Fullscreen HTML5Med Res (??MB)HTML4

Open doors & control security systems with this RFID Security Module Tired of fumbling in the dark for your keys? Can’t find the keyhole on a moonless night? Or perhaps you’re just irritated by having to punch in a code each time you want to arm or disarm your security system? End all these little annoyances with a wave of your hand and our state-of-the-art RFID Security Module! By PETER SMITH M ANY HOME SECURITY systems include a keypad situated at the main point of entry or exit. More complex systems may also include a battery-powered remote control device. While these systems have their own merits, they can also be more than a little inconvenient. Having to punch in a code repeatedly can be quite irritating, as can the discovery that the batteries in the remote have finally given up the ghost! This new point-of-entry system solves these problems because it requires no physical contact and no batteries. Essentially, the system consists of a reader module and one or more “tags”. Based on RFID (Radio Frequency Identity) technology, each tag is encoded with a unique identity. 38  Silicon Chip When a tag is brought within range of the reader, it is energised by the reader’s magnetic field. It then transmits its unique code to the reader, which validates the code and arms or disarms the alarm system accordingly. This system also includes the ability to operate an electric door strike. A simple wave of your hand and an “Open Sesame” incantation are all that are required for the door to your castle to spring open! Well – the “Open Sesame” incantation isn’t really necessary. System overview The RFID Security Module is built on a single PC board measuring just 50 x 70mm. In fact, it’s small enough to be concealed behind a standard Clipsal wall plate or similar. It can be operated as a stand-alone keyless entry system or as part of a larger alarm system. Three open-collector outputs and a single digital input are accessible via a 4-way terminal block. One of the outputs is designed to drive a 12V DC solenoid-actuated door strike. These are available from major kit suppliers and most security equipment resellers. The two remaining outputs can be hooked into an existing alarm system to supplement or replace an existing point-of-entry keypad or other remote control device. The digital input can be wired to a tamper switch to detect removal of the cover or the unit from the wall. To cater for varying installations, the module can be programmed to operate in one of four modes, as follows: Mode 1: no alarm features (keyless entry only), door strike energised on tag validation. Mode 2: alarm operation, door strike energised on disarming. Mode 3: alarm operation, door strike energised on arming. Mode 4: alarm operation, door strike energised on arming and disarming. In most cases, the RFID module will be mounted outside the protected perimeter, so you’ll want the strike to be energised on disarming (mode 2). The desired operating mode is selected siliconchip.com.au Fig.1: a hybrid RFID reader module (IC2) from ID Innovations contains all the tag reading electronics. Tag validation and alarm functions are handled by an Atmel AT90S2313 microcontroller (IC1). by performing a simple initialisation procedure, as we’ll see a little further on. Alarm connections Before examining the operation of the module in some detail, let’s take a closer look at the two open-collector outputs and the digital input mentioned above. We’ve labelled the first output “armed”. It is intended for connection to the main control unit to control siliconchip.com.au system arming and disarming. The polarity of this output is jumper selectable to match the control unit’s input requirements (see Table 2). Note: not all commercial alarm systems provide an arm/disarm input, as necessary for use with this system. Consult your alarm system’s manual to determine its suitability. Alternatively, this output can be used to control an engine immobiliser circuit for older vehicles that do not already have such a device. A suitable immobiliser circuit was described in the December 1998 & January 1999 issues of SILICON CHIP. The second output of interest is labelled “alarm”. It can be wired to a normally open input on the main control unit to signal an alarm condition. This output is switched on when the tamper circuit is activated (see below) and also when three consecutive unknown tag IDs are detected. An on-board piezo buzzer beeps and a LED flashes for the duration of an alarm, which is set at five minutes. After the alarm period, the “alarm” output is switched off but the LED continues to flash at a fast rate until June 2004  39 Fig.2: REG1 & diode D2 must be mounted on the copper side of the board, as shown here. Attach REG1 to the board using an M3 screw, nut and washer before soldering its leads. the module is disarmed. For stand-alone use, the “alarm” output can be used to drive a 12V DC siren with a rating of 600mA or less. For larger loads, this output can also be used to drive a 12V relay. Tamper