Hot News

Plug-and-Play Cryptography for Host Reader Security

   Embedded World, Nuremberg, Germany, February 26, 2008  

Atmel’s CryptoCompanion IC Eliminates the Need for Designers to Understand Cryptographic Processes and Algorithms

    Atmel® Corporation (NASDAQ:ATML), today announced its CryptoCompanion™ chip that provides plug-and-play host-side cryptographic security for embedded systems that are prone to firmware theft, violation of licensing agreements, and/or product counterfeiting. Such systems include printer cartridges, smart batteries, set top boxes, cell phones, video game consoles, video game cartridges, PDAs, GPS, and any system with proprietary algorithms or secrets.

    Embedded systems are particularly vulnerable to the uploading of unauthorized system firmware, which is frequently used to access features that have not been paid for (e.g. the ability to send photos from a cell phone, unpaid access to pay-per-view media content, or the ability to play games that are not licensed for a particular game console). These illegal firmware changes rob companies of expected revenue.

    Such products can be protected by using the mutual authentication capability in Atmel’s CryptoMemory® and CryptoRF® devices, which have encryption keys and algorithms that are inaccessible and, therefore, cannot be stolen or copied. The host reader and device mutually authenticate each other by computing “challenges”, based on the unreadable keys that can only be duplicated by a device with the correct keys and algorithms. The adoption of secure mutual authentication has been limited because the complexity of designing the host reader, which requires extensive knowledge of cryptography and associated cryptographic algorithms, and is beyond the scope of many engineers. Atmel’s CryptoCompanion chip is the world’s first device that integrates all host-side security functionality in a plug-and-play solution.

    Atmel’s AT88SC016 CryptoCompanion chip is a, single-chip host solution that eliminates the need for host-side development of secure systems with mutual authentication. It integrates hardware cryptographic and SHA hash engines, and a hardware random number generator with secure storage for encryption algorithms and up to 16 encryption keys. The CryptoCompanion chip executes all host-side operations for secure mutual authentication, including data encryption, firmware integrity verification, and generation of encrypted message authentication codes for secure communication with the device. System developers do not need any knowledge of cryptographic techniques to develop host applications with this chip.

    Hardware-based Security for the Masses. The weak link in most secure communicating systems is the inability to securely store keys and security algorithms. Before the advent of the CryptoCompanion chip, the only way to achieve effective security was to use, Secure Access Modules (SAMs), which cost as much as $5 each and require special firmware or operating systems to execute security routines. The complexity and expense of this type of solution has hindered the adoption of hardware-based security in many end-products. Most engineers do not have the cryptographic expertise to implement these systems, and the price tag has been prohibitive for cost-sensitive embedded systems.

    All host-side security firmware is implemented in Atmel’s CryptoCompanion chip, allowing engineers to implement hardware security in their products with no customer-side firmware or OS development, at about a fraction of the cost of a Secure Access Module.

    Secure Dynamic Mutual Authentication. All of Atmel’s CryptoMemory and CryptoRF devices have unique serial numbers, an embedded cryptographic engine, and between 1 Kbit and 256 Kbits of EEPROM. The CryptoCompanion host generates unique authentication challenges for each CryptoMemory or CryptoRF IC, based on one of its 16 securely stored keys and each device’s serial number.

    The embedded cryptographic engine on CryptoMemory and CryptoRF devices uses its authentication keys and a random number to create a unique, highly encrypted, 56-bit identity, called a cryptogram plus a unique 64-bit session encryption key for each transaction.

    During mutual authentication, the CryptoMemory or CryptoRF device sends its serial number and cryptogram to the CryptoCompanion on the host reader. The companion computes a 64-bit number, called a “challenge”, based on its own authentication key and a hardware-generated, true random number. It sends both the random number and the “challenge” to the device. The CryptoMemory or CryptoRF device uses the random number and its own non-readable authentication key to generate another 64-bit number. If the two 64-bit numbers match, then the CryptoMemory or CryptoRF device accepts the host as authentic. If the two numbers do not match, the transaction ends before any information is divulged.

