Design World - Internet of Things Handbook April 2020 (MagazinePUB - Com) PDF

™
DESIGN SOLUTIONS
… with Interconnect Components & Hardware
Battery Clips, Contacts & Holders Fuse Clips & Holders Terminals and Test Points
Spacers & Standoffs Plugs & Jacks Multi-Purpose Hardware
IT’S WHAT’S ON THE INSIDE THAT COUNTS

®
E L E C T R O N I C S C O R P.
View our Dynamic Catalog M70 at www.keyelco.com

(516) 328-7500 (800) 221-5510
Request a copy of our Product Design Guide M70
INTERNET OF THINGS HANDBOOK
No, IoT RF radiation

won’t cause a pandemic
I once had a lengthy exchange with a guy who Although no one has been able to find ill effects
claimed RF from WiFi was making him sick. After from low-level RF fields, that hasn’t been the case for
effects caused by news stories about RF. Consider the
numerous emails back and forth in which I tried to findings of Anne-Kathrin Bräscher and her colleagues
correct his misconceptions about WiFi signals, I gently at the Johannes Gutenberg University in Germany.
suggested that he go find an RF screen room and They showed one group of test subjects a TV report
on adverse health effects of EMF, the other group a
sit in it to see if the experience made him feel any
neutral report. They then asked participants whether
differently. I never heard from him again. or not they could sense WiFi signals. The participants
didn’t know that half of them were in an RF screen room
Clinicians would probably say my email pen-pal was and weren’t receiving RF energy of any kind. The group
suffering from electrohypersensitivity (EHS) syndrome. that had seen the EMF health effects propaganda were
EHS is claimed to appear in people exposed to levels more likely to report some kind of sensation from the
of electromagnetic radiation far below those high sham WiFi exposure, especially among participants
enough to raise the temperature of or induce electrical who were super sensitive to touch or prone to vague
effects in living tissue. The problem is no high-grade gastrointestinal disorders. Bräscher also notes that
(double or single-blind, randomized, and with a control participants of the WiFi group reported more anxiety
group) clinical studies have been able to find evidence about WiFi exposure than the control group and tended
that EHS syndrome is real. Most clinicians have come to perceive themselves as being more sensitive to RF
to the same conclusion about EHS as Eric van Rongen fields after the experiment than before.
of the Health Council of the Netherlands. Van Rongen Bräscher and her colleagues concluded that
surveyed the results of numerous EHS studies done sensational media reports can make even healthy
with GSM signals. He says the evidence shows that people hypersensitive to minor symptoms they might
exposure to a GSM-type signal may result in minor otherwise just blow off. People who tend to perceive
effects on brain activity, but such changes have never bodily symptoms as intense, disturbing, and noxious
been found to relate to any adverse health effects. Van seem most vulnerable to having catastrophizing
Rongen further concludes there are clear indications thoughts after exposure to sensational media reports
that psychological factors such as the conscious about EM radiation.
expectation of an effect may play an important In that regard, perhaps there is something good to
role in people claiming to suffer from EHS. come out of our current pandemic: It has temporarily
Many of the studies van Rongen redirected the attention of those with minor symptoms
reviewed took place in the early 2000’s when away from WiFi and toward the flu as being a likely
cell phones were becoming ubiquitous. culprit. But over the long term, there are ample
Though you can still find doomsayers reasons for researchers to stop proposing increasingly
warning about low-level cell phone signals, implausible links between EHS syndrome and RF.
most concerns these days are voiced
about WiFi and, increasingly, 5G
frequencies. And with the
widespread media coverage
of IoT and 5G technology, it’s
likely that the anxiety level
about RF fields will grow.
LELAND TESCHLER | EXECUTIVE EDITOR
2 DESIGN WORLD — EE NETWORK 4 • 2020 eeworldonline.com | designworldonline.com

1.800.463.9275
newark.com
Discover Over a Million

Engineering Products
from Suppliers You Know
and Trust
900+ new products

each week
Custom services such as

kitting, panel meters,
enclosures, and many more!
Market-leading online
community of over
600,000 engineers
DESIGN WORLD
FOLLOW THE WHOLE TE AM ON T WIT TER @ DE S IGNWORLD
EDITORIAL PRINT PRODUCTION MARKETING EVENTS
VP, Editorial Director VP, Creative Services VP, Digital Marketing Events Manager
Paul J. Heney Mark Rook Virginia Goulding Jen Osborne
pheney@wtwhmedia.com mrook@wtwhmedia.com vgoulding@wtwhmedia.com jkolasky@wtwhmedia.com
@wtwh_paulheney @wtwh_graphics @wtwh_virginia @wtwh_Jen
Senior Contributing Editor Art Director Digital Marketing Specialist Event Marketing Specialist
Leslie Langnau Matthew Claney Sean Kwiatkowski Olivia Zemanek
llangnau@wtwhmedia.com mclaney@wtwhmedia.com skwiatkowski@wtwhmedia.com ozemanek@wtwhmedia.com
@dw_3Dprinting @wtwh_designer
Webinar Coordinator
PRODUCTION SERVICES
Executive Editor Graphic Designer Halle Kirsh
Leland Teschler Allison Washko hkirsh@wtwhmedia.com Customer Service Manager
lteschler@wtwhmedia.com awashko@wtwhmedia.com Stephanie Hulett
@dw_LeeTeschler @wtwh_allison Webinar Coordinator shulett@wtwhmedia.com
Kim Dorsey
Executive Editor Graphic Designer kdorsey@wtwhmedia.com Customer Service Representative
Lisa Eitel Mariel Evans Tracy Powers
leitel@wtwhmedia.com mevans@wtwhmedia.com tpowers@wtwhmedia.com
@dw_LisaEitel @wtwh_mariel
ONLINE DEVELOPMENT
& PRODUCTION
Customer Service Representative
Senior Editor Director, Audience Development JoAnn Martin
Web Development Manager
Miles Budimir Bruce Sprague jmartin@wtwhmedia.com
B. David Miyares
mbudimir@wtwhmedia.com bsprague@wtwhmedia.com
dmiyares@wtwhmedia.com
@dw_Motion
@wtwh_WebDave
Senior Editor VIDEOGRAPHY SERVICES

Digital Production Manager
Mary Gannon Senior Digital Media Manager Reggie Hall
mgannon@wtwhmedia.com Video Manager Patrick Curran rhall@wtwhmedia.com
@dw_MaryGannon Bradley Voyten pcurran@wtwhmedia.com
bvoyten@wtwhmedia.com @wtwhseopatrick Digital Production Specialist
Associate Editor @bv10wtwh
Elise Ondak
Mike Santora Front End Developer eondak@wtwhmedia.com
msantora@wtwhmedia.com Videographer
Melissa Annand
@dw_MikeSantora Derek Little
mannand@wtwhmedia.com Digital Production/
dlittle@wtwhmedia.com
Marketing Designer
@wtwh_derek
FINANCE Software Engineer Samantha King
David Bozentka sking@wtwhmedia.com
Controller dbozentka@wtwhmedia.com
Brian Korsberg
bkorsberg@wtwhmedia.com
Accounts Receivable Specialist

Jamila Milton
jmilton@wtwhmedia.com
DESIGN WORLD does not pass judgment on subjects of controversy nor enter into dispute with or between any individuals or organizations. DESIGN WORLD is also an independent forum for the expression
WTWH Media, LLC of opinions relevant to industry issues. Letters to the editor and by-lined articles express the views of the author and not necessarily of the publisher or the publication. Every effort is made to provide
accurate information; however, publisher assumes no responsibility for accuracy of submitted advertising and editorial information. Non-commissioned articles and news releases cannot be acknowledged.
1111 Superior Ave., Suite 2600 Unsolicited materials cannot be returned nor will this organization assume responsibility for their care.
Cleveland, OH 44114 DESIGN WORLD does not endorse any products, programs or services of advertisers or editorial contributors. Copyright© 2020 by WTWH Media, LLC. No part of this publication may be reproduced in any
form or by any means, electronic or mechanical, or by recording, or by any information storage or retrieval system, without written permission from the publisher.
Ph: 888.543.2447
Subscription Rates: Free and controlled circulation to qualified subscribers. Non-qualified persons may subscribe at the following rates: U.S. and possessions: 1 year: $125; 2 years: $200; 3 years: $275;
FAX: 888.543.2447 Canadian and foreign, 1 year: $195; only US funds are accepted. Single copies $15 each. Subscriptions are prepaid, and check or money orders only.
Subscriber Services: To order a subscription or change your address, please email: designworld@omeda.com, or visit our web site at www.designworldonline.com
POSTMASTER: Send address changes to: Design World, 1111 Superior Ave., Suite 2600, Cleveland, OH 44114

CONTENTS
2020
2 NO, IoT RF RADIATION WON’T CAUSE A PANDEMIC
6 THREE REAL-WORLD APPLICATIONS FOR PNEUMATICS AND IIoT

Pneumatics designers have more access to the Industrial Internet of Things
APR IL
(IIoT) technology, from position sensors on cylinders to system flow sensors
and smart edge gateways. However, the rich data these tools produce also
presents a challenge: How to put this technology to work that makes the
most of opportunities.
10 COMPARING MAGNETIC CORES FOR POWER INDUCTORS

It is helpful to know how the material properties and geometries
of magnetic cores affect the ability of inductors to store energy
or filter current.
•
14 DEVELOPING CONNECTED MEDICAL DEVICES
Super-small radio SoCs are being paired with innovative battery
HANDB OOK
technologies to bring inexpensive medical electronics online.
16 THE JOURNEY TOWARDS AUTONOMOUS MANUFACTURING

As data are increasingly aggregated across manufacturing lines, the
reality of autonomous lines is likely to be reached in the next five
years. Here’s a look at what a typical journey towards autonomous
manufacturing looks like and best practices for how manufacturers
can begin to achieve this.
20 HOW TO TEST USB4 DESIGNS

Designers must look at and characterize the entire
Type-C ecosystem when testing USB4 designs.
26 IS PREDICTIVE MAINTENANCE THE ‘KILLER APP’

OF INDUSTRIAL IoT?
Once headlined as the ‘killer app’ for IIoT, predictive maintenance
THI NGS
has taken a while to find its feet, but progress has in fact been sure
and steady, with some standout examples of successful niches.
30 BREAKING BLE
Despite built-in safe-guards, Bluetooth Low Energy IoT
devices are vulnerable to hacks when they communicate
over the air. Here are the basics of the problem.
34 SELECTING THE RIGHT BLUETOOTH LOW ENERGY SoC

Tricks of the trade for optimizing the energy consumption of
BLE chips affect memory size, clock speed, operating modes,
OF
and other factors determined during the initial design.
38 HOW TO USE MQTT TO OVERCOME OBSTACLES

TO IIoT INTEGRATION
End users struggle with specific pain points around digital
I NTER NET
transformation in the traditional technology stack. While traditional

communication technologies will continue to be in demand, pairing
MQTT with existing offerings can give users a way to evolve.
43 ARCHITECTURES THAT HELP IMPLEMENT THE

INDUSTRIAL INTERNET OF THINGS
Among the models available to implement the Internet of
Things, two standards bodies, the Industrial Internet Consortium
and oneM2M, offer complementary architectural approaches.
Here’s a look at each, and how they work together.
eeworldonline.com | designworldonline.com 4 • 2020 5

Maintenance technicians can

analyze appropriate data from IIoT
sensors and use that information to
predict that a shock absorber at the
end of an actuator is deteriorating
by sensing a millisecond’s increase
in its stroke speed.
Three real-world applications

for pneumatics and IIoT
Enrico De Carolis, Vice President of Industrial hydraulics and Let’s explore real-world applications
Global Technology • Fluid Control manufacturers using pneumatics have access
that leverage IIoT-enabled pneumatics to
and Pneumatics at Emerson solve fundamental challenges faced on an
to more IIoT technology than ever before, ongoing basis:
Pneumatics designers have more from position sensors on cylinders to system
access to the Industrial Internet of Improving safety to protect
flow sensors and smart edge gateways people and equipment
Things (IIoT) technology, from position
sensors on cylinders to system flow that operate independently from the
Pneumatics have long provided efficient
sensors and smart edge gateways. machine controller with globally accepted
and cost-effective motion and actuation with
However, the rich data these tools communication protocols. reliable technology and a proven record of
produce also presents a challenge: equipment safety. Now, IIoT technology, along
How to put this technology to work However, the rich data these tools produce with related European trends like Industry 4.0,
that makes the most of opportunities. also presents a challenge for machine builders creates new opportunities for pneumatics to
and OEMs: How do we put the Industrial further improve safety. Additional functional
Internet of Things (IIoT) to work in a way insights also allow users to monitor a machine’s
that makes the most of opportunities in a safety characteristics to better protect people
digitized, highly connected world? and equipment from harm.

APPLICATIONS: IoT AND PNEUMATICS
Consider a machine using a safety absorber. As a result, there are shorter or

light curtain to disable a pneumatics valve fewer machine stoppages and a reduction An intelligent, IIoT-based closed-loop
system when an operator is loading or in unplanned downtime, or complete or system, including sensors on IIoT-enabled
unloading a part to be processed into the unrecognized failures. pneumatics components, allows for more
machine. Historically, safety applications In addition, IIoT-enabled pneumatics flexibility in machine operation positioning.
have relied on statistical calculations to can monitor functionality at a valve’s location.
define a safety component’s mission time A valve’s state of wear can be hard to
replacement cycle. Mission time defines the zdetermine from the outside of a machine. If
number of cycles when a safety component additional internal sensors are not an option,
requires replacement regardless of whether an IIoT gateway can evaluate valve life by
it is functioning or not, in order to keep tracking the valve’s cycle counts. The user
the calculated statistical safety function can then enable a cycle counter algorithm to
valid. While the valve may seem to be okay determine how much of the valve’s life cycle
according to its rated mission time, there has been used and to predict how many
are other measurable factors that may not operating days and hours it has left. This
be considered (for example, changes in allows machine operators or end-users to
valve response time). A response time that plan downtime.
changes from 30 to 70 milliseconds could Data-driven insights for predictive
create a serious safety hazard by allowing an maintenance can also help to improve
operator to move further into the machine’s the scheduling of preventive tasks for
dangerous motion area before a safety pneumatics components. The data can be
response event is triggered. analyzed and used as information to guide
A system using new IIoT technology plant management teams as they predict
would proactively capture, analyze and and address issues before they cause injury,
report the decline in the valve’s response damage, failure or production losses.
time, as well as the corresponding alert The integration of data-driven predictive
response time before the safety function is maintenance with preventive maintenance
compromised. This type of actionable safety also allows just-in-time part replacements,
information creates a safer workplace. decreasing the need to purchase and
warehouse a full inventory of system-critical
Improving predictive and “just-in-case” parts. When pneumatics work
preventative maintenance together with IIoT, it creates a system that
facilitates early detection and prediction of
Dealing with wear and tear is a daily potential issues. Maintenance technicians can
challenge in any manufacturing setting. place orders to ensure parts are delivered
Predictive and preventative maintenance when they are needed. In the future, this,
programs are critical to effectively manage too, could become an automatic step where
machine life cycles and maximize overall the IIoT system itself autonomously sends
equipment effectiveness (OEE). the order to parts suppliers.
For example, maintenance technicians A smart pneumatics monitor (SPM) is a
can analyze appropriate data from IIoT Improving machine efficiency “gateway” that aggregates, organizes
sensors. They can then use that information and analyzes pneumatics performance
to predict that a shock absorber at the end The real-world value of a certain technology data and can deliver it through separate
of an actuator is deteriorating by sensing ultimately equates to how well that pathways to plant management systems,
a millisecond’s increase in its stroke speed. technology boosts the bottom line and cloud environments and/or simple HMIs.
This can trigger predictive maintenance creates a return on investment. IIoT offers
protocols to replace the worn shock significant opportunities to improve
eeworldonline.com | designworldonline.com 4 • 2020 DESIGN WORLD — EE NETWORK 7

