RFID ToolBOX

Warsaw University of Technology Faculty of Electronics and Information Technology Electrical and Computer Engineering

Bachelor of Science Thesis

RFID Reader/Writer Supervisor Dr J. Domaszewicz

Authors: Łukasz Geldner Paweł Nowiński

RFID ToolBOX 30 September 2003 About authors

Łukasz Geldner

I was born on July 19, 1980 in Polczyn Zdroj in Poland. I graduated from XXX LO under the patronage of J. Sniadecki in Warsaw. I am studying at the Warsaw University of Technology in the Faculty of Electronics and Information Technology, specialization in Computer Systems and Networks.

Łukasz Geldner

B.Sc. Examination Examination was held on ………………………………………………………………………. With the result: …………………………………………………………………………………. Final Result of the Studies: …………………………………………………………………….. Suggestions and Remarks of the B.Sc. Examination Committee ……………………………… …………………………………………………………………………………………………...

…………………………………………………………………………………………...

-2-

RFID ToolBOX

Paweł Nowiński

I was born on July 29, 1979 in Warsaw, Poland. In 1999, I graduated with honors from Technical Secondary School. My diploma work was Function Generator. Currently, I am studying at the Warsaw University of Technology in the Faculty of Electronics and Information Technology, specialization in Computer Systems and Networks. I am interested in computer technology and extreme sports.

Paweł Nowiński

B.Sc. Examination Examination was held on ………………………………………………………………………. With the result: …………………………………………………………………………………. Final Result of the Studies: …………………………………………………………………….. Suggestions and Remarks of the B.Sc. Examination Committee ……………………………… …………………………………………………………………………………………………...

…………………………………………………………………………………………... -3-

RFID ToolBOX

Abstract

This paper describes the Reader-Writer device hardware and software construction. It introduces newcomers with RFID technology, contains review of Reader-Writer operating principle together with applications. Other important issues involved in subject are presented and explained thoroughly in following chapters. Paper is dedicated to anyone, who wants to deep RFID knowledge and most typical problems connected with it. Basic electronic knowledge as well as some programming experience will be helpful to fully understand the subject. The paper introduces Java Micro Edition API for the device, which allow in easy way to use the Reader-Writer with external mobile devices from CLDC profile, like PDAs, cellular phones. -4-

RFID ToolBOX

Table of Contents ABOUT AUTHORS ........................................................................................................................2 Łukasz Geldner......................................................................................................................2 Paweł Nowiński ......................................................................................................................3 ABSTRACT ..................................................................................................................................4 FIGURES INDEX ...........................................................................................................................7 TABLES INDEX ............................................................................................................................8 PROJECT DESCRIPTION .....................................................................................................10 1.

INTRODUCTION TO RFID......................................................................................12 1.1 OVERVIEW ......................................................................................................................12 1.2 RFID NEED OF TECHNOLOGY .............................................................................................14 1.3 RFID STANDARDS ..............................................................................................................16 1.3.1 Carrier frequencies .....................................................................................................17 1.3.2 Standards tree .............................................................................................................18 1.4 RF WORKING PRINCIPLE ....................................................................................................19

2. HARDWARE BACKGROUND ..........................................................................................21 2.1 TAG TYPES REVIEW ............................................................................................................21 2.2 MODULATIONS TYPES USED IN TAGS - OVERVIEW [3] .........................................................22 2.3 SUPPORTED TRANSPONDERS DESCRIPTIONS .......................................................................24 2.3.1 The Sokymat UNIQUE ................................................................................................24 2.3.2 The Sokymat Q5 [4] ....................................................................................................25 2.3.2.1 The Q5 special features...................................................................................................27 Password Mode - Security strength ............................................................................................30 2.3.2.2 Writing procedure ...........................................................................................................30 Writing Data ...............................................................................................................................32 Opcodes ......................................................................................................................................33 2.3.3 Other compatible transponder types ...........................................................................34 2.4 COLLISIONS ISSUES .............................................................................................................36 2.4.1 Different solutions .......................................................................................................36 3.

RFID TOOLBOX HARDWARE DESIGN...............................................................39 3.1 HARDWARE ASSUMPTIONS..................................................................................................39 3.2 WORKING PRINCIPLE ..........................................................................................................40 3.2.1 Device Working principle block diagram ...................................................................41 3.2.2 Device parts block diagram ........................................................................................42 3.2.3 Explanation to block diagrams ...................................................................................43 3.3 SCHEMATIC DIAGRAM.........................................................................................................43 3.4 PCB DESIGN AND SPECIAL CONSIDERATIONS (ANTENNA AND ROUTES) .............................45 3.5 POSSIBLE UPGRADE ............................................................................................................45 3.5.1 Use of Philips HTRC1100 family Tag Reader IC .......................................................45 3.5.2 Other possibility of PCB usage ...................................................................................47 3.6 FUNCTIONAL DESCRIPTION OF ELEMENTS ...........................................................................47 3.6.1 ATmega16L .................................................................................................................47 3.6.2 MAX3232 and electronic key switching circuit...........................................................49 3.6.3 DS1813 Reset Integrated Circuit [9] ..........................................................................51 3.6.4 Sokymat TagReader IC................................................................................................53 -5-

RFID ToolBOX 3.6.4.1 Technical description......................................................................................................55 Selected electrical and switching characteristics ........................................................................56 3.6.4.2 Serial Interface operation................................................................................................56 Data entering into serial interface...............................................................................................57 Interface Reset: ...........................................................................................................................58 Transponder data reception.........................................................................................................59 Bits meaning in Structure of Serial Interface Command [10] ....................................................60 Typical Operating Application ...................................................................................................64 3.6.4.3. Any Tag Writing Possibility..........................................................................................64 3.6.5 Antenna design considerations....................................................................................65 3.6.5.1 EMI filter in case of noisy environment .........................................................................66 4.

DEVICE TESTING.....................................................................................................68 4.1 DATA ACQUIRE TESTS .....................................................................................................68 4.2 WAVEFORMS AND TIMINGS MEASUREMENTS ......................................................................69

5.

RFID TOOLBOX DESIGN ........................................................................................72

5.1 DEVICE BLOCK DIAGRAM................................................................................................72 5.2 RFID TOLL BOX PROTOCOL...........................................................................................73 5.3 J2ME API ......................................................................................................................74 5.3.1 J2ME short introduction. ........................................................................................74 5.3.2 Java Editions...........................................................................................................74 5.3.3 Configuration..........................................................................................................75 5.3.4 Java Virtual Machine..............................................................................................77 5.4 API DESIGN ....................................................................................................................77 5.4.1 J2ME interface. ...........................................................................................................77 5.4.1.1 Reading data from the TAG............................................................................................78 5.4.1.2 Writing data to the Tag. ..................................................................................................79 5.4.1.3 Getting information about supported tag architectures...................................................79 5.4.1.4 Shutting down the Sykomat reader.................................................................................80 5.4.1.5 RFIDrwSupport class code overview. ............................................................................80 5.4.2 Test Application...........................................................................................................84 5.4.2.1 Class Diagram.................................................................................................................85 5.4.2.2 Class My_Menu..............................................................................................................85 5.4.2.3 Class Base_Demo ...........................................................................................................89 5.4.2.4 Class Tag_Type ..............................................................................................................90 5.4..2.5 Class Read_Tag .............................................................................................................92 5.4..2.6 Class Write_Tag ............................................................................................................94 5.4.3 Microprocessor software.............................................................................................98 6. BIBLIOGRAPHY AND REFERENCES .........................................................................105

