Annex B (informative): Mapping to RFID technologies
B.1 LF
There are several proprietary LF tags on the market. For these tags the ReadTag and WriteTag commands can be used. Here we describe the operation of standardized tags according ISO/IEC 18000-2. In addition, we describe simple tags with fixed codes or data that can be read only.
LF tags according ISO/IEC 18000-2 have no memory banks. The memory is organized block wise. A block is 32 bits. There may be up to 256 blocks. Maximum memory size is 1024 Bytes This is page 0. But additional memory may be added as pages 1…255.
Tag contain a system memory area with system information consisting of an optional Application Family Identifier (AFI, 1 byte), an optional Data storage format identifier (DSFID, 1 byte).
KillTag
There is no Kill command for LF tags.
LockTag
According ISO/IEC 18000-2 memory blocks can be locked, i.e. write operations to locked blocks are prohibited. Therefore, the State PermanentLock_2 is the only acceptable state. The mapping of the lock type is defined in Table B.1.
| State | Meaning |
| Lock_0 | not allowed |
| Unlock_1 | not allowed |
| PermanentLock_2 | Read operations to the memory area are allowed without limitation. Write operations to the memory area are not allowed under any circumstances. It is not possible to unlock the memory area again. |
| PermanentUnlock_3 | not allowed |
The mapping of the LockTag parameters is defined in Table B.2.
| Command Argument | Description |
| Identifier | AutoID Identifier according to the device configuration as returned as part of a ScanResult in a scan event or scan method. AFI and mask as part of the UII (0…48 bits) or no value, if no identifier is available. |
| CodeType | raw data |
| Password | no password defined |
| Region | to be set to 0 for memory, to be set to AFI for AFI, to be set to DSFID for DSFID |
| Lock | PermanentLock_2 |
| Offset | Start address of the memory area [byte counting]. It is up to the user to enter values as multiples of 4 or any other block length. To be set to 0 for AFI or DSFID. |
| Length | Length of the memory area [byte counting]. It is up to the user to enter values as multiples of 4 or any other block length. To be set to 1 for AFI or DSFID. |
| Status | Returns the result of the LOCK operation. The AutoIdOperationStatusEnumeration DataType is defined in 9.2.1. |
SetTagPassword
Commands for Change Password and Lock Password are listed in ISO/IEC 18000-2 but are not defined and reserved for future use.
As proprietary LF tags may use password commands this command should be defined here (for example transponder chip EM 4550). For EM 4550 the password is 4 bytes. Further parameters are Protection Word (4 bytes) and Control Word (4 bytes). Password mode must be set in order to read or write Protection Word or Control Word. Password is not used for other read or write operations.
The mapping of the SetTagPassword parameters is defined in Table B.3.
| Command Argument | Description |
| Identifier | AutoID Identifier according to the device configuration as returned as part of a ScanResult in a scan event or scan method. AFI and mask as part of the UII or no value, if no identifier is available. |
| CodeType | raw data |
| PasswordType | |
| AccessPassword | not applicable |
| NewPassword | The new password of the tag, if unequal from zero (4 bytes, MSB first). |
| Status | Returns the result of the SetTagPassword method. |
ReadTag
Read and write operations according ISO/IEC 18000-2 are defined for blocks only. It is up to the user to use the correct values for Offset and Length. They must be multiples of 4.
There is a further read command “Get system information”. It reads the system memory block data, i.e. 104 bits = 13 bytes, including UII, AFI and DSFID (see ISO/IEC 18000-2 Table 25).
Region should be set to 0 for data. For UII/TID region should be set to 2. The region mapping is defined in Table B.4.
| Region | Meaning |
| 0 | Read data area of the Tag |
| 1 | not allowed |
| 2 | TID bank, bank size is tag dependant |
| 3 | not allowed |
| 4 | Read AFI |
| 5 | Read DSFID |
An access password is not defined for LF tags.
