A sequential circuit for a luggage lock

Choose discrete-logic when deterministic timing and zero code memory are required; choose MCU when EEPROM storage and low-power sleep modes simplify implementation. Discrete approach: three D-type flip-flops (3 FFs → 8 states) plus a 4-bit parallel-in/serial-out register captures a 4-step combination, an XOR network performs bitwise comparison, and a small comparator or NOR tree asserts the release signal on match. MCU approach: an 8-bit device such as ATTiny13/25 or PIC12F sampled at 1 kHz replaces the gate count and stores the code with CRC in EEPROM.

Debounce each contact with an RC network R=100 kΩ, C=470 nF → τ ≈ 47 ms, followed by a Schmitt-trigger buffer (74HC14). Sample inputs at 1–5 kHz; set per-key timeout to 2 s and accept inter-press jitter up to ±30 ms. Use synchronous edge-detection to avoid metastability when crossing clock domains.

Drive the actuator via an N-channel MOSFET rated > 1 A, include a flyback diode across inductive loads, and place a TVS or ESD diode on exposed connectors. Operate at 3.3 V or 5 V depending on actuator and component selection; prefer 74LVC or low-voltage CMOS families to reduce quiescent draw. Decouple each supply pin with 0.1 µF ceramic and add 10 µF bulk capacitance near the regulator.

Mitigation against brute-force: increment a 3-bit failed-attempt counter after each rejected sequence; on five consecutive failures assert a hardware lockout that disables sampling via a reset line and initiates a 5-minute timer. Store the correct pattern in EEPROM with a 16-bit CRC; on CRC mismatch require a factory reset procedure that clears memory only when a secure physical jumper is present.

Tamper sensing options: a recessed reed switch, tilt sensor, or piezo shock detector wired into an interrupt pin. When tamper event occurs, zeroize EEPROM, flash an alarm LED at 2 Hz, and hold the actuator disabled until a manual reset. Include a watchdog timer to recover from latch-up and prevent permanent hanging states.

PCB layout and test: use a ground plane, keep traces to switches under 30 mm, add series input resistors 330 Ω to limit ESD current, and place ESD diodes at external interfaces. Validate with test vectors at inter-press intervals of 25, 50, 100, 200 ms, confirm lockout and timeout accuracy within ±5%, and measure standby current to verify low-power sleep meets target.

Choose Mealy or Moore based on input-edge latency and output stability

Prefer a Mealy-style FSM when button presses must produce an immediate response within microseconds of the input edge; choose a Moore-style FSM when outputs must remain stable on clock boundaries and be easy to debounce and verify.

Timing and latency

Mealy: output change can occur after input propagation delay through combinational logic (t_pd). Typical FPGA LUT t_pd ≈ 2–10 ns; CPLD/ASIC paths can be 5–50 ns. Worst-case response = input sync latency + t_pd. Because outputs are combinational, an input edge can yield an output pulse shorter than one clock period unless gated.

Moore: output updates only on the clock edge, so worst-case latency = one clock period + t_ff_q (~1–10 ns). For human-actuated switches with bounce in the 5–50 ms range, choose a clock between 1 kHz and 10 kHz so one period is 1–0.1 ms; a 1 kHz clock gives deterministic timing with low logic jitter and straightforward debounce counters.

Practical recommendations

Debounce: sample at 1 kHz–10 kHz, require N consecutive identical samples where N = debounce_ms × sample_rate. Example: 10 ms debounce at 1 kHz → N=10. Synchronization: use a two-stage synchronizer for each asynchronous input before any combinational logic touches it.

Hybrid pattern: perform raw edge detection in Mealy style (fast ACK pulse) but update the main code/registers in Moore style on the next clock edge. Example sequence: input → 2-stage synchronizer → debounce counter → edge detector (Mealy) → register enable → state register update on clock (Moore). This yields immediate feedback while maintaining registered state stability and easier formal proofs.

Resource and verification trade-offs: Mealy typically reduces distinct states by roughly 10–30% for comparable behavior but introduces combinational output logic that complicates timing closure and increases glitch risk. Moore increases state count but simplifies timing analysis and test vectors because outputs depend only on registered state.

Actuator protection: add output pulse stretching or a short, registered single-cycle enable for the actuator driver to prevent chatter from Mealy-generated glitches. For electromechanical drives, pick a minimum actuation pulse ≥ 20 ms; generate that pulse from a clocked timer (Moore) even if the trigger is Mealy.