    Once the host is authenticated, the Crypto device generates a new cryptogram, based on its most recent cryptogram, which it sends to the host as a “counter-challenge”. The host uses the original encrypted identity of the device, the same random number it sent, and the device’s serial number to compute a new encrypted identity. If that number matches the “counter-challenge”, the CryptoMemory or CryptoRF is deemed to be authentic and data, encrypted with the session encryption keys, may be exchanged.

    The key to the security is that the authentication keys and host encryption keys used to create the cryptograms never leave the Crypto device or the CryptoCompanion host. Only an authentic host can read information from the CryptoMemory or CryptoRF. The likelihood of a “fake” device creating the appropriate cryptogram is extremely low.

    Only the authentication keys are written to the CryptoMemory or CryptoRF device. The host key, which is required to create the authentication keys, is stored in the companion chip but not in the Crypto device. Thus, in the unlikely event that a CryptoMemory or CryptoRF device was “cracked”, it does not contain enough information to create the right keys. Because the keys are diversified, an authentication key learned from one device is useless with any other device.

    Two Firmware Protection Schemes.

Atmel’s CryptoCompanion chip provides two firmware verification schemes to authenticate embedded system firmware. The first type uses the industry standard SHA hash algorithm to create a 20-byte number, called a digest, from the system firmware itself. Executing the SHA hash on the firmware will always result in the same 20-byte number, but changing even a single bit in the firmware will result in a completely different number. The hash value is stored in the companion device. The validity of the firmware can be checked by executing the SHA algorithm on the firmware and comparing it to the value stored in the CryptoCompanion. If the two numbers are the same, the firmware is valid; if they are different the firmware in the product has been tampered with. The second type of firmware verification uses the hash digest of the firmware, plus a digital signature for the verifying agent, which verifies that the agent is authorized to make a firmware upgrade. This scheme allows for firmware upgrades by trusted agents in addition to verifying the integrity of existing firmware. When the companion chip detects a firmware in compromise,it automatically disables further execution of the host firmware.

    Manages Read/Write Access for Configurable Memory Sectors. CryptoMemory and CryptoRF devices are available in densities from 1 Kbit to 256 Kbits of user memory to accommodate a wide range of information storage and cost requirements. The CryptoCompanion chip can be used to create and manage up to 16 different memory sectors on the Crypto devices, each of which can have different levels of read/write access with individual encryption and authentication keys and passwords.

    No Cryptography Expertise Required. Atmel’s CryptoCompanion chip completely embeds required host components and operations in hardware, including securely storing the host-side cryptographic engine, computing challenges, performing data encryption and decryption, computing message authentication codes, and keeping the host cryptographic engine in synchrony with that in the device.

    Pricing and Packaging. Atmel’s AT88SC016 CryptoCompanion chip is available now in standard 8-pin SOIC packages and is priced at 50 cents in volumes of 25,000 units.

    CryptoMemory and CryptoRF devices are in volume production in a variety of configurations and memory densities, and are priced from 30 cents and 75 cents, respectively, in quantities of 25,000 units.

Atmel’s AVR XMEGA Redefines System Performance for 8/16-bit Microcontrollers

    San Jose, CA, February 26, 2008  

Ultra low power 1.6 Volt microcontroller family

    Atmel® Corporation (Nasdaq: ATML) announced today the AVR® XMEGA™ family, an important addition to their successful AVR microcontrollers. The system performance of AVR XMEGA expands the market reach for 8/16-bit microcontrollers. With second generation of picoPower™ technology, XMEGA is the only family of Flash microcontrollers with true 1.6V operation. The ultra low power consumption is combined with fast 12-bit analog functions, a DMA controller, an innovative Event System and a crypto engine. All features free CPU resources which minimize power consumption and increase system performance.

