You are on page 1of 347

CISC VERSUS RISC

CISC

RISC

Emphasis on hardware

Emphasis on software

Includes multi-clock
complex instructions

Single-clock,
reduced instruction only

Memory-to-memory:
"LOAD" and "STORE"
incorporated in instructions

Register to register:
"LOAD" and "STORE"
are independent instructions

Small code sizes,


high cycles per second

Low cycles per second,


large code sizes

Transistors used for storing


complex instructions

Spends more transistors


on memory registers

ARM LTD

Founded in November 1990


Spun

out of Acorn Computers

Designs the ARM range of RISC processor cores

Licenses ARM core designs to semiconductor partners who fabricate and sell to
their customers.
ARM

does not fabricate silicon itself

Also develop technologies to assist with the design-in of the ARM architecture
Software

tools, boards, debug hardware, application software, bus

architectures, peripherals etc.

ORIGIN OF THE NAME ARM7TDMI

ARM Acron Risc Machine (Now Advanced Risc Machine)

T The Thumb 16 bit instruction set.

D On chip Debug support.

M Enhanced Multiplier

I Embedded ICE hardware to give break point


and watch point support.

9/14/15

ARM
ARM

An

stands for Advanced RISC Machines

ARM processor is basically any 16/32bit microprocessor designed

and licensed by ARM Ltd, a microprocessor design company


headquartered in England, founded in 1990 by Herman Hauser

characteristic feature of ARM processors is their low electric

power consumption, which makes them particularly suitable for use


in portable devices.

It

is one of the most used processors currently on the market

WHY ARM?

The ARM is a 32-bit reduced instruction set


computer (RISC).
It was known as the Advanced RISC Machine,
and before that as the Acorn RISC Machine
ARM processors made them suitable for low
power applications.
This has made them dominant in the mobile and
embedded electronics market as relatively low
cost.

APPLICATIONS
Consumer

electronics including PDAs, mobile


phones, digital media and music players, handheld game consoles, calculators and computer
peripherals such as hard drives and routers.

It

uses innovative architectural design to


achieve high performance with low power
consumption.

It

is highly utilized in mobile and embedded


devices due to its power characteristics and is
one of the most populous processors currently
used..

FEATURES OF LPC2148

PACKAGE:
16/32-bit

ARM7TDMI-S microcontroller in a tiny LQFP64

package.

MEMORY:
8

to 40 kB of on-chip static RAM

32 to 512 kB of on-chip flash program memory.

SPEED:
128

bit wide interface/accelerator enables high speed 60 MHz

operation.

In-System / In-Application Programming (ISP/IAP)


via on-chip boot-loader software.

Single flash sector or full chip erase in 400 ms and


programming of 256 bytes in 1 ms.

USB 2.0 Full Speed compliant Device Controller with


2 kB of endpoint RAM.

In addition, the LPC2146/8 provide 8 kB of on-chip RAM


accessible to USB by DMA.

ADC:

Two 10-bit A/D converters(AD0 and AD1) provide a


total of 14 analog inputs

conversion times as low as 2.44 s per channel.

DAC:
Single

10-bit D/A converter provides variable analog

output.

TIMERS:

Two 32-bit timers/external event counters

Each timer with four capture and four compare channels

PWM unit (six outputs)

Watchdog

timer

RTC:

Low power real-time clock with independent power and


dedicated 32 kHz clock input.

Serial Interfaces:

I2C-bus:

Serial communication:

Two Fast I2C-bus with 400 kbit/s

Two UARTs (16C550)

SPI (Serial Peripheral Interface) and SSP(Synchronous Serial Port)


with buffering and variable data length capabilities

Fast GPIO:

Up to 45 of 5 V tolerant fast general purpose I/O pins in a tiny


LQFP64

package.

INTERRUPTS:
Vectored

interrupt controller with

16 configurable

priorities and vector addresses.


9

edge or level sensitive external interrupt pins

available.

60 MHz maximum CPU clock available from


programmable on-chip PLL with settling time of
100 s.

OSCILLATOR:

On-chip

integrated

oscillator

operates

with

an

external crystal in range from 1 MHz to 30 MHz and with


an external oscillator up to 50 MHz

Power saving modes:

Idle mode
Power-down mode

CPU operating voltage range of 3.0 V to 3.6 V (3.3 V 10


%) with 5 V tolerant I/O pads.

APPLICATIONS

Industrial control

Medical systems

Access control

Point-of-sale

Communication gateway

Embedded soft modem

General purpose applications

MODES AND REGISTERS

PROCESSOR MODES
ARM

has 7 operating modes

-User
-Fast Interrupt Request Mode FIQ

9/14/15

(unprivileged mode under which most tasks run)


(to handle high priority interrupt )
-Interrupt Mode IRQ
(entered when a low priority interrupt is raised )
-Supervisor Mode SVC
(entered on reset or a software interrupt )
-Abort Mode ABT
(used to handle memory access violation)
-Undefined Mode UND
(used to handle undefined instruction)
-System Mode SYS
(uses same registers as user mode)

17

MODES
application program run in User Mode

program in user mode is unable to access


some protected system resources or to change
mode , other than by causing exception

9/14/15

Most

Mode

change can be by
-Software control
-External interrupts
-Exception processing
18

MODES
Modes other than user mode are called privileged

modes

9/14/15

Privileged modes has full access to the system resources


Five of them are called exception modes
-FIQ
-IRQ
-SVC
-ABT
-UND

19

MODES

exception condition

9/14/15

Processor enters into Privileged modes under specific

All the exception Modes uses some additional


registers

,to avoid corrupting the user state when

exception occurs

SYS uses the same no: of registers as the User Mode

20

REGISTER BANK

ARM 7 uses load and store Architecture.

Data has to be moved from memory location to a central set


of registers.
9/14/15

Data processing is done and is stored back into memory.


Register bank contains, general purpose registers to hold
either data or address.
It is a bank of 16 user registers R0-R15 and 2 status
registers.
21

Each of these registers is 32 bit wide.

REGISTERS
has 37 32 bit long registers

9/14/15

ARM

30 general purpose registers


5 dedicated Saved Program Status
Registers
1 dedicated Current Program Status
Register
1 dedicated program counter

22

GENERAL PURPOSE REGISTERS


Can be divided into three groups

Un-banked r0-r7

Banked r8-r14

PC r15

9/14/15

23

UN-BANKED REGISTERS

Registers r0 to r7

Each of these registers address the same physical

9/14/15

registers for all the modes

Completely general purpose registers , with no


uses implied by the architecture
24

BANKED REGISTERS
Registers r8 to r14

physical registers referred to by each of them depends

9/14/15

on the mode of operation

Banked register contents are preserved across


operating mode changes

25

BANKED REGISTERS
r8

to r12
9/14/15

* two banked physical registers each


*one for FIQ and other for all other modes
*referred to as r8_usr to r12_usr & r8_fiq to r12_fiq
r13

& r14

*has six banked registers each


*one in USER & SYS and rest five in each exception
modes
26
*referred to as r13_<mode>/r14_<mode>(for exception modes)

GENERAL PURPOSE REGISTERS

30 32 bit registers

15 general purpose registers are visible at one time ,

9/14/15

depending on the current processor mode ,as r0,r1,r2


r13,r14

r13-conventionally used as stack pointer

r14 conventionally used as link register to store the


27
return address for exception/ sub-routine call

PROGRAM COUNTER

9/14/15

PC is accessed as r15
Incremented by 4 bytes for ARM state and 2 bytes for
THUMB state
Branch instruction loads destination address into the
PC
Can also be loaded using data operation instruction

28

ARM REGISTERS
SYS/USER

CPSR

r0
r1
r2
r3
r4
r5
r6
r7
r8_fiq
r9_fiq
r10_fiq
r11_fiq
r12_fiq
r13_fiq
r14_fiq
r15(PC)
CPSR
SPSR_fiq

SVC

r0
r1
r2
r3
r4
r5
r6
r7
r8
r9
r10
r11
r12
r13_svc
r14_svc
r15(PC)
CPSR
SPSR_svc

ABT

r0
r1
r2
r3
r4
r5
r6
r7
r8
r9
r10
r11
r12
r13_abt
r14_abt
r15(PC)
CPSR
SPSR_abt

IRQ

r0
r1
r2
r3
r4
r5
r6
r7
r8
r9
r10
r11
r12
r13_irq
r14_irq
r15(PC)
CPSR
SPSR_irq

UNDEFINED

9/14/15

r0
r1
r2
r3
r4
r5
r6
r7
r8
r9
r10
r11
r12
r13
r14
r15(PC)

FIQ

r0
r1
r2
r3
r4
r5
r6
r7
r8
r9
r10
r11
r12
r13_und
r14_und
r15(PC)
CPSR29
SPSR_und

CPSR - CURRENT PROGRAM STATUS


REGISTER

CPSR holds

9/14/15

Copies of ALU status flags


The current processor mode
Interrupt disable flag

ALU status flags are used to determine whether


conditional instructions are executed or not
On THUMB capable processors ,the CPSR holds the
current processor state
31

30

29

28

4321

MODE

30

FLAGS

Condition code flags


9/14/15

N(31) *set to bit 31 of the result of the instruction


*N=0 if positive
*N=1 if negative
Z(30) *Z=1 if result is zero
*Z=0 if not zero
C(29) *for addition ,set to 1 if carry occurs & 0 otherwise
*for subtraction ,set to 0 if borrow occurs & 1
otherwise
*for shift operations , C contains the last bit shifted

V (28) *for addition and subtraction V set to 1 if signed 31


overflow
occurs

FLAGS
9/14/15

Control bits
I(7) *when set disables IRQ interrupt
F(6) *when set disables FIQ interrupt
T(5) *on T variants
T=0 ,indicates ARM execution
T=1 ,indicates THUMB execution

32

9/14/15

FLAGS
MODE

BITS (4:0)
M(4:0)
10000
10001
10010
10011
10111
11011
11111

Mode
User
FIQ
IRQ
Superviso
r
Abort
UND
SYS

33

SPSR-SAVED PROGRAM STATUS


REGISTER
Used to store CPSR when an exception is taken

One SPSR is accessible in each of the exception

9/14/15

handling mode

User Mode and System Mode doesnt have SPSR


as they dont handle exceptions
34

BLOCK DIAGRAM

TYPES OF BUSES
AMBA Bus
LOCAL Bus
VPB Bus

CRYSTAL OSCILLATOR

While an input signal of 50-50 duty cycle within a


frequency range from 1 MHz to 50 MHz can be used by
the LPC2141/2/4/6/8 if supplied to its input XTAL1 pin.

