Date post: | 02-Apr-2018 |
Category: |
Documents |
Upload: | costel-cojocaru |
View: | 219 times |
Download: | 0 times |
of 48
7/27/2019 Atmel Autocompilation Vol7 Dec2010
1/48
Automotive
CompilationVolume 7 December 2010
7/27/2019 Atmel Autocompilation Vol7 Dec2010
2/48
7/27/2019 Atmel Autocompilation Vol7 Dec2010
3/48
Contents
Table of Contents
Configurable RF Architecture Gives EngineersGreater Design Flexibility 1
Design and Security Considerations for PassiveImmobilizer Systems 3
Automotive LIN Bus Driving Sensor Applications 12
Designing Next Generation Key Fobs 15
Capacitive Proximity Detection in the AutomotiveIndustry 21
Extending the Range of E-vehicles with Li-ionBatteries Using Active Balancing 24
Precision Battery Monitors for Standard Lead AcidBatteries Ensure Engine Start-up 27
DC and BLDC Motor Control ICs 29
EMC Synonym for Exasperating, Magic, Confusing? 36
EMC Pulse Immunity System-level Tests 41
7/27/2019 Atmel Autocompilation Vol7 Dec2010
4/48
2010 / www.atmel.com1
usefully employ a Power Amplifier
(PA) with reserve capacity, which can
be trimmed in output power level to
provide the maximum allowable outputin accordance with local regulatory
requirements. Further benefit can be
obtained from a PA whose output
impedance can be trimmed to optimize
the antenna match. Range and
reliability gains on the receive side can
be enhanced through proper selection
of sensitivity-related parameters,
such as RF carrier frequency, sub-
channels, modulation, data rate, and IF
bandwidth.
Flexibility for the design engineer
is also gained through access to a
receiver in which these parameters are
available as a programmable option.
Atmel has introduced next-generation
transceiver and receiver devices
with these configurable options.
For example, the Atmel ATA5830transceiver and Atmel ATA5780
receiver can accommodate automotive
applications such as RKE, PKE, TPMS,
In the automotive environment, RF-
enabled sub-systems continue to
evolve and proliferate. Such systems
include Tire Pressure Monitoring
Systems (TPMS), which are mainly
unidirectional on a single RF channel at
relatively high data rates; Remote Start
(RS) systems, which are generally
bidirectional on single or multiple
RF channels at relatively low data
rates; Passive Keyless Entry (PKE)
and Remote Keyless Entry (RKE)
applications, which are unidirectional
on single or multiple RF channels at
moderate data rates. TPMS uses both
On Off Keyed (OOK) and Frequency
Shift Keyed (FSK) modulation, RS uses
OOK only, and RKE uses either OOK
or FSK. To accommodate such multiple
systems and applications, automotive
RF semiconductor devices must
possess flexible as well as configurable
architectures. The need for architectural
flexibility, combined with customer
expectations of high performance,
improved range, and reliability, is driving
the next generation of RF IC designs.
Beginning with range and reliability,improvements here are easier to
realize when the transmit path has
programmable parameters. One can
and RS. The devices also support all
automotive bands: 310 to 318MHz,
418 to 477MHz, and 836 to 928MHz
and use one device and a single crystal
frequency.
These two devices are also designed
for architectural flexibility. A dual-
LNA architecture with two separate
input pins natively supports multi-
band applications using one single
IC, PCB, and bill of materials (BOM).
Additionally, dual-parallel demodulation
paths support simultaneous ASK and
FSK sensing capability. These features
accommodate multiple polling schemes
including TPMS, RS and up to three
RKE channels, and can be configured
to support RF protocols across multiple
frequency bands, modulation schemes,
and data rates.
To implement the vast array of
configurable content in both Atmel
devices, the desired configuration
settings are stored in the built-in
EEPROM and automatically applied to
Atmel Has Introduced Next-Generation TransceiverAnd Receiver Devices With Configurable Options
ConfigurableRF Architecture GivesEngineers Greater DesignFlexibility
Ahmad Chaudhry and Jim Goings
7/27/2019 Atmel Autocompilation Vol7 Dec2010
5/48
Automotive Compilation Vol. 7 2
the device on power-up. This enables
autonomous (stand-alone) operation
and polling for incoming signals from
multiple RF systems with differing RF
carrier frequency bands, modulation
formats, and data rates. Stand-alone
operation allows an external controller
to sleep while the device polls,
validates start of frame, and checks for
proper transmitter ID data. The device
only wakes the controller when a validmessage is detected. This is critical to
reducing Ignition Off Draw (IOD) in
vehicle-mounted applications and to
extending battery life in handheld fob
applications.
Atmel devices also have some other
enhancements which simplify design
and reduce BOM cost. The Atmel
ATA5830 transceiver device, for
example, has an embedded Atmel
AVR microcontroller on the same
silicon die. The microcontrollerincludes 6kByte of Flash and a
24kByte ROM library of user-
accessible firmware, making it
possible to develop an entire
application using just one single IC.Both the ATA5830 transceiver and
the Atmel ATA5780 receiver are also
highly integrated, requiring very few
external components. The application
circuits (see Figures 1 and 2) show
a standard implementation of each
device. For a typical application, the
ATA5830 transceiver only requires 10
external elements and the ATA5780
only six external elements. Both
devices are packaged in a 5 x 5mm,
32-pin QFN package.
In conclusion, the
newest generation
of configurable Atmel
RF semiconductor
devices provides the
design flexibility needed
for rapidly evolving
automotive RF-enabledsubsystems
32
(Optional)ATA5830
Atmel
31 30 29 28 27 26 25
9 10 11 12 13 14 15
VS = 3V
16
24PB2RFIN
_LB
RFIN_HB
SPDT_RX
SPDT_ANT
SPDT_TX
RF_OUT
ANT_TUNE
VS_PA
PB1
PB0
PC5
PC4
PC3PC2
PC1
PC0
VS
AVCC
XTAL2
XTAL1
TEST
EN
DGND
DVCC
ATEST
101
TEST
102
AGN
D
PB7
PB6
PB5
PB4
PB3
23
22
21
20
19
18
17
1
1
3
4
5
6
7
8
_
_ _
Elements
Inductor
Capacitor
1 single crystal for 3
different frequency rangesCrystal
Number
2 (3)
7 (9) 3 (5) for matching
4 for Blocking
1
Comments
Matching
l
I
i
i l l
il
i
l i
i
l
I
i
i l l
il
i
l i
i
32
ATA5780
Atmel
31 30 29 28 27 26 25
9 10 11 12 13 14 15
VS = 4.5v to 5.5v
16
24MOSIRFIN
_LB
RFIN_HB
SPDT_RX
SPDT_ANT
N.C
N.C
N.C
N.C
SCK
CLK_OUT
NSS
MOSI
MISO
SCK
NRESET
NPWRON
1NPWRON2
TRPA
NPWRON3TMDO
NPWRON4
NPWRON5TRPB
VS
AVC
C
XTAL
2
XTAL
1
TES
T
E
N
DGND
DVCC
ATEST
101
TEST
102
AGND
RX
_Active
LEDO
NPWRONG
IRQ
NSS
PWPON
LED1
MISO
23
22
21
20
19
18
17
1
1
3
4
5
6
7
8
_
_ _
Elements
Inductor
Capacitor
1 single crystal for 3
different frequency rangesCrystal
Number
1
4 1 for matching
3 for Blocking
1
Comments
Matching
Microcontroller
Atmel Devices Also Have Enhancements Which
Simplify Design and Reduce BOM Cost
Figure 2. Atmel ATA5780 Receiver Application Circuit
Figure 1. Atmel ATA5830 Transceiver Application Circuit
7/27/2019 Atmel Autocompilation Vol7 Dec2010
6/48
2010 / www.atmel.com3
Design and SecurityConsiderations for PassiveImmobilizer SystemsJim Goings, Toby Prescott, Michael Hahnen, Karl Militzer
For years, consumers have come to rely on the convenience and added security that
a passive vehicle immobilizer system offers These systems consist of a key fob, carriedby the driver, and a base station, mounted in the vehicle They work together to
determine if the driver is authorized to start the vehicle Of equal or greater importance
is the systems ability to prevent unauthorized sources from using the vehicle While
top-level functionality of a vehicle immobilizer is simple to describe, the underlying
technology enabling it is intriguing and sophisticated This article will explore both
the hardware and software aspects of vehicle immobilizer systems as well as offer
noteworthy comments on design and security considerations
Communication
The prevailing method of communication between key fob
and vehicle in passive vehicle immobilizer systems today
is with a modulated magnetic field. This field is created by
the vehicles immobilizer base station from a low frequency
alternating current, typically 125kHz. The magnetic field
serves three fundamental purposes: A) the power source for
the key fob, hence the term passive, B) a carrier on which
information from the base station to key fob is conveyed, e.g.
downlink, C) a carrier on which information from the key
fob to the base station is conveyed, e.g. uplink.