protection If the module is mounted in an accessible location, it’s quite possible that someone may try to detach the assembly or remove a cover in an attempt to bypass security. For this reason, we’ve included a tamper function that can be used to detect such interference. The digital input, which we’ve labelled “tamper switch”, can be wired to one side of a tamper switch, reed Main Features • • • • • • • • • • • • Contactless operation 90-100mm detection range No batteries (in tags) to go flat Stores up to 24 tag ID codes Easy tag addition & removal Works through any nonmetallic material Audio feedback via on-board beeper Tamper detection Arm & alarm outputs Electric door strike output Suitable for home or car use Requires 12V DC <at> 40mA (nominal) 40  Silicon Chip Fig.3: follow this diagram closely when assembling the PC board. The 4-way terminal block (CON2) is made by snapping two 2-way blocks together. Take care with the orientation of all polarised components. switch or mercury switch, depending on the installation. The other side of the switch goes to the ground (negative) input – see Fig.6(d). Either normally open or normally closed switches can be accommodated, as the module automatically configures itself to suit at power up. Obviously, the idea is that if the module is dismounted (or the cover removed), the switch contacts open (or close), changing the state of the switch input. Assuming the module is armed, this generates an instant alarm condition. How it works All of the electronics necessary for tag reading are contained within a single epoxy-encapsulated module from ID Innovations. The ID-12, as it’s named, even includes the field coil, making this an extremely compact and easy-to-assemble project. A continuous 125kHz carrier signal is radiated from the ID-12’s coil while ever power is applied. When a tag is brought within range, its field coil is magnetically coupled to the reader’s coil, inducing an AC voltage across it. Most 125kHz read-only tags contain just a single IC along with the coil itself, which consists of many turns of super-fine copper wire. To reduce overall size, the coils used in miniature glass and epoxy-encapsulated tags are wound on tiny ferrite cores. Included in the IC in the tag are circuits to rectify and filter the voltage from the coil, to provide operating power. Once sufficient power has been stored, the tag transmits its 40-bit ID code by low-frequency modulation of the reader’s carrier signal. For those interested, the data stream is Manchester encoded and transmitted using an ASK (amplitude shift keying) modulation method. To learn more about how this works, refer to the RFID feature in the July 2003 issue of SILICON CHIP. As shown on the circuit diagram (Fig.1), the interface between the ID-12 reader (IC2) and the rest of the circuit is very simple indeed. Whenever the reader receives a tag transmission, it formats the 40-bit code into five 8-bit bytes and adds a few bytes for synchronisation and integrity checking. The entire “frame” is then transmitted in serial format from pin 9. Three different industry-standard transmission formats are supported, selectable by connecting pin 7 to various points. By grounding this pin, our design uses a 9600 bps (bits per second) ASCII format. Atmel microcontroller Serial data from pin 9 of the ID-12 You can easily make 2-way and 4-way pin headers for JP1 and JP2-3 by cutting down a longer strip. siliconchip.com.au is pumped into pin 2 of an Atmel AT90S2313 microcontroller (IC1). Essentially, the program running in this IC is responsible for receiving the data and deciding what action to take. Under program control, the incoming data is reassembled back into byte-sized chunks and a check is made to see if the ID code matches any of the codes stored in the on-board memory (EEPROM). What happens next depends on the selected operating mode. Three output bits (PD4-PD6) drive the base circuits of switching transistors Q1-Q3. If an ID match is found, the microcontroller can switch Q1 on or off to arm or disarm a main alarm system. In addition, it can switch Q3 on for a short period to energise a door strike. Alternatively, if the ID code is not recognised, then an alarm might be triggered by switching Q2 on. The exact sequence depends on the operating mode and the current alarm state, as described previously. Diodes D2 & D3 are included to protect transistors Q2 & Q3 from the back-EMF spike induced by relay and door strike solenoids. The two remaining outputs (PB1 & PB7) used in this design drive LED1 and a piezo buzzer to provide user feedback. On the input side, tamper detection is provided by sensing a level change on the PD3 input bit. During power up, the microcontroller reads this input and stores its state. This method allows either normally open (NO) or normally closed (NC) tamper switches to be used. If the tamper switch changes state while the system is armed, Q2 is switched on to signal an alarm. Three input bits (PD1, PD2 & PB0) allow user selection of various program options (see Table 