- Open Access
- Total Downloads : 198
- Authors : Cuong Tran Kien, Quoc Nguyen Phu, Quan Nguyen Hung
- Paper ID : IJERTV4IS090550
- Volume & Issue : Volume 04, Issue 09 (September 2015)
- Published (First Online): 28-09-2015
- ISSN (Online) : 2278-0181
- Publisher Name : IJERT
- License: This work is licensed under a Creative Commons Attribution 4.0 International License
A HF Radio Frequency Identification Digital Controller Architecture
T.K.Cuong, N.P.Quoc, N.H.Quan
IC Design Research and Education Center Vietnam National University-Ho Chi Minh City Ho Chi Minh City, Vietnam
AbstractA HF Radio Frequency Identification Digital Controller is designed as the central unit of the HF RFID Tag. It is compatible with the ISO/IEC 18000-3, the ISO/IEC 15693 and
-
Features
-
ARCHITECTURE
is successfully silicon proven. This design combines the analog module and the antenna module to form the complete tag. Our design supports most of the normal HF RFID Tag functions. Moreover, it has an error self-correction for the transmission and a special authentication method to improve the system security.
KeywordsTag, Radio Frequency Identification, HF.
-
INTRODUCTION
The Radio-frequency identification (RFID) is the wireless contactless. The tag contains electronically stored information and uses the radio frequency electromagnetic fields to transfer data. RFID tags can be passive, active or battery assisted passive. Tags may either be read-only, or read/write, or write- once, read-multiple.
RFID tag contains an analog module, a digital controller module, a memory and an antenna module. The digital controller is the central control part of the tag.
Our tag design supports most of features described in ISO/IEC 18000-3. Besides, it has four additionally authenticate commands to divide the memory into many security levels. To do that, an authenticate flow and a security handling are inserted; they are what different make our products with other devices.
DEMODULATOR
MODULATOR
RECTIFIER
ANTENNA
The overview of the HF Tag is shown on Figure 1.
clk reset datain
dataout
Digital control
Analog Front-end
EEPROM
POWER MANAGEMENT
Crypto engine
Random generation
CLOCK PROCESS
Fig. 1. HF RFID Tag overview
-
Compatible with ISO/IEC 18000-3 and ISO/IEC 15693.
-
13.56 MHz carrier frequency.
-
Uplink:
-
100% ASK modulation.
-
1/4 pulse position coding (26 Kbit/s).
-
1/256 pulse position coding (1.6 Kbit/s).
-
-
Downlink:
-
Manchester coding with 423 kHz and 484 kHz subcarrier in Fast data rate (26 Kbit/s) and Low data rate (6.6 Kbit/s).
-
-
2K bit EEPROM with Lock Block features.
-
64-bit unique identifier.
-
EAS (electronic article surveillance) features.
-
READ block and WRITE block (32-bit blocks).
-
-
-
-
Block Diagram
The digital controller is the central unit of the tag. It receives the command from the reader, handles the request and data response to the reader. There are three main modules: the data process module, the data flow module and the memory controller module.
The data process module handles the receiving data command, gives the arranged data to the data flow module; it doesnt care the content of the data. However, it modulates the output data and sends them to the analog modulation.
The data flow module analyzes the receiving command and gives the way to handle this command. It can either delete the corrupted command, or ignore, or respond to the reader. The data flow uses some functions such as: collision management, random generation, function calculation, and authentication to access the request from reader.
The memory controller manages the access of the EEPROM. Besides, the clock generator module divides and manages the system clock of the design and the reset generator manages the reset signal when full power received.
TAG_DATA_PROCESS
s_data_in
s_data_out
Four commands: The Authentication1, the Authentication2, the Write secure and the Read-multi secure are special commands that only in our design. These commands are designed for users private purpose. Their detail is described in the following.
