Advanced RFID Measurements: Basic Theory to Protocol Conformance Test

As RFID adoption continues to grow, engineers are faced with an increasing need to validate tags both for interoperability with products from other vendors and for conformance with the specified protocol. In today’s market, these test needs are coupled with increasing pressure to improve tag performance. As one might expect, RFID system designers face a significant test challenge when attempting to meet the needs of this emerging market. Fortunately, the demand for RFID technology has spawned both significant industry grown and innovation. In fact, researchers in both the research and commercial environment have often elected to use National Instruments measurement equipment to characterize both tag and reader performance.

Introduction

In this application note, we will explain both the basic functionality of RFID systems as well as the measurements that are commonly made.  It is our goal to provide readers with a solid understanding of some of the key technical design and implementation challenges faced by RFID design and test engineers.  In addition, we will provide insight into how customers have used measurement systems based on PC-based modular instruments in their own research and development of RFID products. 

While many of the principles we will discuss are broadly applicable to all RFID standards, this article is mainly focused on ISO 18000-6C (class-1, gen-2) specification [1].  This standard addresses UHF RFID in the bands from 860 MHz and 960 MHz and is commonly used in applications ranging from supply chain to baggage tracking in airports.   The outline of our discussion can be organized into the following five sections, detailed below:

1. RFID theory of operation
2. Introduction to tag testing methodology
3. Tag and antenna characterization
4. System protocol and conformance test.
5. RFID products and partners

In each section, we will provide both a theoretical background and practical measurement tips and techniques.  It is our goal that readers can use this document to gain a comprehensive understanding of RFID measurement systems and a more detailed understanding of the ISO1800-6C specification.  While we will discuss several unique architectures for RFID measurement systems, our discussion is primarily uses results from the VISN-100 RFID Tester, illustrated in figure 1 (below):

 

Figure 1. Screenshot of VISN-100 RFID measurement system.

The heart of this measurement system is the PCI-5640R IF Transceiver, which uses LabVIEW FPGA code to fully emulate either a tag or reader.  As we will see in the following discussion, the VISN-100 RFID measurement system is the preferred solution for RFID testing because it provides both PHY layer and protocol layer measurements in an out-of-the-box package.  In addition, because this system is purely software-defined, it is also user-configurable for custom measurements and analysis. 

Part 1: RFID Theory of Operation

RFID tags come in a broad range of shapes and sizes depending on the frequency range and antenna design.  As a general rule, the decision to choose one tag over another is dependent on several factors including: physical environment, required read range, and even physical properties of the material that is being tagged.  To give an idea of how the frequency band of RFID frequency bands can affect read ranges, observe the table below:

Figure 2. Typical RFID read range according to frequency band (passive tags)

While the table above compares the read range of passive tags, note that there are actually three RFID tag types: active, passive, and semi-active tags.  Because active and semi-active tags use an onboard power source to power the tag response, they are typically capable of much longer read ranges.  Passive tags, on the other hand, are actually powered by electromagnetic energy from an interrogator’s command.  While this technique significantly lowers the cost of the tag, it also limits the read range and creates significant – but interesting – design challenges.  As an example, RFID tags specified by the ISO18000-6C standard are passive tags.

Tag-to-Reader Interaction: The Inventory Round

An RFID system consists of both a tag reader (also called the interrogator) and a tag.  All communication between the tag and reader occurs completely through a wireless link that is sometimes called an air interface.  Through a sequence of commands sent and received between both devices (called the inventory round), and RFID reader can identify the EPC (electronic product code) of an RFID tag.  For passive tags, the basic idea is that the interrogator will initiate an interrogation round with a query command.  The query command essentially “wakes up” the tag, which responds with the appropriate information.  A basic block diagram of the tag/reader system is system is shown in the figure below:

  

Figure 3. Block diagram of typical RFID tag/reader system

Note from figure 3 that many RFID readers and measurement systems actually use 3-port RF component called a circulator that enables both transmit and receive front ends to use the same antenna.  Note that with many RFID standards, timing information between transmit and receive commands is defined by strict guidelines.  In fact, a sort of “handshaking” is required between the tag and reader in order to complete an interrogation round.  This actually creates a unique test challenge because the instrumentation must be capable of the same behavior.  On an interrogator, you will notice that an embedded processor is required to decode and generate commands within a tight timing interval.  As we will see in a later section, this design is quite similar to FPGA-enabled RFID measurement systems, which use similar embedded processing to fully emulate either a tag or a reader. 

