There are several proprietary LF tags on the market. For these tags the ReadTag and WriteTag commands can be used. Here we describe the operation of standardized tags according ISO/IEC 18000-2. In addition, we describe simple tags with fixed codes or data that can be read only.

LF tags according ISO/IEC 18000-2 have no memory banks. The memory is organized block wise. A block is 32 bits. There may be up to 256 blocks. Maximum memory size is 1024 Bytes This is page 0. But additional memory may be added as pages 1…255.

Tag contain a system memory area with system information consisting of an optional Application Family Identifier (AFI, 1 byte), an optional Data storage format identifier (DSFID, 1 byte).

KillTag

There is no Kill command for LF tags.

LockTag

According ISO/IEC 18000-2 memory blocks can be locked, i.e. write operations to locked blocks are prohibited. Therefore, the State PermanentLock_2 is the only acceptable state. The mapping of the lock type is defined in Table B.1.

Table B.1 – LockType enumeration LF mapping

State

Meaning

Lock_0

not allowed

Unlock_1

not allowed

PermanentLock_2

Read operations to the memory area are allowed without limitation.

Write operations to the memory area are not allowed under any circumstances.

It is not possible to unlock the memory area again.

PermanentUnlock_3

not allowed

The mapping of the LockTag parameters is defined in Table B.2.

Table B.2 – LockTag LF parameter mapping

Command Argument

Description

Identifier

AutoID Identifier according to the device configuration as returned as part of a ScanResult in a scan event or scan method. AFI and mask as part of the UII (0…48 bits) or no value, if no identifier is available.

CodeType

raw data

Password

no password defined

Region

to be set to 0 for memory, to be set to AFI for AFI, to be set to DSFID for DSFID

Lock

PermanentLock_2

Offset

Start address of the memory area [byte counting]. It is up to the user to enter values as multiples of 4 or any other block length.To be set to 0 for AFI or DSFID.

Length

Length of the memory area [byte counting]. It is up to the user to enter values as multiples of 4 or any other block length.To be set to 1 for AFI or DSFID.

Status

Returns the result of the LOCK operation.

The AutoIdOperationStatusEnumeration DataType is defined in 9.2.1.

SetTagPassword

Commands for Change Password and Lock Password are listed in ISO/IEC 18000-2 but are not defined and reserved for future use.

As proprietary LF tags may use password commands this command should be defined here (for example transponder chip EM 4550). For EM 4550 the password is 4 bytes. Further parameters are Protection Word (4 bytes) and Control Word (4 bytes). Password mode must be set in order to read or write Protection Word or Control Word. Password is not used for other read or write operations.

The mapping of the SetTagPassword parameters is defined in Table B.3.

Table B.3 – SetTagPassword LF parameter mapping

Command Argument

Description

Identifier

AutoID Identifier according to the device configuration as returned as part of a ScanResult in a scan event or scan method. AFI and mask as part of the UII or no value, if no identifier is available.

CodeType

raw data

PasswordType

AccessPassword

not applicable

NewPassword

The new password of the tag, if unequal from zero (4 bytes, MSB first).

Status

Returns the result of the SetTagPassword method.

ReadTag

Read and write operations according ISO/IEC 18000-2 are defined for blocks only. It is up to the user to use the correct values for Offset and Length. They must be multiples of 4.

There is a further read command “Get system information”. It reads the system memory block data, i.e. 104 bits = 13 bytes, including UII, AFI and DSFID (see ISO/IEC 18000-2 Table 25).

Region should be set to 0 for data. For UII/TID region should be set to 2. The region mapping is defined in Table B.4.

Table B.4 – ReadTag Region LF mapping

Region

Meaning

0

Read data area of the Tag

1

not allowed

2

TID bank, bank size is tag dependant

3

not allowed

4

Read AFI

5

Read DSFID

An access password is not defined for LF tags.

The mapping of the ReadTag parameters is defined in Table B.17.

Table B.5 – ReadTag LF parameter mapping

Command Argument

Description

Identifier

AutoID Identifier according to the device configuration as returned as part of a ScanResult in a scan event or scan method. AFI and mask as part of the UII or no value, if no identifier is available.