This microcontrollers onboard oscillator circuit supports


external crystals in the range of 1 MHz to 30 MHz only.

If the on-chip PLL system or the boot-loader is used, the


input clock frequency is limited to an exclusive range of
10 MHz to 25 MHz.

CRYSTAL OSCILLATOR

The oscillator output frequency is called FOSC

and the ARM processor clock frequency is referred to


as CCLK for purposes of rate equations, etc..

FOSC and CCLK are the same value unless the PLL
is running and connected.

The onboard oscillator in the LPC2141/2/4/6/8 can


operate in one of two modes:
Slave

mode

oscillation

mode.

In slave mode the input clock signal should be


coupled by means of a capacitor of 100 pF with an
amplitude of at least 200mVrms.

The X2 pin in this configuration can be left not


connected. If slave mode is selected, the FOSC signal
of 50-50 duty cycle can range from 1 MHz to 50 MHz

PIN CONFIGURATION

Lpc 2144/6//8 consists 45 GPIO functionality in is 2


port which as

1.

Port0 (P0.0 to P0.31)

2.

Port1 (P1.16 to P1.31)

It consist of 19 different peripherals such as

FUNCTION

PIN

TYPE & DESCRIPTION

D+

10

INPUT/OUTPUT(USB bidirectional D+ line)

D-

11

INPUT/OUTPUT(USB bidirectional D- line)

XTAL1

62

INPUT(Input to the oscillator circuit and


internal clock generator circuits)

XTAL2

61

OUTPUT(Output from the oscillator


amplifier)

RTXC1

INPUT(Input to the RTC oscillator circuit)

RTXC2

OUTPUT(output to the RTC oscillator circuit)

VSS

6, 18,

INPUT ( Ground: 0 V reference)

25,42,50

VSSA
VDD

52

INPUT(Analog Ground: 0 V reference)

23, 43, 51 INPUT(power supply)

VDDA

INPUT(analog power supply)

VREF

63

INPUT(A/D Converter Reference)

VBAT

49

INPUT(RTC power supply)

FUNCTIONALITY OF PINS

FUNCTIONALITY OF PINS

PINSEL0 Pin function select


Read/Write

PINSEL1 Pin function select


Read/Write

0x0000 0000

0x0000 0000

PINSEL2 Pin function select


Read/Write

0x0000 0000

PIN FUNCTION SELECT REGISTER 0


(Pin of
Select Port Pin
Rsister)

1:0

3:2

slection
P0.0

P0.1
10

Function
line
00
01
10
11
00
01
PWM3
11

GPIO Port 0.0


TXD (UART0)
PWM1
Reserved
GPIO Port 0.1
RxD (UART0)
EINT0

5:4

P0.2
01
10

00
GPIO Port 0.2
SCL0 (I2C0)
Capture 0.0 (Timer 0)
11
Reserved

7:6

P0.3
01
10

00
GPIO Port 0.3
SDA0 (I2C0)
Match 0.0 (Timer 0)
11
EINT1

9:8

0)

11:10

P0.4

11
P0.5

11

00
01
10

GPIO Port 0.4 0


SCK0 (SPI0)
Capture 0.1 (Timer

AD0.6
00
GPIO Port 0.5 0
01
MISO0 (SPI0)
10
Match 0.1 (Timer 0)
AD0.7

13:12

P0.6
01
10

15:14

P0.7
01
10
11

00
GPIO Port 0.6 0
MOSI0 (SPI0)
Capture 0.2 (Timer 0)
11
Reserved[1][2]
or AD1.0[3]
00
GPIO Port 0.7
SSEL0 (SPI0)
PWM2
EINT2

17:16

19:18

P0.8

P0.9
01
10
11

00
GPIO Port 0.8
01
TXD UART1
10
PWM4
11
Reserved[1][2]
or AD1.1[3]
00
GPIO Port 0.9
RxD (UART1)
PWM6
EINT3

21:20

P0.10

10
11

orAD1.2[3]

23:22
CTS

00
01

P0.11

GPIO Port 0.10


Reserved[1][2] or RTS
(UART1)[3]
Capture 1.0 (Timer 1)
Reserved[1][2]

00
GPIO Port 0.11
01
Reserved[1][2] or
(UART1)[3]
10
Capture 1.1 (Timer 1)
11
SCL1 (I2C1)

25:24 P0.12 00
GPIO Port 0.12 0
01
Reserved[1][2] or DSR
(UART1)[3]
10 Match 1.0 (Timer 1)
11
Reserved[1][2]
or AD1.3[3]
27:26 P0.13 00 GPIO Port 0.13 0
01 Reserved[1][2] or DTR (UART1)[3]
10 Match 1.1 (Timer 1)
11 Reserved[1][2]
orAD1.4[3]

29:28 P0.14 00
GPIO Port 0.14 0
01
Reserved[1][2] or DCD (UART1)[3]
10 EINT1
11
SDA1 (I2C1)
31:30 P0.15 00 GPIO Port 0.15 0
01 Reserved[1][2] or RI
(UART1)[3]
10 EINT2
11 Reserved[1][2]
orAD1.5[3]

29:28 P0.14 00
GPIO Port 0.14 0
01
Reserved[1][2] or DCD (UART1)[3]
10 EINT1
11
SDA1 (I2C1)
31:30 P0.15 00 GPIO Port 0.15 0
01 Reserved[1][2] or RI (UART1)[3]
10 EINT2
11 Reserved[1][2]
orAD1.5[3]

PIN FUNCTION SELECT REGISTER 1

1:0

P0.16

00

GPIO Port 0.16 0


01
EINT0
10 Match 0.2 (Timer 0)
11
Capture 0.2 (Timer 0)

3:2

P0.17

00 GPIO Port 0.15 0


01 Capture 1.2 (Timer 1)
10 SCK1 (SSP)
11 Match 1.2 (Timer 1)

5:4

P0.18

01
11

7:6

P0.19

00
GPIO Port 0.18 0
Capture 1.3 (Timer 1)
10 Match 0.2 (Timer 0)
MISO1 (SSP)

00 GPIO Port 0.19 0


01 Match 1.2 (Timer 1)
10 MOSI1 (SSP)
11 Capture 1.2 (Timer 1)

9:8

P0.20

01
11

11:10 P0.21

00

GPIO Port 0.20 0


Match 1.3 (Timer 1)
10
SSEL1 (SSP)
EINT3

00 GPIO Port 0.21 0


01 PWM5
10 Reserved[1][2] or
AD1.6[3]
11 Capture 1.3 (Timer 1)

13:12 P0.22

(Timer 0)

15:14 P0.23

00 GPIO Port 0.22 0


01
Reserved[1][2] or
AD1.7[3]
10 Capture 0.0
11 Match 0.0 (Timer 0)
00 GPIO Port 0.23 0
01 VBUS
10 Reserved
11 Reserved

17:16 P0.24

00 Reserved
01 Reserved
10 Reserved
11 Reserved

19:18 P0.25

00 GPIO Port 0.25 0


01 AD0.4
10 Reserved[1] or
Aout(DAC)[2][3]
11 Reserved

21:20 P0.26

00 Reserved
01 Reserved
10 Reserved
11 Reserved

23:22 P0.27

00 Reserved
01 Reserved
10 Reserved
11 Reserved

25:24 P0.28

0)

27:26 P0.29

00 GPIO Port 0.28


01 AD0.1
10 Capture 0.2 (Timer
11 Match 0.2 (Timer 0)
00 GPIO Port 0.29
01 AD0.2
10 Capture 0.3 (Timer 0)
11 Match 0.3 (Timer 0)

29:28 P0.30

00 GPIO Port 0.30


01 AD0.3
10 EINT3
11 Capture 0.0 (Timer 0)

31:30 P0.31

00
GPO Port only
01 UP_LED
10 CONNECT
11 Reserved

PIN FUNCTION SELECT REGISTER 2

GPIO

Every physical GPIO port is accessible via either the


group of registers providing an enhanced features and
accelerated port access or the legacy group of registers

Accelerated GPIO functions:

GPIO registers are relocated to the ARM local bus so that the

fastest possible I/O timing can be achieved

Mask registers allow treating sets of port bits as a group,

leaving other bits unchanged

All registers are byte and half-word addressable

Entire port value can be written in one instruction

Bit-level set and clear registers allow a single


instruction set or clear of any number of bits in
one port

Direction control of individual bits

All I/O default to inputs after reset

Backward compatibility with other earlier devices


is maintained

APPLICATIONS

General purpose I/O

Driving LEDs, or other indicators

Controlling off-chip devices

Sensing digital inputs

GPIO REGISTER MAP

GPIO PORT DIRECTION


REGISTER (IODIR)

This word accessible register is used to control


the direction of the pins when they are configured
as GPIO port pins. Direction bit for any pin must
be set according to the pin functionality.

GPIO PORT PIN VALUE REGISTER


(IOPIN)

This register provides the value of port pins that are


configured to perform only digital functions.

The register will give the logic value of the pin regardless of
whether the pin is configured for input or output, or as GPIO
or an alternate digital function.

As an example, a particular port pin may have GPIO input,


GPIO output, UART receive, and PWM output as selectable
functions.

Any configuration of that pin will allow its current logic state
to be read from the IOPIN register

If a pin has an analog function as one of its options, the pin


state cannot be read if the analog configuration is selected.

Selecting the pin as an A/D input disconnects the digital


features of the pin.
In that case, the pin value read in the IOPIN register is not
valid.

Writing to the IOPIN register stores the value in the port


output register,

bypassing the need to use both the IOSET and IOCLR


registers to obtain the entire written value.

This feature should be used carefully in an application


since it affects the entire port

GPIO PORT OUTPUT SET REGISTER


(IOSET)

This register is used to produce a HIGH level output at the port


pins configured as GPIO in an OUTPUT mode.

Writing 1 produces a HIGH level at the corresponding port pins.

Writing 0 has no effect.

If any pin is configured as an input or a secondary function,


writing 1 to the corresponding bit in the IOSET has no effect.

Reading the IOSET register returns the value of this register, as


determined by previous writes to IOSET and IOCLR (or IOPIN as
noted above).

This value does not reflect the effect of any outside world
influence on the I/O pins.

