Atmel Autocompilation Vol7 Dec2010

7/27/2019 Atmel Autocompilation Vol7 Dec2010

1/48

Automotive

CompilationVolume 7 December 2010


2/48


3/48

Contents

Table of Contents

Configurable RF Architecture Gives EngineersGreater Design Flexibility 1

Design and Security Considerations for PassiveImmobilizer Systems 3

Automotive LIN Bus Driving Sensor Applications 12

Designing Next Generation Key Fobs 15

Capacitive Proximity Detection in the AutomotiveIndustry 21

Extending the Range of E-vehicles with Li-ionBatteries Using Active Balancing 24

Precision Battery Monitors for Standard Lead AcidBatteries Ensure Engine Start-up 27

DC and BLDC Motor Control ICs 29

EMC Synonym for Exasperating, Magic, Confusing? 36

EMC Pulse Immunity System-level Tests 41


4/48

2010 / www.atmel.com1

usefully employ a Power Amplifier

(PA) with reserve capacity, which can

be trimmed in output power level to

provide the maximum allowable outputin accordance with local regulatory

requirements. Further benefit can be

obtained from a PA whose output

impedance can be trimmed to optimize

the antenna match. Range and

reliability gains on the receive side can

be enhanced through proper selection

of sensitivity-related parameters,

such as RF carrier frequency, sub-

channels, modulation, data rate, and IF

bandwidth.

Flexibility for the design engineer

is also gained through access to a

receiver in which these parameters are

available as a programmable option.

Atmel has introduced next-generation

transceiver and receiver devices

with these configurable options.

For example, the Atmel ATA5830transceiver and Atmel ATA5780

receiver can accommodate automotive

applications such as RKE, PKE, TPMS,

In the automotive environment, RF-

enabled sub-systems continue to

evolve and proliferate. Such systems

include Tire Pressure Monitoring

Systems (TPMS), which are mainly

unidirectional on a single RF channel at

relatively high data rates; Remote Start

(RS) systems, which are generally

bidirectional on single or multiple

RF channels at relatively low data

rates; Passive Keyless Entry (PKE)

and Remote Keyless Entry (RKE)

applications, which are unidirectional

on single or multiple RF channels at

moderate data rates. TPMS uses both

On Off Keyed (OOK) and Frequency

Shift Keyed (FSK) modulation, RS uses

OOK only, and RKE uses either OOK

or FSK. To accommodate such multiple

systems and applications, automotive

RF semiconductor devices must

possess flexible as well as configurable

architectures. The need for architectural

flexibility, combined with customer

expectations of high performance,

improved range, and reliability, is driving

the next generation of RF IC designs.

Beginning with range and reliability,improvements here are easier to

realize when the transmit path has

programmable parameters. One can

and RS. The devices also support all

automotive bands: 310 to 318MHz,

418 to 477MHz, and 836 to 928MHz

and use one device and a single crystal

frequency.

These two devices are also designed

for architectural flexibility. A dual-

LNA architecture with two separate

input pins natively supports multi-

band applications using one single

IC, PCB, and bill of materials (BOM).

Additionally, dual-parallel demodulation

paths support simultaneous ASK and

FSK sensing capability. These features

accommodate multiple polling schemes

including TPMS, RS and up to three

RKE channels, and can be configured

to support RF protocols across multiple

frequency bands, modulation schemes,

and data rates.

To implement the vast array of

configurable content in both Atmel

devices, the desired configuration

settings are stored in the built-in

EEPROM and automatically applied to

Atmel Has Introduced Next-Generation TransceiverAnd Receiver Devices With Configurable Options

ConfigurableRF Architecture GivesEngineers Greater DesignFlexibility

Ahmad Chaudhry and Jim Goings


5/48

Automotive Compilation Vol. 7 2

the device on power-up. This enables

autonomous (stand-alone) operation

and polling for incoming signals from

multiple RF systems with differing RF

carrier frequency bands, modulation

formats, and data rates. Stand-alone

operation allows an external controller

to sleep while the device polls,

validates start of frame, and checks for

proper transmitter ID data. The device

only wakes the controller when a validmessage is detected. This is critical to

reducing Ignition Off Draw (IOD) in

vehicle-mounted applications and to

extending battery life in handheld fob

applications.

Atmel devices also have some other

enhancements which simplify design

and reduce BOM cost. The Atmel

ATA5830 transceiver device, for

example, has an embedded Atmel

AVR microcontroller on the same

silicon die. The microcontrollerincludes 6kByte of Flash and a

24kByte ROM library of user-

accessible firmware, making it

possible to develop an entire

application using just one single IC.Both the ATA5830 transceiver and

the Atmel ATA5780 receiver are also

highly integrated, requiring very few

external components. The application

circuits (see Figures 1 and 2) show

a standard implementation of each

device. For a typical application, the

ATA5830 transceiver only requires 10

external elements and the ATA5780

only six external elements. Both

devices are packaged in a 5 x 5mm,

32-pin QFN package.

In conclusion, the

newest generation

of configurable Atmel

RF semiconductor

devices provides the

design flexibility needed

for rapidly evolving

automotive RF-enabledsubsystems

32

(Optional)ATA5830

Atmel

31 30 29 28 27 26 25

9 10 11 12 13 14 15

VS = 3V

16

24PB2RFIN

_LB

RFIN_HB

SPDT_RX

SPDT_ANT

SPDT_TX

RF_OUT

ANT_TUNE

VS_PA

PB1

PB0

PC5

PC4

PC3PC2

PC1

PC0

VS

AVCC

XTAL2

XTAL1

TEST

EN

DGND

DVCC

ATEST

101

TEST

102

AGN

D

PB7

PB6

PB5

PB4

PB3

23

22

21

20

19

18

17

1

1

3

4

5

6

7

8

_

_ _

Elements

Inductor

Capacitor

1 single crystal for 3

different frequency rangesCrystal

Number

2 (3)

7 (9) 3 (5) for matching

4 for Blocking

1

Comments

Matching

l

I

i

i l l

il

i

l i

i

l

I

i

i l l

il

i

l i

i

32

ATA5780

Atmel

31 30 29 28 27 26 25

9 10 11 12 13 14 15

VS = 4.5v to 5.5v

16

24MOSIRFIN

_LB

RFIN_HB

SPDT_RX

SPDT_ANT

N.C

N.C

N.C

N.C

SCK

CLK_OUT

NSS

MOSI

MISO

SCK

NRESET

NPWRON

1NPWRON2

TRPA

NPWRON3TMDO

NPWRON4

NPWRON5TRPB

VS

AVC

C

XTAL

2

XTAL

1

TES

T

E

N

DGND

DVCC

ATEST

101

TEST

102

AGND

RX

_Active

LEDO

NPWRONG

IRQ

NSS

PWPON

LED1

MISO

23

22

21

20

19

18

17

1

1

3

4

5

6

7

8

_

_ _

Elements

Inductor

Capacitor

1 single crystal for 3

different frequency rangesCrystal

Number

1

4 1 for matching

3 for Blocking

1

Comments

Matching

Microcontroller

Atmel Devices Also Have Enhancements Which

Simplify Design and Reduce BOM Cost

Figure 2. Atmel ATA5780 Receiver Application Circuit

Figure 1. Atmel ATA5830 Transceiver Application Circuit


6/48


Design and SecurityConsiderations for PassiveImmobilizer SystemsJim Goings, Toby Prescott, Michael Hahnen, Karl Militzer

For years, consumers have come to rely on the convenience and added security that

a passive vehicle immobilizer system offers These systems consist of a key fob, carriedby the driver, and a base station, mounted in the vehicle They work together to

determine if the driver is authorized to start the vehicle Of equal or greater importance

is the systems ability to prevent unauthorized sources from using the vehicle While

top-level functionality of a vehicle immobilizer is simple to describe, the underlying

technology enabling it is intriguing and sophisticated This article will explore both

the hardware and software aspects of vehicle immobilizer systems as well as offer

noteworthy comments on design and security considerations

Communication

The prevailing method of communication between key fob

and vehicle in passive vehicle immobilizer systems today

is with a modulated magnetic field. This field is created by

the vehicles immobilizer base station from a low frequency

alternating current, typically 125kHz. The magnetic field

serves three fundamental purposes: A) the power source for

the key fob, hence the term passive, B) a carrier on which

information from the base station to key fob is conveyed, e.g.

downlink, C) a carrier on which information from the key

fob to the base station is conveyed, e.g. uplink.