-
ANALYSIS
clk_2
areset
AUTHEN
STATUS
FSM
TX
DEC
RX
clk_4 clk_32 clk_64
RESET GEN
CLOCK GEN
reset
TAG/READER FUNCTION CALCULATOR
TAG_FLOW_CTRL
CONFIGURE REGISTERS
EEPROM CONTROLLER
EEPROM INTERFACE
RANDOM NUMBER GENERATOR
COLLISION MANAGEMENT
A. Data Detection and Modulation
The Tag can detect data from reader in two data modes: 1/256 and 1/4. The base clock is divided by 4 to generate the sample clock. The lower clock increases the error rate but it saves the power consumption. The clock divisor ratio is chosen highest possible depending on the limit data error ratio.
TAG DIGITAL CONTROLLER
-
-
Commands
EEPROM ARRAY
Fig. 2. Digital controller module
input
High counter[13:6]
18.88us = 64×4 18.88us = 64×4 18.88us = 64×4
9.44us = 128
Data update
00h 01h 02h
Our design supports most of the command described on the ISO/IEC 18000-3. The structure of normal command is shown on the figure 3.
COMMAND
Request Start of Frame
Request Flags
Command Code
Data
CRC16
Request End of Frame
RESPONSE
Response Start of Frame
Response Flags
Data
CRC16
Response End of Frame
Fig. 3. Command and Response structure
One command fails if receiving timing failure, or CRC failure, or not supported command. All commands below are supported in our design:
TABLE I. TAG COMMANDS
Fig. 4. Data detection in 1/256 mode (example data 0x01h)
The detection counter is 14 bits wide. This number is enough to the longest timing (4.833 ms). We separate the counter into two parts: the unit part with 5 bits and the half- data part with 9 bits. The unit part detects in one modulation time (9.44 us).
The operation of the detection counter is described on Figure 4 (1/256 mode) and Figure 5 (1/4 mode). The valid data are temporarily saved in the data buffer at the rising edge modulation and loaded at the end of the detection period time (4.833 ms in 1/256 mode or 75.52 ms in 1/4 mode).
At the modulation time, there is no clock, because of the lost power. The counter doesnt count in 9.44 us, so the total counter steps calculated with sample clock is 16288 (64*255- 32) or 224 (64*4-32).
Command
Command code
Inventory
0x01
Stay quiet
0x02
Select
0x25
Reset to ready
0x26
Write block
0x21
Lock block
0x22
Read multi block
0x23
Write AFI
0x27
Set EAS (based AFI)
0x27
Reset EAS (based AFI)
0x27
EAS Alarm Inventory
0x01
Authentication1
0xF0
Authentication2
0xF1
Write secure
0xF2
Read multi secure
0xF3
input
75.52us = 256×4
37.76us = 128×4
28.32us = 96*4
9.44us
High
9.44us
Data update
change
counter[7:6]
00b 01b 10b 11b
Fig. 5. Data detection in 1/4 mode (example data 0x01b)
-
Error correction
When detecting sequential data packet, the counter may accumulate the remaining time of the previous packets. The remaining time causes the error if it is higher than 9.44 us. In some cases, one detection period is shorter than the standard, because of noise or other reason.
The remaining time of previous packet occurs because of the analog error modulation in falling/rising edge of the input line. It makes 8 times for falling edge and 6 times for rising edge. At the result, the maximum error cycle for each modulation is 14 clock cycles (10.9 %).
The reset time and reset value of the unit counter is the key of self-correction method. The unit counter is reset/set at the end of each detection period time (not reset/set at the rising edge of the input data). Depending on the remaining number in the unit counter at the reset/set time, the unit counter maybe reset to 0x00h or set to 0x1Eh. The error time can be corrected is maximum 4.72 us.
-
The master access rights: the hide and secret mode and designed for manufacture. These accesses are authenticated with two 96-bit master keys by special protocol.
