HK1078161B - Contactless proximity automated data collection system and method - Google Patents

Description

Contactless proximity automated data collection system and method

This application is a divisional application of an invention patent application entitled "contactless proximity automated data collection system and method" filed as international application No. 98809250.6, 17/9/1998.

Related application

This is a partial continuous application of U.S. patent application No. 08/825,940, filed on 1/4/1997, currently pending, which claims priority to U.S. provisional patent application No. 60/014, 444, filed on 1/4/1996.

Background

Technical Field

The present invention generally relates to data/information collection systems and methods. More particularly, the present invention relates to a near-contactless automated data/information collection system and method.

Description of the related Art

In recent years, transactions involving individuals based on the amount and frequency of fees and/or information have increased tremendously. As a result of this increased trading, paper throughput and the time spent participating in and processing these trades has also increased. Proximity card technology has been used effectively to reduce waste by eliminating the use of paper and plastic in certain transactions, and to improve transaction efficiency by reducing the time it takes to engage and process these transactions.

Proximity card technology (proximity card technology) may be advantageously used in a wide variety of applications. One interesting application is in the replacement of small ticket/cash transactions. Around 80% (2250 billion) of cash transactions are under $ 20 worldwide. In many such instances, proximity cards are used in place of cash by allowing individuals to deduct money from their card while they are shopping, or add money back to their card for legitimate remuneration. Other applications include, but are not limited to, the card as a driver's license, with all relevant driving experiences stored thereon; as passports storing visa information; as a health card, the complete medical record and insurance information are stored; or as a telephone or public transportation card with a prepaid amount of money, the amount of money is deducted from the card by using the service. Indeed, proximity card technology may be used for any transaction involving the exchange of data/information between individuals and institutions.

Proximity card technology has been used effectively in public transportation systems. This system was developed by the current assignee of this patent application, Cubic Corporation, and is disclosed in International patent application PCT/US92/08892 entitled "contactless automatic toll Collection System" filed on 10/19 of 1992 and published on 5/13 of 1993 with International publication number WO 93/09516.

In this system, the proximity card holds a billing value representing the amount of money the proximity card holder can use. This value is either automatically deducted from the proximity card according to a viable traffic billing plan or credited in exchange for a positive reward. Waste is reduced by discarding disposable paper and plastic tickets. The increase in transaction speed enhances the throughput efficiency of the system. Typical proximity card transactions are approximately 7 times faster than the time required for a paper ticket to be delivered through a standard machine. Also, passengers do not need to waste time finding and removing cards from personal storage areas such as purses or wallets, as the data is transmitted via radio frequency ("RF") fields. Thus, no physical, or even visible, contact is required between the proximity card and the target (reader/writer device).

One display system (generally applying the principles of the PTC/US92/08892 application) is currently working in the mass transit system of the washington subway region mass transit authority (WMATA) for rail services, ground transportation (buses) and parking lots. In the WMATA system in use at present, fixed CARD-walking (GO CARD)^®) The fare data is transmitted between the system terminals through the radio frequency field, the card-passing system terminal is called a Target (Target) and the proximity card is called a label (Tag).

A fixed card-reading system terminal includes a target and a host (i.e., control computer). The target comprises a modulator/demodulator and an antenna designed to transmit, by means of a radio frequency field and with a carrier frequency of 13.56MHz, a message modulated on the carrier signal. During operation, the target emits a continuous radio frequency field that is designed to wake up a tag that enters the target's general proximity to respond. Once the tag is brought within range, the radio frequency transmission of the target provides power to the tag and the target sends out a message to wake up the tag. The tag wakes up and establishes an authenticated communication channel with the host through the target. The host may then interrogate the tag with the stored data and write the new data to the tag. After the transaction is completed, the tag is brought back to the sleep state (inactive state).

Disclosure of Invention

The present invention provides a system and method for significantly enhancing the overall performance of a contactless proximity automated data collection system, the system comprising: a tag, a target, and a host. In particular, the invention achieves the following advantages: such as increasing transaction speed, ensuring data integrity and confidentiality, reducing costs, and reducing power consumption in small tags.

The tag is a small thin card that is carried by an individual. The target is a radio frequency source that provides a communication link between the tag and the host controller.

One of the many features of the present invention is to resolve conflicts. In operation, one or more tags may simultaneously attempt to communicate with a target. The present invention prevents the problem of communication collisions that occur when two objects enter an RF (radio frequency) field simultaneously. Each time the target receives the first response from the tag, it checks whether the response has the correct message format. The first response is designed such that interference of two or more targets is likely to result in an incorrect message format. When an incorrect message format is received, the target signals the tag that the message is invalid and the tag will fall back to try again at a later time. In the rare case where one tag is present and the target does not detect a collision, the host performs a second level collision check that truly ensures that two or more tags are prevented from accessing the same target at the same time.

Another feature of the present invention is an improved label structure that reduces transaction time between the label and the target while providing a low cost label that is extremely thin and requires less power consumption. For example, the present invention facilitates a secure public transportation transaction in approximately 50 milliseconds (ms), which is approximately 20% of the transaction time typically required by conventional contactless proximity automated data collection systems.

In particular, the present invention uses serial data streaming technology and variable speed clocking for tags. For example, the present invention uses a serial rather than parallel approach to moving data to the tag to save significant chip area. In addition, the present invention uses a dynamic timing system for the tags. A low speed clock is used to communicate with the target. However, within the tag itself, high speed clocks are used to transfer and process data and messages.

In addition, the present invention employs one or more Linear Feedback Shift Registers (LFSRs) to facilitate the functionality of the tag, which greatly reduces the complexity of the circuitry, thus increasing the speed, flexibility and reliability of the tag.

Another important feature of the present invention is the robust design of the tag data memory. The present invention employs a Ferroelectric Random Access Memory (FRAM) to store data, thereby increasing transaction speed, reducing power consumption, and increasing data reliability. For example, the present invention completes a write access to a tag in 1 microsecond (μ s), which is about 10ms unlike a conventional Electrically Erasable Programmable Read Only Memory (EEPROM) based system. In addition, the write current requirements for FRAM are much lower than for EEPROM. In addition, FRAMs can typically operate for more than 1000 billion read or write cycles, compared to about 100 million in EEPROMs.

Another inventive feature is a tag data buffering technique for ensuring data integrity. The data memory includes 4 page buffers (64 bytes) for input data. Only after each page is verified is the data written from the buffer to its final destination, so prematurely removing the tag from the field will not result in writing only a portion of the message.

The tag of the present invention also provides enhanced security features. The tag provides two levels of security: message authentication and limited memory access. Message authentication will be discussed in detail below. Limited memory access to the tag ensures that only an authorized host can read or write to a given memory cell. This is done by using key distribution. Each block of the tag memory has a pair of keys (read and write) and the host can only access a particular block if it sends information about the required keys with each read and write message. Yet another feature of the present invention is its structural flexibility. For example, error correction and encryption are readily added to embodiments of the present invention.

Still another feature of the present invention is a tag analog power protection circuit. The tag prevents the fabricated silicon device from breaking down in fluctuations in the radio frequency field (inherent to all silicon chip devices) while allowing the tag to receive an amplitude modulated signal (AM) from the target. In particular, the invention features a clamp circuit that is fast enough to react to radio frequency switching conditions and AM (amplitude modulated) signals on a radio frequency carrier. The clamping eliminates AM voltage fluctuations on the rectified carrier, however, the clamping control signal comprises an AM signal and may use the control signal as an AM signal for an ASIC (application specific integrated circuit) receiver circuit.

Another advantage of the clamping technique is that the clamping voltage can be determined correctly and can be set just below the ASIC breakdown voltage, allowing the ASIC to be manufactured with a smaller geometry and lower breakdown process.

The above and other features and advantages of the present invention will become more fully apparent from the following more detailed description of the preferred embodiments of the invention, the accompanying drawings and the appended claims.

Brief description of the drawings

FIG. 1 is a high-level block diagram illustrating a contactless proximity automated data collection system in accordance with the principles of the present invention.

Fig. 2 is a high-level block diagram of an object.

Fig. 3 is a high-level block diagram of a tag.

FIG. 4A illustrates a typical host-target message exchange.

Fig. 4B illustrates a typical object-tag message exchange.

Fig. 4C illustrates a typical host-label message exchange.

Fig. 5A shows a single tag attempting to communicate with a target.

Fig. 5B illustrates two or more tags attempting to communicate with a target.

FIG. 6A illustrates a conflict resolution protocol scenario for the scenario depicted in FIG. 5A.

FIG. 6B illustrates a conflict resolution protocol scenario for the scenario depicted in FIG. 5B.

FIG. 7A illustrates a conflict resolution protocol for a target state machine.

FIG. 7B shows a flow chart of high level control over tags.

Fig. 8 is a detailed signal diagram showing the relationship between the tag analog subsystem and the tag digital subsystem.

Fig. 9 is a block diagram of the tag digital subsystem.

FIG. 10 is a detailed schematic diagram of the status address register.

Fig. 11 shows a Very Long Instruction Word (VLIW).

FIG. 12 shows a memory map of a data memory.

Fig. 13 is a detailed block diagram of the tag emulation subsystem.

FIG. 14 is a detailed schematic diagram of a tag emulation subsystem.

Detailed description of the preferred embodiments

Referring now to the drawings, there is illustrated a presently preferred embodiment of the invention. In the drawings, like numbering represents like elements. Also, in the figures, the left-most digit(s) of each reference number corresponds to the figure number in which the reference number is first used.

Although the present invention is described in an electronic toll collection system for rapid mass transit or toll collection applications, it will be clear to those skilled in the relevant art that the principles of the present invention have fairly broad applicability to other systems in which contactless access to information/data/messages may be exchanged, collected or otherwise used.