CodeType

raw data

Region

To be set to 0 for memory, to be set to 2 for UII, to be set to 4 for AFI or to be set to 5 for DSFID

Offset

Start address of the memory area [byte counting]. It is up to the user to enter values as multiples of 4 or any other block length.To be set to 0 for AFI or DSFID.

Length

Length of the memory area [byte counting]. It is up to the user to enter values as multiples of 4 or any other block length.To be set to 1 for AFI or DSFID.

Password

no password

ResultData

Returns the requested tag data

Status

Returns the status of the read operation.

ISO/IEC 18000-2 describes a system with read/write tags. In addition, there are many RFID systems on the market with read only transponders (ROM). Tags store only a fixed code that is factory programmed, or the user programs it himself (WORM). Such tags will be red with a read command. Region will be set to 0. Length will be set to 0 as well as the length of data cannot be changed.

WriteTag

Read and write operations according ISO/IEC 18000-2 are defined for blocks only. It is up to the user to use the correct values for Offset and Length. They must be multiples of 4.

There is a further write command “Write system data”. It writes the AFI (1 byte) or the DSFID (1 byte).

Region should be set to 0 for data. For UII/TID region should be set to 2. The region mapping is defined in Table B.6.

Table B.6 – WriteTag Region LF mapping

Region

Meaning

0

Write data area of the Tag

1

not allowed

2

TID bank, bank size is tag dependant

3

not allowed

4

Write AFI

5

Write DSFID

The length of the data is defined by the data itself.

The mapping of the WriteTag parameters is defined in Table B.7.

Table B.7 – WriteTag LF parameter mapping

Command Argument

Description

Identifier

AutoID Identifier according to the device configuration as returned as part of a ScanResult in a scan event or scan method. AFI and mask as part of the UIIor no value, if no identifier available

CodeType

raw data

Region

to be set to 0 for memory, to be set to 4 for AFI, to be set to 5 for DSFID

Offset

Start address of the memory area [byte counting]. It is up to the user to enter values as multiples of 4 or any other block length.To be set to 0 for AFI or DSFID.

Data

Data to be written

Password

no password

Status

Returns the status of the read operation.

For HF few standards have to be considered. ISO/IEC 18000-3 defines three HF RFID systems as Modes 1, 2 and 3. Mode 1 is based on ISO/IEC 15693 and common in use. Mode 2 is far less important and rarely used. Mode 3 is based on the memory and command structures of ISO/IEC 18000-63. Further, the standard ISO/IEC 14443 is prevalently in use for identification cards. NFC transponders are transponders using the ISO/IEC 14443 (type 1, 2 and 4 tags) standard or the ISO/IEC 15693 standard (type 5 tags). NFC tags can be accessed with the same commands as ISO/IEC 14443 tags.

Commands and memory structures follow the above described standards ISO/IEC 18000-2 for LF tags.

This standard copies the commands and memory structure of the UHF standards ISO/IEC 18000-63. The HF standard is less complex as the UHF standards. For example, ISO/IEC 18000-3 Mode 3 defines only a subset of 5 error codes compared to 14 error codes defined in ISO/IEC 18000-63.

All definitions from B.3 apply.

Memory structure may be reduced compared to ISO/IEC 18000-63. Reserved memory (MB 00) may be absent, when no passwords are needed. UII memory (MB 01) may be as small as 32 bits. Maximum size is 464 bits. TID memory (MB 10) has at least an 8-bit ISO/IEC 15963 allocation class identifier and further identifying information for unique identification. User memory (MB 11) is optional. For the operation of the tag it is the same memory structure as ISO/IEC 18000-63.

This standard defines an UID of 4, 7 or 10 bytes (ISO/IEC 14443-3). Further memory structures are not defined in parts 1 to 4. UID shall be accessed as Region 2.

Again, this standard is similar to the LF standard above and the same commands shall be used.

KillTag

For RFID Readers working on ISO/IEC 18000-63 UHF transponders, KillTag invokes a Kill procedure to the specified transponder according to [EPCGen2] to permanently disable the tag.

The transponder (tag) can only be disabled, if the kill password stored in bits 00h .. 1Fh in bank 00 of the tag's memory is different from zero AND the KillPassword parameter given matches the tag's stored value.

For Version 1.x of the EPC Global standard, both passwords (Kill and Access) are 32-bit values, represented as 4 bytes in a Byte String parameter (MSB first).

