# EPC Gen2 UHF RFID Protocol — Technical Guide

URL: https://proudtek.com/guides/epc-gen2-uhf-rfid/
Source URL: https://proudtek.com/guides/epc-gen2-uhf-rfid/
Generated: 2026-03-16T01:42:30.697Z
Kind: article
Publisher: Proud Tek Co., Limited
Author: Peter Zhang (Founder & CEO)
Published: 2026-04-19
Last Modified: 2026-06-10T18:00:00Z
Reviewed By: Proud Tek Editorial Team
Last Reviewed: 2026-06-10T18:00:00Z
Credentials: ISO 9001:2015, ISO 14001:2015, RoHS Compliant, CE Marking, REACH Compliant
Image: https://proudtek.com/landing-images/uhf-rfid-hard-tag.webp
Image Alt: EPC Gen2 UHF RFID protocol diagram showing memory banks air interface and anti-collision mechanics

## Description
A protocol-level technical guide to EPC Gen2, the air-interface specification that underlies every RAIN RFID deployment — covered across its three...

## Summary
- A protocol-level technical guide to EPC Gen2, the air-interface specification that underlies every RAIN RFID deployment — covered across its three...

## Buyer Guidance
- Best for: EPC Gen2 UHF RFID Protocol — Technical Guide supports RFID and NFC evaluation, comparison, and sourcing decisions.
- Compare first: Compare EPC Gen2 UHF RFID Protocol — Technical Guide against reader compatibility, chip family, material, and deployment environment.
- What to confirm: Confirm target application, compatibility requirements, customization needs, quantity, and sample expectations before quoting EPC Gen2 UHF RFID Protocol — Technical Guide.