-6-

RFID ToolBOX Figures index

Figure 1.a. RFID ToolBOX Working Principle Diagram Figure 1.3.1.a Applications division according to carrier frequencies Figure 1.3.2.a. Standards Tree Figure 1.4.a. Bit rate explanation Figure2.1.a. Manchester coding example Figure 2.2.a. Timing Diagrams for Modulation Options Figure 2.3.1.a. Unique memory organisation Figure 2.3.2.a. Sokymat Q5 memory Figure 2.3.2.b. Voltage on tag coil after POR Figure 2.3.2.1.a. Q5 transmission Figure 2.3.2.1.b. MAXBLK=2 example Figure 2.3.2.1.c. Reset mode - read synchronisation Figure 2.3.2.1.d. AOR mode Figure 2.3.2.1.e. AOR mode Figure 2.3.2.2.a. Start of writing Figure 2.3.2.2.b. Complete writing sequence Figure 2.3.2.2.c. Block 0 configuration mapping Figure 2.3.3.a. H4102, H4005, H4105 tags memory map Figure 2.3.3.b. Tiris Data Format Figure 2.4.1.a. QTree Anti-collision Figure 3.2.1 Device Working principle block diagram Figure 3.2.2 Device parts block diagram Figure 3.5.1.a, Picture of pin assignments of Philips Figure 3.6.1.a. Pinouts ATmega16L Figure 3.6.2.a. MAX3232 functional diagram Figure 3.6.2.b. MAX3232 Pin topology and Figure 3.7.6.3.a. DS1813 TO-92 Figure 3.6.3.b. Pushbutton reset circuit Figure 3.6.4.a. Pin Assigment Figure 3.6.4.2.a. Serial interface I/O timing Figure 3.6.4.2.b. Serial Interface state transition diagram Figure 3.6.4.2.c. Serial Interface Data Entering Figure 3.6.4.2.d. Serial Interface Reset Figure 3.6.4.2.e. Start of communication Figure 3.6.4.2.f. Structure of Serial Interface Command Figure 3.6.4.2.i. Typical operating configuration, with direct µC interface Figure 3.6.5.a. Antenna current vs. Quality Factor Figure 3.6.5.1.a. EMI filter configuration Figure 4.2.a Sokymat Command Figure 4.2.b. Sokymat Reset Command Figure 4.2.c. Sokymat 8-bit Command Transmit Figure 4.2.d. Start od Tag Response Figure 4.2.e. Response without antenna Figure 5.1.a. RFID ToolBOX block diagram Figure 5.2.b. Received data frame. Figure 5.3.2.a. Java editions. (D. sheet Java 2 Micro Edition. sun.com/software) -7-

11 17 18 20 21 23 24 26 27 28 28 29 29 29 31 33 34 35 36 38 41 42 46 48 50 51 52 53 54 56 56 57 58 59 60 64 65 66 69 70 70 70 71 72 74 75

RFID ToolBOX Figure 5.4.2.1.a. Class Diagram

85

Figure 5.4.2.2.a. My_Menu class screen shot Figure 5.4.2.4.a. Tag_Type class screen shot Figure 5.4.2.5.a. Read_Tag class screen shot Figure 5.4.2.6.a. Write_Tag class screen shot Figure 5.4.2.7.a. Get_Info class screen shot Figure 5.4.2.8.a. ShutDown class screen shot.

86 91 93 94 96 97

Tables index Table 2.3.2.2.a. Q5 writing timings Table 2.3.2.2.b Modes of operation Table 3.5.1.b. Pin assignment for Philips HTRC Table 3.6.1.a. Sleep modes of AVR Table 3.7.2.c. MAX3232 pin description Table 3.6.4.b. Pin Descriptions Table 3.6.4.1.a. Operating conditions – technical specification Table 3.6.4.1.b. Timing characteristics Table 3.6.4.2.g. Gain setting Table 3.6.4.2.h. Diagnostic information summary Table 5.2.a. RFID Tool Box command map Table 5.2.a. RFID Reader/Writer command map

-8-

31 33 46 48 50 54 55 55 62 63 73 73

RFID ToolBOX

We are grateful to our Parents for their support, To our Fiancées for their patience and understanding, Thanks for project coverage and comments to our Supervisors Dr J. Domaszewicz and MSc A. Pruszkowski, Special thanks to Mr. L. Dunin for invaluable help, And also to Advanced Measurement Technologies® for measurement equipment.

-9-

RFID ToolBOX

Project Description

The paper presents RFID Reader / Writer Device called later in document as RFID ToolBOX, which can be used in various contactless data acquiring applications. The device is designed on the basis of Atmega16L AVR microcontroller that communicates with Sokymat Integrated Circuit which stands as a front-end with Radio Frequency IDentification technology. The RFID system consists of an antenna or coil, a transceiver and a transponder or tag. A radio signal emitted by the antenna activates the tag allowing it to be read or written. RFID ToolBOX communicates with mobile device. Device is capable of reading information stored on transponders and present results to user in human readable form. The project development consists of several stages. First was PCB board design together with elements selection. Next step was a software design and implementation in a meaning of protocols, API and functional application. RFID ToolBOX can offer new kind of functionality yet not present on the market. There exists mobile tag readers offered by almost each manufacturer, but they all have common drawback, data gathered can't be immediately sent to remote location. Proposed device has such feature, what can be widely used in token passing for cryptography purposes or digital signing. Of course it can work as ordinary reader, but possibility of sending data to remote location immediately after reading gives it a major advantage. Small size and almost weightless box, attached to mobile device gives a very handy solution. Three most common transponder types are supported: Sokymat UNIQUE – Read Only, Sokymat Q5 – Read/Write and other manufactures tags (MicroChip, Atmel), keeping well defined memory organisation. Block diagram on Figure 1.a. explains RFID ToolBOX working principle.

- 10 -

RFID ToolBOX

Excitation signal (ASK) modulation) RFID Reader/Writer (interrogator)

Different TAG/s

Excited tag starts sending back information with predefined modulation and bit length

Communication with computer or phone

Figure 1.a. RFID ToolBOX Working Principle Diagram

- 11 -

RFID ToolBOX

1. Introduction to RFID 1.1 Overview The abbreviation RFID comes from Radio Frequency Identification, sometimes this technology is called an Automatic Identification [1] and Data Capture (AIDC) and come into being as a natural upgrade of Barcode Labels, commonly used in 80'ties and of course nowadays. RFID is relatively new invention, not older than 10 years. First works, tests and ideas appeared in 1991, but first real solutions appeared in 1995. Nowadays, it's very popular. In general, RFID is a system where special data carried in suitable transponders, commonly known as RF tags, is retrieved at the appropriate time and place by means of an antenna and a transceiver i.e. reader device1. RF tags are available in a variety of shapes and sizes, but this will be discussed more thoroughly later in Tag Types Review section. Transponders carry data, which may provide identification for items in manufacture, goods in transit, identity of an animal, person or vehicle as well as any item that requires tracking or identification. RF technology is commonly used in Time and Attendance Control. For example, every member of company has it's own unique RF tag. When coming to work in the morning, door to company opens just for him, his presence is registered in computer because RFID system reads data from tag. This is very convenient, no paper signing, workers are wirelessly recognised. Tags are also used in facilities like ski lifts and swimming pools. In first case, skier buys some amount of ski lift gate re-enters. This is programmed into RF tag and gate to ski lift opens only that amount of times it is paid for and only for person who carry the tag. At swimming pools, users pay for time spent at facility. When entering pool, client receives a tag with programmed time of arrival. This tag also opens and closes his cabinet. When leaving the pool cashier reads data from tag and charges the user appropriately. Access Control is another example for RFID. Let's assume that for security reasons not every member, worker or just a visitor of company should have access to some parts of 1

Later in document, name Reader can be used interchangeably with scanner, interrogator or transceiver.

