: 4 bump Wafer Level Chip Scale Package
Maximum height 0.5 mm
Operating temperature range 40 C to 85 C
3.1 Trust provisioning service
The A1006 can be delivered with pre-programmed, device-specific keys and certificates that are generated and programmed in a secure NXP internal environment with master keys securely stored in HSMs (Hardware Secure Modules).
1. Separate wakeup pin to wake up from deep sleep state in HXSON6 package
A1006 All information provided in this document is subject to legal disclaimers. © NXP Semiconductors N.V. 2018. All rights reserved.
Product data sheetRev. 2 — 19 April 2018
374620 2 of 45
NXP Semiconductors A1006Secure Authenticator IC
3.2 Security features
The A1006 secure authentication IC incorporates an extensive set of security measures from NXP Semiconductor's portfolio of such measures. The countermeasures against invasive and non-invasive attacks provide a high level of attack resilience. The A1006 countermeasures, including glue logic, active and passive shielding, memory scrambling and encryption, and other security features provide a unique level of security for this class of authentication devices.
The A1006 includes dedicated HW to protect against reverse engineering attacks, fault attacks and leakage attacks.
The A1006 incorporates many security countermeasures, including:
Mathematically proven design that offers protection against logical and messaging attacks
Use of active and passive shielding to protect against probe attacks
EEPROM data encryption and address scrambling with random data placement
Simple Power Analysis (SPA)/ Differential Power Analysis (DPA) protected calculation of ECC point multiplication
Proprietary glue logic to thwart circuit analysis
Enhanced security sensors
Low and high supply voltage sensors
4. Applications
Embedded Security
Counterfeit protection of hardware and software
Anti-cloning
Brand integrity of original goods
Accessories like speakers, docking stations, batteries, chargers, printer cartridges, e-cigarettes and other high value disposables
Profile of service
Conditional access to software, content and features
Secure access to online services
Secure Device identity
5. Ordering information
5.1 A1006 naming conventions
The following table explains the naming conventions of the commercial product name of the A1006 products. Every A1006 product gets assigned such a commercial name, which includes also customer and application specific data.
The A1006 commercial names have the following format.
A1006pp
The ‘A1006’ is a constant, all other letters are variables, which are explained in Table 1.
A1006 All information provided in this document is subject to legal disclaimers. © NXP Semiconductors N.V. 2018. All rights reserved.
Product data sheetRev. 2 — 19 April 2018
374620 3 of 45
NXP Semiconductors A1006Secure Authenticator IC
The following table explains the naming conventions used for A1006 products.
A1006pp/mvsrr
The 'A1006' is the base device part number. The variable letters and digits are explained in Table 2.
5.2 Ordering options
[1] NX (fixed) - standard certificate
[2] Variable, <>NX - custom certificate, code assigned after certificate verification
Table 1. A1006 commercial type name format
Variable Meaning Values Description
pp package type code see Table 3
Table 2. Naming conventions
Variable Meaning Values
pp package type code see Table 3
m manufacturing site code T
v silicon version code A
s silicon subversion code 1
rr Fabkey number Refer to Fabkey chapter for more details
Table 3. Base product types
Type number
Package
Name Description Version
A1006TL HXSON6 plastic, thermal enhanced extremely thin small outline package; no leads; 6 terminals; body 2.0 x 2.0 x 0.5 mm
SOT1348-1
A1006UK WLCSP4 wafer level chip-scale package; 4 bumps; 1.03 x 0.94 x 0.5 mm
SOT1375-4
Table 4. Ordering options
Type number
Orderable part number Package Packing method
Minimum order quantity
Temperature
A1006TL A1006TL/TA1NXZ[1] HXSON6 7-inch reel 4000 Tamb = 40 C to +85 C
A1006TL A1006TL/TA1rrZ[2] HXSON6 13-inch reel 75000 Tamb = 40 C to +85 C
A1006UK A1006UK/TA1NXZ[1] WLCSP4 7-inch reel 4000 Tamb = 40 C to +85 C
A1006UK A1006UK/TA1rrZ[2] WLCSP4 13-inch reel 75000 Tamb = 40 C to +85 C
A1006 All information provided in this document is subject to legal disclaimers. © NXP Semiconductors N.V. 2018. All rights reserved.
Product data sheetRev. 2 — 19 April 2018
374620 4 of 45
NXP Semiconductors A1006Secure Authenticator IC
6. Marking
7. Block diagram
The A1006 includes analog, digital and non-volatile memory sub-systems with security underlying each subsystem. The OWI pin is used to power the device. The OWI pin can also be used for communication as described under Functional Description.
Table 5. Marking codes
Type number Marking code
A1006UK/TA1… Line A: .(DOT)A1 (A1 Product Family)
Line B: ddd (Last 3 digits of diffusion #)
Line C: d||
(d – last 1 digit of diffusion #
|| - Wafer ID)
A1006TL/TA1.... Line A: A 1 6
Line B: XXY
XX = ASID
Y: weekly rotating 1-5
Fig 1. A1006 simplified block diagram
OWIINTERFACE
I2CINTERFACE
NVM4 kB
CONTROL
ECC
DEEPSLEEP RNG security
aaa-022291
OSC
PMUOWIGND
SDASCL
WakeUp
A1006 All information provided in this document is subject to legal disclaimers. © NXP Semiconductors N.V. 2018. All rights reserved.
Product data sheetRev. 2 — 19 April 2018
374620 5 of 45
NXP Semiconductors A1006Secure Authenticator IC
8. Pinning information
8.1 Pinning
8.2 Pin description
(1) The center pad is attached internally to the substrate using non-conductive die attach material. It can be externally connected to ground or treated as a no connect.
Fig 2. Pin configuration for HXSON6 (top view) Fig 3. Ball layout for WLCSP4 (top view)
3 2 1
4 5 6
SC
L
n.c.
GN
D
SD
A
WA
KE
UP
OW
I
A1006A1HX6
aaa-022289
A1 A2
B1 B2
aaa-022290
Table 6. Pin description
Symbol Pin Description
HXSON6 WLCSP4
GND 1 A2 ground (0 V)
n.c. 2 - connect to ground
SCL 3 B2 I2C clock
SDA 4 B1 I2C data
WAKEUP 5 - wakeup from Deep-sleep mode
OWI 6 A1 One-Wire Interface. Power pin as well as communication channel if OWI mode is used; I2C VDD supply voltage if I2C-bus interface is used
A1006 All information provided in this document is subject to legal disclaimers. © NXP Semiconductors N.V. 2018. All rights reserved.
Product data sheetRev. 2 — 19 April 2018
374620 6 of 45
NXP Semiconductors A1006Secure Authenticator IC
9. Functional description
9.1 External interfaces
The A1006 supports both an I2C and an OWI. After boot phase, both the interfaces are active. The first valid command at any interface decides which interface will stay active. With the SoftReset command, it is possible to activate both interfaces again.
9.2 OWI
The A1006 Secure Authenticator IC implements the proprietary OWI protocol of NXP. This interface provides both data and power, eliminating the need for an extra supply pin and no external components except pull-up (like a cap). Refer to Section 9.1 “External interfaces”, for more details on this. The A1006 implements a half duplex master/slave communication protocol that can easily be controlled via a microcontroller's GPIO. The OWI is capable of up to 125 kbps data transmission.
The OWI protocol can be summarized as follows. Any device that sends data to the bus is defined to be a transmitter (Master), and any device that reads the data to be a receiver. The device that controls the data transfer is known as the bus master and the other as the slave device. A data transfer can only be initiated by the bus master who transmits via the OWI pin power to the IC but also via pulse-width modulation of the data. The A1006 is always a slave in all communications and transmits bits by pulling down (or not pulling down) the bus in certain points in time.
9.2.1 OWI operation
A basic application example of the OWI is depicted in Figure 4. The single wire is not only used for communication, but also for the power supply. A pull-up resistor is used to power the line when it is released either by both master and slave.
The OWI is specified to support a variable data rate up to a maximum of 125 kbps. The data rate is defined by the master who synchronizes the bit transfer by starting each bit with a low period. The framing is implemented according to the I2C-bus interface, which means that only the bit coding is different between I2C and OWI. One additional exception is the repeated START condition in I2C which is realized as STOP + START in OWI.
A1006 All information provided in this document is subject to legal disclaimers. © NXP Semiconductors N.V. 2018. All rights reserved.
Product data sheetRev. 2 — 19 April 2018
374620 7 of 45
NXP Semiconductors A1006Secure Authenticator IC
9.2.2 OWI framing
Framing of the OWI can be seen in Figure 5. Every communication is started by the master with the device address frame, which begins with a start bit (which will be standard OWI “0” symbol), has 7-bits of slave address, and a bit indicating whether write to the slave or reading from the slave has to be done. The slave answers with an Acknowledge bit indicating that it is available. Subsequently, data can be exchanged according to the command (read/write etc.). Finally, a stop bit indicates the end of communication. The command and framing properties are the same as the I2C-bus interface.
9.2.3 OWI bit coding
Figure 6 shows the possible bit coding between the master and the slave device. Every bit starts with a low pulse of the master indicating that the bit starts. This allows re-synchronization of the slave to the master. In case of transmitting a high value from the master to the slave, the signal is released after this first pulse. In case of a transmission of zero, the line is kept low for a longer period. This zero-period is also used as reference timing for the communication, which allows the slave to find out the sample point for receiving data.
Fig 4. One-Wire Interface
aaa-022292
HOST
optional
GPIO
optionalVDD = 1.62 V ... 3.6 V
1-4 mA
50 pF parasiticcapacitance
cable/line0 Ω - 10 Ω
pull up500 Ω
30 pF
A1xxx
Fig 5. OWI communication example
aaa-022293driver by slave
START DEVADDR RWN ACK ...
......
STOP
A1006 All information provided in this document is subject to legal disclaimers. © NXP Semiconductors N.V. 2018. All rights reserved.
Product data sheetRev. 2 — 19 April 2018
374620 8 of 45
NXP Semiconductors A1006Secure Authenticator IC
For reading (communication from slave to master), the master again starts the communication, but releases the line after the first pulse. Now, when the slave wants to send a high value, it does nothing - meaning that the line loads via the pull-up resistor immediately. If transmitting a zero, the slave pulls the line to low for a period and the master can sample whether the line is low (zero) or high (one).
The timing of the bit coding can be seen in Figure 7. A big advantage of this interface is that the slave is automatically synchronized to the master because every bit is started from the master. Even the width of the intervals for coding ones and zeroes are variable over time (not within one frame). This allows different data rates and pulse widths with the following tolerances.
