Give away medical masks when you place an order. learn more

How to Design Low Cost Sub-GHz Wireless Access Control for the Internet of Things

Security and access control are two key areas of concern for designers of systems for the Internet of Things, but there is a significant challenge in the cost of the implementation. This article looks at the options for the design of secure wireless access control systems using the sub-GHz ISM bands such as Z-Wave to keep costs low.

The unregulated ISM (Industrial, Scientific, Medical) wireless bands are extremely popular for all kinds of applications. The sub-GHz bands at 868 MHz in Europe and 915 MHz in the US are particularly popular, mostly for the relatively low cost of implementation.

Operating in these bands has a number of advantages, starting with the range. The penetration of these RF bands is significantly longer than the higher ISM bands at 2.5 GHz and 5 GHz and this gives the designer many more options in the development of access control systems.

Longer range can be traded for longer battery life as less power is used to make a link. Trying to establish a link at the furthest reach of the range or through doors or walls can require significantly more power. Limiting the range then gives a longer battery life or allows a smaller battery to be used with a shorter range, reducing the size and cost of the overall system. The latest RF design techniques and manufacturing technologies are also well established at these frequencies. This means low cost CMOS technology can be used for the transceivers, increasing the integration of components in a single device and further reducing costs. Because many of these transceivers can also be used in simple wireless sensor designs that operate in the same ISM band, there is also a benefit of scale that further keeps costs down.

However, there are also disadvantages. These bands are very popular and so are particularly crowded. This means a lot more attention has to be paid to interference by other systems. This can mean having to have wider guard bands on a channel or having to implement frequency-hopping protocols, which have not been necessary in the past. This is also a challenge for developers of systems that have to be secure such as access control and building automation to protect against both inadvertent interference and deliberate tampering. The longer range gives tremendous benefits, but there is an increased risk of interception of the signals. These can be decoded to provide access codes, or copied and re-broadcast. This copy can either be used as a man-in-the-middle-attack to gain access to wider systems, or re-broadcast at a later time to let in an intruder.

This is leading to a need for further security techniques, such as encryption and one-time codes, to be added to relatively simple system designs.

Some component suppliers, such as Sigma Designs and Semtech, have developed their own protocols in these ISM bands to tackle the challenges of access control and tampering, but there are still low cost, low power, long-range transceivers that can be used to build such systems from scratch to encapsulate a developer’s own expertise and intellectual property.

Silicon Labs’ Si4455 is a sub-GHz transceiver in a 20-pin 3 x 3 mm package size that can be combined with a low external bill of materials (BOM) count to be both space efficient and cost effective. The +13 dBm output power and sensitivity of –116 dBm allows for a longer operating range, while the low current consumption of 18 mA TX (at 10 dBm), 10 mA RX, and 40 nA standby allows for that tradeoff of battery life, battery size and range.

Figure 1: The Si4455 from Silicon Labs provides a transceiver in a 3 x 3 mm package.

By fully integrating all components from the antenna to the GPIO or SPI interface, the transceiver is simple to design into a system, and all the packet handling including preamble, sync word detection and CRC is handled by the chip to further simplify the development. This is helped by Silicon Labs’ Wireless Development Suite (WDS) user interface software that provides simplified programming options for a broad range of applications in an easy-to-use format that results in faster and lower risk development. While the maximum data rate is 500 Kbit/s, this is easily sufficient for access control systems even if additional one-time codes and encryption have to be used.

However, not all the components such as the crystal oscillator, power controller or balun filter can be integrated into a silicon die, so a module can be a quick and easy way to add the wireless element to an access control design. The MRF89XAM9A from Microchip surface-mount transceiver module integrates the crystal, internal voltage regulator, matching circuitry and PCB antenna.

Figure 2: The MRF89XAM9A from Microchip combines all the elements needed for access control hardware.

Using an integrated module design frees the developer from extensive RF and antenna design as well as the regulatory compliance testing, allowing quicker time to market. This allows the developer to place the module inside a finished product and it does not require regulatory testing for an intentional radiator or RF transmitter. However, to maintain conformance, there are particular settings that have to be considered for the US and Canada.