UHF Antenna Characteristics

One of the most elusive goals of RFID design is the challenge of extending a tag’s read range.  At UHF frequencies, this challenge of particularly daunting a tag’s electromagnetic properties (which determine performance) can be substantially affected by properties of the material on which the tag is applied.  In general, two of the most important factors that affect a tag’s read range include: efficiency of the antenna and impedance matching between an antenna and chip (or inlay) [2][3][4][6].  For reference, let’s observe the basic design of a UHF RFID tag, shown in the figure below.

Figure 4. Block diagram of an RFID tag

The specific tag design shown in figure 4 is known as the meandering trace design [2].  In some cases the resonant frequency of this particular design can be tuned simply by clipping the trace length [6]. 

One interesting characteristic of RFID antennas is that they often have impedance that is highly reactive.  When a reactive substance is stimulated with an electromagnetic wave, a tag will actually re-radiate the same electromagnetic wave back at its source.  This characteristic of the antenna is actually helpful in RFID systems because it provides the tag with a straightforward mechanism to send an electromagnetic wave to the source without need of an onboard synthesizer.  As we will observe in the next section, this method is called backscattering.

Already, antenna design of RFID tags has been the subject of significant research.  More specifically, this research has already examined techniques to tune antennas for operation over a broad frequency range [3].  In this document, we will not specifically describe the design tradeoffs that must be made to maximize a tag’s read range.  Instead, we will describe the measurement techniques that can be used to characterize various aspects of a tag’s performance.

Backscattering

The principle of backscattering is one of the most intriguing technologies in the RFID theory of operation.  Because of this technique, a tag is able to respond to interrogator commands without aid of an external power source.  It is perhaps easiest to understand this technique by stepping through each stage of R->T (reader-to-tag) and T->R (tag-to-reader) communications.

Step 1: Interrogator (R) sends a command to the tag (T). 

The first step of in interrogation round is an interrogator-to-tag (R->T) transmission.  The digital message data is typically encoded according to one of several common schemes including: Manchester (ISO 14443), Pulse Interval Encoding (ISO 18000-6C), or other schemes as well.  The encoded message is then modulated with one of several variants of the ASK modulation scheme.  As an example, the EPC Class 1 Gen 2 (ISO 18000-6C) standard allows readers to use any of DSB-ASK (double sideband ASK), SSB-ASK (single sideband ASK), and PR-ASK (phase reversal ASK).  Of these three options, note that PR-ASK is one of the most interesting.  This scheme uses a combination of 180º phase transitions every symbol and a 100% modulation depth to provide the lowest C/N requirement for error-free communications.

Step 2: Command decoding. 

Once the interrogator transmits a command, the electromagnetic wave propagates in free space towards the tag.  When the wave reaches the tag, the tag’s antenna is excited and the RF power is converted to DC power through a voltage rectifier.  This DC voltage is then able to power the control logic (often employed with a state machine) on the chip, which demodulates the waveform and determines the appropriate next command.  A functional block diagram of the chip is illustrated in the figure below:

Figure 5. Functional block diagram of an RFID ASIC (inlay).

The chip, shown in figure 5, is also called the “inlay,” and it can be broken down into several functional blocks.  The voltage rectifier converts an electromagnetic wave to DC power.  The control logic / state machine determines the next command to be sent to the reader.  Finally, the transistor, as we will discuss in step 3, enables modulation of the re-radiated electromagnetic wave.

Step 3: Re-radiation of electromagnetic wave. 

