S15: RFID Security Box

1 Grading Criteria
2 RFID Security Box
3 Abstract
4 Objectives & Introduction
- 4.1 Team Members & Responsibilities
5 Schedule
6 Parts List & Cost
7 Design & Implementation
8 Software Design
9 Testing & Technical Challenges
- 9.1 Issue #1 : Backlight control
- 9.2 Issue #2 : Power supply
10 Conclusion
11 References

Grading Criteria

How well is Software & Hardware Design described?
How well can this report be used to reproduce this projec
Code Quality
Overall Report Quality:
- Software Block Diagrams
- Hardware Block Diagrams
  Schematic Quality
- Quality of technical challenges and solutions adopted.

RFID Security Box

Abstract

The RFID Security Box is a container with an electronic lock that can be unlocked by using RFID tags, NFC-compatible devices, or a manually entered passcode.

Objectives & Introduction

This is a security box for storing valuables. It can be unlocked by entering a PIN through a numeric keypad, or by communicating with a NFC-compatible device, or RFID tags, tokens, and cards.

Sensors and other components used:

NFC/RFID Controller breakout board
Lock-style Solenoid
3x4 Phone-style Matrix Keypad
RGB LCD Screen

Team Members & Responsibilities

Rajwinder Ruprai
- NFC/RFID driver
- Software testing
Charles MacDonald
- Hardware and software design
- Physical construction
- Hardware testing

Schedule

Show a simple table or figures that show your scheduled as planned before you started working on the project. Then in another table column, write down the actual schedule so that readers can see the planned vs. actual goals. The point of the schedule is for readers to assess how to pace themselves if they are doing a similar project.

Week#	Date	Task	Actual
1	04/14	Order parts needed for required functionality, work on box design (component placement, mounting requirements, etc.)	Completed

Week#	Date	Task	Actual
2	04/21	Develop keypad and LCD display drivers.	Completed.

Week#	Date	Task	Actual
3	04/28	Develop solenoid driver and start work on RFID/NFC driver.	Completed.

Week#	Date	Task	Actual
4	05/5	Finish RFID/NFC driver, finish PSU wiring.	Completed.

Week#	Date	Task	Actual
5	05/12	Component integration and testing.	Completed.

Week#	Date	Task	Actual
6	05/19	Tweaking and polishing implementation.	Completed.

Week#	Date	Task	Actual
7	05/25	Project presentation.	Rescheduled.

Parts List & Cost

Quantity	Description	Cost
1	Lock-style Solenoid - 12VDC	$14.95
1	I2C / SPI character LCD backpack (not used)	$10.00
1	MiFare Classic (13.56 MHz) tag assortment (1KB)	$10.00
1	PN532 NFC/RFID controller breakout board (v1.6)	$39.95
1	3x4 Phone-style Matrix Keypad	$7.50
1	RGB backlight negative LCD 16x2 + extras (RGB on black)	$13.95
1	Extra-long break-away 0.1" 16-pin strip male header (5 pieces)	$3.00
1	Murata OKI-78SR Fixed Output 1.5A DC/DC Converter (5.0V)	$4.30
1	ST Microelectronics 3.3V Linear Regulator (not used)	$0.64
1	1N4007 Diode	$0.13
1	Meanwell RS-15-12 +12V, 1.3A PSU (not used)	$9.95
1	IEC 320-C14 AC power receptacle (not used)	$0.79
1	Ikea VALJE Wall Cabinet with Door	$35.00

As functionality was changed, some components were not used. They may be integrated into a future revision of the device.

Design & Implementation

Hardware Design

Rough draft of system architecture / schematic diagram (external link):

https://www.dropbox.com/s/1jhlvk78qywjkfu/244_project.jpg?dl=0

This is to mainly illustrate an early phase of development. More detailed diagrams are provided later.