Characteristics of magnetic fields that are of particular appeal
for a vehicle immobilizer system pertain most to the key fobs
need to operate completely passively, e.g. without a battery.
Downlink field detection and uplink field modulation
can both be achieved using circuitry that consumes very
little current. Furthermore, harnessing sufficient field energy
to power these circuits in the key fob electronics can be
achieved with relative ease.
During the system design phase, care must be taken to
carefully consider key performance parameters such as key
fob energy requirements, which affect
antenna coil geometries and drive levels, and the
authentication process, which has a direct impact on response
time. The sections that follow will address these topics ingreater detail.
System Interfaces
The system architecture of a vehicle immobilizer has several
layers of abstraction, each representing different system
interfaces. Figure 1 provides a visual representation of these
layers.
The Physical Layer
A t the lowest level of a vehicle immobilizer system is the
physical layer. It consists of a vehicle-mounted antenna coil
capable of creating a magnetic field of sufficient magnitude
to enable its detection and modulation by an antenna coil
mounted in the users key fob.
Figure 1. Vehicle Immobilizer Interface Layers
Crytographic
Protocol
Logical
Physical
7/27/2019 Atmel Autocompilation Vol7 Dec2010
7/48
Automotive Compilation Vol. 7 4
Field Generation and Modulation
Vehicle immobilizer systems can be classified in one of two
different ways based on how the magnetic field is used
to support the transfer data: half duplex or full duplex. In
a half-duplex system, the vehicle-mounted antenna coil
alternates between periods of energy transfer and data
transfer. Uplink data (e.g., fob to vehicle) is modulated using
Frequency Shift Keying (FSK). A graphical representation of
this communication method is shown in Figure 2. Two points
should be intuitively obvious from viewing Figure 2. First, the
rate of data transfer suffers from a significant compromise
due to the recurring need to perform the energy transfer,
e.g., charge up the key fob. Second, the modulated signal isvery small compared to the field present during the energy
transfer period, making it more susceptible to interference
from ambient noise which results in reduced range. These
characteristics have caused the popularity of half-duplex
systems to wane.
The dominant system in use today is the full-duplex system
in which the vehicle-mounted antenna coil performs energy
transfer AND data transfer simultaneously. Uplink data is
modulated using Amplitude Shift Keying (ASK). A graphical
Magnetic Field Charges Key Fob
FSK Key Fob Return Frequency (red)
FSK Key Fob Return Frequency 0(blue)Figure 2. Half-duplex Communication Using FSK
7/27/2019 Atmel Autocompilation Vol7 Dec2010
8/48
2010 / www.atmel.com5
representation of this communication method is shown in
Figure 3. Clearly, the ability to simultaneously transfer data
while keeping the key fob energized, or charged, provides
the design engineer a significant data transfer rate advantage
over half-duplex systems. Additionally, the constant carrierfield tends to mask out interferences and enables robust
communication during the data transfer. Furthermore, this
approach can be realized using simple envelope detection
circuitry. Because of the popularity of the full-duplex vehicle
immobilizer system in the market place today, the rest of this
document will focus on this type of system.
System Interfaces: the Logical Layer
The next layer above the physical layer is the logical layer.
This layer captures the characteristics and requirements for
the coding and transfer of data across the magnetic field. It
applies to the bi-directional data transfer that takes place
from vehicle to key fob, commonly referred to as downlink,
as well as key fob to vehicle, also known as uplink.
Downlink
Downlink information is coded using Pulse Length
Modulation; typically Binary Pulse Length Modulation
(BPLM) or Quad Pulse Length Modulation (QPLM). This
method is based on inserting a carrier field gap, Tgap, of
fixed duration and setting the gap to gap timing intervals
to predetermined times; T0 for a logic 0 and T1 for a
logic 1. The advantage to this approach is that it embeds
energy transfer from vehicle to key fob into the data
encoding and ensures the key fob will be supplied enough
energy to process the encoded data. However, a side effectof this encoding method is that the data transfer baud rate
depends on the logical value of the data bit stream being
sent since the transmission times for each binary state are
different. See Figure 4 for a more detailed graphical depiction
of this coding method.
Figure 3. Full-duplex Communication Using ASK
1-bit value
0
1
BPLM bit frame example
LF-Field
LF-Field
12 x CLKFC
20 x CLKFC
Tgap
Tgap
Figure 4. BPLM Coding Method
Magnetic Field Charges Key Fob
ASK Key Fob Return Signal - Resistively Damped ( Green )
ASK Key Fob Return Signal - Undamped ( Black )
7/27/2019 Atmel Autocompilation Vol7 Dec2010
9/48
Automotive Compilation Vol. 7 6
QPLM is a variation of BPLM that is sometimes used. With
this modulation, two bits are transmitted after one gap, and
therefore more power is available on the transponder side. In
addition, the average baud rate is higher compared to BPLM.
The coding method follows the same basic implementation
as BPLM, except the allowed number of states is extended
from two to four and the predetermined gap to gap timing
intervals are expanded to cover the additional states. See
Figure 5 for a visual representation of QPLM.
Uplink
Information communicated from the user fob to the vehicle
base station is typically encoded using Manchester or Bi-
phase. These encoding methods share several characteristics
that differ from the downlink: A) the encoded bit stream
always has an average duty cycle of 50%, B) the time
to send encoded data is based solely on the baud rate.
Both encoding techniques enable clock extraction from
the encoded data stream. This is possible because all time
durations in the coded bit stream are quantized to one of two
values; T or 2T, where T is what is referred to as a half bit.
Data rate is fixed by the relationship 1/(2T). Clock extraction
merely requires the detection of the minimum time duration
element, T, and synchronizing its phase with the coded bit
stream.
Protocol Layer
The protocol layer defines how individual data bits are
grouped to enable communication between the vehicle
base station and key fob. It defines how many bits and in
which order they are transmitted between the reader and
the transponder. As a simple analogy, this can be compared
to the rules governing the formation of sentences in using
words. The protocol layer would be like the sentence formed
from the logical layer which would be like the words. It forms
a fixed set of commands along with their allowable responses.
Authentication
Authentication is the term used to describe the process of
deciding whether the driver is authorized to start the vehicle.
The simplest form of this is called unilateral authentication.
In this case, the vehicle tests the key fob to determine
if it has been associated/learned to the vehicle. When an
additional step is added to this process, in which the key
attempts to test the vehicle to determine if it has been
associated with the key fob, it becomes bilateral or mutual
authentication. Clearly, this added step increases security
strength but comes at the expense of longer authentication
time.
2-bit value
00
01
QPLM bits frame example
LF-Field
18 x CLKFC
LF-Field
28 x CLKFC
10
11
LF-Field
40 x CLKFC
LF-Field
62 x CLKFC
Tgap
Tgap
Tgap
Tgap
Figure 5. QPLM Coding Method
0 0 1 1 0 1 0 0
Clock
Data
Manchester
Bi-phase
Figure 6. Manchester and Bi-phase Coding
7/27/2019 Atmel Autocompilation Vol7 Dec2010
10/48
2010 / www.atmel.com7
Unilateral Authentication
Typically, the unilateral authentication protocol is initiated by
the vehicle and consists of the following steps:
1. Vehicle reads the key fobs unique ID (not to be
confused with the secret key)
2. Vehicle generates a random number challenge and
sends it to the key fob
3. Key fob encrypts the challenge (using the secret key)
and sends this response to the vehicle
4. Vehicle compares key fobs response with its calculated
response (using same key and challenge)
Note: The vehicle must posses the key fobs secret key to
enable the success of this transaction. The process of sharing
the secret key is called Key Learn and is described in the
next section.
Key Learn: Open/ Secure
The Key Learn Protocol is the process that is used to allow
the vehicle to establish a secret key and share it with the key
fob. Depending on the restrictions and safeguards placed on
the initiated Key Learn session by the vehicle, secret keys
can be shared openly or securely.
An open Key Learn process would typically consist of the
following steps, also shown in Figure 8:
1. Vehicle generates a secret key based on a random
number and proposes it to the key fob
2. Key fob accepts secret key, saves to memory, and
responds with an acknowledgment
3. Vehicle saves secret key to memory after successful
receipt of key fobs acknowledgement
If the Key Learn Protocol cant be protected from
eavesdroppers or unauthorized access to the vehicle, it maybe desirable to utilize a Secure Key Learn Process.
ID
Memory
Key
Memory
Key
Memory
ID
IDN
Y
N
Y
AES-128
(enc.)
Random Number
Challenge
Response
AES-128
(enc.)
