GS1 Ratifies EPC Gen2v2, Adds Security Features, More Memory

By Claire Swedberg

The new version of the EPC Gen 2 UHF RFID standard provides such features as security, anti-counterfeiting cryptography, EAS functionality and privacy settings for consumers.


The management board at GS1, which oversees EPCglobal standards related to Electronic Product Code (EPC) and radio frequency identification technologies, has ratified EPC Gen2v2, a new version of the ultrahigh-frequency (UHF) EPC Gen 2 standard. EPC Gen2v2 provides a series of features intended to improve security and deter the counterfeiting of tagged products, by enabling the authentication of a tag or reader, and includes privacy features for consumers, as well as a way for embedded tags to identify themselves as such to an interrogator. Gen2v2 also enables a tag’s user memory to be partitioned into multiple files. Tags compliant with the new standard can be used for electronic article surveillance (EAS). Gen2v2 was ratified on Oct. 30, and several Gen 2 UHF tag and reader manufacturers are currently developing products or upgrades to existing offerings based on the new standard.

Gen2v2 is the first revision of the standard since GS1 published its “item-level tagging” version (EPC Gen 2 v. 1.2.0) in 2008, building on the success of 2004’s groundbreaking Gen 2 version (see EPCglobal Ratifies Gen 2 Standard). The improvements incorporated in Gen2v2 represent efforts made since that time to meet the needs of a variety of end users for additional functionality, according to Craig Alan Repec, GS1’s senior manager for EPCglobal technology.

GS1’s Craig Alan Repec

While Gen 2 offered a single, worldwide standard in the UHF RFID space to simplify visibility, boost read rates and improve tag performance, the EPC user community continued to explore ways in which to increase its versatility. Gen2v2, the result of several years of industry-wide collaboration with a diverse group of stakeholders, enables a tag to cryptographically authenticate a reader, thereby providing selective access only to authorized devices. Conversely, readers will be able to cryptographically authenticate tags, thus providing extensive protection against product counterfeiting and tag cloning. This authentication capacity will boost Gen2v2’s adoption by the aerospace, defense, luxury-goods and pharmaceutical industries, Repec predicts, by ensuring that data is secure on the tag and cannot be altered without authorization.

In addition, the Gen2v2 standard allows the partitioning of user memory into one or more files (for up to a maximum of 1,023 files, each accommodating a maximum of 2,044 kilobytes of binary data). Readers can be assigned access privileges for some or all files. This partitioned memory could be used to store information regarding maintenance, product purchases or returns, as well as any other product lifecycle information deemed essential for encoding directly on the tag. Saving data to specific files allows access to some of that data to be restricted to certain users. What’s more, some data can be set as permanent (unchangeable), while other information could be rewritten.

Retailers using existing Gen 2 tags can employ their own software to update a tag as purchased in their own database, in line with GS1’s 2009 EAS guidelines, and thereby ensure that the tag does not set off an EAS alert upon exiting the store. “This approach works for some retailers,” says Chris Diorio, the Gen2v2 project editor, founder and CTO of Impinj, a provider of RFID chips used to manufacture EPC tags, as well as RFID readers. For some stores, however, it was not feasible. “Bigger stores could have a million items in the store and 20 checkout lanes,” Diorio says. At such sites, he notes, it is impossible to update the database for every purchase before each customer reaches the door. Therefore, the Gen2v2 standard enables the tag to be updated at the point of sale with an “exit code,” indicating that the item to which that tag is attached has been paid for.

In addition, the new standard includes a command intended to protect consumer privacy. With this feature, specific readers can render a tag untraceable by restricting identifying information, such as parts of the EPC, extended tag identification (XTID) or user memory. The tag can also accomplish this by significantly reducing its operating range to a percentage of its previous range. The amount by which that read distance would be reduced would depend on the tag itself.

With the untraceable command, a user can protect a consumer’s post-sale privacy, for instance, by hiding data until a tag is interrogated by a reader with an untraceable privilege—such as reader in a store when a purchased product is returned for refund or exchange.

A tag built into a product can come with a “non-removable” indicator bit signifying that the tag should not be detached from an item since removal could compromise that product’s intended functionality. That same function would enable a tag sewn into a garment (or integrated into a product in some other non-removable manner) to identify itself as such. Readers at the point of sale would then know to treat that tag differently—for example, setting the untraceable command.

The standard, Diorio says, is the result of exhaustive efforts by the International Organization for Standardization (ISO) and EPCglobal, as well as numerous vendors, system integrators and retail stakeholders. To develop the standard’s cryptographic capabilities, Diorio explains, EPCglobal developed the commands and data formatting, while ISO created the cryptographic suites to be used by tags. “This has been a very large community effort,” he states.

Impinj’s Chris Diorio

EPCglobal first demonstrated a prototype of the new standard in April 2013. Now that the Gen 2 standard has been revised, ISO workgroups are currently reviewing it, and V2 is expected to be incorporated into the ISO 18000-63 standard next year. GS1’s EPC Tag Data Standard (TDS) will also be updated to support Gen2v2.

Vendors may be expected to release new Gen2v2-compatible products during the next 18 months, Diorio predicts. Few products will accommodate all of the features available with Gen2v2, he adds, but rather will provide products with specific features for individual markets. A tag for the retail market, for example, may include security and anti-counterfeiting features, while the aerospace and defense sectors would employ tags with the partitioned memory capacity.

All enhancements to the new standard are optional and backwards-compatible, Repec reports. The new Gen2v2 tags will operate with existing readers complying with Gen 2 version 1.2.0. However, existing readers would require firmware upgrades to support the new features. “This doesn’t endanger the longer-term investment of existing implementations,” he adds.