2). Like the PD3 input, these inputs are pulled high internally. Therefore, installing a jumper shunt changes the respective pin state from a logic high (5V) to a logic low (0V). Parts List Power supply 1 PC board, code 03106041, 51mm x 71mm 3 2-way 5mm/5.08mm terminal blocks (CON1, CON2) 1 6-way 2.54mm DIL header (JP1 - JP3) 3 jumper shunts 1 20-pin IC socket 4 M3 x 10mm tapped nylon spacers 5 M3 x 6mm pan head screws 1 M3 nut & washer EM4001 compatible 125kHz RFID tags to suit (see text) 1 miniature PC mount piezo buzzer (PZ1) (Altronics S 6104 or equivalent) The unit can be powered from any 12V DC power supply (eg, a plugpack) and this is applied to the module via CON1. Series diode D1 prevents damage to all components except Q2, Q3, D2 & D3 in the case of reverseconnected power leads. A 10Ω resistor and 16V zener diode (ZD1) protect the regulator’s input from the high-voltage transients that typically occur in an automotive environment. A 7805 3-terminal regulator (REG1) converts the input to a wellregulated 5V output with the aid of two 100µF filter capacitors. Finally, an under-voltage sensing circuit based on IC3 holds the microcontroller’s reset pin low whenever the supply voltage is below about 4.6V. This prevents inadvertent writes to the on-board EEPROM during power up and power down. Semiconductors 1 AT90S2313-4 (or -10) microcontroller, programmed with RFID.HEX 1 ID Innovations ID-12 RFID module (IC2) (Adilam Electronics) 1 MC34064P-5 under-voltage sensor (IC3) (Altronics Z-7252) 1 4MHz crystal, HC49 package (X1) 2 BC337 NPN transistors (Q1, Q2) 1 BD681 NPN Darlington transistor (Q3) 3 1N4004 diodes (D1-D3) 1 1N4745A 16V 1W zener diode (ZD1) 1 3mm high intensity red LED (LED1) Construction In order to minimise the module’s overall size, two components (REG1 & D2) are mounted on the bottom (copper) side of the PC board. These must be installed first, as shown in Fig.2. Bend the leads of the regulator (REG1) at 90° about 5mm from the body so that, when it is installed, the hole in its mounting tab lines up with the hole in the PC board. Attach the regulator firmly to the board with an M3 x 6mm screw, nut & washer before soldering the leads. Diode D2 must be installed with its banded (cathode) end oriented as shown. With both REG1 & D2 in place, turn the board over and cut off the protruding component leads flush with the PC board surface. Next, on the top side of the board, install all the low-profile components first, starting with the resistors and diodes. Again, the diodes (D1 & D3 and Capacitors 2 100µF 16V PC electrolytic 2 100nF 50V monolithic ceramic 2 22pF 50V ceramic disc Resistors (0.25W 1%) 2 10kΩ 1 150Ω 2 1kΩ 1 10Ω 1W 5% 1 220Ω Table 1: Resistor Colour Codes o o o o o o siliconchip.com.au No.   2   2   1   1   1 Value 10kΩ 1kΩ 220Ω 150Ω 10Ω 4-Band Code (1%) brown black orange brown brown black red brown red red brown brown brown green brown brown brown black black brown 5-Band Code (1%) brown black black red brown brown black black brown brown red red black black brown brown green black black brown brown black black gold brown June 2004  41 This view of the copper side of the PC board shows how REG1 and D3 are installed. zener diode ZD1) must go in with the banded ends around the right way. Install the ID-12 module next. Note that because of the gap between pins 10 & 11, it can only go in one way. On our module, one row of pins were slightly out of line and needed “tweaking” to get an easy fit into the PC board holes. Make sure that it’s sitting square on the PC board before soldering it in place. The ID-12’s pins are spaced on 2mm centres, which means that there’s very little space between the pads. After soldering, use your multimeter to do a continuity test between adjacent pins, to eliminate the possibility of fine solder bridges. The remaining components can now be installed, with attention to the following points: (1) When fitting the IC socket, be sure to align the notched (pin 1) end towards the closest edge of the board. When inserting the microcontroller (IC1) in the socket, note that it also has a notched end that must line up with the notch in the socket. (2) Before installing the crystal (X1), bend its leads at 90° about 2mm from the body. Position it flat on the PC board surface before soldering the Fig.4: check your board against this full-size etching pattern before installing the parts. leads. That done, its metal can should be affixed to the board with a blob of hot melt glue, contact adhesive or similar. (3) Be careful not to confuse the BC337 transistors (Q1 & Q2) with the MC34064-5 under-voltage sensor (IC3), as both devices are supplied in TO-92 packages. The “flat” sides of these devices must go in as shown. For transistor Q3, the metallised (collector) side must face the power-input connector (CON1). (4) The two 100µF capacitors and piezo buzzer (PZ1) are polarised devices and must be inserted with their positive leads aligned as indicated by the “+” markings on the overlay. (5) The mounting arrangements for LED1 will vary, depending