Challenge
Response
Detection Header(optional)
4-bit Command
+ 4-bit CRC
8-bit Header+ 32-bit ID+ 8-bit CRC
8-bit Header+ M Response-bits
+ 8-bit CRC
8-bit Command
+ N Challenge-bit+ 8-bit CRC
LF-Field On
Read UID
Stop
Stop
Valid
=
OK, it is theright key
CarKey
OK?
Read UIDCommand
Start Authentication
Command
Figure 7. Unilateral Authentication
Unilateral Authentication Protocol
7/27/2019 Atmel Autocompilation Vol7 Dec2010
11/48
Automotive Compilation Vol. 7 8
Key Memory
Key MemoryResponse ( Pass/Fail )
Secret Key
NY
Secret Key
Random Number
LF-Field On
StopPass =
Learn Secret
Key (1 or 2)
Cmd
Key Car
Detection Header(optional)
8-bit Header+8 bit Status+ 8-bit CRC
8-bit Command
+ 128 bit Key
+ 8-bit CRC
Figure 8. Open Key Learn
Bilateral or Quasi-mutual
Authentication
A more complex form of an authentication process is the
quasi-mutual or bilateral authentication. It is not a full
mutual authentication that is implemented in the Atmel
immobilizer system because it does not use random
generators on both sides of the system, the car and the
key. The implemented solution uses a MAC (Message
Authentication Code) to authenticate the car vis--vis the
key.
Again, the authentication protocol is initiated by the
vehicle and in case of a bilateral authentication consists
of the following steps as shown in Figure 9:
1. Vehicle reads the key fobs unique ID
2. Vehicle generates a random number challenge and
sends it to the key fob
3. Vehicle encrypts the random number and appends it
to the challenge
4. Key fob encrypts the challenge (using secret
key 1) and compares it with the received encrypted
challenge (MAC)
5. If the result matches, the key fob encrypts it (using
secret key 2) and sends this response to the vehicle
6. Vehicle compares key fobs response with its
calculated response (using same key and challenge)
Cryptographic Layer
The cryptographic layer provides the highest level of
encryption. It contains the mathematical function that
transforms a plain text message into a secret message.
Ideally, this function should have two properties:
1. Unique: For every plain text input, there must be a
unique secret text output
2. Unpredictable: It must not be possible to predict a
plain text to secret text pair, even if a large sample
of known good plain text to secret text pairs wasavailable for analysis
Open Key Learn 1/2
7/27/2019 Atmel Autocompilation Vol7 Dec2010
12/48
2010 / www.atmel.com9
Public vs Private
For many years, private cryptographic algorithms were
commonplace. However, private algorithms have drawbacks:
A) uncertainty of algorithms strength, B) lack of being
subjected to critical peer review, C) potential wide-scale
security compromise should the algorithm be leaked to the
public. In recent years, several high-profile examples can be
cited that illustrate these weaknesses. Perhaps even more
compelling is the lack of interoperability in systems that share
the same physical and logical layers. This interferes with basic
competitive market forces and in many cases drives higher
system costs.
In an effort to address these concerns, public opinion has
shifted toward the acceptance of a public domain encryption
algorithm the Advanced Encryption Standard (or AES,
as it is more commonly referred to). Its origin comes from
the 1997 initiative at the National Institute of Standards and
Technology (NIST) to select a public-domain encryption
algorithm. Within a year, fifteen candidate algorithms
were identified and subjected to critical review by thecryptographic research community. This analysis included an
assessment of security and efficiency characteristics for each
algorithm. After trimming the list of candidates from fifteen to
four, NIST subjected them to a second round of public review
before finally selecting the AES algorithm in 2000.
AES, as we know it today, is a symmetrical block cipher that
combines a 128-bit plain text input with a 128-bit secret key
to create a 128-bit encrypted output. Due to its symmetrical
characteristics, AES can also be used in reverse to combine
the encrypted output with the secret key to find and extract
the original plain text input.
System Security Considerations
Attacks and Countermeasures
A common misconception held today is that the security of a
vehicle immobilizer system is established by the strength of
the encryption algorithm. While encryption algorithm strength
is important, it alone does not define the overall systems
resistance to attack. Each of the interface layers in the
immobilizer system, algorithmic, protocol, logical and physical,
contributes to the systems overall security and must bestudied and fortified against attack.
AES -128
encryption
AES -128
encryption
128-bit
Key 1
ID
memory
128-bit
Key 2
Random Number
ID
N
N
Y
Y
NY
Stop
AES-128
encryption
AES-128
encryption
128-bit
Key 1
128-bit
Key 2
Random Number
LF-Field On
ID
Read UID
Stop
Stop
Valid
=
=Ok, is it theright key,car match
Hiddenchallenge (HCH)
expanded to 128 bits
Start AuthenitcationCommand
Read UID CMDKey
OK?
Car
8-bit Header+ 32-bit ID+ 8-bit CRC
Detection Header(optional)
8-bit Header+ M bit {Resp}
+ 8-bit CRC
8-bit Command+ N bit RandN
+ M bit (RandN)
+ 8-bit CRC
4-bit Command
+ 4-bit CRC
Hiddenchallenge (HCH)
expanded to 128 bits
Ok, is it theright
car, continue
AES
Figure 9. Bilateral Authentication Protocol
Bilateral Authentication Protocol
7/27/2019 Atmel Autocompilation Vol7 Dec2010
13/48
Automotive Compilation Vol. 7 10
Algorithmic Security and
Countermeasures
As noted earlier, it is imperative that the encryption algorithm
possess unique and unpredictable characteristics. In the case
of AES, the details of how the algorithm operates is freely
available to the public and as a result, it has been subject
to critical review by the research community. This, by far,
is the best countermeasure available. To date, scientific
studies have confirmed the algorithms strength as it has
withstood the test of time (over 10 years). However, in the
case of private algorithms, scientific analysis by the research
community was not possible, leaving the strength of these
algorithms in question. In fact, many have failed to withstand
the test of time and in recent years their weaknesses have
been exposed.
Protocol Security and Countermeasures
In systems using unilateral authentication, attacks on the
protocol layer are typically accomplished using scan or
dictionary methods. In a scan attack, the attacker
receives a challenge from the vehicle and returns random
values in response. If the protocol consisted of a 56-bit
response, then the bit security is 256 , i.e., it takes 256 trials to
get one valid challenge-response pair. To resist this type of
attack, the following measures can be considered:
Increasing the response bit length to add complexity
Having the vehicle embed exponentially growing time-
outs between consecutive unsuccessful trials
Having the vehicle block trials after a fixed number of
consecutive unsuccessful trials are attempted
In a dictionary attack, the attacker collects valid challenge
(from the attacker) response (from the key fob) pairs by
communicating directly with the transponder. These pairs are
placed in a look-up table or dictionary for future reference.
Equipped with this dictionary, the attacker then sequentially
triggers the vehicle for a challenge, which can be checked in
the dictionary for a valid response. If the protocol included a
100-bit response, one would need 251 trials to get one valid
challenge-response pair. The birthday paradox states that
after 2n/2 logged challenge-response pairs and
2n/2 trials, the probability of a valid result is 0.5. Using this,
it can be shown that the overall complexity of this attack is
2n/2+1 = 251. Countermeasures to consider in this case are:
Increasing the challenge bit length to add complexity
Implementing a bilateral authentication protocol
Physical/Logical Security and
Countermeasures
In recent years, attack methods have grown more
sophisticated. Side-channel attacks such as Simple Power
Analysis (SPA) and Differential Power Analysis (DPA) as
well as other invasive attacks have been successfully
applied to extract secret keys from key fobs. These so-
called side-channel attacks measure and evaluate the power
consumption of a cryptographic device and combine it with
knowledge of the plain text or cipher text in order to extract
an otherwise secret key. The theory underlying these
methods is quite sophisticated and beyond the scope of this
document. The strongest defense against the side-channel
attacks noted above are:
Randomization of clock frequency and operation Interleaving of digital control and the encryption
operation
Invasive attacks dwell on the physical implementation
of the encryption-related circuitry on the silicon die itself.
The best countermeasures are fairly simple to implement as
long as they are considered early in the design process. The
following are examples of steps that could be considered:
Metal shielding of memory blocks
Using non-standard synthesis libraries
Scrambling the location of critical digital elements used
during encryption
Restricting memory access and automatic chip-erase
function if attempted
System Performance Considerations
Current Consumption
System performance has different aspects. One is the power
consumption of the key fob. This parameter relates directly
to the achievable communication distance between keyfob and vehicle base station. Car manufacturers and Tier1
suppliers tend to emphasize the importance of the coupling
factor as a critical system parameter. However, it mainly
represents the relationship of the mechanical dimensions
between the key fobs antenna and the vehicle base stations
antenna. This parameter is only valid for a given system
configuration and depends on antenna inductance, Q-factor,
driver current, reader sensitivity, and ignition lock cylinder
material. Because of this, use of this parameter alone to
compare different systems is inadequate. Of equal if not more
importance than the coupling factor is current consumption,
especially given that the key side current consumption is a
limiting factor in a passive, batteryless environment where
7/27/2019 Atmel Autocompilation Vol7 Dec2010
14/48
2010 / www.atmel.com11
the energy is harvested from a magnetic field and stored in
a small capacitor. By selecting system components designed
for extremely low power consumption and microcontrollers
capable of being programmed with well-balanced
software (putting the controller in sleep mode whenever
possible), the engineer is able to overcome earlier system
disadvantages requiring high coupling factors to compensate
for high current consumption in the key fob.