With the hardware implemented in a fully tested module, the software development becomes even more important. The MRF89XAM9A module is compatible with Microchip’s MiWi Development Environment software stacks. The software stacks are available as a free download, including source code, and allow the system to be built up quickly.

Other suppliers have integrated their own protocols into the transceivers to provide a robust link for access control.

The SX1232 from Semtech is a fully integrated ISM band transceiver optimized for use in the 868 MHz band in Europe and the 915 MHz band in the US with a minimum of external components. It offers a combination of high link budget and low current consumption in all operating modes handling FSK, GFSK, MSK, GMSK and OOK modulations. The 143 dB link budget is achieved by a low noise CMOS receiver front-end and up to +20 dBm of transmit output power. A pair of internal power amplifiers is provided, permitting either fully regulated operation for constant RF performance, or direct supply connection for optimum efficiency. This makes it suitable for either applications powered by alkaline battery chemistries or long battery applications using Lithium battery chemistries, depending on the use case requirements of the access control.

The SX1232 includes a packet engine and top-level sequencer that can be used with a 64 byte FIFO to automate the entire process of packet transmission, reception and acknowledgment without incurring the consumption penalty common to many transceivers that feature an on-chip MCU. The integration reduces the external BoM to passive decoupling and impedance matching components and makes it suitable for access control applications where stable and constant RF performance is needed over the full operating range of the device down to 1.8 V.

Figure 3: Semtech has designed the SX1232 specifically for a large link budget for reliable RF connections.

The SX1232 is intended for applications requiring high sensitivity and low receive current. Coupling the digital state machine with an RF front-end capable of delivering a link budget of 143 dB (-123 dBm sensitivity in conjunction with 20 dBm Pout) in a 5 x 5 mm QFN 24 lead package. The low-IF architecture is deliberately optimized for the low modulation index and narrow band operation used in the sub-GHz ISM band. A pair of sigma-delta ADCs handle the data conversion from the low IF, with all subsequent signal processing and demodulation performed in the digital domain. The digital state machine also controls the automatic frequency correction (AFC), received signal strength indicator (RSSI), and automatic gain control (AGC).

Sigma Designs has combined its Z-Wave transceiver and controller into a single System-in-Package (SiP) module. The ZM5101 combines a Z-Wave SD3502 SoC (with a built-in microcontroller and Z-Wave RF transceiver), crystal, and passive RF components within a single 8 mm x 8 mm module for small-footprint, single microcontroller products such as access control. It provides data rates up to 100 kbit/s with 128 kB Flash and 16 kB SRAM for code, as well as hardware-assisted frequency agility, enabling the module to switch away from a noisy channel to one of three others without communication or software overhead. The very-low sleep current of 1 µA addresses the growing need for longer battery life, while a 128-bit AES engine supports the need for encrypting the link.

This is possible through the Z-Wave protocol, which has been defined at the application layer and through a comprehensive certification program using the ITU-T G.9959 PHY and MAC, an international standard that is maintained by Z-Wave Alliance. This uses low-power sub-1 GHz RF protocol and works within a mesh topology.

The main benefit from this is that the interoperability is built in at the application layer, so there is a wide range of devices that will work together. This makes it easier to build a secure access control system that links to other devices such as a PC, tablet or smartphone. The mesh element of the network means that each device within a Z-Wave network can relay signals to the other devices, this allows the network to be extended easily and made even more robust with more connected devices. Up to 232 Z-Wave devices can connect to a Z-Wave hub. Z-Wave is ideal for homes and small businesses.

The protocol also extends up into the network with the Z-Ware IP gateway reference design. This allows each Z-Wave device – such as a lock or access controller - to have a unique IP address and can support IP capable applications. The ZIPR IP gateway then handles all the communication between Z-Wave and Z-Wave for IP in a similar way that a home router handles the communication between the home PC and the Internet.


A wide range of options exists for access control design in the sub-GHz ISM bands. From ultra-low-power single transceivers to standard modules, up to proprietary protocols, designers can make use of the range of the RF links to trade off time-to-market, design complexity, battery life and performance with a wide range of features.