Prior approaches exist for setting up and managing a communication link between two or more wireless devices. Some examples include BLUETOOTH, WIFI, etc.
Communication protocols according to prior approaches are designed for large computing systems such as personal computers or embedded computing platforms where computation power, power requirements, and memory are plentiful.
One or more embodiments are illustrated by way of example, and not by limitation, in the figures of the accompanying drawings, wherein elements having the same reference numeral designations represent like elements throughout and wherein:
A memory tag is a memory device based on a low-power integrated circuit design, e.g., complimentary metal oxide semiconductor (CMOS), and is about the size of a grain of rice or smaller (2 millimeter (mm) to 4 mm square), with a built-in antenna. In at least some embodiments, the memory tags may be embedded in a sheet of paper or stuck to any surface, and may be available in a booklet as self-adhesive dots. An example memory tag is a memory spot available from HEWLETT-PACKARD CO. of Palo Alto, Calif.
The memory tag or memory tag chip has a 10 megabits-per-second data transfer rate—10 times faster than BLUETOOTH wireless technology and comparable to [[Wi-Fi]]WI-FI speeds—effectively giving users instant retrieval of information, e.g., in audio, video, photo and/or document form. With a storage capacity ranging from 256 kilobits to 4 megabits in working prototypes, the memory tag is able to store, for example, a very short video clip, several images or dozens of pages of text.
Information stored on the memory tag is accessed by a read-write device, e.g., as incorporated into a cell phone, PDA, camera, printer or other device. To access information, the read-write device is positioned adjacent, i.e., closely over, the chip, which is then powered so that the stored data is transferred to the display of the phone, camera or PDA or printed out by the printer. Users can also add information to the chip using the various devices.
The chip incorporates a built-in antenna and is self-contained, with no need for a battery or external electronics. [[It]][The chip receives power through inductive coupling from a special read-write device, which [[can]] then extracts content from the memory on the chip. Inductive coupling is the transfer of energy from one circuit component to another through a shared electromagnetic field. A change in current flow through one device induces current flow in the other device.
The memory tag communication protocol begins by emulating available memory tag targets within the interrogator's energy field (also called field-of-view). In at least some embodiments, the protocol begins by emulating all available memory-tag targets within the interrogator's energy field. This is achieved using the following simple rules which are an aspect of [[this]]embodiments of the present invention:
Target's operating rules:—
Interrogator's operating rules:—
The device detection scheme is the channel selection method. The number of channels is given by an integer value N between 1 and 13 inclusive, which is determined by the initiator. In alternate embodiments, greater or fewer than 13 may be used. The initiator sends a ‘ResetID’ command either on the broadcast channel (0xFH) or on the reset channel (0x0H). If the ‘ResetID’ command is issued on the broadcast channel, all targets on all channels select a random ChannelID between 1 and N and a SocketID between 0 and 4096. If the ‘ResetID’ is issued on a particular channel (y), only targets operating on channel (y) select a random ChannelID between 1 and N and a SocketID between 0 through 4096. Targets operating on all other channels (not y) retain their ChannelID and SocketID.
A successful standard transaction, as depicted in
In a successful transaction, the delay between the end of an Initiator to target standard frame and the beginning of the target to Initiator standard frame depends on the opcode issued by the initiator.
The target provides a response to processed initiator frames either in the form of an acknowledgement frame, a negative acknowledgement frame or a data frame. In at least some embodiments, the target provides a response to all processed initiator frames.
The target provides a negative acknowledgement frame if the received frame is corrupted and cannot be processed further. This may occur even before the initiator frame is completely received, as depicted in
In at least some embodiments, the on-air encoding scheme is Manchester encoding for [[all]] initiator to target communication. This includes the preamble and framing sequences. The bit stream described hereforth is pre-Manchester encoded. In other embodiments, different encoding schemes may be used for communication. The presence of amplitude modulation of the carrier frequency signals the start of the passive communication.2.1 Initiator to Target standard frame format
The standard frame format, as depicted in
In at least some embodiments, communication starts with a preamble sequence of a minimum 48 bits which are all logical “zero” encoded followed by 24 bits which are logical ‘0101,0101,0101,0101,0101,0001’ (most significant bit (MSB) first). A pair of synchronization characters (SYNC) consisting of logical ‘0001011000010110’ (MSB first) [[shall]] immediately follow the preamble sequence. These sequences (preamble and SYNC pairs, e.g., as depicted in
The header frame, e.g., as depicted in
The 12 bit SOC field specifies to which socket [[this]]the frame is applied immediately follows the CHAN field. The targets process frames with SOC value matching their own channel ID except for CMD values 0xFF (InitialiseID) and 0xFE (ReportID). In at least some embodiments, the targets only process frames with SOC value matching their own channel ID except for particular CMD values.
The CMD field specifies which operation the target is requested to perform. This 8 bit field consists of a number between 0x0 to 0x4 and 0xFE and 0xFF. All other values are reserved. In alternate embodiments, different field sizes and number specifications may be used.