Characteristics of magnetic fields that are of particular appeal

for a vehicle immobilizer system pertain most to the key fobs

need to operate completely passively, e.g. without a battery.

Downlink field detection and uplink field modulation

can both be achieved using circuitry that consumes very

little current. Furthermore, harnessing sufficient field energy

to power these circuits in the key fob electronics can be

achieved with relative ease.

During the system design phase, care must be taken to

carefully consider key performance parameters such as key

fob energy requirements, which affect

antenna coil geometries and drive levels, and the

authentication process, which has a direct impact on response

time. The sections that follow will address these topics ingreater detail.

System Interfaces

The system architecture of a vehicle immobilizer has several

layers of abstraction, each representing different system

interfaces. Figure 1 provides a visual representation of these

layers.

The Physical Layer

A t the lowest level of a vehicle immobilizer system is the

physical layer. It consists of a vehicle-mounted antenna coil

capable of creating a magnetic field of sufficient magnitude

to enable its detection and modulation by an antenna coil

mounted in the users key fob.

Figure 1. Vehicle Immobilizer Interface Layers

Crytographic

Protocol

Logical

Physical


7/48


Field Generation and Modulation

Vehicle immobilizer systems can be classified in one of two

different ways based on how the magnetic field is used

to support the transfer data: half duplex or full duplex. In

a half-duplex system, the vehicle-mounted antenna coil

alternates between periods of energy transfer and data

transfer. Uplink data (e.g., fob to vehicle) is modulated using

Frequency Shift Keying (FSK). A graphical representation of

this communication method is shown in Figure 2. Two points

should be intuitively obvious from viewing Figure 2. First, the

rate of data transfer suffers from a significant compromise

due to the recurring need to perform the energy transfer,

e.g., charge up the key fob. Second, the modulated signal isvery small compared to the field present during the energy

transfer period, making it more susceptible to interference

from ambient noise which results in reduced range. These

characteristics have caused the popularity of half-duplex

systems to wane.

The dominant system in use today is the full-duplex system

in which the vehicle-mounted antenna coil performs energy

transfer AND data transfer simultaneously. Uplink data is

modulated using Amplitude Shift Keying (ASK). A graphical

Magnetic Field Charges Key Fob

FSK Key Fob Return Frequency (red)

FSK Key Fob Return Frequency 0(blue)Figure 2. Half-duplex Communication Using FSK


8/48


representation of this communication method is shown in

Figure 3. Clearly, the ability to simultaneously transfer data

while keeping the key fob energized, or charged, provides

the design engineer a significant data transfer rate advantage

over half-duplex systems. Additionally, the constant carrierfield tends to mask out interferences and enables robust

communication during the data transfer. Furthermore, this

approach can be realized using simple envelope detection

circuitry. Because of the popularity of the full-duplex vehicle

immobilizer system in the market place today, the rest of this

document will focus on this type of system.

System Interfaces: the Logical Layer

The next layer above the physical layer is the logical layer.

This layer captures the characteristics and requirements for

the coding and transfer of data across the magnetic field. It

applies to the bi-directional data transfer that takes place

from vehicle to key fob, commonly referred to as downlink,

as well as key fob to vehicle, also known as uplink.

Downlink

Downlink information is coded using Pulse Length

Modulation; typically Binary Pulse Length Modulation

(BPLM) or Quad Pulse Length Modulation (QPLM). This

method is based on inserting a carrier field gap, Tgap, of

fixed duration and setting the gap to gap timing intervals

to predetermined times; T0 for a logic 0 and T1 for a

logic 1. The advantage to this approach is that it embeds

energy transfer from vehicle to key fob into the data

encoding and ensures the key fob will be supplied enough

energy to process the encoded data. However, a side effectof this encoding method is that the data transfer baud rate

depends on the logical value of the data bit stream being

sent since the transmission times for each binary state are

different. See Figure 4 for a more detailed graphical depiction

of this coding method.

Figure 3. Full-duplex Communication Using ASK

1-bit value

0

1

BPLM bit frame example

LF-Field

LF-Field

12 x CLKFC

20 x CLKFC

Tgap

Tgap

Figure 4. BPLM Coding Method

Magnetic Field Charges Key Fob

ASK Key Fob Return Signal - Resistively Damped ( Green )

ASK Key Fob Return Signal - Undamped ( Black )


9/48


QPLM is a variation of BPLM that is sometimes used. With

this modulation, two bits are transmitted after one gap, and

therefore more power is available on the transponder side. In

addition, the average baud rate is higher compared to BPLM.

The coding method follows the same basic implementation

as BPLM, except the allowed number of states is extended

from two to four and the predetermined gap to gap timing

intervals are expanded to cover the additional states. See

Figure 5 for a visual representation of QPLM.

Uplink

Information communicated from the user fob to the vehicle

base station is typically encoded using Manchester or Bi-

phase. These encoding methods share several characteristics

that differ from the downlink: A) the encoded bit stream

always has an average duty cycle of 50%, B) the time

to send encoded data is based solely on the baud rate.

Both encoding techniques enable clock extraction from

the encoded data stream. This is possible because all time

durations in the coded bit stream are quantized to one of two

values; T or 2T, where T is what is referred to as a half bit.

Data rate is fixed by the relationship 1/(2T). Clock extraction

merely requires the detection of the minimum time duration

element, T, and synchronizing its phase with the coded bit

stream.

Protocol Layer

The protocol layer defines how individual data bits are

grouped to enable communication between the vehicle

base station and key fob. It defines how many bits and in

which order they are transmitted between the reader and

the transponder. As a simple analogy, this can be compared

to the rules governing the formation of sentences in using

words. The protocol layer would be like the sentence formed

from the logical layer which would be like the words. It forms

a fixed set of commands along with their allowable responses.

Authentication

Authentication is the term used to describe the process of

deciding whether the driver is authorized to start the vehicle.

The simplest form of this is called unilateral authentication.

In this case, the vehicle tests the key fob to determine

if it has been associated/learned to the vehicle. When an

additional step is added to this process, in which the key

attempts to test the vehicle to determine if it has been

associated with the key fob, it becomes bilateral or mutual

authentication. Clearly, this added step increases security

strength but comes at the expense of longer authentication

time.

2-bit value

00

01

QPLM bits frame example

LF-Field

18 x CLKFC

LF-Field

28 x CLKFC

10

11

LF-Field

40 x CLKFC

LF-Field

62 x CLKFC

Tgap

Tgap

Tgap

Tgap

Figure 5. QPLM Coding Method

0 0 1 1 0 1 0 0

Clock

Data

Manchester

Bi-phase

Figure 6. Manchester and Bi-phase Coding


10/48


Unilateral Authentication

Typically, the unilateral authentication protocol is initiated by

the vehicle and consists of the following steps:

1. Vehicle reads the key fobs unique ID (not to be

confused with the secret key)

2. Vehicle generates a random number challenge and

sends it to the key fob

3. Key fob encrypts the challenge (using the secret key)

and sends this response to the vehicle

4. Vehicle compares key fobs response with its calculated

response (using same key and challenge)

Note: The vehicle must posses the key fobs secret key to

enable the success of this transaction. The process of sharing

the secret key is called Key Learn and is described in the

next section.

Key Learn: Open/ Secure

The Key Learn Protocol is the process that is used to allow

the vehicle to establish a secret key and share it with the key

fob. Depending on the restrictions and safeguards placed on

the initiated Key Learn session by the vehicle, secret keys

can be shared openly or securely.

An open Key Learn process would typically consist of the

following steps, also shown in Figure 8:

1. Vehicle generates a secret key based on a random

number and proposes it to the key fob

2. Key fob accepts secret key, saves to memory, and

responds with an acknowledgment

3. Vehicle saves secret key to memory after successful

receipt of key fobs acknowledgement

If the Key Learn Protocol cant be protected from

eavesdroppers or unauthorized access to the vehicle, it maybe desirable to utilize a Secure Key Learn Process.

ID

Memory

Key

Memory

Key

Memory

ID

IDN

Y

N

Y

AES-128

(enc.)

Random Number

Challenge

Response

AES-128

(enc.)

Challenge

Response

Detection Header(optional)

4-bit Command

+ 4-bit CRC

8-bit Header+ 32-bit ID+ 8-bit CRC

8-bit Header+ M Response-bits

+ 8-bit CRC

8-bit Command

+ N Challenge-bit+ 8-bit CRC

LF-Field On

Read UID

Stop

Stop

Valid

=

OK, it is theright key

CarKey

OK?