The mapping of the KillTag parameters is defined in Table B.8.

Table B.8 – KillTag UHF parameter mapping

Command Argument

Description

Identifier

The Identifier (i.e. the EPC code) of the tag to be disabled in a data type the RFID reader understands. Usually the reader will accept at least the same type that the reader provides in his own ScanResult and the UID as a Byte String, but may also accept other data types.

If a ScanDataEPC structure according to 9.3.6 is used, only the UId field needs to contain valid data.

CodeType

A string defining the type of Identifier used in "Identifier" argument, see 9.1.3, for example "EPC" or "UID"

KillPassword

The kill password of the tag (4 bytes)

Status

Return value indicating the success of the kill procedure.

LockTag

For RFID Readers working on ISO/IEC 18000-63 UHF transponders, LockTag can set the lock status of a memory region.

Lockable memory regions are:

- the kill password

- the access password

- the (complete) EPC memory bank

- the (complete) TID memory bank

- the (complete) User memory bank

The kill and the access password can be set to one of the states defined in Table B.9 (see 9.2.4).

Table B.9 – LockStateTag UHF mapping

State

Meaning

Lock_0

Read and write operations to the password area are only possible with the correct access password of the tag.

Unlock_1

Read and write operations to the password area are allowed without knowing the access password of the tag.

PermanentLock_2

Read and write operations to the password area are not allowed under any circumstances.

It is not possible to unlock the password area again (except by re-commissioning the tag).

PermanentUnlock_3

Read and write operations to the password area are allowed without knowing the access password of the tag.

It is not possible to lock the password area again (except by re-commissioning the tag).

The EPC, TID and User memory banks can be set to one of these states defined in Table B.10 (see 9.2.4).

Table B.10 – Special LockState UHF mapping

State

Meaning

Lock_0

Read operations to the memory bank are allowed without knowing the access password of the tag.

Write operations to the memory bank area are only possible with the correct access password of the tag.

Unlock_1

Read and write operations to the memory bank are allowed without knowing the access password of the tag.

PermanentLock_2

Read operations to the memory bank are allowed without knowing the access password of the tag.

Write operations to the memory bank are not allowed under any circumstances.

It is not possible to unlock the memory bank again (except by re-commissioning the tag).

PermanentUnlock_3

Read and write operations to the memory bank are allowed without knowing the access password of the tag.

It is not possible to lock the memory bank again (except by re-commissioning the tag).

Since it is not possible to lock or unlock specific memory addresses, Offset and Length parameters shall be set to zero for UHF devices.

The mapping of the LockTag parameters is defined in Table B.11.

Table B.11 – LockTag UHF parameter mapping

Command Argument

Description

Identifier

The Identifier (i.e. the EPC code) of the tag to be locked or unlocked in a data type the RFID reader understands. Usually the reader will accept at least the same type that the reader provides in his own ScanResult and the UID as a Byte String but may also accept other data types.

If a ScanDataEPC structure according to 9.3.6 is used, only the UId field needs to contain valid data.

CodeType

A string defining the type of Identifier used in "Identifier" argument, see 9.1.3, for example "EPC" or "UID"

Password

(optional) The access password of the tag, if unequal from zero (4 bytes, MSB first).

Region

Bank of the memory area to be accessed

The RfidLockRegionEnumeration DataType is defined in 9.2.5.

Lock

Specifies the lock action like write/read protection, permanently.

The RfidLockOperationEnumeration DataType is defined in 9.2.4.

Offset

0 for UHF tags

Length

0 for UHF tags

Status

Returns the result of the LOCK operation

SetTagPassword

For RFID Readers working on ISO/IEC 18000-63 UHF transponders, the SetTagPassword method can set either the access password or the kill password of a UHF transponder.

Only the values defined in Table B.12 are allowed from the RfidPasswordTypeEnumeration DataType as defined in 9.2.6.

Table B.12 – Password type UHF mapping

Allowed Value

Description

Access_0

Access password

Kill_1

Kill password

Other values are currently not defined for UHF readers.

For Version 1.x of the EPC Global standard, both passwords (Kill and Access) are 32-bit values, represented as 4 bytes in a Byte String parameter (MSB first).

Passwords can only be altered when they are not locked (see LockTag command).

The mapping of the SetPassword parameters is defined in Table B.13.