The following constraints in Table 7 define the allowed tolerances of the master to still establish a reliable communication with the slave and several bus timing parameters relevant for operation of the IC.
Fig 6. OWI bit coding
Fig 7. Timing of OWI bit coding
aaa-022294
0:
1:
0:
1:
Bit Transmission
Slave
Slave
Master
Master
-> Master
-> Master
-> Slave
‘’One’’ defined as a short pulse
‘’Zero’’ defined as a long pulse
‘’Zero’’ start bit is taken as timingreference
Receive sampling at 2/3 of start-bittime
For slave transmit, master generatesbit stream of ‘’ones’’
Stop condition > 1.5 Tzero low
-> Slave
aaa-022295
Tsto
p
Tres
et
„0”
„1”
t = 0 T1 < T0/2 T0 Tstop > 1.5 T0 Tbit
T_S
AM
PLE
_1
T_S
AM
PLE
_0
T_S
AM
PLE
_STO
P
A1006 All information provided in this document is subject to legal disclaimers. © NXP Semiconductors N.V. 2018. All rights reserved.
Product data sheetRev. 2 — 19 April 2018
374620 9 of 45
NXP Semiconductors A1006Secure Authenticator IC
[1] Tbit … bit cycle time always determined from host by pulling the bus low
[2] Tstop … stop symbol only sent by the host
[3] T_IBT … time between bytes of a command may be infinite
[4] T_ICT … time between different commands may be infinite
[5] For initial power up; OWI voltage must be below 200mV for at least 1ms
[6] For initial power up; given there is typically an external pull-up resistor (or driver) and external capacitance, this is a system specification
Tbit is the bit duration length which defines the data rate. Note that maximum Tbit time is only relevant within transmitting/receiving one byte. Between bytes (after one byte before the start of a new byte including all START, ACK and STOP bits) there is no certain requirement as preparation of bytes in the host software may be unpredictable The T_IBT (inter-byte time) is infinite.
Tstop defines the stop symbol. Also the time between different commands is set to infinite.
T0 is the symbol for logical 0 but also used as reference timer
Treset is an additional symbol to implement a “soft reset” of the slave device. Treset is typically 3*T0 (with this symbol length either the device anyhow undergoes a power on reset or it will reset itself).
The T_max_variation is the variation time of each symbol within a full data frame (symbols within a frame must not vary more than this time, due to the low tolerances this actually means that any symbol may be within its absolute accuracy range).
The device initialization time T_DIT is the time required by the IC from the rising bus until the IC is ready to receive commands. Note: that after a RESET symbol the master also considers the time T_DIT before it sends the next command because it might be possible that the IC undergoes a POR cycle and reboots.
Table 7. Timing constraints for OWI
Symbol Name MIN val. NOM val. MAX val. Unit
Tbit[1] Bit cycle time 8 (125kbps) 10 (100kbps) 16 (62kbps) s
Tstop[2] STOP symbol time 5.5 6 s
T1 Write 1 symbol time 1 1.5 s
T0 Write 0 symbol time 3 3.5 s
Treset RESET symbol time 9 s
T_max_variation Variation time within frame for every symbol
0.5 s
T_IBT Inter-byte time 0 ∞[3] ms
T_ICT Inter-command time 0 ∞[4] ms
T_SAMPLE_1 Sample time for ONE symbol T0MIN - 1 T0MAX - 0.5 s
T_SAMPLE_0 Sample time for ZERO symbol 1.5*T0MIN - 0.5 1.5*T0MAX
(5.25)
s
T_SAMPLE_STOP Sample time for STOP symbol 2*T0MIN + 0.4 (6.4)
2*T0MAX + 0.9 (7.9) s
T_DIT Device initialization time 1.5 ms
T_BOR Brownout reset time 500 ms
T_RISE_OWI[5] OWI pin, 0.2V to 1V rise time 1[6] ms
A1006 All information provided in this document is subject to legal disclaimers. © NXP Semiconductors N.V. 2018. All rights reserved.
Product data sheetRev. 2 — 19 April 2018
374620 10 of 45
NXP Semiconductors A1006Secure Authenticator IC
If the bus is held low for longer than the brownout reset time T_BOR the device undergoes a power-on reset cycle. When the bus is returned to high the IC begins boot phase which ends in the possibility to receive commands within the device initialization time T_DIT.
9.2.4 Explanation of sampling
In order to allow possible tolerances due to bus variances like different pull ups, cable/line capacitance etc. there have to be timing tolerances for the communication as well. These tolerances are shown in Figure 8 and Figure 9.
9.2.4.1 Master to A1006 communication
The master sends one of the symbols: T1=ONE, T0=ZERO=START, Tstop=STOP or Treset=RESET.
The IC seeks for a valid reference symbol START=T0 which is taken as reference for subsequent symbols. This reference is valid until a new frame is started. From this reference point the IC calculates it sampling times T_SAMPLE_0, T_SAMPLE_1, T_SAMPLE_STOP (subsequent symbols from the master have to be sampled by the IC within these sampling ranges).
The Master will start measuring a symbol from the falling edge of the bus. When its internally set sampling point T_SAMPLE_1 is reached the IC evaluates the bus value: in case it is high the symbol is a ONE. Otherwise the master will continue to see whether it will be another symbol. When the second sampling point T_SAMPLE_0 is reached the bus value is evaluated. In case the bus is high the symbol is a ZERO.
Otherwise the master will continue to see whether it will be another symbol. When the third sampling point T_SAMPLE_STOP is reached the bus value is evaluated. In case the bus is high the symbol is a STOP. Otherwise (if the bus is still low) the symbol sent by the master is a RESET and the IC will synchronously reset itself.
A1006 All information provided in this document is subject to legal disclaimers. © NXP Semiconductors N.V. 2018. All rights reserved.
Product data sheetRev. 2 — 19 April 2018
374620 11 of 45
NXP Semiconductors A1006Secure Authenticator IC
9.2.4.2 A1006 to master communication
Also during modulation of the IC, the master starts the communication with a low pulse on the bus indicating that it wants to receive data. The master sends a ONE=T1 symbol and then releases the bus within the symbol tolerance.
The A1006 performs the following: Within the minimum low time of the bus the A1006 will need to decide whether it will send a ONE or a ZERO symbol to the master.
1. In case the A1006 wants to send a ONE symbol it will not pull down the bus. The bus goes high due to the pull up after the master released it.
2. In case the A1006 wants to send a ZERO symbol it pulls down the bus BEFORE minimum T1 time (actually the IC helps the master pulling down the bus during this time). It will release the bus after the time T0 within the T0_read symbol tolerance. The bus goes high due to the pull up after the IC released it.
The Master performs the following: Within the sampling period T_SAMPLE_1 (which is calculated from the last reference symbol the master has sent to the A1006) the master evaluates the bus value. In case the bus is already high the IC wanted to send a ONE (final decision, no further decision necessary).
Otherwise the master continues to seek for another symbol. When the second sampling point T_SAMPLE_0 (previously T_SAMPLE_read_0 was used) is reached the bus value is again evaluated. In case the bus is high the symbol ZERO has been sent (final decision).
Fig 8. OWI bit timing tolerances when master writes to the IC
aaa-022303
T1
T0
T_SAMPLE_0
T_SAMPLE_STOP
Treset
Tbit
Tstop
0 16 μs10 μs1 μs 5 μs3 μs
Sam
ple
Sam
ple
Sam
ple
T_SAMPLE_1
A1006 All information provided in this document is subject to legal disclaimers. © NXP Semiconductors N.V. 2018. All rights reserved.
Product data sheetRev. 2 — 19 April 2018
374620 12 of 45
NXP Semiconductors A1006Secure Authenticator IC
Otherwise (in case the bus is still low) there is a bus violation and the host will raise an ERROR.
9.3 I2C-bus interface
The A1006 supports the I2C-bus protocol at a data rate of up to 400 kbps. The protocol is summarized in Figure 10. Any device that sends data to the bus is defined to be a transmitter, and any device that reads the data to be a receiver. The device that controls the data transfer is known as the bus master and the other as the slave device. A data transfer can only be initiated by the bus master, which also provides the serial clock for synchronization. The A1006 is always a slave in all communications. In the following description, the Master device refers to the host, and the slave device refers to the A1006.
Fig 9. OWI bit timing tolerances when master reads from IC
aaa-022304
T1
T0_read
T_SAMPLE_0
Tbit
0 16 μs10 μs1 μs 5 μs3 μs
Sam
ple
Sam
ple
T_SAMPLE_1
A1006 All information provided in this document is subject to legal disclaimers. © NXP Semiconductors N.V. 2018. All rights reserved.
Product data sheetRev. 2 — 19 April 2018
374620 13 of 45
NXP Semiconductors A1006Secure Authenticator IC
9.3.1 Start condition
Start is identified by a falling edge of Serial Data (SDA) while Serial Clock (SCL) is stable in the high state. A Start condition must precede any data transfer command. The A1006 continuously monitors Serial Data (SDA) and Serial Clock (SCL) for a Start condition, and will not respond unless one is given.
9.3.2 Stop condition
Stop is identified by a rising edge of Serial Data (SDA) while Serial Clock (SCL) is stable and driven high. A Stop condition terminates communication between the A1006 and the bus master. A Read command that is followed by NoAck can be followed by a Stop condition to force the A1006 into the Standby mode. A Stop condition at the end of a Write command triggers the internal Write cycle. A Stop condition at the end of a Write command can also trigger other operations.
Fig 10. I2C-bus protocol
aaa-022305
1
MSB ACK
2 3 7 8 9
1
MSB ACK
2 3 7 8 9
stopcondition
startcondition
SCL
SCL
startcondition
SDAinput
SDAchange
stopcondition
SDA
SDA
SCL
SDA
A1006 All information provided in this document is subject to legal disclaimers. © NXP Semiconductors N.V. 2018. All rights reserved.
Product data sheetRev. 2 — 19 April 2018
374620 14 of 45
NXP Semiconductors A1006Secure Authenticator IC
9.3.3 Acknowledge bit (ACK)
The acknowledge bit is used to indicate a successful byte transfer. The bus transmitter, whether it is bus master or slave device, releases Serial Data (SDA) after sending eight bits of data. During the 9th clock pulse period, the receiver pulls Serial Data (SDA) low to acknowledge the receipt of the eight data bits.
