ABRIDGED DATA SHEET

Request Full Data Sheet and Software ›

Click here for production status of specific part numbers.

MAXQ1061/MAXQ1062 DeepCover Cryptographic Controller

for Embedded Devices

General Description Benefits and Features

DeepCover® embedded security solutions cloak sensitive ●● Advanced Cryptographic Tool Box Seamlessly
data under multiple layers of advanced physical security Supports Highly Secure Key Storage
to provide the most secure key storage possible. • Certificates Chain Management
The MAXQ1061/MAXQ1062 cryptographic controller • Secure 32KB or 8KB File System Based on
makes it fast and easy to implement full security for embed- Nonvolatile EEPROM (500K Cycles) for Extensive
ded, connected products without requiring firmware devel- Key and Certificate Storage for MAXQ1061 and
opment. The MAXQ1061/MAXQ1062 coprocessor can be
MAXQ1061, Respectively
designed-in from the start or added to an existing design to
• Symmetric-key: AES-128/-256 (ECB, CBC, CCM)
guarantee confidentiality, authenticity, and integrity of the
device. It is ideal for connected embedded devices, indus- • Asymmetric-key: ECC NIST P-256, -521, -384 and
trial networking, PLC, and network appliances. Brainpool BP-256, -384, -512
• Secure Hash: SHA-256, -384, -512
The embedded, comprehensive cryptographic toolbox
provides key generation and storage up to full SSL/ • MAC Digest: CBC-MAC, HMAC-SHA256, HMAC-
TLS/DTLS support by offering a high level of abstraction SHA384, HMAC-SHA512, ECIES
including TLS/DTLS key negotiation, ECDSA-based TLS/ • Signature Schemes: ECDSA (FIPS 186-4)
DTLS authentication, digital signature generation and • Key Exchange: EC Diffie-Hellman (TLS)
verification, SSL/TLS/DTLS packet encryption, and MAC • 128-Bit AES Stream Encryption Engine Over SPI
algorithms. It can also serve as a secure bootloader for an (up to 20Mb/s) Supporting AES-GCM and AES-
external generic microcontroller. ECB Modes
32KB of user-programmable EEPROM of MAXQ1061 • On-Chip Key Generation: ECC, AES
or 8KB of MAXQ1062 securely store certificates, public • Random Number Generation: True RNG
keys, private and secret keys, monotonic counters, and ●● No Firmware Development Required Significantly
arbitrary data. A flexible file system manages access Reduces Time to Market
rights for the objects. The device is controlled over a SPI
or I2C interface. Life cycle management and a secure key ●● High-Level Functions Simplify SSL/TLS/DTLS
loading protocols are provided. Implementations
• TLS/DTLS Key Negotiation (PSK, ECDH, ECDHE)
Cryptographic algorithms supported by the device include
AES, ECC, ECDSA signature scheme, SHA, and MAC • ECDSA Based TLS/DTLS Authentication, Digital
digest algorithms. The true random number generator can Signature Generation and Verification
be used for on-chip key generation. A separate hardware • SSL/TLS/DTLS Packet Encryption (AES)
AES engine over SPI allows the MAXQ1061/MAXQ1062 • MAC Algorithm (HMAC-SHA256)
to function as a coprocessor for stream encryption. ●● Extensive Host/System Services Increase Flexibility
The advanced physical, environmental and logical protec- and Reduce System Cost
tions, are designed to meet the stringent requirements of • Watchdog Timer
FIPS and Common Criteria EAL4+ certifications. • Power-On Reset/Brownout Reset
• Secure Boot Function
Applications • Tamper Detection
●● Internet of Things (IoT) • Life Cycle Management and Key Loading Protocol
●● Portable Medical Devices • Flexible File System With User-Programmable
●● Building and Home Automation Access Conditions for Each Object Software Reset
●● Smart Metering
• Software Reset, Shutdown, and Wake-Up Functions
●● Certificate Distribution and Management
●● Secure Access Control ●● Multiple Communication Interface Options for Simpler
●● Electronic Signature Generation Connection to a Host Processor
●● Cybersecurity for Critical Infrastructures • I2C Slave Controller
• Gateways and Routers • SPI Slave Controller with a Dedicated DMA Channel
• Programmable Logic Controllers and 128-Bit AES Stream Encryption Engine
• SCADA Supporting AES-GCM and AES-ECB Modes
• Smartgrid Monitoring Equipment
• Smart Meters
Ordering Information appears at end of data sheet.