Read UIDCommand

Start Authentication

Command

Figure 7. Unilateral Authentication

Unilateral Authentication Protocol


11/48


Key Memory

Key MemoryResponse ( Pass/Fail )

Secret Key

NY

Secret Key

Random Number

LF-Field On

StopPass =

Learn Secret

Key (1 or 2)

Cmd

Key Car


8-bit Header+8 bit Status+ 8-bit CRC

8-bit Command

+ 128 bit Key

+ 8-bit CRC

Figure 8. Open Key Learn

Bilateral or Quasi-mutual

Authentication

A more complex form of an authentication process is the

quasi-mutual or bilateral authentication. It is not a full

mutual authentication that is implemented in the Atmel

immobilizer system because it does not use random

generators on both sides of the system, the car and the

key. The implemented solution uses a MAC (Message

Authentication Code) to authenticate the car vis--vis the

key.

Again, the authentication protocol is initiated by the

vehicle and in case of a bilateral authentication consists

of the following steps as shown in Figure 9:

1. Vehicle reads the key fobs unique ID

2. Vehicle generates a random number challenge and

sends it to the key fob

3. Vehicle encrypts the random number and appends it

to the challenge

4. Key fob encrypts the challenge (using secret

key 1) and compares it with the received encrypted

challenge (MAC)

5. If the result matches, the key fob encrypts it (using

secret key 2) and sends this response to the vehicle

6. Vehicle compares key fobs response with its

calculated response (using same key and challenge)

Cryptographic Layer

The cryptographic layer provides the highest level of

encryption. It contains the mathematical function that

transforms a plain text message into a secret message.

Ideally, this function should have two properties:

1. Unique: For every plain text input, there must be a

unique secret text output

2. Unpredictable: It must not be possible to predict a

plain text to secret text pair, even if a large sample

of known good plain text to secret text pairs wasavailable for analysis

Open Key Learn 1/2


12/48


Public vs Private

For many years, private cryptographic algorithms were

commonplace. However, private algorithms have drawbacks:

A) uncertainty of algorithms strength, B) lack of being

subjected to critical peer review, C) potential wide-scale

security compromise should the algorithm be leaked to the

public. In recent years, several high-profile examples can be

cited that illustrate these weaknesses. Perhaps even more

compelling is the lack of interoperability in systems that share

the same physical and logical layers. This interferes with basic

competitive market forces and in many cases drives higher

system costs.

In an effort to address these concerns, public opinion has

shifted toward the acceptance of a public domain encryption

algorithm the Advanced Encryption Standard (or AES,

as it is more commonly referred to). Its origin comes from

the 1997 initiative at the National Institute of Standards and

Technology (NIST) to select a public-domain encryption

algorithm. Within a year, fifteen candidate algorithms

were identified and subjected to critical review by thecryptographic research community. This analysis included an

assessment of security and efficiency characteristics for each

algorithm. After trimming the list of candidates from fifteen to

four, NIST subjected them to a second round of public review

before finally selecting the AES algorithm in 2000.

AES, as we know it today, is a symmetrical block cipher that

combines a 128-bit plain text input with a 128-bit secret key

to create a 128-bit encrypted output. Due to its symmetrical

characteristics, AES can also be used in reverse to combine

the encrypted output with the secret key to find and extract

the original plain text input.

System Security Considerations

Attacks and Countermeasures

A common misconception held today is that the security of a

vehicle immobilizer system is established by the strength of

the encryption algorithm. While encryption algorithm strength

is important, it alone does not define the overall systems

resistance to attack. Each of the interface layers in the

immobilizer system, algorithmic, protocol, logical and physical,

contributes to the systems overall security and must bestudied and fortified against attack.

AES -128

encryption

AES -128

encryption

128-bit

Key 1

ID

memory

128-bit

Key 2

Random Number

ID

N

N

Y

Y

NY

Stop

AES-128

encryption

AES-128

encryption

128-bit

Key 1

128-bit

Key 2

Random Number

LF-Field On

ID

Read UID

Stop

Stop

Valid

=

=Ok, is it theright key,car match

Hiddenchallenge (HCH)

expanded to 128 bits

Start AuthenitcationCommand

Read UID CMDKey

OK?

Car

8-bit Header+ 32-bit ID+ 8-bit CRC


8-bit Header+ M bit {Resp}

+ 8-bit CRC

8-bit Command+ N bit RandN

+ M bit (RandN)

+ 8-bit CRC

4-bit Command

+ 4-bit CRC

Hiddenchallenge (HCH)

expanded to 128 bits

Ok, is it theright

car, continue

AES

Figure 9. Bilateral Authentication Protocol

Bilateral Authentication Protocol


13/48


Algorithmic Security and

Countermeasures

As noted earlier, it is imperative that the encryption algorithm

possess unique and unpredictable characteristics. In the case

of AES, the details of how the algorithm operates is freely

available to the public and as a result, it has been subject

to critical review by the research community. This, by far,

is the best countermeasure available. To date, scientific

studies have confirmed the algorithms strength as it has

withstood the test of time (over 10 years). However, in the

case of private algorithms, scientific analysis by the research

community was not possible, leaving the strength of these

algorithms in question. In fact, many have failed to withstand

the test of time and in recent years their weaknesses have

been exposed.

Protocol Security and Countermeasures

In systems using unilateral authentication, attacks on the

protocol layer are typically accomplished using scan or

dictionary methods. In a scan attack, the attacker

receives a challenge from the vehicle and returns random

values in response. If the protocol consisted of a 56-bit

response, then the bit security is 256 , i.e., it takes 256 trials to

get one valid challenge-response pair. To resist this type of

attack, the following measures can be considered:

Increasing the response bit length to add complexity

Having the vehicle embed exponentially growing time-

outs between consecutive unsuccessful trials

Having the vehicle block trials after a fixed number of

consecutive unsuccessful trials are attempted

In a dictionary attack, the attacker collects valid challenge

(from the attacker) response (from the key fob) pairs by

communicating directly with the transponder. These pairs are

placed in a look-up table or dictionary for future reference.

Equipped with this dictionary, the attacker then sequentially

triggers the vehicle for a challenge, which can be checked in

the dictionary for a valid response. If the protocol included a

100-bit response, one would need 251 trials to get one valid

challenge-response pair. The birthday paradox states that

after 2n/2 logged challenge-response pairs and

2n/2 trials, the probability of a valid result is 0.5. Using this,

it can be shown that the overall complexity of this attack is

2n/2+1 = 251. Countermeasures to consider in this case are:

Increasing the challenge bit length to add complexity

Implementing a bilateral authentication protocol

Physical/Logical Security and

Countermeasures

In recent years, attack methods have grown more

sophisticated. Side-channel attacks such as Simple Power

Analysis (SPA) and Differential Power Analysis (DPA) as

well as other invasive attacks have been successfully

applied to extract secret keys from key fobs. These so-

called side-channel attacks measure and evaluate the power

consumption of a cryptographic device and combine it with

knowledge of the plain text or cipher text in order to extract

an otherwise secret key. The theory underlying these

methods is quite sophisticated and beyond the scope of this

document. The strongest defense against the side-channel

attacks noted above are:

Randomization of clock frequency and operation Interleaving of digital control and the encryption

operation

Invasive attacks dwell on the physical implementation

of the encryption-related circuitry on the silicon die itself.

The best countermeasures are fairly simple to implement as

long as they are considered early in the design process. The

following are examples of steps that could be considered:

Metal shielding of memory blocks

Using non-standard synthesis libraries

Scrambling the location of critical digital elements used

during encryption

Restricting memory access and automatic chip-erase

function if attempted

System Performance Considerations

Current Consumption

System performance has different aspects. One is the power

consumption of the key fob. This parameter relates directly

to the achievable communication distance between keyfob and vehicle base station. Car manufacturers and Tier1

suppliers tend to emphasize the importance of the coupling

factor as a critical system parameter. However, it mainly

represents the relationship of the mechanical dimensions

between the key fobs antenna and the vehicle base stations

antenna. This parameter is only valid for a given system

configuration and depends on antenna inductance, Q-factor,

driver current, reader sensitivity, and ignition lock cylinder

material. Because of this, use of this parameter alone to

compare different systems is inadequate. Of equal if not more

importance than the coupling factor is current consumption,

especially given that the key side current consumption is a

limiting factor in a passive, batteryless environment where


14/48


the energy is harvested from a magnetic field and stored in

a small capacitor. By selecting system components designed

for extremely low power consumption and microcontrollers

capable of being programmed with well-balanced

software (putting the controller in sleep mode whenever

possible), the engineer is able to overcome earlier system

disadvantages requiring high coupling factors to compensate

for high current consumption in the key fob.