The improved objects and labels of the present invention may be advantageously used in a charging system like that described in international patent application PCT/US92/08892, entitled "contactless automatic charging system", filed on 19.10.1992, publication number WO93/09516, the contents of which are hereby incorporated by reference in their entirety. Therefore, only the features of the present invention which differ from the system described in WO93/09516 are described herein.

Overview of the System

FIG. 1 is a high-level block diagram illustrating a contactless proximity automated data collection system 100 in accordance with the principles of the present invention. System 100 includes a plurality of hosts 102, targets 104, and tags 106. As will be clear to those skilled in the art, the number of these devices is dependent on the application requirements.

Target 104 communicates with both host 102 and tag 106. The target 104 and the tag 106 communicate messages and data via radio frequency signals 110 and 112. In operation, target 104 responds to commands from host 102 and initially acts like a simple serial data pass through, bit rate conversion and collision resolution between host 102 and tag 104.

In this embodiment, the host 102 is located at the location of the vending machine. Alternatively, for this type of application, the host 102 is placed at a ticket vending machine at the entrance/exit of a train station. In general, the host 102 may be placed at a distance or near relative to the target 104. Host 102 communicates with target 104 via a standard RS-232 serial link 108, although any known link (e.g., an RS-422 link) may be used with the present invention.

In the preferred embodimentIn one example, the host 102 is based on Intel^®Pentium^®And operating Windows NT^®The computer system of (1). However, any powerful computer system (e.g., based on Intel) may be used^®Pentium^®Pro or Pentium^®II computer system) and operating systems (e.g., Microsoft (r) windows (r)^®Windows^®). For example, a dedicated controller using Motorola with a real-time operating system may be used^®68332 microprocessor or any other suitable microprocessor.

The host 102 includes a predetermined executable program (software or code) that can obtain application-specific functionality. These programs call CARCG GO CARD (supplied by Cubic Corporation) accordingly^®Functions within the subroutine library. The subroutine libraries provide the necessary control to facilitate low-level message and data input/output processing.

Fig. 2 is a block diagram illustrating a target 104 in accordance with the principles of the present invention. Target 104 includes antenna 200, modulator/demodulator 202, microcontroller 204, and RS-232 serial interface port 208. The microcontroller 204 receives a clock signal from a quartz crystal (not shown). In the present embodiment, the microcontroller 204 is a DS87C520 microcontroller available from Dallas Semiconductor, Inc.; interface port 208 is a RS-232 interface from Linear Technology, Inc.; the antenna 200 is a 3 μ Hy PC board coil available from various sources. However, any commercially available components may be used for these elements.

As with the host 102, the microcontroller 204 also resides with a predetermined program to facilitate the overall functionality of the target 104. That is, to implement the logic performed in the protocols discussed below with reference to FIGS. 4A-C, 6A-B, and 7A (including the conflict resolution protocol), the predetermined program is written in any known programming language in suitable code.

In general, host 102 controls and coordinates the exchange of messages/data between target 104 and tag 106. These exchanges are managed using a half-duplex communication protocol. The radio frequency signals 110 and 112 have a 13.56MHz carrier frequency according to the ISO/IEC14443 standard and are amplitude modulated at 115.2Kbps for data transmission. Those skilled in the relevant art will appreciate that the present invention may use other well-known protocols, transmission rates, and various modulation techniques.

In operation, the target 104 receives modulated tag messages/data on the radio frequency signal 112. The antenna 200 receives these messages/data and transmits them to the modulator/demodulator 202 via the interconnect 210 for demodulation. Each tag message/data is then transmitted to the microcontroller 204 via the interconnect 212 where it is processed or delayed depending on the type of message/data at the microcontroller 204, transmitted to the serial interface port 208 via the interconnect 214, and then transmitted to the host 102 via the serial link 108. In a similar manner, the target 104 transmits the modulated target message/data to the tag 106 via the radio frequency signal 110. The target message/data may be generated from the microcontroller 204 alone or by the microcontroller 204 in conjunction with the host 102. The modulator/demodulator 202 modulates the message/data and the antenna 200 transmits a corresponding radio frequency signal 110 to the tag 106. The microcontroller 204 and host 102 process the tags and targeted messages/data according to a particular form of application (e.g., in this embodiment, a rapid public transportation application).

Fig. 3 is a high-level block diagram illustrating a tag 106 in accordance with the principles of the present invention. In the preferred embodiment, tag 106 includes an antenna 300 and a tag's Application Specific Integrated Circuit (ASIC)302 (tag ASIC302), which is commercially available from Cubic Corporation. For system level features of the present invention, the following discussion is directed to a very high level discussion of the tags 106 only. The tag 106 is discussed in more detail in the tag detailed description section below.

The tag ASIC302 is divided into a digital subsystem 304 and an analog subsystem 306. Digital subsystem 304 includes a controller 308 and a data store 310. The analog subsystem 306 includes a modulator/demodulator 312.

Similar to the operation of the target 104, messages/data are transmitted to and from the tag 106 via radio frequency signals 110 and 112, respectively. The target message/data (modulated on the radio frequency signal 110) is received with the antenna 300. Upon receipt, the targeted message/data is passed (via interconnect 314) to modulator/demodulator 312 for demodulation. Each targeted message/data is then transmitted to the controller 308 via the interconnect (interface) 316 and processed according to the configuration of the controller 308. Data store 310 is used to store application data accessed via interconnect 318.

The tag message/data (modulated on the radio frequency signal 112) is transmitted from the antenna 300. The controller 308 provides both message generation and data access functions. Each message/data is then passed to a modulator/demodulator 312 for modulation. Finally, the messages are transmitted to the antenna 300, which transmits them as radio frequency signals 112 to the targets 104.

While the invention has many other applications, it is useful when a card is walked^®The system is used for automatic toll collection, especially for toll collection in public transport environments (e.g. subways, buses, parking lots, toll roads, etc.)^®The most important performance requirement of the system is that the billing transaction must be completed in less than about 0.1 seconds. This requirement has been established as a result of human factor studies and extensive field trials.

Thus, a transaction period of 0.1 seconds does not allow additional time for the insertion of a tag into a target to capture the tag until the transaction is complete. If the tag cannot be captured, the system must be able to handle the return of the tag from the vicinity of the target at any time during the transaction, and the tag's non-volatile data is not contaminated.

The present invention meets the above and other needs by using a high-speed communication rate (115.2 kbits/sec), an efficient communication protocol (including implicit acknowledgments), guaranteed state transitions (after transmitting a message, the tag enters a predetermined state and is ready to receive the next input byte without any overhead of additional sync bytes), an intelligent collision avoidance protocol (which includes sending application type information in an "awake" message to avoid overhead of a separate request message from the target), and FRAM (0.6 μ s write time versus 10,000 μ s for EEPROM). FRAM used for non-volatile data buffering may also reduce transaction time (and required memory) when used to prevent data corruption.

Data pollution may be prevented using a method that includes non-volatile buffering of received write data with the FRAM (including automatically completing write operations upon power up); monitoring the radio frequency and dc power available to the tag (to ensure that any write operation to the FRAM is completed before power is lost), where lost clock detection, lateness, and pulse stretching in the reset circuit are used in combination to provide a fast, wide enough and stable reset (to avoid unstable or inadvertent FRAM writes, and also to avoid the size and power inadequacy of the phase-locked loop); and using the message digest as a check on the integrity of the received message.

An additional operational constraint/regulatory requirement on the system is that there is no crosstalk between nearby targets (due to the requirement of placing targets close together in some toll systems) and that the system must be acceptable (FCC and other regulatory requirements).

Cross talk between nearby objects is eliminated by using impedance (or load) modulation from the tag to the object. For example, the tag must be close to the object in order to power it up and modulate only the radio frequency field of the object. When the distance between the target and the tag is greater than the radius of the target antenna, the radio frequency field provided by the target to the tag decreases as the cube of the distance between them.

The target communicates with the tag with a small amount (less than 20%) of Amplitude Modulation (AM) (thus creating smaller amplitude sidebands) and increases rather than decreases the carrier amplitude during modulation (thereby reducing the average carrier power required), which will help with regulatory approval. The target can also operate at a greatly reduced average carrier power (by either detecting the presence of the tag and operating at full power for only 0.1 second transaction time or by adjusting the rf carrier to full amplitude with a short on-period until the tag responds to 0.1 second transaction time.)

There are several other operational factors that determine whether the system meets the above requirements. They include:

● complexity of the transaction and the amount of data that must be updated;

● the transmission overhead imposed by the communication data rate and format;

● the time the host needs to process the data to be updated;

● the time required for the tag to write the received data to non-volatile memory;

● ensure that the overhead involved in data pollution does not occur;

● identifying the overhead contained by the active label being used;

● operating power, frequency and transmission method of the tag and the target.

These items will be discussed in more detail in the following sections.

Description of protocol

Fig. 1-3 are high-level block diagrams illustrating a host-target-tag system in accordance with the principles of the present invention. The host-target-tag protocol includes a series of predefined message exchanges. Typically, the target message is generated by the microcontroller 204 or the host 102, and the tag message is generated by the controller 308, according to software or logic resident therein. Typically, but not necessarily, the message is on the order of a byte or more, and may represent control information for controlling the operation of the target 104 or tag 106, message identification information, authentication information, or other information as may be required for each particular application in which the present invention is employed.

Messages/data are exchanged to provide the following general functions: allowing the host 102 to set the operating mode of the target 104 and/or determine the current state of the target 104; allowing the target 104 to detect that the tag 106 initially enters the radio frequency field and mediate between multiple tags that enter the radio frequency field at the same time; and to allow host 102 to exchange data with tag 106 in a manner that provides resistance to tampering. Table 1 summarizes the general functionality of each field for a particular message.

