NXP EdgeLock® A5000 Plug & Trust Secure Authenticator Authentication Made Secure, Scalable and Easy new Data Sheet

A5000

Edge Lock Secure Authenticator

Rev. 1.0 — 28 March 2022

667609

Product data sheet

1 Introduction

The A5000 is a ready-to-use secure IoT authenticator. It provides a root of trust at the IC level and it gives an IoT authentication system state-of-the-art security capability right out of the box.

A5000 allows for securely storing and provisioning credentials and performing cryptographic operations for security critical communication and authentication functions.

A5000 is versatile in IoT security use cases such as secure connection to public/private clouds, device-to-device authentication or counterfeit protection

A5000 has an independent Common Criteria EAL 6+ security certification up to OS level and supports ECC asymmetric cryptographic and AES/3DES symmetric algorithms. The latest security measures protect the IC even against sophisticated non-invasive and invasive attack scenarios.

The A5000 is a turnkey solution that comes with an authentication application optimized for authentication security use cases pre-installed. This is complemented by an authentication tailored product support package, enabling fast time to market & easy design-in with Plug & Trust middleware for host applications, easy to use development kits, reference designs, and documentation for product evaluation.

To implement inclusive language, the terms "master/slave" has been replaced by

"controller/target", following the recommendation of MIPI.

1.1 A5000 use cases

• Device-to-device authentication

• Secure data protection and storage

• Secure connection to public/private clouds, edge computing platforms, infrastructure

• DLMS/COSEM Compliance for Smart Metering

• Secure key storage

• Secure provisioning of credentials

• Medical sensor and devices

• Qi 1.3 wireless charging authentication

• Matter Ready

1.2 A5000 target applications

• Smart Metering

• Smart Home

• Accessories and Smart Appliances

• Anti-Counterfeit

NXP Semiconductors

A5000


HOST MCU/MPU A5000

Authentication

Application PLUG AND TRUST MW

I2C

I2C controller

SDA SCL

I2C

SCL SDA

I2C target

I2C aaa-041924

Figure 1. A5000 solution block diagram

Note: A5000 is designed to be used as a part of an IoT or Authentication system. It works as an auxiliary security device attached to a host controller. The host controller communicates with A5000 through an I²C interface (with the host being the controller and the A5000 being the target).

Table 1. A5000 commercial name format

Variable Meaning a Product Config g Temperature range ddd

Zrrff

1.3 A5000 naming convention

The following table explains the naming conventions of the commercial product name of the A5000 platform. Every A5000 product gets assigned a commercial name, which includes application specific data.

The A5000 commercial names have the following format.

A5000agddd/Zrrff

All letters are explained in

Table 1

.

Delivery Type

Values

C,R

2

HQ1

Letters and numbers

Description

Configuration options, refer to Configuration paragraph

Extended operational ambient temperature

2 = -40 °C - 105 °C

HX2QFN20

NXP internal code to identify individual configurations

A5000


All information provided in this document is subject to legal disclaimers.

Rev. 1.0 — 28 March 2022

667609

© NXP B.V. 2022. All rights reserved.

2 / 26


A5000


2 Features and benefits

2.1 Key benefits

• Plug & Trust for fast and easy design with dedicated product support package for authentication use cases

• Easy integration with different MCU & MPU platforms and OSs (Linux, RTOS,

Windows, Android, etc.)

• Turnkey solution ideal for many authentication use cases without the need to write security code

• Secure credential injection for proof of origin check

• Anti-counterfeit solution

• Secure, zero-touch connectivity to public & private clouds

• Real end-to-end security in authentication system from smart metering to smart home appliances

• Ready-to-use example code for each of the key use cases such as device-to-device authentication and originality check

2.2 Key features

The A5000 provides a secure and efficient protection for authentication and anticounterfeit use cases. The efficiency of the security measures is proven by a Common

Criteria EAL6+ certification.

The A5000 operates fully autonomously based on an authenticaton software ready to be used. The product comes with a dedicated authentication application. Direct memory access is possible by the fixed functionalities of the NXP Authentication application only.

With that, the content from the memory is fully isolated from the host system.

• Built on NXP Integral Security Architecture 3.0 ™

• CC EAL 6+ certified HW and OS

• Effective protection against advanced attacks, including Power Analysis and Fault

Attacks of various kinds

• Multiple logical and physical protection layers, including metal shielding, end-to-end encryption, memory encryption, tamper detection

• Support for ECC NIST asymmetric cryptography algorithms,

• Support for AES and DES symmetric cryptographic algorithms for encryption and decryption

• Support for AES Modes: CBC, ECB,CTR,GCM,CCM

• HMAC, CMAC, GMAC, SHA-256/384 operations

• HKDF key derivation function

• Small and very thin footprint HX2QFN20 package (3 × 3 mm) with max 0.33 mm height

• Extended temperature range (-40 °C to +105 °C)

• Standard physical interface I

2

C Target (Fast mode, up to 1 Mbit/s)

• Secured user flash memory of 8kB for secure data or key storage

• Support for SCP03 protocol (bus encryption and encrypted credential injection) to securely bind the host with the secure authenticator

• TRNG compliant to NIST SP800-90B

A5000



Rev. 1.0 — 28 March 2022

667609


3 / 26


A5000


• DRBG compliant to NIST SP800-90A

• Support for Automatic detection of the I

2

C T=1 protocol implementation based on the initial message prologue. Supported protocols:

– NXP SE05x T=1 Over I

2

C Specification. See [1] .

– APDU Transport over SPI/I2C v1.0 | GPC_SPE_172. See

[6] .

• Matter Ready: A5000 provides the necessary cryptographic functions to support the upcoming Matter standard for connecting smart home devices.

