The ATECC608A-TNGLoRaWAN has 16 slots that can be configured for different use cases. Below is a summary of those slots with their configuration and proposed uses for the ATECC608A-TNGLoRaWAN:
| Slot | Use Case | Description | Primary Configuration |
|---|---|---|---|
| 0 | NwkKey/AppKey | Derived parent keys - used for deriving all session keys. These keys are derived with the individual device serial number and master parent key; the derived keys are said to be diversified. | Never readable/writable. Derive key can be run with the repersonsalization key as the parent. Must supply DeriveKeyMAC. AES key. |
| 1 | Device private key | RFU - optional ECC private key. Device private key, public key can be generated from the private key. | ECC Private Key. Public Key can be generated, ECDH, external signs, permanent. |
| 2 | AppSKey | Application session key. Derived from AppKey and other information. | AES key. Always writable, encrypted reads with the IO protection key as read key. PubInfo set to allow KDF to write this slot. |
| 3 | NwkSEncKey | Network session encryption key. Derived from NwkKey and other information. | AES key. Always writable, encrypted reads with the IO protection key as read key. PubInfo set to allow KDF to write this slot. |
| 4 | SNwkSIntKey | Serving network session integrity key. Derived from NwkKey and other information. | AES key. Always writable, encrypted reads with the IO protection key as read key. PubInfo set to allow KDF to write this slot. |
| 5 | FNwkSIntKey | Forwarding network session integrity key. Derived from NwkKey and other information. | AES key. Always writable, encrypted reads with the IO protection key as read key. PubInfo set to allow KDF to write this slot. |
| 6 | JSIntKey | Join server integrity key. Derived from NwkKey and other information. | AES key. Always writable, encrypted reads with the IO protection key as read key. PubInfo set to allow KDF to write this slot. |
| 7 | JSEncKey | Join server encryption key. Derived from NwkKey and other information. | AES key. Always writable, encrypted reads with the IO Protection Key as read key. PubInfo set to allow KDF to write this slot. |
| 8 | Certificate data | RFU - signer and device compressed certificate data. | Always readable/writable. ECC public key. Lockable. |
| 9 | JoinEUI/DevNonce | JoinEUI and DevNonce, stored together in the same slot. Used in derive key calculation. | Always readable/writable. |
| 10 | DevEUI | Slot to hold a manually assigned IEEE EUI. Used to derive the session keys | Always readable/writable. Lockable. |
| 11 | McAppSKey | Multicast application session key. | AES key. Always writable, encrypted reads with the IO protection key as read key. PubInfo set to allow KDF to write this slot. |
| 12 | McNwkSKey | Muticast network session key. | AES key. Always writable, encrypted reads with the IO protection key as read key. PubInfo set to allow KDF to write this slot. |
| 13 | Repersonalization key | Diversified key that is used to derive a new set of NwkKey/AppKey parent keys (Slot 0). It can also be used as the encrypted write key for itself (Slot 13). | Never read, encrypted write. Repersonalization key is the write key. |
| 14 | IO protection key | Used to encrypt the output of the KDF command to encrypt newly derived keys back to the host. It can also be used as the encrypted read key for all session keys. | Never readable, always writable, lockable. ReqRand is set. |
| 15 | Reserved |