    "With a modern AVR CPU, Atmel is capable to serve both the 8- and 16-bit microcontroller market,” said Ingar Fredriksen, Atmel’s AVR Product Marketing Director. “Many competitors are forced to offer 32-bit solutions since their old 8- or 16-bit CPU does not meet the customer’s requirements. However, they struggle with price, power consumption, ease of use, EMC performance and analog features. AVR XMEGA combines Atmel's picoPower technology with extended task-handling capability and advanced peripherals in a large family of devices.”

    The XMEGA microcontrollers range from 16 to 384 KB of Flash and 44- to 100-pin packages. They operate from 1.6V to 3.6V and achieve up to 32 MIPS at 32 MHz. The XMEGA devices are general purpose microcontrollers well suited for a variety of applications including audio systems, ZigBee®, power tools, medical, board controllers, networking, metering, optical transceivers, motor control, white goods and any battery powered product.

    Ultra Low Power – Atmel’s picoPower technology already used in megaAVR® products, is recognized as market leader in low power. With AVR XMEGA, using second generation picoPower, battery life is further increased by additional features like true 1.6V operation and a combined Watchdog Timer- and Brown-Out-Detector current consumption of only 1 uA. True 1.6V operation means all functions including Flash reprogramming, EEPROM write, analog conversions and internal oscillators are operative. In battery powered applications like mobile phones, XMEGA devices can be connected to a 1.8V (+/- 10%) regulated power supply to save cost and increase battery life. AVR XMEGA delivers industry leading power consumption numbers. In Power Down mode with RAM retention, current consumption is 100 nA. A Real-Time Clock function using a 32 kHz crystal oscillator has a power consumption of only 650 nA.

    Modern CPU Built for Scalability – The 8/16-bit AVR CPU is designed for high-level languages like C. It has 16- and 32-bit arithmetic support and 16- and 24-bit memory pointers. Single cycle operation and 32 working registers connected to the Arithmetic Logic Unit makes AVR more efficient than other CPUs. Based on the solid AVR CPU platform, Atmel now offers one of the largest families of code compatible devices ranging from 1 KB 8-pin tinyAVR® to 384 KB 100-pin XMEGA. By standardizing on AVR MCUs, customers save investments and shorten time-to-market by reusing development tools, software and hardware design.

    Innovative Event System – Like a reflex in the human body, the innovative XMEGA Event System enables inter-peripheral communication without CPU or DMA usage. This ensures 100% predictable and short response time. Up to 8 simultaneous events or interrupt conditions in the peripherals can automatically start actions in other peripherals. The Event System removes bottlenecks associated with multiple and/or frequently triggering interrupts. There is no software overhead and critical tasks are handled with a guaranteed latency shorter than any interrupt response time.

    Leading Analog Performance – The XMEGA Analog-to-Digital Converter has 12-bit resolution and provides up to 2 million samples per second with hardware support for oversampling to increase resolution to 16 bits without extra cost. Programmable gain stage, differential inputs, temperature sensor, and accurate internal voltage references removes external components and saves cost. AVR XMEGA also includes 12-bit Digital-to-Analog Converters and advanced Analog Comparators.

    Fast Crypto Engine – XMEGA has a hardware crypto engine that supports Advanced Encryption Standard (AES) and Data Encryption Standard (DES). The crypto engine increases encrypted communication speed from 10 kbps to 2 Mbps compared to software solutions. AVR XMEGA is the only solution for high bandwidth encrypted data communication in long life battery powered applications, like toll road tags, wireless sensor nodes and ZigBee.

    Development Tools – AVR XMEGA is supported by the easy-to-use tool chain already existing for AVR devices. The AVR Studio® integrated development environment is available free of charge on Atmel's web site. The STK®600 Starter Kit and JTAGICE mkII on-chip debugger supports every microcontroller in Atmel’s AVR and AVR32 UC3 product families.

    Availability and Pricing

The first devices, ATxmega128A1 and ATxmega64A1 are both offered in 100-pin TQFP and BGA packages and are available now. Volume prices for 10k units are US$3.75 and US$3.50, respectively. Other XMEGA devices will be available during 2Q or 3Q of 2008.