One of the most fascinating aspects of passive RFID tags is the method of re-modulating an interrogator command through backscattering.  Because RFID tags are designed so to have a reactive (capacitive) impedance, any incoming electromagnetic wave will actually be reflected back (re-radiated) by an antenna to its source.  Thus, when the interrogator transmits an electromagnetic wave to a tag, the wave will be reflected by the tag back towards the transmitter.  Because of this characteristic, a tag is able to encode a message by modulating the re-radiated electromagnetic wave.  Actual modulation of this wave occurs as a transistor on the inlay rapidly switches between two discrete impedance states.  Because each impedance state has both a resistive and capacitive characteristic (real and imaginary impedance), the tag actually performs both phase and amplitude modulation of the re-radiated signal.  Thus, the interrogator will receive a signal characterized by phase and amplitude modulation of the original R->T transmission.  Note that backscattering has motivated significant research into the optimal tag RCS (radar cross section) characteristics.  This is discussed in detail in Part 3.

Understanding RFID theory of operation and backscattering is critical to understanding the concerns and considerations in tag design.  As an example, the nature of the tag’s dual phase and amplitude modulation scheme produces interesting reader design decisions.  While a reader can demodulate a tag response with a simple ASK demodulation algorithm, read range can be improved by analyzing the phase changes as well.  This technique requires transmit and receive portions of an interrogator to share the same LO (local oscillator).

Part 2: RFID Test Instrumentation

Both RFID tags and readers have unique test requirements - which create a significant test challenge for today’s engineers.  In fact, design validation of today’s RFID tags requires special attention to both conformance and interoperability testing.  As an example, the ISO 18000-6C (class 1, gen 2) standard allows for significant variation between readers.  Some of the specifications that are flexible include: allowable data rates, modulation schemes, and even RF envelope characteristics.  Thus, reader emulation is often required for design validation to ensure that a tag is functional across many permutations of the standard.

In general, we can divide tag validation into two basic types: 1) PHY (physical) layer measurement and analysis, and 2) conformance and protocol validation.  While many PHY layer measurements can be performed with software-defined instrumentation and appropriate measurement algorithms, full reader emulation is required for conformance and interoperability testing.  In general, NI recommends a system capable of full reader emulation as it can address all measurement needs.  However, based on the specific testing needs mentioned above, there are several instrument configurations that can be used for RFID testing.  In this section, we will explain how to architect each type of measurement system and explain tradeoffs between them.

RFID “Sniffer” Architecture

The most basic RFID tag test system uses a vector signal analyzer to “sniff” the air interface between an interrogator and a tag.  This system, illustrated in figure 6, uses a reference “gold” reader or RFID simulator to initiate an interrogation round with the tag.  Meanwhile, the RF VSA (vector signal analyzer) is used to record and analyze both tag and reader transmissions over an RF air interface.

Figure 6. Illustration of Generic RFID Test Strategy

In this test scenario, the VSA is configured with an RF power trigger to capture all transmissions between the interrogator and tag.  Many modern vector signal analyzers such as the NI PXI-5661 offer the capability to perform frequency-domain triggering.  Using the measurement configuration described above, RF transmissions are analyzed in both the time and frequency domains for full analysis of tag-to-interrogator transmissions.  While this technique can be used to perform basic PHY layer characterization of the either the tag or the reader, it cannot be used for interoperability or conformance testing.  In fact, characterizing a tag with this method would require a large number of “gold” readers to emulate the full breadth of the RFID standard.

Stimulus-Response Architecture

A second implementation of a RFID test system is the simple stimulus response architecture.  In this configuration, the “gold” interrogator is replaced with a vector signal generator (VSG).  The generator is able to generate a single “query” command while simultaneously sending a digital marker trigger to a vector signal analyzer.  Upon receiving the trigger, the VSA captures the RF signal for further analysis.  Note that this implementation is a common because measurements are easily automated and can be made with significant predictability [4][7][8][9].