2.3 Features in detail

Table 2. A5000 configuration

Categories

Security certification

JavaCard version

GlobalPlatform specification version

ECC Crypto Schemes

CC EAL6+ (HW+OS)

3.0.5

GP 2.3.1

Supported Elliptic Curves

Symmetric Crypto Algorithm

AES Modes

Hash Function

MAC

Key Derivation (KDF)

Secure Channel

TRNG

DRBG

Memory reliability

User Memory

Pre-Provisioned

Interfaces

Power saving modes

Temperature

Packaging

ECDSA

ECDH

ECDHE

ECC NIST P256

ECC NIST P384

3DES (2K, 3K)

AES (128, 192, 256)

CBC, ECB,CTR,GCM,CCM

SHA-256, SHA-384

HMAC, CMAC, GMAC

HKDF

Secure Channel Host-SA (Platform SCP) up to 100 million write cycles / 25 years

I

2

C Target, up to 1 Mbit

Power-Down (with state retention), 460µA (I 2 C)

Deep Power-Down (no state retention), <5 µA

Extended, -40 - +105 °C, see Section 1.3

Plastic QFN, 3x3 mm (HX2QFN20) with max 0.33

mm height

A5000 x x x x x x x x x x x x x x x

NIST SP800-90B, AIS31

NIST SP800-90A, AIS20 x

8kB x x x x x x

A5000



Rev. 1.0 — 28 March 2022

667609


4 / 26


A5000


3 Functional description

3.1 Functional diagram

PRE-

INTEGRATION

TO MAIN

OS AND

MCU, MPU

EdgeLock™ A5000 ENABLEMENT

PLUG AND TRUST MIDDLEWARE

Android, Linux, FreeRTOS, Zephyr Dev Environments: Linux, Windows, macOS

Use Case Based Example Codes, pyCLI Tool

EDGELOCK

2GO AGENT

Arm mbed

TLS

P

OpenSSL PKCS11

PSA

Crypto

API

Matter

API

Qi 1.3 Auth

EDGELOCK A5000

AUTHENTICATION APPLICATION

HARDWARE aaa-041925

Figure 2. A5000 functional diagram

I

The A5000 uses I

2

C as communication interface.

Section 5

gives more details. The

A5000 commands are wrapped using the Smartcard T=1 over I

2

C (T=1o I

2

C) protocol or the APDU Transport over SPI/I

2 detection of the I

2

2

C v1.0 | GPC_SPE_172. Per default automatic

C T=1 protocol implementation based on the initial message prologue

is activated. The detailed documentation of the A5000 commands (see

C protocol encapsulation is available on

[1]

. You may also check the APDU Transport over SPI/I2C v1.0 | GPC_SPE_172, in

[4] .

[3]

) and T=1 over

In order to simplify the product usage a host library which abstracts for A5000 commands and T=1 over I

2

C protocol encapsulation is provided. The host library supporting various platforms is available for download including complete source code on the A5000 website.

A5000 Authentication application features a generic file system capable of securely storing secure objects and associated privilege management. All objects can either be stored in persistent memory or in RAM with the capability to securely export and import them to be stored in an externally provided storage. All secure objects feature basic file operations such as write, read, delete and update.

3.2 Authentication Application Functionality

A5000


3.2.1 Supported secure object types

A secure object is an entry in the file system of A5000. Each secure object has certain features and capabilities. The following secure object types are available:

• Symmetric Key (AES, 3DES)

• ECC Key


Rev. 1.0 — 28 March 2022

667609


5 / 26


A5000


• HMAC Key

• Binary File

• User ID

• Counter

• Hash-Extend register

3.2.2 Access control

Each secure object can be linked to object specific access control policies. An access control policy associates a user identified by an authentication with a set of privileges such as read, write, allowed cryptographic operations and more. For details refer to

[3] .

To scale the functionality into a broad range of ecosystems, a set of different authentication options is provided:

• User-ID based authentication

• Symmetric key based authentication with secure messaging

• Asymmetric key based authentication with secure messaging

At creation of a secure object, an optional set of policies is associated with that secure object. Each policy assigns a set of allowed operations on that object to an authentication object.

3.2.3 Locking the Device Configuration

The creation of new secure objects as well as the deletion or modification of existing secure objects can be controlled via a credential.

3.2.4 Sessions and multi-threading

The A5000 Authentication Application is prepared for ecosystems where multi-threading and multi-tenant use cases are needed on APDU level. To enable that, the application supports 2 simultaneous sessions that can span full secure messaging sessions, selfauthenticated APDUs for tenants not requiring long-lasting sessions and on top one default session for single tenant use cases .

3.2.5 Application support

For specific ecosystems, A5000 Authentication Application has built-in crypto features to simplify the deployment of specific use cases such as

• ECC-Key based cloud connectivity (TLS)

• Remote attestation and trust provisioning

3.2.6 Random numbers

The A5000 Authentication Application provides random numbers using an AIS20 compliant pseudo random number generator (PRNG) with class DRG.3 generator initialized by a TRNG compliant to SP800-90B class PTG.2. The PRNG is implemented according to NIST SP800-90A.

A5000


3.2.7 Credential Storage & Memory

Within A5000, all credentials and secure objects are stored inside a dynamic file structure. At creation, a user has to associate a file identifier with the object created. This


Rev. 1.0 — 28 March 2022

667609


6 / 26


A5000

Edge Lock Secure Authenticator identifier is then used in subsequent operations to access the object. The number of objects that can be allocated is only limited by the available memory in the system. After usage, objects can be deleted and the associated memory is freed up again.

There is also the possibility to create transient objects. Transient objects have an object descriptor stored in non-volatile memory, but the object content is stored in RAM.

Together with the import/export functionality of A5000, transient objects can be used securely store secret keys in a remote memory system.

When the creation of secure objects is interrupted by internal errors (e.g. insufficient space) or a tearing event, the memory is not freed up automatically. The memory can be freed up using garbage collection. An example to trigger garbage collection is included in

the Plug & Trust Middleware (InvokeGarbageCollection) [5]

.

3.3 Startup behaviour

If a supply voltage is applied to pins V in range the IC boots up.

, V cc

within the specified supply voltage operating

4 Pre-provisioned ease of use configuration

Table 3. Variant Identifiers

Variant

A5000

A5000 Arduino Dev. Kit.

A5000 variants with pre-provisioned credentials for ease of use are available and can be used during development phase or in the field. With this customers have all keys preinjected in A5000 that are required for the main use cases as, e.g., originality check or cloud onboarding. The identifying information can be read out using the example "get info" from A5000 Plug&Trust MW package. This variant identifier is also known as OEF

ID. This will allow to distinguish the delivered configuration.