on the chosen enclosure. If its lead length is sufficient for it to extend all the way through the front panel, it can be soldered directly in position. Alternatively, it can be attached to the board via short lengths of lightduty hook-up wire and glued into place in the enclosure. Twist the wires tightly together to minimise noise pickup from the ID-12 module. Note the orientation of the flat (cathode) side, which is shown facing JP1 on the overlay diagram. Microcontroller firmware If you’re assembling this project from a kit of parts, then the microcontroller (IC1) will already have been programmed. On the other hand, if you’ve sourced all the parts yourself, then you’ll also need to program this device. The necessary code (RFID. HEX) is available from the download area of the SILICON CHIP web site at www.siliconchip.com.au Initialising the module Before using the module, the desired operating mode must be set and at least one ID programmed. Let’s see how this is achieved. The operating mode is selected by installing a jumper shunt on JP1 and connecting a wire link between two terminals of CON2. Fig.5 shows which terminals to link for each of the four modes. No link should be installed if Mode 1 operation is desired. Once the link (if needed) and jumper are in place, connect 12V DC to the power input terminals (CON1). Be particularly careful that you have the Fig.5: a temporary wire link must be inserted in the 4-way terminal block as part of the initialisation procedure, in order to select Mode 2, 3 or 4. If you don’t need the door strike function, then it’s not important which alarm mode you choose. 42  Silicon Chip siliconchip.com.au Fig.6(a): an electric door strike can be connected for easy access to your home. Fig.6(c): basic alarm functionality can be achieved by connecting a siren directly to the “alarm” output. Alternatively, this output can drive a 12V relay. Fig.6(b): the “arm” and “alarm” outputs can be used to interface the module to an existing alarm system. The “arm” output can also be used with an engine immobiliser circuit in a car. The SILICON CHIP Engine Immobiliser requires a 2.2kΩ pull-up resistor (shown in grey) to +12V, with JP2 removed to select a low output when armed. positive and negative leads around the right way, otherwise transistors Q2 & Q3 (and perhaps diodes D2 & D3) will self-destruct! Assuming all is well, the module will immediately “beep” to indicate the chosen mode. For example, with a link between the “door strike” output and the “tamper switch” input, the module will beep four times to indicate that Mode 4 has been selected. This operation also erases all of the microcontroller’s EEPROM, so if you’ve decided to switch modes after programming some tags, you’ll need to program them again. Now power off and remove the jumper wire, as well as the shunt on JP1. The module is now ready to be programmed for tag recognition. Master tag programming The very first tag that is detected by the module after the initialisation procedure is assigned special status. This “master” tag, as we’ll refer to it, will be needed when ever you want to add or remove other tags. siliconchip.com.au Fig.6(d): a tamper switch in mandatory unless the unit is completely inaccessible. Here’s how to connect one. Fig.6(e): a battery-backed 12V supply is required to power the module. Existing alarm systems will already have such a supply. For standalone use, you’ll need to wire up your own battery and charger as depicted here. A great little SLA float charger was described in the March 2003 issue of SILICON CHIP. Power up again and swipe the tag that you want to be assigned as the master. Once the tag is within about 90-100mm of the top or bottom of the module, it will beep once to indicate that the ID code has been received and stored. Now, when ever you swipe the tag, it’s unique ID code will be immediately recognised. For keyless operation (Mode 1), the module beeps once and energises the door strike each time the tag is swiped. For alarm operation (Modes 2-4), the alarm state is toggled each time the tag is swiped. One beep indicates system arming whereas two beeps indicate disarming. You’ll also note that when Table 2: Jumper Functions Jumper IN OUT JP1 Erase all IDs, set mode Armed output low when disarmed Enable ID add/ remove Normal operation Armed output low when armed Disable ID add/ remove JP2 JP3 armed, the LED flashes at 2-second intervals. The door strike is energised as appropriate for the specific mode. Adding & removing other tags Up to 24 tag ID codes can be stored in the microcontroller’s memory. To enable the addition or removal of tag codes from memory, first install a jumper shunt on JP3. With the jumper in place, swipe the master tag. The module will perform the usual arm or disarm, depending on the operating mode. In addition, detection of the master tag starts an internal 4-second timer. Within that 4-second period, any tag that is swiped will be added to memory if it does not already exist and the module will beep once. Conversely, any tag that already exists in memory will be removed and the module will beep twice. If you try to add more that 24 tags or if the microcontroller fails to successfully add or remove a tag code for any reason, the module will beep four times. Each time a tag is swiped, the June 2004  43 Where To Get The Parts (1). Kits and “key fob” style tags for this design will be available from Altronics and Dick Smith Electronics. (2). The ID-12 RFID module is available from Adilam Electronics, who also stock a range of Sokymat RFID tags. Contact Adilam on (02) 9704 9200 or point your browser to www.adilam.com.au (3). Electric door strikes are available from Altronics, Dick Smith Electronics and Jaycar. The unit pictured at left is typical and came from Altronics. 