9.3.4 Data input
During data input, the A1006 samples Serial Data (SDA) on the rising edge of Serial Clock (SCL). For correct device operation, Serial Data (SDA) must be stable during the rising edge of Serial Clock (SCL), and the Serial Data (SDA) signal must change only when Serial Clock (SCL) is driven low.
9.3.5 Device addressing
To start communication between a bus master and the A1006 slave device, the bus master must initiate a Start condition. Following this, the bus master sends the device select code. The 7-bit device select code is stored in system memory (I2C_DEV_ADDRESS) and can be initialized during wafer test and/or during the personalization phase. In INITIAL mode the IC has a default device address of 0x50.
The 8th bit is the Read/Write bit (RW). This bit is set to 1 for Read (from tag) and 0 for Write (to tag) operations.
If a match occurs on the device select code, the A1006 gives an acknowledgment on Serial Data (SDA) during the 9th bit time. If the A1006 does not match the device select code, it deselects itself from the bus.
Fig 11. Start and stop conditions
Fig 12. Data transfer on I2C-bus
A1006 All information provided in this document is subject to legal disclaimers. © NXP Semiconductors N.V. 2018. All rights reserved.
Product data sheetRev. 2 — 19 April 2018
374620 15 of 45
NXP Semiconductors A1006Secure Authenticator IC
9.3.5.1 Addressing scheme
The A1006 uses a memory mapped addressing scheme where always 16-bit addresses are used (whereby this 16-bit value can also be seen as a command code). The MSB is sent first followed by the LSB (e.g. addressing 4103h starts with 41h followed by 03h).
Depending on the current mode certain access rights to the memory regions are allowed. If writing/reading to a memory location is not allowed a NAK will be sent after the LSB of the address.
9.3.5.2 Addressing pointer
The A1006 implements an address (command) pointer that stores the last address that has been sent by the master.
9.4 Bus packets
The master device and the slave device support the following bus packets: Block write and Block read.
The master device uses the above packets when addressing a slave device compliant to this specification. The master device also indicates the data direction by a single bit following the slave address. The master indicates a master to slave data direction by setting the bit to 0b (Wr) and a slave to master data direction by setting the bit to 1b (Rd).
The master and the slave always send an acknowledge bit and react on the provided command. Only under certain conditions e.g. when the IC is busy doing an operation the IC might not acknowledge the IC slave address.The 2-byte address bytes (Addr 1, Addr 2) after the slave address are used either as memory address or as command code by the master.The 1-byte PCB (protocol control byte) is used for status information from the slave.The 1-byte LEN field indicates the length of the data written by the master or the number of bytes available at the slave.
9.4.1 Block write
Figure 14 shows the format of the block write command packet:
Fig 13. 7-bit device addressing
Fig 14. Block write command packet
S
aaa-022308
A A A A A .....SADDR Addr 1 Addr 2 LEN = n Data 1 A PData nWr
0
1 1 1 1 1 17 8 8 8 8 1 181
A1006 All information provided in this document is subject to legal disclaimers. © NXP Semiconductors N.V. 2018. All rights reserved.
Product data sheetRev. 2 — 19 April 2018
374620 16 of 45
NXP Semiconductors A1006Secure Authenticator IC
The Addr 1 and Addr 2 field indicate the write address point (or command code) of the packet. The field LEN within the block write encodes the number of data bytes sent by the master device to the slave device. The master device can send any number from 0 up to 255 data bytes in a block write packet to a slave device whereby it is possible that the slave can only handle a certain number of bytes (e.g. writing to EEPROM allows only up to 16 bytes).
The master device should be able to detect that the slave device does not acknowledge one of the bytes within a packet and in such case of an unexpected no acknowledge, the master device will need to raise a protocol exception.The slave device will be able to retrieve any number from 0 up to and including 255 data bytes in a block write packet from a master device.
The slave device acknowledges all bytes received from the master device. The slave device will be able to detect a mismatch of data bytes received within the block write packet compared to the LEN byte as contained within the packet and in such case of a mismatch the slave device will raise a protocol exception.
9.4.2 Block read
Figure 15 shows the format of the block read command packet:
The block read command starts with setting the address pointer (command) to the value indicated by Addr 1 and Addr 2.
Before changing the communication direction from write to read a repeated start condition or a stop plus start condition (this is necessary for OWI as there is no separate start symbol) followed by the slave address needs to be sent by the master. The Rd bit is changed to 1 indicating a read. After the slave acknowledges this, the slave starts transmitting.
The LEN field within the block read encodes the number of data bytes + 1 sent by the slave that will be received by the master device. The value LEN=0 means that there is no limitation in reading data from the memory location, data are sent back until the host sends a STOP (e.g. a certain memory region can be read in round robin manner). The value LEN 128 (the MSB is set) indicates that the number of bytes might be larger that 127.
The master device will be able to retrieve any number of data bytes in a block read packet from a slave device. The master device needs to acknowledge all bytes read from the slave device except for the last byte, which the master device will not acknowledge to indicate the end of the read transfer.
The slave device will be able to return any number of data bytes in a block read packet to a master device (depending on the currently selected memory region). The slave device detects that the master device does not acknowledge one of the bytes within a packet and
Fig 15. Block read command packet
aaa-022309
S SADDR Wr A Addr 1
1 7 1 1 8
A
1
Addr 2
8
A
1
0
LEN=n
8
A
1
PCB
8
A
1
Data n-1
8
A
1
P
1
…..Sr
1
SADDR Rd A
7 1 1
1
Data 1
8
A
1
A1006 All information provided in this document is subject to legal disclaimers. © NXP Semiconductors N.V. 2018. All rights reserved.
Product data sheetRev. 2 — 19 April 2018
374620 17 of 45
NXP Semiconductors A1006Secure Authenticator IC
in such case of an unexpected not acknowledge the slave device will raise a protocol exception. The slave device will be able to detect an unexpected acknowledge the slave device will raise a protocol exception.
The master device also should be able to detect a mismatch of data bytes received within the block read packet compared to the LEN byte as contained within the packet and in case of a mismatch, the master device will raise a protocol exception.
Note: The last byte as used above means the last byte according to the LEN field indicated by the slave device. The master device is expected to read exactly the amount of bytes as indicated by the slave device.
9.5 Memory subsystem
The non-volatile memory sub-system in A1006 is responsible for:
• Storing user data according to requirements
• Storing device-specific configuration data
• Storing cryptographic keys
• Storing system information
To start communication between a bus master and the A1006 slave device, the bus master must initiate a Start condition. Following this, the bus master sends the device select code. The 7-bit device select code is stored in system memory (I2C_DEV_ADDRESS) and can be initialized during wafer test and/or during the personalization phase. In INITIAL mode the IC has a default device address of 0x50.
9.6 Addressing scheme
The A1006 uses a memory mapped addressing scheme where always 16-bit addresses are used (whereby this 16-bit value can also be seen as a command code). The MSB is sent first followed by the LSB (e.g. addressing 4103h starts with 41h followed by 03h). Depending on the current mode certain access rights to the memory regions are allowed. If writing/reading to a memory location is not allowed a NAK will be sent after the LSB of the address.
9.7 Memory read/write commands
Memory read and write commands directly access the EEPROM content that is accessible with user commands. Depending on the current mode of the IC, different access rights exist for the respective memory area. Table 8 below shows the memory map area which is available for reading and writing with the different purposes of the memory area and its access rights.
Table 8. A1006 read/write map
Type R/W Command Address Length Data/parameter
MEM R/W R/W 0x0000 4 User memory
MEM R/W R/W 0x007F 4 User memory
MEM R/W R/W (pers.) 0x0100 4 Certificate user
MEM R/W R/W (pers.) 0x017F 4 Certificate user
MEM R/W R/W (fab only) 0x0200 n/a Certificate NXP
A1006 All information provided in this document is subject to legal disclaimers. © NXP Semiconductors N.V. 2018. All rights reserved.
Product data sheetRev. 2 — 19 April 2018
374620 18 of 45
NXP Semiconductors A1006Secure Authenticator IC
9.8 A1006 certificate overview
The A1006 uses standardized X509v3 certificates, as specified in ISO-9594-8 & ITU-T-X.509. The certificate signature uses the standardize ECDSA (Elliptic Curve Digital Signature Algorithm), as specified in ANSI X9.62 & NIST-FIPS-186-4. The certificate is signed using a secp224r1 curve.
The table below shows the contents of the A1006 compressed certificate.
The customizable field in the X.509 certificates are:
9.8.1 Issuer Private Key Reference
Specifies the issuer of the Certificate Authority's private signature key, which will be used to ECDSA sign the A1006 certificates. Each CA’s private key is either securely randomly generated in the NXP Trust Provisioning HSM, or optionally securely imported from a customer's HSM, using the Trust Provisioning key ceremony.
The default value of the Issuer Private reference will be “NXP SIP CA”, identifying that the NXP acts as the certificate authority.
9.8.2 Organizational-Name
Fixed size 10 character string, encoded into 10 octets with right space padding if needed, using only printable ASCII characters in the range of 0x20 to 0x7E. This specifies the organization name, which is encoded into the certificate within both the issuer's distinguished name and subject's distinguished name, in the X509 attribute “organizational-Name”
“NXP SIP CA” is specified as the default organizational name. However this can be replaced with a customer's organizational name.
9.8.3 Product Common-Name
Fixed size 12 character string, encoded into 12 octets with right space padding if needed, using only printable ASCII characters in the range of 0x20 to 0x7E. This specifies the common name, which is encoded into the certificate within the subject's distinguished name, in the X509 attribute “commonName” with OID 2.5.4.3. “Auth Device”, with a single
MEM R/W R/W (fab only) 0x027F n/a Certificate NXP
MEM R/W R/W (pers.) 0x0300 4 DeviceID[0]
MEM R/W R/W (pers.) 0x030F 4 DeviceID[15]
MEM R/W R/W (fab only) 0x0310 n/a MNU_ID[0]
MEM R/W R/W (fab only) 0x031F n/a MNU_ID[15]
Table 8. A1006 read/write map …continued
Type R/W Command Address Length Data/parameter
Table 9. A1006 compressed certificate contents
Certificate Object Length (Bytes) Example Value
Organizational-Name 10 NXP SIP CA
Product Common-Name 12 Auth Device
EC Public Key 42 05:54:78:2F:...:14:2B:DE:CD
ECDSA Certificate Signature 64 30:3E:02:1D:...:59:37:23:C4
A1006 All information provided in this document is subject to legal disclaimers. © NXP Semiconductors N.V. 2018. All rights reserved.