Authentication Response Time

Another important factor in immobilizer systems is the time

it takes from turning the key fob inserted inside the lock until

the engine starts. This time should be short enough to avoidthe drivers perception of a delay. Depending on mechanical

and electrical system design and how quick a person can

introduce and turn the key, an overall timing budget in the

range of 300ms to 500ms is typically available. A significant

part of this budget is consumed through mechanics and

overhead in the body control module. What remains is

between 100ms and 200ms for the authentication process. A

good compromise in terms of speed and security seems to be

a bilateral authentication with a challenge length of 100 bits

and a response length of 56 bits. In most systems this results

in a response time of under 100ms.

Error Handling

In case an authentication failed for whatever reason, todays

systems require the complete authentication cycle to restart

from the beginning and allowing a maximum of three retries

within a reasonable time. The retry strategy from Atmel

looks a bit different and enables the system to recover from

communication errors more quickly. All commands and

optionally the data are protected by a Cyclic Redundancy

Check (CRC). Both the key fob and the base station can

make use of the CRC to detect errors and signal these

conditions to their respective communication partner. This

enables the base station to be selective about the amountof repeated info, the last action, the last response, or the

last command. This feature enables quicker communication

recovery and more attempts at communication recovery

in the same amount of time (five-seven retries instead of

three).

SummaryBy selecting system components that meet the security

and performance expectations of the automotive market

place, and support a highly configurable and open-source

immobilizer software stack, the task of developing a robust

vehicle immobilizer system can be greatly simplified. As a

leader in automotive vehicle access solutions, Atmel offers

such a complete system solution consisting of both hardware

and software.

Key fob designs can be realized with the Atmel ATA5580 and

the Atmel ATA5795. These devices boast an LF front end, an

AES hardware block to perform fast and efficient encryptioncalculations, coupled with an Atmel AVR microcontroller that

has been optimized for extremely low current operation.

Both include programmable flash memory that can be used to

run the Atmel open immobilizer protocol or other customer-

specific software and are capable of completely passive

immobilizer operation.

A base station can be realized with the Atmel ATA5272. This

device integrates the LF base-station function with an AVR

microcontroller with 8K of programmable flash memory.

As a final complement to these devices, the open immobilizer

protocol software from Atmel is available to users at no

cost. It provides an unprecedented level of configurability

including many user selectable features enabling the dynamic

evaluation of system parametric tradeoffs and accelerates the

development and optimization process:

1. A logical layer with uplink and downlink baud rate, bit

encoding, and modulation depth

2. A protocol layer with challenge and response bit

lengths, unilateral or bilateral authentication, data field

CRC, two secret keys, secure or open Key Learn

3. A cryptographic layer with AES crypto clock speed from

125 kHz to 4 MHz on the fly


15/48


16/48


Sensor systems differ in many respects from other electronic

components of the car. The most important difference is

that sensors are mostly located outside the vehicle in harsh

environments where they are subject to changes in humidity,

temperature or pressure. In most cases, sensors also have

to be mounted in areas with very limited space and are

connected with a 2- or 3-wire harness.

The Applications for Sensors are as Diverse

as the Application Areas Themselves:

In the body control area:

- Pressure sensors

- Gyro sensors

A typical sensor node contains the sensing element itself, a

microcontroller for signal conditioning, and a transceiver for

signal transmission. As the length of the data line is often

more than 1m, the data transfer is dominated by analog

signal conditioning which has a portion of about 90%.

Analog signal conditioning does have some advantages.

It is compatible with previously existing mechanical or

electromechanical detection systems, and is also easy

to use and to plug in. Analog data can be provided in a

voltage range of, for example, 0 to 5V and the sensor can

then be monitored by an ADC port on a microcontroller

which converts the data into the digital domain. Generally,

however, requirements for sensor systems are increasing,

making analog signal conditioning less attractive. With ADC

resolutions up to 10 Bit, and the ability to indicate two

different types of failure modes by clamping the signal

voltage either to the lowest or to the highest voltage levels,

analog techniques have already reached the limits of their

performance and will be replaced by different types of digital

data transfer.

Digital data transfer can be managed either by voltage

modulation or current modulation. Both types have

advantages and disadvantages. Simple current modulation

allows a very cost-efficient design of the ECU as well as of

the wiring harness. Inside the ECU, the different currentlevels can be transferred into voltage levels using a single

pull-up resistor. For the connection to the sensor, a 2-wire

connection is used. Disadvantages include thermal powerdissipation in the sensor module, as well as a limited data

rate dominated by the pull-up resistor. Other current-based

transfer methods, such as Manchester-coded protocols,

require dedicated transceiver ICs, driving system costs up.

Voltage modulation has the advantage of allowing a variety of

protocols, beginning with simple PWM and moving to more

complex versions like SENT, which have higher data rates

than current modulation. Additionally, the ECU input can be

designed as a capture compare unit on a timer basis. The

main drawback of voltage modulation is that a wiring harness

with a 3-wire connection is mandatory. Further issues may

arise at EMC testing because most PWM drivers do not

include a slope rate control. Additionally, ESD protection is

low.

The LIN bus protocol combines all advantages described

above. As a two-wire interface, LIN helps save cost in the

wiring harness. LINs slew rate control in the transceiver

ICs supports excellent EMC performance, while LINs ESD

protection features allow robust system designs suitable forharsh environments. Finally, the high production volumes

Figure 1. Basic Current Interface Set-up

Figure 2. Basic Voltage Interface Set-up

In the comfort area:- Temperature sensors

- Solar altitude sensors

- Light sensors

- Humidity sensors

- Dew point sensors

In the powertrain area:- Position sensors

- Speed sensors

- Pressure sensors

- Knock sensors


17/48


for LIN bus transceivers lead to very cost-efficient designs

compared to other protocols requiring transceiver ICs (e.g.,current-based transfer protocols).

The concept for the system design specifies a pull-up resistor

at the ECU level. This is required to control the current supply

for the LIN slave sensor through the data line. At the LIN

slave sensor, only a buffer capacitor is required. Depending

on the capacitor value, the data rate can be chosen up to 100

kbit/s. Supply voltage reduction provides an additional option

for influencing the data transmission speed. As the dominant

and recessive levels are referenced to the supply voltage,

a reduction of the supply voltage directly reduces the gap

between bus low and high level (the delta) to reach the

correspondent levels. A 2V supply voltage reduction leads to

an increase in the data transmission rate of roughly 15%.

Unfortunately, the supply voltage cannot be lowered in all

cases. The time portion of the bus-dominant level must also

be considered, as this state discharges the buffer capacity of

the LIN slave sensor

Sensor system design using LIN can be viewed as a three-

step process. First approaches to a discrete slave-node

design include a sensing element, a LIN system basis chip,

and a microcontroller for signal conditioning and protocol

handling. Atmel serves all integration levels with LINtransceivers, LIN system basis chips (SBCs), and LIN

system-in-package (SiP) devices. With SiP, the customer

benefits from the ultra low-power designs of Atmel AVR

microcontrollers with Atmel picoPower technology. As a

second step, the designs can be converted into single-chip,

multi-die SiP designs. This saves PCB space and allows the

engineer to include all electronics in the connector of the

sensor element. Finally, by integrating the sensor element

into the chip, and by implementing an intelligent state

machine, the engineer takes a further step toward advanced,

single-chip LIN sensor node designs.

In summary, LIN not only enhances the driving of cars

from the in-vehicle networking point of view, it also allows

the rumble change of the sensor area to a cost-efficient

and high-performing digital sub-system. Atmel offers all

necessary products regardless of the integration level of

LIN applications. To support low-power designs, the AVR

microcontroller with picoPower technology is key. In addition,

engineers can design the most robust and EMV-tolerant

systems with the leading-edge EMC and ESD performance of

LIN transceivers and SBCs from Atmel.

Special thanks to Daniel Yordanov and Keith Nicholson

for supporting me during the writing of this article.