4-second timer is restarted. If no tag is swiped within the timing period, the timer expires and the module beeps once, returning to normal operation. It’s then necessary to swipe the master tag again before more tags can be added or removed. If you install the module in an inaccessible location (such as inside a wall), you may wish to leave the “add/ remove” jumper (JP3) in place. Note that, in some instances, this could pose a security risk. If the master tag is “borrowed” by a would-be intruder, they may be able to add their own tag to the system and return the master without your knowledge! Installation & wiring The low operating frequency of this system enables operation through non-metallic materials. This means that it can be installed behind walls and inside consoles, for example. The main limitation here is the maximum operating range. Our prototype operates at up to 95mm, although large metal objects nearby tend to reduce this range. When in doubt, test before reaching for your hammer and chisel! As previously mentioned, the module is also small enough to fit behind a standard Clipsal wall plate or similar. For brick walls, a stand-off box will be required as well. Fig.6 shows several basic hook-up schemes, covering both stand-alone operation and use with a more comprehensive alarm system. It’s up to you to choose the scheme that best suits your application. If using the door strike option, the ground return wire (back to battery negative) should be run using heavyduty cable, especially for long runs. If using multi-core alarm cable, combine two cores in parallel to achieve similar results. A separate wire from the battery positive to the door strike solenoid is also advisable. When used with an engine immobiliser in a car, the module can be either powered permanently or only when the ignition is switched on. The latter method eliminates battery drain as well as the need to arm the module each time you exit the vehicle. However, it does mean having to swipe your tag after inserting the keys in the ignition. Which ever method you choose, the positive power lead must be wired via This photo shows a sample collection of tags, including the key fob and “credit card” styles mentioned in the article. 44  Silicon Chip the fuse box. The negative lead simply connects to chassis ground. How secure is it? Each tag is factory-encoded with a unique 40-bit number. This means 240 possible combinations – a very big number indeed. It’s therefore extremely unlikely that someone will have a tag with the same code as yours. It’s also impossible to use a scanning device to “crack” the code because the module generates an alarm as soon as three consecutive unknown IDs are detected. Not only that, but the very low tag to reader transmission speed means that it would probably take years to run through all of the possible combinations. As with lock and key security, it might be possible to “borrow” a tag and copy it. This could be achieved by reading the ID and programming it into a read/write tag, effectively duplicating the original. Note, however, that this requires specialised equipment not typically found in an intruder’s toolkit! It’s the wiring from the module to the main alarm (if used) and to the power supply that’s probably the most vulnerable. It’s therefore important that all wiring is well concealed and completely inaccessible without first triggering an alarm. Note that some alarm systems can be set up to detect cut wires and other forms of tampering. Of course, even simple alarm systems must have a well-maintained battery backup supply to continue operating in a blackout. Tag compatibility The RFID reader module used in this system will work with any “EM4001” compatible read-only tags. A large range of tag styles is available (see www.sokymat.com) but due to minimum order requirements, kit suppliers will probably only carry a couple of different types. The most useful tag for this project is probably the “key fob” style. It isn’t much thicker than your typical automotive fob and it’s virtually indestructible. Best of all, there are no batteries to go flat! The credit-card sized tag might also be popular. There’s no need to open your purse or wallet with one of these – just swipe the whole thing past the SC reader for instant access! siliconchip.com.au