- 12 -

RFID ToolBOX building, special rooms, etc. With RF technology it's very easy to implement it without a problem of hundreds of keys. Tags are easily programmed, so according to function or worker privileges, data written to tag can open just that doors and gates that are designated for particular person. Manager should have access to all rooms, but servicing staff only to that part of building where something needs repairing. Item Management and Inventory Control is also a very popular piece of market where RF technology finds application. Valuable goods can be uniquely and genuinely marked during process of production. Imagine situation, when manufacturer of well-known, world-wide recognisable brand wants to have certainty that his products won't be forged. Adding special RF tag with proper information to the final product during the assembling on production line can solve this problem. Such tags are for example sealed into truck tires at some stage of production. They are hidden in some tread layer and can't be extracted for future reuse without permanent destruction of the tire. Doing as described above, producer achieves several advantages. Firstly, purchaser has a certainty, that he is paying money (in many cases, meaningful amounts) for genuine goods. Customer is also sure that he won't pay too much for something that is not original and therefore can be faulty or even dangerous in usage. Second issue is security reason looking from the producer point of view, especially if we're talking about truck tires, which must be reliable. Electronic Article Surveillance (EAS) also uses more or less sophisticated RF tags. There exists many types of protection, most popular and probably seen by everybody are thin metal strips, sometimes in form of looped antenna placed inside books or magazines. When someone tries to cross the interrogator gates without paying, alarm is activated. The deactivation is done while paying at clerk stand. Of course these metal strips contains no special information, they just distorts the electromagnetic field in interrogator's region. But there exists more complex tags and its usage is dependent on kind of goods it is protecting and kind of information it keeps, in order to secure an item. RFID plays significant role in animal's identification. There exist special tags, which can be applied beneath the skin of domestic, stock and even wild animals. Dogs, cats, sometimes birds or even seals are tagged in order to recognise their owner, when they lost or to analyse migration route in case of wild ones. Most often tag is in form of little glass pill, where information about creature like age or diseases it took, can be stored and updated if necessary. Pill in such form is placed just under the skin and in no way can harm the carrier. Veterinarian has a special device that can read or write information about animal. - 13 -

RFID ToolBOX

Besides all of applications presented above RF tags are used commonly in many more applications, listing them all would be beyond scope of this document, but they all can be grouped as Industry, Scientific and Medical - ISM. RF tags are widely used in car theft protection. It comes in hand with valuable item management. In shipping, logistics, retail supply chain, parcel and postal service logistics tags play a crucial role as a most handy and reliable form of marking parcels, packages, even freight containers. Transportation fleet management and corporate asset control benefits form RF technology. Tags can be screw-shaped to identify trees or wooden items. What can be surprising, there exists even pigeon rings RF tags with possibility of writing data that are used to mark birds, rare species all over the world. In racing industry, cars, boats, motorbikes have build in tags to ease measurement of time attendance at checkpoints. In some countries, cars with build in tags can cross highway gates without the necessity to stop and pay. Special system registers, that car with unique id number is approaching, id is connected in database with some person, which account is charged for highway fee. The growing acceptance of RF-ID tags across a range of industries is one of the major reasons for their strong projected market growth. Market researcher Frost & Sullivan [2] has projected that the RF-ID tags sector will have grown from US$ 664.3 million in 1999 to US$ 2 billion by 2006. According to Frost & Sullivan, the main forces driving this growth are decreasing prices, new innovations, and progress with standardisation. RF-ID tags are usually disposable;

there

is

therefore

considerable

pressure

to

keep

the

prices

low.

1.2 RFID need of technology

RFID development was so fast and successful not only because of strong demand for electronic tagging. RF identification is sometimes called as contactless identification. Most probably this is the key to success. Earlier, before RFID systems started conquering the market on large scale, barcode labels were extremely popular and still are in some areas. Comparing the production cost of single tag with cost of barcode label printout, second one still is about ten times cheaper. In many not demanding applications, barcode labels won't ever give place to RF tagging, because of low costs (assuming equal maintenance costs). On the other hand, single RF tag can work - 14 -

RFID ToolBOX properly for several years. I can't imagine an example of a barcode label sticker, which won't be broken after a half year, not to mention two or more of extensive usage. One can see that costs of introduction RF system are now comparable to barcode labels. What's more, RF gives more benefits, which are in some cases invaluable. Process of data capture can be automated and can be performed at extremely large speeds, minimising time involved in identification. Barcode labels can be read only in frontal position with very limited deviation. Reading distance is also not very long and strongly depends on air transparency. Direction and position of RF transponder during reading process is completely free, assuming tag is in read range of the reader. Barcode labels are unreliable, not resistant to heat, dirt, scratches and other aggressive factors. Here comes RF tagging solution. Data stored on tag is very well protected against harsh environment. Water, heat, pressure, dirt or even fire is not an issue in this case, supposing proper package is choose. In contrast to barcode labels, to read information stored on tag there is no need to be in line of sight with it, no physical contact is needed between reader and transponder. Tags can be read through a variety of substances and surfaces such as cardboard, plastic, paint, snow, ice, fog and even grease and grime. Suppose there is a plastic box, in which several items are kept. Let's assume that each item has a tag attached to it. Now we can read information stored on tags despite we can't see them. There is no other technology giving such solution. Probably this feature has decided about variety of applications and explosion of RFID popularity. Finally, possibility of writing data into tags renders RFID systems extremely practical, which is impossible to implement in barcode labelling. At first sight, RFID cost wise competition at current stage with other means of optically read technologies can be questionable, but extra capabilities and extended functionality that RF technology gives, strong points I introduce above, makes this technology very convenient and impossible to be replaced by any other known.

- 15 -

RFID ToolBOX

1.3 RFID Standards

There exists standards defining frequency range, the way tag communicate with reader, how it responds for special commands and excitation, data transfer syntax, uniqueness of ID number stored in tag. But, many manufacturers introduce their own standards and add special functionality to tags, making them almost incompatible with devices of other manufacturers. Of course tags produced by different manufacturers have some common similarities and functionality, but very limited. Taking what's above into consideration and fact, that there is no uniformity obtained so far it would be very hard to implement a device that will recognise properly every kind of transponder. Reader device must narrow down scope of tag types it will be able to recognise, read correctly, without errors and if possible, write keeping special, appropriate data syntax for particular tag. Main producers of RFID systems like Texas Instruments with it's TIRIS or Philips with Hitag were developing and introducing their own RF systems for years, they have a stable position on the market and they don't need new standards. Most probably, standards introduced by international committees will be thoroughly discussed and taken under consideration according to solutions of Philips and Texas Instruments, Hitachi, Siemens, Sokymat, SwatchMarin and Atmel. In general current solutions of main producers in no way complies with real standards coming from ISO. Figure 1.3.2.a shows ISO standards tree organisation with a root to SC 31 subcommittee and WG4 Group that works on RF Tags standards. Figure 1.3.1.a. presents applications of RF identification according to carrier frequencies of used tags. Abbreviation EAS mean Electronic Article Surveillance applications, ISM Industry, Scientific and Medical purposes applications.