Product data sheetRev. 2 — 19 April 2018
374620 19 of 45
NXP Semiconductors A1006Secure Authenticator IC
trailing space to obtain the required 12 octet size, is specified as the default common name. However this can be replaced with a customer's specific product name or model number of the device that contains the A1006 die.
Other customizable FabKey Parameters:
9.8.4 I2C Address
This is a 7 bit unsigned numeric value, encoded into 1 octet. This specifies the 7-bit I2C interface slave address for the A1006. (Note that when encoding, the 8th bit is always cleared.) “0x50” is specified as the default I2C address. But the customer has an option to customize this as a part of the FabKey.
9.8.5 Operational Mode
As discussed in the Life Cycle states, the A1006 chips are delivered by default in the Customer Personalization state, where all the NXP certificate area is locked, and cannot be written further, but can be read. The customer can write to the “USER certificate” and “user memory” during this operation. The customer should lock the “USER certificate” memory after the personalization is done to prevent further writes to the USER certificate area and transition the chip to the “USER mode” or “Authentication operation” state.
9.9 Life cycle states
During its life time the A1006 goes through multiple life cycle states. The change from one life cycle state to the next life cycle state is an irreversible step protected by electronic fuses and controlled by the A1006. In every life cycle state only a predefined set of commands is supported by A1006.
In the first life cycle state, the “pre-personalization state”, the A1006 will be finalized in the NXP internal secure manufacturing environment before shipment to the device manufacturer (see also Section 3.1). In this state die-specific keys and certificates will be generated and programmed in a secure NXP internal environment with master keys securely stored in HSMs (Hardware Secure Modules). Both the A1006 system memory and user memory will be initialized.
When the pre-personalization step is completed the A1006 is switched to the next life cycle state, “customer side personalization”. In this life cycle state any further changes to the system memory content is disabled but it is still possible to write arbitrary data to the user memory area. This is an optional life cycle state and can be omitted in case the customer chooses not to insert or change any customer personalization data. In that case the A1006 will be switched to the next life cycle state “authentication operation”.
This is the default life cycle while the A1006 is in the field and used for authentication purposes. In this state the following operations are supported by the A1006:
• Only write operations to the user memory are possible, for example transactional “usage data” updates
• Read operation to the user memory
• Authentication operation and associated commands
In case the A1006 detects several tampering attempts the IC may change to the final life cycle state “locked”. In this state all commands are disabled except for a read access to specific IC tracking information stored in system memory.
A1006 All information provided in this document is subject to legal disclaimers. © NXP Semiconductors N.V. 2018. All rights reserved.
Product data sheetRev. 2 — 19 April 2018
374620 20 of 45
NXP Semiconductors A1006Secure Authenticator IC
9.10 Deep-sleep mode
The A1006 supports a deep sleep mode where it consumes extremely low power but it can also be woken up in case further operations with the IC are necessary.
The A1006 can be instructed to go into a “Deep Sleep” mode via I2C interface or OWI by using a dedicated PowerDown command from the host. After the command is executed the A1006 goes into deep sleep mode within 100 s after the DeepSleep command is issued. During this mode the A1006 does not react to any communication on the bus except by a wake up from the host.
The Wake up procedure from Deep Sleep is through the I2C/OWI interface. In the HXSON6 package, a dedicated Wake Up pin is also available to wake the A1006 from the Deep Sleep state.
9.10.1 Requirements for deep-sleep functionality
9.10.1.1 Getting into deep-sleep mode
The IC will get into the deep-sleep mode via I2C interface and/or OWI by using a dedicated PowerDown command.
After the command is executed the IC goes into sleep mode within 10 ms.
Fig 16. Life cycle states of A1006
aaa-022310
PRE-PERSONALIZATION
STATE
MEMORY SEGMENT
CUSTOMER SIDEPERSONALIZATIONSTATE (OPTIONAL)
AUTHENTICATIONOPERATION
VALUES WRITTEN Allowed operations after
System Memory Initialized with Configurationvalues.
Locked. No further writesallowed
MEMORY SEGMENT VALUES WRITTEN Allowed operations after
User Memory User data Write arbitrary data to UserMemory and read operationallowed
System Memory No reads and writes allowed Read operation to thesystem memory allowed.Certificates can be read
MEMORY SEGMENT VALUES WRITTEN Allowed operations after
User Memory User data Write arbitrary data to UserMemory
Certificate Memory User certificate User certificate can beloaded here
Secure Memory Die individual private keysare generated and store
Locked. No further writesallowed
Certificate Memory NXP and/or user certificategenerated and signed andloaded into the certificatememory segment
NXP certificate area locked.User certificate memory isstill open for changes
A1006 All information provided in this document is subject to legal disclaimers. © NXP Semiconductors N.V. 2018. All rights reserved.
Product data sheetRev. 2 — 19 April 2018
374620 21 of 45
NXP Semiconductors A1006Secure Authenticator IC
9.10.1.2 During deep-sleep mode
The IC will not react on any communication on the bus except one of the exit scenarios described in the following section.
9.10.1.3 Getting out of deep-sleep mode
There are three possible ways to get out of deep-sleep mode:
Over I2C bus: correct slave address on the bus: The IC will wake up from deep-sleep mode when the master sends the IC specific slave address on the I2C-bus. In order to not influence any already active slave the WakeUp command should be used for this.
Over OWI bus: long low pulse on the bus: The IC will wake up from deep-sleep mode when the master sends a (>50 s) low pulse on the OWI bus.
WAKE pin: Wake up IC after a high pulse of >50 s has been detected on the WAKE pin
9.10.1.4 Wake up behavior
When the sequence for getting out of deep-sleep mode has been applied the IC will be ready for subsequent commands after the device initialization time of 1.5 ms. During this time the IC may choose not to answer any requests.
9.11 Command set
The following types of commands are defined for the A1006 Secure Authenticator IC which all use one of the above defined bus packets. The detailed function, the parameters, the required behavior and the timing of the commands is specified in detail.
The command set consists of the following groups of commands:
• I2C-specific special commands
– Soft Reset
– Get Device ID
• Memory read/write commands
– Read and write operations to the EEPROM
– Access rights to a certain memory region depends on the current mode of the IC
– Valid address ranges are defined by the memory map
• Crypto commands
– Execution of cryptographic authentication functions
– Execution of IC authentication
– Execution of additional data authentication
• Other commands
– Information commands to read status of the IC
– Other IC management commands which define the behavior of the IC
The following command set table in Table 10 gives an overview of the various commands and used command codes.
A1006 All information provided in this document is subject to legal disclaimers. © NXP Semiconductors N.V. 2018. All rights reserved.
Product data sheetRev. 2 — 19 April 2018
374620 22 of 45
NXP Semiconductors A1006Secure Authenticator IC
9.11.1 Memory read/write commands
Memory read and write commands directly access the EEPROM content that is accessible with user commands. Depending on the current mode of the IC different access rights exist for the respective memory area. Table 11 shows the memory map area which is available for reading and writing with the different purposes of the memory area and its access rights. Additional information for the different memory regions can also be found in the memory map section.
Note that all addresses below 0x0800 are seen as memory accesses even if there is no memory behind. This would lead to an address error (and not to an invalid command).
9.11.2 Memory access rights
Table 10. Command set
Type R/W Command Address/ Command code
Length Data/Parameter
MEM R/W R/W 0x0000-0x007F 4 User Memory
MEM R/W R/W (pers.) 0x0100-0x017F 4 Certificate User
MEM R R (W fab only) 0x0200-0x027F NA Certificate NXP
MEM R/W R/W (pers.) 0x0300-0x030F 4 DeviceID[0]-DeviceID[15]
MEM R R (W fab only) 0x0310-0x031F NA MNU_ID[0]-MNU_ID[15]
CMD W Block ECC_Authenticate 0x0800 44 see Section 9.12.1
CMD R Block ECC_Authenticate 0x0801 44 see Section 9.12.2
CMD R Block Status 0x0900 2 see Section 9.13.1
CMD W Block PowerDown 0x0901 0 see Section 9.13.2
CMD W Block WakeUp 0x0902 0 see Section 9.13.3
CMD W Block LockDevice 0x0903 0 see Section 9.13.4
CMD W Block ChangeDeviceAdd 0x0904 1 see Section 9.13.5
CMD W Block Soft Reset see I2C-bus specification UM10204
CMD GetDeviceID R Block see I2C-bus specification UM10204
Table 11. Memory access rights with ReadMemory and WriteMemory command
Memory region Address range Length per write
Max. read length Access rights Comment
User memory 0x0000 – 0x007F 4 bytes 128 bytes R+W (all modes except INIT mode)
General purpose user memory
Certificate1 0x0100 – 0x017F 4 bytes 128 bytes R (all modes except INIT mode)
W (test+pers)
Certificate of customer
Certificate2 0x0200 – 0x027F 4 bytes 128 bytes R (all modes except INIT mode)
W (test)
Certificate of NXP
DeviceID 0x0300 – 0x030F 4 bytes 16 bytes R (all modes except INIT mode)
W (test+pers)
Unique device specific ID of customer
MNU_ID 0x0310 – 0x031F 4 bytes 16 bytes R (all modes except INIT mode)
W (test)
Unique device specific manufacturer ID
A1006 All information provided in this document is subject to legal disclaimers. © NXP Semiconductors N.V. 2018. All rights reserved.
Product data sheetRev. 2 — 19 April 2018
374620 23 of 45
NXP Semiconductors A1006Secure Authenticator IC
9.11.3 ReadMemory command
The ReadMemory command is based on a block read command.
The command is shown in Figure 17.
The master starts with sending the memory address where data have to be read.
The IC response with a length value, the PCB and the actual memory content of the EEPROM (or is empty if an error occurs).
The MSB address byte has a value between 0x00 and 0x03 according to the memory map of the EEPROM and corresponds to the first 7 bits of the memory page.
The LSB address byte contains in its first 4 bits the lower nibble of the page address and in its 4 LSBs the byte address with the memory page.
The LEN field may contain the following values:
• 0x00: Reading an infinite number of bytes is possible from the given address. Starting from the given address reading from the EEPROM continues until the stop bit is sent by the master. At the end of a memory region the address pointer is set to the first address in the same region.
• 0x01: Only 1 further byte is sent by the IC which is an error code in the PCB byte.
• Any other value n: n bytes are available for sending by the IC.