Organizing data pneumatics operations in several ways,

including:
the issue at a fraction of the cost required for
new controller equipment or work process
with a Smart Regulating upstream/downstream flow
modifications. An intelligent, IIoT-based,
closed-loop system, with appropriate sensors
Pneumatics Monitor Combining the traditional strengths of a
pneumatics system with IIoT-based technology
on IIoT-enabled pneumatics components,
allows each gate’s position to vary from 0
can maximize process control and monitoring, to 100% of the opening — not just the two
As pneumatics technology becomes particularly for upstream/downstream flow. positions of opened or closed. The flexibility
more intelligent, additional data The result is enhanced OEE and lower total results in much better flow control for bulk
points are being generated across the cost of ownership (TCO). material, without the need to change the
production systems where they are Consider a plant using a system that controller program.
installed. Examples include information allows only fully open or fully closed positions By adding additional components, such
such as diagnostics, usage statistic on pneumatically actuated gates on a hopper as an extremely precise pneumatic positioning
and lifetime data. In addition, if all or silo that dispenses bulk material for system for control and IIoT gateway to analyze
the pneumatics components (along packaging. Uneven product flow and traffic functionality, the system enables more efficient
with other intelligent machine drives, jams can inundate or starve downstream control of the bulk material, preventing
devices and subsystems) are generating processing stations. The inability to vary starvation of the packaging system downstream
megabytes of performance data, the dispensing gates’ position based on as well as optimizing OEE. In addition, data
there’s a potential to overwhelm the downstream demand creates inefficiencies from the IIoT system can be leveraged for
machine control network and complicate and bottlenecks throughout the plant. The additional system improvements. It could, for
automation process and control results range from damages to the bulk example, measure valve life so the operator
performance. material to overtime costs for personnel to understands whether a valve is performing
A smart pneumatics monitor (SPM) is make up production quotas. to specification and, if necessary, change the
a “gateway” that aggregates, organizes A retrofit solution, without disturbing the component during scheduled maintenance
and analyzes pneumatics performance existing controller or its program, can address while alleviating any unplanned downtime.
data and can deliver it through separate
pathways to plant management systems,
cloud environments and/or simple HMIs.
This gateway can be independent of the
process control architecture, using OPC
UA, MQTT, FTP or email pathways to
deliver alerts for both system-level and
device-level performance data.
The integration of data-driven predictive maintenance with

preventive maintenance also allows for just-in-time part
replacements, decreasing the need to purchase and warehouse
a full inventory of system-critical “just-in-case” parts.

APPLICATIONS: IoT AND PNEUMATICS
Boosting energy efficiency

Smart energy usage is a key consideration for
machine manufacturers and end-users alike. Data
MES/ERP level Cloud services
generated by IIoT-connected sensors can be
Process planning, Data mining,
converted into actionable information, allowing
surveillance, long-term trends,
manufacturers to more fully understand and better
maintenance third-party access
manage energy usage.
For example, smart sensors can monitor
pressure losses within the system and an IIoT
gateway can analyze this data and send alerts when
leakage becomes the predominant contributor
to energy consumption. Users could then identify
excessive leaks caused by a worn seal, for example,
and mitigate them before they become a major
concern. This functionality can also be achieved
Field level without changing the machine controller’s program
Real-time or process.
process control Additionally, smart technology can minimize
air consumption, not only to save money but also
to reduce wear on components. For instance, by
monitoring and analyzing compressed air pressure
with respect to cycle time, the end-user can reduce
the preset system pressure at the point of use to
the work side of a cylinder, and determine the
optimal operating point where the cycle time can
be maintained with the least energy consumption.
This also decreases component wear by optimizing
generated forces and reducing vibrations.
Enabling manufacturing flexibility

From product customization to packaging variations,
manufacturers increasingly require the flexibility
Cylinder position SPM to change equipment without sacrificing quality.
Connected components can be engineered to easily
and seamlessly supply different pressures for different
tooling positions and sequences. A directional
control valve system, for example, can support
Air consumption simple, on-the-fly changes and tooling positions for
quick product variations and changeovers.
Build a path forward

Data is only as useful as its ability to provide
Pressure Valve actuation and diagnosis insights, guide decisions and help justify investment.
And while OEMs and end-users understand the
potential to capture, aggregate and use sensor
data, it’s time to turn that potential into reality.
Fieldbus IP network IO connection From creating a safer workplace to predicting
failure before it happens and building flexible
production lines, IIoT-enabled technology
Combining the traditional strengths of a pneumatics system can generate real-world results in pneumatics
with IIoT-based technology can maximize process control and operations.
monitoring, particularly for upstream/downstream flow.
Emerson | emerson.com

Comparing magnetic cores

for power inductors
It is helpful to know how the material properties and geometries of magnetic
Leland Teschler • Executive Editor
cores affect the ability of inductors to store energy or filter current.
There can be a lot of mystique attached comprised of silicon steel, nickel-iron, cobalt- expressed as the flux density, B, divided by
iron, and amorphous metal alloys. the magnetic field, H. Thus the lower the value
to the specs of magnetic cores used in power
Tape-wound devices can be useful up to of μ, the greater the value of H (or current)
inductors, due partly to the fact that magnetic 10 to 20 kHz depending their material. The that the core supports when B is below the
maximum usable frequency is usually lower maximum value of flux density (Bsat) inherent
materials may not be well characterized for
than for ferrites because their resistivity is to the magnetic material. Commercially useful
handling high levels of magnetic flux. Thus a lower, resulting in high eddy currents and magnetic materials have a Bsat that ranges from
higher core losses. The thinner the tape about 0.3 to 1.8 T.
few basic concepts may come in handy when
material, the higher the usable frequency. The gaps in power inductors can be
working with these components. A benefit of tape-wound cores is that they either discrete or distributed. Powder cores
saturate at higher levels than ferrite cores so are distributed gap materials. Microscopically,
There are three general types of materials they can be physically smaller at high power magnetic alloy powder grains are separated
used for inductor magnetic cores: powder levels. On the other hand, ferrites have lower from one another by binder insulation or
cores comprised of various iron alloys, ferrites, core losses and cost less per unit weight. Also, by a high-temperature insulation that coats
and wound cores comprised of thin magnetic nickel-iron alloys can be brittle, so tape-wound each grain. Distributing the gap throughout
steel strips. Of these, the most common go-to core toroids wound with this material can the powder core structure eliminates the
materials are ferrites for transformers, iron- be sensitive to shock and vibration. Tapes of disadvantages of a discrete gap structure, which
powder for inductors. silicon-steel alloy don’t have this problem. include sharp saturation, fringing loss, and EMI.
One reason is the behavior of these Additionally, distributed gap materials control
materials in the presence of ripple currents. MIND THE GAP eddy current losses to permit use of higher Bsat
Ferrites have a power loss comparable to that The magnetic cores used in power inductors alloys at relatively high frequencies though they
of iron powder but can handle higher ripple frequently have an air gap within their have a comparatively low bulk resistivity.
currents. Because transformers typically have structure. The gap is used to boost the flux Ferrite cores are where you typically
a high ripple current but zero average current, level at which the core saturates under load. find discrete gaps. A ferrite core with a gap
ferrite cores work well. Specifically, the air gap reduces and controls becomes a hybrid ferrite-air material. Its
In contrast, most inductors handle a small the effective permeability of the magnetic magnetic qualities move toward those of iron
amount or ripple current but a large average structure. Permeability, μ, is a measure of how powder in that the field inductance drops and
current. Iron-powder cores typically maintain much magnetization a material receives in the saturation current rises.
their magnetic qualities in the presence an applied magnetic field. Recall μ can be Ferrite’s main advantage for inductor
of high dc currents, though the ripple
current must be relatively small to avoid A comparison of core materials made by Magnetics Inc.
overheating. Thus iron-powders are usually
MPP High flux Kool Mμ XFlux 75 series Kool Mμ MAX
the first choice for inductor cores.
The geometry often used for power Permeability 14-300 14-160 14-125 26-60 26-60 26-60
inductors and transformers is the toroid
Saturation (BSAT) 0.7 T 1.5 T 1.0 T 1.6 T 1.5 T 1.0 T
because its shape maximally constrains
the magnetic field while providing a large Max temp (°C) 200 200 200 200 200 200
area for windings. Both powder cores and AC core loss Lowest Moderate Low High Low Very low
ferrites are commonly obtained shaped as
Toroid, E, Toroid, E,
toroids, but also tape-wound (also called Core shapes Toroid Toroid Toroid Toroid
U, Block Block
strip-wound or cut wound) cores can be
used as toroidal transformers. The strips DC bias Better Best Good Best Better Better
can be as thin as 0.000125 in and may be Alloy composition FeNiMo FeNi FeSiAl FeSi FeSiAl FeSiAl

CHOOSING MAGNETIC CORES
A typical magnetization curve for a soft magnet with key
parameters labeled: Ms, or the saturation magnetization; Magnetization curve for a generic soft magnet
Mr, the magnetization remaining after an external field
is removed; Hc, the value of the magnetic field necessary
to remove magnetization after the magnetic material has
saturated; and Χi, the initial magnetic susceptibility. Ms
Mr
cores is low loss at high frequencies because it has a high resistivity
compared with metal alloys. Ferrites are at the low end of the
available range for Bsat, and they shift down in Bsat significantly as
temperature rises. The presence of a discrete gap gives the inductor i
a sharp saturation point, forcing designers to keep the inductor well
away from this area of operation. Hc Hc
Additionally, discrete gaps create magnetically intense
localizations of the B field while simultaneously “leaking” the field to
produce circuit noise and EMI. Inductors with discrete gaps also are
vulnerable to eddy current losses in their coils from fringing.
Amorphous and nanocrystalline tape-wound cut cores may also Mr
use discrete gaps. They have less ac loss than powder cores but often
cost more. Ms
Magnetic cores with various geometries have been devised for
specific purposes, though toroids are generally the least expensive
and have less thermal resistance than other shapes. For example,
E-shaped cores are usually applied in transformers with a bobbin-
type coil over their center piece. Placing the coil on the center
member helps ensure it is enclosed in a magnetic field for efficiency
considerations. To get a high permeability over the range of operating
frequencies, the core is designed gap free (if there’s no dc current to
worry about). Also available are C and U-shaped cores, again used for
transformers, where windings may be put on one or both legs.
Additionally there is the EP core, basically, a magnetic
structure containing a post for a bobbin-wound coil and additional Optically Clear
magnetic material which fully encloses the coil. These cores are
generally employed for broadband transformers working up to a Silicone Adhesive
few megahertz. The two pieces of EP core material that enclose the Addition Cured MasterSil 157
bobbin are usually held together with a clamp so there’s no gap
between the two magnetic pieces. However, for specialized cases as
when there is a dc current or high-level ac excitation, some EP cores Outstanding optical clarity
will incorporate a small air gap to linearize the transformer behavior.
Refractive index, 75°F: 1.43
COMMON CORE MATERIAL PROPERTIES Wide temperature range
Ferrites for magnetic purposes are generally made of sintered -175°F to +500°F
manganese and zinc (MnZn) or nickel and zinc (NiZn) for use in
higher frequencies. Magnetic materials containing high percentages
Superior flexibility
of nickel or cobalt cost more than those containing mainly iron. But
Elongation, 75°F: 110-140%
there are a variety of compositions comprised of numerous materials
and geometries. And of course, material cost affects large cores more
significantly than small ones.
MPP (Molypermalloy powder) cores are distributed-air-gap
toroidal cores made from a nickel-iron- molybdenum alloy powder.
MPP exhibits the lowest core loss of the powder-core materials, but
its processing costs and 80% nickel content makes it cost more. MPP
toroids are typically available with outside diameters ranging from 3.5
to 125 mm.
High-flux cores are distributed-air-gap toroidal cores made
from a nickel-iron alloy powder. These cores contain 50% nickel and
have processing costs comparable to that of MPP. Their lower nickel
154 Hobart St., Hackensack, NJ 07601 • USA +1.201.343.8983 • main@masterbond.com
www.masterbond.com
4 • 2020 DESIGN WORLD — EE NETWORK 11
A graph from Magnetics Inc. showing
how powder materials saturate gradually
and still maintain a useful, predictable
Soft saturation effects inductance even at high current loads. A
gapped ferrite will maintain an inductance
The gapped ferrite must be kept a safe closer to the unbiased value until saturation,
distance away from the sudden rolloff. at which point inductance suddenly drops.
Small shifts in the rolloff curve, or in the
FERRITE operating point, could have a distastrous
effect. This curve shifts to the left with when a magnetic material is magnetized. The
increasing temperature.
effect is called magnetostriction. The resulting
mechanical motion can produce an audible hum
if it takes place in the audio range. Magnetic
materials that include Permalloy 80, KoolMμ and
POWDER CORE MPP powder cores have low magnetostrictive
properties and frequently get specified when
audible noise is a possibility.
INDUCTANCE
The powder core is safely

