Chapter 1 INTRODUCTION

The term "data security" governs an extremely wide range of applications. Data security involves protecting a database from unwanted actions of unauthorized users. Concerns over data security are at an all-time high, due to the rapid advancement of technology into virtually every transaction, from parking meters to national defence. Data is created, updated, exchanged and stored through networks. A network is a computing system where users are highly interactive and interdependent; not all in the same physical place. A system of security is essential to maintain computing and network functions, keep sensitive data secret, or simply maintain worker safety. For this purpose, magnetic stripe cards were introduced. A magnetic stripe card is a type of card capable of storing data by modifying the magnetism of tiny ironbased magnetic particles on a band of magnetic material on the card. The magnetic stripe, sometimes called swipe card or magstripe, is read by swiping past a magnetic reading head. Fig 1.1 shows a magnetic stripe card with its reader.

The magnetic stripe on the back of a badge is composed of iron-based magnetic particles encased in plastic-like tape. Each magnetic particle in the stripe is a tiny bar magnet about 20-millionths of an inch long. When the entire bar magnets are polarized in the same direction, the magnetic stripe is blank. Information is written on the stripe by magnetizing the tiny bars in either a north or south pole direction with a special electromagnetic writer, called an encoder.

The writing process, called flux reversal, causes a change in the magnetic field that can be detected by the magnetic stripe reader. Since there can be two different flux reversals, N-N or S-S, there can be two different information states, much like the binary system used by computers. The magnetic stripe reader reads the information by detecting the changes in the magnetic field caused by the flux reversals on the badge's magnetic stripe. Magnetic stripe cards have minimal security. Because data is very easily read from and written to a magnetic stripe card, information can be easily stolen and a duplicate magnetic stripe card can be created. It is straightforward for a thief to swipe a magnetic stripe card and to collect all of the information from the card; the thief simply needs a magnetic stripe reader that has the ability to capture the information from the card (which all readers do). The thief can then either use that information directly or create a duplicate magnetic stripe card. Magnetic stripe cards store only a limited amount of data (less than 2 Kbytes) and are not updated after issuance, providing no ability to securely store or update information. A block diagram of the smart card reader is shown in Fig 1.2.

MICROCONTROLLER

RFID reader

Signals to

Smart card LCD Display

The smart card reader consists of an RFID module and a controller module. Fig. 1.3 shows a detail of the RFID module which is seen to consist of a regulated power supply, RFID reader, a level converter and a connector.

Regulated Power supply

RFID module

Level converter

Female connector

The block diagram of RFID based smart card reader is shown in Fig 1.4

Regulated Power supply

Microcontroller unit

LCD display

RFID module

Level converter

Chapter 3

DESIGN OF SMART CARD READER

The smart card reader has been designed with the objective of having secure data storage. It consists of two sections:
1. RFID Reader Module

2. Controller Module

RFID READER MODULE

The RFID reader section is shown in Fig 3.1 and it consists of a regulated power supply that can provide power to the RFID module, level converter and a buzzer. Female connector

RFID module

Level converter

Regulated Power supply

CONTROLLER MODULE
The controller module is used to program and monitor the output depending on the requirements of the user. Fig 3.2 shows the signal flow diagram.

Female connector

Level converter

Microcontroller unit

LCD display

Regulated Power supply

This module consists of a microcontroller unit which stores the program as per the user requirements. The RFID reader and controller modules are connected by a serial connector (male-to-male). When a smart card is swiped across the RFID module, the information that is present in the smart card is transferred to the microcontroller in the form of interrupts through the serial connector and a level converter. As the signals that are received might consist of higher voltages due to which false signalling may occur in the microcontroller, a level converter, MAX232 is used to convert the signals from an RS-232 serial port to signals suitable for use in TTL compatible digital logic circuits. The signals from the microcontroller are applied to the other components like LCD depending on the instructions given by the user.

Embedded system in smart card reader

The versatility of the embedded computer system lends itself to utility in the smart card reader. An embedded system is a special-purpose computer system designed to perform one or a few dedicated functions. It is embedded as part of a complete device including hardware and mechanical parts. Embedded systems are designed to perform simple, repeatable tasks - often with little or no input from the user. The embedded system is dedicated to specific tasks. Embedded systems are typically used over long periods of time and can be reprogrammed and often face significantly different design constraints such as limited memory, strict performance guarantees, fail-safe operation, low power, reliability and guaranteed real-time behaviour.