GPIO PORT OUTPUT CLEAR REGISTER


(IOCLR)

This register is used to produce a LOW level output at


port pins configured as GPIO in an OUTPUT mode.

Writing 1 produces a LOW level at the corresponding


port pin and clears the corresponding bit in the
IOSET register.

Writing 0 has no effect.


If any pin is configured as an input or a secondary
function, writing to IOCLR has no effect.

FAST GPIO

FAST GPIO REGISTER MAP

FAST GPIO PORT MASK REGISTER


(FIOMASK)
This register is available in the enhanced group of
registers only.
It is used to select ports pins that will and will not be
affected by a write accesses to the FIOPIN, FIOSET or
FIOSLR register.
Mask register also filters out ports content when the
FIOPIN register is read.
A zero in this registers bit enables an access to the
corresponding physical pin via a read or write access.
If a bit in this register is one, corresponding pin will not
be changed with
write access and if read, will not be reflected in the
updated FIOPIN register.

REGISTERS OF FAST GPIO

FIODIR:Fast GPIO Port Direction control register.

FIOPIN:Fast Port Pin value register using FIOMASK.

FIOSET:Fast Port Output Set register using FIOMASK.

FIOCLR:Fast
FIOMASK0.

Port

Output

Clear

register

using

GPIO
PROGRAMMING

PROGRAM TO BLINK SINGLE LED


#include<LPC214X.h>
void delay(unsigned int);
int main()
{
IODIR0=0X00000001;
while(1)
{
IOSET0=0X00000001;
delay(20);
IOCLR0=0X00000001;
delay(20);
}
}
void delay(unsigned int i)
{
int j,k;
for(j=0;j<i;j++)
for(k=0;k<1275;k++);
}

PROGRAM TO BLINK 8 LEDS


#include<LPC214X.h>
void delay(unsigned int);
int main()
{
IODIR0=0X000000ff;
while(1)
{
IOSET0=0X000000ff;
delay(20);
IOCLR0=0X0000000ff;
delay(20);
}
}
void delay(unsigned int i)
{
int j,k;
for(j=0;j<i;j++)
for(k=0;k<1275;k++);
}

PROGRAM TO BLINK ALTERNATE


LEDS
#include<LPC214X.h>
void delay(unsigned int);
int main()
{
IODIR0=0X000000ff;
while(1)
{
IOSET0=0X000000aa;
IOCLR0=0X00000055;
delay(20);
IOSET0=0X00000055;
IOCLR0=0X000000AA;
delay(20);
}
}
void delay(unsigned int i)
{
int j,k;
for(j=0;j<i;j++)
for(k=0;k<1275;k++);
}

SWITCH
#include <LPC214X.H>
void delay (unsigned int );
int main()
{
IODIR0=0X00000001;
IODIR0=0X00000000;
while(1)
{
if(IOPIN0==(IOPIN0&0XFFFFFFFE))
{
IOSET0=0X00000100;
delay(1000);
}

else
{
IOCLR0=0X00000100;
delay(1000);
}
}
}
void delay(unsigned int k)
{
unsigned int i,j;
for(i=0;i<1275;i++)
for(j=0;j<k;j++);
}

................SHIFTING BOTHSIDES.......................
#include <LPC214X.H>
void delay(unsigned int a)
{
unsigned int j,k;
for(j=0;j<a;j++)
for(k=0;k<12500;k++);
}
int main()
{
unsigned int i;
PINSEL0=0X00000000;
IODIR0=0X00000000;
while(1)
{
for(i=0;i<30;i++)
{
IOSET0=1<<i;
delay(10);
IOCLR0=1<<i;
}

for(i=30;i>0;i--)
{
IOSET0=1<<i;
delay(10);
IOCLR0=1<<i;
}
}
}

INTERRUPTS IN ARM

INTERRUPT:
An interrupt is a signal from a device
attached to a computer or from a program within the
controller that causes the main program to stop and
figure out what to do next.

Interrupt Service Routine:


An Interrupt service routine is executed when an
interrupt occurs. A section of a program

that takes

control when an interrupt is received and performs the


operations required to service the interrupt.

In total, ARM supports 32 interrupt request inputs.

In ARM, special controller is incorporated to deal with


the

interrupts

called

VECTORED

INTERRUPT

CONTROLLER.

The AMBA(Advanced High Performance Bus) is used


for interface to the Vectored interrupt controller to the
core processor ARM7TDMI-S

The Vectored Interrupt controller(VIC) takes 32 interrupt


request inputs and assigned

them programmable into 3

categories namely

FIQ

Vectored IRQ

Non Vectored IRQ

The priorities of interrupts from the various peripherals can be


dynamically assigned and adjusted.

In usual,

Fast Interrupt request (FIQ) requests have the highest


priority.

Vectored IRQs have the middle priority.

Non-vectored IRQs have the lowest priority.

All registers in the VIC are word registers. Byte


and halfword reads and write are not supported.

INTERRUPT

SOURCES:

Each peripheral device has one interrupt line


connected to the Vectored Interrupt Controller, but
may have several internal interrupt flags. Individual
interrupt flags may also represent more than one
interrupt source.

Connection to interrupt sources to the VIC


:

VIC REGISTER MAP

VIC REGISTERS

The VIC registers in the order in which they are used


in the VIC logic, from those closest to the interrupt
request inputs to those most abstracted for use by
software. This is also the best order to read about the
registers
when learning the VIC.
Software Interrupt register (VICSoftInt0xFFFFF018)
The contents of this register are ORed with the 32
interrupt requests from the various peripherals, before
any other logic is applied.

Software Interrupt Clear register (VICSoftIntClear - 0xFFFF F01C)


This register allows software to clear one or more bits in the
Software Interrupt register, without having to first read it.

Raw Interrupt Status Register (VICRawIntr0xFFFFF008)


This is a read only register. This register reads out the
state of the 32 interrupt requests and software interrupts,
regardless of enabling or classification.

Interrupt Enable register (VICIntEnable 0xFFFFF010)


This is a read/write accessible register. This register
controls which of the 32 interrupt requests and software
interrupts contribute to FIQ or IRQ.

interrupts to contribute to FIQ or IRQ, zeroes have no effect

Interrupt Enable Clear register (VICIntEnClear - 0xFFFF F014)

This is a write only register. This register allows software to clear


one or more bits in the Interrupt Enable register (see Interrupt Enable
register (VICIntEnable-0xFFFF F010), without having to first read it.

Interrupt Select Register(VICIntSelect-0xFFFFF00C)

This is a read/write accessible register. This register


classifies each of the 32 interrupt requests as contributing to
FIQ or IRQ.

IRQ Status Register (VICIRQ Status-0xFFFFF000)


This is a read only register. This register reads out the
state of those interrupt requests that are enabled and
classified as IRQ. It does not differentiate between vectored
and non-vectored IRQs

FIQ Status Register: (VICFIQStatus - 0xFFFFF004)


This is a read only register. This register reads out
the state of those interrupt requests that are enabled
and classified as FIQ. If more than one request is
classified as FIQ, the FIQ service routine can read this
register to see which request(s) is (are) active.

Vector Control registers 0-15 (VICVectCntl0-15- 0xFFFF


F200-23C)
These are a read/write accessible registers. Each of
these registers controls one of the 16 vectored IRQ slots.
Slot 0 has the highest priority and slot 15 the lowest. Note
that disabling a vectored IRQ slot in one of the
VICVectCntl registers does not disable the
interrupt itself, the interrupt is simply changed to the nonvectored form.

Vector Address registers 0-15 (VICVectAddr0-150xFFFF F100-13C)


These are a read/write accessible registers. These
registers hold the addresses of the Interrupt Service
routines (ISRs) for the 16 vectored IRQ slots.

Default Vector Address Register (VICDefVectAddr 0xFFFF F034)


This is a read/write accessible register. This
register holds the address of the Interrupt Service
routine (ISR) for non-vectored IRQs.

Vector Address Register (VICVectAddr -0xFFFFF030)


This is a read/write accessible register. When an IRQ
interrupt occurs, the IRQ service routine can read this
register and jump to the value read.

SERIAL COMMUNICATION

Parallel transmission:
Data is sent 8 bits (byte) at a time over 8 data lines.
A few handshaking lines may be needed. One uses a 25-pin
D-shell connector and cable(DB-25 or equivalent)
Serial transmission:
Data is sent one bit at a time over one data line. In theory and
principle one needs only two lines for data, one for the signal
and the other for ground. A few clock and handshaking lines
are needed and in many PCs a 9-pin connector is used.

SERIAL COMMUNICATION TYPES


Asynchronous
Synchronous
Transfer:

Simplex
Half duplex
Full duplex

ASYNCHRONOUS DATA

Synchronous Data

UART:

UART means Universal Asynchronous Receiver and


Transmitter
8051 have single UART
In LPC2148 have two UART

SERIAL COMMUNICATION IN LPC2148

UART

UART0 BLOCK DIAGRAM

FEATURES OF UART IN LPC2148


16 byte Receive and Transmit FIFOs
Register locations conform to 550 industry standard.
Receiver FIFO trigger points at 1, 4, 8, and 14 bytes.
Built-in fractional baud rate generator with autobauding
capabilities.
Mechanism that enables software and hardware flow
control implementation

PIN DESCRIPTION

UART0 pin description


Pin

Type

RXD0

Input

TXD0

Output

Description
Serial Input. Serial receive data.
Serial Output. Serial transmit data.

UART0 REGISTER MAP

RECEIVER BUFFER REGISTER

The Divisor Latch Access Bit (DLAB) in U0LCR must be zero


in order to access the U0RBR. The U0RBR is always Read
Only.

TRANSMIT HOLDING REGISTER

The Divisor Latch Access Bit (DLAB) in U0LCR must be zero in


order to access the U0THR. The U0THR is always Write Only.

DIVISOR LATCH LSB

The UART0 Divisor Latch LSB Register, along with the U0DLM
register, determines the baud rate of the UART0. similarly
DLM also

BAUDRATE CALCULATION

UART0 BAUDRATE CALCULATION


By using this formula we can calculate baudrate
Examples

INTERRUPT ENABLE REGISTER


The U0IER is used to enable UART0 interrupt sources.