In at least some embodiments, the opcode extension field (CMD_EX) is 48 bits. This field provides additional information on the opcode. The significance of each bit within this field is opcode-dependent.
The CRC field is a 32 bit CRC value of the CHAN, SOC, CMD, and CMD_EX fields.
The operand frame is of variable length and is opcode-dependent.
In at least some embodiments, transmission between target to Initiator is encoded with a 7 bit data whitening word and uses backscattering phase modulation. The on-air encoding scheme applies to all fields except preamble and synchronization (SYNC). The bit stream described here forth is pre-encoded.
Note: # denotes operational dependent values.
The target resets the ID register to 0x0000 upon detection of a “carrier loss, carrier present” sequence (power-on reset). The target ID register resides in memory location 0x100H. In at least some embodiments, [[The]]the initiator can force the target to perform a power-on reset at any time.
The target only processes frames with Channel ID and Socket ID matching their own with the following exceptions:
The target processes the ‘ResetID’ command, i.e., the reset identifier command, if [[it]]the command is issued on the broadcast channel (CHAN=0xF) or on a channel matching its channelID. The target shall not match the SocketID.
The target processes the ‘ReportID’ command if [[it]]the command is issued on a channel matching its channelID. The target shall not match the SocketID.
The device detection scheme is the channel selection method. The number of channels is given by an integer value N between 1 and 13 inclusive, which is determined by the initiator. The initiator may send a ‘ResetID’ command either on the broadcast channel (0xFH) or on the reset channel (0x0H). If the ‘ResetID’ command is issued on the broadcast channel, all targets on all channels select a random ChannelID between 1 and N and a SocketID between 0 and 4096. If the ‘ResetID’ is issued on a particular channel (y), only targets operating on channel (y) select a random ChannelID between 1 and N and a SocketID between 0 through 4096. Targets operating on all other channels (not y) retain their ChannelID and SocketID.
Targets can only select channel 1 through 13 in response to ResetID command.
Note: x denotes any arbitrary values.
# denotes operational dependent values.
SOF field is described elsewhere.
The targets respond to the ‘ResetID’ frame with their randomly generated ChannelID and SocketID using the standard target to initiator frame format after a maximum of a predetermined number of cycles.
Note: # denotes operational dependent values.
If a reply is received from the target in response to a ‘ResetID’ command issued on the broadcast channel and is decoded with no CRC errors, only one target exists in the field of view. The emulation process is completed. Standard communication between memory tag and initiator commence using the returned ChannelID and SocketID.
If a reply is received from the target in response to a ‘ResetID’ command issued on the broadcast channel and is decoded with CRC errors, a collision is deemed to have occurred. The initiator proceeds with the next phase to enumerate and isolate the targets.
The initiator issues a ‘ReportID’ frame on the channels to be enumerated. The ‘ReportID’ frame may not have to be issued on any particular channel sequence. Only targets with ChannelID matching the CHAN field of the ‘ReportID’ frame process the frame.
Note: x denotes any arbitrary values.
# denotes operational dependent values.
SOF field is described elsewhere.
The target processes the ‘ReportID’ frame if it is issued on a channel matching their own ChannelID. The target replies with the ‘ReportID’ response frame after the completion of the ReportID frame after a maximum of a predetermined number of cycles.
Note: # denotes operational dependent values.
If a reply is received from the target in response to a ‘ReportID’ frame issued on a particular channel (x) and decoded with no CRC error, only one target is deemed to exist on that channel (x). The initiator may select to park the said target to the PARKED channel (0xE) freeing up that particular channel (x) for use in further enumeration. Conversely, the initiator may commence normal communication with the target. The initiator may reassign the target to another channel with or without a new SocketID by writing to the target's ID Register.
The initiator may repeat the multiple target[[s]] detection and isolation sequence (this time on channels with collision) until all targets have been isolated before initiating normal communication with the targets. Conversely, the initiator may repeat the multiple targets detection and isolation sequence (this time on channels with collision) as each device is isolated on a collision free channel.
Preamble, SOF, CHAN, SOC and SYNC fields are described in their respective initiator to target standard frame format section and target to initiator standard frame format section.
5.1 Read from Target Frame (CMD=0x00)
Read one or more bytes from target starting from location ‘addr’.
Write one or more bytes to target starting from location ‘addr’.
Possible responses from target to a ‘Write’ frame include Acknowledgement (ACK) or Negative Acknowledgement (NACK) frame.
WriteSync to target frame (CMD=0x02)
Write one or more bytes to target starting from location ‘addr’, using SyncFlash algorithm.
Note: x denotes any arbitrary values.
Size=(STRT*PDSTRT+PDDATA+CROSS*PDRX+END*PDEND.)×8 bits
Possible responses from target to a ‘Write’ frame shall be Acknowledgement (ACK) or Negative Acknowledgement (NACK) frame.
5.4 PageErase Frame (CMD=0x03)
Initialize one page of target's memory. This operation only applies to target with Flash/EEPROM based memory. This operation will have no effect on “RAM type” memory, use ‘Write’ operation to overwrite contents for “RAM type” memory. The initialized value may be logical ‘1’ or logical ‘0’ and is dependent on the target memory technology.
