Transponder with Memory Function
Transponders with a memory function range from the simple read-only transponder to the high-end transponder with intelligent cryptological functions (Figure 10.2).

Transponders with a memory function contain RAM, ROM, EEPROM or FRAM and an RF interface to provide the power supply and permit communication with the reader. The main distinguishing characteristic of this family of transponders is the realisation of address and security logic on the chip using a state machine.

RF Interface
The RF interface forms the interface between the analogue, high-frequency transmission channel from the reader to the transponder and the digital circuitry of the transponder. The RF interface therefore performs the functions of a classical modem (modulator–demodulator) used for analogue data transmission via telephone lines.

The modulated RF signal from the reader is reconstructed in the RF interface by demodulation to create a digital serial data stream for reprocessing in the address and security logic. A clock-pulse generation circuit generates the system clock for the data carrier from the carrier frequency of the RF field.

The RF interface incorporates a load modulator or backscatter modulator (or an alternative procedure, e.g. frequency divider), controlled by the digital data being transmitted, to return data to the reader.

The serial data to be transmitted is first transferred to a Manchester generator. This allows the baud rate of the baseband signal to be adjusted between two values. The Manchester coded baseband signal is now used to switch between the two subcarrier frequencies f1 and f2 using the ‘1’ and ‘0’ levels of the signal, in order to generate an FSK modulated subcarrier signal. If the clock signal f2 is interrupted, this results in an ASK modulated subcarrier signal, which means that it is very simple to switch between ASK and FSK modulation. The modulated subcarrier signal is now transferred to switch S, so that the modulation resistor of the load modulator can be switched on and off in time with the subcarrier frequency.

Example Circuit – RF Interface for ISO 14443 Transponder
The circuit in Figure 10.5 provides a further example of the layout of an RF interface. This was originally a simulator for contactless smart cards in accordance with ISO 14443, which can be used to simulate the data transmission from the smart card to a reader by load modulation. The circuit was taken from a proposal by Motorola for a contactless smart card in ISO 10373-6 (Baddeley and Ruiz, 1998).

A complete layout is available for the duplication of this test card (see Section 14.4.1). The circuit is built upon an FR4 printed circuit board. The transponder coil is realised in the form of a large-area conductor loop with four windings of a printed conductor. The dimensions of the transponder coil correspond with the ratios in a real smart card.

The transponder resonant circuit of the test card is made up of the transponder coil L1 and the trimming capacitor CV 1. The resonant frequency of the transponder resonant circuit should be tuned to the transmission frequency of the reader, 13.56 MHz (compare Section The RF voltage present at the transponder resonant circuit is rectified in the bridge rectifier D1–D4 and maintained at approximately 3 V by the Zener diode D6 for the power supply to the test card.

The binary divider U1 derives the required system clocks of 847.5 kHz (subcarrier, divider 1/16) and 105.93 kHz (baud rate, divider 1/128) from the carrier frequency 13.56 MHz.

The circuit made up of U2 and U3 is used for the ASK or BPSK modulation of the subcarrier signal (847.5kHz) with the Manchester or NRZ coded data stream (jumper 1–4). In addition to the simple infinite bit sequences 1111 and 1010, the supply of an external data stream (jumper 10) is also possible. The test smart card thus supports both procedures for data transfer between smart card and reader defined in ISO 14443-2.

Either a capacitive (C4,C5) or an ohmic (R9) load modulation can be selected. The ‘open collector’ driver U4 serves as the output stage (‘switch’) for the load modulator.

The demodulation of a data stream transmitted from the reader is not provided in this circuit. However, a very simple extension of the circuit (Figure 10.6) facilitates the demodulation of at least a 100% ASK modulated signal. This requires only an additional diode to rectify the RF voltage of the transponder resonant circuit. The time constant τ = R · C should be dimensioned such that the carrier frequency (13.56 MHz) is still effectively filtered out, but the modulation pulse (tpulse = 3 µs in accordance with ISO 14443-2) is retained as far as is possible.

Address and Security Logic
The address and security logic forms the heart of the data carrier and controls all processes on the chip.