Figure 7. Host-based processing RFID test system

Using the stimulus-response method, conformance testing can be performed in much the same way as in the “sniffer” architecture.  However, the stimulus-response method has one additional benefit – it can emulate a wide variety of interrogator-to-tag commands.  Because each command is created in software, use of a vector signal generator allows us to modify PHY layer characteristics such as data rate and center frequency.  The disadvantage of the stimulus-response method is that it can only be used to emulate the first command of an interrogation round, and thus cannot be used for protocol conformance.  For protocol conformance test, real-time tag response for a complete interrogation round is required is critical.  This type of measurement system is described in the next section

Real-Time Interrogator Emulation

The final and most sophisticated approach to tag or reader testing is complete emulation of either a tag or reader.  In this scenario, the RF instrumentation is able to send and receive commands in much the same way that an actual tag or reader would do.  As a result, the instrumentation can be used to conduct both PHY layer measurements and perform complete protocol validation. 

Protocol testing includes analysis such as: state machine validation and link timing measurements.  While it is often possible to do this by creating a custom interrogator, the easiest approach is to use an out of-the-box RFID tester that uses FPGA-enabled instrumentation.  With FPGA-enabled instrumentation, a real-time baseband processing engine ensures that the system can decode and re-transmit commands within several microseconds.  The VISN-100 is one example of FPGA-enabled instrumentation system, and a block diagram is illustrated in the figure below:

Figure 8. PCI-5640R Enables Real-Time Baseband Processing

 As the figure illustrates, the RFID modulation and demodulation algorithms are implemented in FPGA hardware to ensure that the instrumentation can fully emulate a tag or reader.  In the particular case show above, the algorithms are coded in the NI LabVIEW FPGA graphical programming language.  Once compiled as VHDL, all measurement algorithms can be executed in real-time on the dedicated hardware platform.  The key component of the system in figure 8 is the NI PCI-5640R IF Transceiver [9]. 

 Part 3: Tag and Antenna Characterization

One of the perpetual challenges of RFID tag design is the requirement to maximize tag read range across a broad range of frequencies or on a broad range of deployed objects.  Overall, tag read range is determined by several factors including: antenna gain, effective area, and impedance matching between the inlay (chip) and the antenna.  In some cases, many of these characteristics are also affected by the substrate on which the tag is applied.  Thus, a variety of organizations, including the University of Pittsburgh RFID Center of Excellence and firms such as Oden Technologies serve the RFID community by providing a variety of consulting services [8][10][11].  In this scenario, a firm wanting to use RFID technology will have a consultant help determine factors such as ideal frequency usage and best tag placement for a particular application.

To understand the challenges of tag read range performance, we will first take a look at theoretical tag performance.  To start with, we can express the total power collected by a tag’s antenna in free space according to the following equation.

Equation 1. Antenna power affected by antenna gain, wavelength, and distance [2]

As equation 1 illustrates, the power available at an antenna, P_a, is a function of various factors including the power and gain (efficiency) of the transmitter antenna (P_t  and G_t), the distance from the transmitter (r), electromagnetic wavelength (λ), and gain (efficiency) of the RFID tag’s antenna (G_tag).  The obvious conclusion from equation 1 is that to improve read range (r) without increasing transmit power, we must improve the gain of the RFID antenna.  As a result, characterization of RFID tags often involves significant characterization of antenna over a wide range of frequencies [4][5][7].

Tag and Inlay Impedance Design Decisions

On the RFID tag reader side, re-radiated power is also important.  In general, more efficient re-radiation of electromagnetic waves translates to easier dynamic range requirements on the RFID reader.  Note that re-radiated power is also influenced by factors such as antenna gain and tag-antenna impedance matching.  This is illustrated in the equations below, which express re-radiated power as a function of several factors:

Equations 2 and 3. Antenna power affected by antenna gain, wavelength, and distance [4]

