DeepCover®embedded security solutions cloak sensitive data under multiple layers of advanced physical security to provide the most secure key storage possible. The DeepCover Secure Memory (DS28C22) combines crypto-strong, bidirectional, secure challenge-and-response authentication and small message encryption functionality with an implementation based on the FIPS 180-specified Secure Hash Algorithm (SHA-256). A 3Kb user-programmable EEPROM array provides nonvolatile storage for application data and additional protected memory holds a read-protected secret for SHA-256 operations and settings for user memory control. Each device has its own guaranteed unique and unalterable 64-bit ROM identification number (ROM ID) that is factory programmed into the chip. This unique ROM ID is used as a fundamental input parameter for cryptographic operations and also serves as an electronic serial number within the application. A bidirectional security model enables two-way authentication and encryption between a host system and slave-embedded DS28C22. Slave-to-host authentication is used by a host system to securely validate that an attached or embedded DS28C22 is authentic. Host-to-slave authentication is used to protect DS28C22 user memory from being modified by a nonauthentic host. The SHA-256 message authentication code (MAC), which the DS28C22 generates, is computed from data in the user memory, an on-chip secret, a host random challenge, and the 64-bit ROM ID. The device also facilitates encrypted read and write between host and slave using a one time pad computed by the SHA-256 engine. When not in use, the DS28C22 can be put in sleep mode where power consumption is minimal.ApplicationsAuthentication of Network-Attached AppliancesKey Generation and Secure Exchange for Cryptographic SystemsSecure Feature Setting for Configurable SystemsSystem Intellectual Property Protection