INTERRUPT IDENTIFICATION
REGISTER

FIFO CONTROL REGISTER

LINE CONTROL REGISTER

LINE STATUS REGISTER

FRACTIONAL DIVIDER REGISTER

TRANSMIT ENABLE REGISTER

SERIAL COMMUNICATION
PROGRAMS

SERIAL TRANSMISSION PROGRAM


#include<LPC214X.H>
void sercon(void);
int main()
{
sercon();
while(1)
{
U0THR='A';
while(!(U0LSR&0X40));
}
}
void sercon(void)
{
PINSEL0=0X00000005;
U0LCR=0X83;
U0DLL=0X061;
U0LCR=0X03;
}

SERIAL RECEPTION PROGRAM


#include<LPC214X.H>
void sercon(void);
int main()
{
unsigned char X;
sercon();
while(1)
{
while(!(U0LSR&0X01));
X=U0RBR;
U0THR=X;
while(!(U0LSR&0X40));
}
}

void sercon(void)
{
PINSEL0=0X00000005;
U0LCR=0X83;
U0DLL=0X061;
U0LCR=0X03;
}

SERIAL INTERRUPT
#include <LPC214X.H>
void uart0(void)__irq
{
if(U0IIR==0x00000002)
{
U0THR='Y';
while(!(U0LSR&0x40));
VICIntEnClr=0x00000040;
}
}
void serial()
{
PINSEL0=0x00000005;
U0LCR=0x83;
U0DLL=97;
U0LCR=0x03;

VICIntEnable=0x00000040;
U0IER=0x00000002;
VICVectAddr0=(unsigned)uart0;
VICVectCntl0=0x00000026;
}
int mian()
{
serial();
while(1)
{
U0THR='A';
while(!(U0LSR&0x40));
}
}

LIQUID CRYSTAL
DISPLAY

16X2 LCD

PIN DIAGRAM OF LCD

PIN DESCRIPTION OF LCD


RS:REGISTER SELECT

there are two registers inside the LCD.

Command Register and Data Register.

RS pin is used for their selection.

if RS=0, command register is selected.

if RS=1, data register is selected.

PIN DESCRIPTION OF LCD


R/W: READ/WRITE

Allows user to read the information from the LCD and write the
information to the LCD.
R/W=1 when reading
R/W=0, when writing

E: ENABLE

used by the LCD to latch the information from its data lines.

a high to low pulse must be applied to this pin to receive data.

this pulse must be 450ns wide.

PIN DESCRIPTION OF LCD


VCC: +5V POWER SUPPLY
VSS: GROUND
VEE: TO CONTROL LCD CONTRAST.
D0-D7: 8 Bit data pins used to send
to the LCD or read the
internal

registers.

information

contents of the LCDs

LCD COMMANDS
0x38: 2 lines and 5x7 matrix
0x01: clear display screen
0x0E: display on, cursor blinking
0x06: increment cursor(shift cursor to right)
0x80: force cursor to beginning of 1st line
0xC0: force cursor to beginning of 2nd line

ALGORITHM TO SEND DATA TO LCD

1.Make R/W low

2.Make RS=0 ;if data byte is command


RS=1 ;if data byte is data (ASCII value)

3.Place data byte on data register

4.Pulse E (HIGH to LOW)

5.Repeat the steps to send another data byte

LCD PROGRAM

LCD PROGRAM
#include <LPC214X.H>
#define rs 0x00010000
#define en 0x00020000
void strlcd(unsigned char *);
void lcdcmd(unsigned char y);
void lcddata(unsigned char y);
void msdelay(unsigned int k);
int main()
{
IODIR1=0X003F0000;
msdelay(100);

lcdcmd(0x28);
msdelay(100);
lcdcmd(0x0E);
msdelay(100);
lcdcmd(0x01);
msdelay(100);
lcdcmd(0x06);
msdelay(100);
lcdcmd(0x80);
msdelay(100);
lcddata('I');
msdelay(100);
lcdcmd(0xc0);
msdelay(100);
strlcd("welcome to krest");
msdelay(100);
}

void strlcd(unsigned char *P)


{
while(*P!='\0')
{
lcddata(*P++);
}
}
void lcdcmd(unsigned char y)
{
unsigned char temp,temp1;
temp=0xf0 & y;
temp1=0x0f & y;
IOCLR1=0X003F0000;
IOSET1=temp<<14;
IOSET1|=en;
msdelay(10);

IOCLR1=en;
IOCLR1=0X003F0000;
IOSET1=temp1<<18;
IOSET1|=en;
msdelay(10);
IOCLR1=en;
}
void lcddata(unsigned char y)
{
unsigned char temp,temp1;
temp=0xf0 & y;
temp1=0x0f & y;
IOCLR1=0X003F0000;
IOSET1=temp<<14;
IOSET1|=rs;
IOSET1|=en;
msdelay(10);
IOCLR1=en;
IOCLR1=0X003F0000;

IOSET1=temp1<<18;
IOSET1|=rs;
IOSET1|=en;
msdelay(10);
IOCLR1=en;
}
void msdelay(unsigned int k)
{
unsigned int i,j;
for(i=0;i<k;i++)
for(j=0;j<1275;j++);
}

ANALOG TO DIGITAL
CONVERTER

In the worldwide everything is in physical


quantity
Temperature
Pressure
Velocity
Humidity

N-BIT RESOLUTION
No.of bits

no.of steps

step size(mv)

8-bits

256

19.53

10-bits

1024

4.88

12-bits

4096

1.2

16-bits

65,536

0.076

TYPES OF ADC

PARALLEL ADC
- number of output lines

SERIAL ADC
- single output line

FEATURES

10 bit successive approximation analog to digital converter (one in


LPC2141/2 and two in LPC2144/6/8).

Input multiplexing among 6 or 8 pins (ADC0 and ADC1).

Power-down mode.

Measurement range 0 V to VREF (typically 3 V; not to exceed


VDDA voltage level).

10 bit conversion time 2.44 s.

Burst conversion mode for single or multiple inputs.

Optional conversion on transition on input pin or Timer Match


signal.

Global Start command for both converters (LPC2144/6/8 only).

DESCRIPTION

Basic clocking for the A/D converters is provided


by the VPB clock.

A programmable divider is included in each


converter, to scale this clock to the 4.5 MHz (max)
clock needed by the successive approximation
process.

A fully accurate conversion requires 11 of these


clocks.

ADC PIN DESCRIPTION

ADC0
-AD0.7:6 & AD0.4:1

ADC1
-AD1.7:0

Vref

-PIN no. 63

VDDA -PIN no. 7

VSSA -PIN no. 52

REGISTER DESCRIPTION

ADCR: A/D Control Register.


-7:0 bits select(which pin used for convert)
-15:8bits CLKDIV (PCLK is divided by to produce
the clock for A/D converter)
-16 bit burst (when this bit=1 conversion will not
completed)
-19:17bits CLKS (selects the no. of clocks used for
each conversion in burst mode)

Register description
-20bit reserved
-21bit PDN (powerdown mode)
-23:22bit reserved
-26:24bits START(when the burst is zero)
-27bit EDGE (raising or falling)
-31:28bits reserved

ADGDR: A/D Global Data Register


-5:0bits reserved
-15:6bits RESULT
-23:16bits reserved
-26:24bits channel
-29:27 reserved
-30bit OVERRUN
-31bit DONE

ADGSR: ADGSR A/D Global Start Register.


-15:0bits reserved
-16bit BURST
-23:17bits reserved
-26:24bits START
-27bits EDGE
-31:28bits reserved

ADSTAT: A/D Status Register.


-7:0bits DONE7 : DONE0
-15:8bits OVERRUN7 : OVERRUN0
-16bit ADINT(A/D interrupt flag)
-31:17bits reserved

ADINTEN: ADINTEN A/D Interrupt Enable


Register
-8:0bits (0-end of a conversion on ADC

Channel 0 will not generate an interrupt)

Remaining bits reserved

ADDR (ADDR0 to ADDR7):s A/D Channel 0 to 7


Data Register.
-5:0bits reserved
-15:6bits RESULT
-29:16bits reserved
-30bit OVERRUN
-31bit DONE

DAC

FEATURES OF DAC

10 bit digital to analog converter

Resistor string architecture

Buffered output

Power-down mode

Selectable speed vs. power

DAC PIN DESCRIPTION

AOUT: Analog Output. After the selected settling time


after the DACR is written with a new value, the voltage
on this pin (with respect to VSSA) is VALUE/1024 *VREF.

VREF: Voltage Reference. This pin provides a voltage


reference level for the D/A converter.

VDDA,VSSA: Analog Power and Ground. These


should be nominally the same voltages as V3 and VSSD,
but should be isolated to minimize noise and error

DAC REGISTER (DACR)

This read/write register includes the digital value to be


converted

to analog, and

a bit that

trades

off

performance vs. power.

Bits 5:0 are reserved for future, higher-resolution D/A


converters.

RTC
(REAL TIME CLOCK)

FEATURES OF RTC:
Measures

the passage of time to maintain a calendar and

clock.

Ultra Low Power design to support battery powered


systems.

Provides

Seconds, Minutes, Hours, Day of Month, Month,

Year, Day of Week, and Day of Year.


Dedicated

32 kHz oscillator or programmable prescaler

from VPB clock.


Dedicated

power supply pin can be connected to a battery

or to the main 3.3 V.

RTC

The Real Time Clock (RTC) is a set of counters for measuring time
when system power is on, and optionally when it is off.

It uses little power in Power-down mode. On the LPC2141/2/4/6/8,


the RTC can be clocked by a separate 32.768 KHz oscillator, or by a
programmable prescale divider based on the VPB clock.

The RTC is powered by its own power supply pin, VBAT, which can be
connected to a battery or to the same 3.3 V supply used by the rest of
the device.

RTC BLOCK DIAGRAM

REGISTERS CLASSIFICATION:
The

RTC includes a number of registers. The address

space is split into four sections by functionality.


The

first eight addresses are the Miscellaneous

Register Group.
The

second set of eight locations are the Time Counter

Group.
The

third set of eight locations contain the Alarm

Register Group.
The

remaining registers control the Reference Clock

Divider.

INTERRUPT LOCATION REGISTER (ILR ):


o

The Interrupt Location Register is a 2-bits


(used)register that specifies which blocks are
generating an interrupt .

Writing a one to the appropriate bit clears the


corresponding interrupt.

Writing a zero has no effect.

This allows the programmer to read this register


and write back the same value to clear only the
interrupt that is detected by the read.

CLOCK TICK COUNTER REGISTER (CTCR)

The Clock Tick Counter is read only. It can be reset to


zero through the Clock Control Register (CCR).

