The commands about RFID EPC Class1 Gen2 RFID tags 2021-06-03
RFID tags (Tag) and readers (Reader) that comply with the EPC Class1 Gen2 (G2) protocol version V109 should have the following characteristics:

1. Tag memory partition

Tag memory is divided into four independent banks (reserved), EPC (electronic product code), TID (tag identification number) and User (user).

Reserved: Store Kill Password (kill password) and Access Password (access password).

EPC: Store EPC numbers, etc.

TID: Store tag identification number, each TID number should be unique.

User: Store user-defined data.

In addition, there are also storage units used in the Lock (lock) status bits of each block.

Second, the status of the label

After receiving continuous wave (CW) irradiation and power-up (Power-up), the label can be in Ready (prepare), Arbitrate (cut), Reply (return order), Acknowledged (response), Open (public), Secured (protect) , Killed (inactivated) one of the seven states.

The Ready state is the state in which the label that has not been inactivated is powered on, ready to respond to commands.

The Arbitrate state is mainly for waiting to respond to commands such as Query.

After responding to the Query, it enters the Reply state, and further responds to the ACK command to send back the EPC number.

After sending back the EPC number, it enters the Acknowledged state, and can further respond to the Req_RN command.

The Access Password is not 0 to enter the Open state, and read and write operations are performed here.

Only when the Access Password is known can it enter the Secured state and perform operations such as reading, writing, and locking.

The tag entering the Killed state will remain in the same state, and will never generate a modulated signal to activate the radio frequency field, thereby permanently invalidating it. The inactivated tags should maintain the Killed state in all environments, and enter the inactivated state when powered on, and the inactivation operation is irreversible.

To make the tag enter a certain state, a set of legal commands in the proper order are generally required. In turn, each command can only be effective when the tag is in the proper state, and the tag will also switch to other states after responding to the command.

Three, command classification

From the perspective of command system architecture and scalability, it is divided into four categories: Mandatory (required), Optional (optional), Proprietary (proprietary) and Custom (customized).

From the point of view of usage function, it is divided into three types of label Select (select), Inventory (inventory) and Access (access) commands. In addition, for future command expansion, codes of different lengths are reserved for use.

Fourth, the necessary (Mandatory) command

Labels and readers that conform to the G2 protocol should support eleven necessary commands:



QueryAdjust (adjust query)

QueryRep (repeat query)

ACK (EPC reply)

NAK (turn to judgment)

Req_RN (random number request)



Kill (inactivate)


Five, optional (Optional) command

For tags and readers that comply with the G2 protocol, there are three optional commands: Access, BlockWrite, and BlockErase.

Six, proprietary (Proprietary) commands

Proprietary commands are generally used for manufacturing purposes, such as internal label testing. Such commands should be permanently invalid after the label leaves the factory.

Seven, customized (Custom) command

It can be a command defined by the manufacturer and open to users. For example, Philips provides: BlockLock (block lock), ChangeEAS (change EAS status), EASAlarm (EAS alarm) and other commands (EAS is a commodity electronic anti-theft system Electronic Article Abbreviation for Surveillance).

8. From a functional point of view: select (Select) commands

There is only one: Select, which is necessary. Tags have a variety of attributes. Based on the standards and strategies set by the user, use the Select command to change some attributes and signs. A specific tag group can be selected or delineated. You can only perform inventory recognition or access operations on them. Conducive to reducing conflicts and repeated identification, speeding up identification.

Nine, from a functional point of view: inventory (Inventory) commands

There are five: Query, QueryAdjust, QueryRep, ACK, NAK, all of which are necessary.

1. After the tag receives a valid Query command, each tag that meets the set criteria and is selected will generate a random number (similar to a dice roll), and each tag with a random number of zero will generate a response (temporary password RN16 will be sent back) , A 16-bit random number), and transfer to the Reply state; tags that meet other conditions will change certain attributes and signs, thereby exiting the above-mentioned tag group, which is beneficial to reduce repeated identification.

2. After the tags receive a valid QueryAdjust command, each tag generates a new random number (like rerolling a dice), and the rest is the same as Query.

3. After the tag receives a valid QueryRep command, it only subtracts one from the original random number of each tag in the tag group, and the others are the same as Query.

4. Only singular tags can receive a valid ACK command (using the above RN16, or Handle, a 16-bit random number temporarily representing the identity of the tag, which is a security mechanism), and send it back to the EPC area after receiving it The content, the most basic function of the EPC protocol.

5. After the tag receives a valid NAK command, it will go to the Arbitrate state in other situations except for the Ready and Killed state.

10. From a functional point of view: Access commands

There are five necessary: Req_RN, Read, Write, Kill, Lock, and three optional: Access, BlockWrite, BlockErase.

1. After the tag receives a valid Req_RN (with RN16 or Handle) command, it sends back the handle, or a new RN16, depending on the status.

2. After the tag receives a valid Read (with Handle) command, it sends back the error type code, or the content and handle of the requested block.

3. After the tag receives a valid Write (with RN16 & Handle) command, it will send back the error type code, or if the write succeeds, it will send back the handle.

4. After the tag receives a valid Kill (with Kill Password, RN16 & Handle) command, it will send back the error type code, or the handle will be sent back if the inactivation is successful.

5. After the tag receives a valid Lock (with Handle) command, it will send back the error type code, or the handle will be sent back if the lock is successful.

