UHF RFID Articles

What you don't know about UHF RFID tags

With the popularization of UHF RFID applications, more and more problems are encountered in project applications, among which RFID electronic tags have the most problems. How to achieve the best use effect in the actual application of the project, I believe that understanding the common sense of UHF RFID tags will be helpful to you.


Let's take a look at the features that tags and Readers (readers) that conform to the EPC Class1 Gen2 (G2 for short) protocol V109 version should have:


A. What are the states of the label?

After receiving continuous wave (CW) irradiation and power-up (Power-up), the tag can be in Ready (preparation), Arbitrate (judgment), Reply (return order), Acknowledged (response), Open (public), Secured (protection) ), Killed (inactivated) one of the seven states.


1. The read-write state is the state in which the tag that has not been inactivated is powered on and is ready to respond to commands.

2. In the Arbitrate state, it is mainly waiting to respond to commands such as Query.

3. After responding to the Query, enter the Reply state, and further respond to the ACK command to send back the EPC number.

4. After sending back the EPC number, enter the Acknowledged state, and further respond to the Req_RN command.

5. Only when the Access Password is not 0 can enter the Open state, where read and write operations are performed.

6. It is possible to enter the Secured state only when the Access Password is known, and perform operations such as reading, writing, and locking.

7. Tags that enter the Killed state will remain in the same state, and will never generate a modulated signal to activate the RF field, thus permanently ineffective. The inactivated tag should maintain the Killed state in all environments, and enter the inactivated state when it is powered on, and the inactivation operation is irreversible.


Therefore, to make a tag enter a certain state generally requires a set of legal commands in proper order, and in turn each command can only be valid when the tag is in the proper state, and the tag will also go to other states after responding to the command.


B. Which areas are the tag memory divided into?

The tag memory is divided into four independent storage blocks: Reserved (reserved), EPC (electronic product code), TID (tag identification number) and User (user).

Reserved area: Store Kill Password (deactivation password) and Access Password (access password).

EPC area: store EPC number, etc.

TID area: store tag identification number, each TID number should be unique.

User area: store user-defined data.


C. What are the types of commands?

From the function of use, the commands can be divided into three categories: the label Select (selection), Inventory (inventory) and Access (access) commands.

In terms of command architecture and scalability, commands can be divided into four categories: Mandatory (required), Optional (optional), Proprietary (proprietary), and Custom (customized).


D. What are the Select commands?

There is only one selection command: Select, which is a must. Tags have various attributes. Based on the standards and policies set by the user, using the Select command to change some attributes and signs can artificially select or delineate a specific tag group, and only carry out inventory identification or access operations on them. It is beneficial to reduce conflicts and repeated identification, and speed up identification.


E. What are the Inventory commands?

There are five inventory commands, namely: Query, QueryAdjust, QueryRep, ACK, NAK.


1. After the tag receives a valid Query command, each tag that meets the set criteria and is selected will generate a random number (similar to rolling a dice), and each tag with a random number of zero will generate an echo (send back a temporary password RN16 -- a 16-bit random number), and transfer to the Reply state; tags that meet other conditions will change some attributes and signs, thereby exiting the above tag group, which is beneficial to reduce repeated identification.

2. After the tag receives a valid QueryAdjust command, each tag generates a new random number (like re-rolling the dice), and the other is the same as Query.

3. After the tag receives the valid QueryRep command, it only subtracts one from the original random number of each tag in the tag group, and the others are the same as Query.

4. Only simplified tags can receive valid ACK commands (use the above RN16, or handle Handle--a 16-bit random number that temporarily represents the identity of the tag. This is a security mechanism!), after receiving it, send it back The content in the EPC area?? The most basic function of the EPC protocol.

5. After receiving a valid NAK command, the tag will switch to the Arbitrate state except for the status of Ready and Killed.


F. What are the Access commands?

There are eight Access commands, five of which are mandatory: Req_RN, Read, Write, Kill, and Lock. There are three options: Access, BlockWrite, BlockErase.


1. After the tag receives a valid Req_RN (with RN16 or Handle) command, it will send back the handle, or a new RN16, depending on the state.

2. After the tag receives a valid Read (with Handle) command, it sends back the error type code, or the content and handle of the required block.

3. After receiving the valid Write (with RN16 & Handle) command, the tag will send back the error type code, or send back the handle if the writing is successful.

4. After the tag receives a valid Kill (with Kill Password, RN16 & Handle) command, it will send back the error type code, or if the kill is successful, it will send back the handle.

5. After receiving the effective Lock (with Handle) command, the tag will send back the error type code, or send back the handle if the lock is successful.

6. After the tag receives a valid Access (with Access Password, RN16 & Handle) command, it sends back the handle.

7. After the tag receives a valid BlockWrite (with Handle) command, it will send back the error type code, or the handle will be sent back if the block write is successful.

8. After the tag receives a valid BlockErase (with Handle) command, it will send back the error type code, or if the block erase is successful, it will send back the handle.


G. What are the Mandatory commands?

In UHF tags and UHF readers conforming to the G2 protocol, there are eleven necessary commands that should be supported: Select (select), Query (query), QueryAdjust (adjust query), QueryRep (repeat query), ACK (EPC reply), NAK (turn to judgment), Req_RN (random number request), Read (read), Write (write), Kill (inactivation), Lock (lock).