For more information, see

Table 3 and Table 4 :

Variant Identifier (OEF ID)

A736

A736

Table 4. Variant A5000

Key name and type Certificate Usage policy

(keys)

Erasable by customer

(keys)

[1]

No

Identifier

Originality Key 0, ECC256, Die

Individual

Certificate 0

Originality Key 1, ECC256, Die

Individual

Certificate 1

Root of Trust signing key,

ECC256, Die Individual (used to attest new generated keys)

N/A

Anybody, Read

Anybody, Read

Anybody Read and

Attestation

No

No

0xF0000000

0xF0000001

0xF0000002

0xF0000003

0xF0000012

(key)

(cert)

(key)

(cert)

(key)

[1] Certificates are always erasable by customer. Consider that their deletion prevents the device from connecting to the EdgeLock 2GO service over TLS.

4.1 A5000 Chain of Trust

A5000



Rev. 1.0 — 28 March 2022

667609


7 / 26


A5000


4.1.1 Chain of Trust for Originality Keys

• Root Certificate

• Intermediate Certificate

4.2 Common keys

The keys in

Table 5

are present in all configurations.

For the value of the Platform SCP please refer to Table 6 .

A second set of Platform SCP keys are inserted with KVN 12. Key set 12 is a recovery key set. It can be used to establish a platform SCP connection in case key set 11 is lost. After authentication with key set 12, key set 11 can be updated again to the new values. Keep in mind that it is required that key set 12 shall be changed to a customer defined and owned value before the A5000 product is deployed in production.

For generic products, NXP own the recovery key set. For customized products, the recovery key value can be retrieved from EdgeLock2Go and customers can update them if recovery feature is not required. As an example for key update, please refer to

"se05x_RotatePlatformSCP03Keys" in the Plug & Trust MW.

Table 5. Common objects

Key name Details and type

Common files

Platform SCP

Certificate Erasable by customer

N/A No

N/A No

Identifier

0x7FFF0206

N/A

Recovery SCP

ECKey session

ECKey import

UUID

Default Value needed to perform update of the key

Default Value needed to perform recovery

Establish an ECC256 based EC key session

Used for ImportExternalObject

N/A

N/A

N/A

No

No

No

N/A

0x7FFF0201

0x7FFF0202

Table 6. Default Platform SCP keys

Configuration ENC

A5000 c9118500b5ffa1433a50226f489a0aa5

MAC

29d2fe28f7feeb153068be381f61bc01

4.3 NXP reserved keys and objects

Table 7. NXP reserved keys and objects

Key name

NXP reserved key 1

NXP reserved key 2

NXP reserved key 3

Erasable by customer

No

No

No

DEK

6124d38402118060ed910360fc5a4278

Identifier

0x7FFF0204

0xF0000020

0xF0003394

A5000



Rev. 1.0 — 28 March 2022

667609


8 / 26


A5000


5 Communication interfaces

The communication with the A5000 authenticator follows a command / response concept.

This means that, after sending the full command to the authenticator all data needs to be retrieved fully until the next command can be sent.

5.1 I

2

C Interfaces

The A5000 has one I

2

C interface supporting target.

The I

2

C target interface is used by the host controller to send arbitrary APDUs to the device. The I

2

C interface is using the Smartcard T=1 over I

2

C protocol.

The default target address of the A5000 is configured to 0x48.

target address

1 0 0 1 0 0 0 R/W aaa-037450

Figure 3. Target address

5.1.1 Supported I 2 C frequencies

The A5000 I

2

C target interface supports the I

2

C fast-speed mode with a maximum SCL clock of up to 1 MHz.

5.1.2 Default I 2 C Communication Parameters

The default I

2

C interface parameters of the A5000 devices are chosen with the highest compatibility in mind:

• The used I

2

C protocol is detected automatically on the first received frame amongst the two possible protocols:

– NXP SE05x T=1 Over I

2

C Specification. See [1] .

– APDU Transport over SPI/I2C v1.0 | GPC_SPE_172. See

[4] .

• Power down can be explicitly requested by the host via an "End of APDU session

request" (according to [1] ) respectively "RELEASE request" from GP T=1oI2C [4] .

6 Power-saving modes

The device provides two power-saving operation modes. The Power-down mode (with state retention) and the Deep Power-down mode (no state retention). These modes are activated via pad ENA (Deep Power-down mode) or by the SW (Power-down mode).

6.1 Power-down mode

The Power-down mode has the following properties:

• All internal clocks are frozen

• CPU enters power-saving mode with program execution being stopped

• CPU registers keep their contents

A5000



Rev. 1.0 — 28 March 2022

667609


9 / 26


A5000


• RAM keeps its contents

The A5000 enters into Power-down mode by receiving "End of APDU session

request" (according to [1] ) respectively "RELEASE request" (according to GP T=1oI2C

[4] . In Power-down mode, all internal clocks are frozen. The IOs hold the logical states

they had at the time Power-down mode was activated.

To exit from the Power-down mode an external interrupt edge must be triggered by a falling edge on I

2

C_SDA.

6.2 Deep Power-down mode

The A5000 provides a special power-saving mode offering maximum power saving. This mode is activated by pulling enable PIN (ENA) to a logic zero level.

While in Deep Power-down mode the internal power and V

OUT and only the I

2

C pads stay supplied.

is switched off completely

To leave the Deep Power-down mode pad ENA has to be pulled up to to a logic „1" level.

For usage of Deep Power-down mode the A5000 must be supplied via pin V in needs to be supplied by pin V out

.

and pin V cc

7 Ordering information

Table 8. Ordering information

12NC Type number

935426225472

935424319598

A5000R2HQ1/Z016U

OM-A5000ARD

A5000 Variant

A5000

A5000 Arduino Board

Orderable part number

A5000R2HQ1/Z016UZ

OM-A5000ARD

A5000



Rev. 1.0 — 28 March 2022

667609


10 / 26


8 Pinning information

8.1 Pinning

8.1.1 Pinning HX2QFN20 terminal 1 index area r.f.u.

n.c.

r.f.u.

n.c.

1

2

3

4 n.c.

5

A5000

15 VOUT

14 r.f.u

13 r.f.u.

12 VIN

11 ENA

A5000


Table 9. Pin description HX2QFN20

Symbol Pin r.f.u.

n.c.

1

2 r.f.u.

n.c.

n.c.

3

4

5 n.c.

n.c.

n.c.

I 2 C_SDA

I 2 C_SCL

ENA

V

IN

6

7

8

9

10

11

12 r.f.u.

r.f.u

aaa-041926 Transparent top view

Figure 4. Pin configuration for HX2QFN20 (SOT1969-1)

Note: Terminal 1 index area is marked on the bottom with a notch on the center pad and on the top with a printed dot.