As we observe from equation 3, re-radiated power is highly dependent upon the impedance matching between the inlay and the tag’s antenna.  In equation 3, Z_a represents the impedance of the antenna and Z_c represents the impedance of the chip (inlay).  From this equation, we can see that when the impedance of the antenna is zero (short circuit), the tag will re-radiate four times as much power as a matched antenna.  On the other hand, when the antenna impedance is highly reactive (capacitive), a complex conjugate loaded antenna actually re-radiates more power than an antenna with zero impedance [4].  While we will not explain these tradeoffs in-depth, it is worth noting that design decisions such as choice of antenna and inlay impedance/reactance can have a significant impact on tag performance.  To explore these tradeoffs in-depth, please see: Theory and Measurement of Backscattering from RFID Tags, by Nikitin and Rao [4].  In their article, the detail not only the tradeoffs between various combinations of antenna and inlay impedance, but they also characterize tag performance across frequency range.  A description of the measurement system used can be found in the following case study: Using National Instruments Software and Hardware to Develop and Test RFID Tags, by Pavel V. Nikitin, Intermec Technologies, Inc [12].

Relationship Between Read Range and Antenna Gain

While read range can be improved by improving the efficiency of the RFID tag’s antenna, other factors can affect read range as well.  Thus, maximizing read range has been the subject of much research.  To investigate this subject, we will first evaluate a theoretical calculation of read range, illustrated in the equation below.

Equation 4. Read range as function of distance and equivalent isotropic radiated power (EIRP) [3]

In addition, the theoretical read range can be described in greater detail according the equivalent power and gains from each of the antennas involved in the transmission.  In greater detail, we represent the range with the following equation:

Equation 5. Read range as function of distance, power, and gain [4]

In equation 5, the Tau (τ), is the same K factor from equation 3.  Note that while we can theoretically estimate the read range as a function of wavelength (λ) and various power and gain coefficients, practical measurements for read range are more difficult.  In fact, tag and chip impedance are only two of several factors that affect read range [2][3][4]. 

One motivation for RFID consulting services is that a deployed tag’s substrate can often substantially affect read range [8][10][11].  In other words, while a tag tuned to a frequency of 915 MHz might have read range of 4 meters on one object and a read range of 3 meters on another object, even if the interrogator’s transmission in both scenarios has the same ERIP.  The reason for this behavior is that that read range is highly determined by the impedance of the tag’s antenna and chip (as noted in the Tau, τ, factor of equation 5).  Unfortunately, the impedance of the tag’s antenna can actually be affected by substrate on which it is applied.  Because impedance is one determining factor of the resonant frequency of an RFID tag, changes in impedance can drastically affect the read range.  Thus, practical use of RFID systems often requires substantial testing to ensure that the tag will produce the desired read ranges, when applied to the various mediums.

Because the read range of an RFID system is highly dependent on the impedance of the tag, chip, and substrate, RFID system designers often employ one of several techniques to tune a specific tag so that it is optimized according to substrate and frequency.  In [4], Rao, Nikitin, and Lam explore the technique of tuning a tag by actually clipping the ends the antenna.  In addition, other techniques can be employed as well.  Some tag manufacturers actually intentionally design RFID UHF (915 MHz) tags with a resonate frequency that is well over 100 MHz higher than the operational frequency.  In other instances, researchers have explored techniques that can be employed by a tag or reader to dynamically re-tune the resonate frequency of a tag. 

Characterization of Power vs. Frequency

While we do attempt to describe all of the mechanisms employed to optimize read range, it is important to emphasize that a wide range of factors can influence a tag’s performance over a broad range of frequencies.  For this reason, one of the most common measurements used in tag characterization is basic power vs. frequency analysis.  Simple measurements of a tag’s power versus frequency can be accomplished with either a VSG/VSA combination, or with a complete RFID emulation measurement system.  In this configuration, both the RF generator and analyzer are swept through a range of frequencies.  At each step, the power of the tag response is measured at each discrete frequency.