The PCB field contains status information of the command:
• 0x00: OK, no error occurred
• 0x01: IC is busy (no further data are sent)
• 0x02: Invalid/unexpected command
• 0x03: Access error (no access rights to the given address)
• 0x04: Address error (no data under given address)
• 0x0F: Other error
The IC will immediately be ready to receive further commands after receiving the stop bit of the ReadMemory command.
The IC will not change its current state when receiving a ReadMemory command.
9.11.4 WriteMemory command
The WriteMemory command is based on a block write command.
The command is shown in Figure 18.
Fig 17. ReadMemory command
S
aaa-022311
A A A A A .....SADDR 0x00-0x03
0x00-0x7F LEN = n PCB = 0 A PData
[len-1]Wr
0
1 1 1 1
P
1
S
1 1
A
1 1
A
17
SADDR
78 8 8 8
Data[0]
8 1 181
Rd
1 n = 1...len + 1n = 1: errorn = 0: infinite
1
A1006 All information provided in this document is subject to legal disclaimers. © NXP Semiconductors N.V. 2018. All rights reserved.
Product data sheetRev. 2 — 19 April 2018
374620 24 of 45
NXP Semiconductors A1006Secure Authenticator IC
The master starts with sending the memory address where data have to be written.
The MSB address byte has a value between 0x00 and 0x03 according to the memory map of the EEPROM.
The LSB address byte contains in its first 4 bits the lower nibble of the page address and in its 4 LSBs the byte address with the memory page.
Data is written always 32 bits aligned meaning that writing is only allowed to LSB addresses: 0x0, 0x4, 0x8, 0xC. Otherwise an address error is reported.
The LEN field may contain only the value 4 indicating the number of bytes that have to be written to the EEPROM.
After the LEN field the data that have to be written to the EEPROM are transmitted whereby the first data byte Data[0] is written to the given start address and the byte Data[n] is written to the start address + n-1.
The IC will only allow writing to the same memory page during one write cycle.
Under the following conditions no write cycle is executed and the status of the command leads to an error status:
• LEN field is not equal to 4 (0x06)
• Start address + LEN field exceeds the current memory page (or would write to page address 0xF of user memory 1) (0x04)
• The number of data bytes sent by the master is smaller as the LEN field (0x02)
The WriteMemory command has no direct response but will lead to an update of the IC status to one of the following values:
• 0x00: Writing to EEPROM successful
• 0x01: IC is busy (writing to EEPROM ongoing)
• 0x02: Invalid/unexpected command
• 0x03: Access error (no access rights to the given address)
• 0x04: Address error (no data under given address)
• 0x05: EEPROM write error (insufficient power, EEPROM error)
• 0x06: Length field error (LEN is not equal to 4)
• 0x0F: Other error
The IC will not start writing and indicate an error condition if additional bytes (more than 4 bytes) are sent within the command.
Fig 18. WriteMemory command
S
aaa-022318
A A A A A .....SADDR 0x00-0x03
0x00-0x7F LEN = 4 Data[0] A start write cycle...
~5.5 msPData[n-1]Wr
0
1 1 1 1 1 17 8 8 8 8 1 181
A1006 All information provided in this document is subject to legal disclaimers. © NXP Semiconductors N.V. 2018. All rights reserved.
Product data sheetRev. 2 — 19 April 2018
374620 25 of 45
NXP Semiconductors A1006Secure Authenticator IC
The IC will start the write cycle after receiving the stop condition if none of the above exceptions occurred.The IC will transparently to the master store the data on the IC in a protected way.
9.11.5 Crypto commands
The A1006 Secure Authenticator IC is able to perform only one type of cryptographic operation.
• IC authentication using Elliptic Curve Cryptography (ECC)
9.12 ECCAuthenticate command
The ECCAuthenticate consists of a block write command to send a challenge to the IC and a block read command to retrieve the calculated result after the execution of the cryptographic operation in the IC.
9.12.1 Execute ECCAuthenticate
The execution of the ECCAuthenticate command is based on a block write command.
The command is shown in Figure 20.
The master starts with sending the command code bytes 0x08 (MSB) and 0x00 (LSB).
The LEN field of the request of the master has the value 44d indicating that exactly 44 bytes are sent to the IC.
The 44 bytes challenge consists of the 22-byte X-coordinate of the challenge point X[21]…X[0] and the check value R2[21]…R2[0].
The IC will store the X-coordinate and the check value in the ECC core and after successfully receiving the command start execution of the ECC operation.
In I2C mode the IC will indicate that it is busy with computation during the ECC operation with a NACK Tauth.
Fig 19. ECCAuthenticate
aaa-022319
IC ECC COMPUTATION(~35 ms)
block read (retrieve response)
block write (send challenge)
Fig 20. ECCAuthenticate block write command
S A A A A A .....SADDR 0x08 0x00 LEN = 44 X[21] AWr
1 1 1 1 1 17 8 8 8 8
X[0]
8 1
aaa-022320
..... AR2[0]
8 1
P
1
AR2[21]
8 11
A1006 All information provided in this document is subject to legal disclaimers. © NXP Semiconductors N.V. 2018. All rights reserved.
Product data sheetRev. 2 — 19 April 2018
374620 26 of 45
NXP Semiconductors A1006Secure Authenticator IC
In OWI mode the master will keep the bus un-modulated for at least the ECC calculation time (Tauth max) to ensure that the available power for the ECC calculation in the IC is available. If the bus gets modulated during the computation the IC may undergo a power-on reset.
Even if all commands are NACKed when the ECC computation is ongoing it will be possible to reset the IC with a SoftReset command to get back into the state after boot (even if a SoftReset via OWI might cause anyhow a POR).
The IC is in READY state after receiving (and executing) the ECCAuthenticate command independent whether the execution of the ECC operation is successful.
9.12.2 Read response of ECCAuthenticate
Retrieving data of the ECCAuthenticate command is based on a block read command.
The command is shown in Figure 21 and contains either a valid ECC response or an error code.
The master starts with sending the command code bytes 0x08 (MSB) and 0x01 (LSB).
The IC responses with a length value LEN, the PCB and the result of the ECC computation in case no error occurred.
The LEN field may contain the following values:
• 45d: The result of the ECC computation is ready and will be added to the response.
• 0x01: Only 1 further byte is sent by the IC which is an error code in the PCB byte.
The PCB field contains status information of the command:
• 0x00: OK, no error occurred
• 0x01:IC is busy (computation of ECC operation)
• 0x02: Invalid/unexpected command
• 0x07: Cryptographic error occurred (invalid input point)
• 0x08: Cryptographic error occurred (fault error occurred)
• 0x17: Active shield error occurred
• 0x27: RNG error occurred
• 0x0F: Other error
The 44-byte result of the computation of the ECC operation is the 22-byte X-coordinate of the result ECC point X[21]…X[0] followed by the Z-coordinate of the result point Z[21]…Z[0]. If an error occurred during computation the result is not existent.
Fig 21. ECCAuthenticate block read command
S
aaa-022321
A A A A .....SADDR 0x08 0x01 LEN = 45 AWr
0
1
P
1
P
1
P
1
S
11 1 1
A
1 17
SADDR
78 8 8
APCB = 0
1
A
18
X[21]
8
X[0]
8 1
..... AZ[0]
8 1
AZ[21]
8 11
Rd
1
1
S A A A ASADDR 0x08 0x01 LEN = 1Wr
0
1
P
1
S
11 1 1
A
1 17
SADDR
78 8 8
APCB = error
181
Rd
1
1
A1006 All information provided in this document is subject to legal disclaimers. © NXP Semiconductors N.V. 2018. All rights reserved.
Product data sheetRev. 2 — 19 April 2018
374620 27 of 45
NXP Semiconductors A1006Secure Authenticator IC
The ECCAuthenticate read block command will return the error code 0x02 (unexpected command) when the ECC computation has not been started due to any reason. Such reasons may be:
• ECCAuthenticate block write command has not been executed at all
• ECCAuthenticate block write command with wrong LEN field
• ECCAuthenticate block write command with too less or to many bytes
• etc.
The IC is immediately be ready to receive further commands after receiving the stop bit of the ECCAuthenticate read block command.The IC will not change its current state when receiving an ECCAuthenticate command (the IC will already be in READY state).
9.13 Other commands
The command set consists of a set of functions that are summarized as “other commands” which are related to status information and status changes of the IC. These commands are:
• Status: retrieves the current status of the IC
• LockDevice: used to move the IC from personalization mode into user mode
• ChangeDeviceAddress: changes the slave address of the IC
• PowerDown: brings the IC into PWRDWN state
• WakeUp: brings the IC from PWRDWN into READY state
9.13.1 Status command
The Status command shown in Figure 22 is used to retrieve status information about the last command that has been sent to the IC.
Every command that is executed updated the status to the latest value. Underlying communication (framing, ACKs) must not react on illegal or incorrect commands.
The master starts with sending the command code bytes 0x09 (MSB) and 0x00 (LSB).
After a stop and a start condition with a valid slave address the IC responses with a length value LEN and the PCB which indicates the status of the last command.
The LEN field may contain the following value:
• 0x01: Only 1 further byte is sent by the IC which is an error code in the PCB byte.
The PCB field contains status information of the last command which may contain one of the following status values:
Fig 22. Status command
S
aaa-022322
A A A A ASADDR 0x09 0x00 LEN = 1 PCB = STATUS PWr
0
1 1 1 1
P
1
S
1 1
A
1 17
SADDR
78 8 8 8 11
Rd
1
1
A1006 All information provided in this document is subject to legal disclaimers. © NXP Semiconductors N.V. 2018. All rights reserved.
Product data sheetRev. 2 — 19 April 2018
374620 28 of 45
NXP Semiconductors A1006Secure Authenticator IC
• 0x00: OK, no error occurred
• 0x01: IC is busy (computation of ECC operation)
• 0x02: Invalid/unexpected command (invalid command code, too many parameter bytes etc.)
• 0x03: Access error (memory access invalid)
• 0x04: Address error (invalid address for memory)
• 0x05: HV error during EEPROM writing
• 0x06: Length error (invalid number of bytes for command)
• 0x07: Cryptographic error occurred (invalid input point)
• 0x08:Cryptographic error occurred (fault error occurred)
• 0xF1: Test read not ok
• 0x17: Active shield error occurred
• 0x27: RNG error occurred
• 0x0F: Other error
The IC does not change its current state when receiving a Status command.
The IC is ready to send a valid answer to a Status command in every state for I2C communication.
The IC is ready to send a valid answer to a Status command in every state for OWI communication except during the high-power ECC operation and WriteMemory operation the master must not send a any command.