- 16 -

RFID ToolBOX

1.3.1 Carrier frequencies

RFID:

RFID:

Access Control Animal ID Inventory control Time/Attendance, ski lifts Shi i l d

RFID & I.C. Cards EAS, ISM

Toll Roads Item Management ISM

RFID: Item Management Microwave EAS

Data Terminal

Low Freq. EAS Data Modem

10 kHz

Radio Toys

100 kHz

Mid. Freq. EAS AM

1 MHz

CB

10 MHz

Cell Phone

TV Garage FM Door

100 MHz

1000 MHz

Figure 1.3.1.a Applications division according to carrier frequencies

2.45 GHz

300 GHz

RFID ToolBOX

1.3.2 Standards tree

International Standards Organization (ISO)

ISO/IEC Joint Technical Committee 1 (JTC 1)

International Electrotechnical Commission (IEC)

SC 17

...

SC (Subcommittee) 31 Automatic Identification and

IC Card

Data Capture Techniques

WG 3

WG 4 RF Tags ISO 18000

RFID data/Transfer Syntax SG1 Unique RF Tag ID SG2 Air Interface SG3 Data Objects (Regulatory) SG4 Application Requirements Profiles Figure 1.3.2.a. Standards Tree

- 18 -

RFID ToolBOX

1.4 RF Working Principle

Few questions can arise. How the tag is powered? Is it intelligent enough to know when to transmit stored data? Here comes the answer. The tag is activated by a radio signal with pre-set frequency and sends a signal in return. Returning signal contain desirable information in form of unique identification number or other data. Electromagnetic wave sent from interrogator gives power to wake up the tag, power it's internal circuits and give energy to transmit data. Information exchange is done via air interface, precisely through electromagnetic waves, so without physical contact with reader. Readers and tags communicate using low power radio frequency (RF) signals. An RFID system consists of an antenna or coil, a transceiver and a transponder (tag). A radio signal emitted by the antenna activates the tag allowing it to be read and in some instances have data written to it. Antennas are also available in a wide variety of shapes and sizes to suite specific applications. They can be mounted under a road surface to monitor vehicle access through a given point or they can be packages together with a transceiver to become a reader. A reader can be either hand-held like the subject of diploma work or can be mounted as a fixed device for access control purposes. The antenna within a reader emits radio waves ranging anywhere from 2.5 centimetres to about 2 meters, depending on its power output and the radio frequency used. The tag passing through this electromagnetic field detects activation signal and the reader decodes the tag's encoded data and passes it on to the host computer or information management for system processing. Very important is to understand bit rate (data rate) concept. Most typical bitrate values in [bit/s] are RF/8, RF/16, RF/32, RF/40, RF/50, RF/64, RF/80, RF/100, RF/128. Every tag sends back information with some predefined, usually fixed bit rate. Once manufacturer programs the data rate, it cannot be changed. This data rate is clocked by internal tag frequency. For Low Frequency (LF) transponders it is a range from 100kHz to 150kHz, depending on manufacturer. Taking for example transponder type that bit rate is RF/32. It means that data rate is 32 Field Clocks (abbreviation FC) per logic '1' or '0' data bit. Look at Figure 1.4.a. TOC is a period of field clocks. Data (bit) rate is a bit time duration and

RFID ToolBOX it is defined as field clocks per bit. Taking field clock equal to 125kHz and tag bit rate equal to RF/32 data rate is 125 kHz/32 =3.9062 kBit/s, so receiving 64 bits of information would take 8µs*32*64=16.384ms. Tags can use different modulation methods to avoid errors while transmitting the information. This is more deeply explained in section 2.2, see Figure 2.2.a.

Figure 1.4.a. Bit rate explanation

- 20 -

RFID ToolBOX

2. Hardware Background 2.1 Tag Types review

Tag types can appear on the market in variety of forms, sizes and shapes. Key-holder (Tear Shape), Wristband, World Tag, Glass Tag, Nail tag (timber tagging), ISO Cards (credit card size), Clamshell Cards, Button (pill type) Tag and other like special tags for freight containers marking. Tags can be programmed by manufacturers to operate in many standards. Refer to section 2.2 for more deep coverage. Also code lengths received form transponders varies in a range form 32, 64, 96, 128 bits in most typical applications to hundreds of bits like 256, 330, 1000 etc. Transponder types concerned in project use Manchester coding. In Manchester coding scheme there is always a transition from ON to OFF or from OFF to ON in the middle of bit period. At the transition from logic bit “1” to logic bit “0” or logic bit “0” to logic bit “1” the phase change. High data value in data stream below shows modulator switch OFF, low represents switch ON, look at figure 2.1.a. as an example.

Figure2.1.a. Manchester coding example

- 21 -

RFID ToolBOX

Active RFID tags are powered by means of a battery, either internal or from another source such as the battery of a vehicle. This battery-supplied power generally gives the tag a greater read range although the tag is usually larger in size and more expensive. A typical scenario for the use of active RF tags is the control of vehicles through a specified access point. As the tagged vehicle approaches the access point, receiver decodes the tag and the authorized vehicle is allowed access by means of a gate or boom. A passive tag gains its power from that generated by the reader and has no internal power source. This type of tag is therefore less expensive and is smaller and lighter than the active tag. It also offers a virtually unlimited operational lifetime. Their read range is however shorter and they need to be activated by a higher-powered reader.

2.2 Modulations types used in tags - overview [3]

Figure 2.2.a shows most typically used types of coding that transponders are able to produce. The diagram serves as outlooks just to familiarize reader of publication with possible coding combinations and get overall idea how they differ. FSK Modulation Logical data “1” and “0” are represented as two different frequencies of damping. The frequency for “1” is for example RF divided by 10, a “0” divides RF by 8 or different depending on manufacturer. For example RF/40 (MOD40), gives 4 sets of 10 RF carrier cycles for data ‘1’ and 5 sets of 8 RF carrier cycles for data ‘0’. PSK Modulation The external coil is for example damped with a carrier frequency of RF/2. A logical “1” causes (at the end of the bit period) a 180° phase shift on the carrier frequency, while a logical “0” causes no phase shift. Biphase Modulation (Biphase S) Logical “1” produces a signal which is the same as the internal bitclock. A logical “0” produces no signal change in the middle of the bit period. - 22 -

RFID ToolBOX

Manchester Modulation (Biphase L) A logical “1” causes a rising edge in the middle of a bit period (i.e., switch damping off), while a logical “0” causes a falling edge (i.e., switch damping on).

