4
Secret Fuses
These 63-fuses are used to augment the keys stored elsewhere in the chip. Knowledge of both the
internally stored keys and the values of the Secret Fuses are required to generate the correct response
to the Cryptographic command of the AT88SA102S. An arbitrary selection of these fuses is burned
during personalization via the BurnSecure command.
Within this document, “Secret Fuses” is used to refer to the entire array of 64-bits: Fuse[0-63], even
though the value of Fuse[1] is fixed for most applications and its value can be derived from the
operation of the chip.
Status Fuses
These 23-fuses can be used to store information which is not secret, as their value can always be
determined using the read command. They can be written at the same time as the secret fuses using
the BurnSecure command, or they can be individually burned at a later time with the BurnFuse
command. Two common usage models for these fuses are:
1.
Calibration or model number information. In this situation, the 23-bits are written at the factory. This
method can also be used for feature enabling. In this case, the BurnFuse command should not be
run in the field, and the BurnFuse Enable bit should be zero.
2.
Consumption logging, i.e. burn one bit after every n uses, the host system keeps track of the
number of uses so far for this serial number. In this case, the BurnFuse command is necessary to
individually burn one of these 23-bits, and the BurnFuse enable bit should be a one.
Within this document, “Status Fuses” is used to refer to the entire array of 24-bits: Fuse[64-87], even
though the value of Fuse[87] is fixed after personalization and cannot be modified in the field.
Fuse Disable
This fuse is used to disable/enable the ability of the MAC command to read the fuse values until the
BurnSecure command has completed properly. When it has a value of one (unburned), the bit values in
the message that would normally have been filled in with Fuse values are all set to a one. When
FuseDisable is burned, the MAC command fills in the message with the requested fuse values.
Additionally, this bit, when burned, disables the BurnSecure command to prevent modification of the
secret fuses and BurnFuse enable bit in the end customer application.
1.4
Chip Identification
The chip includes a total of 72-bits of information that can be used to distinguish between individual chips in a reliable manner.
The information is distributed between the ROM and fuse blocks in the following manner.
Serial Number
This 48-bit value is composed of ROM SN (16-bits) and Fuse SN (32-bits). Together they form a serial
number that is guaranteed to be unique for all devices ever manufactured within the Atmel
CryptoAuthentication family. This value is optionally included in the MAC calculation.
Manufacturing ID
This 24-bit value is composed of ROM MfrID (16-bits) and Fuse MfrID (8-bits). Typically this value is
the same for all chips of a given type. It is always included in the cryptographic computations.
1.5
Key Values
The values stored in the Atmel AT88SA102S internal key array are hardwired into the masking layers of the chip during wafer
manufacture. All chips have the same keys stored internally, though the value of a particular key cannot be determined
externally from the chip. For this reason, customers should ensure that they program a unique (and secret) number into the
64-secret fuses and they should store the Atmel provided key values securely.
Individual key values are made available to qualified customers upon request to Atmel and are always transmitted in a secure
manner.
When the serial number is included in the MAC calculation then the response is considered to be diversified and the host
needs to know the base secret in order to be able to verify the authenticity of the client. A diversified response can also be
obtained by including the serial number in the computation of the value written to the secret fuses. A CryptoAuthentication host
chip provides a secure hardware mechanism to validate responses to determine if they are authentic.