In-system programmability allows the embedded system to be programmed while resident within a circuit. Instead, a host personal computer (PC) connected via a cable downloads the program. Therefore, re- programmability is possible in case the program has to be changed in accordance with the user requirements. Embedded systems often use simple executives (OS kernels) or real-time operating systems with typically small footprints, support for real-time scheduling and no hard drives. Many embedded systems also interact with their physical environment continuously using a variety of sensors and/or actuators. Embedded systems range from no user interface at all dedicated only to one task to complex graphical user interfaces that resemble modern computer desktop operating systems. Simple embedded devices use buttons, LEDs, graphic or character LCDs with a simple menu system. Embedded systems often reside in machines that are expected to run continuously for years without errors and in some cases recover by themselves if an error occurs. The software is usually developed and tested carefully and unreliable mechanical moving parts such as disk drives, switches or buttons are avoided. Therefore, reliability is improved which is essential for a smart card reader. The next section describes the selection of components to implement the design.

Barcode Used For Smart Card Reading

Barcode technology was the only available means for protection until several decades ago. A barcode is an optical machine-readable representation of data relating to the object to which it is attached.

Barcodes systematically represented data by varying the widths and spacing of parallel lines, and may be referred to as linear or one-dimensional (1D). Later they evolved in to rectangles, dots, hexagons and other geometric patterns in two dimensions (2D). Barcodes are scanned by special optical scanners called barcode readers.

WORKING A barcode reader (or barcode scanner) is an electronic device for reading printed barcodes. It consists of a light source, a lens and a light sensor translating optical impulses into electrical ones. The light source generates a light that is reflected

on a series of black bars to read the data, these data is then converted to its numeric equivalent. But, barcode scanners are difficult to use because the item would need to individually positioned and scanned to get the barcode. The data in a barcode is printed on a sticker and needs to be visible so that the scanner can easily spot it and get the data. This creates two problems that make barcodes unsuitable for some applications. Exposure means that the tag can easily get damaged or worn out due to the weather or other reasons. It is also very easy to counterfeit, making it unsuitable for applications that require higher level of security. Smart card reader requires high level of security as it is used for authentication and data security purposes. Therefore, barcode technology is not considered suitable for use in the smart card reader. Hence, RFID technology has been developed. Unlike a bar code, the tag does not need to be within line of sight of the reader and may be embedded in the tracked object.

RFID technology implemented for smart card reader

Radio-frequency identification (RFID) is the use of a wireless non-contact system that uses radio-frequency electromagnetic fields to transfer data from a tag attached to an object, for the purposes of automatic identification and tracking. Passive RFID systems are composed of three components an interrogator (reader), a passive tag, and a host computer.

3.1 TAG
Tag is an RFID device incorporating a silicon memory chip (usually with onboard rectification bridge and other RF front-end devices), a wound or printed input/output coil, and (at lower frequencies) a tuning capacitor. There are different types of format cards: Magnetic Stripe

A magnetic stripe card is a type of card capable of storing data by modifying the magnetism of tiny iron-based magnetic particles on a band of magnetic material on the card. The magnetic stripe, sometimes called swipe card or magstripe, is read by swiping past a magnetic reading head.

Visualization of magnetically stored information on a magnetic stripe card OPERATION The magnetic stripe on the back of a badge is composed of iron-based magnetic particles encased in plastic-like tape. Each magnetic particle in the stripe is a tiny bar magnet about 20-millionths of an inch long. When the entire bar magnets are polarized in the same direction, the magnetic stripe is blank. Information is written on the stripe by magnetizing the tiny bars in either a North or South Pole direction with a special electromagnetic writer, called an encoder.