13

14

Description

Connect to V

SS

Not connected

Connect to V

CC

Not connected

Not connected

Not connected

Not connected

Not connected

I 2 C target data, if not used n.c.

I 2 C target clock, if not used n.c.

Deep Power-down mode enable, if not used then connect to V

CC

Power supply voltage input for I

2

Power-down mode is used

C pads and logic supply in case Deep

Connect to V

CC

Connect to V

SS

A5000



Rev. 1.0 — 28 March 2022

667609


11 / 26


A5000


Table 9. Pin description HX2QFN20

...continued

Symbol Pin Description

V

OUT

15 Supply voltage output to be connected with pad V

CC

Power-down mode is used. N. c. if not used.

on PCB level, if Deep r.f.u.

r.f.u.

V

V

CC

SS n.c.

16

17

18

19

20

Connect to V

Connect to V

IN

SS

Logic power supply voltage input, to be connected with pad V

OUT level, if Deep Power-down mode to be used

on PCB

Ground

Not connected

The center pad of the IC is not connected, although it is recommended to connect it to ground for thermal reasons.

Reference voltage for for I

2

C SDA and SCL is V

IN

.

9 Package

A5000 is offered in HX2QFN20 package. The dimensions are 3 mm x 3 mm x 0,32 mm with a 0,4 mm pitch.

Please refer to the package data sheet

[2]

, SOT1969-1.

10 Marking

Table 10. Marking codes

Type number

A5000

Marking code

Line A: A50

Line B: **** (**** = 4-digit Batch code)

Line C: nDyww

D: RHF-2006 indicator n: Assembly Center

Y: Year

WW: Week

11 Packing information

11.1 Reel packing

The A5000 product is available in tape on reel.

Table 11. Reel packing options

Symbol Parameter

HX2QFN20 7" tape on reel

Numbers of units per reel

3000

A5000



Rev. 1.0 — 28 March 2022

667609


12 / 26


A5000


12 Electrical and timing characteristics

The electrical interface characteristics of static (DC) and dynamic (AC) parameters for pads and functions used for I

[1] ).

C are in accordance with the NXP I

2

C specification (see

13 Limiting values

Table 12. Limiting values

In accordance with the Absolute Maximum Rating System (IEC 60134). Voltages are referenced to V

SS

(ground = 0 V).

Symbol Parameter Conditions Min Max Unit

V

IN

, V cc supply voltage -0.3

+6

[1]

V

I

O

I lu

V

I

I

I

V esd_hbm

V

P

T esd_cdm tot stg input voltage input current output current latch-up current electrostatic discharge voltage

(Human Body Model) electrostatic discharge voltage

(Charge Device Model)

Total power dissipation

Storage temperature any signal pad pad I

2

C_SDA, I

2

C_SCL pad I 2 C_SDA, I 2 C_SCL

V

I

< 0 V or V

I

> V

IN

, V cc

I pads V

CC

C_SCL

, V

SS

, I

2

C_SDA,

I pads V

CC

C_SCL

, V

SS

, I

2

C_SDA,

[2]

[3]

[4]

-

-

-

-

-0.3

-55

+6

10

10

100

± 2.0

± 500

600

+125

V mA mA mA kV

V mW

°C

[1] Maximum supported supply voltage is 6 V. The A5000 is characterized for the specified operating supply voltage range of 1.62 V to 3.6 V. In case of supply voltages above 3.6 V, Deep Power-down mode current <5 µA is not guaranteed.

[2] MIL Standard 883-D method 3015; human body model; C = 100 pF, R = 1.5 kΩ; T amb

[3] JESD22-C101, JEDEC Standard Field induced charge device model test method.

[4] Depending on appropriate thermal resistance of the package.

= -40 °C to +105 °C.

14 Recommended operating conditions

The A5000 is characterized by its specified operating supply voltage range of 1.62 V to

3.6 V.

Table 13. Recommended operating conditions


V

IN

, V

CC

Supply voltage

Conditions Min

Nominal supply voltage 1.62

Typ

1.8

Max

3.6

[1]

Unit

V

V

I

T amb

DC input voltage on digital inputs and digital I/O pads

Operating ambient temperature

[2]

-0.3

-40

V

CC

+0.3

/V

IN

+105

V

°C

[1] Maximum supported supply voltage is 6 V. In case of supply voltages above 3.6 V, Deep Power-down mode current <5 µA is not guaranteed.

[2] All product properties and values specified within this data sheet are only valid within the operating ambient temperature range.

A5000



Rev. 1.0 — 28 March 2022

667609


13 / 26


A5000


3.6 V 1.62 V aaa-015200_

Maximum supported supply voltage is 6 V. In case of supply voltages above 3.6 V, Deep Powerdown mode current <5 µA is not guaranteed.

Figure 5. Characteristic supply voltage operating range

15 Characteristics

15.1 Thermal Characteristics

Table 14. Thermal characteristics

Rating Board Type

[1]

Junction to Ambient

Thermal Resistance

[2]

JESD51-9, 2s2p

Junction to Package

Top Thermal [2]

JESD51-9, 2s2p

Junction to Case

Thermal Resistance

[3]

JESD51-9, 1s

Symbol

R

θJA

Ψ

JT

R

θJC

Value

70.2

8.3

32.9

Unit

°C/W

°C/W

°C/W

[1] Thermal test board meets JEDEC specification for this package (JESD51-9)

[2] Determined in accordance to JEDEC JESD51-2A natural convection environment. Thermal resistance data in this report is solely for a thermal performance comparison of one package to another in a standardized specified environment. It is not meant to predict the performance of a package in an application-specific environment

[3] Junction-to-Case thermal resistance determined using an isothermal cold plate. Case is defined as the bottom of the packages (exposed pad)

15.2 DC characteristics

Measurement conventions

Testing measurements are performed at the contact pads of the device under test. All voltages are defined with respect to the ground contact pad VSS. All currents flowing into the device are considered positive.

15.2.1 I 2 C Interface

Table 15. Electrical DC characteristics of I 2 C pads SDA, SCL. Conditions: V cc

, V

IN

-40 °C to + 105 °C, unless otherwise specified*

= 1.62 V to 3.6 V; V

SS

= 0 V; T amb

=

Maximum supported supply voltage is 6 V. In case of supply voltages above 3.6 V, Deep Power-down mode current <5 µA is not guaranteed.