The mapping of the ReadTag parameters is defined in Table B.17.
| Command Argument | Description |
| Identifier | AutoID Identifier according to the device configuration as returned as part of a ScanResult in a scan event or scan method. AFI and mask as part of the UII or no value, if no identifier is available. |
| CodeType | raw data |
| Region | To be set to 0 for memory, to be set to 2 for UII, to be set to 4 for AFI or to be set to 5 for DSFID |
| Offset | Start address of the memory area [byte counting]. It is up to the user to enter values as multiples of 4 or any other block length. To be set to 0 for AFI or DSFID. |
| Length | Length of the memory area [byte counting]. It is up to the user to enter values as multiples of 4 or any other block length. To be set to 1 for AFI or DSFID. |
| Password | no password |
| ResultData | Returns the requested tag data |
| Status | Returns the status of the read operation. |
ISO/IEC 18000-2 describes a system with read/write tags. In addition, there are many RFID systems on the market with read only transponders (ROM). Tags store only a fixed code that is factory programmed, or the user programs it himself (WORM). Such tags will be red with a read command. Region will be set to 0. Length will be set to 0 as well as the length of data cannot be changed.
WriteTag
Read and write operations according ISO/IEC 18000-2 are defined for blocks only. It is up to the user to use the correct values for Offset and Length. They must be multiples of 4.
There is a further write command “Write system data”. It writes the AFI (1 byte) or the DSFID (1 byte).
Region should be set to 0 for data. For UII/TID region should be set to 2. The region mapping is defined in Table B.6.
| Region | Meaning |
| 0 | Write data area of the Tag |
| 1 | not allowed |
| 2 | TID bank, bank size is tag dependant |
| 3 | not allowed |
| 4 | Write AFI |
| 5 | Write DSFID |
The length of the data is defined by the data itself.
The mapping of the WriteTag parameters is defined in Table B.7.
| Command Argument | Description |
| Identifier | AutoID Identifier according to the device configuration as returned as part of a ScanResult in a scan event or scan method. AFI and mask as part of the UII or no value, if no identifier available |
| CodeType | raw data |
| Region | to be set to 0 for memory, to be set to 4 for AFI, to be set to 5 for DSFID |
| Offset | Start address of the memory area [byte counting]. It is up to the user to enter values as multiples of 4 or any other block length. To be set to 0 for AFI or DSFID. |
| Data | Data to be written |
| Password | no password |
| Status | Returns the status of the read operation. |
B.2 HF
B.2.1 General
For HF few standards have to be considered. ISO/IEC 18000-3 defines three HF RFID systems as Modes 1, 2 and 3. Mode 1 is based on ISO/IEC 15693 and common in use. Mode 2 is far less important and rarely used. Mode 3 is based on the memory and command structures of ISO/IEC 18000-63. Further, the standard ISO/IEC 14443 is prevalently in use for identification cards. NFC transponders are transponders using the ISO/IEC 14443 (type 1, 2 and 4 tags) standard or the ISO/IEC 15693 standard (type 5 tags). NFC tags can be accessed with the same commands as ISO/IEC 14443 tags.
B.2.2 ISO/IEC 18000-3 Mode 1, ISO/IEC 15693
Commands and memory structures follow the above described standards ISO/IEC 18000-2 for LF tags.
B.2.3 ISO/IEC 18000-3 Mode 3
This standard copies the commands and memory structure of the UHF standards ISO/IEC 18000-63. The HF standard is less complex as the UHF standards. For example, ISO/IEC 18000-3 Mode 3 defines only a subset of 5 error codes compared to 14 error codes defined in ISO/IEC 18000-63.
All definitions from B.3 apply.
Memory structure may be reduced compared to ISO/IEC 18000-63. Reserved memory (MB 00) may be absent, when no passwords are needed. UII memory (MB 01) may be as small as 32 bits. Maximum size is 464 bits. TID memory (MB 10) has at least an 8-bit ISO/IEC 15963 allocation class identifier and further identifying information for unique identification. User memory (MB 11) is optional. For the operation of the tag it is the same memory structure as ISO/IEC 18000-63.
B.2.4 ISO/IEC 14443
This standard defines an UID of 4, 7 or 10 bytes (ISO/IEC 14443-3). Further memory structures are not defined in parts 1 to 4. UID shall be accessed as Region 2.
Again, this standard is similar to the LF standard above and the same commands shall be used.
B.3 UHF
KillTag
For RFID Readers working on ISO/IEC 18000-63 UHF transponders, KillTag invokes a Kill procedure to the specified transponder according to [EPCGen2] to permanently disable the tag.
The transponder (tag) can only be disabled, if the kill password stored in bits 00h .. 1Fh in bank 00 of the tag's memory is different from zero AND the KillPassword parameter given matches the tag's stored value.