19-8718; Rev 5; 12/19

 ABRIDGED DATA SHEET
Request Full Data Sheet and Software ›

MAXQ1061/MAXQ1062 DeepCover Cryptographic Controller

for Embedded Devices

Detailed Description administrator authentication only. TLS handshake

The DeepCover cryptographic controller (MAXQ1061/ cannot be performed with an unverified certificate.
MAXQ1062) is an effective and easy to implement solu- ●● The exposure of private keys used for authenticating
tion for strengthening security in embedded systems. the equipment embedding the MAXQ1061/MAXQ1062.
A comprehensive cryptographic toolbox supports an array of Hardware resistance prevents the disclosure of such
security needs. Simpler systems may require as little as the private keys.
provided key generation and storage. For high levels of securi- ●● The exposure of the TLS sensitive data (shared
ty, full SSL/TLS/DTLS support offers a high level of abstraction. secret or session keys). These data remain inside the
Cryptographic algorithms supported by the device include security module.
AES-128/-256 with support for ECB, CBC, and CCM
modes, ECC (up to NIST P-521), ECDSA signature
AES-SPI Engine
scheme, SHA-2 (up to SHA-512) secure hash algorithms, The 128-bit AES engine supports AES-GCM (SP 800-38D
MAC digest algorithms such as CBC-MAC or HMAC-SHA. compliant) and AES-ECB (SP 800-A compliant) modes. A
dedicated register enables key transfer from the TLS tool-
It also has provision for on-chip key generation based
box to the AES SPI engine. The block is tightly connected
upon a random number generator. The device also pro-
to the SPI slave controller through a dedicated DMA
vides a separate hardware AES engine over SPI, sup-
controller providing high-speed encryption/decryption of a
porting AES-GCM and AES-ECB modes, and that can be
data stream coming over the SPI interface.
used to off-load a host processor for stream encryption.
The SPI controller provides a dedicated command inter-
Communication Interface Selection preter that can only be used when in AES-SPI mode. The
The devices communicate through the I2C or SPI bus, command interpreter includes the following command set:
determined by the application (TLS toolbox or AES-SPI). ●● Authentication only mode
●● Encryption only mode
TLS/DTLS Cryptographic Toolbox ●● Encryption with authentication mode
The comprehensive cryptographic toolbox simplifies and ●● AES operation mode selection
increases the security and resistance of SSL/TLS/DTLS ●● Keys and initialization vector (IV) loading protocol
based applications It offers a high level of abstraction for ●● Secure storage and handling of block cipher key
the following functions: (EK) and authentication key (AK)
●● Software reset
●● Offloads the TLS key exchange
●● Shutdown
●● Securely stores certificates (makes them immutable)
SSL/TLS/DTLS Functions
●● Securely stores private keys
• TLS/DTLS key negotiation (ECDH, ECDHE)
●● Helps securely verifying certificates and certificate • ECDSA-based TLS/DTLS authentication, digital
revocation lists signature generation and verification
●● Securely authenticates to the other peer • SSL/TLS/DTLS packet encryption (AES)
• MAC algorithm (HMAC-SHA256)
●● Performs the key exchange securely
• SSL/TLS/DTLS host stack for most CPU architectures
●● Can encrypt/decrypt and sign/verify data during TLS/DTLS Cipher Suites
execution of the TLS record protocol using the keys
• RFC 5487 preshared key (TLS)
negotiated during the TLS handshake
o TLS_PSK_WITH_AES_128_GCM_SHA256
●● TLS key exchange and TLS record encryption/ o TLS_PSK_WITH_AES_256_GCM_SHA384
decryption are performed internally and never o TLS_PSK_WITH_AES_128_CBC_SHA
exposed. The master secret can be exported to o TLS_PSK_WITH_AES_128_CBC_SHA256
perform the TLS record processing externally. o TLS_PSK_WITH_AES_256_CBC_SHA
The above security features prevent: o TLS_PSK_WITH_AES_256_CBC_SHA384
●● The use of rogue certificates. Certificates are inter-
nally verified and are managed using a dedicated