9.13.2 PowerDown command
The PowerDown command in 0 is used to bring the IC into a low-power (deep sleep) mode where it consumes only little standby power. This mode is called deep-sleep mode. It is necessary to wake up the IC before any further commands can be received. This command is allowed in all modes except ERROR and MUTE mode.
The master starts with sending the command code bytes 0x09 (MSB) and 0x01 (LSB).
The LEN field has the value = 1.
The PARA field contains information which is used to wake up the IC again. Coding is one hot which allows various combinations wake-up methods without a lot of different parameter values:
• 0x00: Do not execute the deep-sleep sequence because no wake-up method specified. The same is valid for any value wher.re none of the 3 LSBs (bits 0-2) is set.
Fig 23. PowerDown command
aaa-022325
S
1 7 1 1 8 1 8 1 8 1 8 1 1
BlockWrite(Send CMD) A A A A PARA
wake upsource
0
A PSADDR Wr 0x09 0x01 LEN=1
A1006 All information provided in this document is subject to legal disclaimers. © NXP Semiconductors N.V. 2018. All rights reserved.
Product data sheetRev. 2 — 19 April 2018
374620 29 of 45
NXP Semiconductors A1006Secure Authenticator IC
• Bit 0: Wake up IC with correct slave address on the I2C interface
• Bit 1: Wake up IC after wake-up low pulse (>50 s) on OWI has been received.
• Bit 2: Wake up IC after a high pulse of >50 s has been detected on the WAKE (TP1) pin
• (Bits 3-7 are unused and may have any value)
After receiving the stop condition the IC immediately goes into deep-sleep mode and only wakes up if the specified condition is met.
A detailed description of the deep-sleep functionality is shown in the Deep Sleep chapter.
9.13.3 WakeUp command
The WakeUp command in Figure 24 is used to wake up the IC from low-power (deep sleep) mode into normal mode where all other commands can be sent. This command is allowed in all modes except ERROR and MUTE mode. This command is for I2C only. For OWI refer to Section 9.10.1.3.
The master starts with sending the command code bytes 0x09 (MSB) and 0x02 (LSB).
The LEN field has the value = 0.
If the IC is not in deep-sleep mode the IC will not do any action on this command but update the status field to 0x00 meaning that the device is awake and ready to receive further commands.
If the IC is in deep-sleep mode it will wake up on this command and any other command that provides also a valid slave address. The IC does not have to acknowledge any byte of this command. For more details on the deep-sleep mode see below.
9.13.4 LockDevice command
The LockDevice command shown in Figure 25 is used to bring the IC from personalization mode into user mode where it is not possible anymore to alter the personalization data User Certificate and DeviceID.
Fig 24. WakeUp command
aaa-022326
S
1 7 1 1 8 1 8 1 8 1 1
BlockWrite(Send CMD) A A A
0
A PSADDR Wr 0x09 0x02 LEN=0
Fig 25. LockDevice command
S
aaa-022323
A A A ASADDRBlockWrite start writing0x09 0x03 PWr
1 1 1 1 17 8 8
LEN = 0
8 11
A1006 All information provided in this document is subject to legal disclaimers. © NXP Semiconductors N.V. 2018. All rights reserved.
Product data sheetRev. 2 — 19 April 2018
374620 30 of 45
NXP Semiconductors A1006Secure Authenticator IC
The master starts with sending the command code bytes 0x09 (MSB) and 0x03 (LSB).The master sends a LEN field with content =0 and adds a stop condition after which the IC write the new personalization data into the EEPROM.
Note: the personalization mode is left after the next restart of the IC.
9.13.5 ChangeDeviceAddress command
The ChangeDeviceAddress command shown in Figure 26 is used to change the slave address of the IC in personalization mode.
The reason for this command is to allow customers (and by this making NXP logistics easier) to change the slave address (OWI and I2C) in cases where:
• Multiple A1006 slaves are on the same bus line (either I2C or OWI).
• Other non-A1006 devices that has the same slave address conflicts with an A1006.
The master starts with sending the command code bytes 0x09 (MSB) and 0x04 (LSB).
The master sends a LEN field with content = 1 and a PARA byte which contains the new device address. After the stop condition the IC writes the new slave address into the EEPROM where it gets activated after the next power-on reset during the boot sequence.
The ChangeDeviceAddress command will only be allowed in, personalization mode to avoid that in USER mode the device address is changed by accident with subsequent non-functional parts.
Fig 26. ChangeDeviceAddress command
aaa-022324
S
1 7 1 1 8 1 8 1 8 1 8 1 1
BlockWrite start writingA A A A PARA
newdevice
address
0
A PSADDR Wr 0x09 0x04 LEN=1
A1006 All information provided in this document is subject to legal disclaimers. © NXP Semiconductors N.V. 2018. All rights reserved.
Product data sheetRev. 2 — 19 April 2018
374620 31 of 45
NXP Semiconductors A1006Secure Authenticator IC
10. Limiting values
[1] IEC61000-4-2; contact discharge only on the OWI pin, all other pins support 2 kV HBM
[2] Depending on appropriate thermal resistance of the package
11. Recommended operating conditions
[1] Supply voltage is related to the pull-up resistor value, recommended in the range of 200 to 500 .
Table 12. Limiting valuesIn accordance with the Absolute Maximum Rating System (IEC 60134). Voltages are referenced to VSS (ground = 0 V).
Symbol Parameter Conditions Min Max Unit
VDD,OWI supply voltage 0.5 +4.6 V
VI I/O voltage on pins SCL, SDA, WAKEUP 0.5 +4.6 V
IIL latch-up current VI < 0 V or VI > VOWI - 100 mA
Vesd electrostatic discharge voltage [1] - 8.0 kV
Ptot total power dissipation [2] - 2.0 mW
Tstg storage temperature 65 +150 C
TJ junction temperature 40 +85 C
tret retention time Tamb = +85 C 10 - years
Nendu(W) write endurance under all operating conditions 5 105 - cycles
Table 13. Operating conditions
Symbol Parameter Conditions Min Max Unit
VDDE supply voltage external VDD/OWI supply voltage
[1] 1.62 3.6 V
VI digital voltage on I/O pins SCL, SDA
0 3.6 V
A1006 All information provided in this document is subject to legal disclaimers. © NXP Semiconductors N.V. 2018. All rights reserved.
Product data sheetRev. 2 — 19 April 2018
374620 32 of 45
NXP Semiconductors A1006Secure Authenticator IC
12. Static characteristics
[1] Leakage current from SDA and SCL pads is not included. These pins must be grounded when unused.
[1] VIL and VIH values are specified with respect to supply voltage and not with respect to input signals.
[2] The parameter values specified are simulated and absolute values.
[3] Only during push-pull mode.
[4] The parameter value specified includes only the static power for valid High or Low input levels. During core power-down, the receiver is still active resulting in dynamic power or static power for invalid high or low input levels.
Table 14. Static characteristicsAll values are valid within operating conditions.
Symbol Parameter Conditions Min Typ Max Unit
ICC Active power supply current During crypto response calculation
- - 550 A
Isleep sleep current 1.8 V VDD[1] - - 1.0 A
3.3 V VDD[1] - - 3.3 A
Table 15. Static characteristics of I2C_SDAAll values are valid within operating conditions.
Symbol Parameter Conditions Min Typ Max Unit
Input characteristics
VIH HIGH-level input voltage [1] 0.7 VDDE - VDDE + 0.5 V
VIL LOW-level input voltage [1] 0.5 - 0.3 VDDE V
VHYS Input hysteresis voltage [1] 0.1 VDDE - - V
Output characteristics
IOL Static output LOW current At VOL = 0.4 V 3.0 - - mA
IOSL Short circuit current output LOW Drive LOW; pin connected to VDDE
[2] - - 40.0 mA
Supply leakage current characteristics[2]
ISLVDDE Supply static leakage current in VDDE domain
T = 25 C - - 1.0 A
ISILPD VDDE supply leakage current in core Power-down mode
[4] - - 1.0 A
Input (IO pin) leakage current characteristics
ILZ Output Z-state I/O line leakage current
- - 10.0 A
A1006 All information provided in this document is subject to legal disclaimers. © NXP Semiconductors N.V. 2018. All rights reserved.
Product data sheetRev. 2 — 19 April 2018
374620 33 of 45
NXP Semiconductors A1006Secure Authenticator IC
[1] VIL and VIH values are specified with respect to supply voltage and not with respect to input signals.
[2] The parameter values specified are simulated and absolute values.
[3] The parameter value specified includes only the static power for valid High or Low input levels. During core power-down, the receiver is still active resulting in dynamic power or static power for invalid high or low input levels.
13. Dynamic characteristics
Table 16. Static characteristics of I2C_SCLAll values are valid within operating conditions.
Symbol Parameter Conditions Min Typ Max Unit
Input characteristics
VIH HIGH-level input voltage [1] 0.7 VDDE - VDDE + 0.5 V
VIL LOW-level input voltage [1] 0.5 - 0.3 VDDE V
VHYS Input hysteresis voltage [1] 0.1 VDDE - - V
Supply leakage current characteristics[2]
ISLVDDE Supply static leakage current in VDDE domain
T = 25 C - - 1.0 A
ISILPD VDDE supply leakage current in core Power-down mode
[3] - - 1.0 A
Input (IO pin) leakage current characteristics
ILZ Output Z-state I/O line leakage current
- - 10.0 A
Table 17. Static characteristics of OWIAll values are valid within operating conditions.
Symbol Parameter Conditions Min Typ Max Unit
VIH HIGH-level input voltage 0.9 V
VIL LOW-level input voltage 0.55 V
VOL LOW-level output voltage Pull-up = 200Ω to 1KΩ
0.4 V
VOH HIGH-level output voltage V_pullup 3.6 V
Table 18. Dynamic characteristicsAll values are valid within operating conditions.
Symbol Parameter Conditions Min Typ Max Unit
Tauth Time for on-chip calculation of challenge response
- 35 50 ms
Tsleep Time to enter deep sleep after command
- - 10 ms
Towi_wake OWI wake pulse duration 50 - - s
Tsleep_wake Time to wake from deep sleep - - 1.5 ms
A1006 All information provided in this document is subject to legal disclaimers. © NXP Semiconductors N.V. 2018. All rights reserved.
Product data sheetRev. 2 — 19 April 2018
374620 34 of 45
NXP Semiconductors A1006Secure Authenticator IC
14. Application information
14.1 One Wire Interface
Figure 27 shows A1006 powered by a host microcontroller using the OWI interface to communicate with A1006.