Hardware Interface

The various buses are allocated as follows

SSP0 Shift register chain
SSP1 AT45, SD card, PN532 breakout board
GPIO Various control outputs and inputs
UART2 (free)
UART3 (free)

GPIO assignments

P2.0 : Keypad matrix row data, bit 0
P2.1 : Keypad matrix row data, bit 1
P2.2 : Keypad matrix row data, bit 2
P2.3 : Keypad matrix row data, bit 3
P2.4 : Piezo buzzer control
P2.5 : HD47780 DB7 (input to read busy status)
P2.6 : Storage register clock for shift register #1
P2.7 : Storage register clock for shift register #2
P1.19 : HD47780 RS
P1.20 : HD47780 R/W#
P1.22 : HD47780 EN
P1.23 : Operator button input (pushbutton)

External reset button input

Shift register assignments

S1.0 : LCD panel tri-color backlight LED blue cathode
S1.1 : LCD panel tri-color backlight LED green cathode
S1.2 : LCD panel tri-color backlight LED red cathode
S1.3 : To solenoid coil connector
S1.4 : (Unused)
S1.5 : Keypad matrix column select, bit 0
S1.6 : Keypad matrix column select, bit 1
S1.7 : Keypad matrix column select, bit 2

S2.0 : LCD interface, data bit 0
S2.1 : LCD interface, data bit 1
S2.2 : LCD interface, data bit 2
S2.3 : LCD interface, data bit 3
S2.4 : LCD interface, data bit 4
S2.5 : LCD interface, data bit 5
S2.6 : LCD interface, data bit 6
S2.7 : LCD interface, data bit 7

Shift register bus overview

To add additional outputs to the SJ-One board, several 74HCT595 shift registers have been connected to the SPI (SSP0) bus. Despite not being true SPI devices the shift registers work well for adding more I/O.

The 74HCT595 has LVCMOS compatible inputs allowing it to interface with the 3.3V I/O of the LPC1758. It consists of an 8-bit shift register which is clocked by SCLK and fed data by MOSI. The shift register output signal (Q7') can be fed to the data input of additional shift registers. The shift register output feeds the input of an 8-bit output latch, which has a dedicated clock input. In this way you can shift any kind of data through the shift register chain without disturbing the actual output pins, and then only load data from the shift register to the output latch when necessary.

The output of the final shift register in the chain can be fed back into MISO for diagnostic purposes; while the shift registers are output-only devices, connecting the output to MISO allows you to verify that the data transmitted through the chain was correctly received. This can help identify wiring errors or other problems early on and is a good diagnostic tool.

An overview of the shift register bus is shown in the following diagram:

While only two shift registers are used, more could be added. There is no practical limit other than the worst-case time it takes to change the last shift register is the time it takes to shift data through all shift registers in the chain. For high speed applications the chain should be kept short, but even then the 74HCT595 is rated to run up to 25 MHz, so with good wiring even a long chain can be updated rather quickly.

Other diagrams shown later will detail the low-level implementation between the shift registers and the peripherals they drive.

Keypad implementation

The keypad is arranged as a 4x3 matrix. Where each row and column intersect is a switch, and a physical connection between the row and column is made when the switch is depressed. Otherwise there is no connection when a switch is released, and the relationship between the row and the column at that point appears as an open circuit.

As the keypad has no datasheet the first task was to disassemble the keypad and use the continuity test function of a multimeter to determine the pin assignments:

Pin 1 - Not used (goes to a test point on the PCB)
Pin 2 - Row (keys *,0,#)
Pin 3 - Row (keys 7,8,9)
Pin 4 - Row (keys 4,5,6)
Pin 5 - Row (keys 1,2,3)
Pin 6 - Column (keys 3,6,9,#)
Pin 7 - Column (keys 2,5,8,0)
Pin 8 - Column (keys 1,4,7,*)

The notation of row vs. column is completely arbitrary, and were chosen only to have a consistent naming scheme.

Here is a diagram of the matrix inside the keypad:

As the rows and columns are shorted when a key is pressed, it is important to never drive the rows and columns to complementary output levels. The rows should be inputs with internal pull-ups enabled, and the columns are outputs that are driven low or high (or tri-stated).