-
The user access rights: the public mode and has three levels: the supper user access, the normal-user access and the free-user access.
reset
IDLE
Update parameter without data buffer
Invalid modulation
Valid end time
pass authen2
pass authen1
FFh 00h
Not update buffer if the unit counter < 16
reset authen (when 4 consecutive errors occur)
pass authen1
PASS_AU1
pass authen2
Invalid end time
Fig. 6. Error in the last phase
PASS_AU2
others
One special case occurs in detecting 0xFFh value (1/256 mode) or 0x11b (1/4 mode) with lacked timing (Figure 6), the data buffer isnt updated with the truth value even when finishing data frame and the modulation falls in the next frame (two modulations in one data frame). We use one status bit to determine the 0xFFh value (or 0x11b) and the remaining counter number time at the 0x00h data frame to remove the invalid modulation.
-
-
Authentication and security
The authentication and security method is used to limit the access right to the EEPROM memory. Normal user only accesses the simple task such as: read UID, read/write free user space. To access to other spaces, the user must authenticate by master key, or super key or normal key. In some cases, one space memory is written only one time and never written again.
For the secure command, signed-CRC is the enciphered CRC which is combined from normal CRC and a secure key (Master key, Super Key, User key 0, User key 1 or User Key 2). Signed-CRC is used into write secure, read multi secure, master authentication 1, master authentication 2, master authentication 3 and master authentication 4 command.
-
Tag access
The Tag memory is separated from many part, each part has the different access. All tag access levels relate to the secure bit and the recent status of the tag. There are two main access levels:
Fig. 7. User authentication process
Super key authenticate policy
Super key is used in the super user access mode. This mode can access all parts in the memory, while the user key is only used for the corresponding memory part. Super key is used to authenticate as following policy:
-
The reader sends the authentication command to the tag and specifies which secure key is used.
-
The tag generates a 48-bit random number and sends it to the reader.
-
The reader generates another 48-bit random number and calculates the functions TF (TRN, RRN, Key) and RF (TRN, RRN, Key) and then, responds to the tag by transmitting R and TF (TRN, RRN, Key).
-
The tag compares TF (TRN, RRN, Key) transmitted by the reader and TF (TRN, RRN, Key) that it has calculated. If TF=TF, the tag calculates the functions RF (TRN, RRN, Key) and sends it to the reader.
-
The reader compares RF (TRN, RRN, key) and RF (TRN, RRN, Key) calculated before. If RF=RF then the reader confirmed.
-
-
Memory Controller
-
Our design contains 2KB EEPROM that be controlled through the EEPROM Interface and EEPROM Controller. The Figure 8 describes the basic diagram and connection signals between the tag and the EEPROM components.
TAG
EEPROM
wr
rd
EEPROM interface
EEPROM controller
Analog driver
data addr
erase
ready
error
Fig. 8. EEPROM Digital Components
ARRAY
V. ACKNOWLEDGEMENT
Analog driver
We are indebted to Prof. Dr. Dang Luong Mo, advisor of VNU-HCM and ICDREC, for taking his time to thoroughly read our manuscript, help rewording it and finally reshaping it into the present form.
We would like to thank the Verification team, the Physical team and the Analog team of ICDREC for engineering support in the implementation of our design.
EEPROM interface is used to access (erase/read/write) EEPROM. All its signals are connected to EEPROM controller of EEPROM memory.
EEPROM controller is the digital controller of EEPROM, which implements the access mechanism of EEPROM. It is connected to the analog driver which drives directional the EEPROM array.
-
CONCLUSION
This paper introduces the architecture of the central control of the HF RFID Tag that runs well on FPGA and is successfully silicon proven. In addition to the conventional features, our design possesses some enhanced methods to improve system security and flexible usage.
The design, with more sophisticated tools similar to LEDA, VCS of Synopsys, will be used for a complete test of the design before manufacturing.
REFERENCES
-
ISO/IEC 18000, Part 3, Information Technology AIDC Techniques RFID for Item Management Air Interface, Part 3 Parameters for Air Interface Communications at 13.56 MHz.
-
ISO/IEC CD 15693-3, Identification Card Contactless integrated circuit(s) cards Vicinity cards Part 3: Anti-collision and transmission protocol.
-
STMicroelectronic Inc, ISO 15693 standard compliant, 13.56 MHz, 512 bit, high-endurance EEPROM TAG IC with EAS, November 2007.