For Version 1.x of the EPC Global standard, both passwords (Kill and Access) are 32-bit values, represented as 4 bytes in a Byte String parameter (MSB first).
The mapping of the KillTag parameters is defined in Table B.8.
| Command Argument | Description |
| Identifier | The Identifier (i.e. the EPC code) of the tag to be disabled in a data type the RFID reader understands. Usually the reader will accept at least the same type that the reader provides in his own ScanResult and the UID as a Byte String, but may also accept other data types. If a ScanDataEPC structure according to 9.3.6 is used, only the UId field needs to contain valid data. |
| CodeType | A string defining the type of Identifier used in "Identifier" argument, see 9.1.3, for example "EPC" or "UID" |
| KillPassword | The kill password of the tag (4 bytes) |
| Status | Return value indicating the success of the kill procedure. |
LockTag
For RFID Readers working on ISO/IEC 18000-63 UHF transponders, LockTag can set the lock status of a memory region.
Lockable memory regions are:
- the kill password
- the access password
- the (complete) EPC memory bank
- the (complete) TID memory bank
- the (complete) User memory bank
The kill and the access password can be set to one of the states defined in Table B.9 (see 9.2.4).
| State | Meaning |
| Lock_0 | Read and write operations to the password area are only possible with the correct access password of the tag. |
| Unlock_1 | Read and write operations to the password area are allowed without knowing the access password of the tag. |
| PermanentLock_2 | Read and write operations to the password area are not allowed under any circumstances. It is not possible to unlock the password area again (except by re-commissioning the tag). |
| PermanentUnlock_3 | Read and write operations to the password area are allowed without knowing the access password of the tag. It is not possible to lock the password area again (except by re-commissioning the tag). |
The EPC, TID and User memory banks can be set to one of these states defined in Table B.10 (see 9.2.4).
| State | Meaning |
| Lock_0 | Read operations to the memory bank are allowed without knowing the access password of the tag. Write operations to the memory bank area are only possible with the correct access password of the tag. |
| Unlock_1 | Read and write operations to the memory bank are allowed without knowing the access password of the tag. |
| PermanentLock_2 | Read operations to the memory bank are allowed without knowing the access password of the tag. Write operations to the memory bank are not allowed under any circumstances. It is not possible to unlock the memory bank again (except by re-commissioning the tag). |
| PermanentUnlock_3 | Read and write operations to the memory bank are allowed without knowing the access password of the tag. It is not possible to lock the memory bank again (except by re-commissioning the tag). |
Since it is not possible to lock or unlock specific memory addresses, Offset and Length parameters shall be set to zero for UHF devices.
The mapping of the LockTag parameters is defined in Table B.11.
| Command Argument | Description |
| Identifier | The Identifier (i.e. the EPC code) of the tag to be locked or unlocked in a data type the RFID reader understands. Usually the reader will accept at least the same type that the reader provides in his own ScanResult and the UID as a Byte String but may also accept other data types. If a ScanDataEPC structure according to 9.3.6 is used, only the UId field needs to contain valid data. |
| CodeType | A string defining the type of Identifier used in "Identifier" argument, see 9.1.3, for example "EPC" or "UID" |
| Password | (optional) The access password of the tag, if unequal from zero (4 bytes, MSB first). |
| Region | Bank of the memory area to be accessed The RfidLockRegionEnumeration DataType is defined in 9.2.5. |
| Lock | Specifies the lock action like write/read protection, permanently. The RfidLockOperationEnumeration DataType is defined in 9.2.4. |
| Offset | 0 for UHF tags |
| Length | 0 for UHF tags |
| Status | Returns the result of the LOCK operation |
SetTagPassword
For RFID Readers working on ISO/IEC 18000-63 UHF transponders, the SetTagPassword method can set either the access password or the kill password of a UHF transponder.
Only the values defined in Table B.12 are allowed from the RfidPasswordTypeEnumeration DataType as defined in 9.2.6.
| Allowed Value | Description |
| Access_0 | Access password |
| Kill_1 | Kill password |
Other values are currently not defined for UHF readers.
For Version 1.x of the EPC Global standard, both passwords (Kill and Access) are 32-bit values, represented as 4 bytes in a Byte String parameter (MSB first).