Message type	Data field	Message type	Data field
				Command	Start type code "command" address bit wakeup control tag mode radio frequency modulation of message bytes	Reviving	Beginning type code "imawake" tag random number tag ID byte tag block directory MAC byte of message byte

	Card detection threshold radio frequency field control LED setting LED control error detection byte
				Wake-up	Beginning type code 'wakeup' host random number error detection byte of message byte	Reading pages	Starting type code readpage page MAC byte of message byte
Status of state	Start type code of message bytes "status" Current target State error detection bytes	Sending pages	Starting type code 'sendingpage' page content byte MAC byte of message byte
				Diagnostic request	Start type code "diagreq" diagnostic type code error detection bytes for message bytes	Writing page	Start type code "writepage" write sequence number of message bytes new page content bytes MAC bytes
Diagnostic response	Start message type "diagrsp" diagnostic result code error detection byte of message byte	Confirmation	Beginning type "ack" page number MAC byte of message byte
				Repudiation of	A single "nak" byte	Table tennis	XOR of random 8-bit value with 55H
		Effective for table tennis	A single "pungvalid" byte
						Ineffective for holding ping-pong	A single "punginvalid" byte

TABLE 1

Exemplary protocol exchanges for the preferred embodiment will now be discussed with reference to Table 1 and FIGS. 4A-C, 5A-B, 6A-B and 7A-B.

Host-target message exchange

FIG. 4A illustrates a typical host-target message exchange. Host-to-target message exchanges occur when the host 102 needs to modify the operating state of the target 104. Host 102 may begin this type of exchange at any time, provided that the previous exchange has completed or time has expired.

Host 102 sends two message types ("command" and "wake up") to target 104. In response, target 104 sends a "status" message type to host 102. The host 102 may optionally send a third message type ("diagnostic request") to the target 104. In response, the target 104 will reply to the host 102 with a "diagnostic response" message type.

The host 102 sends a "command" message to the target 104 to set the operating state of the target 104. When a valid, properly addressed "command" message is received, target 104 takes the action specified by the various data fields of the "command" message. The host 102 also sends a "wake up" message type to instruct the target 104 to begin broadcasting the "wake up" message to the radio frequency field.

Target 104 sends a "status" message to host 102 to confirm that the "command" or "wake up" message was properly received. The "status" message includes the same data fields as appear in the "command" message. The "status" message reports the current settings of these data fields in the target 104 memory, as set by the previously received "command" and/or "wake up" messages.

The host 102 also sends a "diagnostic request" message type to instruct the target 104 to complete one of several diagnostic procedures, and then reports the results in a "diagnostic response" message. In response, target 104 sends a "diagnostic response" message to host 102 to confirm proper receipt and report the results of processing the "diagnostic request" message.

Object-label message exchange

In general, there are two cases of target-tag message exchange: a single tag attempts to communicate with one target (normal 500); and two or more tags simultaneously attempting to communicate with a target (conflict resolution case 514).

Fig. 4B shows object-label switching for both cases. As described above, the target-tag message exchange does not occur until the host 102 has sent a valid "wake-up" message to the target 104.

Target 104 sends three message types ("awake", "pong ok", and "pong not valid") to tag 106, while tag 106 sends two message types ("ping" and "awake") to target 104. The target 104 transmits a "wake up" message to the host 102.

Fig. 5A shows a scenario (normal case 500) where a single tag 502 attempts to communicate with a single target 504 before billing data is transferred between the target 504 and the tag 502. Before the target 504 establishes communication with the tag 502, the target 504 is in a pulsed mode in which it periodically transmits a "wake up" message (modulated on the radio frequency signal 506) under the control of the microcontroller 204.

For the normal case 500 described in fig. 5A, fig. 6A shows a flow chart for the communication protocol between the target 504 and the tag 502. Upon power up, the host 102 engages the target 504 (step 602), and then the host 102 sends a "wake up" message type to direct the target 504 to broadcast a "wake up" message to the radio frequency field. The "wake-up" message includes a synchronization or start of message characters, a message identification character, a random number (typically generated by the host 102 and sent to the target 104 in advance), and error detection bytes. The target 504 periodically transmits a "wake up" signal (step 604) and waits for a "ping" (step 606).

When tag 502 appears near target 504, tag 502 powers up (step 603) and then waits for the next "wake up" message from target 504 (step 605). After receiving the "wake up" message and a random wait period has elapsed, tag 502 responds with a "ping" message (step 608). The random wait period for tag 502 is a random multiple of one "slot," preferably, but not limited to, an integer from 0 to 3. Typically, the time slot is selected to be greater than the round-trip communication time (discussed below) for "ping" and "pong" messages to originate from the tag 502 and back to the tag 502.

The "ping" message may be two characters (bytes) in length and include a randomly generated number followed by an exclusive or value (XORed) of its replica with a hexadecimal value of 55 (binary "01010101"). Although the present description is not limited to this method of establishing a collision check, the present method is preferred because collisions of any two tags can be detected as long as the two tags transmit different random numbers.

The microcontroller 204 verifies that the "ping" message includes a random number followed by its check byte (step 610) and generates a "pong valid" message (step 612). The "pong valid" message may be one character in length. The target 504 then waits for a "wake up" message from the tag 502 (step 618).

Meanwhile, tag 502 waits for a "pong valid" message from object 504 (step 613). Upon receiving the message, the tag 502 checks its validity (step 614) and responds with a "wake up" message (step 616). The "wake up" message includes a synchronization or start of message characters, a message identification character, a tag identification number and block directory, a pseudo random number generated by the tag 502 for authentication, and a message digest (message digest). Communication between host 102 and tag 502 is established. Thereafter, the accounting data residing in the memory of the tag 502 is read and sent to the application of the host 102, which processes the accounting data according to its software and generates new accounting data, which is written to the memory of the tag 502.

FIG. 5B illustrates a scenario where two or more tags 502, 510 attempt to establish communication with a single target 504 (conflict resolution scenario 514). In other words, multiple tags 502, 510 are located in the vicinity of the object 504 at or near the same time. This may occur, for example, if two rows of passengers enter and exit a station while their respective tags 502, 510 are presented to target 504; or if a passenger has two or more tags 502,510 in a wallet or purse. Because the radio frequency signal 506 from the target 504 is capable of providing power to multiple tags 502, 510, simultaneous communication with the target 504 is possible. Each tag 502, 510 transmits a radio frequency signal 508, 512 that can collide with each other and cause communication failure.

In this scenario, the target 504 detects and resolves potential conflicts, in accordance with the principles of the present invention. The conflict resolution features of the present invention are also discussed in related, commonly owned, co-pending U.S. patent application No. 08/825,940 (1997, 4/1), the contents of which are incorporated herein by reference in their entirety. The target microcontroller 204 is programmed to manage the conflict resolution protocol of the present invention.

FIG. 6B is a flow chart illustrating a process by which the target 504 and tags 502, 510 execute a conflict resolution protocol for the conflict resolution scenario 514 shown in FIG. 5B. Before communication is established between the target 504 and any tags (e.g., 502, 510) (step 602), the microcontroller 204 controls the target 504 to periodically generate and transmit a "wake up" message (step 604), which originates from the host 102 and is sent via the radio frequency signal 506 (as shown in fig. 5B). Target 504 then waits for a "ping" message from any tag (step 606).

If there are multiple tags 502, 510 in the vicinity of the target 504, then each tag 502, 510 powers up (steps 603, 603A) and waits for a "wake up" message (steps 605, 605A). Upon receipt of the "wake up" message, each tag 502, 510 independently responds with a "ping" message (steps 608, 608A) via radio frequency signals 508, 512, respectively (as shown in fig. 5B) after a random wait period. The random wait period for each tag 502, 510 is a random multiple of a "slot," which is preferably, but not limited to, an integer from 0-3. Typically, the time slot is selected to be greater than the round-trip communication time of the "ping" and "pong" messages described above, starting with the tag and returning to the tag. In this embodiment, the time slot is 0.35 msec.

Each tag 502, 510 also randomly selects the value of the first byte of the "ping" message. If the tags 502, 510 produce equal random latencies but the random "ping" values are different and a collision occurs due to the simultaneous response and the transmission of the response in the form of a "ping" message over the radio frequency signals 508, 512, the target 504 does not receive a coherent "ping" message (step 610). As mentioned above, a "ping" message should include a random number followed by its "not (inverse)". The microcontroller 204 of the target 504 does not acknowledge that the incoherent "ping" message resulting from the simultaneous reception of the two "ping" messages (RF signals 508, 512) is valid. Without acknowledgement, the microcontroller 204 directs the target 504 to transmit a "pong invalid" message to the tags 502, 510 via the radio frequency signal 506 (step 612). In the preferred embodiment, the "pong invalid" message is one character long. The target 504 then waits for a "ping" message (step 616).

Tags 502, 510 that have collided wait for a "pong valid" message (steps 613, 613A). When a "pong invalid" message is received (steps 614, 614A), each tag 502, 512 is again ready to transmit a "ping" message via the radio frequency signal 508, 512 after waiting for another randomly generated random wait period (step 615). If the microcontroller 204 of the target 504 receives an acceptable "ping" message (step 618), it immediately replies with a "pong" via the radio signal 506 (step 620). Target 504 then waits for a "wake up" signal (step 624).

Both tags 502, 510 wait for a "pong valid" message (steps 622, 622A). When a "pong valid" message is received, the tag 502, 510 checks its validity (steps 626, 630). Any tag that has yet to transmit a "ping" message as a result of the randomly generated wait period remains silent (step 632). The tag that transmitted the ping message responds with a wake up message to engage in communication with the host 102 (step 628).