Authentication Response Time
Another important factor in immobilizer systems is the time
it takes from turning the key fob inserted inside the lock until
the engine starts. This time should be short enough to avoidthe drivers perception of a delay. Depending on mechanical
and electrical system design and how quick a person can
introduce and turn the key, an overall timing budget in the
range of 300ms to 500ms is typically available. A significant
part of this budget is consumed through mechanics and
overhead in the body control module. What remains is
between 100ms and 200ms for the authentication process. A
good compromise in terms of speed and security seems to be
a bilateral authentication with a challenge length of 100 bits
and a response length of 56 bits. In most systems this results
in a response time of under 100ms.
Error Handling
In case an authentication failed for whatever reason, todays
systems require the complete authentication cycle to restart
from the beginning and allowing a maximum of three retries
within a reasonable time. The retry strategy from Atmel
looks a bit different and enables the system to recover from
communication errors more quickly. All commands and
optionally the data are protected by a Cyclic Redundancy
Check (CRC). Both the key fob and the base station can
make use of the CRC to detect errors and signal these
conditions to their respective communication partner. This
enables the base station to be selective about the amountof repeated info, the last action, the last response, or the
last command. This feature enables quicker communication
recovery and more attempts at communication recovery
in the same amount of time (five-seven retries instead of
three).
SummaryBy selecting system components that meet the security
and performance expectations of the automotive market
place, and support a highly configurable and open-source
immobilizer software stack, the task of developing a robust
vehicle immobilizer system can be greatly simplified. As a
leader in automotive vehicle access solutions, Atmel offers
such a complete system solution consisting of both hardware
and software.
Key fob designs can be realized with the Atmel ATA5580 and
the Atmel ATA5795. These devices boast an LF front end, an
AES hardware block to perform fast and efficient encryptioncalculations, coupled with an Atmel AVR microcontroller that
has been optimized for extremely low current operation.
Both include programmable flash memory that can be used to
run the Atmel open immobilizer protocol or other customer-
specific software and are capable of completely passive
immobilizer operation.
A base station can be realized with the Atmel ATA5272. This
device integrates the LF base-station function with an AVR
microcontroller with 8K of programmable flash memory.
As a final complement to these devices, the open immobilizer
protocol software from Atmel is available to users at no
cost. It provides an unprecedented level of configurability
including many user selectable features enabling the dynamic
evaluation of system parametric tradeoffs and accelerates the
development and optimization process:
1. A logical layer with uplink and downlink baud rate, bit
encoding, and modulation depth
2. A protocol layer with challenge and response bit
lengths, unilateral or bilateral authentication, data field
CRC, two secret keys, secure or open Key Learn
3. A cryptographic layer with AES crypto clock speed from
125 kHz to 4 MHz on the fly
7/27/2019 Atmel Autocompilation Vol7 Dec2010
15/48
7/27/2019 Atmel Autocompilation Vol7 Dec2010
16/48
2010 / www.atmel.com13
Sensor systems differ in many respects from other electronic
components of the car. The most important difference is
that sensors are mostly located outside the vehicle in harsh
environments where they are subject to changes in humidity,
temperature or pressure. In most cases, sensors also have
to be mounted in areas with very limited space and are
connected with a 2- or 3-wire harness.
The Applications for Sensors are as Diverse
as the Application Areas Themselves:
In the body control area:
- Pressure sensors
- Gyro sensors
A typical sensor node contains the sensing element itself, a
microcontroller for signal conditioning, and a transceiver for
signal transmission. As the length of the data line is often
more than 1m, the data transfer is dominated by analog
signal conditioning which has a portion of about 90%.
Analog signal conditioning does have some advantages.
It is compatible with previously existing mechanical or
electromechanical detection systems, and is also easy
to use and to plug in. Analog data can be provided in a
voltage range of, for example, 0 to 5V and the sensor can
then be monitored by an ADC port on a microcontroller
which converts the data into the digital domain. Generally,
however, requirements for sensor systems are increasing,
making analog signal conditioning less attractive. With ADC
resolutions up to 10 Bit, and the ability to indicate two
different types of failure modes by clamping the signal
voltage either to the lowest or to the highest voltage levels,
analog techniques have already reached the limits of their
performance and will be replaced by different types of digital
data transfer.
Digital data transfer can be managed either by voltage
modulation or current modulation. Both types have
advantages and disadvantages. Simple current modulation
allows a very cost-efficient design of the ECU as well as of
the wiring harness. Inside the ECU, the different currentlevels can be transferred into voltage levels using a single
pull-up resistor. For the connection to the sensor, a 2-wire
connection is used. Disadvantages include thermal powerdissipation in the sensor module, as well as a limited data
rate dominated by the pull-up resistor. Other current-based
transfer methods, such as Manchester-coded protocols,
require dedicated transceiver ICs, driving system costs up.
Voltage modulation has the advantage of allowing a variety of
protocols, beginning with simple PWM and moving to more
complex versions like SENT, which have higher data rates
than current modulation. Additionally, the ECU input can be
designed as a capture compare unit on a timer basis. The
main drawback of voltage modulation is that a wiring harness
with a 3-wire connection is mandatory. Further issues may
arise at EMC testing because most PWM drivers do not
include a slope rate control. Additionally, ESD protection is
low.
The LIN bus protocol combines all advantages described
above. As a two-wire interface, LIN helps save cost in the
wiring harness. LINs slew rate control in the transceiver
ICs supports excellent EMC performance, while LINs ESD
protection features allow robust system designs suitable forharsh environments. Finally, the high production volumes
Figure 1. Basic Current Interface Set-up
Figure 2. Basic Voltage Interface Set-up
In the comfort area:- Temperature sensors
- Solar altitude sensors
- Light sensors
- Humidity sensors
- Dew point sensors
In the powertrain area:- Position sensors
- Speed sensors
- Pressure sensors
- Knock sensors
7/27/2019 Atmel Autocompilation Vol7 Dec2010
17/48
Automotive Compilation Vol. 7 14
for LIN bus transceivers lead to very cost-efficient designs
compared to other protocols requiring transceiver ICs (e.g.,current-based transfer protocols).
The concept for the system design specifies a pull-up resistor
at the ECU level. This is required to control the current supply
for the LIN slave sensor through the data line. At the LIN
slave sensor, only a buffer capacitor is required. Depending
on the capacitor value, the data rate can be chosen up to 100
kbit/s. Supply voltage reduction provides an additional option
for influencing the data transmission speed. As the dominant
and recessive levels are referenced to the supply voltage,
a reduction of the supply voltage directly reduces the gap
between bus low and high level (the delta) to reach the
correspondent levels. A 2V supply voltage reduction leads to
an increase in the data transmission rate of roughly 15%.
Unfortunately, the supply voltage cannot be lowered in all
cases. The time portion of the bus-dominant level must also
be considered, as this state discharges the buffer capacity of
the LIN slave sensor
Sensor system design using LIN can be viewed as a three-
step process. First approaches to a discrete slave-node
design include a sensing element, a LIN system basis chip,
and a microcontroller for signal conditioning and protocol
handling. Atmel serves all integration levels with LINtransceivers, LIN system basis chips (SBCs), and LIN
system-in-package (SiP) devices. With SiP, the customer
benefits from the ultra low-power designs of Atmel AVR
microcontrollers with Atmel picoPower technology. As a
second step, the designs can be converted into single-chip,
multi-die SiP designs. This saves PCB space and allows the
engineer to include all electronics in the connector of the
sensor element. Finally, by integrating the sensor element
into the chip, and by implementing an intelligent state
machine, the engineer takes a further step toward advanced,
single-chip LIN sensor node designs.
In summary, LIN not only enhances the driving of cars
from the in-vehicle networking point of view, it also allows
the rumble change of the sensor area to a cost-efficient
and high-performing digital sub-system. Atmel offers all
necessary products regardless of the integration level of
LIN applications. To support low-power designs, the AVR
microcontroller with picoPower technology is key. In addition,
engineers can design the most robust and EMV-tolerant
systems with the leading-edge EMC and ESD performance of
LIN transceivers and SBCs from Atmel.
