Q&A about Locking EPC Data in Passive UHF RFID Tags
Question: “My use case is at the retail store, where each garment is attached to a passive ultrahigh-frequency (UHF) RFID tag. These tags contain a unique stock identifier in the Electronic Product Code (EPC) memory bank, which I do not want any reader to be able to overwrite. If the unique stock identifier were changed (by any rogue person using an RFID reader and rewriting the tag information), we would not be able to identify whether or not the tag belonged to our store, and finally not activate the alarm when the product went out of the shop. So I’m looking for a mechanism of protecting the data after it is encoded. How can this be achieved?
Also, when the tag’s EPC memory is locked, is it locked using a password? Can I use the password to unlock the tag at any point and change the value as well? Assuming I want to update a bit in the identifier when the item is sold, so that the gate reader can identify it as a tag from store and also whether the item is billed or not, what is the procedure to lock the EPC memory? I’m using an RFID printer (sticker-based, containing only EPC memory), and I’m able to modify data to the EPC memory over and over.”
—Luke
Answer 1:
Luke,
It is possible to write your unique stock identifier to a memory field in a passive UHF tag with user memory (some chips only store an EPC) and lock the memory field. This is a command that you would send to the reader. Each reader has a slightly different way of doing this, but it is part of the ISO 18000-6C air-interface protocol standard.
This step takes a little time when you commission each tag, and I am not sure that it is necessary. If you had an Electronic Product Code written to the tag and locked, the code would identify your company in the prefix, along with the product category and a serial number. If your prefix was 123456, then any tag with that prefix that was read while going out of the shop would trigger the system to look up whether the item with that unique identifier had been sold. If it was not sold, the alarm would sound.
Once you write an EPC to the tag, it cannot be changed. User memory can be changed. You could write to the user memory that the tag was sold, or you could have the reader check a local database to confirm this. That could happen quickly enough to trigger the alarm if the tag leaving the store was on an item that had not been paid for. I believe GS1 has some information on its website about using RFID for anti-theft purposes.
Usually, the EPC field can only be written to once. Are you writing to the EPC field or a user memory field? If the EPC field lets you write over and over, you will need to find the printer command that locks the EPC field.
Mark
Answer 2:
hello
I attended the RFID Journal Live at Orlando last week, and I attented the training track on first day. Regarding password protection : it is possible to use up to 3 different passwords on a chip : 1 for read, 1 for write, 1 for kill. But it is not mandatory, you can choose to set up 0 password, or 1 password only for 1 functions, or the same password for read/write/kill or 3 different passwords. You have to know that if you set up a write password, it will have an impact on the tag production process, as it takes a little bit more time to write on the chips when it is password protected = production productivity will be affected =>higher production costs.
hope it will helps
Max
Answer 3:
Hi Relix,
Here is a blog entry I wrote while at Impinj which explains about locking EPC (or any of the memory banks):
https://support.impinj.com/hc/en-us/articles/202756408-Locking-Memory-on-EPC-RFID-Tags
The other option is to perma-lock the tag EPC memory bank so that it cannot be changed regardless of access password.
Parker