## FAQ
- Q: What is the difference between EPC Gen2 and RAIN RFID?
  A: They refer to the same technology at different levels of abstraction. EPC Gen2 (formally EPC UHF Gen2v2, standardized as ISO/IEC 18000-63) is the technical specification for the reader-to-tag air interface. RAIN RFID is the industry brand and certification programme administered by the RAIN Alliance that promotes adoption and certifies interoperability of Gen2v2 implementations — analogous to how Wi-Fi Alliance brands and certifies IEEE 802.11 implementations. A tag or reader advertised as 'RAIN RFID' is an EPC Gen2v2 / ISO 18000-63 product that has been certified through the RAIN programme for conformance and interoperability. In commercial usage, 'RAIN RFID', 'EPC Gen2' and 'UHF RFID' are often used interchangeably because the modern UHF RFID market is effectively homogeneous around Gen2v2.
- Q: What is Gen2v2 and how does it differ from the original Gen2?
  A: Gen2v2, ratified by GS1 in 2013 and incorporated into ISO/IEC 18000-63 in its 2013 revision, extends the original Gen2 protocol with optional features for authentication, structured data and privacy. The key extensions are a crypto-suite framework (AES-128, PRESENT-80 and others) enabling cryptographic challenge-response authentication of tags; file-based organization of User memory with file-level access control; the Untraceable command for privacy-aware consumer-facing applications; and various secure-access command variants. Gen2v2 is backward compatible. Gen2v2 chips function correctly with Gen2-only readers for basic inventory, and Gen2-only chips function with Gen2v2 readers without the extended features. Modern chips like Impinj M700/M800 series, NXP UCODE 9 and UCODE DNA support Gen2v2 feature subsets; chip datasheets specify which specific Gen2v2 features are supported, and applications should verify feature-level compatibility rather than relying on generic 'Gen2v2 compliant' claims.
- Q: What is Gen2v3 and should new deployments require it?
  A: Gen2v3 is the January 2025 GS1 / RAIN Alliance release of the EPC UHF Gen2 protocol — the first major revision in over a decade (Gen2v2 was 2013). It adds three headline capabilities: Query X and Query Y, which let an interrogator pre-filter the tag population on EPC scheme, header value or feature flag (rather than only by EPC bit-mask) so unrelated tags do not consume inventory time (the canonical use case is reading airport baggage tags when items inside the bag also carry RAIN tags); modulated-power inventory, where the interrogator briefly reduces field strength so only tags clearly within the read zone respond, suppressing fringe-tag interference in dense deployments; and Read-Var, which lets the reader request exactly which subset of User or TID memory to backscatter, so applications that store lot, batch or expiry data in User memory capture only the slice they need in a single round trip. Gen2v3 is fully backward compatible — Gen2v2 tags work on Gen2v3 readers and Gen2v3 tags work on Gen2v2 readers (without the new features) — so existing deployments are not stranded. For new reader infrastructure RFQs in 2026 and beyond, specifying Gen2v3 firmware-upgrade support as a future-readiness clause is sensible; for new tag-chip qualifications planned for 2026-2027 production, evaluate Gen2v3-capable chips alongside the established Gen2v2 portfolio. Production rollout of Gen2v3 silicon is happening through 2026-2027 across the major chip vendors.
- Q: How many UHF tags can realistically be read per second with EPC Gen2?
  A: The theoretical maximum under ideal conditions is approximately 1,500+ tags per second per reader. Real-world deployed performance is lower because of tag orientation variation, dense-reader-mode coordination overhead, regional regulatory constraints (LBT in Europe, frequency-hopping in the US), and integration with enterprise systems. Realistic expectations are 400-800 tags per second per reader in production deployments. For portal-read applications, the operationally meaningful metric is 'tags read per pallet pass' rather than tags per second. A well-tuned dock-door portal reads an 80-case pallet completely on a single pass, typically within a 2-4 second window. Dense-reader environments with multiple readers sharing a space require careful channel, session and antenna planning to approach these figures; unplanned dense-reader deployments often see 10-30% of single-reader throughput due to mutual interference.
- Q: What are the four Gen2 memory banks and what goes in each?
  A: Gen2 memory is organized into four banks. Bank 0 (Reserved) stores the 32-bit access password and 32-bit kill password at fixed addresses; this bank is not included in inventory responses and requires the secured state to access. Bank 1 (EPC) stores the CRC, Protocol Control word and the Electronic Product Code itself (typically 96-bit SGTIN-96, SSCC-96, GRAI-96 or other GS1-defined encoding); this is the primary identifier read during normal inventory. Bank 2 (TID) stores the factory-programmed Tag Identifier, including a chip class identifier, manufacturer ID and chip-specific serial; TID is read-only and provides chip-level uniqueness useful for authentication. Bank 3 (User) is variable-size application-specific memory, ranging from zero bits on low-cost chips to 64+ kilobits on specialized industrial chips, used for maintenance data, batch codes, calibration records or other bespoke application data. Each bank has its own lock-state protection, and all memory is addressed by bank number, starting word offset and word count.
- Q: How does the Q-algorithm anti-collision mechanism work?
  A: The Q-algorithm is a slotted-Aloha variant where the reader issues a Query command with a Q parameter in the range 0-15, creating 2^Q timeslots for tags to respond in. Each tag selects a random slot and transmits its RN16 (16-bit random number) preamble in its chosen slot. The reader cycles through slots with QueryRep commands, ACKing tags whose RN16 was cleanly received and then reading their EPC, and skipping slots that are empty or have collisions. The reader tunes Q dynamically: if many slots are empty, Q was set too high for the actual population and is decremented; if many slots have collisions, Q was too low and is incremented. Well-tuned Q-algorithm operation inventories hundreds to thousands of tags per second. Sessions (S0, S1, S2, S3) and target states (A, B) provide additional coordination. Once a tag has been inventoried in a session, its flag toggles and it stops responding until the flag times out or is reset, which allows the reader to efficiently cycle through a stable tag population without re-reading the same tags endlessly.
- Q: What security does the baseline Gen2 protocol provide?
  A: The Gen2 baseline provides modest security: a 32-bit access password that gates writes and lock operations, a 32-bit kill password that permanently disables tags, and lock commands that control memory-protection state (unlocked, perma-unlocked, locked, permalocked). This model prevents unauthorized writes and supports end-of-life deactivation, but it does not encrypt EPC reads. Any reader in range can read the EPC of an unlocked tag, which is typically a globally-unique product identifier. For applications requiring cryptographic tag authentication (verifying the tag is genuine rather than a clone), the Gen2v2 crypto-suite extensions with AES-128 challenge-response authentication are required. For applications requiring read confidentiality (hiding which product a tag is attached to), the Gen2v2 Untraceable command provides a privacy-aware mode. Chips implementing these Gen2v2 features include the NXP UCODE DNA family for cryptographic authentication, among others. Applications should match security requirements to chip feature set rather than assuming 'Gen2' provides more protection than the baseline password model.
- Q: How do sessions S0-S3 and target states A/B coordinate multi-reader deployments?
  A: Gen2 defines four independent sessions (S0, S1, S2, S3), each with its own per-tag inventory flag. Different readers can operate in different sessions so that reader-1's inventory does not toggle reader-2's flags, preventing mutual interference. Within each session, tags have a target flag that can be A or B. A reader's Query command specifies the target (A or B), and only tags with matching target flag respond; responding flips the flag to the other value. Alternating A→B→A→B inventory lets a reader repeatedly cycle through a stable tag population. Session flags have different persistence: S0 resets when the tag loses power (useful for presence-detection scenarios), S1 has a millisecond-scale persistence timer (useful for short-interval inventory), and S2/S3 persist for seconds to hours (useful for long-range portal scenarios where a tag should not be re-inventoried every pass). Typical dense-reader deployments assign long-range portals to S2 or S3 and short-range handhelds or cycle-counts to S0 or S1, reflecting the different persistence requirements of each use case. Proper session and target assignment is one of the highest-leverage tuning parameters in production Gen2 deployments.

## Machine Routes
- JSON: https://proudtek.com/machine/guides/epc-gen2-uhf-rfid.json
- Text: https://proudtek.com/machine/guides/epc-gen2-uhf-rfid.txt