Note: x denotes any arbitrary values.
Possible responses from target to a ‘Write’ frame include an Acknowledgement (ACK) or a Negative Acknowledgement (NACK) frame.
5.5 MassErase Frame (CMD=0x03)
Initialize entire target's memory. This operation only applies to target with Flash/EEPROM based memory. This operation has no effect on “RAM type” memory, use ‘Write’ operation to overwrite contents for “RAM type” memory. The initialized value may be logical ‘1’ or logical ‘0’ and is dependent on the target memory technology.
Note: x denotes any arbitrary values.
Possible responses from target to a ‘Write’ frame includes an Acknowledgement (ACK) or a Negative Acknowledgement (NACK) frame.
5.6 Authenticate Frame (CMD=0x04)
Authenticate target's (k) key, where (k) is 0 to 15. The target responds with a 180 bit SHA-1 message digest of the augmented challenge and secret key (k).
Note: x denotes any arbitrary values.
# denotes operational dependent values.
SOF field is described elsewhere.
AID1: Authentication ID1. This field is 16 bit. The value is 0x20.
Retrieve target's ChannelID and SocketID value on channel (c). This frame is usually used for target enumeration and isolation.
Note: x denotes any arbitrary values.
# denotes operational dependent values.
SOF field is described elsewhere.
Note: # denotes operational dependent values.
Reset target's ChannelID and SocketID value on channel (c). This frame is usually used for target enumeration and isolation.
Note: x denotes any arbitrary values.
# denotes operational dependent values.
SOF field is described elsewhere.
Note: # denotes operational dependent values.
5.9.1 Acknowledgement—NAK (RESP=0x06)
5.9.2 Negative Acknowledgement—NAK (RESP=0x15)
The CRCH, CRCP and CRCD fields are used to detect errors in the HEADER, OPERAND and PLD field respectively. The CRCR field is used to detect errors in the response frame. CRCH, CRCP, CRCD and CRCR is 32 bit. The 32 bit LFSR for the CRC is used in the initiator and target for generating and checking. It is constructed similarly using the CRC-802.3 generator polynomial:
g(d)=D26+D23+D22+D16+D12+D11+D0+D8+D7+D5+D4+D2+D1+1
The initial state of the LFSR is loaded with logical ‘1’. Data is shifted in and out as indicated. The resulting CRC value is attached to the respective field (i.e. CRCH, CRCP, CRCD, CRCR). The most significant byte is transmitted first. The most significant bit of each byte is transmitted first.
At the receiving side (initiator and target), the incoming CRC bits are clocked into the register. After the LSB bit is clocked, the 32 bit LFSR register contains all ‘1’s. The 32 bit CRC is calculated on all data bits up to, but not including, the first CRC bit.
8.0 Data Whitening
Target to initiator transmission are scrambled with a data whitening word in order to randomize the data from highly redundant patterns and to minimize DC bias in the packet. The scrambling is performed prior to the Frame synchronization.
At the initiator, the received data is descrambled using the same whitening word generated in the target. The descrambling is performed after Frame synchronization.
The whitening word is generated using a 7 bit LFSR with the polynomial f(D)=D7+D5+1 and subsequently exclusive ORed (EXORed) with the RESP, PLDR, and CRCR fields. Before each transmission, the shift register is initialized with logical ‘1’s. After initialization, the Response field (RESP), Payload field (PLDR) and CRC field (CRCR) are scrambled. The first bit of the “Data in” sequence is the MSB of the RESP field. An example embodiment is depicted in
The entity authentication used in Memory-tag uses a challenge-response scheme in which an initiator's knowledge of a secret key is checked through a 2-move protocol using symmetric secret keys. The latter implies that a correct initiator/target pair shared the same secret key.
In the challenge-response scheme, the initiator challenges the target to authenticate a random input (the Challenge key), denoted by CK, with a 4 bit authentication key (K). K is a value between 0 and 15 and is used as a pointer to retrieve the secret key S(K) from the target's secure memory bank. A 480 bit string Message (MSG) consisting of the interleaving bytes Challenge (CK) and Secret S(k)) is formed, e.g., as depicted in
The 480-bit string Message (MSG) is digested by the target's authenticator using a SHA-1 (FIPS PUB 180-1) compliant algorithm, producing a 160 bit Digest (D). SHA-1 algorithm is well documented and is freely available. The Digest (D) is sent back to the initiator. An alternate Digest (D′) may be calculated in the initiator using prior knowledge of the secret S(K) using the same technique. Alternatively, the alternate Digest (D′) may be calculated using another target. The targets with matching D=D′ implies that they share the same secret.
This application claims the benefit of Provisional Patent Application No. 60/968,454, filed Aug. 28, 2007, and titled, “DEVICE ISOLATION AND DATA TRANSFER FOR WIRELESS MEMORY”, the entirety of which is hereby incorporated by reference herein.
Number | Date | Country | |
---|---|---|---|
60968454 | Aug 2007 | US |