Finally, if the host 102 does not acknowledge the "wake up" message transmitted by the selected tag, again assuming a collision occurs, then under the control of the microcontroller 204, the host 102 sends a "wake up" message to be periodically issued by the target 504. In this example, the collision is caused by the selection of two tags 502, 510 for the same random slot number and the same random "ping" value. When both tags receive a "wake up" message after simultaneously transmitting a "wake up" message, then both tags select a new random slot and "ping" value and wait for another "wake up". The host 102 may acknowledge this type of collision by detecting an incorrect message digest for a received "wake up" message, the message digests resulting from the respective "wake up" messages of the two tags merging in the radio frequency field. Since each tag includes its unique 8-byte identification value and a randomly generated 6-byte value, a 6-byte message digest will be incorrect when arriving at the host 102.

After successfully completing the collision avoidance exchange described above, the tag 106 sends a "wake up" message only once.

FIG. 7 illustrates a conflict resolution scheme for a target state machine. After startup (step 702), the target 104 transmits a "wake up" message (step 704), waiting for a "ping" message (step 706). If time has elapsed (step 708), the target 104 transmits another "wake up" message (step 704). If the "ping" message arrives before it is outdated, the target 104 checks to determine that the "ping" message is valid (step 710). If the "ping" message is not valid, the target 104 sends a "pong not valid" message (step 712) and again waits for the "ping" message. If the "ping" message is valid, target 104 sends a "pong valid" message (step 714) and waits for a "wake up" message (step 716). When a valid "wake" is received, the target 104 enters pass-through mode (step 718). In pass-through mode, the target 104 passes data or instructions between the host 102 and the tag 106 while waiting for a command from the host 102 (step 720).

Host-label message exchange

The case of host-label message exchange is shown in fig. 4C. A host-label message exchange begins when a target-label exchange, including the collision resolution process described above, causes label 106 to send a "wake up" message to target 104. The target 104 passes a "wake up" message to the host 102 and then simply passes all bytes received from the host 102 to the tag 106 and all bytes received from the tag 106 to the host 102. This process continues until the host 102 sends another "wake up" message to the target 104 to begin searching for another tag.

Assuming that the host 102 receives a valid "wake up," the sequence number and directory information from the "wake up" message is passed to the application logic, which will determine to read one or more of the tab pages or selectively write to one or more of the tab pages.

Host 102 reads the data page of tag 106 by transmitting a "read page" command to tag 106 and expects to receive a "send page" response containing the requested data. Host 102 sends a "read page" message to tag 106 requesting the current contents of a specified 16-byte page in the memory of tag 106. Tag 106 sends a "send page" message to host 102 to satisfy the received "read page" request.

Host 102 writes to the data page of tag 106 by sending a "write page" command to tag 106 containing the new data and expects to receive an "acknowledge" (ack) response that tag 106 acknowledges receipt.

If a "read page" or "write page" command with an incorrect MAC is received, tag 106 responds with a "deny" (nak) message. For the first few "negative acknowledgement" (nak) replies, the host may assume that the received message is bad and does not accept the message. In addition, the host may be using the wrong key.

If the tag 106 receives a "wake up" message at any time after sending its "wake up" message and after receiving at least one "read page" or "write page" (with the correct or incorrect MAC), the tag 106 enters a sleep state. This may cause any other tags in the radio frequency field to begin their own target-tag message exchange and host-tag message exchange.

If the tag 106 receives a "wake up" message after sending its "wake up" message but before receiving a "read page" or "write page" message, the tag 106 will return to a state waiting for a "wake up" message as if it had just entered the radio frequency field. This allows the system to gracefully and transparently arrange for collision avoidance as described above.

The preferred embodiment of the present invention also includes features such as linked data page writing and message authentication.

Linked data page writes

In a preferred embodiment of the present invention, the host 102 may execute 4 "write page" commands and specify that several requested data page writes be performed by the tag 106 as a single logical write. However, the invention can be implemented with more chained writes.

Host 102 inserts a non-zero value in all "write sequence number" fields except the last "write page" command and inserts a zero value in the last "write page" command to specify the link to which such data page writes.

Tag 106 uses the "write sequence number" to determine which of the 4 temporary buffers to store the "write page" command, and retains a validity flag for each of the 4 temporary buffers.

When tag 106 receives a "write page" command with a non-zero value in the "write sequence number" field, the MAC is checked and then, based on the check result, an "acknowledge" or "deny" response message is sent to host 102, but the data bytes of the "write page" command are not transmitted to the specified page number. If the MAC is correct, a validity bit is set for the temporary buffer before sending the "ack" message.

When a "write page" command is received with a value of zero in the "write sequence number" field, tag 106 again checks the MAC. If the MAC is not correct, tag 106 responds with a "deny" message. If the MAC is correct, tag 106 sets the validity bit for the temporary buffer with number zero and copies the data byte from the temporary buffer with number zero into the addressed page. Then, if the validity bit is set for the temporary buffer number 1, tag 106 copies the data byte from the temporary buffer number 1 to the page number addressed by the command. In order, the same checks are made for temporary buffers numbered 2 and 3 until a temporary buffer is encountered for which the validity bit is not set, or until all 4 temporary buffers have been copied, at which point the tag 106 clears all 4 validity bits and responds with an "acknowledge" message to the host.

If the tag 106 disappears from the rf field after the validity bit is set for the temporary buffer with number 0, but before the transfer of data from the temporary buffer to the designated page is completed and the validity bit is cleared, the tag 106 will complete the transfer before beginning the collision resolution process the next time it enters the rf field.

Thus, the host 102 can take the form of either completing all linked "write page" commands, or none starting, which can alleviate the basic overhead of the host 102 in order to accomplish equivalent multi-page write coherency by other techniques, and can also ensure that the data in the linked pages of the tags 106 is in an original state, or in a fully updated state. Thus, for example, a descending balance in one page may be linked positively to a transaction record in another page, such that at any time during the transaction period, if the tag 106 disappears from the radio frequency field, its linked page will reflect the new (reduced) balance and associated transaction details, or reflect the original (unreduced) balance, and no record will be made of the current transaction not completed.

In the absence of the above-described techniques, the host 102 would typically reserve multiple pages of data for storing successive versions of each linked page, and then alternate when using the pages. The host 102 is then required to read additional data pages at the beginning of the transaction to see which linked data pages are the most recent version, and to complete additional page writes to update the currency information. The write speed to the FRAM data memory of tag 106 allows the use of a temporary buffer in tag 106. If tag 106 is implemented with a memory technology that has a relatively long write time, such as EEPROM, the use of a temporary buffer in tag 106 will add significant delay to each "write page" command that is processed.

Message authentication

5 of the 6 message types exchanged between the tag 106 and the host 102 ("wakeup", "read page", "send page", "write page", and "acknowledge") end up with a Message Authentication Code (MAC), which performs two functions. Any size MAC may be used depending on privacy requirements. In the preferred embodiment, the MAC is a 6-byte value calculated from the preceding message contents, 2 random numbers (from the "wake up" and "wake up" messages exchanged during collision resolution), the appropriate secret key (except in the "wake up" message), and the message sequence number. The computational nature of the MAC results in a MAC value that will statistically change one-half of the bits if any of the input bits are changed. Due to this feature, the MAC is used to check transmission errors and to check the authenticity of the message.

An incorrect MAC may be caused by the message bits being corrupted during transmission from the sender to the receiver, or by the sender and the receiver not providing the same data to the MAC calculation algorithm. If an incorrect MAC is received due to message bit corruption during transmission, a retry is made for the failed exchange to obtain the correct MAC. If an incorrect MAC is received because the transmitter and receiver do not provide the correct input to the MAC calculation algorithm, all retries to the failed exchange will continue to fail. Therefore, the host can infer the cause of the MAC failure by retrying the failure operation a sufficient number of times, thereby excluding that the transmission error is the cause of the problem. If an incorrect MAC is received because the transmitter and receiver do not provide the correct input to the MAC calculation algorithm, all retries to the failed clearinghouse will continue to fail.

Label protocol implementation

From the foregoing, it can be appreciated that the present invention also constitutes a protocol for providing contactless proximity automated data collection. Fig. 7B is a flow chart illustrating the tagger side of the protocol 721 in accordance with the principles of the present invention.

In the preferred embodiment, when the reset is released, the tag clears its flag (step 724), checks for and completes any valid but outstanding writes to the tag memory (step 726), checks whether it received a "wake up" message (step 728) (it did not), and the process proceeds to start the wake up procedure.

For this procedure, the tag 106 selects a random number (step 730), and waits for a valid "wake up" message from the target (step 732). If the two copies of the target random number sent in "wake up" match, then the "wake up" message is considered valid. If the "wake up" is not valid, tag 106 continues to wait until a valid "wake up" is received.

After receiving a good "wake up," the tag 106 resolves any collisions in the radio frequency channel (step 734) in the manner previously described. Assuming that tag 106 has resolved any conflicts, tag 106 sends a "wake up" message (step 736). At this point, the tag 106 is ready to receive an authenticated read or write message from the target (step 738).

Tag 106 receives the next message from target 104. The tag 106 checks whether the message is "awake" (step 740). If so, the tag 106 assumes that the target 104 is attempting to communicate with another tag. If the target 104 has not successfully read or written to the tag 106 (step 742), the tag 106 again joins the "wake up" procedure. Otherwise, the tag 106 goes to sleep to avoid blocking the communication channel (step 744).