SSCL, SDA pads are in open-drain mode.

Symbol

V

IH

V

IL

V

HYS

Parameter

HIGH level input voltage

LOW level input voltage

Input hysteresis voltage -

Conditions Min

0.7 V

IN

-0.3

0.081 V

Typ Max Unit

V

IN

+ 0.3

V

0.25 V

IN

V

V

A5000



Rev. 1.0 — 28 March 2022

667609


14 / 26


A5000


Table 15. Electrical DC characteristics of I 2 C pads SDA, SCL. Conditions: V cc

, V

IN

-40 °C to + 105 °C, unless otherwise specified* ...continued

= 1.62 V to 3.6 V; V

SS

= 0 V; T amb

=

Maximum supported supply voltage is 6 V. In case of supply voltages above 3.6 V, Deep Power-down mode current <5 µA is not guaranteed.

SSCL, SDA pads are in open-drain mode.

Symbol Parameter Conditions Min Typ Max Unit

V

OL(OD)

I

OL

= 3.0 mA 0 0.4

V

I

OL(OD)

Low level output voltage

(open-drain mode)

Low level output current

(open-drain mode)

V

OL

= 0.6 V 0.6

mA

I

WPU

I

ILIH weak pull-up current

Leakage input current high level

V

IO

= 0 V

V

SDA

V

= 3.6 V, V

SCL

= 3.6

-265 -180

0.27

-70

15

µA

µA

15.2.2 Power consumption

Table 16. Electrical characteristics of IC supply voltage V

CC

; V

Symbol Parameter Conditions

SS

= 0 V; T amb

= -40 °C to +105 C

Min Typ

Supply

V

CC supply voltage range V

CC

= 1.62 - 3.6 V 1.62

1.80

operating mode: Idle mode

I

DD operating mode: typical CPU

I

I

DDD (DPD)

DD (PD-I2C) supply current Deep Power-down mode supply current I

(I 2

2 C Power-down mode

C wake-up source) during Communication during non asymmetric crypto operation during asymmetric crypto operation

V

CCmin

25 °C

≤ V

IN

≤ V

CCmax;

T amb

=

V

CCmin

≤ V

CC

≤ V

CCmax

; Clock to input SCL stopped, Tamb=

25 °C SDA, SCL pads in pull-up

Typical value with V

CC

= 1.8 V

-

-

3.0

6.5

14.4

3

450

Max

3.6

3.7

7.5

16.5

5

500

15.3 AC characteristics

Table 17. Non-volatile memory timing characteristics

Conditions: V

CC

= 1.62 V to 3.6 V; V

SS

= 0 V; T amb

= -40 °C to +105 °C, unless otherwise specified.

Conditions Min t


EEP t

EEE t

EEW t

EER

FLASH erase + program time

FLASH erase time

FLASH program time

FLASH data retention time T amb

= +55 °C

[2]

25

Typ

[1]

2.3

0.9

1.4

Unit

V mA mA mA

μA

μA

Max Unit ms ms ms years

A5000



Rev. 1.0 — 28 March 2022

667609


15 / 26


A5000


Table 17. Non-volatile memory timing characteristics

...continued

Conditions: V

CC

= 1.62 V to 3.6 V; V

SS

= 0 V; T amb

= -40 °C to +105 °C, unless otherwise specified.


N

EEC

FLASH endurance (maximum number of programming cycles applied to the whole memory block performed by NXP static and dynamic wear leveling algorithm)

Conditions Min

20 × 10 6

Typ

[1]

100 ×

10

6

[1] Typical values are only referenced for information. They are subject to change without notice.

[2] Given value specifies physical access times of FLASH memory only.

Max Unit cycles

Table 18. Electrical AC characteristics of I

2

-40 °C to +105 °C°C

C_SDA, I

2

C_SCL

[1]

; V

CC

= 1.8 V ± 10 % or 3 V ± 10 % V; V

SS

SCL, SDA pads in open-drain mode.

= 0 V; T amb

=

Min Typ Max Unit t f

Symbol Parameter Conditions

Input/Output: I

2

C_SDA, I

2

C_SCL in open-drain mode tr

IO tf

IO

I/O Input rise time

I/O Input fall time

Input/reception mode

Input/reception mode tf

OIO

I/O Output fall time Output/transmission mode; C

L

= 30 pF

CLK

PD

External clock frequency in I

2 applications

C

Power down duration time (I 2 wake-up)

C t

CLKW

, T amb

and V

CC specified limits

CPU clock = 48 MHz

in their

[2]

[2]

[2]

[3]

-

67

1

1

0.3

3.4

μs

μs

μs

MHz

μs t

WKPD

CPU clock = 48 MHz

[4]

97 μs

C

PIN

Wake-up from power down duration time (I

2

C wake-up)

I

Pin capacitances I

C_SCL

2 C_SDA, / Test frequency = 1 MHz; Tamb

= 25 °C

10.5

pF t

ENalt

[5]

2 μs

I

R on out

ENA low time and Vout, V cc low time for entering deep power down mode

Resistance of power switch T

V amb in

=105 °C, I

=1.62 V

T amb

=105 °C load

=25 mA, 1.1

25

Ohm mA t

WKPIO maximum current driving capability of pin V out

Pad LOW time for wake-up from Power-down mode level triggered ext.int.

edge triggered ext.int.

-

-

8

8

10

10

μs

μs

C

PIN

I

Pin capacitances I

C_SCL

2 C_SDA, / Test frequency = 1 MHz; T

= 25 °C amb

10.5

pF

[1] All appropriately marked values are typical values and only referenced for information. They are subject to change without notice.

[2] t r

is defined as rise time between 30 % and 70 % of the signal amplitude.

t f

is defined as fall time between 70 % and 30 % of the signal amplitude.

[3] Wakeup from power down: I C_SCL=400 kHz; the wakeup time will not be sufficient under the rare condition where host sends the first command during the time where SA is just entering power down; in this case the SA will send an R block to request retransmission from the host

A5000



Rev. 1.0 — 28 March 2022

667609


16 / 26


A5000


[4] Wakeup from power down: I

2

C_SCL=1 MHz; the wakeup time will not be sufficient to receive the first host command; the SA will send an R block to request retransmission from the host

[5] Low glitches below 0.4 V on pin ENA and Vin, V out

, V cc

larger than 30 ns cause Power-On-Reset, respectively entering deep power-down mode.