The writing process, called flux reversal, causes a change in the magnetic field that can be detected by the magnetic stripe reader. Since there can be two different flux reversals, N-N or S-S, there can be two different information states, much like the binary system used by computers. The magnetic stripe reader reads the information by detecting the changes in the magnetic field caused by the flux reversals on the badge's magnetic stripe. Magnetic stripe cards have minimal security. Because data is very easily read from and written to a magnetic stripe card, information can be easily stolen and a duplicate magnetic stripe card can be created. It is straightforward for a thief to swipe a magnetic stripe card and to collect all of the information from the card; the thief simply needs a magnetic stripe reader that has the ability to capture the information from the card (which all readers do). The thief can then either use that information directly or create a duplicate magnetic stripe card. Magnetic stripe cards store only a limited amount of data (less than 2 Kbytes) and are not updated after issuance, providing no ability to securely store or update information. Integrated Circuit cards (smart cards) Smart Cards are used as secure portable storage devices. Smartcard provides a special security when compare to normal money transaction. It is widely used in the area of transit payments and Personal Identification. Some other sectors like mobile telecommunication in Mobile phones use as Subscriber Identification Modules (SIM). Smart cards allow greater orders of magnitude in terms of data storage cards with over 20 Kbytes of memory are currently available. Also, the stored data can be protected against unauthorized access and tampering. There are two types of smart cards: Contact smart card Contactless smart card

Contact Smart Card Contact smart cards have a contact area of approximately 1 square centimetre (0.16 sq in), comprising several gold-plated contact pads. These pads provide electrical connectivity when inserted into a reader, which is used as a communications medium between the smart card and a host (e.g., a computer, a point of sale terminal) or a mobile telephone. Cards do not contain batteries; power is supplied by the card reader.

Vcc: Power supply RST: Reset signal, used to reset the cards communications CLK: Provides the card with a clock signal, from which data communications timing is derived GND: Ground (reference voltage) Vpp: Programming voltage: an input for a higher voltage to program persistent memory (e.g. EEPROM) I/O: Serial input and output (half-duplex)

C4, C8: The two remaining contacts are AUX1 and AUX2 respectively and used for USB interfaces and other uses Memory functions such as reading, writing, and erasing can be linked to specific conditions, controlled by both hardware and software. Another advantage of smartcards over magnetic stripe cards is that they are more reliable and have longer expected lifetimes. But, contact smart cards are one of the most frequent failure points in any electromechanical system due to dirt, wear, etc. Therefore, contactless smart cards are being used. Contactless Smartcards A contactless smart card is a pocket-sized card with embedded integrated circuits that can process and store data, and communicate with a terminal via radio waves. They do not contain an ordinary read-only RFID, but they do contain a rewriteable smart card microchip that can be transcribed via radio waves.

Cards need no longer be inserted into a reader, which could improve end user acceptance. No chip contacts are visible on the surface of the card so that card graphics can express more freedom. Still, despite these benefits, contactless cards have not yet seen wide acceptance.

Smart cards, unlike magnetic stripe cards, can carry all necessary functions and information on the card. Therefore, they do not require access to remote databases at the time of the transaction. A typical smartcard consists of an 8-bit microprocessor running at approximately 5 MHz with ROM, EEPROM and RAM, together with serial input and output, all in a single chip that is mounted on a plastic carrier. The operating system is typically stored in ROM, the CPU uses RAM as its working memory, and most of the data is stored in EEPROM. For smartcard silicon RAM requires four times as much space as EEPROM, which in turn requires four times as much space as ROM. In addition, most smart cards embed a cryptographic coprocessor. If a cryptographic coprocessor is added to the architecture, the time required for this same operation is reduced to around a few hundred microseconds.

3.2 RFID READER MODULE

Reader is a microcontroller-based unit with a wound out-put coil, peak detector hardware, comparators, and firmware designed to transmit energy to a tag and read information back from it by detecting the backscatter modulation. Smart card is a passive device and needs to be inserted into a reader connected to a computer, or an integrated smart terminal. These devices are known as Card Acceptance Devices (CAD) and come in many shapes: readers integrated into a vending machine, handheld battery-operated readers with a small LCD screen.

The CAD offers power for the smartcard chip, and an interface for communication, which is bidirectional and half-duplex (one-way communication at a time). The serial I/O interface usually consists of a single register, through which the data is transferred in a half duplex manner, bit by bit. The external terminal must supply the voltage, ground, and clock. Though commonly referred to as smartcard readers, all smartcard enabled terminals have the ability to read and write as long as the smartcard supports it and the proper access conditions have been fulfilled. A smart card works in a black-box model: the CAD gives the card an input, this input is processed by the card chipset, and then an output is sent back to the CAD.