Assuming the message is a "read page" or a "write page," tag 106 stores the entire message in scratch (scratch) non-volatile memory (step 746). The tag 106 calculates its own MAC and compares it to the MAC of the message (step 748). The result is checked (step 750). If the message contains a bad MAC, a "no acknowledgement" message is sent to target 104 (step 752) and tag 106 returns to wait for a message from target 104 (step 738).

If the MAC is valid, a wakeup flag is set (awake flag), the sequence number is incremented, and whether the message is a "read page" or a "write page" is checked (step 752). If it is "write page," then the validity flag is set according to the convention described above with respect to multi-page write capability (step 754). The flag is then checked (step 726) and the write is completed if necessary. The wake flag is then checked (step 728). Since the tag 106 is now awake, control transfers to the send acknowledgement or page step (step 756), where an acknowledgement signal is sent to the target 104, and control transfers to waiting for another message (step 738).

If the message is "read page" (step 752), then the write page cycle is skipped and control passes to the step of sending an acknowledgement or page (step 756) where the requested page is sent to the target 104. Control then transfers to the host 102 while the tag 106 waits for another message (step 738).

Detailed description of the tags

Overview of tags

The structure of the tag 106, and in particular the tag ASIC302, is helpful in understanding many of the advantages of the present invention. That is, the communication protocol and hardware/software implementation of the tag 106 have been specifically designed to provide flexibility in applications while providing fast transaction, low power consumption, improved security, and guaranteed data integrity. In addition, the small circuitry of the tag advantageously results in a smaller profile.

As discussed with reference to fig. 4, tag 106 includes tag ASIC302 and antenna 300. In the present embodiment, tag ASIC302 is designed using a fully custom design methodology to achieve the specific circuit features described below. That is, each feature is implemented using Very Large Scale Integration (VLSI) polygons to determine the work that must be done separately for each circuit and in this way optimize the area of each circuit. Circuit interconnections are also minimized by custom layout and routing.

As indicated above, the tag ASIC302 is divided into a digital subsystem 304 and an analog subsystem 306.

Fig. 8 shows the signal interconnect (interface) 316 between the digital subsystem 304 and the analog subsystem 306 in more detail. Interface 316 includes a clock signal 800, a reset signal 802, a from _ target signal 804, and a to _ target signal 806. The simulation subsystem 306 also provides V_DD810 and V_SS812 as a power supply (e.g., 5V in this embodiment) and ground, respectively.

The analog subsystem 306 derives a clock signal 800 from the radio frequency signal received over the interconnect 314 and drives the digital logic of the digital subsystem 304 with the clock signal 800. In this embodiment, the clock signal 800 is derived from 13.56 in the carrier frequency of MHz.

The analog subsystem 306 also controls a reset signal 802. The reset signal 802 is asserted at power-up and the reset signal 802 is removed once the radio frequency power conditions are appropriate for communication with the target 104.

The incoming target signal 804 and the outgoing target signal 806 signals target and tag messages/data, respectively. In this embodiment, the normal (flag) state is a binary "1" for the incoming target signal 804.

Tag digital subsystem

Digital subsystem 304 is optimized particularly in terms of transaction speed, chip area, power consumption, data integrity, privacy, and cost. In general, the digital subsystem 304 uses serial technology to transfer (move) messages/data throughout the digital subsystem 304 to save significant chip area. While this approach generally requires longer transfer and processing times than the bit-parallel approach, the present invention provides a dual-speed clock feature (described below) as compensation.

Fig. 9 is a detailed schematic diagram of digital subsystem 304. The digital subsystem 304 includes a state machine memory 900, a data memory 902 (which is operatively interconnected to a transmitter 905 by a 1-bit bus 904), a receiver 906, a flag register 912, a validity register 914, a checker circuit 916, a Message Authentication Code (MAC) register 918, and a keystream register 946. Information (messages/data) is communicated throughout digital subsystem 304 using bus 904. Digital subsystem 304 also includes clock circuit 930.

State machine memory 900 provides overall control of tag 106. As is well known, a finite state machine is generally a circuit whose output at any given moment is a function of an external input (typically activated by the circuit that the state machine or other input is controlling) and the information stored at that moment (or its state). State machines have traditionally been implemented with discrete digital circuits, Programmable Logic Arrays (PLAs) and general purpose microprocessors with program memory.

However, in the present embodiment, the state machine memory 900 is mainly implemented as a predetermined lookup table stored in a Read Only Memory (ROM) in order to further optimize the utilization of the chip area. Thus, each ROM address is the "state" of the machine, and the data stored on the addressed (indexed) location determines the corresponding output. Furthermore, because the ROMs are differentiated (fixed) (asymmetric contribution to power consumption and speed when 1 or 0 is the preferred state), the present embodiment is optimized to only 19.58% binary 1 within the state machine. State machine memory 900, on the other hand, may be implemented in other known non-volatile memory technologies, such as Programmable Read Only Memory (PROM), Erasable Programmable Read Only Memory (EPROM), Ferroelectric Random Access Memory (FRAM), and the like.

In this embodiment, the state machine memory 900 is implemented in 256 × 32 bit (4 bytes) ROM and the state machine memory 900 is addressed by the 8-bit state address register 922 through the 8-bit connector 936. The state machine memory 900 outputs to a 32-bit connector 938 operably connected to the 32-bit control register 920. Those skilled in the art will appreciate that different sizes of ROM, buses, and registers may be used in accordance with the invention.

Another feature of the present invention is that the status address register 922 is implemented as a Linear Feedback Shift Register (LFSR) circuit. The addressing function of the state machine memory 900 thus obtained has a smaller chip area and cost than a conventional incrementer (counter). Furthermore, the critical path of the resulting circuit is reduced by an order of magnitude compared to such conventional circuits.

Typically, an LFSR is an N-bit right shift register with taps on M of the N bit cells. These bit locations are identified as location "0", which is the Least Significant Bit (LSB) of the address, and location n-1 is the Most Significant Bit (MSB). At the beginning of the clock cycle (i.e., clock signal 934), all of the taps are input to an M-way exclusive nor (XNOR) circuit. The output of the XNOR circuit is shifted to the n-1 bit cell on the next corresponding clock cycle. In operation, if properly initialized, the LFSR will produce a repeating sequence of bit patterns whose period and N, M are related to the position of the tap.

FIG. 10 is a detailed schematic diagram of status address register 922, which includes LSFR1000, XNOR circuit 1002, and 2-1 Multiplexer (MUX) 1004. In the present embodiment, an 8-bit (n-8) LFSR with 4 taps (m-4) is used. The MUX1004 receives an input from a signal 944 (discussed below, Ivalue field 1120) driven by the state machine memory 900, or receives a feedback signal 1008 from the XNOR 1002. The feedback signal 1008 is determined as the negation of the parity bits of the values at a particular location in the status address register 922.

In operation, upon initialization (to state "00000000"), the state address register 922 will cycle through all possible 8-bit values except 1 ("11111111"). This additional state is referred to as the "sleep" state. When the state address register 922 is in a sleep state, it is always in a sleep state.

Refer to fig. 9. The contents of each addressed (indexed) location of state machine 900 is a 32-bit Very Long Instruction Word (VLIW) that is loaded into control register 920 via connector 938. In this embodiment, only 256 32-bit status instructions are used to give full control of the tag 106.

Fig. 11 shows a status instruction word 1100 according to the present invention. Partitioning the status instruction word 1100 into different instruction fields includes: istep1102, Icntl1104, Iflag1106, Itcd1108, Itna1110, Imac1112, Ikey1114, Ibus1116, Ispeed1118, and Ivalue 1120. Each field controls one or more circuits (i.e., registers and bus drivers) of digital subsystem 304. Table 2 summarizes the general function of each field in the instruction word 1100.

Instruction mnemonic	Field(s)	Function(s)
			Istep	1102	A counter register 916 is controlled (this value represents the number of bits operated on with each instruction).

Icntl	1104	The flow of data in the address register 922 is controlled to address the state machine memory 900.
			Iflag	1106	Controls the operation of flag register 912 and validity register 914.
Itcd	1108	Controls the operation of timer register 908, repetition counter register 916, and data register 924.
			Itna	1110	A control data address register 926 and a temporary address register 928.
Imac	1112	Controls MAC register 918.
			Ikey	1114	Controls key stream generator register 946.
Ibus	1116	Controlling access to the bus 904.
			Ispeed	1118	Controlling the clock circuit 930.
Ivalue	1120	Constants are included that may be serially loaded into the timer register 908, the repetition counter register 910, the status address register 922, or the bus 904.

TABLE 2

Typically, each instruction word 1100 is executed in three stages. First, the requisite data movement is performed between registers (including status address register 922 and data address register 926). Data memory 902 and/or state machine memory 900 are accessed if needed. Any data from the data memory 902 or the state machine memory 900 is then latched into the data register 924 or the control register 920, respectively.

The operation of digital subsystem 304 will now be discussed with reference to instruction 1100. For state machine 900, it is indexed by state address register 922 and Icntl 1104. Table 3 illustrates the values of the ictl field 1104 and their primary role in next accessing the state machine memory 900.

Typically, the status address register 922 increments according to its predetermined LFSR combination (as described above). However, when a branch condition occurs, a new 8-bit address from Ivalue1120 is serially loaded (which requires 8 steps or clock cycles). Conditional transitions are based on data values or events, such as time-out conditions or cycle expiration. The checker circuit 916, timer register 908, and counter register 910 are all used in conjunction with conditional branching, as described below.

