RFID Security System Using Atmel Mega32
Introduction and Motivations:
For our final project, we designed and built (and exhaustively tested) an RFID-based proximity security system for use with Cornell Identification cards, which have been RFID-embedded since fall of 2003. The idea for this project was sort of spawned from our general interest in RFID technologies and the near-simultaneous occurance of Lab 2 (Keypad Security System) and the antiquated lock system at our fraternity house breaking.
At the highest level, our device uses an antenna coil to power the RFID tag embedded in our Cornell ID’s and read the induced response from the card. This response is then filtered and manipulated into useful data and interpreted by the Atmel Mega32 microcontroller which runs the actual security program. In addition to interactions with the ID cards, the system is in contact with an administrator computer via a serial communications link and hyperterm. The security system can store up to 20 45-bit codes which are derived from communications with each unique RFID tag. If a card is read and it is not in the code database, a red LED flashes for 3 seconds. Likewise, if the code can be found in the database, a green LED lights for 3 seconds. From hyperterm, the administrator has the power to add codes, delete codes, list all codes, “unlock” the door (the equivalent of the green LED flashing), and initialize routines which allow codes to be added to the database by gathering data from the reader itself.
Educational topics explored in this lab include (but are not limited to) passive filter design, active filter design, amplification circuits, RF antenna design, digital logic, serial communications, RFID theory, pin interrupts, timer interrupts, and soldering. In short, for this project we used elements of basically every introductory level ECE course we have taken. Since we are dealing with such a complicated topic, on the hardware side of things we tried to rely as much as we could on proven circuit designs. This would enable us to focus more on getting our system working well as a whole rather than spending countless hours debugging small parts of our project. For this, the Microchip® microID 125 KHz Reference Guide (see citations section) proved to be an invaluable resource for both theory and results.
High Level Hardware Design:
Before we start with actual circuit design, it is neccessary to understand the principals behind the technology that this project has set out to harness; passive RFID communications. Passive RFID tags work in such a way that they are actually powered by an external signal, which, in most cases is the carrier signal from the tag reader circuit. These tags are fairly simple and are comprised of merely an L-C antenna (similar to the one shown in the block diagram below) and the circuitry neccessary to modulate this carrier signal once powered on. The reader and tag communicate using magnetic coupling since their respective antennas can sense changes in magnetic field, which is observed as a change in voltage in the reader circuit.
The Cornell ID cards we use in this project were developed by HID®; specifically the HID DuoProx II cards. These are useful because they have both embedded RFID as will as a magnetic strip, while much of campus is starting to switch over to proximity entry systems, many current systems (including the dining halls) are still swipe-operated. From looking at their website, it was difficult to determine much information about the card’s operation, asside from the fact that it operates at a 125 KHz carrier frequency and it could have a tag size anywhere between 26 and 128 bits long.
After many hours of research we discovered that the modulation type used in the cards is Frequency Shift Keying (FSK), one of the more common ways used in RFID. FSK modulates the signal by essencially multiplying a lower amplitude, lower frequency signal with the carrier signal, creating an AM-like effect; the lower frequency enveloping the carrier frequency. To switch between a “1” and a “0”, the tag switches the modulating frequency. The two frequencies used by our cards were 12.5 KHz (125 KHz/10) and 15.625 KHz (125 KHz/8), which correspond to 1 and 0 respectively.
The job of the reader circuit is to provide the 125 KHz carrier frequency, transmit that to the tag, and detect the magnetic coupling from the tag, which should look like the figure above. In order to interpret this data, the carrier frequency must be removed, and the enveloping frequencies must be magnified into something measureable.
Although each individual part of the circuit and program will be described in detail later, the general idea for circuit operation is as such: The Mega32 provides a timer-driven 125 KHz square wave for our carrier frequency. This is then sent through an RF choke, which is essentially a passive low-pass filter with steep drop-off to knock out the upper harmonics and leave us with only a sine wave. The sine wave is then amplified using an emmitter follower PNP transistor and a half bridge to maximize current. Since our resonant circuit is a series L-C circuit, maximum resonance is achieved at minimum impedance, so it is very important that we provide adequate current amplification as to not overdrive our microcontroller. To help reduce the strain (and ramp up the current more) further, the square wave output from the MCU is put through parallel inverters.
On the recieving end, the signal is first half-wave rectified, since the negative part of the signal doesn’t really make a difference, and is then fed through a half-wave R-C filter to help knock out most of the 125 KHz carrier and detect the envelope signal. This signal is then bandpass filtered using a series a Twin-T active bandpass filters, and lowpass filtered with an active Butterworth filter to further decrease gain in frequencies outside of the 10-20 KHz area and increase gain of the envelope signals such that it saturates the op-amps of the filters. As a final stage the signal is put through a comparator and resistive divider to produce a nice square wave at logic levels. Some D-flip flops and a decade counter are used to extract data from the modulating square waves. Which are fed into the MCU and processed.
Hardware and Software Tradeoffs:
There are many ways to design a proximity card reader in terms of tradeoffs between hardware and software. In most cases, software is cheaper because you don’t need to purchase any parts but at the same time you are costing the MCU processing time. Using more hardware will obviously increase the cost of the design but ultimately may alleviate painfully tedious optimizations that would have been necessary had you used code to replace a component or device.