Atmel Introduces First Ultra-low Power ARM7-based MCU Series with 100nA Power-down Mode

    Rousset, France, February 26, 2008  

ARM7-based 32-bit Flash MCU with Software Programmable Power Switches and Voltage Scaling for Power-constrained Applications

    Atmel® Corporation (Nasdaq: ATML) announced today a new series of high-performance, ultra-low power ARM7TDMI®-based microcontrollers, the AT91SAM7L series, embedding power switches controlling multiple power islands and programmable voltage regulators to reduce power consumption in active and standby modes. This is in response to the huge demand for more power efficient products driven by a market trend towards environmentally friendly, battery operated and portable products like media players, remote controls, weather stations, calculators, toys, control panels, thermostats and hand-held medical devices such as glucose meters, blood pressure meters and fitness monitors. The demand for green products is pushing manufacturers to consider low-power standby modes even on products supplied by the power grid. The individual standby power of audio or TV equipment is small at around 1 or 2 W per unit, but the fact that billions of these are maintained in standby mode, results in a total power consumption of thousands of megawatts.

    Active and passive power control techniques. The AT91SAM7L series features innovative power reduction techniques for both active and standby modes. In active mode, the power consumption is optimized via a programmable operating voltage, operating frequency, and peripheral clock activity, and the use of DMA instead of the CPU for data transfers. The SAM7L operates in single supply mode down to 1.8V and consumes 0.5mA/MHz typical in active mode when executing code out of its Flash memory. The power consumption in the different standby modes is controlled via power switches, scalable voltage regulators, and the use of sampling techniques on Voltage Monitors, Power On Reset and Brown Out Detector instead of continuous measurement. This provides a higher level of granularity than is available in competing products, while achieving at least the same levels of power saving. In power down mode, the AT91SAM7L consumes only a typical 100nA, which is believed to be a unique feature for 32-bit MCUs.

    Low power modes and fast wake-up. By dividing the microcontroller up in sections which each are representative for a system mode of operation and to supply each section individually, significant current consumption savings can be achieved. Care must be taken when switching on and off the individual sections because intermediate voltage levels driving a CMOS gate or floating gates can result in mA of current consumption. Other considerations are the time required to move from one mode to another. A complete reboot of the system takes seconds and imposes a power consumption penalty which might only make sense if the system needs to function a few minutes per hour. Alternatively putting the device in a standby mode where the context of the processor is maintained but the supply is lowered and the clocks are deactivated offers additional power savings and fast resume of operation. In Power Down mode, only the Fast Wake-up (FWUP) pin is supplied, allowing a reduction of the typical current consumption down to 100nA, and a system wake-up through a simple push button. This feature can be used to control power on/off in applications such as calculators, toys, remote controls or thermostats. In Backup mode, only the supply controller, the zero-power POR and the 32kHz oscillator remain running. The RTC, the 2K backup SRAM, the BOD, the charge pump, the LCD voltage regulator and the LCD Controller can be set on or off separately. This mode can be used when time, context or display need to be saved even if the main application is not running. In Wait mode, the 2MHz RC oscillator provides a rapid wake-up time for fast external event management.

    Lower Voltage Operation. The AT91SAM7L series maximum operating frequency is 37MHz. If the application requires a lower operating frequency, for example only 4MHz, it is possible to supply the microcontroller core with just the voltage required for normal operation at this lower frequency, thanks to the embedded programmable voltage regulator. The core supply may be configured down to 1.55V. At 4MHz, a 1.8V power supply leads to a consumption of 2.9mA. When reducing the power supply to 1.55V, the current consumption reduces to 2.3mA, a 20% improvement. In Wait and Backup Modes the supply voltage is further scaled down to maintain data integrity but without being able to operate normally.

    Clock Management. Clock management can optimize power consumption using the same principle. If a peripheral is not used, its dedicated clock is switched off, saving the peripheral power consumption. This mechanism is called “clock gating”. It means that the clock is applied only to the digital parts that are used. This is a very efficient way to minimize the power consumption in active mode.