designed to operate part way
down the curve. The curve CORE SIZE
does not shift appreciably
There are two dimensions that primarily impact
with increasing temperature.
the size of a magnetic core: the core window
(winding) area and the core cross¬ sectional
area. The product of these two is generally
called the area product, or WaAc and relates
CURRENT FERRITE POWDER CORE
CURRENT CURRENT to how much power the core can handle. The
larger the WaAc, the higher the power capacity.
content typically makes them 5-25% less costly cost less. Iron powder tends to find use when The area product can drop as operating
than MPP. High flux cores have a higher core the frequency is quite low or when the ac frequencies rise, thus reducing the necessary
loss than MPP and Kool Mμ. But they have a ripple current is minimal (resulting in fairly low core size. Core suppliers often publish figures
higher Bsat which leads to a low inductance shift ac losses). Most iron-powder cores contain for the area products of their products.
under high dc bias or high ac peak current. Like an organic binder that can eventually break Curie temperature is the temperature
MPP cores, high-flux cores are generally toroid- down in high temperatures, so thermal aging at which a material loses all of its magnetic
shaped only. qualities (available from published curves) are properties and thus become electrically useless.
Core manufacturers may mix proprietary a consideration. Iron-powder cores come in a Many cores incorporate an insulated coating
combinations of materials to produce cores variety of shapes including toroids, E-cores, pot which melt well below the Curie temperature.
with special qualities. Examples include Kool cores, U-cores, and rods. Similarly, exposure to the Curie temperature
Mμ (or, sendust) cores. These are distributed Gapped ferrite cores are marketed as an permanently alters the qualities of tape-wound
air gap cores employing iron, aluminum, and alternative to powder cores. Powder materials cores. Tape-wound cores and powder cores
silicon alloy powder. Kool Mμ material has dc saturate gradually even when the current generally have Curie temperatures exceeding
bias performance resembling that of MPP. But load rises significantly. A gapped ferrite will 450°C, but their materials can oxidize well
the absence of nickel in the formulation helps maintain an inductance closer to the unbiased below this temperature. Ferrites, however, have
keep the cost down. The main trade-off is that value until saturation, where inductance low Curie temperatures (120 to 300°C) and
Kool Mμ has ac losses exceeding those of suddenly drops. Another point to note is temperatures somewhat above these levels
MPP. It is designed for use when iron powder that the flux capacity of any power ferrite won’t alter the structure of the ceramic material.
is too lossy, typically because the frequency is drops significantly as temperatures rises while In general, the core magnetic properties return
moderate or high. the flux capacity of powder cores remains when the temperature drops below the Curie
Another proprietary formulation is the Xflux essentially constant over temperature. temperature as long as the material hasn’t
distributed gap cores made from a silicon-iron The operating point of powder cores oxidized or been held at high temperature for
alloy powder. The XFlux material exhibits slightly doesn’t shift much with temperature or material extended periods.
better dc bias performance than High Flux tolerances. And these cores have a
cores and much better than than that of MPP natural swinging inductance – high L
or Kool Mμ. Again, the absence of nickel in the at low load, controlled L at high load. References
formulation helps keep down costs. But XFlux Finally, powder cores not susceptible Magnetics Inc., www.mag-inc.com/
has higher ac losses than High Flux. It targets to fringing losses and gap EMI effects, Ferroxcube Inc. (Div. of Yaego), www.ferroxcube.com/
applications where iron powder is too lossy or and that they have higher inherent Bsat Micrometals Inc., www.micrometals.com/
lacking dc bias or where nickel alloys are too levels than ferrites. Amidon Inc., www.amidoncorp.com/
expensive or lack dc bias. Finally, there is a small change Fair-Rite Products Inc., www.fair-rite.com/
Iron-powder cores have higher core in dimension (generally on the TDK U.S.A., www.tdk.com/ferrites.php/
losses than MPP or Kool Mμ but generally order of a few parts per million)

IIoT devices run longer PROVEN
on Tadiran batteries.
40
YEAR
OPERATING
LIFE *
Remote wireless devices connected to the

ANNUAL SELF-DISCHARGE
Industrial Internet of Things (IIoT) run on
Tadiran bobbin-type LiSOCl2 batteries. TADIRAN COMPETITORS
Our batteries offer a winning combination:

a patented hybrid layer capacitor (HLC)
that delivers the high pulses required for 0.7%
two-way wireless communications; the
widest temperature range of all; and the
lowest self-discharge rate (0.7% per year),
enabling our cells to last up to 4 times
longer than the competition.
Up to 3%
Looking to have your remote wireless device complete a 40-year Tadiran Batteries
marathon? Then team up with Tadiran batteries that last a lifetime. 2001 Marcus Ave.
Suite 125E
Lake Success,
NY 11042
1-800-537-1368
516-621-4980
* Tadiran LiSOCL2 batteries feature the lowest annual self-discharge rate of any competitive battery, less than 1% per year, enabling these
batteries to operate over 40 years depending on device operating usage. However, this is not an expressed or implied warranty, as each
application differs in terms of annual energy consumption and/or operating environment. www.tadiranbat.com
Developing connected
medical devices for the IoT Adrie Van Meijeren, Low Power Connectivity • Dialog Semiconductor
Super-small radio SoCs are being paired with innovative battery

technologies to bring inexpensive medical electronics online.
The Internet of Things (IoT) has disrupted many industries Finally, there’s the disposability issue. The nature of disposable
medical devices is that they will only be used for anywhere between
in short order. However, when it comes to adopting the IoT, the
14 days and two months. Given that short lifetime and their cost,
medical and pharmaceutical space has largely been held back. insurance companies are naturally reluctant to support them.
The answer to all these challenges lies in the battery and
It’s not entirely surprising. The high level of regulation in the specifically, in implementing disposable silver-oxide or printed
medical field and the (literal) life-or- death stakes of introducing new batteries. Recently both high-energy thin film lithium batteries and
technologies for patient care understandable lengthen development printed rechargeable zinc batteries have become commercially
cycles for new medical devices. But engineering roadblocks around available. But there are questions about whether or not these
power, size and cost have been the biggest factors in making technologies are ready for mass deployment.
widespread development and adoption prohibitive for disposable The fabrication of batteries via 3D printing has several
connected medical devices. advantages over conventional battery fabrication technologies. For
There is a path forward, though, for developers who want to one thing, battery components may be printed directly on the PCB
devise IoT-based medical designs that meet the necessary size, holding the rest of the electronics. Thus there is the possibility of
power and cost requirements. eliminating assembly and packaging steps that discrete batteries
One of the major roadblocks to developing disposable require. Additionally, the printing process can also conceivably
connected medical devices is cost. It can be a prohibitively fabricate complex battery architectures that may be impractical via
expensive venture to create designs in a small form factor that other means. Printing methods can adjust the shape and thickness of
integrate a system-on-chip (SoC) and the necessary external the electrodes and print solid-state electrolyte that is stable and safe.
components for, say, measuring blood pressure or glucose levels or Printed zinc batteries look promising. One such device from
inhaling medicine. That cost is driven up by the need for components Impact Energy uses a High Conductivity Polymer Electrolyte (HCPE)
like two crystals rather than a single low-power version; four-layer that is stable, rechargeable, and does not need a sealed container.
PCBs rather than cheaper and simpler two-layer boards; and costly Because the chemistry is based on zinc rather than lithium, it avoids
batteries. As long as the bill of materials (BOM) remains high and the safety issues associated with many lithium technologies In
the product isn’t miniaturized, mass market adoption of connected additoin, lithium titanate (LTO) and lithium iron phosphate (LFP) are
medical devices will slow to a crawl. commonly used anode and cathode materials in 3D-printed batteries,
In addition to BOM cost, medical designers often must contend but carbon nanomaterials are promising for use as electrodes as
with power consumption problems. Medical disposable products well. Carbon nanotubes and carbon nanofibers are widely used in
must last a long time. Shelf lives of 18 months up to several years are printing inks because of their high mechanical strength, high chemical
not unusual, followed with a relatively short active life measured in stability, large specific surface area, and excellent electrical and
weeks to months. During its time on the shelf, battery capacity can thermal properties.
drop from both self-discharge and leakage current to the application It also looks as though printed battery electrolytes will help
itself. Once active life starts, the battery may not have enough reduce fabrication costs as well. The electrolyte serves as catalyst
capacity available to support it. Clearly, both patients and doctors by promoting the movement of ions from the cathode to the anode
need IoT medical devices to be dependable – both to treat the on charge and in reverse on discharge. Electrolyte material plays a
patient and also to provide the data necessary to ensure dosages key role in electrochemical performance, cycle life, and safety of the
and tests happen correctly. battery.

MEDICAL IoT
One example of a platform used for

devising connected medical devices
is Dialog Semiconductor’s Smartbond
Bluetooth low energy 5.1 system-on-a-chip
DA14531, visible on the daughterboard
plugged into the dev kit motherboard.
The DA14531 is a small, low-power SoC for
beacon and tracker devices and is designed
to work with any type of (disposable)
battery, 3-V coin cell or 1.5-V alkaline
button cells, 1.4-V zinc-air cells or even
printed batteries. The DA14531 supports
dc-dc peak current control, allowing
operation with low capacity (e.g. <20 mAh)
batteries with high internal resistance. The
SoC supports 2.5-dBm output power and a
96.5-dBm link budget. Sleep current can be
as low as 700 nA while using a hibernation
mode with external wake up trigger. The
DA14531finds use in (disposable) smart
labels, beacons or trackers.
There are still numerous challenges before printed batteries can on the supply rails. When power is applied initially, the charging of these
be widely commercialized. One problem is that currently there are only capacitors can result in an in-rush current that can exceed the nominal
a few printable active materials that can be used as inks. Additionally, load current. If left unaddressed, this high current can cause the voltage
much work remains to be done in characterizing how battery inks behave rails to fall out of regulation, perhaps making the system unstable or
when patterned over top other inks. And though there has been a lot of putting it in an unpredictable state. There are various ways of limiting
work done on the materials for the electrodes and electrolytes, current in-rush current. For example, some BLE devices incorporate built-in
collectors will likely need a similar amount of optimization. current limiters .
Once the technology is ready, healthcare applications will likely All in all, the review cycles for medical devices are justifiably long,
benefit greatly from super-thin 3D-printed batteries. Skin patches and it can be several years before they can hit the mainstream. But
using printed batteries are already commercial. Smart skin patches these devices have game-changing potential for patient care, and it all
use laminar batteries, often partially printed, combined with printed starts with finally cracking these longstanding design challenges.
electrode patterns to deliver drugs, cosmetics, and other chemicals
through the skin. Medical diagnostic devices will likely benefit as well.
Wireless sensor/network applications will also benefit. Here, the References
trend is to combine energy harvesting with thin batteries to keep the Dialog Semiconductor, www.dialog-semiconductor.com
package size down. Similarly, new small batteries will be a boon to
battery-assisted passive RFID although coin-cells are the main power
sources now. Smart card apps are another application wherein several
thin-film battery technologies have been optimized for lamination into
cards, though the prices are probably too high for disposable uses.
High peak currents can reduce battery capacity and lifespan. High
in-rush currents can arise in dc-dc converters which tend to incorporate
a high amount of capacitance on the power input to avoid voltage drops

The Journey towards

autonomous manufacturing Dr. Michael Grant, CTO, DataProphet
As data are increasingly aggregated across manufacturing lines, the reality of autonomous lines is
likely to be reached in the next five years. Here’s a look at what a typical journey towards autonomous
manufacturing looks like and best practices for how manufacturers can begin to achieve this.
Within the industrial world, leaders When reflecting on the concepts of Industry 4.0, we need to consider where
production systems have come from and the changes that have been made over
are defining their journey to autonomous
time to improve throughput and efficiency.
manufacturing. Manufacturers are focusing on Production improvement starts with robotic process automation (RPA), where
you take a repetitive process and apply some form of mechanization to improve
digitization strategies that will help to drive
the throughput rate. The interesting thing here is that it doesn’t improve the
efficiency across their plants. processes quality, but does make it less variable—simply because the process
When reflecting on the concepts

of Industry 4.0, consider where
production systems came from
and the changes made to improve
throughput and efficiency.
Production improvement starts
with robotic process automation
(RPA) that make processes less
variable because the process is
more repeatable.

PAGE TITLE WILL GO HERE
The future of industry 4.0

is more flexible. We´re at
a point where artificial
intelligence (AI) systems
are able to correct at the
highest rate possible, which
is ahead of real-time, to
produce the best quality at
the lowest cost, without the
need for a human expert.
is more repeatable. For example, if your T H E STAT E O F A U T O N O M O U S through a complex process is difficult
current process produces 1,000 defects, RPA M A N U FA C T U R I N G T O D AY to achieve. Unless the system achieves
will make 10 times as many defects, but also The journey to autonomous manufacturing a rigorous sampling and tracking of the
produce 10 times as many good parts. This is is complicated. It’s not as trivial as simply component flow, people alone are not able to
great for throughput but not very effective for turning on a solution. In the final step join the data from step A through to step Z.
improving quality. described previously, the AI solution needs to The solution to this complexity is a
Once manufacturers started shifting offer guidance, making corrective suggestions system that allows manufacturers to express
paradigms to become more data-led in their to the production team to improve quality. the relationship between the start of a
production systems (by using historians, PLCs, This helps to reduce the manufacturing risk process and the end of the process, without
etc.), it enabled them to draw on that data because the quality result is assured despite a having to enforce the rigorous traceability
to inform the expert analysis of the process. large variance in input material. Total system that would typically be required. This system
This results in improved control limits and a efficiency is improved because less scrap requires looking at the process with a slightly
reduction in the variance and in the number means greater production capacity, as well as different view. It´s important to understand
of quality defects. It does however make the the production of better-quality parts. the quality result from each step in the
operators´ job more difficult, as they need to Most plants today draw data from their process to make a final quality improvement
manually maintain the process within these production systems and send it to their at the end of the process.
finite control bounds. engineering or production teams. Operators
The next level of improvement is to are left to follow their own inquisitiveness E X I ST I N G SY ST E M S C A N B E U S E D
make these adaptive changes as quickly as they look through the data to devise an The paradigm of autonomous manufacturing
as possible, with an understanding of the optimization or system improvement. There is specifically designed to work with existing
system from start to finish, to improve isn´t a holistic view or use of data from the processes. The only change is that the
production. This final step brings us closer start to the end of a process to achieve an manufacturing system becomes more
to the goal of autonomous manufacturing. overall system improvement. data-led, by using production data and
Production systems need to be flexible to These data led investigations are quality data to make the prescribed process
tolerate the variance in upstream processes, also limited by the complexity of the changes that result in improved quality. The
without compromising on the quality of the manufacturing system. These systems-of- journey to autonomous manufacturing is,
final output. processes are often too complex to express in in fact, predicated on having an existing
The future of industry 4.0 is definitely the terms of classical engineering descriptions production system - although it can also
more flexible. We´re at a point where of their processes. An engineering model that work in greenfield spaces. Autonomous
artificial intelligence (AI) systems are able to would be able to handle material from the manufacturing only requires enough data
correct at the highest rate possible, which start of the process through to the finished to describe the process in order to make a
is ahead of real-time, to produce the best goods is too complex to express analytically substantial impact on the system.
quality at the lowest cost, without the need or interrogate with traditional methods. In
for a human expert. addition, the traceability of the component

Most plants draw data from

production systems and send
it to engineering or production
teams. Operators are left to
follow their own inquisitiveness
as they look through the data to
devise an optimization or system
improvement. There isn´t a holistic
view or use of data from the start
to the end of a process to achieve
an overall system improvement.
T H E S H I F T F R O M R E A C T I V E T O P R E S C R I P T I V E A I • Identify and save production data. As soon as a plant can

In reactive manufacturing, a quality failure is discovered at the end start saving production data, it opens the opportunity to
of the line and the production team will make a set of reactive use that data to optimize the future. That´s the single most
changes to the system to correct for the immediately observed important thing manufacturers can do now if they haven´t
error. This approach has two core features: the first is that the yet started.
defect has already occurred and the second is that the factory
keeps producing poor quality goods until the root cause has been • Improve the quality system. To improve quality, it´s
solved. A prescriptive system is different, as it involves making a important to ensure that the details of the defect are
small change now to avoid future quality failures. A small set of recorded (type, location, and description), and not just
corrective actions are made in anticipation of a quality cost that the fact that a defect has occurred. This will allow AI to
is never realized. These prescriptions can help to reduce the cost automatically diagnose the root cause of the problem and
of non-quality. In the reactive case, by contrast, one waits for the to provide continuous directions to the machine or to the
quality failure and all the associated costs to occur before correcting operator—so as to improve quality.
the failures in the system.
B E ST P R A C T I C E S F O R A U T O N O M O U S
M A N U FA C T U R I N G References
The two most important things manufacturers can do to DataProphet, https://dataprophet.com/
prepare production systems to achieve the goal of autonomous
manufacturing are:

