A HF Radio Frequency Identification Digital Controller Architecture

DOI : 10.17577/IJERTV4IS090550

Download Full-Text PDF Cite this Publication

Text Only Version

A HF Radio Frequency Identification Digital Controller Architecture

T.K.Cuong, N.P.Quoc, N.H.Quan

IC Design Research and Education Center Vietnam National University-Ho Chi Minh City Ho Chi Minh City, Vietnam

AbstractA HF Radio Frequency Identification Digital Controller is designed as the central unit of the HF RFID Tag. It is compatible with the ISO/IEC 18000-3, the ISO/IEC 15693 and

  1. Features

    1. ARCHITECTURE

      is successfully silicon proven. This design combines the analog module and the antenna module to form the complete tag. Our design supports most of the normal HF RFID Tag functions. Moreover, it has an error self-correction for the transmission and a special authentication method to improve the system security.

      KeywordsTag, Radio Frequency Identification, HF.

      1. INTRODUCTION

        The Radio-frequency identification (RFID) is the wireless contactless. The tag contains electronically stored information and uses the radio frequency electromagnetic fields to transfer data. RFID tags can be passive, active or battery assisted passive. Tags may either be read-only, or read/write, or write- once, read-multiple.

        RFID tag contains an analog module, a digital controller module, a memory and an antenna module. The digital controller is the central control part of the tag.

        Our tag design supports most of features described in ISO/IEC 18000-3. Besides, it has four additionally authenticate commands to divide the memory into many security levels. To do that, an authenticate flow and a security handling are inserted; they are what different make our products with other devices.

        DEMODULATOR

        MODULATOR

        RECTIFIER

        ANTENNA

        The overview of the HF Tag is shown on Figure 1.

        clk reset datain

        dataout

        Digital control

        Analog Front-end

        EEPROM

        POWER MANAGEMENT

        Crypto engine

        Random generation

        CLOCK PROCESS

        Fig. 1. HF RFID Tag overview

        • Compatible with ISO/IEC 18000-3 and ISO/IEC 15693.

        • 13.56 MHz carrier frequency.

        • Uplink:

          • 100% ASK modulation.

          • 1/4 pulse position coding (26 Kbit/s).

          • 1/256 pulse position coding (1.6 Kbit/s).

        • Downlink:

          • Manchester coding with 423 kHz and 484 kHz subcarrier in Fast data rate (26 Kbit/s) and Low data rate (6.6 Kbit/s).

        • 2K bit EEPROM with Lock Block features.

        • 64-bit unique identifier.

        • EAS (electronic article surveillance) features.

        • READ block and WRITE block (32-bit blocks).

  2. Block Diagram

    The digital controller is the central unit of the tag. It receives the command from the reader, handles the request and data response to the reader. There are three main modules: the data process module, the data flow module and the memory controller module.

    The data process module handles the receiving data command, gives the arranged data to the data flow module; it doesnt care the content of the data. However, it modulates the output data and sends them to the analog modulation.

    The data flow module analyzes the receiving command and gives the way to handle this command. It can either delete the corrupted command, or ignore, or respond to the reader. The data flow uses some functions such as: collision management, random generation, function calculation, and authentication to access the request from reader.

    The memory controller manages the access of the EEPROM. Besides, the clock generator module divides and manages the system clock of the design and the reset generator manages the reset signal when full power received.

    TAG_DATA_PROCESS

    s_data_in

    s_data_out

    Four commands: The Authentication1, the Authentication2, the Write secure and the Read-multi secure are special commands that only in our design. These commands are designed for users private purpose. Their detail is described in the following.

        1. ANALYSIS

          clk_2

          areset

          AUTHEN

          STATUS

          FSM

          TX

          DEC

          RX

          clk_4 clk_32 clk_64

          RESET GEN

          CLOCK GEN

          reset

          TAG/READER FUNCTION CALCULATOR

          TAG_FLOW_CTRL

          CONFIGURE REGISTERS

          EEPROM CONTROLLER

          EEPROM INTERFACE

          RANDOM NUMBER GENERATOR

          COLLISION MANAGEMENT

          A. Data Detection and Modulation

          The Tag can detect data from reader in two data modes: 1/256 and 1/4. The base clock is divided by 4 to generate the sample clock. The lower clock increases the error rate but it saves the power consumption. The clock divisor ratio is chosen highest possible depending on the limit data error ratio.