The keypad can be scanned as follows;

1. Assign the columns as outputs (3-bit output). 2. Assign the rows as inputs (4-bit input), with internal pull-up resistors enabled. 3. For each column, drive the corresponding column output low (e.g. for column bits 2,1,0, the will be set to

1,1,0 : Select column #0
1,0,1 : Select column #1
0,1,1 : Select column #2

4. When a given column is selected, input the row data. 5. Row bits will be 0 where the row and column intersect AND the key is pressed, or 1 where the key is released.

Note that the keypad operation is fully mechanical like any switch, there is no ground or power connections necessary.

LCD implementation

The LCD display is based around the Hitachi HD44780 LCD controller. This is a legacy part that has a 6809-alike bus as follows:

RS - Register select (0= data, 1= control)
EN - Enable signal, used as an address strobe to indicate the data bus RS, and R/W# are at valid logic levels.
R/W# - Read/write strobe (0= write, 1= read)
DB7-0 - Data bus (8-bits)

To support devices with less GPIO such as 4-bit microcontrollers, the HD44780 has a 4-bit mode where only DB7-4 are used, and byte-sized data is transferred by writing four-bit nibbles twice in sequence. However the documentation is sparse on the exact timing in this mode, and it was unreliable when the control signals changed slowly. To compensate, one of the shift registers was allocated to provide all 8 bits of data, and the remaining PIO was used for the control signals.

The HD44780 needs a certain amount of time to carry out actions, and will output a busy status flag on DB7 during a read cycle. As a output-only shift register was being used to drive the data bus, a compromise was to insert a series 10K resistor such that Q7 of the shift register could pull DB7 low or high. In this the HD44780 could still drive DB7 to indicate the busy status without having a conflict with the shift register connected to the same pin.

This was important as many people who use the HD44780 opt to disable the read function and use fixed delays instead of polling the busy flag. However the time it takes to complete operations is somewhat variable, and it varies further between different manufacturers. To be safe, lengthy delays are needed which waste valuable time. It seemed much more worthwhile to have a hardware solution to enable polling in this case, to keep the software responsive.

The ULN2803 is used to drive the cathodes which vary in current but can be as high as 25mA, which is more than what a single GPIO can sink. Each channel of the ULN2803 can handle 500mA which is more than sufficient in this case.

Solenoid implementation

The solenoid used (Adafruit #1512) is designed to function similarly to the latch of a door. A spring pushes the metal slug outwards such that the door is locked when the system is turned off. The solenoid contains a coil that generates a magnetic field when energized, which draws the slug inwards (against the force of the spring) allowing the door to be opened. Thus the solenoid locks the door when off, and unlocks it when on.

The solenoid requires +12V to operate and draws 680mA normally. When the solenoid is turned off after a period of activation, the magnetic field collapses, at which point the force of the internal spring overcomes the decreasing force of the magnetic field holding the slug in place, and the spring can then eject the slug to the outward position.

When the magnetic field collapses current is induced in the coil, causing a large voltage spike that can be damaging to any digital circuitry connected to it. To prevent this, a diode is placed in parallel with the solenoid coil with the cathode to the positive voltage supply (+12V). This provides a safe discharge path so that the voltage spike does not go into the digital circuitry.

To control the the solenoid with a GPIO port, a ULN2803 is used, which is an eight channel Darlington transistor array. A Darlington transistor is a pair of transistors in series that can sink a large amount of current, and can interface to higher voltage signals such as 12V. The ULN2803 has built-in resistors to provide a TTL/CMOS compatible interface. Two important aspects to remember are the the Darlington transistors have an inverted output in relation to the input, such that an active-high input sinks current and an active-low input makes the output high impedance. Secondly, the high impedance output should have a pull-up or pull-down resistor to prevent the output from oscillating.

Note that the ULN2803 used has a built-in diode for this purpose, but during testing it was observed that the LCD display would flicker when the solenoid was turned off. Adding a large 1N4001 diode across the solenoid eliminated this problem completely.