EE Classroom is a syndicated content resource for
electronic engineers looking for need-to-know
information about various electronic components
and systems. Curated by EE World’s editorial team,
this digital content hub includes valuable technology
background and insights, key trends affecting your
designs of today and tomorrow, and frequently asked
questions relating to a wide range of important
electronic engineering topics.
Topics include:
• Power electronics
• Embedded computing
• Test & measurement
• Sensors
• Connectivity
To view free educational content, go to www.eeworldonline.com/learning-center

How to test USB4 designs

Designers must look at and characterize the entire
Jit Lim • Keysight Technologies
Type-C ecosystem when testing USB4 designs.
The USB Type-C connector has received significant Test points for USB4 compliance testing
adoption with ubiquitous standards like USB, DP, and
Test point Description Comments
Thunderbolt. The next-generation variant of USB is USB4.
TP1 Transmitter IC output Not used for electrical
USB4 will transmit and receive on all four lanes of the Type-C testing.
connector in parallel, with bonded rates of 40 Gbps in each TP2 Transmitter port Measured at the plug side
direction for an 80-Gbps link. connector output of the connector.
TP3 Measured at the
As these signals get sent through even longer passive Receiver port connector receptacle side of
cables, specialized transmitter and receiver techniques are output the connector. All the
necessary to preserve signal integrity. They involve new measurements at this
equalization requirements, signaling technologies, and point shall be done
measurement methodologies. Here, equalization at the while applying reference
transmitter and/or receiver serves to mitigate the effect of equalization function.
intersymbol interference and hence, to minimize the bit
error rate (BER). In equalization, the signal passes through TP3 Receiver port connector Measured at the plug size
a filter having its frequency response equal to the inverse input of the connector.
of the channel frequency response. A high gain is applied TP4 Receiver IC input Not used for electrical
at higher frequency to counter the signal attenuation at testing.
the high frequencies. In simple words, equalization is an
adaptive filter with coefficients determined at runtime
depending upon the physical channel. It takes ultra-low- Source: USB Implementers Forum
noise test instruments to properly characterize these high-
speed signals.
The USB4 standard was announced in Q1 of 2019
and the specification published in August 2019. Typically,
there is often a more lengthy
time-lag between the standards TP1 TP2 TP3’ TP3 TP4
announcement and the
specification release. But there
The test points and + TXp

+
their and definitions TXn
as spelled out for - -

IC IC
USB4 compliance
Package Package
testing.

TESTING USB4
USB4 Host
Typical USB4 implementation

Host I/F requirements as spelled out on
DP Source Adapter the USB Implementers Forum.
Enhanced
SuperSpeed Host
DP IN
Adapter TMU
PCle Controller USB 2.0 Host

Host Router
PCle DN USB3 DN
Adapter Adapter
PCle DN USB3 DN
Adapter USB4 Port USB4 Port Adapter
Downstream Facing Port USB Type-C

Connector(s)
USB 2.0
USB4/Enhanced SS Bus
Upstream Facing Port Composite Cable
Insertion loss budget for USB4 Insertion loss budget for USB 3.2
Speed Total budget (dB) Host (dB) Cable (dB) Device (dB) Data Rate Host Connector Cable Connector Device
Gen2 (10G) 23 5.5 12 5.5 5G 10dB Std A 7.5dB Std B 2.5dB
Gen3 (10G) 22.5 7.5 7.5 7.5 5G 10dB Std A 3.5dB Micro B 6.5dB
5G 6.5dB C 7dB C 6.5dB
Insertion Loss Budget for USB 3.2 and USB4. 5G 10dB Std A 3.5dB C 6.5dB
Source: USB Implementers Forum
5G 6.5dB C 4dB Std B 2.5dB
5G 6.5dB C 4dB Micro B 6.5dB
was only a short period between the USB4 announcement and spec 10G 8.5dB Std A 6dB Std B 8.5dB
release because USB4 is based on the Thunderbolt 3 protocol. 10G 8.5dB Std A 6dB Micro B 8.5dB
Earlier generations of USB like USB3.2 could be implemented on
the Std A or B connectors, but USB4 must be implemented using the
10G 8.5dB Std A 6dB C 8.5dB
Type-C connector. The USB4 physical data rate is 20 Gbps on one lane 10G 8.5dB C 6dB Std B 8.5dB
with a requirement to run in x2 mode for a 40-Gbps bonded effective 10G 8.5dB C 6dB Micro B 8.5dB
bit rate. There are numerous high-speed standards that run much
faster. The challenge with USB4 is that the link must work with a low- 10G 8.5dB C 6dB C 8.5dB
cost cable that is running as a 20bGbps x4 pipe or 80 Gbps.
THE USB4 ARCHITECTURE

What adds complexity is that a USB4 product must also implement
the lower-rate USB4 at 10 Gbps, USB 3.2 at 10 Gbps and 5 Gbps, USB

Reference Receiver CTLE attenuates
low-frequency signal components,
INTERNET OF THINGS HANDBOOK amplifies components around the
Nyquist frequency, and filters out
higher frequencies. CTLE gain can
be adjusted to optimize the ratio of
Differential return loss gives a
low frequency attenuation to high
measure of the undesired interaction
frequency amplification. Visible here
and reflection between the USB cable
are some of the CTLE filtering options.
and the host or receiving device.
Differential return loss test limits Reference receiver CTLE

-3 0
0dB
1dB
-4 -5 2dB
3dB
4dB
-5 -10 5dB
6dB
7dB
Mag [dB]
Mag [dB]
-6 8dB
-15
9dB
-7
-20
-8
-25
-9
7 8 9 10 11
0 2 4 6 8 10 12
10 10 10 10 10
Freq. [Hz] Freq. [Hz]
Symbol Description Min Max Units Comments

UI Minimum unit interval 99.97 100.03 ps The minimum UI value corresponds to
the link baseline speed of 10.0 Gbps
with an uncertanity range of -300 ppm
to 300 ppm. See note 4.
AC_CM TX AC common mode voltage -- 100 mV pp
TJ Total jitter -- 0.38 UI pp See note 2 and note 3.
UJ Sum of uncorrelated DJ and RJ -- 0.31 UI pp See note 2.
components (all jitter components
except for DDJ)
DDJ Data-dependent jitter -- 0.15 UI pp See note 5.
UDJ Deterministic jitter that is uncorrelated to -- 0.17 UI pp
the transmitted data
UDJ_LF Low frequency uncorrelated -- 0.04 UI pp See note 5.
deterministic jitter
DCD Even-odd jitter associated with -- 0.03 UI pp
duty-cycle-distortion
YI TX eye inner height (one-sided voltage 140 -- mV Measured for 1E6 UI. See note 1, note 2,
opening of the differential signal) and figure 3-15.
Y2 TX outer height (one-sided voltage -- 650 mV Measured for 1E6 UI. See note 1, note 2.
opening of the differential signal) and figure 3-15.
Short channel transmitter specifications. Here a short channel represents a device that plugs directly into the host
connector (such as a memory stick) with a host controller that is as close as possible to the host port connector.

TESTING USB4
Transmitter Equalization Pre-Shoot and De-Emphasis 2.0, and potentially also DisplayPort and PCIe. It might be natural
to assume that if the link runs correctly at 20 Gbps, then for sure it
Informative filter coefficients would run at 10 Gbps and the slower rates. So why bother testing
Present Pre-shoot De-emphasis
number (dB) (dB) C-1 C0 C1 the lower rates if testing at 20 Gbps passed?
The reason is each of these speed rates takes place under a
0 0 0 0 1 0 different set of conditions and experience a different channel loss.
1 0 -1.9 0 0.90 -0.10 So, though a bit rate may be slower, the cable used will be much
longer and lossier. There are numerous instances where a link will
2 0 -3.6 0 0.83 -0.17
test fine at 20 Gbps and yet fail at 10 Gbps when tested with a
3 0 -5.0 0 0.78 -0.22 longer cable model.
4 0 -8.4 0 0.69 -.31 An understanding of the entire link’s loss budget is critical
to designing, testing, and implementing a low-BER system.
5 0.9 0 -0.05 0.95 0
Comparing USB4 IL to the USB 3.2 IL spec, the loss budget for the
6 1.1 -1.9 -0.05 0.86 -0.09 link partners has shrunk from 8.5 dB to 5.5 dB at the 10-G rate.
7 1.4 -3.8 -0.05 0.79 -0.16 So the USB3.2 link implementations may not work with the much
tighter USB4 IL budget.
8 1.7 -5.8 -0.05 0.73 -0.22 The good news is the cable loss increases from 6 to 12 dB at
9 2.1 -8.0 -0.05 0.68 -0.27 10 Gbps. The negative to this relaxed cable loss is that although
10 1.7 0 -0.09 0.91 0 USB4 10 G runs at the same rate as USB3.2 10 G, it must work with
a 12-dB cable and not a 6-dB cable. Thus it’s important to have a
11 2.2 -2.2 -0.09 0.82 -0.09 thorough understanding of the insertion loss budget.
12 2.5 -3.6 -0.09 0.77 -0.14 The next step is understanding where and how the compliance
13 3.4 -6.7 -0.09 0.69 -0.22 test points are defined. There are no specific rules for naming
test-points, so TP0, TP1, TP3’, TP3EQ will mean different things in
14 3.8 -3.8 -0.13 0.74 -0.13 different specifications.
15 1.7 -1.7 -0.05 0.55 -0.05 For USB4 Tx testing, TP2 is the near-end or short channel test
point at the Type-C connector. TP3 is the far-end or long channel
use case test point - note the definition of TP3 includes the
receiver equalization.
For Rx testing, TP3’ would be the short channel test point. TP2
would be the long channel use case. It’s important to know the
test points precisely to accurately set up the tests and perform the
compliance measurements.
Long Channel Transmitter Specifications There are significant channel losses
with the passive cable use case, so both
Symbol Description Min Max Units Comments Tx and Rx equalization are required in
the implementation and when testing.
TJ Total jitter -- 0.60 UI pp See note 2, note 3. When performing Tx testing, it is critical
Sum of uncorrelated DJ and RJ to find the optimal continuous time linear
UJ components (all jitter components -- 0.31 UI pp See note 2. equalization (CTLE) and decision feedback
except for DDJ) equalization (DFE) setting that provides
the largest eye opening. CTLE is a linear
Deterministic jitter that is
UDJ -- O.17 UI pp filter applied at the receiver that attenuates
uncorrelated to the transmitted data low-frequency signal components, amplifies
Measured for 1E6 components around the Nyquist frequency,
UI. See Note 2, and filters out higher frequencies. DFE is
X1 TX eye horizontal deviation -- 0.23 UI
Note 4, and figure a filter that feeds back a sum of detected
3-15. symbols to the symbol decoder for the
Measured for 1E6
TX eye inner height (one-sided voltage
Y1 49 mV UI. See Note 1, Note
opening of the differential signal Long channel refers to the situation
2, and figure 3-15.
where the USB device connects to the
Measured for 1E6
TX eye outer height (one-sided voltage controller through a 3-m-long cable.
Y2 -- 650 mV UI. See Note 1, Note
opening of the differential signal
2, and figure 3-15.

Protocol Decode of USB4 Signaling. In parallel,

it's necessary to view, trigger, and decode the
high-speed 10G and 20G lanes.
purpose of reducing intersymbol interference. Because

there is little signal margin, the Rx equalization used during
the Tx compliance testing must accurately reflect the
specification and should also reflect how the silicon Rx is
implemented.
The Tx specification has the common test parameters
like voltage, eye diagram, SSC, and rise/fall times. There are also the TRANSMITTER EQUALIZATION
familiar jitter parameters like UI, TJ, and DDJ. However, there are There has always been the need to characterize the transmitter
equalization (Tx Eq). However, in the USB 3.2 spec, there was just
also requirements for UJ or uncorrelated jitter. In the traditional jitter
decomposition model, TJ was split into RJ and DJ. In this case, TJ is one Pre-shoot at 2.2 dB and 1 de-emphasis at -3.1 dB. (As a quick
review, pre-shoot and de-emphasis refer to boosts to the signal just
split into correlated jitter (DDJ) and uncorrelated jitter. UJ can further
be decomposed into RJ and UDJ. before and just after a signal polarity inversion respectively.) For
One reason for this finer distinction is a large cross-talk element
USB4, there are now 16 presets with different combinations of pre-
when 20-Gbps lines run on four differential pairs in parallel over tiny
shoot and de-emphasis.
structures and cables. If the jitter decomposition is not implemented In addition to testing each of the 16 presets, USB4 requires
precisely per the spec, incorrect jitter analysis results. optimization of the Tx Eq for the optimal eye opening. It is common
A new requirement that did not exist in the USB 3.2 compliance to over-look the optimization of the Tx Eq or set it incorrectly in the Tx
test specification is the return loss test. If the impedances don’t silicon. At 20 Gbps, it is common to fail signal integrity because there
match, the signal from the Tx silicon will never make it to the Type-Care only one or two Tx Eq settings that will work for each specific loss
connector; nor will the Rx signal going into the Type-C connector channel implementation.
make it to the Rx silicon. This test should always take place before The various Tx tests discussed so far were at TP2 where the use
Tx or Rx testing. If it fails, there is no point proceeding with the Tx
case is a cable with an embedded retimer, redriver, or an optical
and Rx testing. cable. But USB4 has the notion of a 0.8-m lossy, passive cable. This
is a much more demanding use
Test matrix for the Type-C ecosystem case. The measurements are
essentially like TP2, but must
allow for the 0.8-m-cable loss
Design simulation, protocol decode, USB-PD, RF, channel characterization, SBU, thunderbolt, DP model. This is probably the most
difficult test to pass for Tx testing
Transmitter Test Interconnect Test Receiver Test at 20 Gbps.
Active Cable Test Return Loss Test Active Cable Test Like the Tx test cases, Rx
Automated
Automated testing also has the short-channel
standards test
SW standards test software use-case and long-channel test
software
M8000 Integrated protocol
cases. Case one is the short-
E5080B ENA with S96011A
enhanced TDR software J-BERT <200FS RMS channel test case where the
UXR PG stressed cocktail is applied
Infiniium directly to the Type-C connector.
HW Scope
<1mV RMS Case two is the significantly more
<25fs RMS Test fixture complex use and test case where
the BERT-stressed cocktail now
Tx test fixture
must go through the 0.8-m 20-G
Fixture
or 2-m 10-G use case. Improper
Cable/connector set-up of the calibration channel
test fixture Tx
DUT Tx or calibration of the stress
Rx
Cable cocktail will cause either under-
stressing or over-stressing the Rx.

