The DS28E30 integrates Analog Devices-proprietary techniques to protect all device stored data from invasive or noninvasive discovery. The circuit design combined with cryptographic methods, both inherited from Maxim’s financial terminal security experience, protect against die-level data extraction attacks.
In addition to the secure ECDSA engine for signatures, the device integrates a high-quality TRNG, a SHA-256 engine, 1Kb EEPROM for user memory, plus additional EEPROM space for one ECDSA P-256 private key, one ECDSA P-256 public key certificate, one 17-bit decrement counter, and control registers. The device operates from a 1-Wire interface with a parasitic supply by way of an external capacitor (CEXT1) and an additional capacitor (CEXT2) for the internal voltage regulator. The Functional Diagram shows the relationships between the circuit elements of the DS28E30.
1-Wire Bus System
The 1-Wire bus is a system that has a single bus controller and one or more peripherals. In all instances, the DS28E30 is a peripheral device. The discussion of this bus system is broken down into three topics: hardware configuration, transaction sequence, and 1-Wire signaling (signal types and timing). The 1-Wire protocol defines bus transactions in terms of the bus state during specific time slots that are initiated on the falling edge of sync pulses from the bus controller.
Hardware Configuration
The 1-Wire bus has only a single line by definition; it is important that each device on the bus can drive it at the appropriate time. To facilitate this, each device attached to the 1-Wire bus must have open-drain or three-state outputs. The 1-Wire port of the DS28E30 is open drain with an internal circuit equivalent.
A multidrop bus consists of a 1-Wire bus with multiple peripherals attached. The DS28E30 supports overdrive communication speed of 90.9kbps (max). The value of the pullup resistor primarily depends on the network size and load conditions. The DS28E30 requires a pullup resistor of 750Ω (max).
Figure 1. Hardware Configuration
The idle state for the 1-Wire bus is high. If for any reason a transaction needs to be suspended, the bus must be left in the idle state if the transaction is to resume. If this does not occur and the bus is left low for more than 16μs, one or more devices on the bus could be reset.
Transaction Sequence
The protocol for accessing the DS28E30 through the 1-Wire port is as follows:
Initialization
ROM function command
Device function command
Transaction/data
Initialization
All transactions on the 1-Wire bus begin with an initialization sequence. The initialization sequence consists of a reset pulse transmitted by the bus controller followed by presence pulse(s) transmitted by the peripheral(s). The presence pulse lets the bus controller know that the DS28E30 is on the bus and is ready to operate. For more details, see the 1-Wire Signaling and Timing section.
1-Wire Signaling and Timing
The DS28E30 requires strict protocols to ensure data integrity. The protocol consists of four types of signaling on one line: reset sequence with reset pulse and presence pulse, write-zero, write-one, and read-data. Except for the presence pulse, the bus controller initiates all falling edges.
To get from idle to active, the voltage on the 1-Wire line needs to fall from VPUP below the threshold VTL. To get from active to idle, the voltage needs to rise from VILMAX past the threshold VTH. The time it takes for the voltage to make this rise is seen in Figure 2 as ε, and its duration depends on the pullup resistor (RPUP) used and the capacitance of the 1-Wire network attached. The voltage VILMAX is relevant for the DS28E30 when determining a logical level, not when triggering any events.
Figure 2 shows the initialization sequence required to begin any communication with the DS28E30. A reset pulse followed by a presence pulse indicates that the DS28E30 is ready to receive data, given the correct ROM and device function command. If the bus controller uses slew-rate control on the falling edge, it must pull down the line for tRSTL + tF to compensate for the edge.
After the bus controller has released the line, it goes into receive mode. Now, the 1-Wire bus is pulled to VPUP through the pullup resistor or, in the case of a special driver chip, through the active circuitry. When the threshold VTH is crossed, the DS28E30 waits and then transmits a presence pulse by pulling the line low. To detect a presence pulse, the controller must test the logical state of the 1-Wire line at tMSP.
Immediately after tRSTH has expired, the DS28E30 is ready for data communication.
Figure 2. Initialization Procedure: Reset and Presence Pulse
Read/Write Time Slots
Data communication with the DS28E30 takes place in time slots that carry a single bit each. Write time slots transport data from the bus controller to the peripheral. Read time slots transfer data from the peripheral to the controller. Figure 3 illustrates the definitions of the write and read time slots.
All communication begins with the controller pulling the data line low. As the voltage on the 1-Wire line falls below the threshold VTL, the DS28E30 starts its internal timing generator that determines when the data line is sampled during a write time slot and how long data is valid during a read time slot.
Figure 3. Read/Write Timing Diagrams
Controller to Peripheral
For a write-one time slot, the voltage on the data line must have crossed the VTH threshold before the write-one low time tW1LMAX is expired. For a write-zero time slot, the voltage on the data line must stay below the VTH threshold until the write-zero low time tW0LMIN is expired. For the most reliable communication, the voltage on the data line should not exceed VILMAX during the entire tW0L or tW1L window. After the VTH threshold has been crossed, the DS28E30 needs recovery time tREC before it is ready for the next time slot.