The CTC consists of the bits of the clock divider


counter.

CLOCK CONTROL REGISTER (CCR )

The clock register is a 5-bit register that controls the


operation of the clock divide circuit.

COUNTER INCREMENT INTERRUPT


REGISTER (CIIR ) :

The Counter Increment Interrupt Register (CIIR) gives


the ability to generate an interrupt every time a counter
is incremented.

This interrupt remains valid until cleared by writing a


one to bit zero of the Interrupt Location Register
(ILR[0]).

ALARM MASK REGISTER (AMR ) :


o

The Alarm Mask Register (AMR) allows the user to


mask any of the alarm registers.
For the alarm function, every non-masked alarm
register must match the corresponding time counter
for an interrupt to be generated.
The interrupt is generated only when the counter
comparison first changes from no match to match.
The interrupt is removed when a one is written to the
appropriate bit of the Interrupt Location Register
(ILR).
If all mask bits are set, then the alarm is disabled.

CONSOLIDATED TIME REGISTER 0 (CTIME0) :

The values of the Time Counters can optionally be read in a


consolidated format which allows the programmer to read all
time counters with only three read operations.

The various registers are packed into 32-bit values

The least significant bit of each register is read back at bit 0, 8,


16, or 24.

The Consolidated Time Registers are read only.


To write new values to the Time Counters, the Time Counter
addresses should be used.

The Consolidated Time Register 0 contains the low order time


values: Seconds, Minutes, Hours, and Day of Week.

CONSOLIDATED TIME REGISTER 1 (CTIME1) :

The Consolidate Time register 1 contains the Day of


Month, Month, and Year values.

CONSOLIDATED TIME REGISTER 2


(CTIME2 ) :

The Consolidate Time register 2 contains just the Day


of Year value.

TIME COUNTER GROUP :

The time value consists of the following eight counters and


these counters can be read or written at the locations as
shown below.

These values are simply incremented at the appropriate


intervals and reset at the defined overflow point.

They are not calculated and must be correctly initialized in


order to be meaningful.

ALARM REGISTER GROUP :

The alarm registers are shown below, the values in these


registers are compared with the time counters.

Alarm registers match their corresponding time counters


then an interrupt is generated. The interrupt is cleared
when a one is written to bit one of the Interrupt Location
Register (ILR[1]).

REFERENCE CLOCK DIVIDER


(PRESCALER) :

The reference clock divider (prescaler) allows generation of


a 32.768 kHz reference clock from any peripheral clock
frequency greater than or equal to 65.536 kHz (2 32.768
kHz).

This permits the RTC to always run at the proper rate


regardless of the peripheral clock rate.

Basically, the Prescaler divides the peripheral clock


(PCLK) by a value which contains both an integer portion
and a fractional portion.

The result is not a continuous output at a constant frequency,


some clock periods will be one PCLK longer than others.

overall result can always be 32,768 counts per second

The reference clock divider consists of a 13-bit integer counter


and a 15-bit fractional counter.

PRESCALER INTEGER REGISTER (PREINT ) :


This is the integer portion of the prescale value, calculated as:
PREINT = int (PCLK / 32768) 1.
The value of PREINT must be greater than or equal to 1.

PRESCALER FRACTION REGISTER (PREFRAC) :

This is the fractional portion of the prescale value,


and may be calculated as:
PREFRAC = PCLK ((PREINT + 1) 32768).

I2C

FEATURES

Standard I2C compliant bus interfaces that may be


configured as Master, Slave, or

Master/Slave.

Arbitration

between

simultaneously

transmitting

masters without corruption of serial data on the bus.

Programmable clock to allow adjustment of I2C transfer


rates.

Bidirectional data transfer between masters and slaves.

Serial clock synchronization allows devices with


different bit rates to communicate via one serial bus.

Serial clock synchronization can be used as a


handshake mechanism to suspend and
resume serial transfer.

The I2C-bus may be used for test and diagnostic


purposes

TECHNOLOGIES

TECHNOLOGIES
Wireless Communication

IR & RF

ZIGBEE

Mobile communication

GSM & GPS

Security Access
RFID & SMART CARD
MEMS ACCELEROMETER

ZigBee Technology

WHAT IS ZIGBEE ?
ZigBee

is a wireless networking technology.


ZigBee is the set of specifications built around
the IEEE 802.15.4 wireless protocol.
ZigBee technology is a low data rate, low power
consumption, low cost, wireless networking
protocol targeted towards automation and
remote control applications.
ZigBee ideal for harsh radio environments in
isolated locations.

NEED FOR
ZIGBEE
ZigBee

was created to satisfy the market's need


of a standards-based wireless network that is
cost-effective
supports low data rates
low power consumption
secure and reliable

ZigBee

is the only wireless standards-based


technology:
that addresses the unique needs of remote monitoring &
control, and sensory network applications.
enables broad-based deployment of wireless networks with low
cost, low power solutions.
provides the ability to run for years on inexpensive primary
batteries for a typical monitoring application

ZIGBEE
ALLIANCE
The

ZigBee Alliance is an association of


companies working together to enable
reliable, cost-effective, low-power, wirelessly
networked, monitoring and control products
based on an open global standard ( IEEE
802.15.4 PAN )
Open and global
Anyone can join and participate
Membership is global

WHY THE NAME ZIGBEE ?

The name "ZigBee" is derived from the erratic zig


zag patterns many bees make between flowers when
collecting pollen. This is suggestive of the invisible
webs of connections existing in a fully wireless
environment, similar to the way packets would move
through a mesh network.

IEEE 802.15.4 WPAN


Wireless

personal area networks (WPANs)


are used to convey information over relatively
short distances.
The main features of this standard are
network flexibility, low cost, very low power
consumption, and low data rate in an adhoc
self-organizing network among inexpensive
fixed, portable and moving devices

ZIGBEE
CHARACTERISTICS

ZigBee operates is one of three license free bands

2.4 GHz, 915 MHz for North America, and 868 MHz for Europe

At 2.4 GHZ, there are a total of 16 channels available


with a maximum data transfer of 250 kbps
At 915 MHz: 10 channels for a max 40 kbps transfer
rate
At 868 MHz: 1 channel for a max 20 kbps transfer rate
ZigBee incorporates a CSMA-CA protocol

This protocol that reduces the probability of interfering with


other users and automatic retransmission of data ensures
robustness.
Yields high throughput and low latency for low duty cycle
devices like sensors and control.

ZIGBEE CHARACTERISTICS
Multiple topologies : star, peer-to-peer, mesh topologies
Low power consumption with battery life ranging from
months to years
128-bit AES encryption Provides secure connections
between devices
Addressing space of up to 64 bit IEEE address devices
Up to 65,535 nodes on a network
Optional guaranteed time slot for applications
requiring low latency
Fully reliable hand-shake protocol for transfer
reliability
Range: 10 to 100m. Typical (Up to 400m max.)

DEVICE TYPES
There are three different ZigBee device types
The ZigBee (PAN) coordinator node
The Full Function Device (FFD)
The Reduced Function Device (RFD)

ZIGBEE TOPOLOGY

ZigBee Supports 3 Topologies


Star topology
Peer to Peer topology
Cluster Tree or Mesh Topology

STAR TOPOLOGY

PEER TO PEER
TOPOLOGY

CLUSTER TREE
TOPOLOGY

ZIGBEE ARCHITECTURE
ZigBee Application
layer
ZigBee Network
layer
802.15.4 MAC
802.15.PHY
868 /
915MHz

802.15.4
PHY
2.4 Ghz

I
E
E
E

ZigBee
ALLIANCE

NETWORK LAYER AND APPLICATION


LAYER
This

level in the ZigBee architecture includes

The ZigBee Device Object (ZDO)

User-Defined Application Profile(s)

The Application Support (APS) Sub-layer.

PHY LAYER
The PHY

service enables the transmission and


reception of PHY protocol data units (PPDU) across the
physical radio channel.
The features of the IEEE 802.15.4 PHY physical layer
are
Activation and deactivation of the radio transceiver,
energy detection (ED),
Link quality indication (LQI),
Clear channel assessment (CCA),
Channel selection.

MAC LAYER
The MAC

service enables the transmission


and reception of MAC protocol data units
(MPDU) across the PHY data service.
The features of MAC sub layer are
Beacon Management,
CSMA-CA Mechanism,
GTS management,
Acknowledged frame delivery,

DATA TRANSFER
Information

in a ZigBee network is transferred

in packets
Each packet has a maximum size of 128 bytes,
allowing for a maximum payload of 104 bytes.
The ZigBee specification supports a maximum
data transfer rate of 250 kbps for a range of up
to 100 meters
A ZigBee network has an optimal super frame
structure with a method for time synchronization
For priority messages, a guaranteed time slot
mechanism has been incorporated . This allows
high priority messages to be sent across the
network as rapidly as possible.

DATA TRANSFER

BEACON MODE

NON-BEACON MODE

DATA TRANSFER

BEACON MODE

NON-BEACON MODE

ZIGBEE MESH
NETWORKING

TECHNOLOGY COMPARISIONS

PRESENTATION ON GSM
NETWORK

WHAT IS GSM ?
Global System for Mobile (GSM) is a second
generation cellular standard developed to cater
voice services and data delivery using digital
modulation

GSM: HISTORY

Developed by Group Spciale Mobile (founded 1982) which was an

initiative of CEPT ( Conference of European Post and


Telecommunication )

Aim : to replace the incompatible analog system


Presently the responsibility of GSM standardization resides with special
mobile group under ETSI ( European telecommunication Standards
Institute )
Full set of specifications phase-I became available in 1990
Under ETSI, GSM is named as Global System for Mobile
communication
Today many providers all over the world use GSM (more than 135
countries in Asia, Africa, Europe, Australia, America)
More than 1300 million subscribers in world and 45 million subscriber in
India.