Adafruit sells the solenoid with the slug oriented in 90 degrees from the desired position. To correct this, the housing can be lifted up after removing two screws. There is a thin D-ring around the base of the slug which is quite hard to remove. Using a flat screwdriver head to push on one side of the ring while holding the other side in place with needle-nose pliers worked eventually. There may be some kind of dedicated tool for D-ring removal which would simplify this process.

The solenoid in the security box is connected to a RCA jack, which connects to a matching jack on the control box. This was chosen as it was a inexpensive two-terminal cable that is easily aviailable.

Piezo buzzer

The piezo buzzer is a thin plate that deflects when voltage is applied to it. This deflection is enough to create audible sound, and the plate is mounted in a plastic cavity for amplification. The buzzer can be controlled by DC voltage such that a square-wave of a given frequency, such as 440 Hz, creates a 440 Hz tone. At very low frequencies the buzzer can be used to make simple clicking sounds, such as to augment the keypad entry with clicks as each key is pressed. This kind of feedback makes it easier for the operator to tell if a key press was complete or not.

A 0.1uF ceramic disc capacitor is placed across the buzzer terminals to filter out high frequency noise, and a 270-ohm resistor is placed in series between the negative terminal to the Darlington transistor driving it to limit current -- not because the buzzer needs it, but because the piezoelectric effect means deflection on the plate can produce voltage going back into the transistor array, potentially causing damage.

When GPIO port P2.4 drives low, the corresponding ULN2803 output becomes high impedance, leaving the negative terminal of the buzzer floating. This makes it susceptible to noise which can be heard as audible clicks. A 10K pull-up resistor to +12V biases the negative terminal high, such that the voltage difference between both terminals is zero, thus the buzzer is in an idle state and will not oscillate.

Security box case

The security box was made from a SERPAC plastic enclosure from Fry's Electronics. Holes were drilled out and slots were removed with a Dremel tool.

The printed circuit board was used to construct the circuit using wire-wrapping. Due to the low clearance underneath the PCB the sockets had to be cut down to fit, complicating wiring. Mounting holes were made to connect the PCB to the case bottom using plastic standoffs and screws, and a similar system was employed to mount the SJ One board to the PCB.

Ideally a number of identical length jumper wires would have been used so that wires could have had zip-ties applied and been mounted out of the way. In practice the jumper wires that were available were from miscellaneous sources and were hard to organize, while still allowing access to the circuitry inside the box.

Software Design

The project consists of several C/C++ source files, which can be divided between hardware drives and application software related code:

Hardware drivers

mykeypad - Keypad scanning.
mygpio - GPIO configuration.
mylcd - LCD module interface.
myspi - SSP driver for SPI communication.
mysreg - Shift register abstraction.
myuart - UART driver (see "Future Work").

Software

main - User interface (main application).
myedlin - Line editor for user data input.
debug - Debugging and error handling functions.

The main application performs the following operations:

1. Prompt user to input a personal identification number (PIN). 2. Accept input used to enter or edit the PIN. 3. Validate the PIN against a list of known-valid PINs 4. Warn the user if the PIN was incorrect, or 5. Inform the user the PIN was accepted and unlock the door via the solenoid for a brief time period. 6. Play a tone to give the user auditory feedback when a button is pressed.

These are implemented with several FreeRTOS tasks:

1. Keypad scanning task. Low priority.

This task scans the keypad matrix, storing the resulting data in a "key event" structure. When a key is pressed, the structure is loaded into the key queue. Application software can then unload key events and process them as necessary.

2. Finite state machine task. Low priority.

This task advances the user interface through different screens based on criteria such as keypresses made, if a PIN was valid, if the door unlock countdown timer has expired, etc. Using a finite state machine makes the 'initialization' (state transition) and 'running' (work done within a state) easy to manage and trivial to expand to add more functionality.

3. Buzzer update task. High priority.

This task generates a square wave to activate the piezo buzzer.