Icntl mnemonic	Function of
		null	The status address register 922 is shifted (no transition) according to its predetermined LFSR.
ball	Ivalue1120 (new address) is loaded into status address register 922 (unconditional branch).
		btrue	If checker 916 is true, ball is executed, otherwise null is executed. (true conditional transfer).
bfalse	If checker 916 is false, ball, otherwise null is performed. (false conditional transfer).
		bcount	If the value of the counter register 910 is "00000", ball is executed, otherwise null is executed. (counter expiration transition).
btime	Ball is performed if timer register 908 has expired, otherwise null is performed. (time has shifted).
		ltime	Timer register 908 is loaded with Ivalue1120 and otherwise functions as null.
getedge	Tag 106 is suspended until the falling edge of the start bit of information/data received from target 104 or timer register 908 expires and then acts as null.

TABLE 3

As shown in FIG. 9, clock circuitry 930 generates a system clock 934, which is operably interconnected to all digital subsystem 304 registers and other clocked circuitry. Clock circuit 930 is controlled by Ispeed1118 received via interconnect 935.

In this embodiment of the invention, clock circuit 930 provides a dual speed clocking feature. Clock circuit 930 receives clock signal 800(13.56MHz) from analog subsystem 306 and generates system clock signal 934 at a frequency of 1.7MHz (fast clock mode) or effectively at a frequency of 115.2KHz (slow clock mode) depending on the particular operation of digital subsystem 304. However, other clock frequencies may be used with the present invention.

The fast mode (issued 1118 ═ 0 ") is typically used for execution and processing of all instruction words 1100 except for communication with the target 104. In this manner, the state instruction 1100 is executed 170 ten thousand times per second (assuming that Istep1102 is 1).

The slow mode (expected 1118 ═ 1 ") is used for data communication between the target 104 and the tag 106. That is, the digital subsystem 304 operates at the same transmission rate as the 115.2Kbps data communication rate between the target 104 and the tag 106. Thus, the same circuitry normally used in fast mode can be used to pass data to and from the tag 106. This dual calibration feature further eliminates the need for specialized circuitry, such as a conventional Universal Asynchronous Receiver Transmitter (UART).

A relevant feature of the present invention is the getedge field of instruction word 1100 (see table 3). The getedge field, along with the timer register 908, suspends operation of the digital subsystem 304 until a falling edge is received from the start bit of each asynchronous input byte (from the target 104). The digital subsystem 304 can thus synchronize itself with each input byte. For transmission, the digital subsystem 304 sends a start bit, a message byte (serially), and all stop bits required for communication for each sent byte. Timer register 908 runs even while state machine memory 900 is suspended, and if no edge is detected, timer register 908 will generate an associated time-out event. Timer register 908 is a down counter based on LFSR.

Checker circuit 916 serially compares the data value on bus 904 with Ivalue1120 and stores the resulting condition for transfer on the next state instruction word 1100.

The repeat counter register 910 is a down counter that controls loop execution (a nested stage). In this embodiment, the repeat counter register 910 is implemented with an LFSR, as are the state address register 922 and the timer register 908. For transfer control, the repetition counter register 910 is down-counted and checked directly by the state machine memory 900.

In operation, Istep1102 controls how many bits are in operation with each status instruction word 1100. With access to each instruction word 1100, the 5-bit value of Istep1102 from state machine memory 900 is loaded (via control register 920). With each subsequent clock cycle, the value LFSR is shifted to another value. When a predetermined value is reached, the next state instruction word 1100 is fetched. Istep1102 may implement steps 1 through 31, thus allowing the machine to execute up to 31 times on a given instruction word 1100.

As shown in fig. 9, bus 904 has 8 bus drivers. Each bus driver is associated with a source (e.g., control register 920, data register 924, sink 906, etc.). To function properly, only one bus driver is enabled by its corresponding driver enable signal 944 at any given time. The corresponding Ibus1116 field in the status instruction word 1100 determines which bus driver is activated. It will be apparent to those skilled in the relevant art that driver enable signal 944 can be generated by suitable address decoder circuitry, and that the decoder can be implemented using combinational logic or a conventional 8-1 decoderNow, its function is in comparison with commercially available Intel^®8205 the decoder is similar.

An example of a typical data flow is as follows. The Ibus1116 field specifies that the data register 924 drives the bus 904 when 8 bits from the data register 924 are to be copied (not moved) into the temporary address register 928. At the same time, field Itcd also specifies that data register 924 is loaded from bus 904 (so data will cyclically leave data register 924 and wrap back to data register 924 to recover the value just shifted out). The Itna field is also loaded into the temporary address register 928 along with the data on the bus (from the data register 924).

The operation of digital subsystem 304 is often related to the status (or identity) of the process. In this embodiment, the process state system occupies the data path for flexibility and efficiency of operation. There are two registers dedicated to processing the state, flag register 912 and validity register 914. The flag register 912 is used for general purpose status (e.g., true or false conditions), while the validity register 914 is used for application of special purpose status.

Data storage 902 is a non-volatile storage area for application data (e.g., passenger billing data, image data, medical records, etc.). In the present embodiment, data memory 902 is implemented with a 2048 × 8 bit (1 byte) FRAM, which is connected to 11-bit data address register 926 and 8-bit data register 924, respectively, via interconnects 940 and 942. The contents of the data register 924 are loaded from the data memory 902 and the contents of the data register 924 are loaded into the data memory 902 for read and write operations, respectively. The field Itna1110 controls the data memory 902, and it controls both the data address register 926 and the temporary address register 928.

Fig. 12 illustrates a memory map 1200 for a data store 902 for a stand-alone multi-item public transportation application. The memory is organized into 128 16 byte pages 1202 (pages "0" - "127"). In operation, the host 102 (via the target 104) facilitates transfers to/from the data store 902 on a page basis (e.g., a page is the smallest unit of memory access by the host 102). The page is further grouped into 16 blocks 1204 (blocks "0" - "15"). Each block 1204 includes 8 pages 1202.

In this embodiment, block "0" 1204 (pages "0" - "7") is reserved for internal use only by tag 106. In particular, block "0" 1204 includes a tag identifier buffer 1206, a tag random number buffer 1208, a host random number buffer 1210, a temporary variable buffer 1212, and a temporary data buffer 1214. Temporary data buffer 1214 includes 4 pages 1212 to accommodate MAC and header data.

The remaining 15 blocks 1204 (blocks "1" - "15") are available for data storage of programs running on the host. One page 1202 is reserved for each block 1204 and includes an application type buffer 1216, a read key 1218, and a write key buffer 1220. Reading or writing another 7 pages of data in the same block requires the secret keys stored in buffers 1218 and 1220. The importance of each of these elements is discussed below.

The message authentication feature of the present invention further enhances data integrity and confidentiality. For each transaction, the host 102 and tag 106 must authenticate each other in a given transaction. In this embodiment, field Imac1112 controls Message Authentication Code (MAC) register 918 and field Ikey1114 controls key stream generator 946. Together, these registers are used to establish/check an authentication MAC that passes back and forth during a transaction.

Label simulation subsystem

The analog subsystem 306 includes power supply circuitry and radio frequency communication mechanisms for the tag ASIC 302. Fig. 13 and 14 show a detailed block diagram and a detailed schematic diagram, respectively, of the simulation subsystem 306.

In general, the analog subsystem 306 generates a 5V power supply for the digital subsystem 304 and the analog subsystem 306; generating a 13.56MHz clock signal (clock signal 800) from the radio frequency signal 110 (from the target 104); demodulate incoming Amplitude Modulation (AM) messages/data on the rf signal 110 and pass the data in serial bits to the digital subsystem 304 (the digital subsystem 304 performs all data frame and other data processing); modulating data from the digital subsystem 304 onto the radio frequency carrier signal 112 using an impedance modulation technique; and generates a reset signal 802 to ensure that the digital subsystem 304 and the analog subsystem 306 are properly enabled and disabled.

Referring to fig. 13, the analog subsystem includes an antenna 300, a full-wave bridge rectifier 1300, a clock recovery circuit 1380, a power-up circuit 1390, an 8V shunt regulator (shunt 8)1310, a series regulator 1320, a 5V shunt regulator (shunt 5)1330, a transmitter 1340, a receiver 1350, a reset generator 1360, and a reference generator 1370.

The antenna 300 receives energy from the radio frequency field 110 (from the target 104) and passes the two signals Va1302 and Vb1304 to the bridge rectifier 1300 and the clock recovery circuit 1380. Full-wave bridge rectifier 1300 receives the AC input signal, Va1302 and Vb1304, from antenna 300 and generates a DC output voltage (V)_RAW1306) The tag 106 is powered up. Rectifier 1300 is also connected to V_SS812。

Clock recovery circuit 1380 also monitors Va1302 and Vb1304 and generates clock 800(13.56MHz), which is an input to digital subsystem 304. The clock recovery circuit 1380 may be implemented using various logic gates, as is well known in the relevant art. The present embodiment employs cross-coupled NOR latching circuits for clock recovery and to prevent short clock pulses. The clock recovery circuit 1380 also provides a no clock (noclk)1440 signal (missing carrier) for use by the reset generator 1360. The noclk1440 is generated by a retriggerable monostable, which is one of many methods known to those skilled in the art.

Reference generator 1370 (bandgap voltage reference) generates V_REFSignal 1470 and a reference current for other analog circuitry of analog subsystem 306. In operation, tag ASIC302 remains in a reset state until V_REF1470 had stabilized.

Power-up circuit 1390 guarantees at V_REFRegulator 1310,1320. 1330 does not start working. V if regulators 1310, 1320, and 1330 initiate shunting too early_DD810 may be held at a voltage such that V_REF1470 cannot rise to its true value. Then it is possible to obtain a V_DD810 remain in a low voltage steady state at which point the chip is inoperable. Power up circuit 1390 prevents this from occurring.