Peripheral to Controller
A read-data time slot begins like a write-one time slot. The voltage on the data line must remain below VTL until the read low time tRL is expired. During the tRL window, when responding with a 0, the DS28E30 starts pulling the data line low; its internal timing generator determines when this pulldown ends and the voltage starts rising again. When responding with a 1, the DS28E30 does not hold the data line low at all, and the voltage starts rising as soon as tRL is over.
The sum of tRL + δ (rise time) on one side and the internal timing generator of the DS28E30 on the other side define the controller sampling window (tMSRMIN to tMSRMAX), in which the controller must perform a read from the data line. For the most reliable communication, tRL should be as short as permissible, and the controller should read close to, but no later than tMSRMAX. After reading from the data line, the controller must wait until tSLOT is expired. This guarantees sufficient recovery time tREC for the DS28E30 to get ready for the next time slot. Note that tREC specified herein applies only to a single DS28E30 attached to a 1-Wire line. For multidevice configurations, tREC must be extended to accommodate the additional 1-Wire device input capacitance. Alternatively, an interface that performs active pullup during the 1-Wire recovery time such as the special 1-Wire line drivers can be used.
1-Wire ROM Commands
Once the bus controller has detected a presence, it can issue one of the five ROM function commands that the DS28E30 supports. All ROM function commands are 8 bits long. For operational details, see Figure 4. A descriptive list of these ROM function commands follows in the subsequent sections, and the commands are summarized in Table 1.
Figure 4. ROM Function Flow
Table 1. 1-Wire ROM Commands Summary
ROM FUNCTION COMMAND
CODE
DESCRIPTION
Search ROM
F0h
Search for a device
Read ROM
33h
Read ROM from device (single drop)
Match ROM
55h
Select a device by ROM number
Skip ROM
CCh
Select only device on 1-Wire
Resume
A5h
Selected device with RC bit set
Search ROM [F0h]
When a system is initially brought up, the bus controller might not know the number of devices on the 1-Wire bus or their ROM ID numbers. By taking advantage of the wired-AND property of the bus, the controller can use a process of elimination to identify the ID of all peripheral devices. For each bit in the ID number, starting with the least significant bit, the bus controller issues a triplet of time slots. On the first slot, each peripheral device participating in the search outputs the true value of its ID number bit. On the second slot, each peripheral device participating in the search outputs the complemented value of its ID number bit. On the third slot, the controller writes the true value of the bit to be selected. All peripheral devices that do not match the bit written by the controller stop participating in the search. If both of the read bits are zero, the controller knows that peripheral devices exist with both states of the bit. By choosing which state to write, the bus controller branches in the search tree. After one complete pass, the bus controller knows the ROM ID number of a single device. Additional passes identify the ID numbers of the remaining devices. Refer to Application Note 187: 1-Wire Search Algorithm for a detailed discussion, including an example.
Read ROM [33h]
The Read ROM command allows the bus controller to read the DS28E30’s 8-bit family code, unique 48-bit serial number, and 8-bit CRC. This command can only be used if there is a single peripheral on the bus. If more than one peripheral is present on the bus, a data collision occurs when all peripherals try to transmit at the same time (open drain produces a wired-AND result). The resultant family code and 48-bit serial number result in a mismatch of the CRC.
Match ROM [55h]
The Match ROM command, followed by a 64-bit ROM sequence, allows the bus controller to address a specific DS28E30 on a multidrop bus. Only the DS28E30 that exactly matches the 64-bit ROM sequence responds to the subsequent device function command. All other peripherals wait for a reset pulse. This command can be used with a single device or multiple devices on the bus.
Skip ROM [CCh]
This command can save time in a single-drop bus system by allowing the bus controller to access the device functions without providing the 64-bit ROM ID. If more than one peripheral is present on the bus and, for example, a read command is issued following the Skip ROM command, data collision occurs on the bus as multiple peripherals transmit simultaneously (open-drain pulldowns produce a wired-AND result).
Resume [A5h]
To maximize the data throughput in a multidrop environment, the Resume command is available. This command checks the status of the RC bit and, if it is set, directly transfers control to the device function commands, similar to a Skip ROM command. The only way to set the RC bit is through successfully executing the Match ROM or Search ROM command. Once the RC bit is set, the device can repeatedly be accessed through the Resume command. Accessing another device on the bus clears the RC bit, preventing two or more devices from simultaneously responding to the Resume command.
In a 1-Wire environment, line termination is possible only during transients controlled by the bus controller (1-Wire driver). 1-Wire networks, therefore, are susceptible to noise of various origins. Depending on the physical size and topology of the network, reflections from end points and branch points can add up or cancel each other to some extent. Such reflections are visible as glitches or ringing on the 1-Wire communication line. Noise coupled onto the 1-Wire line from external sources can also result in signal glitching. A glitch during the rising edge of a time slot can cause a peripheral device to lose synchronization with the controller and, consequently, result in a command error or command abort. For better performance in network applications, the DS28E30 uses a 1-Wire front-end with built-in hysteresis. If a negative glitch crosses VTH, but does not go below VTH - VHY, it is not recognized. See Figure 5.