Figure 2.2.a. Timing Diagrams for Modulation Options

- 23 -

RFID ToolBOX

2.3 Supported Transponders Descriptions

2.3.1 The Sokymat UNIQUE

Tag that appears on the market, as Sokymat UNIQUE, is a contactless power supply, 64 bits Read Only transponder for 125kHz range applications. Many other manufacturers have identical in their offer. Transponders are the same with respect to capacity, transmission speed and modulation used. Following description is based on Sokymat product because tags by this producer are used as samples in diploma project and were tested by genuine reader. Sokymat Unique Typical operating frequency is 125kHz. Capacity is 64 bits of Read Only memory. Data rate can be chosen from 2, 4 or 8kbd and coding type can be chosen from Manchester, Biphase or PSK. As this kind of tag is read-only, pre-sets of data rate and coding type are made during device manufacturing.

Figure 2.3.1.a. Unique memory organisation

Standard Sokymat configuration is Manchester, 2kBd. Manufacturer can of course produce for given customer tag that will have for example 8kbd and PSK coding, but such orders are executed if number of tags exceeds 1000 pcs. Also manufacturer quarantines the - 24 -

RFID ToolBOX

uniqueness of the codes for the series he produce. On customer request, special Customer ID codes can also be programmed in and in such situation uniqueness of codes can be violated. Once the incoming RF field is detected, the IC continuously transmits the identification code as long as the RF signal is applied. For the Sokymat Unique the identification code, data stored on tag, is in form depicted on Figure 2.3.1.a. Transmission starts with 9 header bits (all programmed by manufacturer to “1”). The sequence of nine “1” bits, plus the stop bit allows the message synchronisation and cannot be reproduced in the data string. Stop bit is programmed to "0". In other words, sequence of data programmed into tag should differ from pattern: nine one's and one zero. These first nine bits of "1" can be called a transmission header. For Sokymat this is nine times "1", while other manufacturers can use different value, for example Atmel e5530 starts with header byte value of E6 hex (’1110 0110’) and then 56 data bits are transmitted giving total of 64 bits. Coming back to Sokymat Unique, just after header bits, four bits (D00...D03) of customer ID plus line even parity bit P0 is transmitted. Then the rest of customer ID bits plus proper line parity bits are transmitted. In general 10 groups of four data bits plus one line parity bit after each group is transmitted, allowing more than 232 combinations. IC generates line even parity bits, they are not programmed as a user data. After 32 data bits alternated with 8 parity bits sequence, IC transmits last portion of data. Four column even parity bits (C0...C3) and 1 stop bit programmed to “0” finishes the transmission.

2.3.2 The Sokymat Q5 [4]

The Q5 by Sokymat is a contactless power supply, Read/Write transponder for applications in the 125-kHz frequency range. This IC is much more complicated than Unique type. Total capacity is 256bits EEPROM memory, 8 words of 32 bits can be written freely by user, giving total of 224 bits of user memory including optional 32 bits password block to prevent unauthorised tag access. The difference between 256 and 224 bits originates from a 32 bits long, Q5 configuration register.

- 25 -

RFID ToolBOX Similarly to Unique, data rate and return transmission modulation type can be set. Standard Sokymat configuration is Manchester coding and 2kBd data rate (to resemble Unique code like). But Q5 gives a user a possibility to select these options freely. By writing to special configuration register, tag user has an opportunity to change data bit rate in range from 1 to 62kBd and switch modulation type between FSK (2 different), Manchester, Biphase, PSK (3 different) or NRZ. The data rate is binary programmable to operate at any bit rate between RF/2

2

and RF/128, but a common multiple of bitrate and FSK frequencies is

strongly recommended. Bit 0 of every block is the lock bit for that block (L on Figure 2.3.2.a). Once locked, the block (including the lock bit itself) is not re-programmable through the RF field again. Only reading of this block is allowed, no further writings will be possible. Block 0 contains the mode/configuration data, which is not transmitted during normal read operation. Block 7 may be used as a password, in such case user has only six blocks to take advantage of.

Figure 2.3.2.a. Sokymat Q5 memory organisation

The Q5 has many interesting additional features like: Write protection command to lock the words independently one from another, Password Mode to allow reading or writing one word after password check, also Answer On Request that silence the modulation of transponder in the field on Request only. All these extra features, described thoroughly on following pages, causes that Q5 is very attractive for multiple purposes, reliable (EEPROM data retention is typically 20 years, tested for minimum 100,000 programming cycles) and relatively cheap (~1$) in comparison with possibilities.

- 26 -

RFID ToolBOX

Tag Initialisation Power–On–Reset circuit (POR) remains active until an adequate voltage threshold has been reached. This in turn triggers the default start–up delay sequence. During this period of 128 field clock cycles (FC) the transponder is initialised with the configuration data stored in EEPROM block 0. During initialisation of the configuration block, modulation is switched off. Any field gap during the initialisation time of typically 2.5 ms will restart the complete sequence. After this initialisation time the ASIC enters read mode and modulation starts automatically using the parameters defined in the configuration block. Refer to Figure 2.3.2.b.

Figure 2.3.2.b. Voltage on tag coil after POR

2.3.2.1 The Q5 special features Normal read mode Every time the tag enters in the field, it starts modulating automatically in normal read mode, except if the Answer-on-Request is set. AOR is a special function discussed later in this chapter. Every time entering reading mode, the first bit transmitted (start bit) is a “0”. The data stream starts with block 1, bit 1, continues through MAXBLOCK bit 32 and cycles continuously until the next command or field switch off occur (Figure 2.3.2.1.a).

2

RF means Radio Frequency, in all cases during this paper RF is 125kHz

- 27 -

RFID ToolBOX

Figure 2.3.2.1.a. Q5 transmission

MaxBlock Feature The user may limit the cyclic data stream by setting the MAXBLK between 0 and 7 (representing each of the 8 data blocks). In other words this option defines the number of readable blocks. If set to zero, the contents of the configuration block – normally not transmitted – can be read. If set to 1, only block 1 is read. If set to 7, blocks 1 through 7 can be read. Look at example on Figure 2.3.2.1.b with MAXBLK set to 2.

Figure 2.3.2.1.b. MAXBLK=2 example

Direct Access Command Direct Access Mode allows reading one word without check of password. With the direct access command only the addressed block is repetitively read. Direct access is entered by transmitting the write opcode '10', a single ‘0’ bit and the requested 3 bit block address.

Reset mode With the command opcode '00', it is possible to reset the tag. After data access time, it restarts modulating in normal read mode. This command can be used for synchronisation purposes (Figure 2.3.2.1.c).

- 28 -

RFID ToolBOX

Figure 2.3.2.1.c. Reset mode - read synchronisation

Answer on Request mode When the Answer on request (AOR) bit is set, the Q5 does not start modulation in the read mode after loading of configuration block 0. It waits for a valid “Wake up command” from the reader before modulation is enabled. This command consists of an opcode '10' followed by the valid password. If the password sent matches that stored on tag, after data access time, Q5 starts modulating in normal read mode (Figure 2.3.2.1.d, e) and remains active until the RF field is turned off or a new command with a different password is received. AOR is an excellent example how to cope with tag collisions during reading process. Only one tag is answering at a time, no electromagnetic field collisions occur and reader receives trustworthy data. AOR wakeup sequence time duration is from 8.7 to 20ms

Figure 2.3.2.1.d. AOR mode

Figure 2.3.2.1.e. AOR mode

- 29 -

RFID ToolBOX

Password Mode - Security strength

When password mode is activated (use PWD = 1), the first 32 bits after the opcode are regarded as the password. They are compared bit–by–bit with the contents of block 7, starting at bit 1. If the use PWD bit is zero, the Q5 accepts any bit stream containing 32 data bits in place of a password and will enter programming mode. In password mode, MAXBLK should be set to a value below 7 to prevent the password from being transmitted by the Q5. Every transmission of the two opcode bits, 32 bits for a password, plus 3 address bits (= 37 bits) needs about 10 ms. Trying to hack the password is impossible. This activity require testing all 232 possible combinations (about 4.3 billion) which would take over one/two years using fast/normal write method!