The CAD itself cannot access directly the smart card EEPROM, RAM or ROM memories. Since data cannot be retrieved directly via the CAD, smart cards have been proposed as portable and secure data storage devices. In addition, their computing capabilities (especially if integrated by the cryptographic co-processor) make them especially suitable as private key storage devices for asymmetric algorithms, since in this way private keys can be generated and stored on board the card. Encryption and decryption of data are performed on request by the card chipset itself. In this way, the users private key is kept secure and cannot be eavesdropped. Thus, chip cards have been the main platform for holding a secure digital identity. The RFID reader used in the smart card reader is an EM 18 module as shown in Fig.

The EM-18 RFID Reader module operates at 125 kHz. The Reader module comes with an on-chip antenna and can be powered up with a 5V power supply. After applying power to the module, transmit pin of the module is connected to receive pin of the microcontroller. When the smart card is swiped within the reading distance and the card number is received at the output. Optionally the module can be configured for also an output.

3.3 Host system used in smart card reader- Microcontroller

The data read from the smart card by the RFID reader module is received by the microcontroller. RFID reader and microcontroller are connected by a connector. Interrupts are generated when data is obtained at the microcontroller. It processes the data and generates the required output which is given to the LCD display. The microcontroller used in the smart card reader is ATmega16. ATmega16 is the high-performance, low-power CMOS Atmel 8-bit AVR RISC-based microcontroller. By executing powerful instructions in a single clock cycle, 16 MIPS at 16 MHz and operates between 4.5-5.5 volts allowing the system designer to optimize power consumption vs. processing speed.

It combines 16KB of programmable flash memory, 1KB SRAM, 512B EEPROM, an 8-channel 10-bit A/D converter, and a JTAG interface for on-chip debugging.

Atmega16 Architecture Overview

The ATmega16 has external connections for power supplies (VCC, GND, AVCC, and AREF), an external time base (XTAL1 and XTAL2) input pins to drive its clocks, processor reset (active low RESET), and four 8-bit ports (PA0-PA7, PC0PC7, PB0-PB7, and PD0-PD7), which are used to interact with the external interfaces. These ports may be used as general purpose digital input/output (I/O) ports or they may be used for the alternate functions. The ports are interconnected with the ATmega16s CPU and internal subsystems via an internal bus. The ATmega16 also contains a timer subsystem, an analog-to-digital converter (ADC), an interrupt subsystem, memory components, and a communication subsystem. In-System programmable Flash EEPROM Bulk programmable flash EEPROM is used to store programs. It can be erased and programmed as a single unit. Also, should a program require a large table of constants, it may be included as a global variable within a program and programmed into flash EEPROM with the rest of the program. Flash EEPROM is nonvolatile and memory contents are retained even when microcontroller power is lost. The ATmega16 is equipped with 16K bytes of onboard reprogrammable flash memory. This memory component is organized into 8K locations, with 16 bits at each location. The flash EEPROM is in-system programmable. In-system programmability means the microcontroller can be programmed while resident within a circuit. It does not have to be removed from the circuit for programming. Instead, a host personal computer (PC) connected via a cable to a microcontroller downloads the program to the microcontroller. Alternately, the microcontroller can be programmed outside its resident circuit using a flash programmer board.

Static Random access memory

SRAM is volatile. If the microcontroller loses power, the contents of SRAM memory are lost. It can be written to and read from during program execution. The ATmega16 is equipped with 1000 bytes of SRAM. A portion (96 locations) of the

SRAM is set aside for the general-purpose registers used by the CPU and also for the I/O and peripheral subsystems aboard the microcontroller. Port System The Atmel ATmega16 is equipped with four 8-bit general-purpose, digital I/O ports designated PORTA, PORTB, PORTC, and PORTD. All of these ports also have alternate functions. In this section, we concentrate on the basic digital I/O port features.
1. 2.

Data Register (PORTx)---used to write output data to the port, Data Direction Register (DDRx)---used to set a specific port pin to either output (1) or input (0), and

3.