TESTING USB4
Case 1:
Neighbor Short channel and long channel
TX PJ RJ SSC
receiver test cases. The short
channel case represents a device
TP3’
that plugs directly into the host
Device Plug Pattern connector (such as a memory
under test Fixture TX FIR Generator stick) with a host controller that
is as close as possible to the
host port connector. .The long
channel represents the situation
ACCM
Noise where the USB device connects
Software Channel to the controller through a
3-m-long cable.
Case 2:
TP3
Receptacle
Fixture
Calibration Path PJ RJ SSC
Device Receptacle Pattern

under test Cable Fixture PCB Fixture TX FIR generator
ACCM
Noise
Software Channel
During product turn-on, it is critical to view, trigger,

and decode on the SBTx and SBRx low-speed lines for
negotiation and debug. In parallel, it would be necessary
to view, trigger, and decode the high-speed 10-G and
20-G lanes also. Not having the ability to view all the
low-speed and high-speed lanes in parallel curbs the
ability to debug the power-on sequence.
In a nutshell, one must view testing of a USB4
design not as an independent entity but in conjunction
with the other technologies that must also be
implemented simultaneously. Hence one must also
consider design simulation, protocol, USB power
delivery, channel characterization, side-band testing,
Thunderbolt, and DisplayPort. Important as well are
the specific instrumentation, software, and fixtures for
testing the entire Type-C ecosystem. References
Keysight Technologies, USB4, https://about.keysight.com/
en/newsroom/pr/2019/12dec-nr19156.shtml

Is predictive maintenance
the ‘killer app’
of Industrial IoT?
Once headlined as the ‘killer app’ for IIoT, predictive maintenance has
taken a while to find its feet, but progress has in fact been sure and
steady, with some standout examples of successful niches.
In 2016 predictive maintenance was touted as one of

the key applications for IIoT. Even in 2018, analysts such
as Gartner made strong predictions of future success.
Gartner predicts that by 2022, spend on IoT-enabled
predictive maintenance would increase to $12.9
billion, up from $3.4 billion in 2018, with
improved operational efficiencies through
predictive asset maintenance leading to
substantial savings of up to 40%.
However, the market has not exploded quite

yet. Indeed, a new survey of more than 600
high-tech executives from Bain found that
industrial customers were less bullish about
predictive maintenance in 2018 than they had
been in 2016. This was mainly due, according
to the analyst firm, to challenges in effectively
gaining insight from IIoT data once gleaned,
and at the other end of the equation, difficulties
in implementing systems in the first place.
According to Bain, another key barrier could
be summarized as: “Device makers and other
vendors of industrial and operational technology need
to dramatically improve their software capabilities—not
a historical strength for most of them.” In spite of this,
the analyst firm still predicted rapid growth for IIoT, with the
market doubling in size to more than $200 billion by 2021.

PREVENTIVE MAINTENANCE
PREVENTIVE VS PREDICTIVE
One of the biggest challenges to predictive
maintenance adoption has been the fact
that many industry sectors are still working
their way through the implementation of
preventive maintenance systems. Arguably
the forerunner of predictive, preventive
maintenance systems can range from quite
simplistic, such as a ‘traffic light’ health system
for individual machines or plant elements,
to far more complex networks of sensors
feeding data back to centralized dashboards.
However, it generally relies on manufacturer
lifetime predictions, human operators or
direct sensor data to highlight potential
problems, rather than use complex algorithms
to predict maintenance schedules.
This means that the benefits of preventive
maintenance are becoming well-entrenched,
but the staged adoption has left many
industrial players waiting for the machine
learning and AI market to mature further,
easing adoption pains, and lowering costs.
FOOD FOR THOUGHT

The current situation has created a range of
opportunities, such as in the food industry. PROVEN SHOCK, VIBRATION &
One example is the Mitsubishi Electric Smart NOISE REDUCING SOLUTIONS
Condition Monitoring (SCM) system that slots
neatly into the niche between “traffic light”
preventive systems and full-fat predictive
IIoT. The system monitors the condition of
RIAL
individual assets but layers these to provide MATE
a holistic picture of overall plant health.
Local preventive systems still provide visual
‘health check’ indicators, but real-time data
are transferred over Ethernet to a PLC for in-
depth monitoring and cloud-based analysis.
A teach function ‘learns’ the normal operating
state of the machine, then vital information
PROTECT
such as bearing defect detection, imbalance,
misalignment, temperature measurement, lack
AGAINST
of lubricant, cavitation detection, phase failure
recognition and resonance frequency detection
can be viewed in a cloud dashboard.
DROP
IMPROVING TRANSPORT EFFICIENCY SHOCK
There are certainly clear indications that
predictive maintenance is still front of mind in
many sectors, such as the transport industry.
DAMAGE
One example is trackside maintenance, a
significant operating cost for rail firms that
also requires qualified personnel to operate
around the clock in potentially dangerous 800.838.3906 SORBOTHANE®
MADE IN THE U.S.A.
sorbothane.com
DESIGN WORLD — EE NETWORK 27
conditions. However, by deploying IIoT sensors and analytics maintenance remotely, rather than requiring highly-trained teams to
technologies rail operators can move from wasteful inspection cycles tour windfarms and conduct routine testing.
(where perfectly serviceable equipment is checked and rechecked
irrespective of condition) towards preventive, conditions-based and PREDICTIVE COMES OF AGE
predictive maintenance. Overall, while predictive maintenance may have taken some time
For example, Nokia created a rail asset lifecycle optimization to mature, there are signs that the market is beginning to open
application that brings all three elements together, not only up, especially in niche use cases. More generalized ‘plug-and-play’
modelling maintenance schedules for each asset based on learned systems targeting wider industry sectors are also beginning to
operating parameters and incorporating external data such as emerge, highlighting that R&D investment is beginning to translate
weather conditions, but also building in crucial risk-related data into real-world demand. It seems that predictions of demise have in
around the consequences of a component failure. this business case at least, been exaggerated.
KEEPING TRACK OF RENEWABLES Avnet Abacus | www.avnet.com

Predictive maintenance technology originally designed for the mining
industry has found an application in the renewables industry, in an
interesting pivot. An Australian startup, Ping Services, developed an
acoustic sensor that was intended for mining and drilling applications, Author Bio:
able to monitor the acoustic signature of a drill bit over its lifetime, Martin Keenan is the Technical Director at Avnet Abacus,
and then harness machine learning to predict fault development which assists and informs design engineers in the latest
ahead of time. While reducing astronomically expensive drilling technological advances. With the IoT and Industry 4.0
stoppages is clearly an area of considerable interest, the company changing manufacturing, Avnet Abacus helps designers find
embarked on pilot programs with Australian and US-based wind the best technological fit for their industrial applications,
farms to monitor turbines with similar goals in mind. and accelerates the process all the way from idea to market.
The solar-powered, satellite-connected sensors actively listen
to the turbine blades’ acoustic signature to detect the development
of pitting or cracks caused by lightning strikes or hail. As such
issues begin to develop, they can be monitored and targeted for

DesignFast is a tool for engineers to search DesignFast makes part searches more
across a list of aggregated components efficient by either matching part numbers
from trusted distributors. Engineers can explicitly or partially matching part families.
make full-text searches across millions of
components available in the DesignFast We know that designing components has
database and drill down to find a specific its challenges. At DesignFast, our goal is
piece for their needs. to help create a better design process for
engineers and other professionals involved
Searchable datapoints include in sourcing products and make component
manufacturer and distributor part selection simple.
numbers, manufacturers and distributors,
datasheets, real-time pricing, and more.
designfast.com
Breaking BLE
Despite built-in safe-guards, Bluetooth If you eyeball internet-of-things Many vulnerabilities pertain to the
Low Energy IoT devices are vulnerable to process of pairing devices, verifying and
items ranging from smart ac plugs to motion
hacks when they communicate over the authenticating the identity of BLE nodes
sensors you typically find connectivity via wishing to connect up. Part of the problem
air. Here are the basics of the problem.
the Bluetooth Low Energy (BLE) standard. is that there are several ways of pairing
Leland Teschler, Executive Editor devices, and not all of them have a high level
A lot of IoT devices use BLE because the of security. Ditto for BLE traffic encryption.
protocol is well suited for transferring small Data encryption is used to prevent MITM
eavesdropping attacks on BLE links by
amounts of data while consuming little
making data unintelligible to all but the BLE
power. But though BLE incorporates several master and slave devices forming the link.
Earlier versions of BLE had communication
security measures, vulnerabilities in the
modes that didn’t incorporate a public
protocol have emerged over time. key exchange for encryption/decryption,
probably because more computing power
For example, BLE communications can (and a faster battery drain) was involved in
be hacked via man-in-the-middle (MITM) running encryption/decryption algorithms.
attacks where an attacker secretly alters Recent versions of the BLE standard
messages between parties who think they incorporate modes where users must enter
are communicating with each other. BLE credentials to connect with IoT devices.
credentials can also be sniffed using a Unfortunately, researchers have found that
sniffing device that examines data sent on many BLE IoT devices don’t implement app-
the advertising channels used to let BLE level authentication properly.
devices find each other. In BLE spoofing, In particular, numerous BLE IoT devices
an attacker mimics the MAC address of a use “Just Works” for pairing (no invocation of
BLE device as a means of impersonation. app-device bonding at all), which allows any
Denial-of-service attacks are also possible nearby attackers to arbitrarily connect and
because peripheral BLE IoT devices are possibly do something devious.
usually designed to connect with only To understand the problem with Just
one master at a time. Bombarding the Works pairing, consider that there are four
BLE device with connection requests in different pairing methods, but they all take
response to advertising packets can prevent place in three phases. In phase one, the two
legitimate users from connecting. In addition, devices let each other know what pairing
unauthorized co-located apps can also hijack method is going to be used and what the
the connection between legitimate mobile BLE devices can do and expect. In phase
apps and BLE devices. two, a Short Term Key (STK) gets generated

BLE SECURITY
Pairing in bluetooth
Initiator Responder
Established LL connection
(Optional) Security_Request
Pairing_Request
Phase 1
Pairing_Response
Pairing over SMP:

Phase 2 The pairing protocol
Legacy pairing or Secure Connections in BLE. Problems arise
when the key exchanged
Establishment or encrypted connection with key generated in phase 2 between the app and
the BLE device is zero or
hard-coded into the app,
Key Distribution
where it can be discerned
Key Distribution
Phase 3
by disassembly.
Key Distribution
by having the devices agree on a Temporary Key (TK) mixed with some They also performed a field test in which 7.4% of 5,822 BLE devices
random numbers to yield the STK. The STK itself is never transmitted were vulnerable to unauthorized access.
between devices. In phase three, the key from phase two is used to
distribute other keys needed for communications. FINGERPRINTING
What may be the most secure of the four pairing methods is called The Ohio State researchers also said their field test uncovered 5,509
OutOfBand, OOB, so called because it involves authentication outside BLE devices that were “finger printable” by attackers. The fingerprinting
the BLE communication channel. The Apple Watch is a good example. involves the universally unique identifier (UUID) from the advertisement
For pairing, a swirling pattern of dots displays on the watch face. The packets broadcast by the BLE devices. UUIDs are typically 128-bit
user points the camera of the iPhone to be paired at the watch face to hexadecimal strings. The point of broadcasting UUIDs is so a BLE peripheral
link the two. can advertise what services it provides, such as measuring a heart rate.
Another strong pairing method is called Passkey Entry. Here a six- Thus some of the information in the UUID-- i.e. that defining the predefined
digit value displays on one device and is entered manually into the other. services-- is universal. Nearby mobile apps must know what the UUID
The two other pairing methods have more problematic security. means to discover the device sending it out. Also, UUID packets are not
With Numeric Comparison pairing, devices to be paired both display the encrypted-- all other kinds of BLE packets are.
same six-digit value. Pairing generally involves just hitting “OK” on both Ohio State researchers say this use of UUIDs is a design flaw. UUIDs
devices. The main purpose of Numeric Comparison is to identify devices can be obtained from not only the BLE traffic but also from the IoT
to be paired rather than thwart bad actors. MITM attacks are possible. companion mobile apps. Attackers can use UUID information to fingerprint
The last pairing method, called Just Works, is said to be the most widely a BLE device this way: Attackers bent on mischief would first scan all
used. It was intended for devices that lack a display. As in Numeric mobile apps in an app store, such as Google Play, to find all possible UUIDs,
Comparison, a six-digit value gets passed, but the six digits are all allowing them to fingerprint all BLE devices statically. It is likely that multiple
zeros. Thus any nearby BLE device sending out a Just Works connection apps use the same scheme-specific BLE chip or UUID configuration,
request can pair up with those nearby that use the same pairing scheme. preventing any nearby attackers from precisely knowing which device the
The Just Works method has come into wide use because it victim is using. To further narrow things down, attackers can inspect the next
consumes less power than the other pairing methods. BLE schemes that layer UUIDs (because BLE devices often organize UUIDs in a hierarchical
employ Just Works pairing may build-in other security measures that are structure) and use the structure of the UUIDs to fingerprint a victim
less power intensive, typically at the app level. For instance, the app can BLE device. With the fingerprinted UUID information, they can sniff all
ask users to enter credentials and deliver them (through encryption) to advertising packets nearby (e.g., a metropolitan area such as New York City)
the IoT devices to authenticate the connection. to locate these devices. If mobile apps also tell them Just Works or weak
Nevertheless, security researchers say vulnerabilities during pairing pairing is in use, attackers can directly exploit these BLE devices.
constitute a severe security risk. For example, researchers at The Ohio In tests, the researchers discovered 168,093 UUIDs, 13,566 of which
State University recently developed an automated app analysis tool and were unique, when they analyzed free BLE apps in Google Play. They
used it to identify 1,757 vulnerable free BLE apps in Google Play store. also point out that there are special receivers available that can be used

Bluetooth protocol stack

Application
Application / profiles
layer
The protocol stack for Service Middleware

