Today's cars have nifty security features. An immobilizer can disable your engine for protection against car theft. With remote keyless entry, you can lock or unlock your car with the push of a button. Luxury cars, beginning with the Mercedes S Class, have even eliminated the chore of button pushing. Their passive-entry systems recognize you as you approach and unlock the door for you.
The product you're designing probably isn't as spiffy as a Mercedes, of course, but chances are it could still benefit from some security features. If the product has a door, or if its use needs to be restricted to certain people, then secure-access control might make sense. Fortunately, much of the technology of automobile security is applicable to other areas. The key to using it lies in understanding how it works.
Most remote-control 'clickers' for cars use what's called rolling code, or code hopping. They send a different code, via a UHF radio transmission, each time you push a button. If they sent the same code each time, someone could intercept and record a transmission from your remote and replay it later to gain access to your car. Early remote-entry systems suffered from just this weakness.
RFID (radio-frequency identification) tags work without batteries to disable a car's engine as an effective deterrent to car theft. A secure exchange of information between tag and tag readers lets a car's owner enable the engine simply by inserting the key in the ignition switch.
The strength of rolling code—varying code—is also a complication, unfortunately, because your remote and your car must agree on what the next code should be. It can't be just the next number in an orderly sequence, or your security system wouldn't be secure. Rolling code components deal with the problem by using seemingly random numbers as codes. What makes this scheme work is that the car and the remote unit come up with numbers in the same way, using a secret code key, so that each uses the same number simultaneously. The secret key is unique to a particular car, so your car can't be opened by the remote unit of someone else's car.
There's yet another complication to rolling code, however. If you or, say, one of your children accidentally push a button on your remote while you're away from your car, your car isn't aware of it, and your remote and your car get their codes out of synch. Remote-entry systems get around this problem by making your car compare the code from your remote not just with the next code it expects, but also with a number of codes expected beyond that one. As long as you don't click your remote a huge number of times while away from your car, the system still works.
Despite these complications, rolling code provides convenient, robust security for consumers. It's secure, because the unique secret code key for each car can't be read, either by intercepting a transmission (because the key isn't transmitted) or by direct hardware contact (because the code isn't accessible through any electrical contacts).
Other security measures now used in cars involve RFID (radio frequency identification) tags. In a factory-installed immobilizer, for example, an RFID tag in your key fob identifies itself to an RFID tag reader installed near the ignition switch. If the tag reader accepts the ID that the tag provides, your car will start; otherwise it won't. And you don't have to push a button to enable or disable your car. Simply insert your key, as always, to enable the engine, and remove the key to disable it.
Passive immobilization with RFID occurs via a so-called challenge-response mechanism. When you insert your key, the tag reader sends a random number (the challenge) to the tag via a 125-kHz RF transmission. The tag receives the random number, encrypts it with a secret key code, and then sends the en-crypted number (the response) back to the tag reader. The tag reader, meanwhile, has encrypted the random number itself, using the same secret key that the tag used. The tag reader then compares the remote's response to its own encrypted result. A match enables the engine; a mismatch doesn't.
RFID tags not only add security without buttons, but many of them do it without a battery. They get their power from the tag reader, through the air, via inductive coupling. The challenge transmission signal from the tag reader energizes a tiny coil in the tag, which converts the signal into electrical current. This current charges a small capacitor with just enough energy for the tag to send its response transmission.
Another use for RFID tags is passive entry, in which your car recognizes you as you approach and automatically unlocks. Actually, the car doesn't recognize you, but the RFID tag that's on your person, either in a key fob or in a card in your wallet. Passive-entry systems typically have an RFID tag reader connected to separate antennas in each car door and the trunk. When you pull on a door handle or the trunk latch, the tag reader for that entry point is activated and allows entry to the car only at that location. Also, these systems work to distances of only about 5 ft, so your car won't unlock until you're close enough to enter it. Otherwise, someone else could enter your car when you're nearby but out of sight—inside a store, for example. Passive-entry systems also have enough intelligence to know whether you're in or out of the car and whether you're accompanied by someone—your spouse, for example—who also has an RFID tag that works with the car.
Some new cars, once they've recognized you, automatically invoke your personal driving preferences, such as seat and steering wheel positions, radio stations, and climate-control settings. If you like warm feet and cool jazz, that's what you'll get. You won't be bombarded by the frigid air and hip-hop previously set by your teen-age offspring.
If you're interested in adding secure-access technology to your own applications, be aware that it isn't a trivial task, but neither is it rocket science. The electronic components you need, plus a wealth of design information and guidelines, are available from well-known companies. Typical devices include microcontrollers, RFID tags, and RF transmitter and receiver chips. You'll also need some small antennas for your product design, which the chip vendors can help you select or design.
The chip vendors supply some of the key software modules you need, but you'll need to tailor the program code to your own requirements.
You may wonder, of course, if all these secure-access techniques and components really work. They do. Since European countries mandated the inclusion of immobilizers in new cars a few years ago, thefts cars there have decreased by 90%.
In the Embedded Systems column that ran in the September 3 issue of Design News, we mistakenly attributed the sidebar on the origin of the DO178B standard for aerospace systems whose failure could put human life at risk. Microchip did not provide that sidebar and, in fact, is not involved in the aerospace industry. We regret the error.