2nd Edition

EMBEDDED
SECURITY
Product Guide

www.maximintegrated.com
Embedded Security Product Guide www.maximintegrated.com

Table of Contents
3 High-Performance TFT-Enabled Secure Microcontroller
4 Design-Ready PCI PTS 3.1 Terminal
5 Stand-Alone SoC Security for PIN Pad
6 Secure Authenticator Solutions for Counterfeit Protection
7 High-Security and Tamper-Protected Security Managers

Protect It All with DeepCover

Embedded Security Solutions
Security requirements are getting tougher. Hackers are more sophisticated, and the stakes
are higher than ever. You need multiple layers of security to protect your embedded systems.
But without a dedicated team of security experts behind you, adding the right protection to
your system can be challenging.
Our DeepCover™ product line gives you the benefit of our security expertise, enabling you
to quickly integrate advanced physical security to achieve the highest level of protection
possible. DeepCover embedded solutions comprise three families of products with the most
up-to-date physical security to meet all your application needs.
• DeepCover Secure Microcontrollers integrate advanced cryptography and physical
security to offer the highest level of protection against physical tampering and reverse
engineering.
• DeepCover Secure Authenticators implement advanced physical security to provide the
ultimate in low-cost IP protection, clone prevention, and peripheral authentication.
• DeepCover Security Managers combine advanced physical security with on-chip,
nonimprinting memory to safeguard sensitive data from the slightest physical or
environmental tampering.
When you need it secure, we’ve got you covered.

2
www.maximintegrated.com Embedded Security Product Guide

Advanced Protection, Deepest Security

Security is a must, and no system-on-chip (SoC) µC delivers protection like Maxim Integrated's DeepCover™ Secure
Microcontrollers. Our devices integrate advanced cryptography and physical security to offer the highest level of protection
against physical tampering and reverse engineering.

Go Meshless
Secure SoC with On-the-Fly Memory Encryption
The DeepCover Secure Microcontroller (MAX32590 (JIBE)) is a secure, ARM9™-based, SoC µC with a 384MHz clock speed
and Ethernet interface communication to meet stringent financial terminal requirements. Our patented on-the-fly encryption
technology keeps your code safe without the hassle of expensive mesh. PCI PTS 3.1 certification is easy with an extensive board
support package and Linux® OS support, innovative security mechanisms, and high integration. Replace the traditional mono LCD
with a colorful TFT display to provide better visual effects for your designs.

Features
• Extensive security mechanisms (authenticated boot, secure NV SRAM with instant erase, OTP, AES/SHA engines, dynamic
sensor controller, temperature/voltage and frequency monitors, secure package)
• High system integration (Ethernet, TFT LCD, 384MHz CPU, USB host and device)
• Real-time external memory encryption and integrity

Benefits
• Reduced BOM with fewer external communication controllers; better user experience with color TFT display
• Provides best confidentiality while removing the need for an additional security cover; prevents code injection
• Simplifies security architecture and eases PCI certification
DMA DMA DMA DMA

HIGH-SPEED SPI JTAG I-CACHE I-TCM TFT/STN LCD

32KB 4KB
OSC/PLL ARM926EJ-S™
MMU ETHERNET MAC
HIGH-SPEED SPI ON-CHIP RC 384MHz
D-CACHE D-TCM
16KB 4KB
TIMERS USB HOST
HIGH-SPEED SPI
COUNTERS
PWM AHB USB DEVICE
HIGH-SPEED SPI
POWER
MANAGEMENT SD/SDHC/SDIO
HIGH-SPEED SPI ROM OTP SRAM
INTERRUPT 128KB 2KB 384KB DMA CONTROLLER
CONTROLLER
UART
AES-128 SRAM
WATCHDOG NOR FLASH
AND INTEGRITY

UART
ENCRYPTION

SECURITY SDRAM
MONITORS MOBILE DDR
UART VOLTAGE,
FREQUENCY, AES NAND
TEMPERATURE, DES/3DES FLASH
I2C DIE SHIELD, RSA/DSA/ECDSA
EXTERNAL SENSORS AES-128
SECURE SHA-1/SHA-2
AND INTEGRITY

NV SRAM HAMMING TRUE

GPIO
ENCRYPTION

RTC 24KB CRC RNG SDRAM

MOBILE DDR
ADC
BRIDGE

APB

MAX32590 SMART CARD SMART CARD THERMAL SECURE

CONTROLLER CONTROLLER PRINTER I/F KEYPAD

  3
Embedded Security Product Guide www.maximintegrated.com

Your PCI PTS 3.1 Terminal...Now

JIBEPOS PCI PTS-Ready Reference Design Reduces Time to Market
Build your financial terminal with confidence that it will pass PCI evaluation.
Powered by the DeepCover Secure Microcontroller (MAX32590), the JIBEPOS reference design provides the fastest route to getting
your terminal certified. Start with our meshless design, patented secure keypad layout, BOM-optimized hardware, SPA/DPA-resistant
cryptographic library, certified EMV® L1 library, PCI PTS-compliant secure Linux OS, and a security handbook to adapt the design to your
own enclosure.
• 3.5in TFT color display • NFC contactless reader
• Haptic resistive touch screen • Thermal printer
• Secure magnetic card reader • On-board audio
• Ethernet 10/100, V90 modem, USB

POWER SUPPLY

JIBEPOS

MAX16020 MAX8904 MAX8578

BATTERY SUPERVISOR PMIC STEP-DOWN CONVERTER
THERMAL
PRINTER
73S8009C
STEPPING MOTOR DRIVER
SMART CARD INTERFACE IC

MAX32590
73S8009R 78Q2123
SECURE 384MHz
SMART CARD INTERFACE IC 10/100 ETHERNET PHY
ARM9 MICROCONTROLLER

73S8009R MAX1931
SMART CARD INTERFACE IC USB SWITCH

MAXQ1741*
MAX3202E
SECURE MAGNETIC
32MB 64MB NAND USB ESD PROTECTION
CARD READER
LPDDR FLASH
MAX3202E
CONTACTLESS READER
USB ESD PROTECTION

MAX11802 MAX11835 73M1822

TFT RESISTIVE TOUCH SCREEN PIEZO HAPTIC CONTROLLER V90 MODEM
BACKLIGHT
MAX9738 MAX9860 MAX3224E
AUDIO AMPLIFIER AUDIO CODEC RS-232 TRANSCEIVER

Protect Magnetic Strip Data at the Source

End-to-End Encryption Made Easy
The DeepCover Secure Microcontroller (MAXQ1741*) provides a high level of security for the magnetic stripe reader (MSR) by
placing an ultra-secure µC with high-speed hardware encryption inside the magnetic card reader head. Rather than transmitting
sensitive data in cleartext, the MAXQ1741 automatically encrypts the data at the swipe. Furthermore, the device provides a
convenient, secure, nonvolatile storage space for storing various security keys that is protected against physical tampering.

*Future product—contact the factory for availability.

4
www.maximintegrated.com Embedded Security Product Guide

One-Chip PIN Pad Solution

The DeepCover Secure Microcontroller (MAXQ1852*) features a single-cycle 16-/32-bit RISC processor and hardware-
accelerated symmetric and asymmetric encryption engines, as well as extensive communication interfaces including ISO 7816,
USB, and SPI. It has the flexibility to be a stand-alone controller for any PCI-PTS 3.1 PIN pad application or a coprocessor for
financial terminals or any other secure applications. System cost is optimized with extensive GPIO pins to drive a keypad and LCD
display, large system SRAM, and integrated dynamic tamper sensors. These dynamic sensors are fed by a true random signal
that prevents from any bypass attempt. Furthermore upon tampering, the internal AES-256 master key that is used to encrypt the
contents of the battery-backed SRAM is instantly erased. The device also makes product manufacturing and field upgrades much
simpler by offering a public key (ECDSA)-based secure bootloader for programming the internal flash.

JTAG

I-CACHE
MAXQ30 48KB
MMU

OSC/PLL 32-BIT RISC ROM

CORE

TIMERS/ AES
COUNTERS USER ENGINE

POWER
MANAGEMENT DES/3DES
USER ENGINE
INTERRUPT 4KB
CONTROLLER AES ENCRYPTABLE 2048-BIT MAA
8KB SRAM
NV SRAM (RSA, DSA, ECDSA)
256KB
WATCHDOG
FLASH
SHA-1, SHA-2
1.8V VOLTAGE UNIQUE
REGULATOR ID
CRC-16/32
EXTERNAL GENERATOR
ENVIRONMENTAL DYNAMIC
SECURE RTC TRNG
SENSORS SENSOR
CONTROLLER

MAXQ1852*

ISO 7816 USART SPI USB GPIO

Security Features High-Performance µC

• Hardware crypto engines for AES, 3DES, RSA, DSA, ECDSA, • 16-/32-bit, single-cycle RISC core
SHA-1, SHA-224, and SHA-256 • Internal 256KB of flash memory
• True random-number generator (TRNG) • 8KB of system SRAM
• Multiple dynamic sensor inputs and environmental sensors • USB interface, ISO 7816 controller, RTC, USART, and SPI bus
• 4KB AES encryptable NV SRAM with instant master key • 68-pin TQFN or 64-ball CSBGA package
zeroization upon tampering
• Built-in voltage regulator for single power-supply operation
• ECDSA bootloader

*Future product—contact the factory for availability.

  5
Embedded Security Product Guide www.maximintegrated.com

Stop Counterfeiters from Stealing Your IP

Your R&D is very valuable, so protect it from counterfeiters who want to produce and sell it. Our DeepCover™ Secure Authenticators
implement advanced physical security to provide the ultimate in low-cost IP protection, clone prevention, and peripheral
authentication. Options range from secure, crypto-strong, FIPS 180-based challenge-and-response bidirectional authentication to
customization of unalterable 64-bit, factory-programmed serial numbers.
• OEM authentication • Tamper-proof feature settings
• System copy protection • Safety/quality assurance
• HW/SW license management

Host
Part Description Authentication Feature
Interface
DS2465 SHA-256 coprocessor with 1-Wire® Master I2 C Secure storage of system secret
DS28E15, DS28E22,
SHA-256 with 0.5Kb/2Kb/4Kb EEPROM 1-Wire Bidirectional challenge and response
DS28E25
DS28CN01 SHA-1 with 1Kb EEPROM I2C/SMBus Bidirectional challenge and response
DS28E01-100, DS28E02 SHA-1 with 1Kb EEPROM 1-Wire Bidirectional challenge and response
DS28E10 SHA-1 with 224b OTP EPROM 1-Wire Challenge and response
DS2460 SHA-1 coprocessor I2 C Secure storage of system secret
MAX66040, MAX66140 SHA-1 with 1Kb EEPROM RF Bidirectional challenge and response, ISO 14443B/15693
DS2431 1Kb EEPROM 1-Wire Customized 64-bit ROM, WP/OTP modes
DS2401, DS2411 64-bit ROM serial number 1-Wire Customized 64-bit ROM

Newest SHA-256 Products Solve Host and Slave Device Needs

• SHA-256 HW co-processing to operate connected slave devices
3.3V* • Highly secure storage of system solution secret
• 1-Wire line driving for slave device I/O
• Low-power mode: 500nA (typ) at 3.3V

I2C DS2465 1-Wire

µC

DS28E15 DS28E25
• SHA-256 HW engine for MAC response to host challenges
• Highly secure storage of secrets
• NV user memory with multiple protection
• Bidirectional authentication protocol

*Contact the factory for 1.8V options.

6
www.maximintegrated.com Embedded Security Product Guide

Easily Add System Security

DeepCover Security Managers Provide Total Hardware Security with
No System Redesign
Maxim Integrated’s extensive DeepCover™ Security Managers allow users to add advanced physical security to systems
using their existing system microprocessor. The ICs have a proprietary “nonimprinting” memory that stores critical data, but
immediately and completely erases this memory upon qualified tamper events. The security managers also provide continuous
tamper detection, regardless of the power source.
• Work with your existing microprocessor • Monitor external circuitry for tampers
• I2C or SPI interfaces available • Real-time clock/counter
• Internal secure memory • Tamper-event timestamping

• Nonimprinting memory • Small CSBGA footprint and package

• Densities from 64B to 4KB
• Low power consumption during battery backup
• Internal tamper monitors • Monitor main power
• Temperature, including rate of change • Automatically switch from main power to battery
• Power
• Provide power and erase an external SRAM
• Oscillator

Hardware AES Encryption with Anti-Tamper and Nonimprinting Memory Provides Industry's
Highest Level of Security
The DeepCover Security Manager (MAX36025) provides hardware encryption and the most advanced anti-tamper features
offered in the market. Encrypting/decrypting data in hardware using the MAX36025 provides the highest level of security, as
opposed to software encryption on a general-purpose microcontroller. The keys never leave the MAX36025 and are kept more
secure with the tamper-detection features.

General Features
• Dual AES processors
• Supports 128-, 192-, and 256-bit keys
ENCRYPTED RTC, RNG, TAMPER
• ECB, CTR, and CBC modes I2C TEMP SENSOR INPUTS No code
• Authentication via an encrypted I2C interface needed to
SRAM communicate
AUTH
• Bidirectional SPI ports GATEWAY TAMPER
CONTROLLER with MAX36025
• Use the same key to encrypt/decrypt data DETECTION AES engine after
CONTROLLER CPU authentication
• Support for independent encryption/ SUPERVISOR
decryption streams
SPI
INTERFACE ENCRYPTION
Security Features 1 AND 1KB SECURE
DATA ROUTING MEMORY
• 1KB nonimprinting memory for encryption
SPI
key storage INTERFACE AES ENGINE A No resident
Segmented memory to store two sets of
•  2 software
critical data development
SERIAL AES ENGINE B
FLASH
MAX36025 required
• Temperature, power, and oscillator tamper INTERFACE
monitors
• Digital and analog input tamper monitoring

  7
Embedded Security Product Guide www.maximintegrated.com

Secure Microcontrollers
Internal Flash/ Battery
Speed Secure NV External
Part SRAM Memory USB† SPI ISO 7816 GPIO Leakage Package
and Core SRAM (KB) Memory
(KB) (µA)

MAXQ1004 6MHz, MAXQ20 16/640B — — — 1 — 8 300nA 16-TQFN

MAXQ1010 12MHz, MAXQ20 128/2 128B — D 1 1 31 400nA 48-TQFN
MAXQ1011*,
12MHz, MAXQ20 64, 32/1 128B — D 1 1 31 400nA 48-TQFN
MAXQ1012*
256B +
MAXQ1050 25MHz, MAXQ20 128/12 4KB AES — D 1 1 20 240nA 40-TQFN
encryptable
MAXQ1740,
12MHz, MAXQ20 16/— 1152B — — 2 — 16 3 28-TQFN
MAXQ1741*
40-TQFN,
MAXQ1850 16MHz, MAXQ30 256/— 8 — D 1 1 (2 cards) 16 130nA
49-CSBGA
256-bit +
40-TQFN,
MAXQ1851* 16MHz, MAXQ30 256/8 4KB AES — D 1 1 (2 cards) 16 350nA
49-CSBGA
encryptable
256-bit +
68-TQFN,
MAXQ1852* 16MHz, MAXQ30 256/8 4KB AES — D 1 1 (2 cards) 32 350nA
64-CSBGA
encryptable
96MHz, MIPS32® NOR flash, 256-
USIP 256/128 512-bit O 1 3 32 2.9
4KSd™ SRAM, SDRAM CSBGA
180MHz, NOR flash, 256-
ZA9L0 —/64 4 — 1 2 76 21
ARM922T SRAM, SDRAM CSBGA
256-bit +
192MHz,
MAX32580* —/384 24KB AES — D 2 2 129 6 169-CSBGA
ARM926EJ-S
encryptable
256-bit + NOR flash,
384MHz,
MAX32590 —/384 24KB AES NAND SRAM, D, H 5 2 160 6 324-LFBGA
ARM926EJ-S
encryptable SDRAM LPDDR
†D = device port, O = OTG port, H = host port

Security Managers
AES
Temp Power External
Nonimprinting Encryption
Part Range Consumption Tamper I/O Authentication EV Kit Package
Memory (KB) ECB/CTR/
(°C) (typ) (µA) Monitors
CBC Modes
DS3600, -40 to 64B 3-wire/ 
5.7 4 — — 25-CSBGA
DS3605 +85 (DS3600) I2 C (DS3600)
DS3640, -40 to 4-wire/
6.5 1 4 — —  25-CSBGA
DS3641 +85 I2 C
DS3645 -55 to +95 12 4 8 I2 C — —  49-CSBGA
DS3650, -40 to 
3.0, 1.5 128B 2 4-wire — — 16-CSBGA
MAX36051 +85 (MAX36051)
MAX36025 -55 to +95 9 1 8 SPI (2) Encrypted I2C 2 AES engines  81-CSBGA

*Future product—contact factory for availability.

DeepCover is a trademark and 1-Wire is a registered trademark of Maxim Integrated Products, Inc.
ARM9 and ARM926EJ-S are trademarks of ARM Limited.
EMV is a registered trademark of EMVCo LLC.
Linux is a registered trademark of Linus Torvalds.
MIPS32 is a registered trademark and 4KSd is a trademark of MIPS Technologies, Inc.

Contact Maxim Direct at 1.888.629.4642 or for more information, visit www.maximintegrated.com.

© 2012 Maxim Integrated Products, Inc. All rights reserved. Maxim Integrated and the Maxim Integrated logo are trademarks of Maxim Integrated
Products, Inc., in the United States and other jurisdictions throughout the world. All other company names may be trade names or trademarks of their
respective owners.
Rev. 1; November 2012