Figure 3. LIN Interface Set-up Modified to Support the Current Supply of the LIN Sensor Slave

Figure 4. Bus Level States Bus Level States Depending on the Supply Voltage

Voltage

VCC

20

18

16

14

12

10

8

6

4

2

0

LINH

LINL

99%

98%

95%

86%

63%

UC

t

5432154321

Figure 5. Capacity Discharge Depending on the Bus-dominant State Time


18/48


Key Fobs Today

Todays key fobs can be generally subdivided into two

different functional categories. The first includes Remote

Keyless Entry (RKE) devices which require some sort of

human intervention or a physical interface of the user to the

key fob (e.g., key push) in order for the fob to produce the

desired function effect such as unlocking a door or

opening a sunroof. The second group of devices

provides similar functionality but also features an

added level of comfort by performing the same

function without physical intervention by the user.

Instead of the push button or touch sensor interface,

a Passive Entry (PE) identifies the user (and the

key fob) as a legitimate entity and automatically triggers

authentication or issues a request (e.g., passive door unlock,

trunk release, etc.).

Both systems are based on a preprogrammed key fob device

ID and authentication protocols which include an encryption

stage for authorizing the issue of key fob commands to the

vehicle. In this way the key can be identified by the vehicle

and vice versa before any action is executed. All RKE-based

systems require key fobs to support RF links which fall into

Industrial, Scientific and Medical (ISM) frequency bands(i.e., 0 - 135kHz, 13.56MHz, 315/433MHz, 869MHz, and

915MHz). However, for a PE system the LF downlink is

used by the key fob to compute a Received Signal Strength

Indicator (RSSI) value and thus the fobs physical coordinates

in relation to the vehicle while the RF link is used to execute

the authentication protocol with the vehicle. RKE and PE

system fobs are designed to be powered by a small coin

battery intended to last for the life of the vehicle.

Moreover, all key fobs support engine immobilizer system

authentication. To prevent theft every automobile uses an

immobilizer system which authenticates engine starts. In

this case the key fob acts as a passive authentication tag

similar to the RFID tag but with a larger feature set. Most

automotive key fobs use Near Field Communication (NFC)

transponders which communicate with the engine controller.

The transponder is integrated into the key and is a passive

device. It does not need a battery for operation, but instead

uses a magnetic field generated by the LF vehicle coil. It alsotransmits the device ID and executes a special immobilizer

Atmel has Introduced Next-Generation Transceiver

and Receiver Devices with Configurable Options

DesigningNext-GenerationKey FobsPaul Lepek


19/48


protocol for its authentication but all communication takes

place via an LF field generated by the vehicle.

Expanding Fob Applications

Originally key fobs were designed for only one purpose:

to unlock the door and start the engine with the metal

key. Later, RKE devices were used to remotely (HF

field) unlock the door. The integrated contactless passive

transponder (LF field) then unlocked the steering column

and enabled the engine start.

Only more recently fobs began to penetrate convenience,

general utilities, secure communications, and secure access

ID applications (even extending to payment systems and

e-ticketing). These functions were not developed before

due to a lack of hardware and software resources, primarily

because of the fobs physical size and power consumption.

Recently, however, it has become possible to overcome

these shortcomings by incorporating much larger user and

program memories, and the use of faster, more compact,

and ultra-low power processors without increasing the

cost of production. Additionally, the integration of flexible,

reconfigurable, and secure authentication peripherals can

be made feasible. These types of peripherals include crypto

units, secure key management features, and integration

of smart cards useful for payment, user ID, and cipher-

based authentication systems. An automotive key fob cantherefore be used not only to interact with the vehicle but

also to gain entry to a park garage, ski lift or to purchase

train tickets. This can deliver considerable benefits when

goods are purchased using one of the major credit card

networks. The secure user memory can also be used to

store personal and secure information as personal data ID

and provide transit information for e-ticketing.

System-in-fob Hardware Resources

Ultra-low-power 8-bit microcontroller

Large Flash program and EEPROM data memory

(memory segmentation with locks)

RF communication interfaces

- Infrared (IrDA) IF

- Immobilizer IF at 125kHz

- Passive entry IF at 125kHz (RX only)- Smart card IF at 13.5MHz

- RKE IF at 315, 413, 868, 915MHz

(frequency hopping)

Power management (optional battery charge)

Hardware cryptological unit (AES-128)

Integrated proximity coupling smart card (ISO 14443)

Cyclic Redundancy Check (CRC) block

Serial interfaces (SPI, SSI)

ISP/debug (dW)

Analog comparator

Flexible GP timers and WDT

Oscillators: RTC, INTRC (125kHz, 4MHz)

Class Immobilizer1

Batttery/

Recharge2

Physical Interface 3

(Button, Touch, etc.) Passive

(Entry/Go)

Accessories

Personalization

Settings

Time/

Data Logging

in Fob4Remote

Start

Remote Entry Accessories

Basic x - - - - - x x

RKE (std.) x x/ x - - - x

RKE (ext.) x x/x x - x - x x

PE (std.) x x/x x x x x/x x

PE (ext.) x x/x x x x x/x x x

Table 1 Key Fob Features Today

1Immobilizer support includes secure fob and vehicle authentication via the LF field using an integrated LF transponder.

2The fob includes a built-in battery with the option of recharging the battery via the LF field.

3Remote Start and Remote Entry are controlled via RF uni- or bi-directional link. Control of accessories can either be done using RF or IrDA links.

4 Data can be logged such as time stamp data, last device ID, last vehicle service date, and much more either via LF or RF links.


20/48


The heart of a modern key is an ultra-low power

microcontroller with sufficient program and data memories.

Typical program memory can range from 8KB to 16KB

and beyond with its data memory ranging from 1KB to

2KB depending on application requirements. Because of

secure application support, the key fobs program and data

memories must have provisions for memory segmentation

and locks in both memory blocks. For example, the

application firmware resident in program memory can be

divided into separate memory sectors (e.g., application and

immobilizer sections). Also data memory may have its own

partitioning which can allow for soft and hard memory locks

when it comes to releasing user-sensitive device-stored

data (e.g., authorization password or secure key). Whilethe microcontroller core executes application firmware, the

secure user and key data is stored in the on-chip nonvolatile

memories (EEPROM).

The core uses various wireless communication peripheral

interfaces to communicate with the infrared transceiver

(IrDA), the LF transponder (125kHz), the 3D LF receiver

(125kHz), the smart card (13.5MHz) and the RKE

transceiver (315, 413, 868, 915MHz). Flexible serial

interfaces can be shared such as SPI or Serial Synchronous

Interface (SSI) to enable data exchange with every

communication peripheral. A hardware data integrity check

module, based on a Cyclic Redundancy Check (CRC)

checksum algorithm, supports validation of received data.

A unique feature of the immobilizer transponder interface

is that it is closely bound to the power management unit

which is used to provide power supply voltage, VDD

, while

exchanging LF data with the immobilizer in passive mode.

In this mode all other communication with the key fob is

disabled to support batteryless operation. Some key fobs may

also support the battery charge feature which is integrated

into the power management module for recharging the

battery with the engine running.

While in secure smart card mode the device can also

operate in passive mode and exchange as well as encrypt

and decrypt proprietary data using its own crypto module

with the reader at FC

= 13.5MHz. It can use its own device

memory or the fobs internal nonvolatile memory.

Integrated crypto modules can support many different cipher

algorithmsthe most popular being the 256-bit block cipher

known as the Advanced Encryption Standard (AES) based

on the Rijndael algorithm which can be used with a 128-bit,

196-bit or 256-bit secret key.

The fob must also contain analog peripherals such as internal

oscillators where F = 125 kHz and 4 MHz to generate its

internal clock signals used for the transponder front end and

the microcontroller core, respectively, with low frequency

deviation across VDD and temperature. The supplied analog

comparator can facilitate detection of VDD drops and prevent

data corruption during nonvolatile data memory writes in

passive mode.