          TAG DIGITAL CONTROLLER

  3. Commands

    EEPROM ARRAY

    Fig. 2. Digital controller module

    input

    High counter[13:6]

    18.88us = 64×4 18.88us = 64×4 18.88us = 64×4

    9.44us = 128

    Data update

    00h 01h 02h

    Our design supports most of the command described on the ISO/IEC 18000-3. The structure of normal command is shown on the figure 3.

    COMMAND

    Request Start of Frame

    Request Flags

    Command Code

    Data

    CRC16

    Request End of Frame

    RESPONSE

    Response Start of Frame

    Response Flags

    Data

    CRC16

    Response End of Frame

    Fig. 3. Command and Response structure

    One command fails if receiving timing failure, or CRC failure, or not supported command. All commands below are supported in our design:

    TABLE I. TAG COMMANDS

    Fig. 4. Data detection in 1/256 mode (example data 0x01h)

    The detection counter is 14 bits wide. This number is enough to the longest timing (4.833 ms). We separate the counter into two parts: the unit part with 5 bits and the half- data part with 9 bits. The unit part detects in one modulation time (9.44 us).

    The operation of the detection counter is described on Figure 4 (1/256 mode) and Figure 5 (1/4 mode). The valid data are temporarily saved in the data buffer at the rising edge modulation and loaded at the end of the detection period time (4.833 ms in 1/256 mode or 75.52 ms in 1/4 mode).

    At the modulation time, there is no clock, because of the lost power. The counter doesnt count in 9.44 us, so the total counter steps calculated with sample clock is 16288 (64*255- 32) or 224 (64*4-32).

    Command

    Command code

    Inventory

    0x01

    Stay quiet

    0x02

    Select

    0x25

    Reset to ready

    0x26

    Write block

    0x21

    Lock block

    0x22

    Read multi block

    0x23

    Write AFI

    0x27

    Set EAS (based AFI)

    0x27

    Reset EAS (based AFI)

    0x27

    EAS Alarm Inventory

    0x01

    Authentication1

    0xF0

    Authentication2

    0xF1

    Write secure

    0xF2

    Read multi secure

    0xF3

    input

    75.52us = 256×4

    37.76us = 128×4

    28.32us = 96*4

    9.44us

    High

    9.44us

    Data update

    change

    counter[7:6]

    00b 01b 10b 11b

    Fig. 5. Data detection in 1/4 mode (example data 0x01b)

    1. Error correction

      When detecting sequential data packet, the counter may accumulate the remaining time of the previous packets. The remaining time causes the error if it is higher than 9.44 us. In some cases, one detection period is shorter than the standard, because of noise or other reason.

      The remaining time of previous packet occurs because of the analog error modulation in falling/rising edge of the input line. It makes 8 times for falling edge and 6 times for rising edge. At the result, the maximum error cycle for each modulation is 14 clock cycles (10.9 %).

      The reset time and reset value of the unit counter is the key of self-correction method. The unit counter is reset/set at the end of each detection period time (not reset/set at the rising edge of the input data). Depending on the remaining number in the unit counter at the reset/set time, the unit counter maybe reset to 0x00h or set to 0x1Eh. The error time can be corrected is maximum 4.72 us.

      • The master access rights: the hide and secret mode and designed for manufacture. These accesses are authenticated with two 96-bit master keys by special protocol.