2.3.2.2 Writing procedure

Optimal write timing setup Data send to the Q5 consists of a serial data stream. Each bit send is represented by a gap (no Field Clocks -FC) followed by a number of FC equal to a “0” or “1”. A data stream is terminated, the Q5 exits the downlink mode, when more than 64 field clocks are detected after a gap. The clock counts within 64 clocks are divided into two valid ranges (normal and fast write mode) for “0” and “1” as shown in Table 2.3.2.2.a. Programming starts if the correct number of bits were received. If there is a gap failure – the Q5 IC does not start programming, instead it will enter uplink mode beginning with block 1, bit 1. The length of the start gap Sgap can be between 10 and 50 “virtual” FC. Virtual, because no FC are present during a gap. The length of a write gap can be chosen between 8 and 20 “virtual” FC. Refer to Figure 2.3.2.2.a. The duration of the gaps is usually equal to 14 field clocks. In normal write mode the time between two gaps is nominally 24 field clocks for a ”0” and 56 field clocks for a ”1”.

- 30 -

RFID ToolBOX In the optional fast write mode the time between two gaps is nominally 12 field clocks for a ”0” and 28 field clocks for a ”1”. If there is no gap for more than 32 field clocks after a previous gap, the Q5 will exit the downlink mode.

Table 2.3.2.2.a. Q5 writing timings

Parameters Start gap Write gap

Remark

Normal write mode Fast write mode Write data in normal mode ’0’ data ’1’ data Write data in fast mode ’0’ data ’1’ data

Symbol SGAP WNGAP WFGAP d0 d1 d0 d1

Min. 10 8 8 16 48 8 24

Max. 50 20 20 32 64 16 32

Unit FC FC FC FC FC FC FC

Figure 2.3.2.2.a. Start of writing

Because of the nature of a tag as resonant circuitry it is with no doubt necessary to take the ringing of the coil into account. Having this in mind it is obvious, that the gap length must be long enough, so that the tag can settle to zero oscillation, when the field is switched off. For this reason the gap length should be at the upper bound, when searching for write timing. In general it can be assumed that an air coil corresponds to the low Q family (a Q factor below 15) and the following settings are recommended. Gap length equals to 20 FC and because of the coil ringing, the clock count for “0” and “1” should be at the lower bound: 17 FC for “0” and 49 FC for “1”.

- 31 -

RFID ToolBOX Writing Data

Typical programming time is 5.7 ms. This cycle includes a data verification read to grant secure and correct programming. After programming is done, the Q5 enters read mode, with the block just programmed. The data bits are read in the same order as written. Direct access 38 bits (usePWD = 1)

Direct access 6 bits (usePWD = 0)

Modulation defeat 5 bits Reset command 2 bits

The Q5 always expects to receive a dual bit write op-code first. Writing has to follow these rules: –

Standard writing needs the opcode, the lock bit, the 32 data bits and the 3 bit address (38 bits total). Standard write 38 bits (usePWD = 0)

–

Writing with usePWD set requires a valid 32 bit password between opcode and the address/databits Password write 70 bits (usePWD = 1)

- 32 -

RFID ToolBOX – In AOR mode – with usePWD set – opcode and a valid password are necessary to enable modulation. AOR request 34 bits (usePWD = 1)

Opcodes

If the transmitted command sequence is invalid, the Q5 starts uplink mode beginning with block 1, bit 1, after the last gap. – The RESET opcode ”00” precedes a reset cycle (which is normally used for test purposes only) – The standard opcode ”10” precedes all block write operations. – An optional modulation defeat switching opcode "00011". Table 2.3.2.2.b Modes of operation

PWD 1

1

0

AOR Behavior of Tag after Reset Command or POR 1 Answer-on-request (AOR) mode: •Modulation starts after wake–up with a matching PWD •Programming needs valid PWD 0 Password mode: •Modulation starts after reset •Programming and direct access needs valid PWD – Plain/Normal mode: •Modulation starts after reset •Programming and direct access without password

Figure 2.3.2.2.b. Complete writing sequence

- 33 -

De-activate Function Command with non–matching password de–activates the selected tag Modulation defeat command disables all tags in the field

RFID ToolBOX

Figure 2.3.2.2.c. Block 0 configuration mapping

2.3.3 Other compatible transponder types

Presented Reader/Writer device got practically unlimited compatibility possibilities looking form hardware point of view. Reading of different tag types, independent on manufacturer, is possible. Sokymat Tag Reader IC used in project stands as front-end between microprocessor and various transponders to be read. All necessary functionality is built in this IC (more detailed description is in Sokymat Tag Reader IC section) and for more demanding users there is a possibility to choose HTRC1100 by Philips instead of Sokymat IC. These both Readers are dedicated to work within 125kHz range (LF3 transponders), both can handle with different coding and modulations. For these reason there is almost no limitation from hardware side of project. For sure it won't handle cryptographic transponders and that working at carrier frequencies above 150kHz. The key of compatibility lies beyond the firmware implemented in microprocessor. Firmware must handle specific type tags behaviour, keeping for example special timing considerations while writing or interpret properly captured data, while reading. It is up to the constructor or just end-user to upgrade firmware for specific tags handling. According to author's knowledge about RFID and technical specifications of other commonly available tag's, incomplete list of device-compatible transponders (assuming proper firmware changes) is below.

3

LF is an abbreviation from Low Frequency; commonly used in technical publications

- 34 -

RFID ToolBOX Firstly, products similar to Sokymat Q5 like Sokymat Titan R/W Transponder with 1kB user data. Also Marin-Swatch P4150 as an equivalent to Titan tag type can be compatible with reader. All products starting with symbol H4xxx like H4005, H4105, and H4102 by different manufacturers. These all are read Only, LF transponders with 64, 96 and 128-bits user memory, ISO11784/11785 compliant, powered by means of externally connected coil (antenna). Refer to figure 2.3.3.a. All transponders following the FDX-B ISO Specification, which is defined as follows: Modulation = ASK, Data encoding = Differential Biphase, Baud rate = RF/32 = 4 kbits/sec for 128 kHz, Memory size = 128 bits. Also Atmel e5530, HITAG1 (Read/Write, 2k bits with memory area protection feature) and HITAG2 (Read/Write, 256 bits) both are well known Philips standard. Also Tiris tags by Texas Instruments can be read by presented Reader/Writer device. Look at figure 2.3.3.b. and compare it with 2.3.3.a. to see how data formats can differ and how much depends on firmware responsible for proper data decoding.