During power-on, power-up circuit 1390 disables regulators 1310, 1320, and 1330 and enables a DC input voltage (V)_RAW1306) Short to V_DD810, up to V_RAW1306 have reached near the power-on threshold voltage. This ensures V_DD810 are charged as quickly as possible so that V is before the regulator control loop is started_REF1470 had stabilized. When V is_RAW1306 below the power-on threshold voltage, the digital subsystem 304 is held in a reset state. If V_RAW1306 exceeding a power-on threshold voltage. Then (de-asserted) an output signal pwrupl1442 is not asserted (active low).

Once V is_REF1470 already stabilized, V_RAW1306 to near the breakdown voltage of the ASIC 302. The present invention therefore provides for a modulation voltage interval as wide as possible for message/data transmission because it operates reliably near the tag ASIC302 breakdown voltage. Embodiments of the present invention use transmitter 1340 to establish the wide interval.

The 8V shunt regulator (shunt 81310) detects incoming messages/data and protects the tag ASIC302 from short transient overvoltages. The fabricated silicon device, such as tag ASIC302, has an inherent breakdown voltage. Accordingly, the operating voltage must be maintained so as not to exceed the breakdown voltage of the tag ASIC302 while receiving the AM signal from the target 104.

To overcome the voltage breakdown problem, a well-known clamping device designed to allow for slow amplitude variations may be connected across the antenna of the tag 106. However, this solution assumes that the tag 106 enters the radio frequency field (rf signal 110) of the target 104 at a sufficiently slow rate that the slow response clamp circuit is effectively responsive. Typically, this is true if a person holds the tag 106 and walks into the radio frequency field of the target 104.

However, there are other applications in which it is advantageous for the tag 106 to be mechanically fixed in position in close proximity to the target 104, while the radio frequency field 110 is electrically switched on and off ("pulsed radio frequency"). In such an example, the change in the radio frequency field 110 is much faster than the slow clamp can respond effectively, and an ASIC (such as the tag ASIC302) may experience over-voltage and latch-up. This does not cause permanent damage and the tag 106 can be made to operate in the desired pulsed rf line.

To overcome the problem of voltage breakdown, and to provide other benefits, the present invention teaches the use of shunt 81310. Shunt 81310 eliminates AM voltage fluctuations and is fast enough to react to switching/pulsed radio frequencies. Shunt 81310 also removes AM voltage fluctuations from the detected carrier wave.

A second benefit of shunt 81310 is that the clamping voltage can be correctly determined and adjusted to be slightly below the ASIC breakdown voltage, allowing for a smaller tag ASIC302 with a lower breakdown process.

More specifically, the shunt 81310 operates as follows in the present embodiment. Offload 81310 will V when tag 106 is stopping sending messages/data_RAW1306 to 8V. When doing so, V is driven across resistor divider 1414_RAW1306 partial pressure and generation of S_REFThe 1416 signal, shunt 81310 generates the ctl81412 signal (shunt 8 control voltage). Data recovery comparator 1418 (transconductance amplifier) will S_REF1416 and a reference voltage V_REF1470 (nominally 1.25V) make the comparison and output ctl 81412. If S is_REF1416 greater than V_REF1470, ctl81412 increases, thus causing more current to flow through shunt 81310, which in turn causes V_RAW1306 are lowered. Likewise, if S_REF1416 less than V_REF1470, ctl81412 and shunt current are reduced, allowing V_RAW1306 are again increased. The control loop has a very small time constant of about 2 mus to ensure proper operation.

In this embodiment, series regulator 1320 monitors the ctl81412 signal (which includes AM messages/data) to ensure that shunt 81310 draws a minimum current of 100 μ Α. This is desirable because, upon receiving a modulated long burst, an attempt is made to adapt the series impedance to maintain a 500 μ Α flow through shunt 81310. If a minimum shunt 8 current is not guaranteed, the shunt 8 may be completely closed when the input modulation stops, causing difficulties in receiving the subsequent messages/data. Ctl81412 also serves several additional purposes, as described below.

In particular, series regulator 1320 controls the ratio of current consumed by shunt 81310 and shunt 51330. Series regulator 1320 monitors the current through shunt 81310 and adjusts the series impedance so that at steady state (no modulation), the average current through shunt 81310 is approximately 500 μ Α. The series control loop has a long time constant of about 1mS, so the average shunt current does not change significantly during message/data reception. This ensures that the input data causes ctl81412 to provide the best possible signal to receiver 1350. During the transmission of messages/data from the tag 106 to the target 104, the transmitter 1340 shorts out the series impedance, disabling the series impedance control circuit 1422 so that when the output modulation ends, the series impedance will return to its previous value. At V_RAW1306(8V) and V_DD810(5V) provides a modulation depth fixed at 3V for transmitting messages/data from the tag 106 to the target 104. Resistor 1424 in parallel with series regulator 1320 ensures that there is sufficient current from V_RAW1306 inflow V_DD810。

Shunting 51330V_DD810 to 5V. V_DD810 supply power to the digital subsystem 304 and most of the analog circuitry. Shunt 51330 consumes most of the overcurrent input into the tag ASIC302 with a fast control loop and can respond quickly at V in about 10 to 15 mus_DDA 2mA load transient on 810 (FRAM reservoir capacitor across 10nf on the power supply).

In this embodiment, the shunt 51330 works as follows. Shunt 5133Comparator 1430 for 0 compares V_DD810 (sampling by a resistor divider 1482 to generate sv)_DD1432 signal) and the bandgap reference voltage V_REF1470 to generate a ctrl 51434 signal. Ctrl 51434, in turn, controls the current flowing through shunt 51330, thus at V_DDThe voltage is held constant at 810. If SV_DD1432 is less than V_REF1470, ctrl 51434 is reduced and the current through shunt 51330 is reduced, thus allowing V to be_DD810 is increased. Also, if sv is_DD1432 increase over V_REF1470, ctrl 51434 is increased and shunt 51330 draws more current.

If pwrupl1442 is high (e.g., not asserted), ctrl 51434 is shorted to ground, disabling any shunting action. This prevents shunting 51330 at V_REF1470 are operated before reaching steady state.

Shunt 51330 also includes comparator 1436, which detects V_DDWhen the grid of 810 drops below the low voltage threshold (about 4.7V in an embodiment of the invention). Comparator 1436 compares V_DD810 (sampling by a resistor divider 1484 to generate sv)_DDlo1435 signal) and V_REF1470 and generate lowv_DD1438 signal. lowv_DD1438 signal indicates access to FRAM, V for digital subsystem 304_DD810 is too low, an rstl1460 signal is triggered.

The transmitter 1340 shorts out the series impedance for outgoing messages/data (from tag 106 to target 104) according to the txd1446 signal (go to target 806). When the input signal, txd1446, is low, V is as described above_RAW1306 short-circuited to V_DD810. When V is_RAW1306 short-circuited to V_DDAt 810, the inhibit shunt 81310 and series regulator 1320 cause their control voltages to be constant, maintaining the steady state point once modulation is over.

The series impedance control circuit 1422 monitors the ctl81412 and adapts accordingly, so the shunt 81310 only shunts 500 μ Α. When the input signal outen1444 is not asserted (output enabled), output drive to ctl81412 is disabled. Thus, ctl81412 is held at its current value by a stray capacitor at that node. When the outen1444 is established, the shunt 81310 works normally. In operation, the outer 1444 is connected to the txd1446 signal by connecting V as described above_RAW1306 short to V_DD810 to initiate modulation from the tag 106 to the target 104. The ctl81412 is kept constant during the modulation from the tag 106 to the target 104. When modulation ceases, ctl81412 returns to approximately the same value it had before modulation started.

Receiver 1350 detects incoming messages/data (from target 104 to tag 106) by monitoring ctl 81412. The ctl81412 increases when the radio frequency field 110 increases and decreases when the radio frequency field 110 falls back to an idle state. In this embodiment, the ctl81412 typically varies by 150 to 200mV when messages/data are received. Receiver 1350 takes the message data by comparing ctl81412 to the average of ctl 81412. It will be apparent to those skilled in the relevant arts that several well-known circuit compositions may be used to calculate the average value of ctl 81412. Txd1446 resets comparator 1418 during a time period when tag 106 is modulating to ensure that receiver 1350 remains in the correct state after transmission from tag 106 to target 104. When ctl81412 is low (i.e., when output modulation is occurring), comparator 1418 is reset. As the ctl81412 increases from steady state (i.e., as the strength of the rf field 110 increases), an rxd signal 1450 (from target 804) goes low; and when the ctl81412 goes low (but when the rf field falls back to its idle state), the rxd signal 1450 goes high.

Reset generator 1360 generates two reset signals, an rstl1460 signal and a reset 802 signal. The rstl1460 signal is active low and is used by analog circuitry. When shunt 81310 begins to draw current after power-up (if, V)_REF1470 powered up), the rstl1460 signal is not asserted, and when V is off_DD810 when the grid drops below about 4.7V, or when V_RAW1306 falls below the power-on threshold (about 3V), the rstl1460 signal is asserted. When the rstl1460 signal is asserted, it is disabledThe clamp of shunt 81310 is disabled (e.g., the minimum current drawn by shunt 81310 may be zero). When rstl1460 is not asserted, clamp or comparator 1418 is enabled and shunt 81310 will draw a minimum of 100 μ A of current.

Reset 802 is active high and output to digital subsystem 304. During power up, reset 802 is asserted so that digital subsystem 304 only begins operation when the circuit reaches a steady state. The reset generator 1360 monitors the ctl81412 and asserts the reset 802 until when V is present_RAW1306 reaches 8V, shunt 81310 begins to draw current. When shunt 81310 begins to draw current, comparator 1418 of shunt 81310 asserts ctl81412, which then does not assert reset 802.