    Lower Frequency Operation. As the power consumption is a proportional to the frequency, dividing the frequency by 2 will divide the power consumption by 2. When using the AT91SAM7L series in an application that does not need the maximum speed, a lower frequency can be selected. The system clock frequency can be reduced down to 500Hz. In this case, the limiting factor is leakage current: the dynamic consumption is lower than the static consumption. A lower frequency is reached using pre-scalers or/and using different clock sources. The AT91SAM7L series embeds 5 clock sources: a 32KHz On-Chip RC Oscillator, a 2MHz On-Chip RC oscillator, an external 32.768KHz crystal oscillator, an external main crystal oscillator, up to 37MHz and a PLL. The fully programmable clock controller allows the required source to be selected.

    Zero-Power Power On Reset and Brown Out Detector. In addition to the clock and power supply management, other innovations have been introduced in the AT91SAM7L. The AT91SAM7L series embeds a zero-power Power On Reset, and a Brown Out Detection circuit. The zero-power POR provides an internal reset signal to the AT91SAM7L for power-on and power-off operations and ensures a proper reset for the Supply Controller. The Brown Out Detector can be used to generate an interrupt if the supply drops below a selected threshold (to warn the user about a discharged battery for example) and to reset the chip when the voltage is too low. The Brown Out Detection circuit is disabled by default and can be enabled by software. The threshold is programmable via software. It can be selected from 1.9V to 3.4V with 100 mV steps. BOD current consumption is 25 μA, typically. To decrease current consumption, the software can disable the brownout detector, especially in low-power mode. The software can also configure the BOD in “switched” mode. In this mode, an internal state machine switches on and off periodically and stores the output of the BOD. This decreases the current consumption (inferior to 2 μA) while the detection is still active. This feature is suitable in low-power mode where voltage detection is still needed.

    Voltage Regulator The AT91SAM7L128/64 embeds a Voltage Regulator that is managed by the supply controller. It features three different operating modes. In normal mode, the Voltage Regulator consumes less than 30 μA static current and draws 60 mA of output current. The default output voltage is 1.80V and the start-up time to reach normal mode is inferior to 400μs. In backup mode, the current consumption of the Voltage Regulator is less than 8.5 μA. It can draw up to 1 mA of output current. In shutdown mode, the voltage regulator consumes less than 1 μA while its output is driven internally to GND.

    Peripheral DMA Controller. In active mode, thanks to the high bandwidth AT91SAM architecture, power consumption can be saved when transferring data. The Peripheral DMA Controller transfers data from a Peripheral to the Memory or from the Memory to a Peripheral without any intervention of the CPU. During this phase, the ARM core can remain in idle mode, its clock is disabled. For example, transferring data on a USART at 2mbps leads to 100% CPU use at 37MHz when the PDC is not involved. If the PDC is activated, that leads to only 2% CPU use. In term of power consumption, about 6mA is saved.

    Segment LCD Controller. The AT91SAM7L128/64 embeds LCD features. These include a Segment LCD Controller, built-in drivers and the programmable LCD Power Supply for contrast control comprising a regulated Charge Pump and an adjustable Voltage Regulator. It is intended for monochrome passive liquid crystal displays (LCD) with up to 10 common terminals and up to 40 segment terminals. The regulated Charge Pump output delivers 3.6V as long as its input is supplied at between 1.8V and 3.6V. Current consumption of the Charge Pump and LCD bias when active is 350 μA (max case). The regulated Charge Pump can be used to supply the LCD Voltage Regulator or as a 3.6V voltage reference delivering up to 4 mA. The LCD Voltage Regulator output voltage is software selectable from 2.4V to 3.4V with 16 levels. Its input should be supplied in the range of 2.5V to 3.6V. The LCD Voltage Regulator can be supplied by the regulated Charge Pump output or by an external supply.

    Choice of On-chip Flash and Extensive Peripheral Set. The AT91SAM7L series has two members, the AT91SAM7L128 and the AT91SAM7L64 with respectively 128k Bytes and 64k Bytes of Flash memory. The AT91SAM7L series also integrates a wide range of peripheral functions, including USART, SPI, Timer Counter, RTC and Analog-to- Digital Converters. The AT91SAM7L128/64 System Controller includes a Reset Controller capable of managing the power-on sequence. Correct device operation can be monitored by a built-in Brown Out Detector and a Watchdog Timer running off an integrated oscillator. This complete set of system functions minimizes the number of external components as the chip can run at maximum speed without any external oscillator.

    Development Tools and Real-Time Operating System Support. The SAM7L is supplied with a low-cost Starter Kit, the AT91SAM7L-STK, and runs the comprehensive set of application development tools that has been built up over the years for Atmel’s ARM®-based microcontrollers.

    Availability and Pricing. The AT91SAML128 and the AT91SAM7L64 are available now; packaged in a 128-pin LQFP package and a 144-pin 10x10mm 0.8mm ball pitch BGA package. Pricing is below US$4 in volumes of 10,000 units.

Atmel Raises the Performance Limit for Flash Microcontrollers above 200 MIPS   ( 簡體版 )

    San Jose, CA, February 12, 2008  

AT91SAM9XE 32-bit Microcontrollers Integrate Flash, SRAM and Boot ROM with USB Host/Device, Ethernet, Multiple Serial Interfaces and DMA for Maximum Performance, Connectivity, and Data Bandwidth

    Atmel® Corporation (Nasdaq: ATML) announced today the sampling of the AT91SAM9XE-series, the first generation of monolithic ARM9-based Flash microcontrollers that combines a 200-MIPS ARM926EJ-S™ processor core with up to 512K bytes of high-performance on-chip Flash. The new device offers an unrivalled combination of performance and functionality on a single chip, making these Flash microcontrollers ideal for space-constrained applications where high performance is required.

    Smooth migration from ARM7 to ARM9-based Flash Microcontrollers. The SAM9XE-series is designed to reuse the maximum of the peripherals and technology developed for Atmel’s ARM7™-based SAM7 family. In addition, the same support infrastructure is used for both the SAM7 and the new SAM9XE-series, making the migration between both microcontroller families smooth and easy.

    Jacko Wilbrink, Atmel’s ARM® Product Marketing Director, commented, “The SAM9XE series extends Atmel’s leadership in ARM Flash MCUs from the ARM7 space into the ARM9 space. Built on a proven architecture and peripheral set, the SAM9XE series offers a new performance, functionality and cost point for our rapidly expanding customer base.”

    Multiple Networking/Connectivity Options. The SAM9XE provides multiple networking/connectivity options with on-chip USB 2.0 Full Speed Host and Device Ports, an Ethernet 10/100 Base-T MAC as well as a two-slot Multimedia Card Interface (SDCard/SDIO and MultiMediaCard Compliant), a Synchronous Serial Controller (SSC), four USARTs, two master/slave Serial Peripheral Interfaces (SPI), a debug UART and two Two Wire Interfaces (TWI).

    Distributed DMA for Optimal Internal Data Bandwidth. The six-layer system bus matrix is linked to the Memory Management Unit of the processor core, as well as to distributed DMA channels on the USB Host, Ethernet and Image Sensor Interface to ensure uninterrupted internal data flows with minimum processor overhead. This concept is extended to peripherals via the Peripheral DMA Controller (PDC) that communicates with DMA interfaces on the USB Device and all other serial I/Os. This industry-leading distributed DMA architecture ensures that internal data transfers occur at maximum possible bandwidth with minimal processor intervention. It enables the SAM9XE to perform complex data processing at the same time as high-speed data transfers.

    Availability and Pricing. The AT91SAM9XE-series is sampling now, in a 208-pin PQFP Green or 217-ball LFBGA Green Package. The Flash memory size ranges from 128K bytes to 512K bytes. Pricing starts at US$7.30 in 10,000 unit quantities

    News Data