www.maximintegrated.com Maxim Integrated │  2

 ABRIDGED DATA SHEET
Request Full Data Sheet and Software ›

MAXQ1061/MAXQ1062 DeepCover Cryptographic Controller

for Embedded Devices

• RFC 6655 AES-CCM (TLS) System Services

o TLS_PSK_WITH_AES_128_CCM • Life cycle management and key loading protocol
o TLS_PSK_WITH_AES_256_CCM • Software reset
o TLS_PSK_WITH_AES_128_CCM_8 • Shutdown command
o TLS_PSK_WITH_AES_256_CCM_8
Secure Channel
• RFC 5489 ECDHE_PSK (TLS)
o TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA TLS and DTLS protect the data during transmission
o TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA between endpoints. The optional secure channel provides
o TLS_ECDHE_PSK_WITH_AES_128_CBC_ confidentiality with the host processor by supporting AES-
SHA256 CBC, and integrity using AES-CBC-MAC. Secure mes-
o TLS_ECDHE_PSK_WITH_AES_256_CBC_ saging performs a key exchange, and those keys sign
SHA384 and encrypt the commands and the responses using AES.
• RFC 5289 AES-CBC/GCM ECC (TLS) True Random Number Generator
o TLS_PSK_WITH_AES_128_CBC_SHA
The IC provides a hardware-based true random number
o TLS_ECDHE_ECDSA_WITH_AES_128_
generator.
CBC_SHA256
o TLS_ECDHE_ECDSA_WITH_AES_256_ Watchdog Timer
CBC_SHA The MAXQ1061/MAXQ1062 can act as an external
o TLS_ECDHE_ECDSA_WITH_AES_256_ watchdog timer (WDT) for a host microcontroller. When
CBC_SHA384 enabled, the WDI pin must be toggled within the user-
o TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA configurable timeout period. Failure to toggle the pin
o TLS_ECDH_ECDSA_WITH_AES_128_CBC_ within the timeout period results in a WDT timeout. A WDT
SHA256 timeout can assert a RESET_OUT pulse if enabled. A
o TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA timeout does not cause an internal reset.
o TLS_ECDH_ECDSA_WITH_AES_256_CBC_
SHA384 Tamper Detection
o TLS_ECDHE_ECDSA_WITH_AES_128_ Multiple tamper detection features ensure the security of
GCM_SHA256 information contained within the MAXQ1061/MAXQ1062.
o TLS_ECDHE_ECDSA_WITH_AES_256_ The security features are independently enabled and can
GCM_SHA384 assert a RESET_OUT pulse if enabled.
o TLS_ECDH_ECDSA_WITH_AES_128_GCM_
SHA256 Secure Boot
o TLS_ECDH_ECDSA_WITH_AES_256_GCM_ The integrity of the host processor’s data and code can
SHA384 be verified through the hash and signature verification
• RFC 7251 AES-CCM ECC (TLS) mechanisms. Object access can be configured after a
o TLS_ECDHE_ECDSA_WITH_AES_128_CCM successful secure boot.
o TLS_ECDHE_ECDSA_WITH_AES_256_CCM Life Cycle Management
o TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
A managed life cycle changes functions and properties
o TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8
over time, as shown in Table 2. At each state of the
Cryptographic Services one-way life cycle, the device and parties are granted
• Symmetric-key algorithms: AES-128/-256 (ECB, initialization, read or modification rights to specific
CBC, CCM) information.
• Asymmetric-key: ECC NIST P-256, -521, -384 and
TLS/DTLS Host Stack
Brainpool-256, -384, -512
• Secure hash algorithms: SHA-256, -384, -51 The SSL/TLS/DTLS stack supports TLS1.2/DTLS 1.2, in
• MAC digest algorithms: CBC-MAC, HMAC- client mode. In this stack, security sensitive processing
SHA256, HMAC-SHA384, HMAC-SHA512 is deported into the MAXQ1061/MAXQ1062. Therefore,
• Signature schemes: ECDSA (FIPS 186-4) the TLS host stack does not need to manipulate or store
• Key exchange algorithms: EC Diffie-Hellman (TLS) sensitive/secret data.
• On-chip key generation: ECC, AES The TLS host stack uses the Arm® Mbed™ TLS.
• Random number generation: True RNG

