Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
IEC 29160 — Information Technology — RFID Tag Air Interface
UHF RFID tag architecture, memory organization, and communication protocol
1. Introduction to IEC 29160: RFID Tag Architecture
IEC 29160 defines the air interface, memory organization, and command set for radio-frequency identification (RFID) tags operating in the UHF frequency band. This standard is part of the ISO/IEC 18000 series but specifically addresses the data structure and application-level command semantics that enable interoperable RFID deployments across diverse industries including logistics, retail, healthcare, and manufacturing. The standard specifies tag memory banks, access protocols, security mechanisms, and data encoding rules that ensure RFID tags from different manufacturers can be read and written by compliant interrogators (readers) worldwide.
UHF RFID tags compliant with IEC 29160 achieve read ranges of 5-10 meters in passive mode and up to 100 meters in battery-assisted passive mode, making them ideal for supply chain and inventory management applications.
The standard defines four memory banks on each tag: Reserved memory for kill and access passwords, EPC memory storing the Electronic Product Code, TID memory containing the tag identifier with manufacturer and model information, and User memory for application-specific data storage. The memory organization follows a logical block structure with word-level addressing, supporting both individual tag operations and efficient bulk inventory procedures where multiple tags are identified simultaneously using anti-collision algorithms.
2. Protocol Layers and Communication Architecture
The IEC 29160 communication protocol follows a physical layer / link layer / application layer hierarchy. The physical layer defines the UHF carrier frequency (860-960 MHz depending on regional regulations), modulation scheme (DSB-ASK, SSB-ASK, or PR-ASK), data encoding (FM0 or Miller), and data rates (from 40 kbps to 640 kbps). The link layer manages inventory rounds, slot synchronization, and error detection using 16-bit CRC. The application layer processes tag operations including read, write, lock, kill, and access commands with specified timeout and retry semantics.
| Layer | Function | Key Parameters | Protocol Details |
|---|---|---|---|
| Physical | RF carrier generation and modulation | 860-960 MHz, 4-30 dBm ERP | DSB-ASK, SSB-ASK, PR-ASK |
| Link | Inventory management, collision resolution | Q parameter (0-15), slot count | Dynamic framed slotted ALOHA |
| Application | Tag memory operations, security | Bank, address, word count, access password | Read/Write/Lock/Kill/Access |
| Security | Authentication, encrypted communication | 16-byte password, 32-bit cover code | XOR-based handshake, optional AES |
Regional frequency regulations vary significantly — 865-868 MHz in Europe, 902-928 MHz in the Americas, and 920-925 MHz in China. Tags and readers must be configured for the target deployment region.
3. Engineering Design Insights for RFID Implementation
Implementing IEC 29160-compliant RFID systems requires careful attention to read reliability in challenging RF environments. Metal surfaces and liquids cause detuning and signal absorption that significantly degrade read performance. Engineers should select tags with appropriate substrate materials and antenna designs for their specific application — on-metal tags with foam spacers or magnetic shielding for metal surfaces, and encapsulated tags for liquid environments. The standard’s Select command and session flags enable sophisticated filtering strategies that improve inventory efficiency in dense tag populations.
Security design is increasingly important as RFID expands into access control and payment applications. The standard provides basic password-protected access with kill and lock commands, but these mechanisms are vulnerable to brute force attacks due to the limited password length (16 bits for the original specification). Enhanced security extensions incorporate AES-128 encryption and mutual authentication protocols for applications requiring protection against tag cloning and eavesdropping. Engineers must evaluate the threat model for their specific deployment to select the appropriate security level.
A major retail supply chain implementation achieved 99.9% inventory accuracy with IEC 29160-compliant UHF RFID tags, reducing out-of-stock incidents by 65% compared to barcode-based tracking.
Unsecured RFID tags are susceptible to cloning, skimming, and unauthorized killing. Applications handling high-value assets or personal data must implement the optional security extensions with encrypted communication and mutual authentication.
4. Frequently Asked Questions
Q: Can IEC 29160 tags be read simultaneously with other RFID standards?
A: IEC 29160 operates in the UHF band and is not compatible with HF (13.56 MHz) standards like ISO 14443 or NFC. Multi-frequency readers are available that can interrogate both UHF and HF tags, but they operate as separate radio systems.
A: IEC 29160 operates in the UHF band and is not compatible with HF (13.56 MHz) standards like ISO 14443 or NFC. Multi-frequency readers are available that can interrogate both UHF and HF tags, but they operate as separate radio systems.
Q: What is the maximum number of tags that can be inventoried per second?
A: With optimized Q parameter settings and ideal RF conditions, modern readers can inventory 200-500 tags per second. Actual throughput depends on tag population size, read range, and interference levels.
A: With optimized Q parameter settings and ideal RF conditions, modern readers can inventory 200-500 tags per second. Actual throughput depends on tag population size, read range, and interference levels.
Q: How does the kill command work and can it be reversed?
A: The kill command permanently disables a tag by setting a kill password and issuing a kill command. This operation is irreversible — once killed, a tag cannot be reactivated. Standard practice is to kill tags at point of sale to protect consumer privacy.
A: The kill command permanently disables a tag by setting a kill password and issuing a kill command. This operation is irreversible — once killed, a tag cannot be reactivated. Standard practice is to kill tags at point of sale to protect consumer privacy.