Other LLC RF comm Telephony
Bluetooth. Security discovery layer
problems arise when Audio Control
Logical link adaptation protocol
security measures are Data link
implemented at the app Link manager
layer
level but in ways that
can be discerned by Baseband
examining the app code. Physical
Physical radio layer
to sniff BLE signals up to 1 km away, though the app for security, the approach is to look are external inputs (e.g., received from the
BLE signals typically travel only up to 100 m. at the disassembled app code for any use of BLE network or user inputs), then the app has
To prove their point, the OSU researchers built cryptography. If there’s no cryptography, the used hardcoded commands including possible
their own BLE sniffing device using not much conclusion is the channel is not secure, and passwords to interact with the BLE devices
more than a Raspberry Pi and a BLE antenna. both passive/active sniffing and unauthorized Researchers also note that further
This DIY sniffer identified 431 vulnerable access can be successful. intelligence may be gained by knowing
devices, including 369 units where the Even in apps employing cryptography, where the UUIDs are used (i.e., the execution
researchers could eavesdrop on conversations, flawed authentication can rear its ugly context). There are seven documented APIs
within an area of just 1.28 square-miles. head. One such flaw is the hardcoding of all defined by the Android BLE framework that
Work by the OSU researchers shows what credentials in the app, potentially discernible carry the UUIDs as parameters, to generate
steps attackers must take when trying to decipher by disassembling the code. However, OSU the instances for accessing the related service,
UUIDs. Sometimes UUIDs are directly hardcoded researchers say it can be challenging to characteristic and descriptor in the paired BLE
in the app. In this case, they may be extracted identify authentication flaws because there devices. While an app could have multiple
simply by looking for regular strings of characters is no specific code pattern for implementing UUIDs, their usage may have dependencies
(grepping) in the decompiled app code. app authentication. Thus there’s no that can be exploited.
UUIDs associated with an IoT device also documented APIs to identify for extraction of
typically have a hierarchical structure. A service the hardcoded credentials. COUNTERMEASURES
UUID can have “children” UUIDs derived from It turns out that flawed authentication To head off vulnerabilities, researchers say
its characteristics. Such a UUID hierarchy could involving hardcoded credentials can be the app should encrypt the data sent with
provide information useful for determining identified systematically. The key insight is that no hard-coding of any factors involved in the
which IoT app maps to a particular BLE device. to securely authenticate a mobile app to a BLE encryption. Developers should also hide the
One complicating factor is that no structural device, the app must provide a credential that authentication credentials in the cloud or let
rules define relationships between parent and comes from the external input, such as letting users enter them in the app.
children UUIDs, so some educated guessing the user enter a password. OSU researchers The root vulnerability that enables
may be involved. say this opens up the possibility of using a UUID fingerprinting is that BLE devices must
OSU researchers also explain the general data flow analysis algorithm to identify such broadcast advertised packets to inform nearby
approach attackers would likely take in figuring apps. This approach, if used for nefarious apps. The UUID can be sniffed either from
out whether an app itself is insecure. The only purposes, implies an extremely determined the advertisement packets or by browsing for
way a nearby attacker can sniff vulnerable attacker: The technique would likely involve services after the connection has happened.
IoT devices paired via Just Works is to figure creating data-flow equations for each node of In addition, UUIDs are fixed values and do not
out whether the app involved uses flawed or the app’s control flow graph and solving them change over time.
insecure authentication. To implement proper by repeatedly calculating the output from the The fingerprinting attack relies on mobile
authentication, the app must use cryptography input locally at each node. app analysis to reveal the UUIDs and their
to prevent a relay attack either by encrypting In particular, researchers say data sent out hierarchies, So anything that discourages this
the authentication token with nounces to BLE peripheral must go through low-level sort of analysis can be helpful.
(arbitrary numbers used only once to ensure APIs, allowing use of program slicing-basically Researchers also say that although
communications can’t be reused) or by using looking at a subset of program statements that protection methods in the app-level are
an additional layer of encryption of the traffic affect a variable of interest--to trace back to the seemingly plausible, they can’t fundamentally
atop BLE link-layer encryption. Thus to check source of the data. If none of the data sources prevent the UUIDs from being reverse

BLE SECURITY
Top 10 most vulnerable BLE devices in the OSU field test

UUID # Device Device description
00001910-0000-1000-8000-00805f9b34fb 7 Digital thermometer OSU researchers surveyed a
00001814-0000-1000-8000-00805f9b34fb 6 Car dongle 1.28-sq-mile area and discovered a
00001804-0000-1000-8000-00805f9b34fb 6 Key finder number of BLE devices vulnerable
0000fef1-0000-1000-8000-00805f9b34fb 5 Smart lamp
to attack through compromised
0000f000-0000-1000-8000-00805f9b34fb 5 Key finder
UUIDs. Here is their top ten list.
00001820-0000-1000-8000-00805f9b34fb 4 Smart toy
bc2f4cc6-aaef-4351-9034-d66268e328f0 4 Smart VFD
0000ffd0-0000-1000-8000-00805f9b34fb 4 Air condition sensor
000018f0-0000-1000-8000-00805f9b34fb 4 Smart toy
0000ec00-0000-1000-8000-00805f9b34fb 4 Accessibility device
engineered from mobile apps. Obfuscation and encryption can only programming interfaces to configure UUIDs for advertisement packets,
make it more difficult for attackers to retrieve UUIDs because the services, characteristics, and descriptors.
app will work with plain-text UUID somewhere along the line. Storing Clearly it would take a determined hacker willing to spend time
UUIDs outside the mobile app can prevent the UUIDs from being parsing through disassembled app code to exploit some of the
statically reverse engineered, but attackers can still obtain the plain- vulnerabilities the OSU researchers uncovered. That’s probably beyond
text UUIDs at run-time. the capabilities of casual mischief makers, but not out of the question
Researchers additionally advocate the piecing out of UUIDs as they for state-sponsored hackers and criminals.
get transmitted in the BLE RF channel. In this way, attackers can only
see segments of UUIDs instead of continuous signals, The downside is
that this approach probably entails use of additional hardware.
References
Another fundamental countermeasure would be to construct
Automatic Fingerprinting of Vulnerable BLE IoT
one-time dynamic UUIDs. The OSU researchers claim this scheme only
Devices with Static UUIDs from Mobile Apps,
requires an update of both the app and device firmware. Because
https://dl.acm.org/doi/10.1145/3319535.3354240
multiple users can access one BLE device, they suggest using the
cloud help synchronize the UUIDs among users. Then once an app has
Bluetooth SIG Inc., https://www.bluetooth.com/
successfully connected with an IoT device for the first time, it negotiates
specifications/protocol-specifications/
a dynamic UUID for future communication. To prove this scheme
actually works, the OSU team says they implemented a prototype
using a real BLE chip in a software development board which provides
0402CT Series
Low-profile Ceramic Chip Inductors
• Maximum height of 0.45 mm ... 30% lower than competition
• 23 inductance values available ... from 1.2 to 56 nH
• Excellent Q Factors ... up to 84 at 2.4 GHz
• Very high SRF ... as high as 27.5 GHz
Full Specs & Free Samples @ coilcraft.com

Selecting the right

Bluetooth Low Energy SoC
Tricks of the trade for optimizing It can be challenging to optimize Within Bluetooth, BLE has secured a
the energy consumption of BLE significant number of sockets. One of the
Bluetooth Low Energy (BLE) applications
chips affect memory size, clock most critical reasons for selecting BLE in a
for minimal energy consumption. An wireless design is its ubiquity thanks to its
speed, operating modes, and
understanding of BLE and the underlying large deployment in smartphones and its
other factors determined during ability to extend the battery life-time. Long
the initial design. system-on-chip (SoC) architecture is critical battery life is extremely valuable as most IoT
for realizing extended battery life. Particularly end nodes are battery operated.
Emmanuel Sambuis
Though it may sound obvious, the
Silicon Lab important are insights into the BLE modes of
selection of a BLE device starts with the
operation (such as Advertising and Sleep). evaluation of its documentation. While the
initial data-mining process seems trivial, the
There are different ways to minimize the
comparison of semiconductor device data-
power consumption of the entire system by sheets can quickly turn into a complicated task.
providing the right inputs to the stack and Consider, for example, the active current
in the wireless SoC’s receive or transmit
taking advantage of hardware features of modes. Many BLE SoCs report a current
BLE SoCs. consumption of a few milliamps. For instance,

SELECTING BLE SoCS
EFR32BF22 current consumption in
active mode using dc-dc converter
5 the EFR32BG22 SoC from Silicon Labs to represent their numbers responsibly,
1 MHz has a radio-receive current of 2.6 mA but it is impossible to treat all use cases
16 MHz
and a transmit current of 3.5 mA at 0 for a device that might serve in dozens
26 MHz
38 MHz
dBm. Note these numbers only relate of different applications. This is where
4
to the SoC RF transceiver. At the SoC knowledge of the end application
level, these currents are slightly higher, becomes critical.
3.6 mA and 4.1 mA respectively. Relying Active and sleep currents are key
Supply current (mA)
3 only on the radio numbers for the SoC specifications when selecting a BLE
current drain is a common mistake. The SoC. These current numbers must
front-page of the device documentation be inserted into a model that closely
2
often must be validated with a thorough matches the application environment to
analysis of the data-sheet. produce a fair estimate of the average
Another example is the CPU power power consumption. Such models
consumption reported in microamps- typically include the ON/OFF duty-cycle,
1
per-megahertz. This number can knowing that a low duty cycle will favor
become a decisive selection criterion an SoC with the lowest deep-sleep
in the case of intensive compute current. A high duty cycle will favor an
0 applications. It is typically reported in SoC with the lowest active current.
-40 -20 0 20 40 60 80 100 120
Temperature (Degrees C)
the best-case scenario, which is often Another parameter could be
the maximum frequency of the CPU. the ambient temperature of the
In other words, the value shown in the end product, understanding that
data-sheet could prove to be vastly the leakage current of a BLE SoC at
EFR32BF22 current consumption in inaccurate when the SoC CPU works at 25°C is significantly different from the
sleep mode using dc-dc converter a different frequency than that specified leakage at 85°C or higher. The leakage
5 in the manufacturer’s documentation. current at a high temperature can be
1 MHz
A third example is the deep-sleep a key selection criterion in industrial
16 MHz
26 MHz current, critical for battery-operated applications such as sub-metering,
4 38 MHz end products. This number typically which need a guaranteed battery life at
ranges between hundreds of nanoamps high temperatures.
to a few microamps. It is essential Another important element of
Supply current (mA)
to ensure the deep- sleep current the application relates to the type of
3
numbers are associated with the size of battery technology used (in the context
the RAM retained and include the real- of battery-operated end products).
time-clock (RTC) current consumption. The battery powers the on-chip dc-dc
2 The RTC is used to maintain the timing converter integrated in the latest BLE
necessary for proper BLE operation. In SoCs. Using the dc-dc converter will
the case of the EFR32BG22 SoC, the significantly reduce the active current
1
front page of the data-sheet mentions consumption of the entire SoC. Some
a deep-sleep current of 1.05 µA in EM3 sophisticated SoCs may integrate
mode with 8 kB of RAM retained and separate dc-dc converters for the radio
the RTC running from the ULFRCO and for the CPU. This practice provides
0
-40 -20 0 20 40 60 80 100 120 (ultra-low-frequency RC oscillator) on- an optimized solution, but the trend is
Temperature (Degrees C) chip module. The current consumption clearly to have only one converter to
section of the data-sheet provides minimize the cost of the SoC.
additional information. Finally, it is also important to
The leakage current of a BLE SoC at 25°C differs Thus the lack of standardization understand how on-chip or off-chip
significantly from that at 85°C or higher as for power numbers in datasheets can memories are used. A common
demonstrated in these supply current graphs produce erroneous comparisons that requirement for BLE end nodes is to
for the EFR32BG22 BLE SoC. Also evident in the could ultimately lead to selecting the perform over-the-air (OTA) updates of
graphs is that supply current can depend a great wrong device. software. Depending on the size of the
deal on the SoC clock frequency. Here the top image to be transferred, an external
graph is for the EM0 active mode while the lower UNDERSTANDING APPLICATION flash device can be economical. But
graph is for the EM1 sleep mode. Both graphs REQUIREMENTS its added power consumption and
depict chip current when the internal dc-dc It is important to consider the potential for security problems can,
converter is employed with a 3-V supply. application requirements when however, prove to be quite higher
assessing BLE SoCs. Most suppliers try than that when using on-chip flash.

IoTMark-BLE active profile

Application wakeup interval
BLE BLE
O/S 12C LPF notify CRC 12C LPF notify CRC
BLE
Server - Queue Queue
DUT
PhyLink Tx Rx Tx Rx
BLE connection interval
PhyLink Rx Tx Rx Tx
BLE
Client -
Radio Queue Queue
Manager
BLE BLE
O/S write Verify Verify
write
Application wakeup interval
A detailed analysis of the OTA updates keep the deep-sleep current

will help determine the most appropriate in the range of 1µA. An The IoTMark-BLE benchmark profile developed
memory bill-of-material. additional key consideration by the Embedded Microprocessor Benchmark
In recent years, BLE SoCs have when selecting a BLE SoC is Consortium can help assess power consumption.
significantly reduced their total active the size of each SRAM block It spells out a communications path between an
current consumption while maintaining a that can vary. The ability to emulated sensor, the edge node processor and an
low deep-sleep current. The reason is the select the size of the RAM to emulated gateway. The benchmark measures the
migration of silicon technology from larger be retained will help minimize energy required to power the edge node platform
geometries (0.18 µm, 90 nm and 65 nm) to power consumption in deep- and to run the tests fed by the benchmark.
much more optimized technology nodes sleep mode. The EFR32BG22
(55 nm and 40 nm). Use of 40-nm geometry SoC integrates independently the configuration of the dc-dc converter. The
combined with the integration of an on-chip selectable SRAM blocks for a total of 32 kB stack comes via a software development
dc-dc converter has tremendously reduced of on-chip RAM. kit (SDK), which is fully integrated with
the overall current consumption of the Finally, the combination of clock gating an integrated development environment
EFR32BG22 SoC. and power gating techniques allow the (IDE). The IDE includes a network analyzer
For example, the Arm Cortex-M33 BLE SoC to completely shut down certain that captures data directly from the SoC
CPU requires 54 µA/MHz when running portions of the device depending on its radio. An advanced energy monitor also
Coremark from the on-chip flash when the mode of operation. The activation of these correlates power consumption to code
on-chip dc-dc converter is disabled. The features is automatic, and their details are location. A visual GATT configurator is
same operation only requires 37 µA/MHz almost invisible to application developers. included to enable implementation of
when the same dc-dc converter is activated. standard Bluetooth SIG profiles or custom
In deep-sleep mode, the RAM SOFTWARE ENABLEMENT services. These tools allow development of
retention is critical, both because it can Minimizing power consumption in BLE BLE applications that are fully integrated with
represent a significant portion of the power applications requires highly optimized the hardware design, allowing developers
budget and because RAM retention will scheduling of radio activity, maximizing the to focus on higher level design choices that
allow a faster boot when the BLE SoC time spent in the lowest possible energy affect power consumption. Also integrated
must return to active mode. From a design mode while maintaining the precise timing into the SDK is secure bootloader support
perspective, the use of low-leakage SRAM the protocol requires. To accurately control for firmware updates, both OTA and through
blocks has enabled silicon designers to transmitted power, the BLE stack integrates a serial interface.