GSM IN WORLD

3%

Figures: March, 2005

Arab World

3%

Asia Pacific
3%

3% (INDIA)

Africa
East Central Asia

4%

37%

Europe
Russia

43%

1%

4%

India
North America
South America

GSM IN INDIA
Figures: March 2005

Aircel
4%

Reliance
3%
MTNL
Spice
2%
4%

BPL
6%

Bharti
Bharti
27%

BSNL
Hutch
IDEA
BPL

IDEA
13%

Aircel
Hutch
19%

BSNL
22%

Spice
Reliance
MTNL

GSM SERVICES
Tele-services
Bearer

or Data Services
Supplementary services

TELE SERVICES
Telecommunication services that enable voice communication
via mobile phones
Offered services
- Mobile telephony
- Emergency calling

BEARER SERVICES
Include various data services for information
transfer between GSM and other networks like
PSTN, ISDN etc at rates from 300 to 9600 bps
Short Message Service (SMS)
up to 160 character alphanumeric data
transmission to/from the mobile terminal

Unified Messaging Services(UMS)


Group 3 fax
Voice mailbox
Electronic mail

SUPPLEMENTARY SERVICES
Call related services :
Call Waiting- Notification of an incoming call while on the handset
Call Hold- Put a caller on hold to take another call
Call Barring- All calls, outgoing calls, or incoming calls
Call Forwarding- Calls can be sent to various numbers defined by the user
Multi Party Call Conferencing - Link multiple calls together
CLIP Caller line identification presentation
CLIR Caller line identification restriction
CUG Closed user group

PSTN
ISDN
PDN

GSM SYSTEM ARCHITECTURE


BSC
MS

BTS
MSC
GMSC

BTS

BSC
VLR

MS

EIR

BTS
MS

AUC

HLR

GSM SYSTEM ARCHITECTURE-I


Mobile Station (MS)

Mobile Equipment (ME)


Subscriber Identity Module (SIM)

Base Station Subsystem (BSS)


Base Transceiver Station (BTS)
Base Station Controller (BSC)

Network Switching Subsystem(NSS)


Mobile Switching Center (MSC)
Home Location Register (HLR)
Visitor Location Register (VLR)
Authentication Center (AUC)
Equipment Identity Register (EIR)

SYSTEM ARCHITECTURE
MOBILE STATION (MS)

The Mobile Station is made up of two entities:


1.

2.

Mobile Equipment (ME)


Subscriber Identity Module (SIM)

SYSTEM ARCHITECTURE
MOBILE STATION (MS)
Mobile Equipment

Portable,vehicle mounted, hand held device


Uniquely identified by an IMEI (International
Mobile Equipment Identity)
Voice and data transmission
Monitoring power and signal quality of
surrounding cells for optimum handover
Power level : 0.8W 20 W
160 character long SMS.

SYSTEM ARCHITECTURE
MOBILE STATION (MS) CONTD.
Subscriber Identity Module (SIM)

Smart card contains the International Mobile


Subscriber Identity (IMSI)
Allows user to send and receive calls and
receive other subscribed services
Encoded network identification details
- Key Ki,Kc and A3,A5 and A8 algorithms
Protected by a password or PIN
Can be moved from phone to phone contains
key information to activate the phone

SYSTEM ARCHITECTURE
BASE STATION SUBSYSTEM (BSS)
Base Station Subsystem is composed of two parts that
communicate across the standardized Abis interface
allowing operation between components made by
different suppliers
1.
2.

Base Transceiver Station (BTS)


Base Station Controller (BSC)

SYSTEM ARCHITECTURE
BASE STATION SUBSYSTEM (BSS)
Base Transceiver Station (BTS):

Encodes,encrypts,multiplexes,modulates and
feeds the RF signals to the antenna.
Frequency hopping
Communicates with Mobile station and BSC
Consists of Transceivers (TRX) units

SYSTEM ARCHITECTURE
BASE STATION SUBSYSTEM (BSS)
Base Station Controller (BSC)

Manages Radio resources for BTS


Assigns Frequency and time slots for all MSs in its area
Handles call set up
Transcoding and rate adaptation functionality
Handover for each MS
Radio Power control
It communicates with MSC and BTS

SYSTEM ARCHITECTURE
NETWORK SWITCHING SUBSYSTEM(NSS)
Mobile Switching Center (MSC)

Heart of the network


Manages communication between GSM and other networks
Call setup function and basic switching
Call routing
Billing information and collection
Mobility management
- Registration
- Location Updating
- Inter BSS and inter MSC call handoff
MSC does gateway function while its customer roams to other
network by using HLR/VLR.

SYSTEM ARCHITECTURE
NETWORK SWITCHING SUBSYSTEM

Home Location Registers (HLR)


- permanent database about mobile subscribers in a large service
area(generally one per GSM network operator)
database contains IMSI,MSISDN,prepaid/postpaid,roaming
restrictions,supplementary services.

Visitor Location Registers (VLR)

Temporary database which updates whenever new MS enters its


area, by HLR database
Controls those mobiles roaming in its area
Reduces number of queries to HLR
Database contains IMSI,TMSI,MSISDN,MSRN,Location
Area,authentication key

SYSTEM ARCHITECTURE
NETWORK SWITCHING SUBSYSTEM

Authentication Center (AUC)

Protects against intruders in air interface


Maintains authentication keys and algorithms and provides security
triplets ( RAND,SRES,Kc)
Generally associated with HLR

Equipment Identity Register (EIR)

- Database that is used to track handsets using the IMEI

(International Mobile Equipment Identity)


Made up of three sub-classes: The White List, The Black List and the
Gray List
Only one EIR per PLMN

GSM SPECIFICATIONS-1
RF

Spectrum
GSM 900
Mobile to BTS (uplink): 890-915 Mhz
BTS to Mobile(downlink):935-960 Mhz
Bandwidth : 2* 25 Mhz
GSM 1800
Mobile to BTS (uplink): 1710-1785 Mhz
BTS to Mobile(downlink) 1805-1880 Mhz
Bandwidth : 2* 75 Mhz

GSM SPECIFICATION-II
Carrier Separation : 200 Khz
Duplex Distance
: 45 Mhz
No. of RF carriers : 124
Access Method
: TDMA/FDMA
Modulation Method : GMSK
Modulation data rate : 270.833 Kbps

Speech
GSM OPERATION

Speech

Speech decoding

Speech coding
13 Kbps
Channel Coding

Channel decoding

22.8 Kbps
Interleaving

De-interleaving

22.8 Kbps
Burst Formatting

Burst Formatting

33.6 Kbps
Ciphering
33.6 Kbps
Modulation

De-ciphering
Radio Interface
270.83 Kbps

Demodulation

PHYSICAL CHANNEL

GSM-FRAME STRUCTURE

LOGICAL CHANNELS
TCH
(traffic)

Speech

Half rate 11.4kbps


Full rate 22.8kbps

Data

BCH

2.4 kbps
4.8 kbps
9.6 kbps
FCCH(Frequency correction)
SCH(Synchronization)

CCCH
CCH
(control)

PCH(Paging)
RACH(Random Access)
AGCH(Access Grant)

Dedicated

SDCCH(Stand Alone)
SACCH(Slow-associated)
FACCH(Fast-associated)

CALL ROUTING
Call Originating from MS
Call termination to MS

OUTGOING CALL
MS sends dialled number to
BSS
2.
BSS sends dialled number to
MSC
3,4 MSC checks VLR if MS is
allowed the requested service.If
so,MSC asks BSS to allocate
resources for call.
5
MSC routes the call to GMSC
6
GMSC routes the call to local
exchange of called user
7, 8,
9,10 Answer back(ring back) tone
is routed from called user to MS
via GMSC,MSC,BSS
1.

INCOMING
CALL

1. Calling a GSM
subscribers
2. Forwarding call to
GSMC
3. Signal Setup to HLR
4. 5. Request MSRN
from VLR
6. Forward responsible
MSC to GMSC
7. Forward Call to
current MSC
8. 9. Get current status
of MS
10.11. Paging of MS
12.13. MS answers
14.15. Security checks
16.17. Set up connection

HANDOVERS

Between 1 and 2
Inter BTS / Intra BSC
Between 1 and 3
Inter BSC/ Intra MSC
Between 1 and 4
Inter MSC

SECURITY IN GSM
On air interface, GSM uses encryption and TMSI
instead of IMSI.
SIM is provided 4-8 digit PIN to validate the
ownership of SIM
3 algorithms are specified :
- A3 algorithm for authentication
- A5 algorithm for encryption
- A8 algorithm for key generation

AUTHENTICATION IN GSM

KEY GENERATION AND


ENCRYPTION

CHARACTERISTICS OF GSM
STANDARD
Fully digital system using 900,1800 MHz frequency
band.
TDMA over radio carriers(200 KHz carrier spacing.
8 full rate or 16 half rate TDMA channels per carrier.
User/terminal authentication for fraud control.
Encryption of speech and data transmission over the
radio path.
Full international roaming capability.
Low speed data services (upto 9.6 Kb/s).
Compatibility with ISDN.
Support of Short Message Service (SMS).

ADVANTAGES OF GSM OVER


ANALOG SYSTEM
Capacity increases
Reduced RF transmission power and longer
battery life.
International roaming capability.
Better security against fraud (through terminal
validation and user authentication).
Encryption capability for information security
and privacy.
Compatibility with ISDN,leading to wider range
of services

GSM APPLICATIONS
Mobile telephony
GSM-R
Telemetry System
- Fleet management
- Automatic meter reading
- Toll Collection
- Remote control and fault reporting of DG sets
Value Added Services

FUTURE OF GSM

2nd Generation
GSM -9.6 Kbps (data rate)

2.5 Generation ( Future of GSM)


HSCSD (High Speed ckt Switched data)

GPRS (General Packet Radio service)

Data rate: 14.4 - 115.2 Kbps

EDGE (Enhanced data rate for GSM Evolution)

Data rate : 76.8 Kbps (9.6 x 8 kbps)

Data rate: 547.2 Kbps (max)

3 Generation
WCDMA(Wide band CDMA)

Data rate : 0.348 2.0 Mbps

SEMINAR ON GPS

WHY DO WE NEED GPS?

Trying to figure out where you are


is probable mans oldest pastime.
Finally US Dept of Defense
decided to form a worldwide
positioning system.
Also known as NAVSTAR
( Navigation Satellite Timing and
Ranging Global positioning
system) provides instantaneous
position, velocity and time
information.

COMPONENTS OF THE GPS

G PS
S pace S egm ent

C o n tro l S e g m e n t

U ser S egm ent

SPACE SEGMENT:
24

GPS space
vehicles(SVs).
Satellites orbit the
earth in 12 hrs.
6 orbital planes
inclined at 55
degrees with the
equator.
This constellation
provides 5 to 8 SVs
from any point on the
earth.

CONTROL SEGMENT:

The control segment comprises of 5 stations.