Wireless Data Communication Interfaces

An entry/immobilizer system consists of at least two

communication partners where one side is on the vehicle

and the other on the key fob. Depending on the link type,

there are several possible communication interfaces available,

including:

1. IrDA link for convenience and comfort applications

2. PE/PEG link to enter and start engine, including LF

downlinks and UHF uplinks

3. Immobilizer link to start engine and emergency vehicle

entry, including LF down- and uplinks

4. Chip card as user ID, authorization, authentication at pay

stations, including HF down- and uplinks

5. RKE as entry authentication, including UHF down- and

uplinks

Watchdog

Timer

Clock

Management

& Monitoring

SRC -

Oscillator

RTCEEPROM/

2KB

Atmel AVR - Core

PM - Flash

14kB

debug -

WIRE

POR / BOD &

RESET

SPI

IO-Ports

3D LF-

Receiver

Volt. Monitor

IR- Driver

Timer Block

SRAM

512B

ECIN

Contactless

Interface/

Transponder

FRC -OscillatorPower

Management

Crypto Unit

Serial IFCRC

RF

TX/TRX

Module

Smart

Card

Data Mem.

Secure

EEPROM

.

PM ROM

2kB

Contactless

Interface/

SmartCard

Figure 1. Fob Floor Plan


21/48


The summary of the communication channels and a brief

overview is shown in table 2.

Secure and Reconfigurable Firmware

Application firmware which supports the complete

functionality and feature set is the fundamental building block

of the key fob. It may consist of many different modules and

must encompass all functional and likely operating scenarios,

including battery failure which comprises emergency or

passive operation mode. To improve reliability it is a common

practice to keep both application and immobilizer programs

separate and in two distinct program spaces. While the

immobilizer firmware supports distinct engine starts, the

application software controls all other fob functionalities

including RKE, convenience or user-ID applications. The

immobilizer/emergency functionality is required to take

priority over any other function, which is the equivalent of an

override which suspends any function currently in progress

when the LF field is detected at the transponder LF coil.Figure 2 depicts a flow diagram and interaction between

application and immobilizer firmware.

All data communication is fully supported in the fobs

firmware. Various communication protocols includingunilateral, bilateral for immobilizer, PE/PEG and RKE systems

can be fully configured by the application software. Based on

Application Standard Link Type FC

Modulation Anti-

collision

Data

Encoding

BR [Baud] Range Average

Current

PE/PEG Custom 3D LF

downlink

0 -

130kHz

ASK x PIE 3.9k 3 - 5m 2 - 20A

UHF uplink 315, 433,

868,

915MHz

ASK/FSK - Manchester,

Biphase

Up to 80k 30 - 120m 8 - 20mA

Immobilizer/Emergency

Entry

ISO14223/Custom

LF downlink 0 -130kHz

ASK - PIE 3.1 -8.9k 2 - 10cm 40 - 260A

LF uplink ASK Manchester 4.4k

Chip Card ISO14443

ISO15693

ISO18000

HF

downlink

13.56MHz ASK/PSK x PIE, Miller,

NRZ

Up to 20k 5 - 20cm 20 - 120a

HF uplink ASK/BPSK Manchester,

NRZ

RKE Custom UHF

downlink

315, 433,

868,

915MHz

ASK/FSK/

PSK

x Manchester,

Biphase

Up to 80k 30 - 120m 8 - 20mA

UHF uplink

Table 2 Modern Key Fob Communication Links Overview

VBAT=1 & VFLD=0

(Start-up)

RKE

APPLICATION SW

MODULE

VBAT=0 & VFLD=1

(Start-up)

Enter RKE Mode

Enter IMMO. Mode

VFLD?

No

IMMOBILIZER

APPLICATIONSW

MODULE

VFLD?

YesNo

Yes

Figure 2. Immobilizer and Application Firmware Interaction Flow Chart


22/48


protocol topology, the application software controls dedicated

peripherals by enabling them, and reading data during RXphases, and writing data during TX phases of the protocol as

soft triggers (e.g., immobilizer and PE applications) or hard

triggers (e.g., RKE or IrDA applications using a push button

interface).

A major advantage of a next-generation key fob is its in-field

programmability, which can be very helpful in the event of a

firmware or user data upgrade or programming. The fob can

be initially configured using its dedicated general-purpose

software via the LF field while the final test is performed at

the factory. The user data can be added later by the Tier1

or OEM without modifying the original configuration. Even

while in the field the fobs can be reprogrammed with new

application and user data via one of the communication

interfaces at a later date. Of course, in this case only a single

functionality can be enabled while using memory locks to

provide security. This is especially useful when used as a pay

token in e-commerce or e-ticketing environments.

Transponder LF Field Coupling

Transponder-to-base-station coupling still remains the most

challenging aspect for key fobs. The proper transponder

coupling can be achieved when sufficient energy is

transferred from the base station to the transponder for the

transponder to communicate with the base station. During

design, the L-C tank must be carefully selected for optimum

energy and communication performance. Figure 4 shows a

typical transponder coupling at 125kHz vs. operating distance

from the base station coil5.

Figure 5 shows one complete challenge-response

authentication protocol which could be used in a passive

automotive immobilizer application. The LF field voltage

(green) is enabled for 160ms. The field is damped (2.2V)

during RX state and then switched to the undamped

level (6V) during TX state. The charge storage capacitor

voltage (yellow) which provides VDD

to the transponder is

immediately charged to 2.2V during the RX data stage. The

transponder encrypts (AES-128) received plain text data

(128-bit challenge) and transmits the response. In many

immobilizer systems the system authentication time is a

major concern. To minimize authentication time, the number

of bits transmitted can be reduced without compromising

system security. It is common for authentication time

TAUT

< 130ms at BR = ~3.9kBaud.

0.00%

1.00%

2.00%

3.00%

4.00%

5.00%

6.00%

7.00%

8.00%

9.00%

0 0.02 0.04 0.06 0.08

Couplingfactor[%]

Lr=Rehfeld, Lt=2.45mH

Lr=Rehfeld, Lt=5.1mH

Lr=738uH, Lt=2.45mH

Lr=738uH, Lt=5.1mH

Distance d [m]

Figure 4. Immobili zer Coupling

Figure 5. Immobilizer Protocol Execution Scope Shot/Power Analysis

Application Layer

Protocol/Session Layer

Physical Drivers

API, Configuration

Data I/O

Transport/Link Layer

A

bstractionLevel

Figure 3. Software Partitioning as a Bottom-up Approach

Software Model

Resources

5 Assumes the fob coil is placed in the center of the base station coil where the coupling is best

Coupling Factors for Immobilizer System


23/48


Figure 6 shows field voltage and VCC traces as the key fob

is energized by the field and begins to receive a BPLM data

stream. Field gaps are visible which separate field On interval

which is decoded by the fob using a dedicated hardware

peripheral. The fobs microcontroller is in sleep mode 95% of

the time to save power consumption.

RF Communication Links

Both RKE and PE/PEG systems utilize HF communications

links. In comparison to LF links, HF links are superior in their

operating range (up to several hundred meters) and baud

rate (up to 80kBaud can be achieved). RF transceivers

currently available on the market use N-fractional PLL

frequency tuning techniques where the carrier frequency

can be selected in firmware by the MCU. Some devices allow

large tuning frequency variations, permitting more design

flexibility. The transceivers operating range remains a key

performance parameter. To extend operating range, it is

common for the transmitter power to be as high as 12.5dBm

and the receiver sensitivity to be less than -100dBm.

Antenna design is also a determining factor providing

additional performance gain. Although whip antennas add

additional performance gain, small loop antennas printed on

the PCB are usually chosen for use in automotive key fobs.

Power consumption is another critical factor on the receiver

as well as on the transmitter side. Power consumption can be

reduced by selecting higher data baud rates. Choosing ASK

modulation tends to lower operating current since the power

amplifier is momentarily disabled during modulation.

Table 3 shows some typical RF transceiver parameters.

A snapshot of the transmitter spectrum taken at 433MHz

during transmission of an RKE message to the vehicle is

shown in Figure 7. The transmitter carrier frequency, thespan, power output, and device setting are configured using

the serial interface by shifting configuration data (in this case

the 32-bit configuration word) into the RF transmitter via the

MCU when the user presses the open-door button.

