Designing an electronic safe
As defined on line by Wikipedia, a safe is a secure, lockable box used for securing valuable objects against theft or damage. If so, then, an electronic safe is an electro-mechanical safe operated by electronics. While designing the electronics for the ubiquitous safe may sound straightforward, it is fraught with its own challenges.
This article describes a simple electronics safe design and discusses design techniques for dealing with challenges range from preventing an intruder to break into the safe to power management techniques for consuming the least power. This article also discusses technological advances that can be used to move this simple product concept beyond its original traditional design.
What is an electronic safe?
An electronic safe in its basic form is a thick steel box with a thicker steel door. A typical size is 200 mm (H) X 450 mm (W) X 350 mm (D) and it costs around $100. The door closes on to the box with a solid steel bolt. The bolt may be operated by a knob. A sample electronic safe interface is shown in Figure 1 below.
A keypad is required to enter the unlocking code as are a couple of LEDs to display output and serve as the I/O interface. A mechanical key is provided with many safes for emergency access when the combination code is forgotten.
Additional features provided on most electronic safes are low battery warning, freeze on repeated wrong combination code entry, and long buzz on entering the wrong combination code. Electronic safes are common in hotels as they provide the ability to set and reset the combination code for each new guest.
Figure 1. ELock User Interface
Simple scenarios to describe the operation of an electronic safe are given below:
Lock the Electronic Safe. The mechanical knob turned to put the steel bolt into position and lock the door. The cam mechanism would be such that turning the knob in the opposite direction is not going to engage the electronic safe(Figure 2 below).
Figure 2. Locking the Electronic Safe
Unlock the Electronic Safe. The user shall input the combination code on the keypad to unlock the electronic safe. On every key press, a short beep is generated to provide audio feedback to the user to confirm that the key was accepted.
If the user enters a wrong combination code, then the “ERR” LED will light-up to indicate that the code was wrong. A sharp buzz is generated to make this evident to the end user. Repeated wrong entry will lock the keypad and the electronic safe. The emergency key must be used to unlock the safe and the combination code has to be reset as described below.
Battery Discharge Condition. In case the battery is discharged completely, the bolt will lock permanently and the emergency key has to be used to unlock the safe. The “BAT” LED will switch on when the battery is less than a particular level to alert the user to change the battery.
Combination Code Lost. In case the combination code is lost, then the emergency key can be used to unlock the safe.
Set/Re-set Combination Code. The feature to set or reset the combination code will be available only when the safe is open. A sequence of key presses can open up the microcontroller to set the new combination code. The microcontroller saves the combination code into its nonvolatile memory.
Implementation of a safte design
Early electronic safe designs used hardware circuits employing counters to determine the right combination code. Later designs have been based on microcontrollers because of the flexibility offered by microcontrollers and software programming.
A block diagram of a microcontroller-based design is shown in Figure 3 below. It consists of a microcontroller and a motor that is powered by the battery. The microcontroller takes inputs via the keypad and, depending upon the code, will trigger the motor and the door lock mechanism to move the cam and turn the bolt.
LEDs are triggered based on microcontroller status, battery condition, and any error while reading the code. An optical object sensor is used to detect the condition of the door.
Figure 3. Block Diagram of an electronic safe (To view a larger image click here)
Mechanical Construction. Although this is an article on electronics for electronic safe, the single biggest consideration for a good and reliable safe is its mechanical construction. The electronics Printed Circuit Assembly (PCA) should be behind the solid steel structure.
Any attempt to force open via the front panel through the keypad should make the contents of the safe accessible. One possible option is to separate the PCA from the keypad. The PCA should be behind a solid steel structure while the keypad should be on the front of the door.
Power Efficiency. Power consumption is the second most important aspect of an electronic safe. Various designs can be implemented to save power such as the use of deep sleep if there is no input from the keypad for a specified period of time.
A microcontroller that operates in a wide operating range will help to sustain long operation across battery discharges. Use of 7-segment LEDs is the norm for electronic safes because of the low power consumption of these components.
Master Combination Code. An optional feature is a master combination code which can be used to unlock the safe similar to the option of an emergency key. The master combination code is a sequence of key presses which can be used across all the units of an electronic safe of a particular make.
Using such a combination code is best avoided as it presents a potential breach of security for the electronic safe manufacturer. A better mechanism is to use the combination of “Unlock the Electronic Safe” and Set/Re-set Combination Code.
Fail Safe Firmware Code. The code for the electronic safe cannot malfunction and so it must be implemented with proper review and sufficient validation. To account for any unforeseen malfunction, however, the firmware should be designed to ensure that the program for the electronic safe does not lockup.
This can be avoided using a watchdog timer: If the firmware code freezes at any time, the watchdog timer will reset the firmware on the electronic safe without disturbing the condition of the lock.
One Time Programmable (OTP) MCU. It is advantageous to choose a microcontroller with OTP features to prevent reverse engineering of the firmware by competitors and hackers.
Steps to control and be immune to electromagnetic interference should be implemented as in any embedded system where sensitive electronics are next to a potential noise source such as a motor. Hardware that is not reliable may reset and result in a vulnerable safe.
The less hardware components there are, the fewer components that can fail and the greater the system reliability. Fewer components will also lower power consumption. System on Chip (SoC) microcontrollers can be used to integrate many hardware functions to reduce component count, which in turn increases reliability, decreases power consumption, and reduces cost.
A Programmable System on Chip (PSoC) can do power measurement using internal comparators and Analog to Digital Converters (ADC). A buzzer can be controlled using Pulse Width Modulation (PWM) integrated on the SoC.
Detecting Open Safe. Many of the use scenarios require that the firmware detect whether the safe is open. An optical sensor can be used to detect that the door is open. The optical sensor is controlled by the microcontroller to determine this condition.
User procedures and built-in self-test (BIST). A clear procedure for changing batteries is needed as the user may have to change batteries during the lifetime of the safe and may not have access to the safe manual. Built-in Self Test capabilities can run through all the interfaces of the board to ensure there is no fault after the replacement of the battery.
Manufacturing. Last but not the least is the challenge to program the electronic safe with firmware and later run manufacturing test to ensure that all the blocks operate as expected and the unit is free of any manufacturing defects.
To ensure that there is no fraud by the contract manufacturer, a programming jig with authentication may have to be implemented. The manufacturing test procedure should ensure it covers 100% of the hardware.
Limitations and what could be improved.
Failure Analysis on Returned Material. Increasing the number of interfaces on the board is going to increase the number of ways that an intruder can create havoc on the system. This is one of the single largest limitations of this embedded system.
Ultraviolet Ink to reverse engineer the combination code. Finger impressions on a keypad can be captured by an intruder using ultraviolet ink. Knowing which keys have been pressed helps to reduce the combination set that the intruder has to cycle through. To avoid such situations, a user can set a combination code that includes all of the digits.
Capacitive Buttons. A trend these days is to replace mechanical buttons with capacitive sensing buttons. Capacitive sensing buttons sense the capacitance of the human finger and trigger “ON” signal. Capacitive buttons reduce system cost while increasing reliability by eliminating the potential failure of mechanical buttons.
(Rajesh Ramesh is engineering manager, and Ronak Desai is a Staff Engineer at Cypress Semiconductor. Ronak, with nine years of industry experience, has BE in Electronics and Communication from Mumbai University, India. He is part of the Development Kits Group and is based out of Bangalore, India. You can reach Ronak at firstname.lastname@example.org and Rajesh at email@example.com)