SELECTING BLE SoCS
EFR32BG22 typical application

without dc-dc converter The EFR32BG22 is an example of an BLE SoC that incorporates
VDD an on-chip dc-dc converter. Using the dc-dc converter will
significantly reduce the active current consumption of the entire
Main
supply SoC. Some sophisticated SoCs may integrate separate dc-dc
converters for the radio and for the CPU. This practice provides
an optimized solution, but the trend is clearly to have only one
converter to minimize the cost of the SoC.
VREGVDD AVDD IOVDD
VREGSW
HFXTAL_I
VREGVSS 38.4 MHz The combination of sophisticated hardware and
HFXTAL_O
powerful software enables application developers to
DVDD LFXTAL_1 perform their own benchmarking on multiple devices.
32.768 kHz
(optional) This is the recommended approach that should be
LFXTAL_O
taken before selecting a BLE SoC. While initially more
time consuming, this approach proves to be extremely
DECOUPLE
VDD valuable and helps reveal hidden challenges resulting
CDECOUPLE RFVDD PAVDD
from either missing hardware features or non-optimal
software capabilities.
The development of a standardized benchmarking
strategy can also help developers compare devices
from multiple suppliers. The IoTMark-BLE benchmark
profile developed by the Embedded Microprocessor
Benchmark Consortium (EEMBC) provides a useful tool
EFR32BG22 typical application for assessing power consumption. The IoTMark-BLE
using dc-dc converter benchmark profile models a real-world IoT edge node
VDD consisting of an I2C sensor and a BLE radio through
Main sleep, advertise and connected-mode operations.
supply CIN
While this IoTMark-BLE benchmark might not suit
all use cases, it can serve as a foundation for developing
appropriate scenarios for any given application.
VREGVDD AVDD IOVDD In a nutshell, side-by-side comparisons of vendor
datasheets can lead to costly misunderstandings and
VDCDC LDCDC misrepresentations. The analysis of BLE SoCs must take
VREGSW place at a system level as illustrated when comparing
HFXTAL_I
CDCDC VREGVSS 38.4 MHz on-board and external dc-dc converter blocks within an
HFXTAL_O
SoC. Third-party benchmarks can often help determine
DVDD LFXTAL_1
32.768 kHz what the comparative analysis should look like.
(optional)
LFXTAL_O
DECOUPLE
References
RFVDD PAVDD
CDECOUPLE The EFR32BG22 datasheet:
https://www.silabs.com/wireless/
gecko-series-2/efr32bg22
The IoTMark-BLE benchmark:

https://www.eembc.org/iotmark/
Mark Orchard-Webb, Silicon Labs,

contributed the software enablement
paragraph in this article.

How to use MQTT to overcome

obstacles to IIoT integration
End users struggle with specific pain Your customers are working to U N D E R STA N D I N G TH E PR O B LE M
points around digital transformation in create a digital transformation in their
Design engineers have multiple options
the traditional technology stack. While for providing an equipment data interface.
companies. They want more data. They want Many manufacturers, particularly of small-
traditional communication technologies
more insight. More than just supporting scale or off-the-shelf equipment, may
will continue to be in demand, pairing
use printed circuit board (PCB) designs
MQTT with existing offerings can give their processes, they now need equipment including a serial or Ethernet I/O interface.
users a way to evolve. that delivers useful information and easily A programmable logic controller (PLC)
or industrial I/O gateway included in
integrates as part of a cohesive data network
the electrical panel of larger or semi-
extending from plant floor to executive office. custom equipment is another option
that gives some flexibility. In the case of
f Technical Mar However, there are many obstacles to custom-engineered equipment, the end
e c tor o ket creating the level of integration required user might require the designer to use a
Dir i ng
, to fulfill that vision. Moving a single I/O specific fieldbus standard for sensors and
rn
signal from the field to the cloud requires a transmitters that is compatible with their
u
stb
technology stack that includes many layers plant control network.

Ea
and involves many players. Each layer In all these cases, however, the end
Josh
adds complexity, which affects the overall user faces a similar set of challenges with
security and scalability of the system, not to unlocking the full value of equipment data.
mention added labor and cost (Figure 1). First, communication protocols
Fortunately, new technologies themselves impose some limitations.
are coming to the fore that bypass the Proprietary protocols, obviously, inhibit
traditional technology stack. There are interoperability, even if the manufacturer
several key technologies for machine supplies a client application for
integration called MQTT, a lightweight, communication with their device. To enable
publish-subscribe communications protocol true integration, the manufacturer needs to
for the internet of things (IoT). Including offer a custom communications driver that
MQTT as an interface option multiplies can be incorporated into other applications.
the reach of machine data, providing new However, even common industrial
options to end users and even making protocols, like Modbus/TCP or Ethernet/IP,
direct-to-cloud integration a possibility. have limited compatibility with IT systems—

IoT TECHNICAL TIPS
PC workstation
Controller or server
Wire sensor to
Write code Write code Configure
temperature Store data in the cloud
to get data sending to firewall
input or on-premises
database
Write code
Log data
to log data
Install, and Figure 1: Providing even basic equipment information
Sensor
configure
input module to central business applications involves a complex
hierarchy of software and hardware systems.
where data is in highest demand—and require further software and bandwidth, with each making its own connection to field devices and
hardware support for integration. The most common approach requires requesting the same data over and over again.
the use of an open platform communications (OPC) server with drivers for All these one-to-one connections also create security issues, for
each type of protocol in use on the plant network. No problem, right? which traditional industrial protocols and equipment, like PLCs, lack
An unfortunate by-product of this model is that the more the native support (Figure 2). Additional equipment and networking, like
network grows, the more congested it becomes. Poll-response VLANs and firewalls, are required to provide security after the fact.
communication protocols, like the ones mentioned, on control and Unfortunately, with many different protocols in use, network protections
corporate networks send frequent requests for information to maintain become peppered with exceptions or become so restrictive that large-
a sense of the state of the system and to act on the latest data. scale integration is impeded.
Additionally, business applications accessing field data through an OPC Speaking of large-scale integration, these communications systems,
network may be competing with industrial SCADA (supervisory control of course, do not maintain themselves. Every controller, every gateway,
and data acquisition) or historian applications on the control network for every server and firewall, needs to be installed, configured, and updated
It’s not a web page, it’s an

industry information site
So much happens between issues
of R&D World that even another
issue would not be enough to keep
up. That’s why it makes sense to
visit rdworldonline.com and stay
on Twitter, Facebook and Linkedin.
It’s updated regularly with relevant
technical information and other
significant news to the design
engineering community.
rdworldonline.com
over time, rarely by the same person. Not SCADA projects in the oil Figure 2: The typical industrial device contributes to
only does that mean more personnel handling & gas industry. Beginning the complicated web of unsecured, point-to-point
operating system updates and security policy in the early 2010s, MQTT connections that make up industrial networks.
configuration, it also means more cost in grew in popularity to emerge
software licensing and upgrades. in recent years as the top
With the influx of data required for highly IoT-specific protocol. Since applications and IIoT. Rather than establishing
connected, intelligent plant environments, then, it has been enhanced for mission-critical multiple one-to-one connections between
plant engineers are looking for more scalable industrial applications through an additional master applications and slave devices, and
solutions; and OEMs who are looking to the specification, called Sparkplug B (SpB). then polling those devices repeatedly for
future need to consider a different set of What makes MQTT different? Efficiency. information, MQTT establishes a shared server,
integration offerings for their equipment. Cirrus Link Solutions, the company that known as a broker, as the endpoint for all field
developed the SpB spec, reports an 80-95% devices and applications (Figure 3). Devices
ENTER MQTT reduction in bandwidth consumption by users publish data to the broker, but they do so
MQTT, formerly MQ Telemetry Transport, who move to an MQTT infrastructure. only when a change occurs in a given process
was developed in the 1990s under IBM’s MQTT achieves this efficiency using variable—a feature called report by exception.
Smarter Planet initiative to provide bandwidth- a radically different communication model Network applications can connect to the same
efficient I/O communications for distributed from other protocols used for industrial MQTT broker, subscribe to updates from any

IoT TECHNICAL TIPS
device, and the broker will deliver them as they the addition of SSL/TLS encryption, MQTT
occur. If a device goes offline, the broker also traffic can be safely routed over public networks, Figure 3: MQTT creates a secure, highly
delivers that notification to any subscribers. and in fact, is the standard for all the major scalable, many-to-many architecture
This publish-subscribe communication cloud IoT platforms, like Amazon Web Services, for industrial applications and IIoT.
model allows for reliable, many-to-many IBM Cloud, and Microsoft Azure.
communication with reduced network traffic But it is the OEM who unlocks the full Sparkplug B are available in many programming
overall, making MQTT the kind of scalable potential of MQTT for end users, because languages through the Eclipse Paho and Tahu
infrastructure that plant engineers are looking for. direct support for MQTT in field devices and projects, and can be incorporated into PCB
MQTT is also inherently more secure than equipment produces the simplest integration firmware without royalties.
traditional protocols. With the MQTT broker as experience. For manufacturers that use a dedicated
the single node in charge of routing all traffic, gateway as a customer data interface,
data access rights for the entire network can be GET ON THE BANDWAGON there are also MQTT-enabled controllers
managed in one location. And because MQTT Fortunately for manufacturers, MQTT was and I/O gateway options available (Figure
connections are established by the device client, designed for use with resource-constrained 4). This approach can be used to combine
not the MQTT server, there is no need to create devices, and as such, has a simple specification communication functions with real-time control
firewall exceptions for inbound MQTT traffic, with a small in-memory footprint. Open source or visualization in one device, but it also has
even from outside the company network. With reference implementations of MQTT and the advantage of tailoring data processing

Figure 4: As MQTT grows in popularity, more

industrial devices are appearing with embedded
MQTT publishing options (Pictured: Opto 22’s
groov EPIC controller and groov RIO I/O gateway)
and publishing to end user requirements

with greater ease. Where a firmware-based
approach might require downtime to flash
update memory, industrial controllers often
support online editing.
Regardless of which approach you opt for,
don’t overlook Sparkplug B compliance. Many
MQTT device implementations fall short of
this critical mark. SpB guarantees that a device
uses a standard data format and encoding,
improving interoperability, and that it publishes
critical state information, improving reliability
for mission-critical settings.
W H AT ’S I N I T F O R M E ?
There are also direct benefits to OEMs who
provide MQTT support. Just like your end users,
you might be interested in extracting useful
information from your installed equipment base
but likely face a similar set of complications.
Typically, monitoring remote equipment equipment or provide equipment with live data
Author Bio:
requires creating exceptions in local firewalls from external web services. In one case, for
Josh Eastburn, Director of
to permit outside connections through to the example, wind farm operators can use the spot
Technical Marketing
equipment. This can raise security concerns price of electricity to automatically adjust the
with end user IT groups. However, because output level of individual turbines.
After 12 years as an automation
MQTT connections are always device-
engineer working in the
originating, it’s possible to establish secure LEAD THE CHARGE semiconductor, petrochemical,
connections to the outside that are transparent End users struggle with specific pain points
food and beverage, and life
to your customers’ IT policies. around the scope of digital transformation
sciences industries, Josh
MQTT-enabled equipment can be and the obstacles inherent in the traditional
Eastburn works with the
pre-configured to establish a connection technology stack. Traditional communication
engineers at Opto 22 to
to a remote MQTT broker that you technologies will continue to be in demand for
understand the needs of
control, allowing you to securely monitor some time, of course, but by pairing MQTT
tomorrow’s customers. He
equipment usage for billing, regulatory, or with your existing offerings, you give your
is a contributing writer at
troubleshooting purposes. This monitoring customers a way to evolve. As the industry
blog.opto22.com.
can be performed without requiring continues to shift in response to the demand
modifications to your customers’ local security for more data, tools like MQTT give designers
measures and can be done in parallel to their the opportunity to position themselves at the
own data collection. If you opt for a metered front of that transformation.
cellular connection, instead of piggybacking References
on your customer’s network, you can reduce Opto 22, www.opto22.com
your own transmission costs thanks to MQTT’s
low bandwidth requirements. All figures courtesy of Opto 22
Other scenarios are possible as well, like
using a shared MQTT broker connection to
exchange data between multiple pieces of

IoT AND MANUFACTURING
Architectures that help implement

the Industrial Internet of Things
Among the models available to implement the Internet of Things, two standards bodies, the
Industrial Internet Consortium and oneM2M, offer complementary architectural approaches.
Here’s a look at each, and how they work together.
STAFF R EPORT CO M M O N P O IN TS
Successfully implementing an Internet of Things solution requires The IIC offers the IIRA standard as an architecture framework
expertise in a number of areas. Not all companies have such template and methodology for users to identify architectural
expertise so collaboration with members of an IoT ecosystem concerns, concepts, and patterns. The IIRA standard consists of
is often necessary. Two organizations, the oneM2M and the several perspectives, many of which work well with the oneM2M
Industrial Internet Consortium (IIC), are collaborating to “drive standard:
global scale in standards development and avoid standards
balkanization,” notes a recent paper from the IIC. • The business viewpoint is not commonly found in IIoT
The IIC has been working to help accelerate the adoption of architectures, including oneM2M. IIoT designers who leverage the
the Industrial Internet of Things (IIoT). In 2018, the IIC joined with oneM2M common service layer may benefit from the analysis of
the OpenFog Consortium (OFC) to advance edge computing in business concerns as described in this viewpoint.
IoT applications.

• The IIRA functional viewpoint describes This service layer consists of a three-layer IIC’S IIR A
domain and crosscutting functions for IIoT architecture that consists of applications, a The IIRA helps users rapidly install
systems end-to-end. oneM2M defines common services layer (middleware), and interoperable IIoT systems. It identifies and
functions common across industrial verticals. networks. The interfaces between these layers highlights important architectural concerns,
It uses service abstraction within middle layer have a standard format to enable a secure concepts and patterns applicable within and
services to hide device layer complexity and means for connecting data producers and across industrial sectors that might interfere
bridge applications to devices. data consumers. In particular, Machine-to- with interoperability.
Machine (M2M) and IoT applications will likely The IIRA suits system implementers,
• A number of synergies between IIRA and need a common service layer such as this. where it functions as a starting point to
oneM2M show up in the implementation This layer’s functions include device shorten system development. It makes use of
viewpoint. Users can follow the IIRA management, registration and security. reusable, commercially available, or open-
architecture patterns and use oneM2M According to the IIC paper, the layer source system building blocks. Many industrial
common services to support those patterns. “horizontally joins the middle layers of several sectors can take advantage of IIRA, including
separate, heterogenous, vertical IoT solutions, manufacturing, transportation, energy,
• Functional components not covered by to share common capabilities and ensure re- agriculture, healthcare and others. IIRA helps
the common service layer can be part of the usability and economies of scale.” reduce the cost of design and operations by
application layer components in oneM2M A key aspect of this horizontal giving users a common language.
and developed for a specific IIoT system. architecture is enabling cross-silo This standard addresses communication
oneM2M common services can be shared interoperability. Thus, individual IoT solutions architecture concerns with vocabulary,
by different industrial verticals, enabling can share data and resources through structures, patterns and a methodology. It
interoperability across these verticals. common service layer functions. One result is adapts architectural concepts, constructs and
that developers can easily share data between approaches from the ISO/IEC/IEEE 42010-
From a system-usage analysis perspective, applications and reduce dependence on 2011 Systems and Software Engineering—
the IIRA usage viewpoint provides a way single-vendor products. Architecture Description standard. A goal
to analyze how the system is to be used to Both the oneM2M and IIC architectures is to clarify how such a framework can help
achieve its objectives. use similar technologies. They connect to create the reference architecture, and then
various communication systems such as the help create IIoT architectures.
O NEM2M web and RESTful services, Data Distribution According to the paper, architectural
oneM2M is a global standard defining a Service (DDS), OPC UA) and computational concerns are identified and classified into
common service layer with a set of services technologies, such as cloud computing, big four viewpoints per the ISO/IEC/IEEE 42010-
required by IoT systems regardless of data and machine learning. Thus, some of 2011 Systems and Software Engineering—
industry. These services help application the specifications’ elements map to each Architecture Description.
developers focus on building, deploying and other. But there are differences in focus and
commercializing their IoT applications. approach. Here’s a closer look.
The oneM2M organization
has 200 active members. One
of its goals was to develop
a common service layer with
the IoT. This layer sits between
applications, networks, and aids
functions that are needed across
different industry segments.
This common service layer
functions as a layer between an
application’s business logic and
the communications network. It
helps connect end-point devices
and sensors. It also makes it easier
for users of oneM2M specifications
to integrate, design and manage
stack technologies of multiple IoT
applications within a company or in
different industry verticals.