Bus locking

The SSP0 bus is accessed by both the keypad scanning task and the FSM task. To manage this shared resource a mutex is used such that each task cannot be pre-empted by the other during SSP0 bus access.

Implementation

This section includes implementation, but again, not the details, just the high level. For example, you can list the steps it takes to communicate over a sensor, or the steps needed to write a page of memory onto SPI Flash. You can include sub-sections for each of your component implementation.

Shift register abstraction

The shift registers are abstracted as a chain of shift registers placed in series. The "sreg" class is used to get the state of a shift register (the last value written to it), and set the new state as well. The shift register update function actually updates the shift register chain with the new values.

This allows the shift registers to be expanded to any length up to 256 devices.

Queues and events

When the user enters data on the keypad this creates a key event. The key event stores the current keypad state and indications of what has changed, such as if a key was pressed or released. Key events are placed into the key queue for other tasks to retrieve user input.

Likewise an add_tone() function adds tone events to the tone queue. This is used to play back beeps that are generated when the user presses buttons on the keypad.

For the most part the tone and key events are tightly coupled, but the system was designed so that other sources could generate tones, such as RFID card swipe results which are independent of any key input.

User interface

The user interface consists of a finite state machine and a line editor module.

The finite state machine controls the different display screens and manages the PIN entry and door unlocking mechanism. It can be visualized as a flowchart as follows:

The displays for each screen are as follows:

States from top to bottom: UI_PIN_ENTRY, UI_PIN_OK, UI_PIN_NG.

Data entry

A line editor module was developed to allow complex data entry. It support commands such as delete (backspace), cancel, and submit. Certain keys can be restricted from input if desired. Various aspects of the editor are indicated in a status code, such that unique actions (playing tones, printing warning messages, etc.) can be carried out if the user makes actions such as:

Overwriting existing text (overflow)
Deleting non-existent text (underflow)
Entering unacceptable keys
Trying to submit incomplete data

The line editor can be expanded to work with larger keypads or even a full keyboard.

LCD display

The LCD is programmed by writing an 8-bit value to the data register or control register. Control data is as follows:

MSB  LSB    DB7 DB6 DB5 DB4 DB3 DB2 DB1 DB0 
00000001 :  --- --- --- --- --- --- --- '1' : Clear DDRAM, set AC to DDRAM[0] ("clrscr")
00000010 :  --- --- --- --- --- --- '1' --- : Set AC to DDRAM[0] ("home")
00000100 :  --- --- --- --- --- '1' I/D -S- : Set cursor inc/dec and shift enable
00001000 :  --- --- --- --- '1' -D- -C- -B- : Set display on/off, cursor on/off, blink on/off
00010000 :  --- --- --- '1' S/C R/L --- --- : Move cursor without data port write
00100000 :  --- --- '1' -DL -N- -F- --- --- : Set interface size, display lines (1 or 2), font (5x8 or 5x10)
01000000 :  --- '1' AC5 AC4 AC3 AC2 AC1 AC0 : Set CGRAM address 00-3F + Set CGRAM access mode
10000000 :  '1' AD6 AD5 AD4 AD3 AD2 AD1 AD0 : Set DDRAM address 00-7F + Set DDRAM access mode

DDRAM = Display RAM (to define each letter shown in both rows of the display)
CGRAM = Character Generator RAM (to define 16 unique 5x7 character bitmaps)
   AC = Address counter, where the cursor position is for data register writes.

To prepare the LCD for access, the 8-bit interface initialization method proposed by Donald Weiman was used:

http://web.alfredstate.edu/weimandn/lcd/lcd_initialization/lcd_initialization_index.html

The LCD display class provides a set of familiar functions for text output:

clrscr() - Clear the display.
gotoxy() - Set the cursor position.
putch() and puts() - Print characters and formatted strings.

There are additional functions to control the blinking cursor as well.

Testing & Technical Challenges

Describe the challenges of your project. What advise would you give yourself or someone else if your project can be started from scratch again? Make a smooth transition to testing section and described what it took to test your project.