Special thanks to Daniel Yordanov and Keith Nicholson
for supporting me during the writing of this article.
Figure 3. LIN Interface Set-up Modified to Support the Current Supply of the LIN Sensor Slave
Figure 4. Bus Level States Bus Level States Depending on the Supply Voltage
Voltage
VCC
20
18
16
14
12
10
8
6
4
2
0
LINH
LINL
99%
98%
95%
86%
63%
UC
t
5432154321
Figure 5. Capacity Discharge Depending on the Bus-dominant State Time
7/27/2019 Atmel Autocompilation Vol7 Dec2010
18/48
2010 / www.atmel.com15
Key Fobs Today
Todays key fobs can be generally subdivided into two
different functional categories. The first includes Remote
Keyless Entry (RKE) devices which require some sort of
human intervention or a physical interface of the user to the
key fob (e.g., key push) in order for the fob to produce the
desired function effect such as unlocking a door or
opening a sunroof. The second group of devices
provides similar functionality but also features an
added level of comfort by performing the same
function without physical intervention by the user.
Instead of the push button or touch sensor interface,
a Passive Entry (PE) identifies the user (and the
key fob) as a legitimate entity and automatically triggers
authentication or issues a request (e.g., passive door unlock,
trunk release, etc.).
Both systems are based on a preprogrammed key fob device
ID and authentication protocols which include an encryption
stage for authorizing the issue of key fob commands to the
vehicle. In this way the key can be identified by the vehicle
and vice versa before any action is executed. All RKE-based
systems require key fobs to support RF links which fall into
Industrial, Scientific and Medical (ISM) frequency bands(i.e., 0 - 135kHz, 13.56MHz, 315/433MHz, 869MHz, and
915MHz). However, for a PE system the LF downlink is
used by the key fob to compute a Received Signal Strength
Indicator (RSSI) value and thus the fobs physical coordinates
in relation to the vehicle while the RF link is used to execute
the authentication protocol with the vehicle. RKE and PE
system fobs are designed to be powered by a small coin
battery intended to last for the life of the vehicle.
Moreover, all key fobs support engine immobilizer system
authentication. To prevent theft every automobile uses an
immobilizer system which authenticates engine starts. In
this case the key fob acts as a passive authentication tag
similar to the RFID tag but with a larger feature set. Most
automotive key fobs use Near Field Communication (NFC)
transponders which communicate with the engine controller.
The transponder is integrated into the key and is a passive
device. It does not need a battery for operation, but instead
uses a magnetic field generated by the LF vehicle coil. It alsotransmits the device ID and executes a special immobilizer
Atmel has Introduced Next-Generation Transceiver
and Receiver Devices with Configurable Options
DesigningNext-GenerationKey FobsPaul Lepek
7/27/2019 Atmel Autocompilation Vol7 Dec2010
19/48
Automotive Compilation Vol. 7 16
protocol for its authentication but all communication takes
place via an LF field generated by the vehicle.
Expanding Fob Applications
Originally key fobs were designed for only one purpose:
to unlock the door and start the engine with the metal
key. Later, RKE devices were used to remotely (HF
field) unlock the door. The integrated contactless passive
transponder (LF field) then unlocked the steering column
and enabled the engine start.
Only more recently fobs began to penetrate convenience,
general utilities, secure communications, and secure access
ID applications (even extending to payment systems and
e-ticketing). These functions were not developed before
due to a lack of hardware and software resources, primarily
because of the fobs physical size and power consumption.
Recently, however, it has become possible to overcome
these shortcomings by incorporating much larger user and
program memories, and the use of faster, more compact,
and ultra-low power processors without increasing the
cost of production. Additionally, the integration of flexible,
reconfigurable, and secure authentication peripherals can
be made feasible. These types of peripherals include crypto
units, secure key management features, and integration
of smart cards useful for payment, user ID, and cipher-
based authentication systems. An automotive key fob cantherefore be used not only to interact with the vehicle but
also to gain entry to a park garage, ski lift or to purchase
train tickets. This can deliver considerable benefits when
goods are purchased using one of the major credit card
networks. The secure user memory can also be used to
store personal and secure information as personal data ID
and provide transit information for e-ticketing.
System-in-fob Hardware Resources
Ultra-low-power 8-bit microcontroller
Large Flash program and EEPROM data memory
(memory segmentation with locks)
RF communication interfaces
- Infrared (IrDA) IF
- Immobilizer IF at 125kHz
- Passive entry IF at 125kHz (RX only)- Smart card IF at 13.5MHz
- RKE IF at 315, 413, 868, 915MHz
(frequency hopping)
Power management (optional battery charge)
Hardware cryptological unit (AES-128)
Integrated proximity coupling smart card (ISO 14443)
Cyclic Redundancy Check (CRC) block
Serial interfaces (SPI, SSI)
ISP/debug (dW)
Analog comparator
Flexible GP timers and WDT
Oscillators: RTC, INTRC (125kHz, 4MHz)
Class Immobilizer1
Batttery/
Recharge2
Physical Interface 3
(Button, Touch, etc.) Passive
(Entry/Go)
Accessories
Personalization
Settings
Time/
Data Logging
in Fob4Remote
Start
Remote Entry Accessories
Basic x - - - - - x x
RKE (std.) x x/ x - - - x
RKE (ext.) x x/x x - x - x x
PE (std.) x x/x x x x x/x x
PE (ext.) x x/x x x x x/x x x
Table 1 Key Fob Features Today
1Immobilizer support includes secure fob and vehicle authentication via the LF field using an integrated LF transponder.
2The fob includes a built-in battery with the option of recharging the battery via the LF field.
3Remote Start and Remote Entry are controlled via RF uni- or bi-directional link. Control of accessories can either be done using RF or IrDA links.
4 Data can be logged such as time stamp data, last device ID, last vehicle service date, and much more either via LF or RF links.
7/27/2019 Atmel Autocompilation Vol7 Dec2010
20/48
2010 / www.atmel.com17
The heart of a modern key is an ultra-low power
microcontroller with sufficient program and data memories.
Typical program memory can range from 8KB to 16KB
and beyond with its data memory ranging from 1KB to
2KB depending on application requirements. Because of
secure application support, the key fobs program and data
memories must have provisions for memory segmentation
and locks in both memory blocks. For example, the
application firmware resident in program memory can be
divided into separate memory sectors (e.g., application and
immobilizer sections). Also data memory may have its own
partitioning which can allow for soft and hard memory locks
when it comes to releasing user-sensitive device-stored
data (e.g., authorization password or secure key). Whilethe microcontroller core executes application firmware, the
secure user and key data is stored in the on-chip nonvolatile
memories (EEPROM).
The core uses various wireless communication peripheral
interfaces to communicate with the infrared transceiver
(IrDA), the LF transponder (125kHz), the 3D LF receiver
(125kHz), the smart card (13.5MHz) and the RKE
transceiver (315, 413, 868, 915MHz). Flexible serial
interfaces can be shared such as SPI or Serial Synchronous
Interface (SSI) to enable data exchange with every
communication peripheral. A hardware data integrity check
module, based on a Cyclic Redundancy Check (CRC)
checksum algorithm, supports validation of received data.
A unique feature of the immobilizer transponder interface
is that it is closely bound to the power management unit
which is used to provide power supply voltage, VDD
, while
exchanging LF data with the immobilizer in passive mode.
In this mode all other communication with the key fob is
disabled to support batteryless operation. Some key fobs may
also support the battery charge feature which is integrated
into the power management module for recharging the
battery with the engine running.
While in secure smart card mode the device can also
operate in passive mode and exchange as well as encrypt
and decrypt proprietary data using its own crypto module
with the reader at FC
= 13.5MHz. It can use its own device
memory or the fobs internal nonvolatile memory.
Integrated crypto modules can support many different cipher
algorithmsthe most popular being the 256-bit block cipher
known as the Advanced Encryption Standard (AES) based
on the Rijndael algorithm which can be used with a 128-bit,
196-bit or 256-bit secret key.
The fob must also contain analog peripherals such as internal
oscillators where F = 125 kHz and 4 MHz to generate its
internal clock signals used for the transponder front end and
the microcontroller core, respectively, with low frequency
deviation across VDD and temperature. The supplied analog
comparator can facilitate detection of VDD drops and prevent
data corruption during nonvolatile data memory writes in
passive mode.