They measure the distances of the overhead
satellites every 1.5 seconds and send the corrected
data to Master control.
Here the satellite orbit, clock performance and
health of the satellite are determined and
determines whether repositioning is required.
This information is sent to the three uplink stations

USER SEGMENT:

It consists of receivers that decode the signals


from the satellites.
The receiver performs following tasks:
Selecting

one or more satellites


Acquiring GPS signals
Measuring and tracking
Recovering navigation data

USER SEGMENT:
There are two services SPS and PPS
The Standard Positioning Service

SPS-

is position accuracy based on GPS measurements


on single L1 frequency C/A code
C/A ( coarse /acquisition or clear/access) GPs code
sequence of 1023 pseudo random bi phase modulation
on L1 freq

USER SEGMENT:

The Precise Position Service


PPS

is the highest level of dynamic positioning based


on the dual freq P-code
The P-code is a very long pseudo-random bi phase
modulation on the GPS carrier which does not repeat
for 267 days
Only authorized users, this consists of SPS signal
plus the P code on L1 and L2 and carrier phase
measurement on L2

CROSS CORRELATION
Anti-

spoofing denies the P code by mixing


with a W-code to produce Y code which
can be decoded only by user having a key.
What about SPS users?
They

use cross correlation which uses the fact


that the y code are the same on both
frequencies
By correlating the 2 incoming y codes on L1
and L2 the difference in time can be
ascertained
This delay is added to L1 and results in the
pseudorange which contain the same info as
the actual P code on L2

GPS SATELLITE SIGNAL:


L1

freq. (1575.42 Mhz) carries the SPS


code and the navigation message.
L2 freq. (1227.60 Mhz) used to measure
ionosphere delays by PPS receivers
3 binary code shift L1 and/or L2 carrier
phase
The

C/A code
The P code
The Navigation message which is a 50 Hz
signal consisting of GPs satellite orbits . Clock
correction and other system parameters

HOW DOES THE GPS WORK?


Requirements
Triangulation from satellite
Distance measurement through travel time of
radio signals
Very accurate timing required
To measure distance the location of the satellite
should also be known
Finally delays have to be corrected

TRIANGULATION
Position

is calculated
from distance
measurement
Mathematically we
need four satellites
but three are
sufficient by
rejecting the
ridiculous answer

MEASURING DISTANCE
Distance to a satellite is determined by
measuring how long a radio signal takes to reach
us from the satellite
Assuming the satellite and receiver clocks are
sync. The delay of the code in the receiver
multiplied by the speed of light gives us the
distance

GETTING PERFECT TIMING


If the clocks are perfect sync the satellite range
will intersect at a single point.
But if imperfect the four satellite will not
intersect at the same point.
The receiver looks for a common correction that
will make all the satellite intersect at the same
point

ERROR SOURCES
95% due to hardware ,environment and
atmosphere
Intentional signal degradation

Selective

availability
Anti spoofing

SELECTIVE AVAILABITY

Two components
Dither

:
manipulation of the satellite clock freq

Epsilon:

errors imposed within the ephemeris data sent in the


broadcast message

ANTI SPOOFING
Here the P code is made un gettable by
converting it into the Y code.
This problem is over come by cross correlation

ERRORS
Satellite
Errors

errors

in modeling clock offset


Errors in Keplerian representation of ephemeris
Latency in tracking

Atmospheric
Through

propagation errors

the ionosphere,carrier experiences


phase advance and the code experiences group
delay
Dependent on
Geomagnetic latitude
Time of the day
Elevation of the satellite

ERRORS

Atmospheric errors can be removed by


Dual

freq measurement
low freq get refracted more than high freq
thus by comparing delays of L1 and L2 errors can be
eliminated

Single freq users model the effects of the


ionosphere

ERRORS
Troposphere causes delays in code and carrier
But they arent freq dependent
But the errors are successfully modeled
Errors due to Multipath
Receiver noise

ERRORS
Forces

on the GPS satellite

Earth

is not a perfect sphere and hence uneven


gravitational potential distribution
Other heavenly bodies attract the satellite,but
these are very well modeled
Not a perfect vacuum hence drag but it is
negligible at GPS orbits
Solar radiation effects which depends on the
surface reflectivity,luminosity of the
sun,distance of to the sun. this error is the
largest unknown errors source

ERRORS DUE TO GEOMETRY


Poor

GDOP

When

angles from
the receiver to the
SVs used are
similar

Good

GDOP

When

the angles are


different

DGPS
Errors in one position
are similar to a local
area
High performance GPS
receiver at a known
location.
Computes errors in the
satellite info
Transmit this info in
RTCM-SC 104 format to
the remote GPS

REQUIREMENTS FOR A DGPS


Reference station:
Transmitter

Operates

DGPS correction receiver


Serial

in the 300khz range

RTCM-SC 104 format

GPS receiver

DGPS
Data

Links

Land

Links

MF,LF,UHF/VHF freq used


Radiolocations,local FM, cellular telephones and
marine radio beacons

Satellite

links

DGPS corrections on the L band of geostaionary


satellites
Corrections are determined from a network of
reference Base stations which are monitored by
control centers like OmniSTAR and skyFix

RTCM-SC 104 FORMAT


DGPS

operators must follow the RTCM-SC


104 format
64 messages in which 21 are defined
Type 1 contains pseudo ranges and range
corrections,issue of data ephemeris
(IODE)and user differential range
error(URDE)
The IODE allows the mobile station to
identify the satellite navigation used by the
reference station.
UDRE is the differential error determined
by the mobile station

DGPS

DGPS gives accuracy of 3-5 meters,while GPS


gives accuracy of around 15-20 mts
Removes the problem associated with SA.

SEMINAR ON GPS

Part II

Programming Of GPS

(Rockwell Jupiter GPS Receiver)

FEATURES:

12 parallel satellite tracking channels


Supports NMEA-0183 data protocol & Binary data
protocol.
Direct, differential RTCM SC 104 data capability
Static navigation improvements to minimize wander
due to SA
Active or Passive antenna to lower cost
Max accuracy achievable by SPS
Enhanced TTFF when in Keep Alive power condition.
Auto altitude hold mode from 3D to 2D navigation
Maximum operational flexibility and configurable via
user commands.
Standard 2x10 I/O connector
User selectable satellites

SATELLITE ACQUISITION
Jupiter

GPS has 4 types of signal


acquisition
Warm

Start..SRAM
Initialized start.EEPROM
Cold Start
Frozen Start

NAVIGATION MODES
3D

Navigation

2D

Navigation

At

least 4 satellites
Computes latitude, longitude,altitude and time
Less

DGPS

than 4 satellites or fixed altitude is given

Navigation

Differential

corrections are available through


the auxiliary serial port
Must be in RTCM compliant

I/O INTERFACE OF JUPITER


Pins

for powering GPS and Active antenna


Two message formats NMEA and Binary
Pin

Two

7 should be made high or low accordingly

serial port

One

is I/O.GPS data (Rx,Tx,Gnd)


Only input.RTCM format differential
corrections (Rx,Gnd)

Master

reset pin(active low)


Pin to provide battery backup

SELECTION O F MODE
NMEA ROM
Result
Protocol Default
NMEA format, 4800bps 8N1
0
0
0

NMEA format, initial values


from SRAM or EEPROM

Binary format,9600 8N1


From ROM

Data from SRAM or


EEPROM

SERIAL DATA I/O INTERFACE


Binary message format and NMEA format
Binary message format

Header

portion (compulsory)
Data portion (optional)

BINARY MESSAGE FORMAT


HEADER FORMAT

1000 0001
1111 1111
M
L M
L
Message ID
Data word count
DCL0 QRAN
Header checksum

BINARY MESSAGES

Example of binary messages:

Aim: To disable the pinning feature


Status of pinning is seen in User setting Output(Msg
ID 1012) O/P message
Pinning is controlled using Nav configuration
(Msg ID 1221) I/P message

BINARY MESSAGES
I/p

to the GPS to see the status of pinning


Header format 81 ff sync word
03 f4 Msg ID
00 00 data count
48 00 query bit set
32 0d check sum

In response to this the GPS outputs User settings output


message. (least significant byte first)
ff81 f403 1000 0048 ---- ---- ---- ---- 0000 ---- ---The 5th bit in the 9th word of the above msg gives the
status of pinning

BINARY MESSAGE
I/p

message to change status of pinning


In the header

Msg Id becomes 04 C5 (nav configuration )

Here

the message also includes a data


portion.
2nd

bit of the 7th word in the data portion is set to


1 to disable the pinning
The header checksum and data check sum must
be correct for the message to be valid.

Whether

pining is disabled can be checked


by sending the previous msg again. Now
ff81 f403 1000 0048 ---- ---- ---- ---- 7800 ---- ----

NMEA MESSAGES
These

are standardized sentences used in


context with the GPS
Examples: O/P statements
GGA:

GPS fix Data


GSA: GPS DOP and active satellite
GSV: GPS Satellite in view
RMC: recommended min GPS data

I/P

messages

IBIT

Built In test command


ILOG log control
INIT Initialization
IPRO Proprietary protocol

NMEA MESSAGES
Sample Message

$GPRMC,185203,A,1907.8900,N,07533.5546,E,0.00,121.7,221101,13.8,
E*55
$ Start

of sentence
Type of sentence
UTC
Validity
Latitude & orientation
Longitude & orientation
Speed
Heading
Date
Magnetic variation and orientation
Checksum (followed by <CR> and <LF> )

CONNECTIONS WITH THE GPS


The signals available at the serial pins of the
GPS are TTL level.
To read the GPS output on Hyper terminal, the
TTL signal is converted into RS 232 using a Max
232 IC
The input messages are sent to the GPS using a
simple C code

RFID

RFID:

R : Radio
F : Frequency
ID : Identification

WHAT IS RFID???

RFID = Radio Frequency IDentification.


An ADC (Automated Data Collection) technology
that:
uses

radio-frequency waves to transfer data between a


reader and a movable item to identify, categorize,
track..

Is

fast and does not require physical sight or contact


between reader/scanner and the tagged item.
Performs the operation using low cost components.
Attempts to provide unique identification and backend
integration that allows for wide range of applications.

Other ADC technologies: Bar codes, OCR.