Input Pin Address (PINx)---used to read input data from the port

Port pins are usually configured at the beginning of a program for either input or output, and their initial values are then set. Usually, all eight pins for a given port are configured simultaneously. The data direction register (DDRx) is first used to set the pins as either input or output, and then the data register (PORTx) is used to set the initial value of the output port pins. Timing Subsystem The ATmega16 is equipped with a complement of timers that allows the user to generate a precision output signal, measure the characteristics (period, duty cycle, frequency) of an incoming digital signal, or count external events. Specifically, the ATmega16 is equipped with two 8-bit timer/counters and one 16-bit counter.

Pulse width modulation Channels A pulse width modulated, or PWM, signal is characterized by a fixed frequency and a varying duty cycle. Duty cycle is the percentage of time a repetitive signal is logic high during the signal period. It may be formally expressed as Duty cycle (%) = (on time/period) (100%) The ATmega16 is equipped with four PWM channels. The PWM channels coupled with the flexibility of dividing the time base down to different PWM subsystem clock source frequencies allows the user to generate a wide variety of PWM signals, from relatively high-frequency, low-duty cycle signals to relatively low-frequency, high-duty cycle signals. Serial USART The serial USART is used for full duplex (two-way) communication between a receiver and transmitter. This is accomplished by equipping the ATmega16 with independent hardware for the transmitter and receiver. The USART is typically used for asynchronous communication. There is not a common clock between the transmitter and receiver to keep them synchronized with one another. To maintain synchronization between the transmitter and receiver, framing start and stop bits are used at the beginning and end of each data byte in a transmission sequence. The ATmega16 USART is quite flexible. It has the capability to be set to a variety of data transmission rates known as the baud (bits per second) rate. The USART may also be set for data bit widths of 5 to 9 bits with one or two stop bits. Furthermore, the ATmega16 is equipped with a hardware-generated parity bit (even or odd) and parity check hardware at the receiver. A single parity bit allows for the detection of a single bit error within a byte of data. The USART may also be configured to operate in a synchronous mode. Analog-To-Digital Converter The ATmega16 is equipped with an eight-channel ADC subsystem. The ADC converts an analog signal into a binary representation suitable for use by the microcontroller. The ATmega16 ADC has 10-bit resolution. This means that an

analog voltage between 0 and 5 V will be encoded into one of 1024 binary representations between (000)16 and (3FF)16 .This provides the ATmega16 with a voltage resolution of approximately 4.88 mV. Interrupts The normal execution of a program step follows a designated sequence of instructions. However, sometimes, this normal sequence of events must be interrupted to respond to high-priority faults and status both inside and outside the microcontroller. When these higher-priority events occur, the microcontroller must temporarily suspend normal operation and execute event specific actions called an interrupt service routine. Once the higher priority event has been serviced, the microcontroller returns and continues processing the normal program. The ATmega16 is equipped with a complement of 21 interrupt sources. Three of the interrupts are provided for external interrupt sources, whereas the remaining 19 interrupts support the efficient operation of peripheral subsystems aboard the microcontroller. Power Consumption The ATmega16 is available at two different operating voltage ranges. The ATmega16L operates at supply voltages from 2.7 to 5.5 VDC, whereas the ATmega16 operates at supply voltages from 4.5 to 5.5 VDC. To minimize power consumption, the microcontroller can be placed into various low current sleep modes. There are six different sleep modes available to the system designer. The microcontroller is placed in sleep mode using the SLEEP command and gets activated when an interrupt occurs. Additionally, power consumption can be further reduced by operating the microcontroller at the lowest practical clock frequency for a given application.

WORKING of RFID

Connector

Radio waves

RFID Tag (Smart card): Up to 2000 bits stored on a memory chip housed in a key, button or integrated circuit card. RFID Reader: Housed on a PC card module that contains a transmitter, receiver and a digital control module and communicates through RS-232 interface. The module is connected to an antenna that constantly transmits and, when senses a card, activates the smart card, reads the data and decodes it and passes it on to a host system over a connector. Radio waves: 125 KHz or 13.56 M Hz are the most common RFID frequencies. These waves are generated by the RFID reader which energises the smart card and the data in the smart card is received by the reader in the form of radio waves. Host System: Processes data from a smart card passed along by a reader. In a smart card reader, a microcontroller (AtMega16) is being used as the host system. For example, in case of payment cards used in a gas station, it checks the customers credit and then sends authorization back to the gas station to turn ON the pump. In an inventory control or supply chain system, the card data is used to generate an order for new goods.