The power-on logic ensures that the data carrier takes on a defined state as soon as it receives an adequate power supply upon entering the RF field of a reader. Special I/O registers perform the data exchange with the reader. An optional cryptological unit is required for authentication, data encryption and key administration.

The data memory, which comprises a ROM for permanent data such as serial numbers, and EEPROM or FRAM is connected to the address and security logic via the address and data bus inside the chip.

The system clock required for sequence control and system synchronisation is derived from the RF field by the RF interface and supplied to the address and security logic module. The state-dependent control of all procedures is performed by a state machine (hard-wired software). The complexity that can be achieved using state machines comfortably equals the performance of microprocessors (high-end transponders). However the ‘programme sequence’ of these machines is determined by the chip design. The functionality can only be changed or modified by modifying the chip design and this type of arrangement is thus only of interest for very large production runs.

State Machine
A state machine (also switching device, Mealy machine) is an arrangement used for executing logic operations, which also has the capability of storing variable states (Figure 10.8). The output variable Y depends upon both the input variable X and what has gone before, which is represented by the switching state of flip-flops (Tietze and Schenk, 1985).

The state machine therefore passes through different states, which can be clearly represented in a state diagram (Figure 10.9). Each possible state SZ of the system is represented by a circle. The transition from this state into another is represented by an arrow. The arrow caption indicates the conditions that the transition takes place under. An arrow with no caption indicates an unspecified transition (power on → S1). The current new state SZ(t + 1) is determined primarily by the old state SZ(t) and, secondly, by the input variable xi.

The order in which the states occur may be influenced by the input variable x. If the system is in state SZ and the transition conditions that could cause it to leave this state are not fulfilled, the system remains in this state.

A switching network performs the required classification. If the state variable Z(t) and the input variable are fed into its inputs, then the new state Z(t + 1) will occur at the output (Figure 10.8). When the next timing signal is received this state is transferred to the output of (transition triggered) flip-flops and thus becomes the new system state S(t + 1) of the state machine.

Memory Architecture
Read-Only Transponder
This type of transponder represents the low-end, low-cost segment of the range of RFID data carriers. As soon as a read-only transponder enters the interrogation zone of a reader it begins to continuously transmit its own identification number (Figure 10.10). This identification number is normally a simple serial number of a few bytes with a check digit attached. Normally, the chip manufacturer guarantees that each serial number is only used once. More complex codes are also possible for special functions.

The transponder’s unique identification number is incorporated into the transponder during chip manufacture. The user cannot alter this serial number, nor any data on the chip.

Communication with the reader is unidirectional, with the transponder sending its identification number to the reader continuously. Data transmission from the reader to the transponder is not possible. However, because of the simple layout of the data carrier and reader, read-only transponders can be manufactured extremely cheaply.

Read-only transponders are used in price-sensitive applications that do not require the option of storing data in the transponder. The classic fields of application are therefore animal identification, access control and industrial automation with central data management.

Writable Transponder
Transponders that can be written with data by the reader are available with memory sizes ranging from just 1 byte (‘pigeon transponder’) to 64 Kbytes (microwave transponders with SRAM).

Write and read access to the transponder is often in blocks. Where this is the case, a block is formed by assembling a predefined number of bytes, which can then be read or written as a single unit. To change the data content of an individual block, the entire block must first be read from the transponder, after which the same block, including the modified bytes, can be written back to the transponder.

Current systems use block sizes of 16 bits, 4 bytes or 16 bytes. The block structure of the memory facilitates simple addressing in the chip and by the reader.

Transponder with Cryptological Function
If a writable transponder is not protected in some way, any reader that is part of the same RFID system can read from it, or write to it. This is not always desirable, because sensitive applications may be impaired by unauthorised reading or writing of data in the transponder. Two examples of such applications are the contactless cards used as tickets in the public transport system and transponders in vehicle keys for electronic immobilisation systems.

There are various procedures for preventing unauthorised access to a transponder. One of the simplest mechanisms is read and write protection by checking a password. In this procedure, the card compares the transmitted password with a stored reference password and permits access to the data memory if the passwords correspond.