Encode combination digits and keypress sequences into minimal state encoding

Direct recommendation

Build a prefix trie of all valid combinations, add a sink for invalid keypresses and a timeout/reset state, apply Aho–Corasick failure links to fold overlapping prefixes, run DFA minimization (Hopcroft) to produce the minimal set of states S, then encode those states in binary using m = ceil(log2(S)) flip-flops unless hardware constraints make one-hot preferable.

Practical rules, formulas and examples

State count after minimization = |S|. Required storage bits: binary bits = ceil(log2(|S|)); one-hot bits = |S|. Example: a single fixed 4-digit code produces 5 states → binary = 3 bits, one-hot = 5 bits. For 50 combinations averaging length 4 with moderate prefix sharing, a conservative node upper bound ≈ 50×4 = 200 → binary = 8 bits, one-hot = 200 bits.

Use one-hot when |S| ≤ 8–10 and fastest next-state decoding is desired; use binary when flip-flop count or routing area dominates (|S| > 12 typically). Expect next-state logic complexity to scale roughly as O(|S|) terms for one-hot vs O(|S|·log2|S|) literals for binary encodings in sum-of-products implementations; factor in available LUT input width on FPGA or gate-count budget in ASIC.

Reduce hazards and glitch-induced misreads by choosing an adjacency-aware encoding: Gray codes or Johnson sequences for state clusters with many single-bit transitions. Reserve contiguous codewords for initial, timeout and sink states to minimize Hamming distance on common resets.

When many combinations share long prefixes, use the trie + Aho–Corasick approach to collapse redundant progress paths before minimization; this frequently shrinks |S| by 30–70% versus naive concatenation. Always include an explicit sink state that either returns to root or follows failure links; count that sink in |S| before computing m.

If resource trade-offs permit, implement a hybrid: store recent K keypresses in a shift register (K = max combination length) and perform parallel compare against stored combinations in CAM/ROM. This replaces large |S| with comparator logic plus K·log2(10) bits of storage (for decimal digits mapped to 4-bit BCD), and is efficient when number of allowed combinations is large but lengths remain short.

Implement input conditioning: debounce, edge detection and tamper sensor integration

Use a hybrid approach: analog prefilter (RC + Schmitt) to suppress fast transients, then a synchronized digital debouncer that produces single-clock pulses for downstream logic.

Analog front end recommendations: place a series resistor (10k–100k) and a capacitor to ground (10nF–470nF) directly at the switch/contact. Target an RC time constant τ = R·C in the 2–20 ms range for mechanical pushbuttons; adjust upward for very noisy environments. Insert a Schmitt input buffer (e.g., 74LVC1G14, 74HC14) after the RC to sharpen transitions and prevent oscillation across the threshold. Add a 100 Ω series resistor and a small-signal TVS diode on external lines for ESD/EMI protection.

Digital debounce algorithm (deterministic): sample the synchronized input at fsample = 500 Hz–2 kHz (1 kHz recommended). Use an N-bit shift register where N = debounce_ms / (1/fsample). Example: for 12 ms debounce at 1 kHz, N = 12. Update: shift = (shift << 1) | sample; if shift == all_ones then stable_high; if shift == 0 then stable_low. This guarantees N consecutive identical samples before a state change. For resource-constrained logic, replace the shift register with a saturating up/down counter: increment on 1, decrement on 0, clamp at [0, N]; assert when counter == N.

Metastability and synchronization: pass every asynchronous input through a two-flop synchronizer clocked by the system clock before any combinational comparison. For low-latency systems consider a three-flop synchronizer. After synchronization, generate edge pulses by comparing the synchronized current and previous sampled bits: posedge = curr & ~prev; negedge = ~curr & prev. Use those edge pulses (single-cycle) as triggers for one-shot timers or event handlers.

Edge-pulse shaping: produce a 1–2 clock-cycle wide pulse for each detected edge. If downstream logic is clocked slower than the sampling domain, stretch the pulse with a small counter to ensure reliable capture (pulse_width = max(1 clk, ceil(destination_clk_period / source_clk_period))).

Tamper sensor types and wiring: common-loop tamper (door/reed/ram), break-wire supervision, and MEMS accelerometers. For contact-style tamper switches use a supervised loop with a pull resistor network: pull-up Rp = 10 kΩ to Vcc, series sense resistor Rs = 1 kΩ to the switch, and monitor the ADC or GPIO voltage. Define thresholds: V > 0.9·Vcc => open (broken); V < 0.1·Vcc => shorted to ground; intermediate => closed/normal. Use 10-bit ADC thresholds or comparator thresholds mapped to these fractions for greater noise immunity.