V high

CLK (et al) 0.5 V

DD

70 % level

30 % level

V low t

CLKW

1/f

CLK tf tf tf

CLK

RST

IO tr tr tr

CLK

RST

IO aaa-037451

1) During AC testing the inputs I level and at V

CC

-0.3 V to V timing is measured at 50 % of V

2 C_SDA, I

CC

.

2 C_SCL are driven at 0 V to +0.3 V for a LOW input

CC

for a HIGH input level. Clock period and signal pulse (duty cycle)

2) t r

is defined as rise time between 30 % and 70 % of the signal amplitude. tf is defined as fall time between 70 % and 30 % of the signal amplitude.

Figure 6. External clock drive and AC test timing reference points of I 2

(see

1)

and

2)

) in open-drain mode

C_SDA, I 2 C_SCL,

15.4 I

2

C Bus Timings

Parameters defined in this chapter replace the parameter definitions of I

2 specification see [4] .

C bus, for

SDA

50 % 50 %

SCL

50 % 50 % t

HDf;DAT50

Figure 7. I

2

C Bus Timings

Table 19. I 2 C Bus Timing Specification

Symbol Parameter t

HDf;DAT50

[1]

data hold time

50% SCL - 50% SDA level t

HDr;DAT50

[2]

data hold time

50% SCL - 50% SDA level

Condition

Fast mode

Fast mode

Min

8

24

[1] t

HDf;DAT50

, as defined in

Figure 7

, replaces parameter t

HD;DAT

[2] t

HDr;DAT50

, as defined in Figure 7 , replaces parameter t

HD;DAT

defined in [4]

defined in [4]

15.5 EMC/EMI

EMC and EMI resistance according to IEC 61967-4.

Max t

HDr;DAT50 aaa-036486

Unit ns ns

A5000



Rev. 1.0 — 28 March 2022

667609


17 / 26


A5000


16 Product operation

Within this section guidelines for the operation of A5000 are described.

16.1 T1oI2C command and response pairs

T1oI2C protocol rely on alternating command-APDU response-APDU data pairs. Before the secure authenticator receives a new Command-APDU the previous response-APDU needs to be fetched entirely.

Ensure the response is fully read from the secure authenticator before sending the next command-APDU. This is especially important when the host is reset independently of the secure authenticator or used in multi-threaded/multi-processing applications.

Independently of the secure authenticator, ensure the host/SA command response sequence is synchronized.

The Plug & Trust MW access Manager supports concurrent access from multiple linux processes to the A5000 Authenticaton application.

16.2 T1oI2C communication interface specifications

The Plug & Trust MW provides an example for the T1oI2C protocol implementation on the host. This reference implementation details also additions specific to the following available T1oI2C interfaces:

• NXP SE05x T=1 Over I 2 C Specification. See

[1]

.

•

APDU Transport over SPI/I2C v1.0 | GPC_SPE_172. See [4] .

The host implementation is required to fully comply to the specification to guarantee a seamless operation.

A5000



Rev. 1.0 — 28 March 2022

667609


18 / 26


17 Abbreviations

HW

IC

I

2

C

I/O

IoT

GP

GPIO

HS

HKDF

HMAC

NIST

PCB

PKI

PRF

RAM

MAC

MCU

MPU

MW

OS

EAL

ECC

EMC

EMI

FM

CRC

CRI

DES

DPA

DSS

Table 20. Abbreviations

Acronym Description

AES

APDU

Advanced Encryption Standard

Application Protocol Data Unit

CC

CMAC

Common Criteria

Cipher-based MAC

Cyclic Redundancy Check

Cryptography Research Incorporated

Digital Encryption Standard

Differential Power Analysis

Digital Signature Standard

Evaluation Assurance Level

Elliptic Curve Cryptography

Electromagnetic compatibility

Electro Magnetic Immunity

Fast-Mode

Global Platform

General-purpose input/output

High-Speed-Mode

HMAC-based Extract-and-Expand Key Derivation Function

Keyed-Hash Message Authentication Code

Hardware

Integrated Circuit

Inter-Integrated Circuit

Input/Output

Internet of Things

Message Authentication Code

Microcontroller unit

Microprocessor

Middleware

Operating System

National Institute for Standards and Technology

Printed Circuit Board

Public Key Infrastructure

Pseudo Random Function

Random Access Memory

A5000



Rev. 1.0 — 28 March 2022

667609

A5000



19 / 26


SDA

SPA

SFI

SHA

SW

TLS

VCC

VIN

VOUT

VSS

Table 20. Abbreviations

...continued

Acronym Description

RST

SA

Reset

Secure Authenticator

SAM

SCL

Secure Access Module

Serial clock

Serial data

Simple Power Analysis

Single Fault Injection

Secure Hash Algorithm

Software

Transport Layer Security

Supply Voltage Input

Voltage Input

Voltage Output

Ground

A5000


A5000



Rev. 1.0 — 28 March 2022

667609


20 / 26


A5000


18 References

[1] NXP SE05x T=1 Over I

2

C Specification User Manual, Document Number 11225.

Available on NXP website

[2] SOT1969-1; HX2QFN20; Reel packing and package data sheet. Available on NXP website .

[3] A5000 Authentication Application APDU Specification, document number AN13157.

[4] APDU Transport over SPI/I2C v1.0 | GPC_SPE_172. Available here .

[5] Plug & Trust MW Documentation, AN 13030. Available on NXP website .

A5000



Rev. 1.0 — 28 March 2022

667609


21 / 26


19 Revision history

Table 21. Revision history

Document ID Release date

667610

Modifications

20220328

Initial version

Data sheet status

Product data sheet

Change notice

-

Supersedes

A5000


A5000



Rev. 1.0 — 28 March 2022

667609


22 / 26


A5000


20 Legal information

20.1 Data sheet status

Document status

[1][2]

Objective [short] data sheet

Preliminary [short] data sheet

Product [short] data sheet

Product status

Development

Qualification

Production

[3]

Definition

This document contains data from the objective specification for product development.

This document contains data from the preliminary specification.

This document contains the product specification.

[1] Please consult the most recently issued document before initiating or completing a design.

[2] The term 'short data sheet' is explained in section "Definitions".