Part 4: Protocol and Conformance Test

 While extremely basic PHY (physical) layer measurements can be used to characterize the RF performance of an RFID tag or reader, additional validation is often required for conformance test.  In this method of testing, tag or reader commands are demodulated and the returned bitstream is evaluated.  In general, both protocol and conformance testing should be performed with a combined RFID measurement and emulation system.  This system, which uses an FPGA to perform real-time baseband processing, is able to concurrently emulate a tag reader while performing PHY layer measurements.  For our discussion of protocol and conformance test, we will divide our discussion into three sections, which follow below:

• PHY layer conformance test
• Demodulation of backscatter
• Emulation-based protocol testing

PHY Layer Conformance Test

Both standard conformance and multi-vendor interoperability can be tested by emulation of various interrogator-to-tag parameters.  The ISO 18000-6C (Class 1 Gen 2) is extremely flexible in range of modulated signals that an RFID tag is expected to decode.  For example, section 6.3.1.2 of the EPC Class 1 Gen 2 air interface specifications permit interrogators to use either DSB-ASK (double-sideband ASK), SSB-ASK (single-sideband ASK), or PR-ASK (phase-reversal ASK) modulation schemes.  In addition this section specifies that a tag should operate over a variable Tari (Type-A reference interval).  This interval, which defines the duration of “Zero” symbol, can range from 6.25 to 25 μs [1].  Finally, section 6.3.1.2 also provides specific guidelines for minimum and maxim values for parameters such as RF envelope ripple, modulation depth, and many others.  As a result of the standard’s flexibility, tag validation and verification requires tags to be tested over a wide range of stimulus conditions.  Two of the most common parameters that a tag must be tested for are the data rate and RF envelope of the interrogator-to-tag transmission.

RF Envelope Parameters

As we observe in Figure 9, the various parameters of the RF envelop for ASK and PR-ASK reader-to-tag transmissions are strictly defined in the ISO 18000-6 Type C. standard.

Figure 9. Specified Requirements for ASK Modulation in ISO 18000-6 Type C

According to section 6.3.1.2 of the EPC Class 1 Gen 2 air interface specifications, the RF envelope of transmitter-to-tag transmission should adhere to the following characteristics:

Figure 10. RF envelope parameters of interrogator-tag-transmission [1]

In order to validate that a tag is conformant, it must be tested through each permutation of the standard.  One way to accomplish this is with a software-defined approach to command generation.  By simulating parameters such as modulation depth and RF pulse width in software, we are able to validate that the tag is responsive to a broad range conditions.  In addition, because this can be done in an automated manner, we are able to quickly validate that the tag is conformant with the standard.

 Demodulation of Backscattered Baseband

In order to validate that the command response from a tag or reader is correct, it is first necessary to demodulate the RF carrier.  In this section, we will primarily focus on demodulation of T -> R transmissions.  With turn-key RFID solutions such as the VISN-100 RFID tester, demodulation of commands is performed automatically by the software.  Thus, this section is academic exercise designed to promote greater understanding of why tag radar cross section (RCS) is important.

As we will see in the following sections, the combination of both phase and amplitude modulation in RFID tags requires designers to make tradeoffs between the chosen impedance stances of the tag.

Demodulation of T -> R transmissions presents a unique because of the backscattering demodulation technique.  With this technique, an antenna will collect an electromagnetic wave and then reflect it back towards the transmitter.  As the electromagnetic wave is reflected back towards the antenna, a transistor is switched rapidly between one of two impedance states.  Because each impedance state has both a complex and imaginary characteristic, the resulting RF signal will have changes in both phase and amplitude.  Thus, backscattered information from an RFID tag uses a modulation scheme that is something of a combination of phase-shift keying (PSK) and amplitude shift keying (ASK).  To illustrate this, we can contrast a typical constellation plot (Smith Chart) of a backscattered RFID wave with that of an ASK and PSK modulated waveforms.  This is illustrated in the figure below:

Figure 11. Smith charts of a backscattered, ASK, and PSK waveforms.

Because the modulation type for RFID T -> R communications is slightly non-traditional, software-defined instrumentation allows us to implement custom demodulation algorithms to correctly decode the data. 