Accelerometer-based tamper: use a digital 3-axis IMU with interrupt (I2C/SPI). Sample at 100–400 Hz, compute magnitude = sqrt(x^2+y^2+z^2) or use absolute-axis thresholds. Detect sustained excursions above a chosen threshold (example: detect >0.5 g for at least 50 ms) using the same N-consecutive-samples debounce approach but with shorter windows (10–100 ms) than mechanical contacts. Apply a low-pass or median filter to reduce false triggers from single-sample spikes.

Tamper event handling: treat validated tamper inputs as highest-priority interrupts that can latch an alarm flag. Bypass long mechanical debounce on tamper inputs but require a short verification window (10–50 ms) to reject spikes. Make tamper latch persistent across power cycles only if intended; otherwise force a firmware-authenticated reset sequence to clear the latch. Log timestamps (clock ticks) of tamper occurrences for forensic tracing.

EMC and robustness: place 0.1 µF bypass capacitors near sensor supplies, route sensor grounds to a single point, and add ferrite beads on external lines. For long harnesses use differential sensors or add common-mode chokes. Use series resistance (100–1kΩ) and RC damping on lines susceptible to ringing.

Integration checklist (practical steps): 1) add RC+Schmitt on each mechanical input; 2) implement two-flop synchronizer per async input; 3) implement N-sample or saturating-counter debounce with N based on desired ms; 4) generate single-cycle edge pulses via curr/prev compare; 5) supervise tamper loops with resistor ladder + comparator or ADC thresholds; 6) monitor accelerometers with short-window debounce and axis-magnitude logic; 7) latch and prioritize tamper events and require authenticated reset.

State transitions and timeout/reset behavior on incorrect PIN sequences

Recommendation: implement a three-tier response: single incorrect entry => immediate short penalty (3 s) and clear current input; repeated incorrect attempts => increment failure counter and apply exponential backoff (base penalty 5 s, doubling each subsequent failure, clamp at 300 s); after five failures => enter hard blocked state requiring manual admin reset or a timed cooldown (10 minutes).

States and events

• IDLE
  • Event: KEY_PRESS → action: transition to INPUT, start inter-key timer (5 s)
  • Event: ADMIN_RESET or TIMED_RESET → action: clear fail_count, remain IDLE
• INPUT
  • Event: DIGIT(n) → action: append digit, restart inter-key timer
  • Event: INTER_KEY_TIMEOUT (5 s) → action: clear buffer, transition to IDLE (no increment to fail_count)
  • Event: SEQUENCE_COMPLETE → branch:
    • If match → transition to ACCEPT
    • If mismatch → increment fail_count, compute penalty, transition to PENALTY or BLOCKED
• ACCEPT
  • Action: actuate mechanism pulse (2 s), reset fail_count to 0, clear buffer
  • After pulse → transition to IDLE
• PENALTY
  • Action: disable input, display countdown, inhibit retries
  • Timer: penalty = clamp(base_penalty * 2^(fail_count-1), base_penalty, max_penalty)
  • On timer expiry → clear buffer, transition to IDLE
• BLOCKED
  • Action: disable input permanently until admin action or cooldown
  • Recovery options:
    • ADMIN_RESET event → clear fail_count, transition to IDLE
    • TIMED_RESET timer (600 s) → clear fail_count, transition to IDLE

Timers, counters and implementation notes

• Inter-key timeout: 5 s (adjustable). Expiry clears current entry without incrementing fail_count.
• Base penalty: 5 s. Penalty formula: penalty = min(base_penalty * 2^(fail_count-1), max_penalty). Suggested max_penalty = 300 s.
• Short immediate penalty after single wrong submission: 3 s visual/audible feedback, then apply penalty formula on subsequent wrong submissions.
• Failure threshold: 5 attempts → enter BLOCKED. Block duration: 600 s automatic cooldown OR require ADMIN_RESET to resume immediately.
• Accept action: pulse duration 2 s, during which inputs ignored; set fail_count = 0 on completion.
• Persistence: choose volatile storage to avoid permanent denial after power loss, or NV storage (EEPROM/FRAM) with wear management when persistent anti-brute-force tracking is required.
• Signals/events to expose: KEY_PRESS, DIGIT(n), SEQUENCE_COMPLETE, INTER_KEY_TIMEOUT, PENALTY_EXPIRED, TIMED_RESET, ADMIN_RESET, POWER_ON.
• Error handling: corrupted buffer on power supply glitch → clear buffer and increment no counters; corrupted state detection → force transition to IDLE and require ADMIN_RESET if inconsistent state observed on boot.