      • The user access rights: the public mode and has three levels: the supper user access, the normal-user access and the free-user access.

        reset

        IDLE

        Update parameter without data buffer

        Invalid modulation

        Valid end time

        pass authen2

        pass authen1

        FFh 00h

        Not update buffer if the unit counter < 16

        reset authen (when 4 consecutive errors occur)

        pass authen1

        PASS_AU1

        pass authen2

        Invalid end time

        Fig. 6. Error in the last phase

        PASS_AU2

        others

        One special case occurs in detecting 0xFFh value (1/256 mode) or 0x11b (1/4 mode) with lacked timing (Figure 6), the data buffer isnt updated with the truth value even when finishing data frame and the modulation falls in the next frame (two modulations in one data frame). We use one status bit to determine the 0xFFh value (or 0x11b) and the remaining counter number time at the 0x00h data frame to remove the invalid modulation.

    2. Authentication and security

      The authentication and security method is used to limit the access right to the EEPROM memory. Normal user only accesses the simple task such as: read UID, read/write free user space. To access to other spaces, the user must authenticate by master key, or super key or normal key. In some cases, one space memory is written only one time and never written again.

      For the secure command, signed-CRC is the enciphered CRC which is combined from normal CRC and a secure key (Master key, Super Key, User key 0, User key 1 or User Key 2). Signed-CRC is used into write secure, read multi secure, master authentication 1, master authentication 2, master authentication 3 and master authentication 4 command.

    3. Tag access

      The Tag memory is separated from many part, each part has the different access. All tag access levels relate to the secure bit and the recent status of the tag. There are two main access levels:

      Fig. 7. User authentication process

      Super key authenticate policy

      Super key is used in the super user access mode. This mode can access all parts in the memory, while the user key is only used for the corresponding memory part. Super key is used to authenticate as following policy:

      • The reader sends the authentication command to the tag and specifies which secure key is used.

      • The tag generates a 48-bit random number and sends it to the reader.

      • The reader generates another 48-bit random number and calculates the functions TF (TRN, RRN, Key) and RF (TRN, RRN, Key) and then, responds to the tag by transmitting R and TF (TRN, RRN, Key).

      • The tag compares TF (TRN, RRN, Key) transmitted by the reader and TF (TRN, RRN, Key) that it has calculated. If TF=TF, the tag calculates the functions RF (TRN, RRN, Key) and sends it to the reader.

      • The reader compares RF (TRN, RRN, key) and RF (TRN, RRN, Key) calculated before. If RF=RF then the reader confirmed.

    4. Memory Controller

Our design contains 2KB EEPROM that be controlled through the EEPROM Interface and EEPROM Controller. The Figure 8 describes the basic diagram and connection signals between the tag and the EEPROM components.

TAG

EEPROM

wr

rd

EEPROM interface

EEPROM controller

Analog driver

data addr

erase

ready

error

Fig. 8. EEPROM Digital Components

ARRAY

V. ACKNOWLEDGEMENT

Analog driver

We are indebted to Prof. Dr. Dang Luong Mo, advisor of VNU-HCM and ICDREC, for taking his time to thoroughly read our manuscript, help rewording it and finally reshaping it into the present form.

We would like to thank the Verification team, the Physical team and the Analog team of ICDREC for engineering support in the implementation of our design.

EEPROM interface is used to access (erase/read/write) EEPROM. All its signals are connected to EEPROM controller of EEPROM memory.

EEPROM controller is the digital controller of EEPROM, which implements the access mechanism of EEPROM. It is connected to the analog driver which drives directional the EEPROM array.

      1. CONCLUSION

This paper introduces the architecture of the central control of the HF RFID Tag that runs well on FPGA and is successfully silicon proven. In addition to the conventional features, our design possesses some enhanced methods to improve system security and flexible usage.

The design, with more sophisticated tools similar to LEDA, VCS of Synopsys, will be used for a complete test of the design before manufacturing.

REFERENCES

  1. ISO/IEC 18000, Part 3, Information Technology AIDC Techniques RFID for Item Management Air Interface, Part 3 Parameters for Air Interface Communications at 13.56 MHz.

  2. ISO/IEC CD 15693-3, Identification Card Contactless integrated circuit(s) cards Vicinity cards Part 3: Anti-collision and transmission protocol.

  3. STMicroelectronic Inc, ISO 15693 standard compliant, 13.56 MHz, 512 bit, high-endurance EEPROM TAG IC with EAS, November 2007.

Leave a Reply