Include sub-sections that list out a problem and solution, such as:

Issue #1 : Backlight control

The LCD panel has a RGB backlight consisting of a single RGB LED, that has a common anode and three independent cathodes. Each cathode has a 200-ohm resistor in series to limit current to 25mA (when +5V supplied to the anode) per LED. In order to control the red, green, and blue channels of the backlight independently, a circuit is required that can interface GPIOs from the SJOne board to the cathode such that 25mA can be sunk per cathode. This amount of current to sink in order to fully turn on a single LED is beyond the limit of the LPC1758 ability, so a direct connection is not possible.

The solution is to use a Darlington transistor. The ULN2803 contains eight independent Darlington transistors, each of which has the appropriate base and collector resistors to appear as TTL/CMOS compatible inputs, suitable for control by the SJOne GPIOs directly. This chip can sink 500mA per transistor which meets and exceeds the current requirements of the RGB backlight.

Interfacing the backlight controls to three GPIOs will provide 2^3=8 total colors. However we will use the PWM function of the LPC1758 to to increase the range of available colors to several hundred thousand. This will also allow software-defined brightness control, to either set the brightness to a user-defined level or for strobing or flashing effects on the display by modulating the brightness over time.

Issue #2 : Power supply

The solenoid requires 12V, the SJOne board uses 3.3V, and the LCD backlight requires 5V. In order to meet this requirement a power supply circuit was designed with the goal of keeping efficiency high and heat output low.

A switching PSU is used to convert 120V AC to 12V DC for the solenoid. The 12V is fed into a switching 5V regulator to provide 5V for the LCD backlight. Note that the relatively large voltage drop from 12V to 5V does not cause excessive heat due to the switching regulator being used, thus no heatsinking or other cooling methods are required. Finally, the 5V is fed into a 3.3V linear regulator. At this point the voltage drop is relatively small (approx. 2V) and the corresponding heat dissipation is low.

In this way all three power rails (3.3V, 5V, and 12V) can be provided to the system. The least efficient part is the 3.3V linear regulator, but the switching 5V regulator and switching 12V PSU are highly efficient in terms of conversion.

Conclusion

Conclude your project here. You can recap your testing and problems. You should address the "so what" part here to indicate what you ultimately learnt from this project. How has this project increased your knowledge?

Future work

There are a number of ways to improve the project.

Use PWM or a timer interrupt to control buzzer updates. This would allow for the frequency to be varied, allowing for frequency envelopes and sweeps, and more complex sound effects generated by linking single tone structures together.

Use a 16x4 LCD display to display larger messages. The current 16x2 LCD is cramped, but functional.

Use PWM to control the RGB LCD backlight cathodes. The current implementation wires these to the shift register, but if using three of the PWM channels the backlight colors could be expanded from eight to several million.

Use a SPI GPIO expander. In particular the Microchip MCP23S17 has two 8-bit I/O ports that could have replaced the two 745HC595 shift registers. Note that the MCP23* line of GPIO expanders have rather unusual characteristics for their inputs regarding the Vil/Vih levels, so care must be taken when using their pins configured as inputs. However as outputs they function as expected.

Use a different RFID chip other than the PN538.

Support manual registration and management of PINs, either by using the internal operator button (more secure) or a dedicated service mode PIN (less secure).

In terms of physical security the solenoid can be triggered simply by applying +12V across the terminals with the control box disconnected. A more secure method would be to place a second SJ-One board inside the security box along with a dedicated power supply, and have the control box communicate to it over a serial link. The SJ-One in the security box can authenticate door open requests from the control box. The serial link could be protected by having data encrypted using a LFSR with a known seed shared between both systems which would make eavesdropping challenging, but would not stop a replay attack.

A further exercise in security would be to use a wireless system (XBee) for the control box and security box to communicate.

Project Video

Upload a video of your project and post the link here.

Project Source Code

Sourceforge Source Code Link

References

Acknowledgement

Any acknowledgement that you may wish to provide can be included here.

References Used

List any references used in project.

Appendix

You can list the references you used.