One of the first tradeoffs we encountered was whether to use the Mega32 or a separate counter to generate the 125 kHz carrier frequency. The microID 125 kHz RFID System Design Guide suggested using a 14-stage binary counter to divide the clock from the crystal to 125 kHz. However, since the Mega32 has built-in hardware timers that can output to one of the pins, there was no need to use a counter.
Another tradeoff we encountered was whether to use DSP or hardware to analyze the signal on the antenna. Recall that this signal is the carrier signal and the magnetically coupled response from the card superimposed onto each other. Using DSP, we could sample at the Nyquist frequency and compute the FFT of the signal to find what frequencies are present in the response and from there decode the response. If we were to use DSP, we would have to sample at greater than 250 kHz meaning there would only be 64 cycles between samples to compute the FFT. This imposed a huge constraint on the rest of our security system so we decided to implement the most of the decoding in hardware.
Specific Circuit Elements:
Transmit Stage: RF Choke and Power Amplifier:
The circuit of Figure 3 below is an RF choke followed by a current buffer and half-bridge amplifier. The RF choke is used to filter out most, if not all of the upper harmonic frequencies found in the square wave output from the MCU, leaving the fundamental frequency, 125 KHz, as a sine wave to be amplified. The square wave generator seen in the figure below is, in actuality, the output from the MCU and a set of inverters to ramp up the current. Diodes are used in the half bridge to help reduce crossover distortion caused from differing points of either transistor in the half bridge turning on and off. In our design we used the 2N3904 and 2N3906 NPN and PNP BJT transistors from the lab since they were cheap and convenient. In order to get better amplifier gain, and thus increase read range of our circuit, we could have used power MOSFETS instead for the half-bridge, but we found the BJT’s gave us a mostly acceptable level of gain, especially once the circuit was tuned.
Resonant Antenna Circuit:
hile this portion of our circuit is only comprised of two components, it is also arguably the most important hardware element; if it performs poorly then our security system performs poorly. Because this design was recommended for proximity solutions from the Microchip® guide, we decided to go with a series L-C resonant curcuit as opposed to one where the resistor and inductive antenna were in parallel. Because of this, at maximum resonance we also observe maximum current. In order to determine values for the inductance and capacitance needed, we used the equation: , where f is the resonant frequency (in Hertz), L is inductance (in Henries) and C is capacitance (in Farads). Since f = 125 KHz and we had plenty of 1 nF ceramic capacitors in the lab, we settled on an inductance of 1.62 mH.
To construct an antenna with the neccessary inductance we used coils of laquered copper wire, since it works well and is fairly compact. In our final construction revision, we used a rectangular-shaped antenna coil since it fit well with the design. The figure above shows the coil as circular, which is what we used for most of our preliminary testing before we actually put the unit together. Both antennas operated roughly the same as each other, although the rectangular coiled one resonates more. Inductance for the rectangular coil is determined by the following equation: , where L is in microHenries, x and y are the width/length of the coil (in cm), h is the height of the coil (in cm), b is the width across the conducting part of the coil (in cm) and N is the number of turns. In our case, x=3.6cm, y=13.8 cm, h=1 cm, and we estimated b=.3 cm. Using the equation, we calculated the coil to need approximately 90 turns. It turned out this was a pretty good estimate. After constructing the coil, we proceeded to tune it by removing coils until we saw the highest resonant voltage from our carrier frequency, which was at roughly 88 turns. Oscilloscope results from this circuit, with both just the carrier frequency, and with the modulated signal from the RFID tag can be seen below.
Half-Wave Rectify and Filtering:
This portion of the circuit is devoted to separating out the carrier frequency from the modulating envelope, since its really only the envelope that has the data we care about. The first stage is half-wave rectifying the signal to make things simpler and then filtering it slightly with an R-C filter. As is the norm for filtering AC signals in this manner there is some 125 KHz ripple, but choosing good values we could make the enveloping frequencies stand out from the ripple. For this we chose R=390 KOhms and C= 2.2 nF. Scope readings are shown in the figure below. Note that the peaks are the ripple, and the whole signal seems to oscillate at 15.625 KHz. You can tell this because there are 8 125 KHz ripple peaks per oscillation of the envelope. At a 12.5 KHz envelope, there would be 10 ripples per oscillation.
|CD4017 Decade Counter||$0.39|
|74HC74 Hex Inverter||$0.30|
|LM78M12Ct 12V Voltage Regulator||$1.72|
|MM74HC04N D Flip-Flop||$0.54|
|TL084 Quad Op-Amp||$0.76|
|78F102J RF Choke||$0.30|
|2N3906 PNP Transistor (2x)||$1.72|
|2N3904 NPN Transistor||$0.86|
|Misc Discrete Components (wire, resistors, capacitors)||~$10|
|Reader Housing (wood platform and 3″ screws)||$2.00|
For more detail: RFID Security System Using Atmel Mega32
Leave a Comment
You must be logged in to post a comment.