RFID Handshake

Radio-Frequency Identification (RFID) is a commonly used technology for communication via alternating electromagnetic fields.  There seems to be quite a bit of interest in understanding how does the “handshake” or initialization process between two RFID devices work.   In this article, we will be discussing the handshake process between a passive RFID transponder and a Proximity Coupling Device (PCD) of a Host Device.  The handshaking is based on Near Field Communication (NFC) technology; however it may be applicable to other RFID technologies such as, for example, ISO/IEC 14443, ISO/IEC 10536, or ISO/IEC 15693.

Summary

 

When the passive RFID transponder and the PCD are placed sufficiently close to each other, such that the antenna coil of the passive RFID transponder overlaps with the magnetic field generated by the PCD, the antenna coils of both the passive RFID transponder and the PCD are said to be inductively coupled.  As such, data can be exchanged using conventional NFC techniques.

Upon receiving the command from the Host Device to start communicating with the RFID transponder, the PCD initiates communication by performing modulation on a self-generated 13.56MHz carrier signal to superimpose a response request signal for transmission to the passive RFID transponder.  A passive RFID transponder that is located close to the PCD rectifies the coupled magnetic wave emitted from the PCD to draw its own power source.  Once it is adequately powered by magnetic induction, the passive RFID transponder processes the response request from the PCD.  It responds to the PCD by performing load modulation on a different and non-modulated 13.56MHz carrier emitted by the same PCD initiator to transmit its own response data including information such as a unique and permanent ID stored within its memory during manufacturing.  Once it receives the data, the PCD works with the Host Device to confirm the identity of the passive RFID transponder. Upon completion, the Host Device decides whether to proceed with more bi-directional handshake communication with the passive RFID transponder via the PCD, or it could transition to the next operation state and handover the control of communication to an operational program where a more permanent and active communication channel with the passive RFID transponder will then be established.  The PCD continues to emit the 13.56MHz magnetic signal carrier wave so that the passive RFID transponder may continue to be powered until all necessary communication with the passive RFID transponder is completed.

Unlike the passive RFID transponder, an active RFID transponder has its own power source and responds by generating its own 13.56MHz carrier field and performing modulation on it to superpose the data for communication with the PCD.

 Details

 

NFC Handshake

NFC Handshake

For example, at step 603, the passive RFID transponder is brought close within the read/write/power range of the PCD.  At step 607, the Host Device activates the PCD either by manual user intervention (e.g., pressing a button on the Host Device) or via automatic detection of the passive RFID transponder.  At step 605, the PCD powers on.  The PCD can even be reset from a previous IDLE state.  At step 606, the PCD generates a magnetic carrier signal at 13.56 MHz.  The PCD also superimposes a signal requesting for response from the passive RFID transponder by modulating the carrier signal.  The signal is being transmitted to the passive RFID transponder.  The passive RFID transponder rectifies the coupled carrier signal generated by the PCD in order to generate its own power source by mutual induction.  At step 604, due to the power source, a DC voltage level of the passive RFID transponder reaches a minimum voltage threshold required for operation.  At step 608, the passive RFID transponder performs a power-on-reset and begins communication with the PCD.  Thereafter, the PCD initiates all commands for transmission to the passive RFID transponder.  The passive RFID transponder responds to the received commands based on the state of its RFID IC.  In other words, once the passive RFID transponder draws adequate power via mutual induction, it responds to each command transmitted from the PCD.  The responses load the 13.56 MHz carrier signal.

Once the passive RFID transponder is able to respond to commands transmitted from the PCD, both the passive RFID transponder and the PCD enters Discovery state 600.  At step 609, the PCD, based on the additional load from the carrier signal, detects the presence of the passive RFID transponder and begins a series of initialization with the passive RFID transponder.  During Discover state 600, more than one passive RFID transponder (and/or active RFID transponder) may be present in the operating field of the PCD.  Some RFID IC vendors implements an optional Anti-Collision algorithm based on particular identifier data retrieved from each RFID transponder that is present within proximity of the PCD.  Based on the retrieved identifier data, the PCD selects a desired RFID transponder for further processing while the remaining unselected RFID transponders return to their IDLE states.  Thereafter, both the PCD and the selected passive RFID transponder enter Initialization state 601.

In Initialization state 601, a series of mutual authentication and memory operations begin between the PCD and the selected passive RFID transponder.  If the passive RFID transponder is paired with the PCD for the first time, it undergoes an initial series of configuration steps of personalizing the passive RFID transponder that include programming user data and mutually shared secret keys.  The mutually shared secret keys secure subsequent data exchange between the passive RFID transponder and the PCD, maintain confidentiality and integrity of subsequent commands, responses, and memory operations within the RFID IC of the passive RFID transponder.  At step 610, the passive RFID transponder responds to the PCD with its type, identification, and capabilities.  Some RFID IC manufacturers have implemented an optional and stronger Advanced Encryption Standard (AES) authentication to verify authenticity of the passive RFID transponder.  At step 622, based on the unique identification provided by the transponder, the Host Device may even help the PCR to correctly identify the desired transponder from its database.  At step 612, based on the series of mutual authentication, the PCD attempts to identify the desired RFID transponder.   If the desired RFID transponder has been identified, both the PCD and the selected passive RFID transponder enter User Authentication and Authorization state 602.  Otherwise, at step 613, the PCD powers off or returns to its IDLE state. Thereafter, existing communications between the PCD and the selected passive RFID transponder stop.

At the beginning of User Authentication and Authorization state 602, the PCD may send a notification to the Host Device informing that the passive RFID transponder has been correctly identified and initialized, and ready for further transactions with the Host Device.  Furthermore, subsequent data exchanges between the passive RFID transponder and the PCD could be encrypted.  At step 618, the Host Device requests for user security data stored within the RFID IC of the passive RFID transponder.  At step 615, in response to the Host Device’s request, the PCD reads user identification data from the passive RFID transponder.  At step 614, the passive RFID transponder sends the user identification data to the PCD.  At step 616, the PCD sends the user identification data to the Host Device.  At step 619, the Host Device authenticates the user (or bearer) of the passive RFID transponder based on the received user identification data.  At step 620, the Host Device attempts to correctly identify the user of the passive RFID transponder. The Host Device could either allow the passive RFID transponder to gain access to the Host Device, or not.  At step 617, the PCD powers off or returns to its RESET state.  Thereafter, current magnetic fields between the PCD and the passive RFID transponder cease.  At step 621, the passive RFID transponder powers off.

I tried to make the technical content of this article as accurate and up-to-date as possible.  If you have any further comments or suggestions, please contact us.

Leave a Comment

Your email address will not be published. Required fields are marked *