References:

1. ISO 14223 Advanced Transponders Standard

2. ISO 10536 Close Coupling Smart Cards Standard

3. ISO 14443 Proximity Coupling Smart Cards Standard

4. ISO 15693 Vicinity Coupling Smart Cards Standard

5. ISO 18000 Item Management Standard

Sensitivity

Antenna

Gain POUT

Average

Current

Receiver -109dBm -6dB - ~6 - 8mA

Transmitter - -18dB 10dBm ~9 - 10mA

Figure 6. Transponder at Power-up

Table 3 RF Transceiver Parameters

Figure 7. RF TX Spectrum at 433MHz


24/48


Capacitive Proximity Detection in the

Automotive IndustryLuben Hristov

There has been a steady rise in demand for proximity

detection sensors in automotive applications which reliably

detect the presence of objects near the sensor surface

without physical contact and the number of possible

proximity detection applications is countless:

Door entry control: detecting a hand approaching the

door handle to initiate the car unlocking process

Illuminating and waking up the touchscreen when a

hand approaches the screen surface

Switching interior car lights on/off when the hand is

near the sensor

Detection of simple spatial gestures to switch devices

on/off

Sensing the presence of large objects around the car

during parking

Many different proximity detection methods exist, for

example, capacitive, infrared, ultrasonic, optical, etc. Forthe 5mm to 300mm proximity detection range, capacitive

sensing has many advantages compared to other methods:

excellent reliability, simple mechanical design, low-power

consumption, and low cost base. This article describes

capacitive proximity detection technology from Atmel.

Atmel is a leading touch solutions manufacturer with many

years of experience in this field. The companys capacitive

sensors are based on charge-transfer technologya method

pioneered by Atmel where voltage is generated on the

sampling capacitor during the repetition of a specific control

sequence applied over the I/O pins. Atmel currently holds

multiple patents in the area of charge-transfer technology

for self-capacitance sensors (Atmel QTouch) and mutual-

capacitance sensors (Atmel QMatrix). The Atmel charge-

transfer technology delivers key benefits to the user and

offers advantages compared to other capacitive measuring

methods: increased flexibility, very high sensitivity,

excellent moisture resistance, and noise immunity.

QTouch and QMatrix technologies have been implemented in

multiple touch controllers supporting touch buttons, sliders,

wheels as well as touchscreens. Proximity detection support

is also available with some of the standard products. Atmel isnow developing and manufacturing new proximity algorithms


25/48


Figure 1. Active Shielding of Proximity Sensor

to increase sensitivity to support finger or hand detection

ranges of up to 200mm and more. The release of standard

products and software library modules is being planned for

2011 and 2012.

Capacitive proximity sensors measure the capacitance

change between the single electrode and ground (self-

capacitance sensors) or between two electrodes (mutual

capacitance sensors) as objects approach electrodes.

While constant capacitance is between 10pF to 300pF, the

capacitance changes are typically extremely small, ranging

from a few fF to several pF. Since the electrical field lines

around the self-capacitance sensors spread far away from

the sensing electrode, self capacitance is the preferred

proximity detection method over mutual capacitance where

field lines are largely concentrated in the area between the

transmitting and receiving electrodes.

Characteristics of Capacitive Proximity

Sensors For Automotive Applications:

High sensitivity: Detecting small changes in the

measured capacitance requires increased and stable

sensitivity. Special measures should be taken to reduce

negative effects on sensitivity caused by capacitive

loading, especially if the sensing electrode is placed on

a conductive surface (metal plane, car body, etc.). An

active shield layer is used to reduce the negative effectof capacitive loading between the electrode and the

conductive surface as shown in Figure 1. Please refer tothe Atmel application note about using active shields athttp://www.atmel.com/dyn/resources/prod_documents/an-

kd02_103-touch_secrets.pdf, page 7. A further advantage of

active shields is their neutralizing effect on water films.

Moisture resistivity: Moisture-induced changes in the

measured signals can be more significant than changes

from approaching objects. Water film on the surface is one

of the biggest problems for capacitive solutions. Water films

are more or less conductive and create a change of the

measured signals that is similar to normal touch events.

There are mainly two ways to handle effects caused by

water films:

1. Use of active shields (described above)

2. Shorter charge transfer time the water film could be

utilized as a distributed RC circuit (as shown in Figure

2). Reduced charge transfer pulses will prevent full

charging of the distributed capacitors C and hence

reduce the impact of the water films. Best results can

be obtained if the charge transfer time is in the range

of 100ns to 250ns. A proper mechanical design of the

sense area and the use of the appropriate materials

prevent the emergence of thick water films on the

sensing area.

Temperature stability: In automotive applications extreme

and rapid temperature changes may occur at any time.

Special care should be taken with regards to a stable

mechanical design even the smallest gap changes near

the conductive surfaces may cause false detection.

Noise immunity: Due to the high sensitivity, noise

interference could compromise normal operation of the

proximity sensor. The electrical and mechanical design of

the PCB should be carried out to avoid noise interference

caused by adjacent cables or conductive surfaces.

Fast response time: The expected response time isusually between 10ms and 100ms

Figure 2. A Water Film Acting as a Distributed RC Circuit


26/48


The following sections provide more detailed scenarios ofautomotive capacitive proximity detection.

Door Entry System

One example of capacitive proximity detection is in car

door entry systems (see Figure 3). The proximity sensor

that detects hand approaches is located within the car door

handle (1). Once object proximity has been detected, the

main unit (2) sends a wake-up signal via the LF antenna

(3) which activates the car key transmitter (4). The car

key transmitter then exchanges information with the RFID

receiver (5) and if the code matches the main control unit(2) the door is unlocked. The entire process of proximity

detection and ID recognition takes a fraction of a second.

This means when the hand pulls the door handle, the door is

already unlocked.

The advantage of using proximity detection rather than touch

detection in door entry systems is the extended time to

identify a person. As a result, the door lock state will always

be resolved before the door handle is pulled.

Spatial Gestures to Switch

Devices On/Off

The simultaneous use of two or more capacitive proximity

sensors enables simple spatial gestures such as hand waving

in front of the device to be detected. Figure 4 shows a simple

example of such a system to switch lights on/off inside the

car a wave of the hand in front of the light in one direction

causes the light to switch on, a wave of the hand in the

opposite direction switches it off. The system is able to

analyze the signals from the proximity sensors and to decide

whether to switch the lamp on or off.

There are many different options available for designing

sensing electrodes inside a light from using thin copper

wires to conductive polymers that can be applied directly

over the plastic.

Conclusions

Implementation of capacitive proximity sensors in

automotive applications paves the way to a broad range

of comfort applications

Moisture and rapid temperature changes are the main

challenges for capacitive proximity sensors used in

automotive systems. These challenges can be overcome

by utilizing the most recent innovations in capacitive

sensing technology from Atmel.

Figure 3. Door Entry System with Proximity Detection

Figure 4. Spatial Gestures for Switching Devices On/Off Inside the Car


27/48


Global warming has now become the main talking point of

our era, and electric or hybrid vehicles provide an excellent

way of saving fuel and reducing CO2

emissions. However,

electric and full hybrid vehicles have one particular Achilles

heel, which is the capacity of the battery and therefore

the limited range of these vehicles. The maximum battery

size that can be installed in a vehicle is limited because of

its volume and weight, making it all the more important to

make optimum use of the battery capacity that is available. In

order to provide the several hundred volts that are needed

in modern high-performance batteries for electric vehicles,

several individual battery cells are connected in series. Each

cell in a battery pack such as this differs from the others,

e.g. in terms of cell capacity, self-discharge rate, different

temperature characteristics and cell impedance differences

that are intensified by the ageing effect of the battery. When

the cells are being charged, this leads to a situation whereby

some cells have not yet received their maximum possible

charge, but other cells are already fully charged. Unless

additional measures are taken the charging procedure has

to be aborted, since individual cells would otherwise be

overcharged, which would damage or possibly even destroy

the battery cells. The situation is similar with regard to

discharging. Whereas individual cells are already discharged,

others still contain enough energy to continue powering the

vehicle (in theory). However, the vehicle must not continue

to be driven, since the weaker cells would otherwise be over-

discharged, which would lead to the destruction of these

cells. In order to avoid all of this, active balancing between the

individual battery cells is required.

Passive Methods Convert Valuable

Energy Into Heat Loss

The method that is most widely used at present is passive

balancing, in which cells that are already fully charged are

discharged again using a resistor so that the other cells can

continue to be charged. The disadvantages of this method are

obvious:

Cells can only be discharged for the purpose of balancing

The discharge current causes power loss in the bypass

resistor

Valuable energy is converted into heat and is no longer

available for powering the vehicle

The range of the vehicle is reduced

While the passive balancing method only converts the energy

that is stored in the cells into heat loss, active balancing

enables to transfer the charge from one cell to another.

There are several ways of achieving this charge transfer, e.g.

using switched capacitors or inductors. When the capacitive

method is used, a capacitor is connected in parallel with the

cell with the higher voltage. Once this has been charged, it is

connected in parallel with the cell with the lower voltage and

can charge it up. This procedure is repeated until the same

voltage is present at both cells.

