The DS28E40 is a secure authenticator that provides a core set of cryptographic tools derived from integrated asymmetric (ECC-P256) and symmetric (SHA-256) secu­rity functions. In addition to the security services provided by the hardware-implemented cryptographic engines, the device integrates a FIPS/NIST True Random Number Genera­tor (TRNG), 6Kb of One-Time Programmable (OTP) memory for user data, keys and certificates, one configurable General-Purpose Input/Output (GPIO), and a unique 64-bit ROM identification number (ROM ID).The ECC public/private key capabilities operate from the NIST-defined P-256 curve and include FIPS 186 compliant ECDSA signature generation and verification to support a bidirectional asymmetric key authentication model. The SHA-256 secret-key capabilities are compliant with FIPS 180 and are usable flexibly either in conjunc­tion with ECDSA operations or independently for multiple Hash-Based Message Authentication Code (HMAC) functions.The GPIO pin is operated under command control and is configurable enabling support of authenticated and non-authenticated operation. The GPIO-authenticated operation supports ECDSA-based crypto-robust mode, enabling secure-boot of a host processor.DeepCover embedded security solutions cloak sensitive data under multiple layers of advanced security to provide the most secure key storage possible. To protect against device-level security attacks, including invasive and noninvasive methods, countermeasures include active die shield, encrypted storage of keys, and algorithmic methods.ApplicationsAccessory and Peripheral Secure AuthenticationAutomotive Secure AuthenticationIdentification and Calibration Automotive Parts/Tools/AccessoriesIoT Node Crypto-ProtectionSecure Boot or Download of Firmware and/or System ParametersSecure Storage of Cryptographic Keys for a Host Controller