However, if mutual authorisation is to be sought, or it is necessary to check that both components belong to the same application, then authentication procedures are used. Fundamentally, an authentication procedure always involves a comparison of two secret keys, which are not transmitted via the interface. (A detailed description of such procedures can be found in Chapter 8). Cryptological authentication is usually associated with the encryption of the data stream to be transmitted (Figure 10.12). This provides an effective protection against attempts to eavesdrop on the data transmission by monitoring the wireless transponder interface using a radio receiver.

In addition to the memory area allocated to application data, transponders with cryptological functions always have an additional memory area for the storage of the secret key and a configuration register (access register, Acc) for selectively write protecting selected address areas. The secret key is written to the key memory by the manufacturer before the transponder is supplied to the user. For security reasons, the key memory can never be read.

Hierarchical Key Concept
Some systems provide the option of storing two separate keys – key A and key B – that give different access rights. The authentication between transponder and reader may take place using key A or key B. The option of allocating different access rights (Acc) to the two keys may therefore be exploited in order to define hierarchical security levels in an application.

This principle for clarification. The transponder incorporates two key memories, which are initialised by the two keys A and B. The access rights that the readers are allocated after successful authentication depend upon the setting that has been selected in the transponder (access register) for the key that has been used.

Reader 1 is only in possession of key A. After successful authentication, the selected settings in the access register (Acc) only permit it to read from the transponder memory. Reader 2, on the other hand, is in possession of key B. After successful authentication using key B, the settings selected in the access register (Acc) permit it to write to the transponder memory as well as reading from it.

Sample Application – Hierarchical Key
Let us now consider the system of travel passes used by a public transport network as an example of the practical use of hierarchical keys. We can differentiate between two groups of readers: the ‘devaluers’ for fare payments and the ‘revaluers’ which revalue the contactless smart cards.

The access rights to the transponder’s two access registers A and B are configured such that, after successful authentication using key A, the system only permits the deduction of monetary amounts (the devaluation of a counter in the transponder). Only after authentication with key B may monetary amounts be added (the revaluation of the same counter).

In order to protect against attempted fraud, the readers in vehicles or subway entrances, i.e. devaluers, are only provided with key A. This means that a transponder can never be revalued using a devaluer, not even if the software of a stolen devaluer is manipulated. The transponder itself refuses to add to the internal counter unless the transaction has been authenticated by the correct key.

The high-security key B is only loaded into selected secure readers that are protected against theft. The transponder can only be revalued using these readers.

Segmented Memory
Transponders can also be protected from access by readers that belong to other applications using authentication procedures, as we described in a previous chapter. In transponders with large memory capacities, it is possible to divide the entire memory into small units called segments, and protect each of these from unauthorised access with a separate key. A segmented transponder such as this permits data from different applications to be stored completely separately.

Access to an individual segment can only be gained after successful authentication with the appropriate key. Therefore, a reader belonging to one application can only gain access to its ‘own’ segment if it only knows the application’s own key.

The majority of segmented memory systems use fixed segment sizes. In these systems, the storage space within a segment cannot be altered by the user. A fixed segment size has the advantage that it is very simple and cheap to realise upon the transponder’s microchip.

However, it is very rare for the storage space required by an application to correspond to the segment size of the transponder. In small applications, valuable storage space on the transponder is wasted because the segments are only partially used. Very large applications, on the other hand, need to be distributed across several segments, which means that the application-specific key must be stored in each of the occupied segments. This multiple storage of an identical key also wastes valuable storage space.

A much better use of space is achieved by the use of variable length segments (Figure 10.15). In this approach, the memory allocated to a segment can be matched to the requirements of the application using the memory area. Because of the difficulty in realising variable segmentation, this variant is rare in transponders with state machines.

Figure 10.16 illustrates the memory configuration of a transponder with fixed segmentation. The available memory, totalling 128 bytes, is divided into four segments, known as ‘pages’. Each of the four segments can be protected against unauthorised reading or writing by its own password. The access register of this transponder (‘OTP write protection’) consists of an additional memory area of 16 bits per segment. Deleting a single bit from the access register permanently protects 16 bits of the application memory against overwriting.