Owner's manual
2 CryptoCompanion™ Chip
5277CS–CryptoCompanion–2/09
1. Product Overview
The CryptoCompanion™ Chip is designed as the mate to Atmel’s CryptoRF and CryptoMemory chips, collectively
referred to in the remainder of this document as CRF.
CryptoCompanion makes extensive use of the SHA-1 hash algorithm as specified in
http://www.itl.nist.gov/fipspubs/fip180-1.htm
and elsewhere. In this document, the nomenclature SHA-1(a, b, c) means
to concatenate a, b & c in that order and then pad them to a block size of 64 bytes before computing the digest.
CryptoCompanion generates SHA-1 digests of single round datasets at a time.
1.1. General Operation
The CRF chip contains secrets that must be known or derived by a host system in order to establish a trusted link
between the two and permit communications to happen. CryptoCompanion stores these secrets in an obscured way in
nonvolatile memory and contains all the circuitry necessary to perform the authentication, password and
encryption/decryption functions specified in the CRF datasheet. In this manner, the secrets do not ever need to be
revealed.
The general cryptographic strategy is as follows:
• Each CRF chip has a serial or identification number (ID) and authentication secret G
i
stored in EEPROM. ID is
freely readable while G
i
can never be read and is unique for all tags.
• CryptoCompanion contains an EEPROM that holds a set of common secrets (F
n
). CryptoCompanion combines F
n
with ID and K
ID
to compute a value of G that is expected to match that in the CRF chip. Specifically, G = SHA-1(F
n
,
ID, K
ID
)
• G is further diversified by the inclusion of a number (K
ID
) generated by the host system in a manner of its choosing.
Typically, it will be the result of a cryptographic operation on the CRF ID value calculated using other data, secrets
and/or algorithms external to CryptoCompanion. This permits scenarios that offer varying degrees of additional
security.
• CryptoCompanion includes a general purpose cryptographic quality random number generator which is used to
seed a mutual authentication process between CryptoCompanion and CRF. If the CRF confirms the
CryptoCompanion challenge, and the CryptoCompanion confirms the CRF response, then the host system
proceeds with CRF operations. In this way the host system may use the CRF without knowing the CRF's secrets
directly.
1.2. CryptoCompanion Benefits
The following is a partial list of the benefits of using this chip versus storing the algorithms and secrets in standard
FLASH system memory.
• Keep confidential those core secrets that are used to authenticate with and communicate to/from CRF.
(Store them in EEPROM, use them on-chip)
• Flexible system implementation – multiple secrets and policies for different CRF locations within the system.
Multiple manufacturer setup options.
• Hardware encryption engines, avoids algorithm disclosure from reverse-compilation of system operating code.
• Full hardware security implementation makes it harder for an attacker (even with lab equipment) to get secrets
stored on CryptoCompanion.
• Global secrets are protected using strong security, standard algorithm (SHA-1).
• Robust random number generation avoids accidental replay for all cryptographic operations using the system, not
just with respect to CRF.
• Secure EEPROM storage for configuration information, etc. May permit reduction in the total BOM for the system.
• Easy to use – little programming required; no knowledge of security algorithms or protocols, fast time to market.