“Reverse Engineering a passive UHF RFID Tag” was a tutorial given at IEEE RFID 2016. The talk was motivated by the fact that the EPC Gen2 protocol is available publicly, but the ISO-18000 documents are not. The tutorial is “mostly correct” technically; however, the audience was expected to be mostly RF/Radar people, the talk is very light on the circuit details. There are several errors on the OTA slides due to poor copying; so, caveat lector, if it the schematic looks wrong: it is. The table for the 130 process also has “um” where I should have had “nm”. 03 MAY 2016 Brian Degnan http://users.ece.gatech.edu/~degs
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
“Reverse Engineering a passive UHF RFID Tag” was a tutorial given at IEEE RFID 2016. The talk was motivated by the fact that the EPC Gen2 protocol is available publicly, but the ISO-18000 documents are not. The tutorial is “mostly correct” technically; however, the audience was expected to be mostly RF/Radar people, the talk is very light on the circuit details.
There are several errors on the OTA slides due to poor copying; so, caveat lector, if it the schematic looks wrong: it is. The table for the 130 process also has “um” where I should have had “nm”.
03 MAY 2016Brian Degnanhttp://users.ece.gatech.edu/~degs
ReverseEngineeringapassiveUHFRFIDTag
Whynot?
BrianDegnan,Ph.D.
What’sthisabout?
• AparAalimplem
entaAonGen2forUHFRFID
• Whytheelectronicsideisrelevant.
• Components(sam
ebutdifferent)• System
componentsandbounding
theproblem
• CircuitintuiAon
TheTagSystem
• Gen2:860MHz-960M
Hzsub40kHz-640kHz• PassivelyPow
ered~20ktransistors
gSystematalink
Why
other?• IhaveW
ISPs!• Icanjustputaba\eryonit.• IcannottaketheAm
etodesignfrom
scratch• Rem
ovalofconstraintsopensinnovaAon
EnergyStorage• 1000J~1m
^2sunlightsecondsecond
• 100Jreleasedfrom
ahuman
persecond• U
SAuses4W
EIRP
MooreM
oreMooreLess
AssumpAons:
--Transistorsscaling--Processingpow
ercorrelatestotransistors
Moore’soriginalgraph.
Degnanetal,AssessingTrendsinPerform
anceperWa\forSignalProcessingApplicaAons
TVLSI2014
Howthingsusedtobe.
Advantages
• SuperiorPowerPerform
ance• SuperiorProcessingPow
er
A130nmProcess
eviceReview:
ransistor
• MOSFETisoneofm
anydevices.• Voltagecontrolledcurrentsource• Theinputlookslikeacapacitor• M
ulApleoperaAngregimes
• Mathem
aAcsandphysicsaresimple,but
realityisterrible.
TransistorSymbols
nFET@130nm
• SubVth
• AboveVthGraph:65nmnFETgatesw
eepfromIBM
’s65nmadverAsem
ents.
CompactEKVM
odel
Boundingaprocess
Diodes
DiodeConnectedMOSFET
LinearCapacitor
• Linearityisexcellent• Frequencyresponseisexcellent• ChargeDensityisLow
DepleAonCapacitor
• Linearityisvariable• Frequencyresponseisvariable• ChargeDensityisexcellent
(n)MOSC-Vcurveox
C
depC
Depletion
oxC
Inversion
max
,m
in,
min
, min
,m
in
w
here
d
Sidep
depox
depox
XC
CC
CC
C
ε≡
+=
ox oxox
tC
ε≡
d Sidep
XC
ε≡
Systemesign
• HarvestEnergy• Createastablepow
ersupply• ResettheSystem
• Decodetheincom
ingdatastream
• Respondtothedecodeddata
Gen2Protocol
Gen2Waveform
Exam
ple Tag 0.5mm
2Tag:Digital~30%
EEPRO
M~20%
RF+DCreg~20%
Others(RN
G,ChargePum
p,supportfuncAons):30%
Barnetetal,APassiveU
HFRFIDtransponderforEPCGen2in0.13umCM
OS(TI
sgen2tag)ISSCC2007
EnergyHarvesAng
nergyarvesAng
• Num
berofstages• ReceivedEnergy• CurrentLoad• EtCetera
Wuetal,
MOSChargePum
psforLow-VoltageO
peraAonJSSCC1998
owerRegulator
DigitalPOR
emodulaAon
DataExtracAon
PRNG
• SRAMIniAalState
• ThermalN
oise• O
scillatorSampling
OscillatorSam
pling
ModulatedResponse
QuesAons?
Related Documents