Figure 2.3.3.a. H4102, H4005, H4105 tags memory map

- 35 -

RFID ToolBOX

Figure 2.3.3.b. Tiris Data Format

2.4 Collisions issues

Firstly Sokymat Tag Reader IC doesn't support any kind of anti-collisions support. It's up to firmware to analyse if received data is not spoiled. Analysis can be done basing on information about coding type and data bit rate. Let's take for example Manchester coding, here it is very easy to detect corrupted data. No state '0' nor '1' can lasts more than one bit length (bit length is RF/x, where x can be 64, 32, 4 depending on tag type). User of the Reader can only be signalised about situation and it's up to him to retry reading process once again, eliminating if possible the source of disruption. As far as Application Notes information can be trustworthy, also Philips Reader/Writer HTRC1100 chip doesn't have any anti-collision mechanism built in.

2.4.1 Different solutions

Certain tag tapes producers introduce Answer-on-Request feature for collision problems solve. An AOR from Sokymat Q5 is an excellent example how to silent all transponders except one, with valid password, from the group of being inspected. Firstly, tags must be specially pre-programmed to be in AOR mode. The only inconvenience is password knowledge of certain transponder to begin communication with them. Here comes the conclusion that it is not a true anti-collision capability. In most of real life situations, the reader device doesn't know anything at all about transponders inspecting.

- 36 -

RFID ToolBOX On the other hand, the easiest solution is that, user or designer of RFID system can predict collision situations and decide to use special tags that use different anti-collision solution. Possibility of real anti-collision gives Microchip with its MCRF250 tags [5] with mechanism of different reaction times. The tag does not output data until it sees the first RF gap (no RF field for about 60 µsec). When the device sees the first gap, the internal random number oscillator starts clocking immediately after the gap. At the same time, the internal random number counter starts counting the random clocks number. The transponder waits for 5 bit times (about 5 msec for MOD128 configuration). Example: 1 bit time=RF/128=1 msec for 128 kHz for MOD128. After the 5 bit times, the device sends data. At this time, the random number counter is still running. If multiple tags in the field send data at the same time, the reader will see a data collision. If it happens reader must try once again reading process by sending second gap pulse. Random number generators will generate new, different time lags and there is a chance of success. As a result each device will output data in different time frames since each random number counter will arrive at ‘0’ at different time. The reader can receive unspoiled data from a different tag in each time frame Time slotted system is a way to fight with collisions. After the reader has sent its request to the tags, it waits a certain amount of time for their answers. This time frame is divided into a number of slots that can be occupied by tags and used for sending their answers. Time slots lengths are of special size calculated basing on data rate speed and capacity of tag. When multiple tags use the same slot, a collision occurs and data gets lost. The reader can vary the frame size, e.g. for maximising throughput; the actual size of a slot is chosen according to the amount of data requested. If certain tag responds with 200bits of information any other response in the same time slot may corrupt the first reading. By examination of two or more tags response, in a given time slot, one can predict there was a collision. Decision about collision occurrence can be a spoiled Manchester code. The Query-Tree (QT) [6] is also a way to cope with collision problems. The QT algorithm consists of rounds of queries and responses. In each round, the reader asks the tags whether any of their IDs contains a certain prefix. If more than one tag answer (collision), then the reader knows that there are at least two tags having that prefix. The reader then appends symbol '0' or '1' to the prefix, and continues to query for longer prefixes. When a prefix matches a tag uniquely, and no collision is detected, tag can be identified. Therefore, by

- 37 -

RFID ToolBOX extending the prefixes until only one tag's ID matches, the algorithm can discover all the tags. The following Figure 2.4.1.a describes the protocol.

Figure 2.4.1.a. QTree Anti-collision

One conclusion can be drawn. Without help from tag side additional functions it is impossible to prevent collisions. Only firmware side possibility of collision detection is possible to implement - any other method to fight with collisions using simplest tags are unfeasible.

- 38 -

RFID ToolBOX

3. RFID ToolBOX Hardware Design

3.1 Hardware assumptions

This device is assumed to be capable of reading most popular and most frequently appearing on the market types of tags. Additionally it must have a possibility to write some information back to tag. This implies following assumptions. All tags assumed to be read/write must be of type Low Frequency, working at data carrier frequency of 125kHz, as this type is the cheapest and most frequently used nowadays. Data transmitted from tag to interrogator (reader device) can be modulated using FSK or PSK. Most often used type of coding is Manchester, which will be implemented in our device. Supported types of tags: •

Sokymat UNIQUE – Read Only, One Time Programmable by manufacturer, 64 bits tag

•

Sokymat Q5 – Read/Write, 264 bits, with Answer-On-Request feature

•

Other manufactures tags (ex. MicroChip, Marin) ISO11784/785 compliant, (keeping memory organisation of 64 or 128 bits) or other with well defined header information

Hardware parts presented in project: • Sokymat Tag Reader IC • Atmel ATmega 16L AVR microprocessor • TTL-RS232 converter MAX232 • Antenna 1.08mH, 65Ω at 125kHz • Double sided printed board • Possibility of adding 3.5V to 5V DC-DC converter

- 39 -

RFID ToolBOX 3.2 Working principle

The most important part is Sokymat Tag Reader IC, responsible for proper excitation of tags (driving antenna), sending and receiving electromagnetic waves (choosing proper modulation type), decoding and finally presenting raw data bit stream to microprocessor. Detailed description how to set proper behaviour of this IC is shown in section 3.7.4. Microprocessor is used as a bridge between Reader IC and host like computer or cellular phone. A three-wire bus stands as an internal interface. Gathering, translation and formatting of data before sending it to mobile phone is also done by microprocessor. It is up to microprocessor program to correctly interpret received data, to carry out process of writing or reading tag correctly, to buffer data before sending them back and forth the phone and if necessary to perform some low level operations on data stream received form tag, like Manchester decoding. Keeping in mind that device can be battery operated, what's more, it can sink energy from cellular phone battery or any other, the power consumption considerations are very important. Microprocessor can also govern power consumption level, depending on application. The possibility of using DC-DC converter, while demand for current is negligible (in sleep mode), charges capacitor buffers. The maximum current consumption is at the reading or writing time and then additional energy is taken form buffers, not only from battery. TTL levels from output of AVR are translated into RS-232 standard by MAX232 converter. Connection with mobile phone is done by serial interface, but if such solution won't be possible because of phone software limitations, AVR will communicate with phone using set of AT commands, which in turn are recognisable and supported by all kinds of phones. Device size should be as small as possible, doubly sided printed board with SMD elements used.