Design output drivers: solenoid/servo control, latching mechanism and power sequencing

Use a bistable (latching) solenoid or a hobby/coreless positional servo with dedicated power rails; prefer a bistable coil when hold energy must be near zero because it only needs brief polarity or pulse to change state. Select a coil with pull force ≥10 N and stroke 6–8 mm for typical latch pins; if space is tight choose a miniature latching solenoid rated 5–12 V with coil resistance that gives peak pulse current ≤3 A from your battery.

Dimension MOSFETs and drivers around worst-case coil current: example: 12 V supply, coil 5 Ω → Ipeak ≈2.4 A. Choose a logic‑level N‑channel MOSFET with VDS rating ≥1.5×Vsup (e.g., 30–60 V), RDS(on) ≤30 mΩ to keep conduction dissipation low (Pd ≈ I²·RDS). Use a gate resistor 100 Ω and a 100 kΩ pulldown to ensure default off. If switching a high‑side rail, use a P‑channel MOSFET or a dedicated high‑side driver; for voltages above MCU GPIO range use a gate driver IC or level translator.

For polarity‑reversing latching coils or bidirectional actuators, employ a MOSFET H‑bridge module rated above peak coil current rather than discrete transistors unless you implement shoot‑through protection and dead time. H‑bridge ICs with built‑in current limit and braking simplify design and reduce component count.

Protect against inductive transients with a fast Schottky flyback diode sized for the coil’s peak current (e.g., 5 A, 40 V), or use an RC snubber (100 Ω / 100 nF) across the coil when diode recovery slows actuation. For aggressive transient suppression and EMI control add a unidirectional TVS across the supply (standoff ~Vsup, clamp below MOSFET VDS rating) and place a 0.1 μF ceramic close to the coil driver pins.

Allocate bulk and decoupling capacitance to absorb motor/coil inrush: 470 μF electrolytic or polymer at the driver supply plus 0.1 μF and 1 μF ceramics at the MOSFET gate and MCU rails. For small battery systems use a bulk cap sized to limit voltage droop: Cbulk ≈ ΔI·Δt/ΔV (example: ΔI 2 A, Δt 5 ms, ΔV 0.5 V → C ≈ 20 mF; in practice 470–2200 μF is typical). Add a low ESR series element (fuse or NTC) if inrush current must be limited.

Sequence power so the microcontroller is supervised and drivers remain disabled until supply rails are stable: use a voltage supervisor/reset IC and a load‑switch or P‑channel MOSFET with soft‑start to bring actuator rail up after MCU has passed initialization. Implement a hardware enable line from the MCU to the driver and hold the driver disabled while ADC or comparator measures battery voltage; set undervoltage cutoff thresholds (e.g., 3.0 V for single‑cell Li‑ion) to prevent brownouts during actuation.

For servos: feed them from a separate 5 V regulator capable of the servo’s stall current (typical micro servo stalls 1–2 A). Control with standard PWM (50 Hz, 1–2 ms pulse) but limit continuous hold time and use current sensing (shunt 50–100 mΩ + op‑amp) to detect stalls and cut power if current exceeds threshold. Implement a watchdog to disable the servo drive if PWM anomalies appear.

Integrate feedback for safe mechanical operation: current sensing provides stall detection; a small hall sensor or micro‑switch on the latch pin confirms closed/open state and can be used in software interlocks. Prefer spring‑assisted or gear‑detent latching mechanisms to avoid continuous motor current; magnetic latches or mechanical pawl + spring reduce energy use and thermal stress.

Thermal and EMI protections: place a ferrite bead and LC filter on actuator supply lines, use a polyfuse sized ~1.2× expected continuous current as overcurrent protection, and add temperature monitoring near power MOSFETs. Derate MOSFET continuous current by 25–50% at elevated ambient; plan PCB copper area or small heatsink if dissipations exceed 0.5 W.

Implement fault handling in firmware: inhibit actuators during power sequencing, retry pulses with exponential backoff (e.g., 50 ms, 200 ms, 800 ms) if state‑confirm sensors don’t change, and log repeated failures for maintenance. Tie this logic to a physical tamper or shock sensor path if required.

Product integration notes and related references: if packaging or travel compatibility matters, check options at best luggage sale now and best luggage for sailing trip. For enclosure door/hinge removal and serviceability guidance see are smeg fridge freezer doors removable.

Video: