Home   |   Company news

Company news

The Commands About RFID EPC Class1 Gen2 Tags

The RFID tags and the read-write (Reader) which conform to the EPC Class1 Gen2 (G2) protocol version V109 should have the following characteristics.

I. Tag memory partition
Tag memory is divided into Reserved (Reserved), EPC (Electronic Product Code), TID (Tag Identification Number) and User (User) four independent Bank (storage block).
Reserved: stores the Kill Password and Access Password.
EPC: stores the EPC number etc.
TID: stores the tag identification number, each TID number should be unique.
User: stores the user defined data.
In addition, there are also Lock status bits for each block, which are also used to store units of this nature.

Second, the state of the tag
After receiving a CW irradiation power-up, the tag can be in one of seven states: Ready, Arbitrate, Reply, Acknowledged, Open, Secured or Killed.
The Ready state is the state in which a tag that has not been inactivated starts to respond to commands after it has been powered up.
The Arbitrate state is mainly for waiting for a response to a command such as a Query.
After responding to the Query, it enters the Reply state and further responds to the ACK command to send back the EPC number.
After the EPC number is sent back, it enters the Acknowledged state and can further respond to the Req_RN command.
Only when the Access Password is not 0 can you enter the Open state, where you can perform read and write operations.
Only when the Access Password is known can the tag enter the Secured state, where it can perform read, write and lock operations.
A tag that has entered the Killed state will remain in the same state and will never generate a modulation signal to activate the RF field, thus permanently deactivating it. Inactivated tags should remain in the Killed state in all environments and enter the Inactivated state upon power-up, and the inactivation operation is irreversible.
A set of legal commands in the appropriate order is generally required to bring a tag into a certain state, and in turn each command can only be valid if the tag is in the appropriate state, and the tag will move to another state in response to the command.

III. Command classification
From the perspective of command architecture and extensibility, they are divided into four categories: Mandatory, Optional, Proprietary and Custom.
From the point of view of the use of function, divided into the label Select (selection), Inventory (inventory) and Access (access) command three categories, in addition to the command for future expansion, set aside a different length of the code to be used.

IV. Mandatory commands
Conforms to the G2 protocol label and the read-write, should support the necessary command has 11 one.
ACK (EPC reply)
NAK(Steering cut)
Req_RN(Random Number Request)

V. Optional commands
For tags and readers that comply with the G2 protocol, there are three optional commands: Access, BlockWrite and BlockErase.

VI. Proprietary (Proprietary) commands
Proprietary commands are generally used for manufacturing purposes, such as internal testing of labels, etc. Such commands should be permanently disabled after the label is shipped.

Customised (Custom) commands
The commands can be defined by the manufacturer and open to the user, for example, Philips provides BlockLock, ChangeEAS, EASAlarm and other commands (EAS is the abbreviation for Electronic Article Surveillance, a system for preventing theft of goods). (abbreviation of Electronic Article Surveillance).

Eight, from a functional point of view: Select (Select) class command
There is only one: Select, which is essential. Tags have a variety of attributes, based on the criteria and strategies set by the user, the use of Select command, change certain attributes and signs artificially selected or circled a specific group of tags, you can only inventory them to identify or access operations, so as to help reduce conflicts and repeat identification, speed up the identification speed.

Nine, from a functional point of view: Inventory (Inventory) class command
There are five of them: Query, QueryAdjust, QueryRep, ACK, NAK, all of which are necessary.

1、After the tag receives a valid Query command, each tag that meets the set criteria is selected to generate a random number (similar to a dice roll), while each tag with a random number of zero will generate a reverberation (send back a temporary password RN16, a 16-bit random number) and move to the Reply state; tags that meet some other conditions will change certain attributes and flags, thus exiting the above tag group, which helps to reduce duplicate identification.
2. When a tag receives a valid QueryAdjust command, each tag generates a new random number (like a reroll of a die), otherwise the same as Query.
3. When a tag receives a valid QueryRep command, only the original random number of each tag in the tag group is subtracted by one, otherwise it is the same as Query.
4, only a single tag can receive a valid ACK command (using the above RN16, or handle Handle, a 16-bit random number temporarily representing the identity of the tag, this is a security mechanism), received back to the contents of the EPC area, the most basic function of the EPC protocol.
5、After receiving a valid NAK command, the tag will remain in the original state except for Ready and Killed, and in all other cases it will switch to Arbitrate state.

X. From a functional point of view: Access commands
There are five necessary commands: Req_RN, Read, Write, Kill, Lock, and three optional ones: Access, BlockWrite, BlockErase.

1. The tag receives a valid Req_RN (with RN16 or Handle) command and sends back a handle, or a new RN16, depending on the status.
2、After receiving a valid Read(with Handle) command, the tag sends back the error type code, or the content and handle of the requested block.
3、After the tag receives a valid Write(with RN16 & Handle) command, it sends back the error type code, or the handle if the write is successful.
4、After the tag receives a valid Kill(with Kill Password, RN16 & Handle) command, it sends back the error type code, or sends back the handle if the inactivation is successful.
5、After the tag receives a valid Lock(with Handle) command, it sends back the error type code, or sends back the handle if the lock is successful.
6、After receiving a valid Access(with Access Password, RN16 & Handle) command, the tag sends back the handle.
7、After receiving a valid BlockWrite(with Handle) command, the tag sends back the error type code, or sends back the handle if the block write is successful.
8、After the tag receives a valid BlockErase(with Handle) command, it sends back the error type code, or sends back the handle if the block is erased successfully.