These viewpoints are: reuse for a second or third IoT application. The same logic applies to
• The business viewpoint identifies stakeholders and their business vision, other service enablers necessary for the deployment and management
value and objectives of an IIoT system. Business decision-makers, plant of IoT applications.
managers and IT managers can use this perspective to better understand oneM2M addresses this by using a horizontal model based
and drive IIoT system development for business goals. on a common services layer. This layer includes communications
management, device management and security functions. It makes
• The usage viewpoint describes how the IIoT system will deliver the devices and their data discoverable and accessible to more than
intended business objectives. a single parent application. One benefit of this approach is that it
doesn’t lock users with one vendor.
• The functional viewpoint focuses on the functional components and The common services layer is standard on oneM2M and includes
structure to support the intended uses. It defines the domains most specifications for end-device and gateway entities. Users can deploy
important to consider in an IIoT system and clarifies the relationship native oneM2M systems, which comprise oneM2M compliant
between them along with cross-cutting functions that must be end-devices communicating with one or more oneM2M platforms.
available across many of the system components. Users can also choose systems that include a mix of oneM2M and
proprietary devices. Such an approach may involve interworking proxy
• The implementation viewpoint determines the technologies needed gateways to manage non-oneM2M devices communicating with a
to implement functional components, their communication schemes oneM2M platform.
and their lifecycle procedures. Functionally, oneM2M defines fourteen common service functions
(CSFs). These relate to network connectivity, device security, transport
The IIRA defines system characteristics as system properties and protocols, content serialization, IoT device services and management
behaviors. It bases its definitions on an IIoT system’s constituent sub- and IoT semantic ontologies.
systems, their interactions, and the environment in which they operate. Developers can use each service to focus on application-specific
For example, one system characteristic might be trustworthiness, functions, such as turning a switch on or off. Abstraction techniques
which can include safety, security, privacy, reliability and resilience. can be used to mask the underlying technology specific details, and
Other system characteristics examine how the IIRA functional allow the use of different communications stacks and protocols such
domains work with other systems ranging from edge to cloud as IIoT as HTTP, CoAP and MQTT. For example, a switch might use a fixed or
architectures evolve. Wi-Fi network, a CoAP or HTTP transport. It might use a JSON or XML
Even though IIC and oneM2M take different approaches in serialization technique, an Open Connectivity Foundation (OCF) or
dealing with IoT and IIoT challenges, they share a common objective thread service, or an ontology based on Smart Appliances REFerence
of ensuring interoperability and reusability. The common goal is (SAREF) or W3C’s Thing Description.
to reduce the complexity and costs of designing, developing, and oneM2M offers security-related APIs to simplify security for
deploying IoT systems. devices and applications to secure IoT devices and prevent and
mitigate attacks. This standard is constantly evolving to address new
O NEM2M A RCHITE CTURE IoT requirements.
A common method of implementing IoT in applications is to use silos
in a vertical solution stack. However, this method does not always IIR A AN D O N E M 2 M — W O R K IN G TO G E TH E R
scale well or handle resource reuse well. The IIRA organizes an IIoT system into functional domains and
In an IoT application, if a device management function is crosscutting functions. The functional domains focus on major
implemented for a narrowly defined use, this could easily prevent its system functions that support generic IIoT usages and IIoT system

capabilities. The crosscutting functions • Functions belong to the IIRA distributed in individual devices, gateways and sensors
should be made available across many of data management map to the oneM2M to deliver a standard interface to manage
the system functional components. data management and repository. and interact with applications.
oneM2M centers on the crosscutting In a distributed architecture, oneM2M’s
design approach. It supports a software • In the IIRA map, functions in the common services layer resides in Common
framework for linking IoT applications to connectivity in the crosscutting function Services Entities (CSEs). CSEs control when
value-added services relating to network in both the common services layer and communications occur, taking into account
connectivity, device security, transport the devices (layer) correspond across the any time sensitivity for the data. Developers
protocols, content serialization, IoT device network spans in the oneM2M horizontal can embed CSE function in a gateway
services and management and IoT semantic architecture. The IIRA connectivity functions to place common services closer to the
ontologies. With these services, application directly map to semantics, communication edge of an IoT installation. A complex IoT
developers can focus on application-specific management, network service exposure and installation can involve several gateway CSEs
functions without worrying about the transaction management. interoperating with a cloud-based CSE.
underlying technologies. Finally, an AE is needed for the domain
• Functions in the control domain and application in the enterprise tier. The AE will
The oneM2M common service layer the physical systems in the IIRA map to interact with edge devices and sensors.
functions are: those belonging to things in the one M2M AEs and CSEs offer a standard way
• Functions in the business, information horizontal layer. for devices and sensors to function in a
and application domains, along with cross- network-agnostic manner. They hide the
cutting functions, industrial analytics, and Other functions in the oneM2M services complexity and heterogeneity of network
intelligent and resilient control. These are layer not mentioned may not be described usage from applications, which helps simplify
also available in the IIRA standard. directly in the IIRA or they belong to its implementation for application developers.
lower layer functions.
• The security functions considered in the IIRA A common IIRA architecture pattern IN T E R W O RK I N G
System Characteristics corresponds to the often consists of elements arranged in According to IIC, the introduction of
security function in the oneM2M service layer. three tiers—edge, platform and enterprise. machine-to-machine solutions into industrial
The edge tier includes an edge gateway IoT applications is progressing in three
• Functions in the operations domain and communicating with three devices through phases. Rather than a typical master/
in the distributed data management in the a proximity network. Data and control slave architecture, users link multiple
crosscutting functions in the IIRA map to pathways use a service network to link the proximal networks through cloud-based
functions in the oneM2M common services platform and enterprise tiers. data aggregation and supervisory
layer. These are registration, discovery, An Application Entity (AE) is available control systems. As the IoT market
device management in oneM2M common for each connected sensor and data source. matures, applications will use distributed
services layer. AEs use a standard application service logic architectures. As large-scale deployments

emerge, architectures will need new of multiple connectivity technologies. It will complement
and standard enablers that interlink and interwork various proximal industrial communication
multiple sub-systems to peers and to technologies (e.g. DDS, OPC-UA, WirelessHART, IWLAN)
central cloud systems. to the internet. This permits the use of established
Fundamental to successful standards from the fixed-network, mobile-network and
implementations is the selection of a internet sectors (left-hand side of illustration) to be
core connectivity standard to bridge applied in support of applications from the industrial
applications and devices in an IIoT sector, smart homes and eHealth, for example. It
system. The IICF identifies potential maximizes the re-use of established industry standards.
standards for core connectivity with In light of their respective organizational goals, the
detailed assessment templates to IIC and oneM2M will continue to foster the development
evaluate connectivity technologies. of IoT and IIoT markets. Following the joining of forces
These templates will help developers between the IIC and OFC, the IIC will expand its
choose a IIoT compatible core effort to clarify distributed computing at and near the
standard that fits the application. cyberphysical boundary of IIoT systems and continue to
A core connectivity standard provide an ecosystem for the advancement of the IIoT.
requires standard mappings (i.e.
bridges) to other core connectivity
standards as referred in the IICF.
The source for this information was
Core gateways are the means used to implement these
a paper from the Industrial Internet
standard mappings. This approach limits the number of
Consortium and oneM2M.
core connectivity standards, reducing complexity.
The gateway functions may be simple bridges
converting data and protocols between connectivity
core standards, or they may include more complex
edge computing functions. Edge processors can
perform analytics, data reduction, artificial intelligence,
machine learning, security processing, storage and
other functions. They convert between core connectivity
standards and process the data that passes through the
gateway functions.
The IICF recommends that system architects select
a framework-layer standard for core connectivity. A
framework-layer standard (e.g. DDS, OPC-UA, Web and
RESTful Services) provides the ability to exchange data.
It standardizes the format of the communicated data
and provides more data handling and communication
management capabilities over lower-level transport-
layer standards (e.g. MQTT, CoAP, HTTP). The IICF
provides detailed assessments of several framework-
and transport-layer standards to help system architects
choose the best connectivity technology for their needs.
The IICF addresses syntactic interoperability, but
not the data or information model standards needed
to address what the data means, or its context; for
example, is a data reading about temperature or
pressure? The IIC is working on information model
guidance for future publication. oneM2M, however,
addresses the need for standard information models
and bridging or translating between different framework
layer standards.
The goal of the standardization roadmap for
oneM2M is to provide a protocol abstraction layer on top

AD INDEX
INTERNET OF THINGS HANDBOOK | APRIL 2020
Allied Electronics ........................................................BC Master Bond ................................................................ 11

Beckhoff......................................................................IBC Newark, An Avnet Company ......................................... 3
Coilcraft ....................................................................... 33 Sorbothane .................................................................. 27
Digi-Key ...........................................................Cover, IFC Tadiran ......................................................................... 13
Keystone Electronics Corp. ........................................... 1
SALES LEADERSHIP TEAM
Jami Brownlee Mike Francesconi Publisher

jbrownlee@wtwhmedia.com mfrancesconi@wtwhmedia.com Mike Emich
224.760.1055 630.488.9029 memich@wtwhmedia.com
508.446.1823
Mike Caruso Neel Gleason @wtwh_memich
mcaruso@wtwhmedia.com ngleason@wtwhmedia.com
469.855.7344 312.882.9867 Managing Director
@wtwh_ngleason Scott McCafferty
Bill Crowley smccafferty@wtwhmedia.com
bcrowley@wtwhmedia.com Jim Powers 310.279.3844
610.420.2433 jpowers@wtwhmedia.com @SMMcCafferty
312.925.7793
Jim Dempsey @jpowers_media EVP
jdempsey@wtwhmedia.com Marshall Matheson
216.387.1916 Courtney Nagle mmatheson@wtwhmedia.com
cseel@wtwhmedia.com 805.895.3609
Michael Ference 440.523.1685 @mmatheson
mference@wtwhmedia.com
408.769.1188
@mrference
LD
OR
W
@DESIGN
2014 Winner 2011 - 2019
2014 - 2016 2013 - 2017

Over 32,000
360º images
online now
Front-to-back and side-to-side – get to know your products before clicking “add to cart.”
Allied’s interactive, 360º images give you an extreme close-up of product features and
functions for confidence that what you buy is exactly what will arrive at your doorstep.
It’s all in the details.
1.800.433.5700 Explore 360º at alliedelec.com/spin360

© Allied Electronics, Inc. DBA Allied Electronics & Automation, 2020

Design World - Internet of Things Handbook April 2020 (MagazinePUB - Com) PDF

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Design World - Internet of Things Handbook April 2020 (MagazinePUB - Com) PDF

Uploaded by

Copyright:

Available Formats

™

Spacers & Standoffs Plugs & Jacks Multi-Purpose Hardware

IT’S WHAT’S ON THE INSIDE THAT COUNTS

View our Dynamic Catalog M70 at www.keyelco.com

No, IoT RF radiation

LELAND TESCHLER | EXECUTIVE EDITOR

2 DESIGN WORLD — EE NETWORK 4 • 2020 eeworldonline.com | designworldonline.com

Discover Over a Million

900+ new products

Custom services such as

EDITORIAL PRINT PRODUCTION MARKETING EVENTS

Senior Editor VIDEOGRAPHY SERVICES

Accounts Receivable Specialist

4 DESIGN WORLD — EE NETWORK 4 • 2020 eeworldonline.com | designworldonline.com

6 THREE REAL-WORLD APPLICATIONS FOR PNEUMATICS AND IIoT

10 COMPARING MAGNETIC CORES FOR POWER INDUCTORS

16 THE JOURNEY TOWARDS AUTONOMOUS MANUFACTURING

20 HOW TO TEST USB4 DESIGNS

26 IS PREDICTIVE MAINTENANCE THE ‘KILLER APP’

34 SELECTING THE RIGHT BLUETOOTH LOW ENERGY SoC

38 HOW TO USE MQTT TO OVERCOME OBSTACLES

transformation in the traditional technology stack. While traditional

43 ARCHITECTURES THAT HELP IMPLEMENT THE

eeworldonline.com | designworldonline.com 4 • 2020 5

Maintenance technicians can

Three real-world applications

6 DESIGN WORLD — EE NETWORK 4 • 2020 eeworldonline.com | designworldonline.com

Consider a machine using a safety absorber. As a result, there are shorter or

eeworldonline.com | designworldonline.com 4 • 2020 DESIGN WORLD — EE NETWORK 7

Organizing data pneumatics operations in several ways,

The integration of data-driven predictive maintenance with

8 DESIGN WORLD — EE NETWORK 4 • 2020 eeworldonline.com | designworldonline.com

Boosting energy efficiency

Enabling manufacturing flexibility

Build a path forward

eeworldonline.com | designworldonline.com 4 • 2020 DESIGN WORLD — EE NETWORK 9

Comparing magnetic cores

10 DESIGN WORLD — EE NETWORK 4 • 2020 eeworldonline.com | designworldonline.com

The powder core is safely

12 DESIGN WORLD — EE NETWORK 4 • 2020 eeworldonline.com | designworldonline.com

Remote wireless devices connected to the

Our batteries offer a winning combination:

Super-small radio SoCs are being paired with innovative battery

14 DESIGN WORLD — EE NETWORK 4 • 2020 eeworldonline.com | designworldonline.com

One example of a platform used for

eeworldonline.com | designworldonline.com 4 • 2020 DESIGN WORLD — EE NETWORK 15

The Journey towards

When reﬂecting on the concepts

16 DESIGN WORLD — EE NETWORK 4 • 2020 eeworldonline.com | designworldonline.com

The future of industry 4.0

eeworldonline.com | designworldonline.com 4 • 2020 DESIGN WORLD — EE NETWORK 17

Most plants draw data from

T H E S H I F T F R O M R E A C T I V E T O P R E S C R I P T I V E A I • Identify and save production data. As soon as a plant can

18 DESIGN WORLD — EE NETWORK 4 • 2020 eeworldonline.com | designworldonline.com

To view free educational content, go to www.eeworldonline.com/learning-center

How to test USB4 designs

The test points and + TXp

as spelled out for - -

20 DESIGN WORLD — EE NETWORK 4 • 2020 eeworldonline.com | designworldonline.com

Typical USB4 implementation

PCle Controller USB 2.0 Host

Downstream Facing Port USB Type-C

Upstream Facing Port Composite Cable