Table B.13 – SetPassword UHF parameter mapping

Command Argument

Description

Identifier

The Identifier (i.e. the EPC code) of the tag whose password is to be set in a data type the RFID reader understands. Usually the reader will accept at least the same type that the reader provides in his own ScanResult and the UID as a Byte String, but may also accept other data types.

If a ScanDataEPC structure according to 9.3.6 is used, only the UId field needs to contain valid data.

CodeType

A string defining the type of Identifier used in "Identifier" argument, see 9.1.3, for example "EPC" or "UID"

PasswordType

Either Access_0 or Kill_1, the type of password to be changed

AccessPassword

(optional) The current access password of the tag, if unequal from zero (4 bytes, MSB first).

NewPassword

The new access or kill password of the tag, if unequal from zero (4 bytes, MSB first).

Status

Returns the result of the SetTagPassword method.

ReadTag

For RFID Readers working on ISO/IEC 18000-63 UHF transponders, the ReadTag method can read the raw data of any memory bank of a single UHF transponder.

The address range to be read can be the complete bank or a continuous part of the bank. All addresses from Offset to Offset+Length-1 must be inside the bank's memory area.

The Region parameter denominates the bank from which data is to be read. The values are defined in Table B.14.

Table B.14 – Region ReadTag UHF mapping

Region

Meaning

0

Reserved bank (Kill and Access passwords), usually 8 byte size

1

EPC bank, bank size is tag dependant

2

TID bank, bank size is tag dependant

3

USER data bank, bank size is tag dependant

Other values are currently not defined for UHF readers.

An access password may be required to read from bank 0. See description of LockTag method.

The mapping of the ReadTag parameters is defined in Table B.15.

Table B.15 – ReadTag UHF parameter mapping

Command Argument

Description

Identifier

The Identifier (i.e. the EPC code) of the tag whose password is to be set in a data type the RFID reader understands. Usually the reader will accept at least the same type that the reader provides in his own ScanResult and the UID as a Byte String, but may also accept other data types.

If a ScanDataEPC structure according to 9.3.6 is used, only the UId field needs to contain valid data.

CodeType

A string defining the type of Identifier used in "Identifier" argument, see 9.1.3, for example "EPC" or "UID"

Region

The memory bank to be read 0, 1, 2 or 3.

Offset

Start address inside the memory bank [0-based byte counting]

Length

Number of bytes to be read.

Password

(optional) The current access password of the tag, if unequal from zero (4 bytes, MSB first).

ResultData

Returns the requested tag data

Status

Returns the status of the read operation.

WriteTag

For RFID Readers working on ISO/IEC 18000-63 UHF transponders, the WriteTag method can alter the raw data of any memory bank of a single UHF transponder.

The Region parameter denominates the bank to which data is to be written. The values are defined in Table B.16.

Table B.16 – Region WriteTag UHF mapping

Region

Meaning

0

Reserved bank (Kill and Access passwords), usually 8 byte size

1

EPC bank, bank size is tag dependant

2

TID bank, bank size is tag dependant

3

USER data bank, bank size is tag dependant

Other values are currently not defined for UHF readers.

Memory banks may be write protected completely or an access password may be required to write, see LockTag method for details.

The length of the data is defined by the data itself.

The address range to be written can be the complete bank or a continuous part of the bank. All addresses from Offset to Offset+(length of data)-1 must be inside the bank's memory area.

The mapping of the WriteTag parameters is defined in Table B.17.

Table B.17 – WriteTag UHF parameter mapping

Command Argument

Description

Identifier

The Identifier (i.e. the EPC code) of the tag whose password is to be set in a data type the RFID reader understands. Usually the reader will accept at least the same type that the reader provides in his own ScanResult and the UID as a Byte String, but may also accept other data types.

If a ScanDataEPC structure according to 9.3.6 is used, only the UId field needs to contain valid data.

CodeType

A string defining the type of Identifier used in "Identifier" argument, see 9.1.3, for example "EPC" or "UID"

Region

The memory bank to be written 0, 1, 2 or 3.

Offset

Start address inside the memory bank [0-based byte counting]

Data

Data to be written

Password

(optional) The current access password of the tag, if unequal from zero (4 bytes, MSB first).

Status

Returns the status of the read operation.