XI. What mechanism does G2 use to avoid conflicts
As mentioned in the above answer, when more than one tag with a random number of zeroes each sends back different RN16s, the waveforms of different RN16s will be iterated on the receiving antenna, which is also known as collisions, and thus cannot be decoded correctly. There are various anti-collision mechanisms to avoid waveform iteration distortion, such as trying to (time division) make only one tag "speak" at a given moment, and then singularise the process so that each of the multiple UHF RFID tags can be identified and read.
The three Q commands above reflect G2's anti-collision mechanism: only tags with zero random numbers are sent back to RN16, and if there are multiple tags with zero random numbers at the same time that cannot be decoded correctly, the Q commands are strategically re-sent or combined to the selected group of tags until they can be decoded correctly.

XII. How to achieve the uniqueness of the tag identification number (TID)
Tag identifier (TID) is a mark of identity differentiation between tags (analogous to the numbering of banknotes). For security and anti-counterfeiting reasons, no two G2 tags should be identical and the tags should be unique. Each of the four memory blocks of the label has its own purpose, and some can be rewritten at any time after leaving the factory, so only the TID should be able to take on this role.

The manufacturer of the G2 chip should use the Lock command or other means to act on the TID before leaving the factory, so that it is permanently locked, and the manufacturer or the organisation concerned should ensure that the TID of each G2 chip of the appropriate length is unique and that there will not be a second TID of the same length under any circumstances, even if a G2 tag is in the Killed state and will not be activated for reuse, its TID (still in this tag) will not appear in another G2 tag.

This way, as the TID is unique, although the EPC code on the label can be copied to another label, it can be distinguished by the TID on the label, thus clearing up the origin. This architecture and method is simple and feasible, but care must be taken to ensure a logical chain of uniqueness.

The G2 protocol, version V109, specifies that the TID must be 32-bit only (including 8-bit allocation class identifier, 12-bit tag mask-designer identifier, 12-bit tag model number), and for more bits, such as SNR (serial number) is a tag may contain rather than should, but since EPC numbers are designed to be used to distinguish individual items, 32-bit is probably not sufficient and should have SNR.

Kill commands in the G2 protocol
The G2 protocol sets up the Kill command and controls it with a 32-bit password. After effective use of the Kill command the tag will never generate a modulation signal to activate the RF field, thus permanently deactivating it. However, the original data may still be in the tag and it is not completely impossible to read them, so consider improving the meaning of the Kill command - to erase them incidentally.

In addition, for a certain period of time, due to the cost of using G2 tags or other reasons, it is necessary to take into account the fact that tags can be recycled and reused (e.g. users have to turn around pallets and boxes with tags, the contents have to be changed and the corresponding EPC numbers and User area contents have to be rewritten; it is expensive and inconvenient to replace or remount the tags, etc.), so that the contents of tags can be rewritten even if they are permanently locked. Because of the different locking states, it is not always possible to rewrite the EPC number, User content or Password with the Write or BlockWrite, BlockErase commands (e.g. if the tag's EPC number is locked and thus cannot be rewritten, or if it is not locked but the tag's Access Password has been forgotten and cannot be rewritten). EPC number). This created a need for a simple and clear Erase command - except for the TID area and its Lock status bits (the TID cannot be rewritten after the tag is shipped), the contents of the EPC number, Reserved area, User area and other Lock status bits, even if they are permanently locked, will all be erased for rewriting.

In comparison, the improved Kill command and the increased Erase command function is basically the same (including should all use Kill Password), the difference only lies in the former Kill command makes no modulation signal, so that can also be unified to the different values of the parameter RFU brought by the Kill command to consider.

Fourteen, the label or reader does not support the optional (Access) and other commands how to do?
If BlockWrite or BlockErase command is not supported, it can be completely replaced by Write command (a write 16-bit) used several times more, because erase can be considered as write 0, the former block write, block erase block is several times the 16-bit, other conditions of use are similar.

If the Access command is not supported, only if the Access Password is 0 can the Secured state be entered and the Lock command can be used. If the Access Password can be changed in either the Open or Secured state, and then the Access Password is locked or permanently locked using the Lock command (pwd-read/write bit is 1, permalock bit is 0 or 1, refer to the attached table), the tag can no longer enter the Secured state, and The Lock command can no longer be used to change any lock status.

If the Access command is supported, it is possible to use the corresponding command to freely enter all states, and to execute commands effectively, except when the tag is permanently locked or permanently unlocked and refuses to execute certain commands or is in the Killed state.

Contact Us


Add: Room 405, Building No.11, Donghai Taihe Plaza, Fengze District, Quanzhou 362000, China.

Tel: 0595-22586002

Email: sales@seikorfid.com

Phone: +86-18559272337 (WhatsApp)