DS2703
SHA-1 Battery Pack
Authentication IC
www.maxim-ic.com
GENERAL DESCRIPTION
The DS2703 provides a robust cryptographic solution
to ensure the authenticity of Li-Ion battery packs for
cell phone, PDA, and portable computing devices.
The DS2703 employs the Secure Hash Algorithm
(SHA-1) specified in the Federal Information
publication 180-1 and 180-2, and ISO/IEC 10118-3.
SHA-1 is designed for authentication⎯just what is
required for identifying battery packs manufactured
by authorized sources.
The device’s SHA-1 engine processes a host
transmitted challenge using its stored 64-bit secret
key and unique 64-bit ROM ID to produce a 160-bit
response word for transmission back to the host. The
secret key is securely stored on-chip and never
transmitted between the battery and the host. A
DS2703-based system produces a high degree of
authentication security between a host system and its
removable battery or other peripheral devices.
The Thermistor Multiplexer feature allows a three
contact battery pack configuration to support data
and thermistor functions. When activated through
1-Wire command, the THM pin presents the
thermistor impedance on the data contact and
disconnects internal loading from the node.
FEATURES
Secure Challenge and Response Authentication
Using the SHA-1 Algorithm
Directly Powered by the Dallas 1-Wire
®
Interface
with 16kbps Standard and 143kbps Overdrive
Communication Modes
Unique 64-Bit Serial Number
Thermistor Multiplexer
Operates with V
PULLUP
as Low as 2.7V
Pb-Free 8-Pin
μMAX
®
or 2mm x 3mm TDFN
Package
PIN CONFIGURATION
TYPICAL OPERATING CIRCUIT
APPLICATIONS
2.5G/3G Wireless Handsets
PDAs
Handheld or Notebook Computers and Terminals
Digital Still and Video Cameras
ORDERING INFORMATION
PART
DS2703G+
DS2703G+T&R
DS2703U+
1-Wire is a registered trademark of Dallas Semiconductor.
µMAX is a registered trademark of Maxim Integrated Products.
TEMP RANGE
-20°C to +70°C
-20°C to +70°C
-20°C to +70°C
-20°C to +70°C
DS2703U+T&R
PIN-PACKAGE
2mm x 3mm TDFN
DS2703G+ on
Tape-and-Reel
μMAX-8
DS2703U+ on
Tape-and-Reel
+ Denotes lead-free package.
Note:
Some revisions of this device may incorporate deviations from published specifications known as errata. Multiple revisions of any device
may be simultaneously available through various sales channels. For information about device errata, click here:
www.maxim-ic.com/errata.
1 of 20
REV: 061307
DS2703 SHA-1 Battery Pack Authentication IC
ABSOLUTE MAXIMUM RATINGS
Voltage Range on DQ, THM Pins Relative to Ground
Voltage Range on VB Pin Relative to Ground
Operating Temperature Range
Storage Temperature Range
Soldering Temperature
-0.3V to +18V
-0.3V to +6V
-40°C to +85°C
-55°C to +125°C
See IPC/JEDEC J-STD-020A Specification
Stresses beyond those listed under “Absolute Maximum Ratings” may cause permanent damage to the device. These are stress ratings only,
and functional operation of the device at these or any other conditions beyond those indicated in the operational sections of the specifications is
not implied. Exposure to the absolute maximum rating conditions for extended periods may affect device.
RECOMMENDED DC OPERATING CONDITIONS
(T
A
= -20°C to +70°C.)
PARAMETER
DQ Pullup Voltage
DQ, THM Relative Voltage
SYMBOL
V
PULLUP
V
DQ-THM
CONDITIONS
Communication Mode
Computation Mode
(Note 1)
(Note 2)
MIN
0
2.7
-0.3
TYP
MAX
5.5
5.5
15
UNITS
V
V
DQ to THM Resistor
R
DQ-THM
5
500
KΩ
DC ELECTRICAL CHARACTERISTICS
(V
PULLUP
= 2.7V to 5.5V, T
A
= -20°C to +70°C.)
PARAMETER
SYMBOL
I
DQ0
I
DQ1
DQ Load Current
I
DQ2
I
DQ3
I
PP
I
PP-IDLE
DQ Programming Voltage
Input Logic High: DQ
Input Logic Low: DQ
Output Logic Low: DQ
Output Logic Low: THM
Hold-Up Current: VB pin
DQ Capacitance
V
PP
V
IH
V
IL
V
OL-DQ
V
OL-THM
I
HU
C
DQ
CONDITIONS
Standby Mode, V
DQ
> V
IH
Communication Mode
(Note 14)
Computation Mode,
SHA-1 Computation Active
Thermistor Mux Active,
(Note 3)
14.5 < V
DQ
< 15.0V
o
0 < t < 50 C
(Note 4)
Program Pulse, (Note 5, 6)
(Note 6)
(Note 6)
I
OL
= 4mA, (Note 6, 7)
I
OL
= 4mA, (Note 6, 7, 8)
THM pin Active, V
B
= 2.70V
(Note 9)
MIN
TYP
1
MAX
2.5
75
0.25
1
10
60
UNITS
μA
μA
mA
μA
mA
μA
V
V
V
V
V
μA
pF
14.5
0.8 V
PULLUP
15.0
0.5
0.4
0.4
3.2
50
EEPROM RELIABILITY SPECIFICATION
(V
PULLUP
= 2.7V to 5.5V, T
A
= -20°C to +70°C.)
PARAMETER
EEPROM Write Endurance
SYMBOL
N
EEC
CONDITIONS
0 < t < 50 C (Note 10)
o
MIN
1000
TYP
MAX
UNITS
Cycles
2 of 20
DS2703 SHA-1 Battery Pack Authentication IC
AC ELECTRICAL CHARACTERISTICS
(V
PULLUP
= 2.7V to 5.5V, T
A
= -20°C to +70°C.)
PARAMETER
THM Low Delay
Computation Delay Time
Computation Time
Programming Pulse Width
Programming Pulse Rise Time
Programming Pulse Fall Time
Start-up Delay Time
SYMBOL
t
TD
t
D
t
SHA
t
PPW
t
PPR
t
PPF
t
STRT
(Note 13)
CONDITIONS
(Note 11)
(Note 12)
(Note 12)
(Note 5)
17
0.5
0.5
5
5
100
100
15
MIN
TYP
MAX
15
UNITS
μs
μs
ms
ms
μs
μs
ms
AC ELECTRICAL CHARACTERISTICS: 1-Wire INTERFACE
(V
PULLUP
= 2.7V to 5.5V, T
A
= -20°C to +70°C.)
PARAMETER
1-Wire INTERFACE REGULAR TIMING
Time Slot
Recovery Time
Write 0 Low Time
Write 1 Low Time
Read Data Valid Time
Reset Time High
Reset Time Low
Presence Detect High
Presence Detect Low
1-Wire INTERFACE OVERDRIVE TIMING
Time Slot
Recovery Time
Write 0 Low Time
Write 1 Low Time
Read Data Valid Time
Reset Time High
Reset Time Low
Presence Detect High
Presence Detect Low
Note 1:
Note 2:
Note 3:
Note 4:
Note 5:
Note 6:
Note 7:
Note 8:
Note 9:
Note 10:
Note 11:
Note 12:
Note 13:
Note 14:
SYMBOL
t
SLOT
t
REC
t
LOW0
t
LOW1
t
RDV
t
RSTH
t
RSTL
t
PDH
t
PDL
t
SLOT
t
REC
t
LOW0
t
LOW1
t
RDV
t
RSTH
t
RSTL
t
PDH
t
PDL
CONDITIONS
MIN
60
1
60
1
480
480
15
60
6
1
6
1
48
48
2
8
TYP
MAX
120
120
15
15
960
60
240
16
16
2
2
80
6
24
UNITS
μs
μs
μs
μs
μs
μs
μs
μs
μs
μs
μs
μs
μs
μs
μs
μs
μs
μs
V
DQ
– V
THM
. The THM pin must not be driven to a higher voltage than the DQ pin.
The application thermistor cannot exceed the R
DQ-THM
resistance range over operating temperature. If thermistor mode is not used in the application, it is
recommended that a 50KΩ resistor be connected between DQ and THM pins instead.
Maximum leakage of DQ pin while in thermistor mode.
When performing a Lock Secret (0x6A), Set Overdrive (0x8B) or Clear Overdrive (0x8D) operation, there will be an increased operating current of I
PGM-
IDLE
during and after the program pulse until the next 1-Wire bus reset.
See Figure 11 for definitionof t
PPR
, t
PPW
, and t
PPF.
All voltages referenced to VSS.
V
DQ
must be at least 3.0V when the 1-Wire bus is idle.
Drive strength at time=0 after Activate Thermistor command is sent to the DS2703.
Does not include capacitance referred from VB pin on initial power up.
EEPROM data read retention is four years at +50°C
Time from msb of Activate Thermistor command until THM pin is driven low internally.
Time from msb of Compute Next Secret or Compute MAC command.
Time after initial power up before the DS2703 will respond to communication. T
STRT
specifications are valid only if the capacitor on VB (C
VB
) is 0.22µF.
Worst case 100ms delay based on maximum thermistor value of 500kΩ.
The average current measured in Overdrive mode with minimum bus timings while the master issues: 1-Wire Reset, Skip ROM, Write Challenge, Write
0's repeatedly unil the end of measurement.
3 of 20
DS2703 SHA-1 Battery Pack Authentication IC
PIN DESCRIPTION
8-PIN
µMAX
2mm x 3mm
TDFN
NAME
FUNCTION
1
2
3
4
5
6
7
8
7
8
1
2
3
4
5
6
THM
V
SS
DQ
VB
N.C.
N.C.
N.C.
N.C.
Thermistor Mux.
Connect a thermistor from THM to DQ. Optional. For
temperature measurements only. If a thermistor is not used in the application, It is
recommended THM be tied to DQ with a 50KΩ resistor instead. THM should
never be left floating.
Device Ground.
Connect directly to the negative terminal of the battery cell.
Data Input/Output.
1-Wire data line. Open-drain output driver. Connect this pin to
the DATA terminal of the battery pack. This pin has a weak internal pulldown (1µA
Typical).
Hold-up Supply Bypass Input.
Internal power supply to the DS2703 while DQ is
logic low and during thermistor measurement periods. Connect a 0.22µF
capacitor from VB to V
SS
.
No Connection.
Pin not connected internally, float or connect to V
SS
.
No Connection.
Pin not connected internally, float or connect to V
SS
.
No Connection.
Pin not connected internally, float or connect to V
SS
.
No Connection.
Pin not connected internally, float or connect to V
SS
.
Figure 1. Block Diagram
4 of 20
DS2703 SHA-1 Battery Pack Authentication IC
DETAILED DESCRIPTION
The DS2703 is comprised of a SHA-1 Authentication function and thermistor mux control that are accessed via a 1-
Wire interface. The high voltage (HV) detection circuit routes the externally supplied programming voltage to the
EEPROM array and enables the internal regulator to isolate portions of the chip from the programming voltage. The
1-Wire interface controls access by a host system to the 64-bit Net Address (ROM ID) and SHA-1 Authentication.
The DS2703 operates in one of four operating modes: communication, computation, programming and thermistor
access. Most operations are performed in communication mode, with the host system addressing the DS2703
using Net Address commands and then setting up an authentication exchange and retrieving the results. In
communication mode, the DQ load current is no more than
I
DQ0
maximum, and the DS2703 can be “parasite”
powered via the DQ pin through a high impedance pullup resistor during a communication transaction. Power
available while the 1-Wire bus is at a logic high is rectified by the on chip diode and stored in an off chip capacitor
connected to the VB pin.
In computation mode, when a SHA-1 verification is performed, the DQ load current increases up to
I
DQ2
,
necessitating a lower impedance pullup resistor. The computation mode load current occurs after the host supplies
the required challenge data and requests the computation using the proper function commands in communication
mode. In this mode, the pullup supply and low impedance pullup resistor must be capable of keeping the DQ pin
above V
PULLUP-MIN
.
The third operating mode is required when programming the non-volatile memory portions of the DS2703. The
programming mode is defined by the application of a high voltage programming pulse to the DQ pin at the
appropriate point during a Compute Secret command, Load/Lock Secret or Clear/Set Overdrive Timing command.
The internal voltage regulator limits the internal voltage (V
DD_INT
) to isolate low voltage portions of the chip from the
HV programming pulse. Typically, programming mode is used during module or pack manufacture to configure the
DS2703 and program the 64-bit secret.
Finally, thermistor mode allows the voltage on an external thermistor to be measured from the DQ line. The
command sequence causes the DS2703 to internally disconnect its DQ interface and drive the THM pin to VSS
allowing the measurement to be made. The IC remains in this mode until the VB pin capacitor is drained causing
the DS2703 to power cycle back to communication mode.
AUTHENTICATION
Authentication is performed using a FIPS-180 compliant SHA-1 one way hash algorithm on a 512 bit message
block. The message block consists of a 64-bit secret, a 64-bit challenge and 384 bits of constant data. Optionally,
the 64-bit net address replaces 64 of the 384 bits of constant data used in the hash operation. An authentication
attempt is initiated by the host system providing a 64-bit random challenge then sending one of two compute
command sequences. The host and the DS2703 both calculate the result based on the mutually known secret. The
result data, known as the Message Authentication Code (MAC) or Message Digest, is returned by the DS2703 for
comparison to the host’s result. Note that the secret is never transmitted on the bus and thus cannot be captured
by observing bus traffic. SHA-1 based authentication is a cryptographically strong method in wide use for digitally
signing encrypted files and secure transactions such as electronic cash and password exchange protocols.
The FIPS 180 Compliant Input Block, the 512-bit message block is organized as sixteen 32-bit words, W0-W15.
The message block is initialized when a command is received to compute the MAC. Upon initialization, the 64-bit
secret is loaded, and it is important to note that the SHA-1 algorithm has access to this data, but not the serial
interface. The challenge data is received with the command just prior to the compute MAC command. The
challenge data is cleared during computation of the MAC, so the host must write new challenge data prior to
issuing each Compute MAC or Compute Next Secret command. Additionally, the A, B, C, D and E variables used
in the hash computation are initialized per FIPS 180 as shown in Table 1. Variable Initiation. Please contact the
factory for memory map details.
5 of 20