Wireless Data Communication Interfaces
An entry/immobilizer system consists of at least two
communication partners where one side is on the vehicle
and the other on the key fob. Depending on the link type,
there are several possible communication interfaces available,
including:
1. IrDA link for convenience and comfort applications
2. PE/PEG link to enter and start engine, including LF
downlinks and UHF uplinks
3. Immobilizer link to start engine and emergency vehicle
entry, including LF down- and uplinks
4. Chip card as user ID, authorization, authentication at pay
stations, including HF down- and uplinks
5. RKE as entry authentication, including UHF down- and
uplinks
Watchdog
Timer
Clock
Management
& Monitoring
SRC -
Oscillator
RTCEEPROM/
2KB
Atmel AVR - Core
PM - Flash
14kB
debug -
WIRE
POR / BOD &
RESET
SPI
IO-Ports
3D LF-
Receiver
Volt. Monitor
IR- Driver
Timer Block
SRAM
512B
ECIN
Contactless
Interface/
Transponder
FRC -OscillatorPower
Management
Crypto Unit
Serial IFCRC
RF
TX/TRX
Module
Smart
Card
Data Mem.
Secure
EEPROM
.
PM ROM
2kB
Contactless
Interface/
SmartCard
Figure 1. Fob Floor Plan
7/27/2019 Atmel Autocompilation Vol7 Dec2010
21/48
Automotive Compilation Vol. 7 18
The summary of the communication channels and a brief
overview is shown in table 2.
Secure and Reconfigurable Firmware
Application firmware which supports the complete
functionality and feature set is the fundamental building block
of the key fob. It may consist of many different modules and
must encompass all functional and likely operating scenarios,
including battery failure which comprises emergency or
passive operation mode. To improve reliability it is a common
practice to keep both application and immobilizer programs
separate and in two distinct program spaces. While the
immobilizer firmware supports distinct engine starts, the
application software controls all other fob functionalities
including RKE, convenience or user-ID applications. The
immobilizer/emergency functionality is required to take
priority over any other function, which is the equivalent of an
override which suspends any function currently in progress
when the LF field is detected at the transponder LF coil.Figure 2 depicts a flow diagram and interaction between
application and immobilizer firmware.
All data communication is fully supported in the fobs
firmware. Various communication protocols includingunilateral, bilateral for immobilizer, PE/PEG and RKE systems
can be fully configured by the application software. Based on
Application Standard Link Type FC
Modulation Anti-
collision
Data
Encoding
BR [Baud] Range Average
Current
PE/PEG Custom 3D LF
downlink
0 -
130kHz
ASK x PIE 3.9k 3 - 5m 2 - 20A
UHF uplink 315, 433,
868,
915MHz
ASK/FSK - Manchester,
Biphase
Up to 80k 30 - 120m 8 - 20mA
Immobilizer/Emergency
Entry
ISO14223/Custom
LF downlink 0 -130kHz
ASK - PIE 3.1 -8.9k 2 - 10cm 40 - 260A
LF uplink ASK Manchester 4.4k
Chip Card ISO14443
ISO15693
ISO18000
HF
downlink
13.56MHz ASK/PSK x PIE, Miller,
NRZ
Up to 20k 5 - 20cm 20 - 120a
HF uplink ASK/BPSK Manchester,
NRZ
RKE Custom UHF
downlink
315, 433,
868,
915MHz
ASK/FSK/
PSK
x Manchester,
Biphase
Up to 80k 30 - 120m 8 - 20mA
UHF uplink
Table 2 Modern Key Fob Communication Links Overview
VBAT=1 & VFLD=0
(Start-up)
RKE
APPLICATION SW
MODULE
VBAT=0 & VFLD=1
(Start-up)
Enter RKE Mode
Enter IMMO. Mode
VFLD?
No
IMMOBILIZER
APPLICATIONSW
MODULE
VFLD?
YesNo
Yes
Figure 2. Immobilizer and Application Firmware Interaction Flow Chart
7/27/2019 Atmel Autocompilation Vol7 Dec2010
22/48
2010 / www.atmel.com19
protocol topology, the application software controls dedicated
peripherals by enabling them, and reading data during RXphases, and writing data during TX phases of the protocol as
soft triggers (e.g., immobilizer and PE applications) or hard
triggers (e.g., RKE or IrDA applications using a push button
interface).
A major advantage of a next-generation key fob is its in-field
programmability, which can be very helpful in the event of a
firmware or user data upgrade or programming. The fob can
be initially configured using its dedicated general-purpose
software via the LF field while the final test is performed at
the factory. The user data can be added later by the Tier1
or OEM without modifying the original configuration. Even
while in the field the fobs can be reprogrammed with new
application and user data via one of the communication
interfaces at a later date. Of course, in this case only a single
functionality can be enabled while using memory locks to
provide security. This is especially useful when used as a pay
token in e-commerce or e-ticketing environments.
Transponder LF Field Coupling
Transponder-to-base-station coupling still remains the most
challenging aspect for key fobs. The proper transponder
coupling can be achieved when sufficient energy is
transferred from the base station to the transponder for the
transponder to communicate with the base station. During
design, the L-C tank must be carefully selected for optimum
energy and communication performance. Figure 4 shows a
typical transponder coupling at 125kHz vs. operating distance
from the base station coil5.
Figure 5 shows one complete challenge-response
authentication protocol which could be used in a passive
automotive immobilizer application. The LF field voltage
(green) is enabled for 160ms. The field is damped (2.2V)
during RX state and then switched to the undamped
level (6V) during TX state. The charge storage capacitor
voltage (yellow) which provides VDD
to the transponder is
immediately charged to 2.2V during the RX data stage. The
transponder encrypts (AES-128) received plain text data
(128-bit challenge) and transmits the response. In many
immobilizer systems the system authentication time is a
major concern. To minimize authentication time, the number
of bits transmitted can be reduced without compromising
system security. It is common for authentication time
TAUT
< 130ms at BR = ~3.9kBaud.
0.00%
1.00%
2.00%
3.00%
4.00%
5.00%
6.00%
7.00%
8.00%
9.00%
0 0.02 0.04 0.06 0.08
Couplingfactor[%]
Lr=Rehfeld, Lt=2.45mH
Lr=Rehfeld, Lt=5.1mH
Lr=738uH, Lt=2.45mH
Lr=738uH, Lt=5.1mH
Distance d [m]
Figure 4. Immobili zer Coupling
Figure 5. Immobilizer Protocol Execution Scope Shot/Power Analysis
Application Layer
Protocol/Session Layer
Physical Drivers
API, Configuration
Data I/O
Transport/Link Layer
A
bstractionLevel
Figure 3. Software Partitioning as a Bottom-up Approach
Software Model
Resources
5 Assumes the fob coil is placed in the center of the base station coil where the coupling is best
Coupling Factors for Immobilizer System
7/27/2019 Atmel Autocompilation Vol7 Dec2010
23/48
Automotive Compilation Vol. 7 20
Figure 6 shows field voltage and VCC traces as the key fob
is energized by the field and begins to receive a BPLM data
stream. Field gaps are visible which separate field On interval
which is decoded by the fob using a dedicated hardware
peripheral. The fobs microcontroller is in sleep mode 95% of
the time to save power consumption.
RF Communication Links
Both RKE and PE/PEG systems utilize HF communications
links. In comparison to LF links, HF links are superior in their
operating range (up to several hundred meters) and baud
rate (up to 80kBaud can be achieved). RF transceivers
currently available on the market use N-fractional PLL
frequency tuning techniques where the carrier frequency
can be selected in firmware by the MCU. Some devices allow
large tuning frequency variations, permitting more design
flexibility. The transceivers operating range remains a key
performance parameter. To extend operating range, it is
common for the transmitter power to be as high as 12.5dBm
and the receiver sensitivity to be less than -100dBm.
Antenna design is also a determining factor providing
additional performance gain. Although whip antennas add
additional performance gain, small loop antennas printed on
the PCB are usually chosen for use in automotive key fobs.
Power consumption is another critical factor on the receiver
as well as on the transmitter side. Power consumption can be
reduced by selecting higher data baud rates. Choosing ASK
modulation tends to lower operating current since the power
amplifier is momentarily disabled during modulation.
Table 3 shows some typical RF transceiver parameters.
A snapshot of the transmitter spectrum taken at 433MHz
during transmission of an RKE message to the vehicle is
shown in Figure 7. The transmitter carrier frequency, thespan, power output, and device setting are configured using
the serial interface by shifting configuration data (in this case
the 32-bit configuration word) into the RF transmitter via the
MCU when the user presses the open-door button.