[3] The product status of device(s) described in this document may have changed since this document was published and may differ in case of multiple devices. The latest product status information is available on the Internet at URL http://www.nxp.com.

20.2 Definitions

Draft — A draft status on a document indicates that the content is still under internal review and subject to formal approval, which may result in modifications or additions. NXP Semiconductors does not give any representations or warranties as to the accuracy or completeness of information included in a draft version of a document and shall have no liability for the consequences of use of such information.

Suitability for use — NXP Semiconductors products are not designed, authorized or warranted to be suitable for use in life support, life-critical or safety-critical systems or equipment, nor in applications where failure or malfunction of an NXP Semiconductors product can reasonably be expected to result in personal injury, death or severe property or environmental damage. NXP Semiconductors and its suppliers accept no liability for inclusion and/or use of NXP Semiconductors products in such equipment or applications and therefore such inclusion and/or use is at the customer’s own risk.

Short data sheet — A short data sheet is an extract from a full data sheet with the same product type number(s) and title. A short data sheet is intended for quick reference only and should not be relied upon to contain detailed and full information. For detailed and full information see the relevant full data sheet, which is available on request via the local NXP

Semiconductors sales office. In case of any inconsistency or conflict with the short data sheet, the full data sheet shall prevail.

Product specification — The information and data provided in a Product data sheet shall define the specification of the product as agreed between

NXP Semiconductors and its customer, unless NXP Semiconductors and customer have explicitly agreed otherwise in writing. In no event however, shall an agreement be valid in which the NXP Semiconductors product is deemed to offer functions and qualities beyond those described in the

Product data sheet.

20.3 Disclaimers

Applications — Applications that are described herein for any of these products are for illustrative purposes only. NXP Semiconductors makes no representation or warranty that such applications will be suitable for the specified use without further testing or modification.

Customers are responsible for the design and operation of their applications and products using NXP Semiconductors products, and NXP

Semiconductors accepts no liability for any assistance with applications or customer product design. It is customer’s sole responsibility to determine whether the NXP Semiconductors product is suitable and fit for the customer’s applications and products planned, as well as for the planned application and use of customer’s third party customer(s). Customers should provide appropriate design and operating safeguards to minimize the risks associated with their applications and products.

NXP Semiconductors does not accept any liability related to any default, damage, costs or problem which is based on any weakness or default in the customer’s applications or products, or the application or use by customer’s third party customer(s). Customer is responsible for doing all necessary testing for the customer’s applications and products using NXP

Semiconductors products in order to avoid a default of the applications and the products or of the application or use by customer’s third party customer(s). NXP does not accept any liability in this respect.

Limited warranty and liability — Information in this document is believed to be accurate and reliable. However, NXP Semiconductors does not give any representations or warranties, expressed or implied, as to the accuracy or completeness of such information and shall have no liability for the consequences of use of such information. NXP Semiconductors takes no responsibility for the content in this document if provided by an information source outside of NXP Semiconductors.

In no event shall NXP Semiconductors be liable for any indirect, incidental, punitive, special or consequential damages (including - without limitation lost profits, lost savings, business interruption, costs related to the removal or replacement of any products or rework charges) whether or not such damages are based on tort (including negligence), warranty, breach of contract or any other legal theory.

Notwithstanding any damages that customer might incur for any reason whatsoever, NXP Semiconductors’ aggregate and cumulative liability towards customer for the products described herein shall be limited in accordance with the Terms and conditions of commercial sale of NXP

Semiconductors.

A5000


Limiting values — Stress above one or more limiting values (as defined in the Absolute Maximum Ratings System of IEC 60134) will cause permanent damage to the device. Limiting values are stress ratings only and (proper) operation of the device at these or any other conditions above those given in the Recommended operating conditions section (if present) or the

Characteristics sections of this document is not warranted. Constant or repeated exposure to limiting values will permanently and irreversibly affect the quality and reliability of the device.

Terms and conditions of commercial sale — NXP Semiconductors products are sold subject to the general terms and conditions of commercial sale, as published at http://www.nxp.com/profile/terms, unless otherwise agreed in a valid written individual agreement. In case an individual agreement is concluded only the terms and conditions of the respective agreement shall apply. NXP Semiconductors hereby expressly objects to applying the customer’s general terms and conditions with regard to the purchase of NXP Semiconductors products by customer.

Right to make changes — NXP Semiconductors reserves the right to make changes to information published in this document, including without limitation specifications and product descriptions, at any time and without notice. This document supersedes and replaces all information supplied prior to the publication hereof.

No offer to sell or license — Nothing in this document may be interpreted or construed as an offer to sell products that is open for acceptance or the grant, conveyance or implication of any license under any copyrights, patents or other industrial or intellectual property rights.



Rev. 1.0 — 28 March 2022

667609 23 / 26


A5000


Quick reference data — The Quick reference data is an extract of the product data given in the Limiting values and Characteristics sections of this document, and as such is not complete, exhaustive or legally binding.

Export control — This document as well as the item(s) described herein may be subject to export control regulations. Export might require a prior authorization from competent authorities.

Suitability for use in non-automotive qualified products — Unless this data sheet expressly states that this specific NXP Semiconductors product is automotive qualified, the product is not suitable for automotive use. It is neither qualified nor tested in accordance with automotive testing or application requirements. NXP Semiconductors accepts no liability for inclusion and/or use of non-automotive qualified products in automotive equipment or applications.

In the event that customer uses the product for design-in and use in automotive applications to automotive specifications and standards, customer (a) shall use the product without NXP Semiconductors’ warranty of the product for such automotive applications, use and specifications, and

(b) whenever customer uses the product for automotive applications beyond

NXP Semiconductors’ specifications such use shall be solely at customer’s own risk, and (c) customer fully indemnifies NXP Semiconductors for any liability, damages or failed product claims resulting from customer design and use of the product for automotive applications beyond NXP Semiconductors’ standard warranty and NXP Semiconductors’ product specifications.

Translations — A non-English (translated) version of a document, including the legal information in that document, is for reference only. The English version shall prevail in case of any discrepancy between the translated and

English versions.

Security — Customer understands that all NXP products may be subject to unidentified vulnerabilities or may support established security standards or specifications with known limitations. Customer is responsible for the design and operation of its applications and products throughout their lifecycles to reduce the effect of these vulnerabilities on customer’s applications and products. Customer’s responsibility also extends to other open and/or proprietary technologies supported by NXP products for use in customer’s applications. NXP accepts no liability for any vulnerability. Customer should regularly check security updates from NXP and follow up appropriately.