(1) 200 to 500 recommended for VDD = 1.8 V. Higher values up to 1.2k may be used with VDD = 3.3 V.
Fig 27. Application diagram for OWI
aaa-026986
Host MCUDevice beingauthenticated
GPIO
WAKEUP
OWI/VDD
n.c.
A10061.62 - 3.6 V
One wire interface
OptionalESD diode
and capacitor
R(1)
GND GND
SCL
SDA
A1006 All information provided in this document is subject to legal disclaimers. © NXP Semiconductors N.V. 2018. All rights reserved.
Product data sheetRev. 2 — 19 April 2018
374620 35 of 45
NXP Semiconductors A1006Secure Authenticator IC
14.2 I2C interface
Figure 28 shows A1006 connected to a host microcontroller via I2C interface.
(1) Typically 900Ω for VDD = 1.8 V and 1.1kΩ for 3.3 V
Fig 28. Application diagram for using I2C-bus interface
aaa-023249
Host MCUDevice beingauthenticated
SDA
SCL
SDA
SCL
WAKEUPOWI/VDD
n.c.
A1006
1.62 - 3.6 V 1.62 - 3.6 V
R(1) R(1) 0.1 μF
GND GND
A1006 All information provided in this document is subject to legal disclaimers. © NXP Semiconductors N.V. 2018. All rights reserved.
Product data sheetRev. 2 — 19 April 2018
374620 36 of 45
NXP Semiconductors A1006Secure Authenticator IC
14.3 Authentication
Figure 29 shows authentication flow at a high level. Please refer to A1006 user guide for details.
To prove its authenticity the A1006 supports a public/private key Diffie-Hellman authentication protocol based on ECC (Elliptic Curve Cryptography) with a 163 bit strong binary field curve. The implementation uses a standard curve NIST B-163.
The protocol is a two-pass challenge-response protocol where the host can verify the authenticity of the A1006. The host chooses random number r, multiplies “basepoint” G by this random number to get point rG. The host sends the point rG to the A1006. The A1006 stores a private key q and public key Q (=qG). This public key Q is embedded in a certificate cert(Q) and stored in the A1006. The A1006 computes q(rG) and returns the result to the host. The host verifies that cert(Q) is valid, extracts the public key Q from the certificate and verifies that q(rG) received from the A1006 equals rQ (i.e. r(qG)).
If both checks are valid, the A1006 has proven its authenticity.
Fig 29. Authentication flow
Validateresponse
client hasthe correctprivate key
clienthas validcertificate
NOK
NOK
aaa-022327
HOST (Host-MCU or Cloud) CLIENT
Requestcertificate
Validatecertificate
Sendchallenge
stop
Signchallenge
Sendcertificate
5 ms
20 ms
40 ms
40 ms
ok
ok
5 ms Sendresponse
Continueservice
Master Certificate
Body---
---Signed HASH
MasterPublic Key
Client Certificate
Body---
---Signed HASH
Public Key
Private Key
A1006 All information provided in this document is subject to legal disclaimers. © NXP Semiconductors N.V. 2018. All rights reserved.
Product data sheetRev. 2 — 19 April 2018
374620 37 of 45
NXP Semiconductors A1006Secure Authenticator IC
Fig 30. Authentication protocol
aaa-022328
HOST
G: system basepoint
rG
q(rG), cert(Q)
r: random scalar Q: public key = qGq: private key (scalar)
verifyrQ = = q(rG)
A1XXX
A1006 All information provided in this document is subject to legal disclaimers. © NXP Semiconductors N.V. 2018. All rights reserved.
Product data sheetRev. 2 — 19 April 2018
374620 38 of 45
NXP Semiconductors A1006Secure Authenticator IC
15. Package outline
Fig 31. Package outline SOT1348-1 (HXSON6)
ReferencesOutlineversion
Europeanprojection Issue date
IEC JEDEC JEITA
SOT1348-1 - - -
sot1348-1_po
13-09-0415-05-08
Unit
mmmaxnommin
0.5 0.05
A
Dimensions (mm are the original dimensions)
HXSON6: plastic, thermal enhanced extremely thin small outline package; no leads;6 terminals; body 2.0 x 2.0 x 0.5 mm SOT1348-1
A1
0.1271.71.61.5
2.12.01.9
2.02.1
1.01.9 0.9
1.10.65 1.3
A3 b
0.350.300.25
k
0.2
D(1) Dh E(1) Eh e e1
0.300.250.20
L v
0.050.1
w y
0.05
y1
0.05
0 2 mmscale
Note1. Plastic or metal protrusions of 0.075 mm maximum per side are not included.
A
Edetail X
A3
AA1
- - - - - -
X
BD
Dh
6 4
1 3
k
L
bAC Bv
Cw
Eh
e1
e
terminal 1index area
terminal 1index area
C
yCy1
0.00
A1006 All information provided in this document is subject to legal disclaimers. © NXP Semiconductors N.V. 2018. All rights reserved.
Product data sheetRev. 2 — 19 April 2018
374620 39 of 45
NXP Semiconductors A1006Secure Authenticator IC
Fig 32. Package outline SOT1375-4 (WLCSP4)
A1006 All information provided in this document is subject to legal disclaimers. © NXP Semiconductors N.V. 2018. All rights reserved.
Product data sheetRev. 2 — 19 April 2018
374620 40 of 45
NXP Semiconductors A1006Secure Authenticator IC
16. Abbreviations
17. References
[1] AN10439 — Wafer Level Chip Size Package, Rev. 03 - 17 October 2007
[2] AN10365 — Surface mount reflow soldering description, Rev. 5 - 6 September 2011
Table 19. Abbreviations
Acronym Description
OWI One-Wire Interface
A1006 All information provided in this document is subject to legal disclaimers. © NXP Semiconductors N.V. 2018. All rights reserved.
Product data sheetRev. 2 — 19 April 2018
374620 41 of 45
NXP Semiconductors A1006Secure Authenticator IC
18. Revision history
Table 20. Revision history
Document ID Release date Data sheet status Change notice Supersedes
374620 20180419 Product data sheet 201804019I 374610
Modifications: • Updated OWI data rate from 100 kbps to 125 kbps
• Updated Figure 6 “OWI bit coding”, Figure 7 “Timing of OWI bit coding”, Figure 27 “Application diagram for OWI”, Figure 28 “Application diagram for using I2C-bus interface”
• Table 7 “Timing constraints for OWI”: removed voltage parameters for OWI from and created new Table 17 “Static characteristics of OWI”; updated table notes
• Deleted Section 9.8 “Memory map overview”
• Updated Table 10 “Command set”, Table 11 “Memory access rights with ReadMemory and WriteMemory command”, Table 14 “Static characteristics”
• Section 9.10 “Deep-sleep mode” updated
• Section 9.12.1 “Execute ECCAuthenticate” updated
• Figure 27 “Application diagram for OWI” updated
• Correct miscellaneous text throughout
374610 20170210 Product data sheet - -
A1006 All information provided in this document is subject to legal disclaimers. © NXP Semiconductors N.V. 2018. All rights reserved.
Product data sheetRev. 2 — 19 April 2018
374620 42 of 45
NXP Semiconductors A1006Secure Authenticator IC
19. Legal information
19.1 Data sheet status
[1] Please consult the most recently issued document before initiating or completing a design.
[2] The term ‘short data sheet’ is explained in section “Definitions”.
[3] The product status of device(s) described in this document may have changed since this document was published and may differ in case of multiple devices. The latest product status information is available on the Internet at URL http://www.nxp.com.
19.2 Definitions
Draft — The document is a draft version only. The content is still under internal review and subject to formal approval, which may result in modifications or additions. NXP Semiconductors does not give any representations or warranties as to the accuracy or completeness of information included herein and shall have no liability for the consequences of use of such information.
Short data sheet — A short data sheet is an extract from a full data sheet with the same product type number(s) and title. A short data sheet is intended for quick reference only and should not be relied upon to contain detailed and full information. For detailed and full information see the relevant full data sheet, which is available on request via the local NXP Semiconductors sales office. In case of any inconsistency or conflict with the short data sheet, the full data sheet shall prevail.
Product specification — The information and data provided in a Product data sheet shall define the specification of the product as agreed between NXP Semiconductors and its customer, unless NXP Semiconductors and customer have explicitly agreed otherwise in writing. In no event however, shall an agreement be valid in which the NXP Semiconductors product is deemed to offer functions and qualities beyond those described in the Product data sheet.
19.3 Disclaimers
Limited warranty and liabilityInformation in this document is believed to be accurate and reliable. However, NXP Semiconductors does not give any representations or warranties, expressed or implied, as to the accuracy or completeness of such information and shall have no liability for the consequences of use of such information. NXP Semiconductors takes no responsibility for the content in this document if provided by an information source outside of NXP Semiconductors.
In no event shall NXP Semiconductors be liable for any indirect, incidental, punitive, special or consequential damages (including - without limitation - lost profits, lost savings, business interruption, costs related to the removal or replacement of any products or rework charges) whether or not such damages are based on tort (including negligence), warranty, breach of contract or any other legal theory.
Notwithstanding any damages that customer might incur for any reason whatsoever, NXP Semiconductors’ aggregate and cumulative liability towards customer for the products described herein shall be limited in accordance with the Terms and conditions of commercial sale of NXP Semiconductors.
Right to make changesNXP Semiconductors reserves the right to make changes to information published in this document, including without limitation specifications and product descriptions, at any time and without notice. This document supersedes and replaces all information supplied prior to the publication hereof.
Suitability for useNXP Semiconductors products are not designed, authorized or warranted to be suitable for use in life support, life-critical or safety-critical systems or equipment, nor in applications where failure or malfunction of an NXP Semiconductors product can reasonably be expected to result in personal injury, death or severe property or environmental damage. NXP Semiconductors and its suppliers accept no liability for inclusion and/or use of NXP Semiconductors products in such equipment or applications and therefore such inclusion and/or use is at the customer’s own risk.
ApplicationsApplications that are described herein for any of these products are for illustrative purposes only. NXP Semiconductors makes no representation or warranty that such applications will be suitable for the specified use without further testing or modification.
Customers are responsible for the design and operation of their applications and products using NXP Semiconductors products, and NXP Semiconductors accepts no liability for any assistance with applications or customer product design. It is customer’s sole responsibility to determine whether the NXP Semiconductors product is suitable and fit for the customer’s applications and products planned, as well as for the planned application and use of customer’s third party customer(s). Customers should provide appropriate design and operating safeguards to minimize the risks associated with their applications and products.