References:
1. ISO 14223 Advanced Transponders Standard
2. ISO 10536 Close Coupling Smart Cards Standard
3. ISO 14443 Proximity Coupling Smart Cards Standard
4. ISO 15693 Vicinity Coupling Smart Cards Standard
5. ISO 18000 Item Management Standard
Sensitivity
Antenna
Gain POUT
Average
Current
Receiver -109dBm -6dB - ~6 - 8mA
Transmitter - -18dB 10dBm ~9 - 10mA
Figure 6. Transponder at Power-up
Table 3 RF Transceiver Parameters
Figure 7. RF TX Spectrum at 433MHz
7/27/2019 Atmel Autocompilation Vol7 Dec2010
24/48
2010 / www.atmel.com21
Capacitive Proximity Detection in the
Automotive IndustryLuben Hristov
There has been a steady rise in demand for proximity
detection sensors in automotive applications which reliably
detect the presence of objects near the sensor surface
without physical contact and the number of possible
proximity detection applications is countless:
Door entry control: detecting a hand approaching the
door handle to initiate the car unlocking process
Illuminating and waking up the touchscreen when a
hand approaches the screen surface
Switching interior car lights on/off when the hand is
near the sensor
Detection of simple spatial gestures to switch devices
on/off
Sensing the presence of large objects around the car
during parking
Many different proximity detection methods exist, for
example, capacitive, infrared, ultrasonic, optical, etc. Forthe 5mm to 300mm proximity detection range, capacitive
sensing has many advantages compared to other methods:
excellent reliability, simple mechanical design, low-power
consumption, and low cost base. This article describes
capacitive proximity detection technology from Atmel.
Atmel is a leading touch solutions manufacturer with many
years of experience in this field. The companys capacitive
sensors are based on charge-transfer technologya method
pioneered by Atmel where voltage is generated on the
sampling capacitor during the repetition of a specific control
sequence applied over the I/O pins. Atmel currently holds
multiple patents in the area of charge-transfer technology
for self-capacitance sensors (Atmel QTouch) and mutual-
capacitance sensors (Atmel QMatrix). The Atmel charge-
transfer technology delivers key benefits to the user and
offers advantages compared to other capacitive measuring
methods: increased flexibility, very high sensitivity,
excellent moisture resistance, and noise immunity.
QTouch and QMatrix technologies have been implemented in
multiple touch controllers supporting touch buttons, sliders,
wheels as well as touchscreens. Proximity detection support
is also available with some of the standard products. Atmel isnow developing and manufacturing new proximity algorithms
7/27/2019 Atmel Autocompilation Vol7 Dec2010
25/48
Automotive Compilation Vol. 7 22
Figure 1. Active Shielding of Proximity Sensor
to increase sensitivity to support finger or hand detection
ranges of up to 200mm and more. The release of standard
products and software library modules is being planned for
2011 and 2012.
Capacitive proximity sensors measure the capacitance
change between the single electrode and ground (self-
capacitance sensors) or between two electrodes (mutual
capacitance sensors) as objects approach electrodes.
While constant capacitance is between 10pF to 300pF, the
capacitance changes are typically extremely small, ranging
from a few fF to several pF. Since the electrical field lines
around the self-capacitance sensors spread far away from
the sensing electrode, self capacitance is the preferred
proximity detection method over mutual capacitance where
field lines are largely concentrated in the area between the
transmitting and receiving electrodes.
Characteristics of Capacitive Proximity
Sensors For Automotive Applications:
High sensitivity: Detecting small changes in the
measured capacitance requires increased and stable
sensitivity. Special measures should be taken to reduce
negative effects on sensitivity caused by capacitive
loading, especially if the sensing electrode is placed on
a conductive surface (metal plane, car body, etc.). An
active shield layer is used to reduce the negative effectof capacitive loading between the electrode and the
conductive surface as shown in Figure 1. Please refer tothe Atmel application note about using active shields athttp://www.atmel.com/dyn/resources/prod_documents/an-
kd02_103-touch_secrets.pdf, page 7. A further advantage of
active shields is their neutralizing effect on water films.
Moisture resistivity: Moisture-induced changes in the
measured signals can be more significant than changes
from approaching objects. Water film on the surface is one
of the biggest problems for capacitive solutions. Water films
are more or less conductive and create a change of the
measured signals that is similar to normal touch events.
There are mainly two ways to handle effects caused by
water films:
1. Use of active shields (described above)
2. Shorter charge transfer time the water film could be
utilized as a distributed RC circuit (as shown in Figure
2). Reduced charge transfer pulses will prevent full
charging of the distributed capacitors C and hence
reduce the impact of the water films. Best results can
be obtained if the charge transfer time is in the range
of 100ns to 250ns. A proper mechanical design of the
sense area and the use of the appropriate materials
prevent the emergence of thick water films on the
sensing area.
Temperature stability: In automotive applications extreme
and rapid temperature changes may occur at any time.
Special care should be taken with regards to a stable
mechanical design even the smallest gap changes near
the conductive surfaces may cause false detection.
Noise immunity: Due to the high sensitivity, noise
interference could compromise normal operation of the
proximity sensor. The electrical and mechanical design of
the PCB should be carried out to avoid noise interference
caused by adjacent cables or conductive surfaces.
Fast response time: The expected response time isusually between 10ms and 100ms
Figure 2. A Water Film Acting as a Distributed RC Circuit
7/27/2019 Atmel Autocompilation Vol7 Dec2010
26/48
2010 / www.atmel.com23
The following sections provide more detailed scenarios ofautomotive capacitive proximity detection.
Door Entry System
One example of capacitive proximity detection is in car
door entry systems (see Figure 3). The proximity sensor
that detects hand approaches is located within the car door
handle (1). Once object proximity has been detected, the
main unit (2) sends a wake-up signal via the LF antenna
(3) which activates the car key transmitter (4). The car
key transmitter then exchanges information with the RFID
receiver (5) and if the code matches the main control unit(2) the door is unlocked. The entire process of proximity
detection and ID recognition takes a fraction of a second.
This means when the hand pulls the door handle, the door is
already unlocked.
The advantage of using proximity detection rather than touch
detection in door entry systems is the extended time to
identify a person. As a result, the door lock state will always
be resolved before the door handle is pulled.
Spatial Gestures to Switch
Devices On/Off
The simultaneous use of two or more capacitive proximity
sensors enables simple spatial gestures such as hand waving
in front of the device to be detected. Figure 4 shows a simple
example of such a system to switch lights on/off inside the
car a wave of the hand in front of the light in one direction
causes the light to switch on, a wave of the hand in the
opposite direction switches it off. The system is able to
analyze the signals from the proximity sensors and to decide
whether to switch the lamp on or off.
There are many different options available for designing
sensing electrodes inside a light from using thin copper
wires to conductive polymers that can be applied directly
over the plastic.
Conclusions
Implementation of capacitive proximity sensors in
automotive applications paves the way to a broad range
of comfort applications
Moisture and rapid temperature changes are the main
challenges for capacitive proximity sensors used in
automotive systems. These challenges can be overcome
by utilizing the most recent innovations in capacitive
sensing technology from Atmel.
Figure 3. Door Entry System with Proximity Detection
Figure 4. Spatial Gestures for Switching Devices On/Off Inside the Car
7/27/2019 Atmel Autocompilation Vol7 Dec2010
27/48
Automotive Compilation Vol. 7 24
Global warming has now become the main talking point of
our era, and electric or hybrid vehicles provide an excellent
way of saving fuel and reducing CO2
emissions. However,
electric and full hybrid vehicles have one particular Achilles
heel, which is the capacity of the battery and therefore
the limited range of these vehicles. The maximum battery
size that can be installed in a vehicle is limited because of
its volume and weight, making it all the more important to
make optimum use of the battery capacity that is available. In
order to provide the several hundred volts that are needed
in modern high-performance batteries for electric vehicles,
several individual battery cells are connected in series. Each
cell in a battery pack such as this differs from the others,
e.g. in terms of cell capacity, self-discharge rate, different
temperature characteristics and cell impedance differences
that are intensified by the ageing effect of the battery. When
the cells are being charged, this leads to a situation whereby
some cells have not yet received their maximum possible
charge, but other cells are already fully charged. Unless
additional measures are taken the charging procedure has
to be aborted, since individual cells would otherwise be
overcharged, which would damage or possibly even destroy
the battery cells. The situation is similar with regard to
discharging. Whereas individual cells are already discharged,
others still contain enough energy to continue powering the
vehicle (in theory). However, the vehicle must not continue
to be driven, since the weaker cells would otherwise be over-
discharged, which would lead to the destruction of these
cells. In order to avoid all of this, active balancing between the
individual battery cells is required.
Passive Methods Convert Valuable
Energy Into Heat Loss
The method that is most widely used at present is passive
balancing, in which cells that are already fully charged are
discharged again using a resistor so that the other cells can
continue to be charged. The disadvantages of this method are
obvious:
Cells can only be discharged for the purpose of balancing
The discharge current causes power loss in the bypass
resistor
Valuable energy is converted into heat and is no longer
available for powering the vehicle
The range of the vehicle is reduced
While the passive balancing method only converts the energy
that is stored in the cells into heat loss, active balancing
enables to transfer the charge from one cell to another.