After reset 802 is not asserted, shunt 51330 monitors VDD810 during operation with comparator 1436. When V is_DD810 falls below 4.7V, comparator 1435 establishes lowv_DD1438, which in turn asserts reset 1462, once again disables the digital subsystem 304. The reset generator 1360 also monitors the state of the noclk 1440. If the RF field 110 from the target 104 is interrupted, causing the noclk1440 to be asserted, a reset 802 is generated. This ensures a fast reset 802 when used with a target operating in a "pulsed radio frequency" mode.

While the invention has been particularly shown and described with reference to a few preferred embodiments, it will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the invention as defined by the appended claims.

Claims (19)

1. A method for resolving conflicts in a contactless proximity automation data collection system, the system comprising: a host, a target, and a plurality of tags, wherein the method comprises the steps of:

transmitting a first host message from the host to the target;

periodically transmitting a first target message in response to the first host message;

transmitting a first tag message in response to the first targeted message after a first period of time;

determining whether the first tag message received by the target is valid;

if the first tag message is valid, then

Transmitting a second targeted message and transmitting a second tag message in response to the second targeted message;

determining whether the second tag message received by the target is valid,

if the second tag message is valid, then,

transmitting another first host message; and

if the first tag message is invalid, a third target message is transmitted after a second period of time, and another first tag message is transmitted in response to the third target message.

2. The method of claim 1,

the first host message is a host wake-up message, which includes: a start of a message character, a message identification character, and a random number;

said first tag message is a ping message comprising: a tag random number and a check byte corresponding to the tag random number;

the second tag message is a wakeup message comprising: a start of a message character, a message identification character, a tag identification number, a tag random number derived from the tag identification number, and a directory of blocks;

the first target message is a target wake-up message, which includes: a start of a message character, a message identification character, and a random number;

the second target message is a pong valid message which includes a validity indication message; and

the third target message is a pong invalidation message, which includes an invalidity indication message.

3. The method of claim 2,

the step of determining whether the second tag message received by the target is valid is accomplished by the host.

4. The method of claim 2,

the step of determining whether a second tag message received by the target is valid comprises the step of determining whether the tag random number is derived from the tag identification number of the wake-up message.

5. A system for resolving conflicts in a contactless proximity automated data collection system, comprising:

at least two tags, each said tag comprising:

means for outputting a first tag message in response to the first target message after a first period of time and another first tag message in response to the third target message after a second period of time; and

means for outputting a second tag message in response to the second targeted message;

an object, comprising:

means for outputting the first target message in response to a first host message;

means for determining whether the first tag message received by the target is valid;

means for outputting the second target message if the first tag message received by the target is valid; and

means for outputting the third target message if the first tag message received by the target is invalid; and

a host, comprising:

means for outputting the first host message;

means for determining whether the second tag message received by the target is valid; and

means for outputting another first host message if the second tag message received by the target is invalid.

6. The system of claim 5,

the first host message is a host wake-up message, which includes: a start of a message character, a message identification character, and a random number;

said first tag message is a ping message comprising: a tag random number and a check byte corresponding to the tag random number;

the second tag message is a wakeup message comprising: a start of a message character, a message identification character, a tag identification number, a tag random number derived from the tag identification number, and a directory of blocks;

the first target message is a target wake-up message, which includes: a start of a message character, a message identification character, and a random number;

the second target message is a pong valid message which includes a validity indication message; and

the third target message is a pong invalidation message, which includes an invalidity indication message.

7. The system of claim 6, wherein the means for determining whether the wake-up message received by the target is valid comprises determining whether the tag nonce was derived from the tag identification number of the wake-up message.

8. A method for exchanging data in a contactless proximity automation data collection system, the system comprising a target and a tag, and the tag comprising a tag temporary buffer for storing unread pages and unwritten page messages, a tag memory, and a tag wakeup flag, the method comprising the steps of:

determining whether there is an unwritten page message in the tag temporary buffer;

if there is an unwritten page message in the tag temporary buffer, then

Writing the unwritten page message from the tag temporary buffer to the tag memory;

it is determined whether the tag wakeup flag is set,

if the tag wake flag is set, then

Transmitting an acknowledgement message, an

If the tag wake flag is not set, then

Waiting for a wakeup message;

receiving the wake-up message; and

transmitting a wakeup message in response to the wakeup message;

waiting for a target message;

receiving the target message;

determining whether the target message is a wake-up message, a read page message, or a write page message;

if the target message is a wake-up message, checking whether the tag wake-up flag is set;

restarting the step of waiting for a target message if the tag wake up flag is not set; and

if the label wake-up flag is set, the user goes to sleep;

if the target message is a read page message, storing the read page message in the tag temporary buffer, sending an acknowledgement message and restarting the step for waiting for a target message; and

if the target message is a write page message, storing the write page message in the tag temporary buffer and resuming the step of determining if there are any unwritten pages in the tag temporary buffer.

9. The method of claim 8,

the page reading message comprises the beginning of a message character, a message identification character and a page number;

the page writing message comprises the beginning of a message character, a message identification character, a writing sequence number, a page number and a page content byte;

the wake-up message includes a start of message character, a message identification character, and a random number;

the wakeup message includes a start of a message character, a message identification character, a tag identification number, a tag random number, and a tag block directory;

the confirmation message includes the start of a message character, a message identification character, and a page number.

10. A method for exchanging data in a contactless proximity automation data collection system comprising a tag and a host computer, the method comprising the steps of:

transmitting a first tag message;

transmitting a first host message in response to the first tag message;

determining whether the first host message is valid;

if the first host message is valid, then

Transmitting a second tag message; and

if the first host message is invalid, then

A third tag message is transmitted which is,

wherein the first host message is a page-reading message comprising a start of message character, a message identification character and a page number, or a page-writing message comprising a start of message character, a message identification character, a write sequence number, a page number and a page content byte;

the first tag message is a wakeup message including a start of a message character, a message identification character, a tag identification number, a tag random number, and a tag block directory;

if the first host message is a read page message, the second tag message is a send page message comprising a start of message character, a message identification character, a page number, and a page content byte;

if the first host message is a write page message, the second tag message is an acknowledgment message comprising a start of message character, a message identification character, and a page number; and

the third tag message is a negative acknowledgement message that includes a message identification character.

11. The method of claim 10,

the wakeup message, the page read message and the page write message each further comprise a message authentication code; and

the step for determining whether the read page message or the write page message is valid comprises the steps of: comparing the message authentication code from the wake up message with the message authentication code from the read page or write page message, and determining that the read page or write page message is valid only if the message authentication codes are equal.

12. The method of claim 11,

the message authentication code is a 6 byte value calculated from the contents of the wake-up message.

13. The method of claim 10,

the tag comprises a tag memory divided into a plurality of blocks, each block further divided into a plurality of pages;

each of the blocks includes a read key buffer and a write key buffer for storing a block read key and a block write key;

the page reading message also comprises a page reading key;

the page writing message also comprises a page writing key; and

said step for determining whether said read page or write page message is valid comprises the steps of: comparing the block read key and the read page key, and determining that the read page message is valid only if the block read key and the read page key are equal; or comparing the block write key and the write page key and determining that the write page message is valid only if the block write key and the write page key are equal.

14. The method of claim 10, wherein said contactless proximity automated data collection system further comprises an object, said method further comprising the steps of:

receiving, by the target, the first tag message;

sending, by the target, the first tag message to the host;

receiving, by the target, the first host message:

sending, by the target, the first host message to the tag.

15. A system for exchanging data in a contactless proximity automated data collection system, comprising:

a host, comprising:

means for transmitting a first host message in response to the first tag message;

a label, comprising:

means for transmitting the first tag message;

means for determining whether the first host message received by the tag is valid;

means for transmitting a second tag message if the first host message received by the tag is valid;

means for transmitting a third tag message if the first host message received by the tag is invalid,

wherein the first host message is a page-reading message comprising a start of message character, a message identification character and a page number, or a page-writing message comprising a start of message character, a message identification character, a write sequence number, a page number and a page content byte;

the first tag message is a wakeup message including a start of a message character, a message identification character, a tag identification number, a tag random number, and a tag block directory;

if the first host message is a read page message, the second tag message is a send page message comprising a start of message character, a message identification character, a page number, and a page content byte;

if the first host message is a write page message, the second tag message is an acknowledgment message comprising a start of message character, a message identification character, and a page number; and

the third tag message is a negative acknowledgement message that includes a message identification character.

16. The system of claim 15,

the wakeup message, the read page message, and the write page message each further include a message authentication code: and

in the tag, the means for determining whether the read page message or write page message is valid compares the message authentication code from the wake up message with the message authentication code from the read page or write page message, and determines that the read page or write page message is valid only if the message authentication codes are the same.

17. The system of claim 16,

the message authentication code is a 6-byte value calculated from the contents of the wake-up message.

18. The system of claim 15,

the tag further comprises a tag memory divided into a plurality of blocks, wherein each block is further divided into a plurality of pages;

each of the blocks includes a read key buffer and a write key buffer for storing a block read key and a block write key;

the page reading message also comprises a page reading key;

the page writing message also comprises a page writing key; and

in the tag, the means for determining whether the read page or write page message is valid compares the block read key and the read page key and determines that the read page message is valid only if the block read key and the read page key are the same; or comparing the block write key and the write page key and determining that the write page message is valid only if the block write key and the write page key are the same.

19. The system of claim 15,

the system also includes an object comprising:

means for receiving, by the target, the first tag message;

means for sending, by the target, the first tag message to the host;

means for receiving, by the target, the first host message;

means for sending, by the target, the first host message to the tag.