Passwords can only be altered when they are not locked (see LockTag command).
The mapping of the SetPassword parameters is defined in Table B.13.
| Command Argument | Description |
| Identifier | The Identifier (i.e. the EPC code) of the tag whose password is to be set in a data type the RFID reader understands. Usually the reader will accept at least the same type that the reader provides in his own ScanResult and the UID as a Byte String, but may also accept other data types. If a ScanDataEPC structure according to 9.3.6 is used, only the UId field needs to contain valid data. |
| CodeType | A string defining the type of Identifier used in "Identifier" argument, see 9.1.3, for example "EPC" or "UID" |
| PasswordType | Either Access_0 or Kill_1, the type of password to be changed |
| AccessPassword | (optional) The current access password of the tag, if unequal from zero (4 bytes, MSB first). |
| NewPassword | The new access or kill password of the tag, if unequal from zero (4 bytes, MSB first). |
| Status | Returns the result of the SetTagPassword method. |
ReadTag
For RFID Readers working on ISO/IEC 18000-63 UHF transponders, the ReadTag method can read the raw data of any memory bank of a single UHF transponder.
The address range to be read can be the complete bank or a continuous part of the bank. All addresses from Offset to Offset+Length-1 must be inside the bank's memory area.
The Region parameter denominates the bank from which data is to be read. The values are defined in Table B.14.
| Region | Meaning |
| 0 | Reserved bank (Kill and Access passwords), usually 8 byte size |
| 1 | EPC bank, bank size is tag dependant |
| 2 | TID bank, bank size is tag dependant |
| 3 | USER data bank, bank size is tag dependant |
Other values are currently not defined for UHF readers.
An access password may be required to read from bank 0. See description of LockTag method.
The mapping of the ReadTag parameters is defined in Table B.15.
| Command Argument | Description |
| Identifier | The Identifier (i.e. the EPC code) of the tag whose password is to be set in a data type the RFID reader understands. Usually the reader will accept at least the same type that the reader provides in his own ScanResult and the UID as a Byte String, but may also accept other data types. If a ScanDataEPC structure according to 9.3.6 is used, only the UId field needs to contain valid data. |
| CodeType | A string defining the type of Identifier used in "Identifier" argument, see 9.1.3, for example "EPC" or "UID" |
| Region | The memory bank to be read 0, 1, 2 or 3. |
| Offset | Start address inside the memory bank [0-based byte counting] |
| Length | Number of bytes to be read. |
| Password | (optional) The current access password of the tag, if unequal from zero (4 bytes, MSB first). |
| ResultData | Returns the requested tag data |
| Status | Returns the status of the read operation. |
WriteTag
For RFID Readers working on ISO/IEC 18000-63 UHF transponders, the WriteTag method can alter the raw data of any memory bank of a single UHF transponder.
The Region parameter denominates the bank to which data is to be written. The values are defined in Table B.16.
| Region | Meaning |
| 0 | Reserved bank (Kill and Access passwords), usually 8 byte size |
| 1 | EPC bank, bank size is tag dependant |
| 2 | TID bank, bank size is tag dependant |
| 3 | USER data bank, bank size is tag dependant |
Other values are currently not defined for UHF readers.
Memory banks may be write protected completely or an access password may be required to write, see LockTag method for details.
The length of the data is defined by the data itself.
The address range to be written can be the complete bank or a continuous part of the bank. All addresses from Offset to Offset+(length of data)-1 must be inside the bank's memory area.
The mapping of the WriteTag parameters is defined in Table B.17.
| Command Argument | Description |
| Identifier | The Identifier (i.e. the EPC code) of the tag whose password is to be set in a data type the RFID reader understands. Usually the reader will accept at least the same type that the reader provides in his own ScanResult and the UID as a Byte String, but may also accept other data types. If a ScanDataEPC structure according to 9.3.6 is used, only the UId field needs to contain valid data. |
| CodeType | A string defining the type of Identifier used in "Identifier" argument, see 9.1.3, for example "EPC" or "UID" |
| Region | The memory bank to be written 0, 1, 2 or 3. |
| Offset | Start address inside the memory bank [0-based byte counting] |
| Data | Data to be written |
| Password | (optional) The current access password of the tag, if unequal from zero (4 bytes, MSB first). |
| Status | Returns the status of the read operation. |