6. After the tag receives a valid Access (with Access Password, RN16 & Handle) command, it sends back the handle.

7. After the tag receives a valid BlockWrite (with Handle) command, it will send back the error type code, or if the block is successfully written, it will send back the handle.

8. After the tag receives a valid BlockErase (with Handle) command, it will send back the error type code, or if the block erase is successful, it will send back the handle.

11. What mechanism does G2 use to avoid conflicts?

As mentioned in the above answer, when more than one tag with a random number of zero is sent back to a different RN16, they will have different RN16 waveforms superimposed on the receiving antenna, which is called collisions, and thus cannot be decoded correctly. There are a variety of anti-collision mechanisms to avoid overlapping and deformation of the waveform, such as trying to (time division) make only one tag "speak" at a time, and then singularize it to identify and read each of the multiple UHF RFID tags. .

The above three Q header commands reflect the anti-collision mechanism of G2: the tag with a random number of zero can be sent back to RN16. If there are multiple tags with a random number of zero at the same time and cannot be decoded correctly, the Q word should be retransmitted strategically The command or combination of the header is given to the selected tag group until it can be decoded correctly.

12. How to achieve the uniqueness of the tag identification number (TID)

The tag identification number TID (Tag identifier) is a sign of identity distinction between tags (it can be analogous to the number of a banknote). From the perspective of security and anti-counterfeiting, any two G2 labels should not be exactly the same, and the labels should be unique. Each of the four storage blocks of the tag is useful, and some of them can be rewritten at any time after leaving the factory. Only the TID should be able to perform this task, so the TID of the tag should be unique.

Before leaving the factory, the manufacturer of the G2 chip should use the Lock command or other means to act on the TID to make it permanently locked, and the manufacturer or relevant organization should ensure that the TID of the appropriate length of each G2 chip is unique, and there will be no third Two identical TIDs, even if a G2 tag is in the Killed state and will not be activated and used again, its TID (still in this tag) will not appear in another G2 tag.

In this way, because the TID is unique, although the EPC code on the label can be copied to another label, it can also be distinguished by the TID on the label, so that the original is clear. This kind of structure and method is simple and feasible, but pay attention to the logical chain that guarantees uniqueness.

The V109 version of the G2 protocol requires only 32-bit (including 8-bit allocation class identifier, 12-bit tag mask-designer identifier, and 12-bit tag model number) for TID. For more bits, For example, SNR (serial number) is Tags may contain instead of should. However, since the EPC number is designed to be used to distinguish a single product, 32-bit is probably not enough, and it should have SNR.

13. Kill command in G2 protocol

The G2 protocol sets up the Kill command and uses a 32-bit password to control it. After the Kill command is used effectively, the tag will never generate a modulation signal to activate the radio frequency field, which is permanently invalid. But the original data may still be in the tag. If you want to read them, it is not completely impossible. You can consider improving the meaning of the Kill command-and erase the data.

In addition, in a certain period of time, due to the cost of using G2 tags or other reasons, consideration will be given to the recycling and reuse of tags (such as users who want to use tagged pallets and boxes in turn, and the corresponding EPC number, User The content of the area needs to be rewritten; it is expensive, inconvenient, etc. to replace or re-attach the label. It requires a command that can be rewritten even if the content of the label is permanently locked. Because of the influence of different lock states, only Write or BlockWrite , BlockErase command may not be able to rewrite the EPC number, User content or Password (for example, the EPC number of a tag is locked so that it cannot be rewritten, or it is not locked but the Access Password of this tag is forgotten and cannot be rewritten). This creates a requirement that requires a simple and clear Erase command--except for the TID area and its Lock status bit (TID cannot be rewritten after the label leaves the factory), other EPC numbers, the contents of the Reserved area, the User area and other Lock states Bits, even if they are permanently locked, will all be erased in preparation for rewriting.

In comparison, the improved Kill command and the added Erase command have basically the same functions (including Kill Password should both be used). The only difference is that the former Kill command does not generate a modulation signal, which can also be unified to the parameter RFU carried by the Kill command. Different values are considered.

14. What should I do if the tag or reader does not support optional (Access) commands?

If the BlockWrite or BlockErase command is not supported, it can be replaced by the Write command (write 16-bit at a time) several times, because erasing can be regarded as writing 0. The former block write and block erase are several times 16-bit. bit, other conditions of use are similar.

If the Access command is not supported, only when the Access Password is 0, can the Secured state be entered and the Lock command can be used. You can change the Access Password in the Open or Secured state, and then use the Lock command to lock or permanently lock the Access Password (the pwd-read/write bit is 1, the permalock bit is 0 or 1, refer to the attached table), the label will no longer be Cannot enter the Secured state, and can no longer use the Lock command to change any locked state.

If the Access command is supported, it is possible to use the corresponding command to freely enter all the various states. In addition to the label being permanently locked or permanently unlocked and refusing to execute certain commands and being in the Killed state, it is also possible to effectively execute each command.

    compartir a :

Nuevos productos

Derechos de autor © Shenzhen Meihe Induction Technology Co. Ltd. todos los derechos reservados. energizado por / Mapa del sitio / XML / Política De Privacidad

Bienvenido a Meihe
Si tiene alguna pregunta o requisito, por favor déjenos un mensaje, le responderemos en 1 hora durante nuestro tiempo de trabajo. contáctenos para muestras gratis y sugerencias gratis.

Página de inicio


acerca de