Can I Encode Both Private and Public Information on a Single Tag?

Published: January 5, 2012

How would I go about encoding a mix of public data (part numbers and expiration dates) and private information (a digital signature to ensure that a tag was encoded by an approved supplier) on one tag, while adhering to EPCglobal’s Gen 2 UHF standard, or ISO 1569x? I’ve been reading the various encoding standards (the EPC Tag Data Standard and ISO 1569x). I don’t understand how the EPC standard allows for private data that is not understood by others. 1569x standards talk about encryption and object identifiers, but for some reason, I can’t figure out the implementation details.

—Steve (Kalamazoo, Michigan)

———


Steve,

To answer your excellent question, I reached out to the folks at Impinj, who were involved in writing the EPC Gen 2 standard, and who designed the chip used in many Electronic Product Code (EPC) tags. I also contacted Steve Halliday, the president of consulting firm High Tech Aid, who also worked on the EPCglobal and ISO standards.

Here is Steve’s reply:

“There are two methods for breaking up data and showing it for what it is: data identifiers (an ISO method) and application identifiers (a GS1 solution). Both allow you to say that the data that follows next is ‘XXXX.’ However, neither method really allows you to hide data from the reader. That type of implementation will have to wait for the new versions of ISO/IEC 18000-63 and EPCglobal’s UHF Gen 2 spec. Both versions will become available in 2012-13, and will include information about authentication and encryption on a tag, and how a file-management system will allow some readers to see one set of information, and another reader different information. There is no way to do what is asked today, unless you devise your own security system for a tag.”

And here is Impinj’s response:

“Monza 4QT is specifically designed to maintain two data profiles—one private and one public. Using the QT custom command, which is compliant with the EPCglobal Gen 2 UHF standard, users can switch between the private and public profiles. When the tag is switched to its public profile, only its 96-bit EPC and 32-bit base tag identifier (TID) are readable. The EPC can be used to uniquely identify a part or product. When the tag is switched to its private profile, its User Memory is readable so that things such as digital signatures from an approved supplier can be read and verified. The QT command for switching profiles is password-controlled. For more details, see section 2.2 of the Monza 4 Tag Chip Data Sheet. We are not aware of any other method of being able to simultaneously encode or access a mix of public and private data. The access password feature, as defined in the EPCglobal Gen 2 UHF standard, can be used to lock access to the tag data—but in this case, all data gets locked until the right access password is provided. When the right access password is provided, all data becomes accessible. Thus, the access password enables making the tag data either public or private, but not a mix of public and private simultaneously.”

—Mark Roberti, Founder and Editor, RFID Journal