Ethernet

RFID SYSTEM COMPONENTS

RFID
Reader

RFID Tag

RF Antenna

Network

Workstation

RFID TAGS:
Tags

can be attached to almost anything:

Items, cases or pallets of products, high value goods


vehicles, assets, livestock or personnel

Passive Tags

Do not require power Draws from Interrogator Field


Lower storage capacities (few bits to 1 KB)
Shorter read ranges (4 inches to 15 feet)
Usually Write-Once-Read-Many/Read-Only tags
Cost around 25 cents to few dollars

Active Tags

Battery powered
Higher storage capacities (512 KB)
Longer read range (300 feet)
Typically can be re-written by RF Interrogators
Cost around 50 to 250 dollars

TAG BLOCK DIAGRAM


Antenn
a
Power
Supply
Tx Modulator

Control Logic
(Finite State
machine)

Rx
Demodula
tor
Tag Integrated Circuit (IC)

Memory
Cells

SOME RFID TAGS

RFID 2005

IIT Bombay

315

Source: www.rfidprivacy.org

RFID TAG MEMORY

Read-only tags

Tag ID is assigned at the factory during manufacturing


Can never be changed
No additional data can be assigned to the tag

Write once, read many (WORM) tags

Data written once, e.g., during packing or


manufacturing
Tag is locked once data is written
Similar to a compact disc or DVD

Read/Write

Tag data can be changed over time

Part or all of the data section can be locked

RFID READERS

Reader functions:

Remotely power tags


Establish a bidirectional data link
Inventory tags, filter results
Communicate with networked server(s)
Can read 100-300 tags per second

Readers (interrogators) can be at a fixed point


such as
Entrance/exit
Point of sale

Readers can also be mobile/hand-held

SOME RFID READERS

RFID

318

RFID APPLICATIONS

Manufacturing and Processing

Inventory and production process monitoring


Warehouse order fulfillment

Supply Chain Management


Inventory tracking systems
Logistics management

Retail

Inventory control and customer insight


Auto checkout with reverse logistics

Security

Access control
Counterfeiting and Theft control/prevention

Location Tracking

Traffic movement control and parking management


Wildlife/Livestock monitoring and tracking

RFID DEPLOYMENT CHALLENGES

Manage System costs


Choose the right hardware
Choose the right integration path
Choose the right data infrastructure
Handle Material matters
RF Tagging of produced objects
Designing layouts for RF Interrogators
Tag Identification Scheme Incompatibilities
Which standard to follow?
Operating Frequency Variances
Low Frequency or High Frequency or Ultra High Frequency
Business Process Redesign
New processes will be introduced
Existing processes will be re-defined
Training of HR
Cost-ROI sharing

RFID SUMMARY:
Strengths

Advanced technology
Easy to use
High memory capacity
Small size

Weaknesses
Lack of industry and application standards
High cost per unit and high RFID system integration costs
Weak market understanding of the benefits of RFID technology

Opportunities
Could replace the bar code
End-user demand for RFID systems is increasing
Huge market potential in many businesses

Threats

Ethical threats concerning privacy life


Highly fragmented competitive environment

SMART CARDS
TECHNOLOGY

AGENDA
Machine readable plastic cards
What are smart cards
Security mechanisms
Applications
SCOSTA experience
Indian Driving License application

Introduction
A smart card, chip card, or
integrated circuit card (ICC),
is any pocket-sized card with
embedded integrated circuits which
can process data or Memory

PLASTIC CARDS
Visual

identity application

Plain

plastic card is enough

Magnetic

Visual

strip (e.g. credit cards)

data also available in machine readable

form
No security of data

Electronic

Machine

memory cards

readable data
Some security (vendor specific)

SMART CARDS
Processor

cards (and therefore memory too)


Credit card size
With

Cards

or without contacts.

have an operating system too.


The OS provides
A

standard way of interchanging information


An interpretation of the commands and data.

Cards

must interface to a computer or


terminal through a standard card reader.

SMART CARDS DEVICES

VCC
Reset
Clock
Reserved

GND
VPP
I/O

WHATS IN A CARD?

RFU

CL
K

RST
Vcc

GND
RFU
Vpp
I/O

TYPICAL CONFIGURATIONS
256

bytes to 4KB RAM.


8KB to 32KB ROM.
1KB to 32KB EEPROM.
Crypto-coprocessors (implementing 3DES,
RSA etc., in hardware) are optional.
8-bit to 16-bit CPU. 8051 based designs are
common.
The price of a mid-level chip when produced in
bulk is less than US$1.

SMART CARD READERS

Computer based readers


Connect through USB or
COM (Serial) ports

Dedicated terminals
Usually with a small screen,
keypad, printer, often also
have biometric devices such
as thumb print scanner.

TERMINAL/PC CARD INTERACTION


The terminal/PC sends commands to the card
(through the serial line).
The card executes the command and sends back
the reply.
The terminal/PC cannot directly access memory
of the card

data

in the card is protected from unauthorized


access. This is what makes the card smart.

COMMUNICATION MECHANISMS

Communication between smart card and reader is


standardized
ISO 7816 standard
Commands are initiated by the terminal
Interpreted by the card OS
Card state is updated
Response is given by the card.
Commands have the following structure
CLA

INS

P1

P2

Lc

1..Lc

Le

Response from the card include 1..Le bytes followed by


Response Code

SECURITY MECHANISMS

Password
Card

holders protection

Cryptographic challenge Response


Entity

authentication

Biometric information
Persons

identification

A combination of one or more

PASSWORD VERIFICATION
Terminal asks the user to provide a password.
Password is sent to Card for verification.
Scheme can be used to permit user
authentication.

Not

a person identification scheme

CRYPTOGRAPHIC VERIFICATION
Terminal

verify card (INTERNAL AUTH)

Terminal

sends a random number to card to be


hashed or encrypted using a key.
Card provides the hash or cyphertext.

Terminal

can know that the card is


authentic.
Card needs to verify (EXTERNAL AUTH)
Terminal

asks for a challenge and sends the


response to card to verify
Card thus know that terminal is authentic.

Primarily

for the Entity Authentication

BIOMETRIC TECHNIQUES

Finger print identification.


Features

of finger prints can be kept on the card


(even verified on the card)

Photograph/IRIS pattern etc.


Such

information is to be verified by a person. The


information can be stored in the card securely.

DATA STORAGE
Data is stored in smart cards in E2PROM

Card

OS provides a file structure mechanism

MF
DF

DF
EF

DF
EF

EF

EF

EF

File types
Binary file
(unstructured)
Fixed size record file
Variable size record
file

FILE NAMING AND SELECTION

Each files has a 2 byte file ID and an optional 5-bit


SFID (both unique within a DF). DFs may optionally
have (globally unique) 16 byte name.
OS keeps tack of a current DF and a current EF.
Current DF or EF can be changed using SELECT
FILE command. Target file specified as either:
DF name
File ID
SFID
Relative or absolute path (sequence of File IDs).
Parent DF

BASIC FILE RELATED COMMANDS


Commands

for file creation, deletion etc., File


size and security attributes specified at
creation time.
Commands for reading, writing, appending
records, updating etc.
Commands

work on the current EF.


Execution only if security conditions are met.

Each

file has a life cycle status indicator


(LCSI), one of: created, initialized, activated,
deactivated, terminated.

ACCESS CONTROL ON THE FILES

Applications may specify the access controls


A

password (PIN) on the MF selection


For example SIM password in mobiles

Multiple

passwords can be used and levels of security


access may be given

Applications may also use cryptographic


authentication

AN EXAMPLE SCENARIO
(INSTITUTE ID CARD)
Select: P2
verification
MF

EF1 (personal data)


Name: Rajat Moona
PF/Roll: 2345
EF2 (Address)
#320, CSE (off)
475, IIT (Res)

EF3 (password)
EF3 (password)
P1 (User password)
P1 (User password)
P2 (sys password)

EF4 (keys)
K1 (DOSAs key)
K2 (DOFAs key)
K3 (Registrars key)

Read: Never
Write: Password
Verification (P1)

Read: Free
Write: upon
verification by K1, K2
or K3
Read: Free
Write: Password
Verification (P1)

Se
re

EF

Sh
by
DO

Re

EF

Ca
ab
W

fo
Read: Never
Write: Once

So
pa

So
DO
m

So

AN EXAMPLE SCENARIO
(INSTITUTE ID CARD)

Library
its own
under

EF1 (personal data)


MF

EF2 (Address)
EF3 (password)
EF4 (keys)

DF1 (Lib)
EF1 (Issue record)
Bk# dt issue dt retn
Bk# dt issue dt retn
Bk# dt issue dt retn
Bk# dt issue dt retn

Institu
its key
under

EF2 (Privilege info)


Max Duration: 20 days
Max Books: 10
Reserve Collection: Yes
Modifiable: By
issue staff. Read
all

Modifiable: By Thus l
admin staff. Read:
develo
all

EF3: Keys
K1: Issue staff key
K2: Admin staff key

applic
indepe
rest.

HOW DOES IT ALL WORK?


Card is inserted in the
terminal
ATR negotiations take place
to set up data transfer
speeds, capability
negotiations etc.
Terminal sends first
command to select MF
Terminal prompts the user to
provide password
Terminal sends password for
verification
Terminal sends command to
select MF again
Terminal sends command to read
EF1

Card gets power. OS boots


up. Sends ATR (Answer to
reset)

Card responds with an error


(because MF selection is only
on password presentation)
Card verifies P2. Stores a
status P2 Verified.
Responds
OKOK
Card responds
Card supplies personal data and
responds OK

ANOTHER APPLICATION SCENARIO


Terminal with
two card
readers
Bankers card

Application
software runs
here

1. Authenticate user to bank


officer card:
1a. Get challenge from
banker card.
Users card 1b. Obtain response for the
challenge from passport
(IAUTH).
1c. Validate response with
officer card (EAUTH)
2. Authenticate officer card
to passport.
3. Transfer money to the
users card

The terminal itself does not store any keys, its the two cards that
really authenticate each other. The terminal just facilitates the
process.

STATUS OF SMART CARD


DEPLOYMENTS

Famous Gujarat Dairy card


Primarily an ID card
GSM cards (SIM cards for mobiles)
Phone book etc. + authentication.
Cards for credit card applications.
By 2007 end all credit cards will be smart.
EMV standard
Card for e-purse applications
Bank cards
Card technology has advanced
Contactless smart cards,
32-bit processors and bigger memories
JAVA cards

CURRENT STATE
DL/RC are being issued in Calcutta, Delhi on
SCOSTA cards (pilot basis)
Governments such as Jharkhand, Maharastra,
Gujarat, WB have already started the process
rolling.
Various other states will follow.

DAY 21
KIT EXPLANATION