- 40 -

RFID ToolBOX

3.2.1 Device Working principle block diagram

Excitation signal (ASK modulation) RFID Reader/Writer (interrogator)

Different TAG/s (transponder/s)

Excited tag starts sending back information with predefined modulation and bit length

Communication with computer or phone

RFID ToolBOX

3.2.2 Device parts block diagram

3.5V to 5V conversion and energy storage

Power source – battery or other

MAX 232

Computer/phone Serial connection

Power supply distribution

ATmega 16L

In Standby mode if not in use

TagReader IC

Transponder RF communication

RFID ToolBOX

3.2.3 Explanation to block diagrams

Device is connected and powered from cellular phone. Java application at phone side governs the behaviour of reader and manipulates obtained data. Collected information can be stored in phone memory, send somewhere via SMS for further recognition (verification) or presented to user in human readable form. Figure 3.2.1 illustrates the routine of reading a tag. Device by sending interrogation signal in form of ASK modulated frequency, excites tags that are in proximity to reader. If there is no response in certain time interval, proper message for the user is generated that no tags are visible. If there is at least one tag in interrogation field, it is charged with energy transmitted by electromagnetic wave. Energy stored by tag is enough for it to start process of sending data bits into air. (In reality, excitation made by reader is repeated until whole data is transmitted from tag, as tags can be of different bit capacity) Reader must be prepared to collect data send by tag. Obtained bit stream, demodulated form FSK signal, is sent to microprocessor where proper decoding is done (Manchester). In case when many tags try to send their data simultaneously received information may be corrupted, implementation of anticollision is considered

3.3 Schematic diagram

RFID ToolBOX

- 44 -

RFID ToolBOX

3.4 PCB Design and special considerations (antenna and routes)

PCB planning considerations concerns mainly routing of few important paths. These are the power and RF (antenna) paths. As the buffer capacitors, in case of using mobile energy source, should be located close between the DVDD and DVSS pins of Sokymat Reader, power and ground paths are thickened, to maintain possible lowest losses due to copper resistance. Note that maximum current flowing throughout these paths can be about 1A depending on configuration. The signal DEMOD_IN pin of Sokymat Reader IC is very susceptible against capacitive coupling of noisy traces. The capacitive voltage divider should be located close to the input pin (Sokymat pin 7). The CDEC capacitor, which connects the sampler with the filter, is susceptible against capacitive coupling of noise. The capacitor should be located close to the chip and the traces should be short and not close to other traces with fast changing voltage levels. The antenna connection is bypassed with two small ceramic capacitors (100pF each) to ground close to the connector. This suppresses high frequency voltages to ground, which are picked up by the wiring harness and reduces the radiation out of the circuit into the wiring.

3.5 Possible upgrade 3.5.1 Use of Philips HTRC1100 family Tag Reader IC

Sokymat is not the only producer of RF Tag Reader IC's. In case it is not available PCB board is designed in such way, to allow use of Philips HTRC1100 Tag Readers IC's family. Functionally these two are the same. They differ a little by pin topology, as shown on figure 3.5.1.a, and taking it into consideration, two additional routes and two special jumpers were added to PCB board. Looking at schematic diagram on Figure 3.3.a. added jumpers are zw11 and zw3. Jumper zw11 cuts the clock signal from crystal if not necessary. Philips chip needs this signal, Sokymat not. Jumper zw3 also cuts incoming external clock input signal if someone don't - 45 -

RFID ToolBOX want to use such because two possible communication solutions between Tag Reader chip and Atmel microcontroller are possible. Additionally, to allow Philips chip working properly a special kind of plug-in in form of small piece of PCB with few paths crossed must be mounted between main PCB board and Philips HTRC1100. This small PCB translates the pin topology difference between Sokymat and Philips products. Such solution was taken for the sake of PCB clarity. If not additional twelve jumpers would have to be added, what would spoil dramatically neat look of PCB and it's size. Microchip and Texas Instruments produce their own Tag readers Chips, these two solutions wasn't take under considerations and can't be used with this PCB version.

Figure 3.5.1.a, Picture of pin assignments of Philips

Table 3.5.1.b. Pin assignment for Philips HTRC SYMBOL V SS TX2 V DD TX1 MODE XTAL1 XTAL2 SCLK DIN DOUT n.c. CEXT QGND RX

PIN 1 2 3 4 5 6 7 8 9 10 11 12 13 14

DESCRIPTION ground supply antenna driver output2 supply voltage (5V stabilized) antenna driver output1 control input oscillator input1 oscillator input2 serial clock input of microcontroller interface serial data input of microcontroller interface serial data output of microcontroller interface not connected high-pass filter coupling capacitor connection internal analog virtual ground capacitor connection demodulator input

- 46 -

RFID ToolBOX

3.5.2 Other possibility of PCB usage

Project is made as an evaluation board, there are many facilities that are not essential for fully functional working of Tag Reader/Write. Presented PCB is a perfect base for other computer (or mobile phone) to Atmel Atmega16L applications. There is a place for MAX232 or MAX3232 TTL to RS-232 converter, what makes this board useful in variety of applications. Additionally there is a place for DC-DC 3.5V to 5V converter based on chip MAX856 that works with buffering capacitors, in case when 5V source won't be available. These are twice 220mF giving 0.44F of energy that satisfies power demanding mobile applications. To attract the functionality of PCB future use, and more precisely, the use of installed Atmega16L chip, special pin-outs were established at borders of PCB. To facilitate programming of SMD Atmel chip, SPI interface connector is placed on board as PROG. Programming by Serial Programming Interface is described deeply in section 3.7.1 of Atmel Functional Description. If usage of TWI [7] (Two Wire Interface used for Atmel chips communication) interface of ATmega is needed in application or JTAG functionality, TWI/INT and JTAG connectors onboard can be used in future applications. Also external interrupts inputs are easily available as well as A/D converter input port pins on EXT1 connector. Battery power probing can also be easily implemented using special voltage divider pads and PB4 port pin on ATmega. All these additional pin-outs make a little mess in size and clarity of PCB but they make this board functional as an evaluation base in future projects.

3.6 Functional description of elements

3.6.1 ATmega16L Decision about AVR ATmega16 microcontroller as a base for application was done basing on functions it offers. Firstly, power consumption. ATmega is a low-power chip. It - 47 -

RFID ToolBOX operates in voltage ranges of 2.7 - 5.5V and offers power consumption of following values, depending on working mode:

Table 3.6.1.a. Sleep modes of AVR Parameter

Condition

Typ

Max

Units

Power Supply Current

Active 4 MHz, VCC = 3V

3.8

5

mA

Idle 4 MHz, VCC = 3V

1.2

2

mA

WDT enabled, VCC = 3V

60)) { //more restricted 70 but dangerous changed=1; } //!!!!! critical region period_cnt++; // if(period_cnt>230) return 0xFF; //Period wasn found...probably no tag near by or tag merly readable (long distance) } //Error code returned FF //if(period_cnt 100) { period_cnt=period_cnt>>1; half_period_flag=1; }

//No tag in proximity of reader error code 0xF1 returned to application //more restricted 40 //More restricted 120

st_1=0; //ST_1 zawsze 0 w tym miejscu !!!!!!!! za wolno!!! compare_time = period_cnt+period_cnt+period_cnt; //czas 1.5 perioda compare_time=compare_time>>1; peak_time = compare_time>>1; //************************************************************************************************* //**********Finding header bits (inverted!!! so finding 9 transitions from 0->1 in a row) ************ byte time_stamp=0; while(out_flag==0){ st_2=inp(PINC); st_2=st_2 & 0x20; if((st_1!=st_2) && (time_cnt > peak_time)){ if( (time_cntcompare_time){ if(one_cnt0) if((st_1!=st_2) && (time_cnt > peak_time)){ // tests if compare time is ok and transition occurs st_1=st_2; // transition must occur at least in half bit period time if(time_cnt > compare_time){ //tests if it is a long sequence compare = 1.5*half bit period half_period_flag=1; //Data received and decoded from tag written to buffer st_1=st_1>>5; if(bit_cnt