SLUAAW0 May   2025 BQ41Z50

 

  1.   1
  2.   Abstract
  3.   Trademarks
  4. 1Introduction
  5. 2Authentication Scheme Comparison
  6. 3ECC Key Programming Within the Pack Manufacturing Flow
  7. 4Gauge Authentication Flow of the BQ41z50 Product Family
  8. 5Host Authentication Flow of the BQ41z50 Product Family
  9. 6Authentication Flow in BQSTUDIO
  10. 7Summary
  11. 8References

1 Introduction

Elliptic Curve Cryptography (ECC) is an authentication scheme that exploits the mathematical properties of elliptic curves to generate an asymmetrical private and public key pair. ECC algorithms are available in several different versions such as ECDSA (detailed in FIPS 186-5) and EC-KCDSA. The BQ41Zxx family of TI battery fuel gauges uses the Elliptic Curve Korean Certificate-based Digital Signature Algorithm (EC-KCDSA), implemented based on a paper published by the KCDSA Task Force Team.

The implementation used in the BQ41zxx family of devices provides an EC-KCDSA signature, or response from a challenge, based on the B-233 and uses a SHA-256 algorithm for the hash (detailed in FIPS 183-4). The implementation uses the X and Y coordinates of the public key and padded to the correct length.

The authentication functionality of the gauge is accessed through the SMBus interface using the MaufacturerAccess( ) command detailed in the BQ41z50 Technical Reference Manual. The BQ41z50 can be authenticated by a host device, such as a notebook computer, and the gauge can also authenticate the host to allow the gauge to be re-configured or reprogrammed.

Table 1-1 Summary of SMBus Commands Used
Type ID Function Mode Access
MAC 0x0034

HostPublicKey( )

Allows read and write of the host authentication public key.

Note 1 - Once host auth public key is set, legacy 'two-word unseal' method is IMMEDIATELY disabled.

Note 2 - This can be written back to all zeros to disable host auth while in full access mode.

 Read/Write

R: S/U/F

W: F
MAC 0x0036

GaugeAuthPubKey( )

A single "compressed point" public key for authenticating the device

Read returns the key status byte and 30 bytes of the public key (compressed with LSB first)

 Read

S/U/F
MAC 0x0038

ProdPrivateKey( )

Used to program the gauge authentication private key (private key 30 bytes + public key compressed point 30 bytes)

Write Only F
MAC 0x003a

ECC_MAC( )

Used to allow host authenticated unseal commands to run

 Read/Write S/U/F
MAC 0x003c

ECC_R

A read return the most recent gauge auth result r if available.

A writes is for the host to write authentication data to the gauge as part of ECC_MAC( ).

 Read/Write S/U/F
MAC 0x003d

ECC_S

A read return the most recent gauge auth result s if available

A writes is for the host to write authentication data to the gauge as part of ECC_MAC( ).

 Read/Write S/U/F

SBS

0x2f

GaugeAuthentication( )

Used to write challenge to gauge and read the 60-bytes of r and s.

 Read/Write S/U/F

For more information on the standards, see Section 8.