The method that uses capacitors is extremely cost-effective,

but has the disadvantage that the average balancing current

is limited to less than 50mA. This limitation does not exist

Extendingthe Rangeof E-vehicleswith Li-ionBatteriesUsing Active

BalancingClaus Mochel


28/48


with the inductive method, and in this case it is easily

possible to have balancing currents of 1A or more.

Active Balancing Method for Rapid and

Almost Loss-free Charge TransferActive balancing is realized by connecting an inductive

resistor in parallel with the cell from which the charge is to be

taken. This results in a constant increase in the current flow in

the coil.

Once the coil has been decoupled from the cell that is being

discharged via a transistor, the energy stored in the cell can

charge the neighboring cell via a diode. It is therefore possible

to move charges to and fro between the individual cells

extremely efficiently and almost loss-free. This method

has some decisive advantages:

Balancing currents of 1A and more are possible

Balancing is essentially loss-free

Balancing is extremely rapid

The efficiency and the capacity of the battery are

increased

The range of the vehicle is increased

Compared to the other methods that have been mentioned,

implementing an active balancing method using inductive

resistors is not exactly low-cost because of the relatively

high cost of the inductive resistor component. However, this

is not really a problem. A

modern high-performance

battery currently costs

approximately USD

$10,000 Even if onlygaining an extra 10% of

capacity using the inductive

balancing method, this

represents a value of

USD $1,000 an amount

for which a considerable

number of inductive

resistors can be purchased.

Individual cell monitoring

is required for Li-ion batteries for safety reasons, since these

cells burn when they are overloaded, and can even explode

in extreme cases. As well as the overvoltage, undervoltageand temperature monitoring that is required, additional

functions such as precise charge condition determination are

needed. A component is now available on the semiconductor

market with which both these functions and also the

different balancing methods can be realized. With the Atmel

ATA6870, each cell has individual electronic monitoring

in order to provide functions such as state-of-charge

determination, active/passive balancing or overvoltage,

undervoltage and temperature monitoring.

PMOS

NMOS

MBATn+2

Zelle n+1

Zelle n

RIN CIN

CSHUFFLE

RPD

DISCHn-+1

MBATn+1

DISCHn

MBATn

PMOS

NMOS

MBATn+2

Zelle n+1

Zelle n

RIN CIN

CSHUFFLE

RPD

DISCHn-+1

MBATn+1

DISCHn

MBATn

Figure 2. Active Balancing Capacitors

ell n-1

Cell n1

2

1 = Discharging a cell

2 = Charging a neighboring cell

DISCH4

MBAT4

DISCH5

MBAT5

DISCH6

MBAT6

MBAT7

DISCH3

MBAT3

DISCH2

MBAT2

DISCH1

MBAT1

Figure 1. Passive Balancing Using Resistors

Figure 3. Active Balancing

Using Inductors


29/48


Measurement Data Recording andActive Balancing for Li-ion Battery

Systems

The heart of the Atmel ATA6870 consists of six high-

precision 12-bit AD converters. Each cell is monitored by

a separate AD converter, which has several advantages.

On the one hand, all cells can be measured simultaneously,

and on the other hand the cell voltage does not have to

be transferred analog to ground, which would reduce

the accuracy of the system. As well as providing efficientbalancing, another prerequisite for making optimum use

of the cell capacity is precise recording of the cell voltage

because of the extremely flat characteristic curve of Li-ion

battery cells. The ATA6870 therefore transfers the digital

voltage value to ground without loss of accuracy after

analog/digital conversion. As well as the six high-precision

AD converters for measuring cell voltage, the ATA6870

is the worlds only device with the possibility of achieving

both passive balancing and active balancing between the

individual cells using capacitors or inductive resistors in

high-performance batteries with up to 300 cells or more

connected in series. In order to prevent the balancing from

taking an extremely long time because of the large number

of cells, balancing can be carried out simultaneously on

any number of cells with the ATA6870. With the aid of this

circuit it is now possible to develop low-cost, efficient and

safe battery management systems that can squeeze the last

Coulomb out of a battery due to extremely precise recording

of the charge status of the individual cells and the efficiency

of the balancing method that is used, and make it availablefor driving operation. This is another step that increases

the range of electric vehicles and plug-in hybrid vehicles

and therefore contributes to the triumphant march of these

vehicles.

Cell 1

Reference

ADC

Charge Transfer

Cell 6

Reference

ADC

Charge Transfer

Standby

Current Supply

3.3V Internal

Voltage Regulator

3.3V

Voltage Regulator

Cell Temperature

Measurement

DigitalLevel

Converter

Logic

Microcontroller

Communications

Bus

Microcontroller

Interface

Dig

italLevel

Converter

DigitalLevel

Converter

Figure 4. Block Diagram of the Atmel ATA6870 Li-ion Battery Management IC


30/48


Concerns about global warming, along with resulting stringent legal provisions for

reduction of vehicle CO2

emissions, are driving an additional challenge for energy

management: micro-hybrids. These cars save fuel by switching off the combustion

engine when stopping (for example, at a traffic light) and then automatically

restarting the motor when the driver wants to continue. The primary issue with

such an engine is that the vehicles starting capability must be guaranteed under

all circumstances. Otherwise, traffic chaos is bound to develop, given the growing

number of vehicles of this kind on city streets. With the advent of micro-hybrids,

reliable battery diagnosis and modern vehicle energy management become all

the more important.

The core of such an energy management system is an intelligent battery sensor

(IBS) to constantly monitor the charge and discharge currents, the battery

voltage, and the temperature. The resulting data is used to determine the

batterys load and state-of-charge and for distributing power within the car.

Priority is given to critical functions such as engine start-up. Furthermore, the

sensor calculates the batterys state-of-health (SoH) and alerts the driver when

battery lifetime is expiring in order to avoid car malfunction or breakdown. With

IBS information, engineers can also reduce fuel consumption and resulting CO2

emissions. This is done by tailoring the charging cycles depending on the required

current for the various loads and the energy available from the generator. In

cars without an IBS energy management system, the generator must provide a

continuous electrical charge for the battery while the motor is running; with such

a system, the generator can be disconnected from the battery when the battery

charge is sufficient and the vehicles engine is under heavy load.

PrecisionBatteryMonitors forStandard LeadAcid Batteries

Ensure EngineStart-upClaus Mochel

Today, one in three car breakdowns

is related to the vehicles electronic

equipment. Today, high-end cars

incorporate up to 65 electronic control

units (ECUs), compared to only 10

ECUs in 1995. Battery monitoring is

one of the most important current ECU

applications, since 60% of breakdowns

caused by electronic devices are

caused by defective or empty

batteries.

Batteries now face many challenges

for energy management. Formerly,

the batterys main task was to provide

high-power output for a short time

to enable engine start-up. This has

changed dramatically, Today, the

battery must provide continuous

power to the large number of

electronic devices inside the car. This

function can be problematic in winter,

when battery capability is reduced

through cold temperatures and high

energy consumption due to loads such

as electrical seat heating. In addition,

driving in slow traffic means that the

car generator provides limited energy

to charge the lead acid battery.


31/48


Atmel has provided initial models of a microcontroller

perfectly matching the requirements of an advanced IBS

system. The device is based on the well-known Atmel

AVR microcontroller core in Atmel products, with additional

mathematical extensions adapted to the requirements of

battery management systems. The circuit has two 16-bit

- analog-to-digital converters (ADCs) with synchronous

sampling; the accuracy of these two ADCs is due to a very

precise 5ppm/K reference voltage with special second-order

temperature compensation. The first ADC is dedicated to

current measurement and has a large dynamic range. Using

a 100Ohm shunt resistor, currents from 1mA up to 1500A

can be measured due to a programmable gain amplifier

(PGA) at the input of the ADC. The second ADC is dedicated

to system temperature determination and monitoring of thevoltage of the lead acid battery. The temperature can be

measured using either the ICs in-built temperature sensor

or an external sensor. The measurement of battery voltage

measurement is particularly interesting. This measurement

requires an extremely precise resistor divider, which is

integrated into the device. As a special feature, the divider

can be connected directly to the battery pole to

Date post:	02-Apr-2018
Category:	Documents
Upload:	costel-cojocaru
View:	219 times
Download:	0 times

Atmel Autocompilation Vol7 Dec2010

Documents