New Cryptographic Controller from Maxim Provides Turnkey Security for Connected Devices
The MAXQ1061 integrates a comprehensive cryptographic toolbox that includes key generation and storage, to digital signature and encryption
Developers of Industrial IoT (IIoT) and connected embedded systems can now design in an added level of trust
while also bringing their products to market faster with the MAXQ1061 DeepCover® cryptographic controller
from Maxim Inegrated.
With the increase in cyber-attacks to critical connected infrastructures, security can no longer be an afterthought in system design. In a recent survey conducted by Electronic Design of 2,200 electronic engineers, 60% of respondents said security in their products is very important, and 96% think that security will either have the same or more importance for their products (Reference 1). Designed to meet Common Criteria EAL4+ requirements, the MAXQ1061 empowers engineers to quickly design security into their products and protect the endpoints of a network.
The MAXQ1061 integrates a comprehensive cryptographic toolbox that provides full support for a wide spectrum of security needs, ranging from key generation and storage, to digital signature and encryption up to SSL/TLS/DTLS. It can also support secure boot for most host processors. To withstand extreme industrial environments, the MAXQ1061 operates across the -40°C to +109°C temperature range—the widest compared to other similar products—and is available in TSSOP-14.
The MAXQ1061 embeds 32KB of user programmable secure EEPROM for storing certificates, public keys, private and secret keys, and arbitrary user data. The EEPROM is managed through a flexible filesystem enabling custom security policy enforcement. Its cryptographic algorithms include ECC (up to NIST P-521), ECDSA signature generation and verification, SHA-2 (up to SHA-512) secure hash, AES-128/-256 with support for ECB, CBC, and CCM modes, and MAC digest. The MAXQ1061 also provides a separate hardware AES engine over SPI, supporting AES-GCM and AES-ECB modes, and that can be used to off-load a host processor for fast stream encryption.
“The MAXQ1061 provides a hardware root of trust; its comprehensive set of cryptographic functions fulfill the key security requirements of the embedded systems of tomorrow,” said Christophe Tremlet, Executive Business Manager, Embedded Security, Maxim Integrated. “With the MAXQ1061, our customers have a trusted device that will not only guarantee the integrity and authenticity of the system, but also secure communications.”
“The MAXQ1061 provides ideal hardware security to complement our software solution for the Floodgate Defender Appliance™ allowing customers to easily secure their legacy equipment economically,” said Ernie Rudolph, Executive Vice President, Icon Labs.
Technical Specifications of the MAXQ1061 Cryptographic Controller
- Advanced Cryptographic Tool Box Seamlessly Supports Highly Secure Key Storage
- Certificates Chain Management
- Secure 32KB File System Based on Nonvolatile EEPROM (500K Cycles) for Extensive Key and Certificate Storage
- Symmetric-key: AES-128/-256 (ECB, CBC, CCM)
- Asymmetric-key: ECC NIST P-256, -521, -384 and Brainpool BP-256, -384, -512
- Secure Hash: SHA-256, -384, -512
- MAC Digest: CBC-MAC, HMAC-SHA256, HMAC-SHA384, HMAC-SHA512, ECIES
- Signature Schemes: ECDSA (FIPS 186-4)
- Key Exchange: EC Diffie-Hellman (TLS)
- 128-Bit AES Stream Encryption Engine Over SPI (up to 20Mb/s) Supporting AES-GCM and AES-ECB Modes
- On-Chip Key Generation: ECC, AES
- Random Number Generation: True RNG
- No Firmware Development Required Significantly Reduces Time to Market
- High-Level Functions Simplify SSL/TLS/DTLS Implementations
- TLS/DTLS Key Negotiation (PSK, ECDH, ECDHE)
- ECDSA Based TLS/DTLS Authentication, Digital Signature Generation and Verification
- SSL/TLS/DTLS Packet Encryption (AES)
- MAC Algorithm (HMAC-SHA256)
- Extensive Host/System Services Increase Flexibility and Reduce System Cost
- Watchdog Timer
- Power-On Reset/Brownout Reset
- Secure Boot Function
- Tamper Detection
- Life Cycle Management and Key Loading Protocol
- Flexible File System With User-Programmable Access Conditions for Each Object Software Reset
- Software Reset, Shutdown, and Wake-Up Functions
- Multiple Communication Interface Options for Simpler Connection to a Host Processor
- I²C Slave Controller
- SPI Slave Controller with a Dedicated DMA Channel and 128-Bit AES Stream Encryption Engine Supporting AES-GCM and AES-ECB Modes
For more information on the MAXQ1061 Cryptographic Controller for Embedded Devices, visit the Maxim Integrated Website at
Maxim Integrated MAXQ1061 webpage
The company's Web site address is www.maximintegrated.com.
[Reprinted with kind permission from Maxim Integrated - Release Date, 28th November, 2016]