3 secure storage, 4 flexibility, Atvaultic200 – Rainbow Electronics ATVaultIC200 User Manual

4

TPR0460AX–SMS–02/10

ATVaultIC200

3. The authenticator checks the signature using either the same secret key or the public key

associated to the claimant’s private key and decides whether the claimant is authorized or
not based on the signature verification result.

This strong authentication method requires storing secret data. Pure software multi-factor solu-
tions are thus not reliable.

1.3

Secure storage

If sensitive data is stored in files on a hard disk, even if those files are encrypted, the files can be
stolen, cloned and subjected to various kinds of attacks (e.g. brute force or dictionary attack on
passwords). Therefore secure microcontrollers-based hardware tokens are a must. Placing
secrets outside the computer avoids risking exposure to malicious software, security breaches in
web browsers, files stealing, etc.

1.4

Flexibility

The ATVaultIC200 product features:

• Various communication interfaces including SPI (Serial Protocol Interface), I

2

C (Inter

Integrated Circuit Bus) and ISO7816 SmartCard interface.

• Low pin count (Reset, Vcc, GND, and communication interface specific pins) making

integration into an existing board simple. ATVaultIC200 modules are available in small
packages (SOIC8 or DFN8) to fit into the most size-constrained devices.

• Low power consumption, in order to extend battery life in portable devices and low-power

systems. ATVaultIC200 devices consume less than 200μA in standby mode, and only 10 mA
during CPU-intensive operations depending on the required action.

• Embedded firmware that provides advanced functions:

– Secure storage: a fully user-defined non-volatile storage of sensitive or secret data.
– Identity-based authentication with user, administrator and manufacturer roles

supported.

– Administration mode to manage user authentication data and security features
– Manufacturer mode to initialize the file system content and module parameters.
– Cryptographic command set to perform cryptographic operations using keys and

data from the file system including: authentication, digital signature,
encryption/decryption, hash, one-time password generation and random generation.

– Public domain cryptographic algorithms such as DES, 3DES, AES, MAC using DES,

3DES or AES

– Cryptographic protocols such as secret-key unilateral or mutual authentication

[3]

.

– Secure Channel Protocol using 3DES or AES.
– Robust communication protocol stacked over the physical communication

interfaces.

– Starter Kit

.

Atmel’s application note

[5]

presents examples of efficient and cost effective IP protection appli-

cations utilizing secure chips in various embedded systems.