H. What are the optional (Optional) commands?

In UHF tags and UHF readers conforming to the G2 protocol, there are three optional commands: Access (access), BlockWrite (block write), and BlockErase (block erase).


I. What will the Proprietary command be?

Proprietary commands are generally used for manufacturing purposes, such as label internal testing, etc., and such commands should be permanently invalid after the label leaves the factory.


J. What are the custom commands?

It can be a command defined by the manufacturer and open to users. For example, Philips provides commands such as BlockLock (block lock), ChangeEAS (change EAS status), EASAlarm (EAS alarm) and other commands (EAS is Electronic Article Surveillance abbreviation).


What mechanism does K and G2 use to resist conflicts? What are the so-called collisions, and how to resist conflicts?

When there are more than one tag with a random number of zero sending back different RN16s, they will have different RN16 waveforms superimposed on the receiving antenna, which is the so-called collisions (collisions), so they cannot be decoded correctly. There are a variety of anti-collision mechanisms to avoid waveform superposition and deformation, such as trying to (time-division) make only one tag "speak" at a certain time, and then simplify it to identify and read each tag among multiple tags.

The above selection, inventory, and access commands reflect G2’s anti-collision mechanism: Only tags with a random number of zero can be sent back to RN16. Resend the command or combination with the Q prefix to the selected tag group until it can be decoded correctly.


L. Commands such as Access in G2 are optional. What if the tag or UHF reader does not support the optional commands?

If the BlockWrite or BlockErase command is not supported, it can be replaced by the Write command (write 16-bit at a time) several times, because erasing can be considered as writing 0, and the former block write and block erase blocks are several times 16-bit bit, other usage conditions are similar.

If the Access command is not supported, only when the Access Password is 0 can the system enter the Secured state and the Lock command can be used. The Access Password can be changed in the Open or Secured state, and then use the Lock command to lock or permanently lock the Access Password (the pwd-read/write bit is 1, the permalock bit is 0 or 1, refer to the attached table), the label will no longer You can no longer enter the Secured state, and you can no longer use the Lock command to change any locked state.

Only when the Access command is supported, it is possible to use the corresponding command to freely enter all kinds of states. Except that the label is permanently locked or permanently unlocked and refuses to execute certain commands and is in the Killed state, various commands can also be effectively executed.

The Access command stipulated in the G2 protocol is optional, but if the Access command can be made necessary in the future or if the manufacturer supports the Access command for both G2 tags and readers, the control and use will be more comprehensive and flexible .


M. What is the effect of the Kill command in the G2 protocol? Can inactivated tags be reused?

The Kill command is set in the G2 protocol and is controlled by a 32-bit password. After the Kill command is used effectively, the tag will never generate a modulation signal to activate the radio frequency field, thus permanently invalidating it. But the original data might still be in the RFID tags, and if it's not impossible to read them, consider improving the meaning of the Kill command -- wiping the data with it.

In addition, due to the cost of using the G2 label or other reasons within a certain period of time, consideration will be given to the fact that the label can be recycled and reused (for example, the user wants to use the labeled pallet or box, the corresponding EPC number after the content is replaced, the User The content of the area needs to be rewritten; it is inconvenient and expensive to replace or reinstall the label), so it is necessary to have a command that can be rewritten even if the content of the label is permanently locked. Because of the influence of different locking states, only Write, BlockWrite Or BlockErase command, may not be able to rewrite the EPC number, User content or Password (for example, the EPC number of the tag is locked and cannot be rewritten, or it is not locked but the Access Password of the tag is forgotten and the EPC number cannot be rewritten). At this time, a simple and clear Erase command is needed-except for the TID area and its Lock status bit (TID cannot be rewritten after the label leaves the factory), other EPC numbers, Reserved area, User area content and other Lock status bits, even Those that are permanently locked will also be erased for rewriting.

In comparison, the functions of the improved Kill command and the added Erase command are basically the same (including the Kill Password should be used), the only difference is that the former Kill command does not generate modulation signals, which can also be collectively attributed to the parameter RFU carried by the Kill command. Consider different values.


N. Should the tag identification number (TID) be unique? How was it achieved?

The tag identification number TID is a sign of identity distinction between tags. From the perspective of safety and anti-counterfeiting, the label should be unique; from the above, the four storage blocks of the label have their own uses, and some of them can be rewritten at any time after leaving the factory, and TID can take on this role, so the TID of the label should be Unique.

Since the TID is unique, although the EPC code on the label can be copied to another label, it can also be distinguished by the TID on the label, so as to clear the source. This kind of architecture and method is simple and feasible, but attention should be paid to the logic chain to ensure uniqueness.

Therefore, the manufacturer should use the Lock command or other means to act on the TID before leaving the factory to permanently lock it; and the manufacturer or relevant organizations should ensure that the TID of the appropriate length for each G2 chip is unique, and there will be no second TID under any circumstances. For the same TID, even if a G2 tag is in the Killed state and will not be activated for reuse, its TID (still in this tag) will not appear in another G2 tag.


Scan the qr codeclose
the qr code