www.maximintegrated.com Maxim Integrated │  3

 ABRIDGED DATA SHEET
Request Full Data Sheet and Software ›

MAXQ1061/MAXQ1062 DeepCover Cryptographic Controller

for Embedded Devices

Secure EEPROM Storage Serial Peripherals

Secure EEPROM is accessible in TLS toolbox mode. SPI
Data objects can be volatile or not and can be stored
in the nonvolatile memory. To be resistant to power loss The serial peripheral interface (SPI) is provided in the
during write operations, the object modification is atomic. SPI-AES and TLS (SPI) modes. SPI is a four-wire bus
Key objects are stored in an integrity-protected manner providing fast, synchronous, full-duplex communication
and can never be read in the clear. They are automati- between the IC and the host system. The peripheral pro-
cally verified before use. Key pairs should be generated vides the following features:
internally and stored in a persistent key pair object. Key • Slave mode operation
pairs can also be generated externally and imported after • Active-low SSEL
successful signature verification using an import public • Characters transmitted LSB first
key present in the module. Arbitrary key pairs cannot be • Data protocol uses SPI Mode 0
used; verification is mandatory.
I2C
Certificate Storage The I2C bus is provided in the TLS (I2C) mode. It is a
Certificates are stored in an integrity-protected manner. bidirectional, two-wire serial bus that provides a medium-
They are automatically verified and trusted using one speed communications network. It can operate as a one-
or more parent certificates in the certification chain (cer- to-one, one-to-many, or many-to-many communications
tificates already stored in the IC). The device verifies the medium. It provides the following features:
digital signature of the certificates and can extract their
• Slave mode operation
public key.
• Maximum I2C bit rate of 400kps (fast mode)
Arbitrary certificates cannot be stored; verification by a par- • Default address of 0x60 can be configured
ent certificate or by a dedicated public key is mandatory. • Supports standard (7-bit) addressing
• Supports I2C clock stretching

Ordering Information
EEPROM SIZE
PART PIN-PACKAGE
(KB)
MAXQ1061EUD+ 32 14 TSSOP
MAXQ1061EUD+T 32 14 TSSOP
MAXQ1061ETP+ 32 20 TQFN
MAXQ1061ETP+T 32 20 TQFN
MAXQ1062EUD+ 8 14 TSSOP
MAXQ1062EUD+T 8 14 TSSOP
MAXQ1062ETP+ 8 20 TQFN
MAXQ1062ETP+T 8 20 TQFN
+Denotes a lead(Pb)-free/RoHS-compliant device.
T = Tape and reel.
Note: All devices operate over the -40°C to +109°C temperature
range.

DeepCover is a registered trademark of Maxim Integrated Products, Inc.

Arm is a registered trademark and Mbed is a trademark of Arm Limited (or its subsidiaries) in the US and/or elsewhere.

For pricing, delivery, and ordering information, please contact Maxim Direct at 1-888-629-4642, or visit Maxim Integrated’s website at www.maximintegrated.com.

Maxim Integrated cannot assume responsibility for use of any circuitry other than circuitry entirely embodied in a Maxim Integrated product. No circuit patent licenses
are implied. Maxim Integrated reserves the right to change the circuitry and specifications without notice at any time. The parametric values (min and max limits)
shown in the Electrical Characteristics table are guaranteed. Other parametric values quoted in this data sheet are provided for guidance.

Maxim Integrated and the Maxim Integrated logo are trademarks of Maxim Integrated Products, Inc. © 2019 Maxim Integrated Products, Inc. │  4