Customer shall select products with security features that best meet rules, regulations, and standards of the intended application and make the ultimate design decisions regarding its products and is solely responsible for compliance with all legal, regulatory, and security related requirements concerning its products, regardless of any information or support that may be provided by NXP.

NXP has a Product Security Incident Response Team (PSIRT) (reachable at [email protected]

) that manages the investigation, reporting, and solution release to security vulnerabilities of NXP products.

20.4 Licenses

ICs with DPA Countermeasures functionality

NXP ICs containing functionality implementing countermeasures to

Differential Power Analysis and Simple

Power Analysis are produced and sold under applicable license from Cryptography

Research, Inc.

20.5 Trademarks

Notice: All referenced brands, product names, service names, and trademarks are the property of their respective owners.

NXP — wordmark and logo are trademarks of NXP B.V.

EdgeLock — is a trademark of NXP B.V.

I2C-bus — logo is a trademark of NXP B.V.

JCOP — is a trademark of NXP B.V.

A5000



Rev. 1.0 — 28 March 2022

667609


24 / 26


A5000


Tables

Tab. 1.

A5000 commercial name format ....................... 2

Tab. 2.

A5000 configuration .......................................... 4

Tab. 3.

Variant Identifiers ...............................................7

Tab. 4.

Variant A5000 ....................................................7

Tab. 5.

Common objects ............................................... 8

Tab. 6.

Default Platform SCP keys ............................... 8

Tab. 7.

NXP reserved keys and objects ........................8

Tab. 8.

Ordering information ........................................10

Tab. 9.

Pin description HX2QFN20 ............................. 11

Tab. 10. Marking codes .................................................12

Tab. 11. Reel packing options .......................................12

Tab. 12. Limiting values ................................................ 13

Tab. 13. Recommended operating conditions ...............13

Tab. 14. Thermal characteristics ................................... 14

Tab. 15. Electrical DC characteristics of I2C pads

SDA, SCL. Conditions: Vcc, VIN = 1.62 V to 3.6 V; VSS = 0 V; Tamb = -40 °C to +

105 °C, unless otherwise specified* ................14

Tab. 16. Electrical characteristics of IC supply voltage VCC; VSS = 0 V; Tamb = -40 °C to

+105 C ........................................................... 15

Tab. 17. Non-volatile memory timing characteristics ..... 15

Tab. 18. Electrical AC characteristics of I2C_SDA,

I2C_SCL; VCC = 1.8 V ± 10 % or 3 V ±

10 % V; VSS = 0 V; Tamb = -40 °C to +105

°C°C ................................................................ 16

Tab. 19. I2C Bus Timing Specification .......................... 17

Tab. 20. Abbreviations ...................................................19

Tab. 21. Revision history ...............................................22

Figures

Fig. 1.

Fig. 2.

Fig. 3.

Fig. 4.

A5000 solution block diagram ...........................2

A5000 functional diagram ................................. 5

Target address .................................................. 9

Pin configuration for HX2QFN20

(SOT1969-1) ....................................................11

Fig. 5.

Fig. 6.

Fig. 7.

Characteristic supply voltage operating range ............................................................... 14

External clock drive and AC test timing reference points of I2C_SDA, I2C_SCL,

(see 1) and 2)) in open-drain mode .................17

I2C Bus Timings ..............................................17

A5000



Rev. 1.0 — 28 March 2022

667609


25 / 26


A5000


Contents

6

6.1

6.2

7

5

5.1

5.1.1

5.1.2

3.2.6

3.2.7

3.3

4

4.1

4.1.1

4.2

4.3

3

3.1

3.2

3.2.1

3.2.2

3.2.3

3.2.4

3.2.5

2

2.1

2.2

2.3

1

1.1

1.2

1.3

13

14

15

15.1

15.2

15.2.1

15.2.2

15.3

8

8.1

8.1.1

9

10

11

11.1

12

15.4

15.5

16

16.1

Introduction ......................................................... 1

A5000 use cases ...............................................1

A5000 target applications .................................. 1

A5000 naming convention ................................. 2

Features and benefits .........................................3

Key benefits .......................................................3

Key features ...................................................... 3

Features in detail ...............................................4

Functional description ........................................5

Functional diagram ............................................ 5

Authentication Application Functionality ............ 5

Supported secure object types .......................... 5

Access control ................................................... 6

Locking the Device Configuration ......................6

Sessions and multi-threading ............................ 6

Application support ............................................ 6

Random numbers .............................................. 6

Credential Storage & Memory ........................... 6

Startup behaviour .............................................. 7

Pre-provisioned ease of use configuration .......7

A5000 Chain of Trust ........................................ 7

Chain of Trust for Originality Keys .....................8

Common keys ....................................................8

NXP reserved keys and objects ........................ 8

Communication interfaces ................................. 9

I2C Interfaces .................................................... 9

Supported I2C frequencies ................................9

Default I2C Communication Parameters ........... 9

Power-saving modes .......................................... 9

Power-down mode .............................................9

Deep Power-down mode ................................. 10

Ordering information ........................................ 10

Pinning information .......................................... 11

Pinning .............................................................11

Pinning HX2QFN20 ......................................... 11

Package ..............................................................12

Marking ...............................................................12

Packing information ..........................................12

Reel packing ....................................................12

Electrical and timing characteristics ...............13

Limiting values ..................................................13

Recommended operating conditions .............. 13

Characteristics .................................................. 14

Thermal Characteristics ...................................14

DC characteristics ............................................14

I2C Interface .................................................... 14

Power consumption ......................................... 15

AC characteristics ............................................15

I2C Bus Timings .............................................. 17

EMC/EMI ..........................................................17

Product operation ............................................. 18

T1oI2C command and response pairs .............18

16.2

17

18

19

20

T1oI2C communication interface specifications ................................................... 18

Abbreviations .................................................... 19

References .........................................................21

Revision history ................................................ 22

Legal information ..............................................23

Please be aware that important notices concerning this document and the product(s) described herein, have been included in section 'Legal information'.

© NXP B.V. 2022.

All rights reserved.

For more information, please visit: http://www.nxp.com

For sales office addresses, please send an email to: [email protected]

Date of release: 28 March 2022

Document number: 667609

No results