There are several ways of achieving this charge transfer, e.g.
using switched capacitors or inductors. When the capacitive
method is used, a capacitor is connected in parallel with the
cell with the higher voltage. Once this has been charged, it is
connected in parallel with the cell with the lower voltage and
can charge it up. This procedure is repeated until the same
voltage is present at both cells.
The method that uses capacitors is extremely cost-effective,
but has the disadvantage that the average balancing current
is limited to less than 50mA. This limitation does not exist
Extendingthe Rangeof E-vehicleswith Li-ionBatteriesUsing Active
BalancingClaus Mochel
7/27/2019 Atmel Autocompilation Vol7 Dec2010
28/48
2010 / www.atmel.com25
with the inductive method, and in this case it is easily
possible to have balancing currents of 1A or more.
Active Balancing Method for Rapid and
Almost Loss-free Charge TransferActive balancing is realized by connecting an inductive
resistor in parallel with the cell from which the charge is to be
taken. This results in a constant increase in the current flow in
the coil.
Once the coil has been decoupled from the cell that is being
discharged via a transistor, the energy stored in the cell can
charge the neighboring cell via a diode. It is therefore possible
to move charges to and fro between the individual cells
extremely efficiently and almost loss-free. This method
has some decisive advantages:
Balancing currents of 1A and more are possible
Balancing is essentially loss-free
Balancing is extremely rapid
The efficiency and the capacity of the battery are
increased
The range of the vehicle is increased
Compared to the other methods that have been mentioned,
implementing an active balancing method using inductive
resistors is not exactly low-cost because of the relatively
high cost of the inductive resistor component. However, this
is not really a problem. A
modern high-performance
battery currently costs
approximately USD
$10,000 Even if onlygaining an extra 10% of
capacity using the inductive
balancing method, this
represents a value of
USD $1,000 an amount
for which a considerable
number of inductive
resistors can be purchased.
Individual cell monitoring
is required for Li-ion batteries for safety reasons, since these
cells burn when they are overloaded, and can even explode
in extreme cases. As well as the overvoltage, undervoltageand temperature monitoring that is required, additional
functions such as precise charge condition determination are
needed. A component is now available on the semiconductor
market with which both these functions and also the
different balancing methods can be realized. With the Atmel
ATA6870, each cell has individual electronic monitoring
in order to provide functions such as state-of-charge
determination, active/passive balancing or overvoltage,
undervoltage and temperature monitoring.
PMOS
NMOS
MBATn+2
Zelle n+1
Zelle n
RIN CIN
CSHUFFLE
RPD
DISCHn-+1
MBATn+1
DISCHn
MBATn
PMOS
NMOS
MBATn+2
Zelle n+1
Zelle n
RIN CIN
CSHUFFLE
RPD
DISCHn-+1
MBATn+1
DISCHn
MBATn
Figure 2. Active Balancing Capacitors
ell n-1
Cell n1
2
1 = Discharging a cell
2 = Charging a neighboring cell
DISCH4
MBAT4
DISCH5
MBAT5
DISCH6
MBAT6
MBAT7
DISCH3
MBAT3
DISCH2
MBAT2
DISCH1
MBAT1
Figure 1. Passive Balancing Using Resistors
Figure 3. Active Balancing
Using Inductors
7/27/2019 Atmel Autocompilation Vol7 Dec2010
29/48
Automotive Compilation Vol. 7 26
Measurement Data Recording andActive Balancing for Li-ion Battery
Systems
The heart of the Atmel ATA6870 consists of six high-
precision 12-bit AD converters. Each cell is monitored by
a separate AD converter, which has several advantages.
On the one hand, all cells can be measured simultaneously,
and on the other hand the cell voltage does not have to
be transferred analog to ground, which would reduce
the accuracy of the system. As well as providing efficientbalancing, another prerequisite for making optimum use
of the cell capacity is precise recording of the cell voltage
because of the extremely flat characteristic curve of Li-ion
battery cells. The ATA6870 therefore transfers the digital
voltage value to ground without loss of accuracy after
analog/digital conversion. As well as the six high-precision
AD converters for measuring cell voltage, the ATA6870
is the worlds only device with the possibility of achieving
both passive balancing and active balancing between the
individual cells using capacitors or inductive resistors in
high-performance batteries with up to 300 cells or more
connected in series. In order to prevent the balancing from
taking an extremely long time because of the large number
of cells, balancing can be carried out simultaneously on
any number of cells with the ATA6870. With the aid of this
circuit it is now possible to develop low-cost, efficient and
safe battery management systems that can squeeze the last
Coulomb out of a battery due to extremely precise recording
of the charge status of the individual cells and the efficiency
of the balancing method that is used, and make it availablefor driving operation. This is another step that increases
the range of electric vehicles and plug-in hybrid vehicles
and therefore contributes to the triumphant march of these
vehicles.
Cell 1
Reference
ADC
Charge Transfer
Cell 6
Reference
ADC
Charge Transfer
Standby
Current Supply
3.3V Internal
Voltage Regulator
3.3V
Voltage Regulator
Cell Temperature
Measurement
DigitalLevel
Converter
Logic
Microcontroller
Communications
Bus
Microcontroller
Interface
Dig
italLevel
Converter
DigitalLevel
Converter
Figure 4. Block Diagram of the Atmel ATA6870 Li-ion Battery Management IC
7/27/2019 Atmel Autocompilation Vol7 Dec2010
30/48
2010 / www.atmel.com2727
Concerns about global warming, along with resulting stringent legal provisions for
reduction of vehicle CO2
emissions, are driving an additional challenge for energy
management: micro-hybrids. These cars save fuel by switching off the combustion
engine when stopping (for example, at a traffic light) and then automatically
restarting the motor when the driver wants to continue. The primary issue with
such an engine is that the vehicles starting capability must be guaranteed under
all circumstances. Otherwise, traffic chaos is bound to develop, given the growing
number of vehicles of this kind on city streets. With the advent of micro-hybrids,
reliable battery diagnosis and modern vehicle energy management become all
the more important.
The core of such an energy management system is an intelligent battery sensor
(IBS) to constantly monitor the charge and discharge currents, the battery
voltage, and the temperature. The resulting data is used to determine the
batterys load and state-of-charge and for distributing power within the car.
Priority is given to critical functions such as engine start-up. Furthermore, the
sensor calculates the batterys state-of-health (SoH) and alerts the driver when
battery lifetime is expiring in order to avoid car malfunction or breakdown. With
IBS information, engineers can also reduce fuel consumption and resulting CO2
emissions. This is done by tailoring the charging cycles depending on the required
current for the various loads and the energy available from the generator. In
cars without an IBS energy management system, the generator must provide a
continuous electrical charge for the battery while the motor is running; with such
a system, the generator can be disconnected from the battery when the battery
charge is sufficient and the vehicles engine is under heavy load.
PrecisionBatteryMonitors forStandard LeadAcid Batteries
Ensure EngineStart-upClaus Mochel
Today, one in three car breakdowns
is related to the vehicles electronic
equipment. Today, high-end cars
incorporate up to 65 electronic control
units (ECUs), compared to only 10
ECUs in 1995. Battery monitoring is
one of the most important current ECU
applications, since 60% of breakdowns
caused by electronic devices are
caused by defective or empty
batteries.
Batteries now face many challenges
for energy management. Formerly,
the batterys main task was to provide
high-power output for a short time
to enable engine start-up. This has
changed dramatically, Today, the
battery must provide continuous
power to the large number of
electronic devices inside the car. This
function can be problematic in winter,
when battery capability is reduced
through cold temperatures and high
energy consumption due to loads such
as electrical seat heating. In addition,
driving in slow traffic means that the
car generator provides limited energy
to charge the lead acid battery.
7/27/2019 Atmel Autocompilation Vol7 Dec2010
31/48
Automotive Compilation Vol. 7 28
Atmel has provided initial models of a microcontroller
perfectly matching the requirements of an advanced IBS
system. The device is based on the well-known Atmel
AVR microcontroller core in Atmel products, with additional
mathematical extensions adapted to the requirements of
battery management systems. The circuit has two 16-bit
- analog-to-digital converters (ADCs) with synchronous
sampling; the accuracy of these two ADCs is due to a very
precise 5ppm/K reference voltage with special second-order
temperature compensation. The first ADC is dedicated to
current measurement and has a large dynamic range. Using
a 100Ohm shunt resistor, currents from 1mA up to 1500A
can be measured due to a programmable gain amplifier
(PGA) at the input of the ADC. The second ADC is dedicated
to system temperature determination and monitoring of thevoltage of the lead acid battery. The temperature can be
measured using either the ICs in-built temperature sensor
or an external sensor. The measurement of battery voltage
measurement is particularly interesting. This measurement
requires an extremely precise resistor divider, which is
integrated into the device. As a special feature, the divider
can be connected directly to the battery pole to