NXP Semiconductors does not accept any liability related to any default, damage, costs or problem which is based on any weakness or default in the customer’s applications or products, or the application or use by customer’s third party customer(s). Customer is responsible for doing all necessary testing for the customer’s applications and products using NXP Semiconductors products in order to avoid a default of the applications and the products or of the application or use by customer’s third party customer(s). NXP does not accept any liability in this respect.
Limiting valuesStress above one or more limiting values (as defined in the Absolute Maximum Ratings System of IEC 60134) will cause permanent damage to the device. Limiting values are stress ratings only and (proper) operation of the device at these or any other conditions above those given in the Recommended operating conditions section (if present) or the Characteristics sections of this document is not warranted. Constant or repeated exposure to limiting values will permanently and irreversibly affect the quality and reliability of the device.
Terms and conditions of commercial saleNXP Semiconductors products are sold subject to the general terms and conditions of commercial sale, as published at http://www.nxp.com/profile/terms, unless otherwise agreed in a valid written individual agreement. In case an individual agreement is concluded only the terms and conditions of the respective agreement shall apply. NXP Semiconductors hereby expressly objects to applying the customer’s general terms and conditions with regard to the purchase of NXP Semiconductors products by customer.
Document status[1][2] Product status[3] Definition
Objective [short] data sheet Development This document contains data from the objective specification for product development.
Preliminary [short] data sheet Qualification This document contains data from the preliminary specification.
Product [short] data sheet Production This document contains the product specification.
A1006 All information provided in this document is subject to legal disclaimers. © NXP Semiconductors N.V. 2018. All rights reserved.
Product data sheetRev. 2 — 19 April 2018
374620 43 of 45
NXP Semiconductors A1006Secure Authenticator IC
No offer to sell or licenseNothing in this document may be interpreted or construed as an offer to sell products that is open for acceptance or the grant, conveyance or implication of any license under any copyrights, patents or other industrial or intellectual property rights.
Export control — This document as well as the item(s) described herein may be subject to export control regulations. Export might require a prior authorization from competent authorities.
Quick reference dataThe Quick reference data is an extract of the product data given in the Limiting values and Characteristics sections of this document, and as such is not complete, exhaustive or legally binding.
Non-automotive qualified productsUnless this data sheet expressly states that this specific NXP Semiconductors product is automotive qualified, the product is not suitable for automotive use. It is neither qualified nor tested in accordance with automotive testing or application requirements. NXP Semiconductors accepts no liability for inclusion and/or use of non-automotive qualified products in automotive equipment or applications.
In the event that customer uses the product for design-in and use in automotive applications to automotive specifications and standards, customer (a) shall use the product without NXP Semiconductors’ warranty of the product for such automotive applications, use and specifications, and (b) whenever customer uses the product for automotive applications beyond NXP Semiconductors’ specifications such use shall be solely at customer’s own risk, and (c) customer fully indemnifies NXP Semiconductors for any
liability, damages or failed product claims resulting from customer design and use of the product for automotive applications beyond NXP Semiconductors’ standard warranty and NXP Semiconductors’ product specifications.
TranslationsA non-English (translated) version of a document is for reference only. The English version shall prevail in case of any discrepancy between the translated and English versions.
19.4 Licenses
19.5 TrademarksNotice: All referenced brands, product names, service names and trademarks are the property of their respective owners.
20. Contact information
For more information, please visit: http://www.nxp.com
For sales office addresses, please send an email to: [email protected]
ICs with DPA Countermeasures functionality
NXP ICs containing functionality implementing countermeasures to Differential Power Analysis and Simple Power Analysis are produced and sold under applicable license from Cryptography Research, Inc.
A1006 All information provided in this document is subject to legal disclaimers. © NXP Semiconductors N.V. 2018. All rights reserved.
Product data sheetRev. 2 — 19 April 2018
374620 44 of 45
NXP Semiconductors A1006Secure Authenticator IC
21. Contents
1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
2 General description . . . . . . . . . . . . . . . . . . . . . . 1
3 Features and benefits . . . . . . . . . . . . . . . . . . . . 23.1 Trust provisioning service . . . . . . . . . . . . . . . . . 23.2 Security features. . . . . . . . . . . . . . . . . . . . . . . . 3
4 Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
5 Ordering information. . . . . . . . . . . . . . . . . . . . . 35.1 A1006 naming conventions . . . . . . . . . . . . . . . 35.2 Ordering options . . . . . . . . . . . . . . . . . . . . . . . . 4
6 Marking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
7 Block diagram . . . . . . . . . . . . . . . . . . . . . . . . . . 5
8 Pinning information. . . . . . . . . . . . . . . . . . . . . . 68.1 Pinning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68.2 Pin description . . . . . . . . . . . . . . . . . . . . . . . . . 6
9 Functional description . . . . . . . . . . . . . . . . . . . 79.1 External interfaces . . . . . . . . . . . . . . . . . . . . . . 79.2 OWI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79.2.1 OWI operation . . . . . . . . . . . . . . . . . . . . . . . . . 79.2.2 OWI framing . . . . . . . . . . . . . . . . . . . . . . . . . . . 89.2.3 OWI bit coding . . . . . . . . . . . . . . . . . . . . . . . . . 89.2.4 Explanation of sampling . . . . . . . . . . . . . . . . . 119.2.4.1 Master to A1006 communication . . . . . . . . . . 119.2.4.2 A1006 to master communication . . . . . . . . . . 129.3 I2C-bus interface. . . . . . . . . . . . . . . . . . . . . . . 139.3.1 Start condition. . . . . . . . . . . . . . . . . . . . . . . . . 149.3.2 Stop condition . . . . . . . . . . . . . . . . . . . . . . . . . 149.3.3 Acknowledge bit (ACK). . . . . . . . . . . . . . . . . . 159.3.4 Data input . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159.3.5 Device addressing . . . . . . . . . . . . . . . . . . . . . 159.3.5.1 Addressing scheme . . . . . . . . . . . . . . . . . . . . 169.3.5.2 Addressing pointer . . . . . . . . . . . . . . . . . . . . . 169.4 Bus packets . . . . . . . . . . . . . . . . . . . . . . . . . . 169.4.1 Block write . . . . . . . . . . . . . . . . . . . . . . . . . . . 169.4.2 Block read. . . . . . . . . . . . . . . . . . . . . . . . . . . . 179.5 Memory subsystem . . . . . . . . . . . . . . . . . . . . 189.6 Addressing scheme . . . . . . . . . . . . . . . . . . . . 189.7 Memory read/write commands . . . . . . . . . . . . 189.8 A1006 certificate overview . . . . . . . . . . . . . . . 199.8.1 Issuer Private Key Reference. . . . . . . . . . . . . 199.8.2 Organizational-Name . . . . . . . . . . . . . . . . . . . 199.8.3 Product Common-Name. . . . . . . . . . . . . . . . . 199.8.4 . . . . . . . . . . . . . . . . . . . . . . . . . . I2C Address 209.8.5 Operational Mode . . . . . . . . . . . . . . . . . . . . . . 209.9 Life cycle states . . . . . . . . . . . . . . . . . . . . . . . 209.10 Deep-sleep mode . . . . . . . . . . . . . . . . . . . . . . 219.10.1 Requirements for deep-sleep functionality . . . 21
9.10.1.1 Getting into deep-sleep mode . . . . . . . . . . . . 219.10.1.2 During deep-sleep mode . . . . . . . . . . . . . . . . 229.10.1.3 Getting out of deep-sleep mode. . . . . . . . . . . 229.10.1.4 Wake up behavior . . . . . . . . . . . . . . . . . . . . . 229.11 Command set. . . . . . . . . . . . . . . . . . . . . . . . . 229.11.1 Memory read/write commands. . . . . . . . . . . . 239.11.2 Memory access rights . . . . . . . . . . . . . . . . . . 239.11.3 ReadMemory command. . . . . . . . . . . . . . . . . 249.11.4 WriteMemory command. . . . . . . . . . . . . . . . . 249.11.5 Crypto commands . . . . . . . . . . . . . . . . . . . . . 269.12 ECCAuthenticate command. . . . . . . . . . . . . . 269.12.1 Execute ECCAuthenticate . . . . . . . . . . . . . . . 269.12.2 Read response of ECCAuthenticate . . . . . . . 279.13 Other commands . . . . . . . . . . . . . . . . . . . . . . 289.13.1 Status command . . . . . . . . . . . . . . . . . . . . . . 289.13.2 PowerDown command. . . . . . . . . . . . . . . . . . 299.13.3 WakeUp command. . . . . . . . . . . . . . . . . . . . . 309.13.4 LockDevice command . . . . . . . . . . . . . . . . . . 309.13.5 ChangeDeviceAddress command . . . . . . . . . 31
10 Limiting values . . . . . . . . . . . . . . . . . . . . . . . . 32
11 Recommended operating conditions . . . . . . 32
12 Static characteristics . . . . . . . . . . . . . . . . . . . 33
13 Dynamic characteristics. . . . . . . . . . . . . . . . . 34
14 Application information . . . . . . . . . . . . . . . . . 3514.1 One Wire Interface . . . . . . . . . . . . . . . . . . . . 3514.2 I2C interface . . . . . . . . . . . . . . . . . . . . . . . . . . 3614.3 Authentication . . . . . . . . . . . . . . . . . . . . . . . . 37
15 Package outline. . . . . . . . . . . . . . . . . . . . . . . . 39
16 Abbreviations . . . . . . . . . . . . . . . . . . . . . . . . . 41
17 References. . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
18 Revision history . . . . . . . . . . . . . . . . . . . . . . . 42
19 Legal information . . . . . . . . . . . . . . . . . . . . . . 4319.1 Data sheet status . . . . . . . . . . . . . . . . . . . . . . 4319.2 Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . 4319.3 Disclaimers . . . . . . . . . . . . . . . . . . . . . . . . . . 4319.4 Licenses. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4419.5 Trademarks . . . . . . . . . . . . . . . . . . . . . . . . . . 44
20 Contact information . . . . . . . . . . . . . . . . . . . . 44
21 Contents. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
© NXP Semiconductors N.V. 2018. All rights reserved.
For more information, please visit: http://www.nxp.comFor sales office addresses, please send an email to: [email protected]
Date of release: 19 April 2018 374620
Document identifier: A1006
Please be aware that important notices concerning this document and the product(s)described herein, have been included in section ‘Legal information’.