Demodulation of T -> R transmission is actually something of a cross between ASK and PSK demodulation.  At a high level, we can examine an algorithm for demodulation of backscattering in the diagram below:

Figure 12. Demodulating backscattered RFID

Note that the algorithm in figure 12 is a modified version of a traditional PSK demodulator. 

 Step 1: High-Pass Filter

The first step in demodulating backscattered data is to pass the baseband waveform through a high-pass filter.  By applying the high-pass filter, any DC offset is removed, enabling the baseband waveform to be demodulated with a traditional PSK demodulator algorithm.  Removal of the DC offset can be observed in figure 13, and the resulting baseband waveform is shown to be centered around the origin of a Smith chart. 

Figure 13. Role of high-pass filter in backscatter demodulation.

As we see in figure 13, filtered baseband will match the symbol map of BPSK (binary phase shift keying) and can be demodulated with a traditional PSK demodulation algorithm,

Step 2: Clock Recovery

Clock recovery is the second step in the demodulation of a backscattered carrier.  This step is actually the first of the traditional PSK algorithm.  In this phase, the baseband waveform is essentially re-sampled so that each symbol location will align precisely with a baseband sample.  Clock recovery is sometimes called a maximum likelihood algorithm and it is often combined with the application of a matched filter.

Note that because both the transmit and receive chains of an interrogator will share the same LO, it is typically unnecessary to remove carrier frequency offset.  Because the tag simply remodulates the carrier of the interrogator, both the interrogator-to-tag and tag-to-interrogator transmissions will occur at precisely the same RF frequency.  Thus, the only carrier offset present will occur as a result of the Doppler affect from a mobile tag.  In most scenarios, this affect is not significant enough to significantly affect demodulation of the signal

Step 3: Decimation to Symbol Rate

Once each sample is aligned to ideal symbol locations, the final symbols can be obtained by decimating the waveform to the symbol rate.  As a result of decimation, each sample of the resulting waveform will have samples that correspond to two distinct states. 

Step 4: Symbol Mapping

A digital bit is assigned to each sample based on its corresponding phase and amplitude.  This is perhaps best illustrated in figure 14, which illustrates how each symbol is mapped to binary information. 

Figure 14. Graphical representation of mapping symbol mapping

Mathematically, symbol mapping is performed simply by comparing to the phase of each complex symbol to a particular threshold.  As we observe in figure 14, symbols with a phase value between 100º and 280º are assigned a digital value of ‘1’, while all others will have the digital value of ‘0’.  Once symbols are mapped to their corresponding binary values, the appropriate channel decoding algorithm can be used to return the raw message data from the encoded bistream.

As a result of demodulating the tag-to-reader transmission, the resulting RF signal can be directly translated into a digital bitstream.  This translation is a critical aspect of RFID protocol testing, since which involves verification that the appropriate packets have been transmitted by the tag. 

Protocol Testing with Reader Emulation

The combination of flexibility within existing RFID standards and the requirement for multi-vendor interoperability makes protocol testing an important stage of product development.  For example, the ISO 18000-6 type C protocol enables both tags and readers to operate with a broad range of variability.  As an example, the standard enables an interrogator to send data at a variety of symbol rates.  In addition, the same standard also requires the tag to respond to various interrogator commands within an allotted time period that is dependent on the original command.  Finally several RFID standards specify both optional and required commands that the tag and reader must support.  For the purposes of our discussion here, protocol testing is the process of validating that the tag is functionally compliant with the protocol being used.  In the following discussion, all protocol testing has been done with respect to the ISO18000-6C standard.  Though each standard will have its unique nuances, the widespread adoption of this standard motivates our discussion below.

Note that on the instrumentation side, protocol testing requires that our RFID measurement system be capable of full reader or tag emulation.  While a stimulus-response instrumentation system can be used to measure basic PHY layer characteristics, protocol testing requires us to simulate an entire interrogation round between the reader and tag.  Thus, it is crucial that our measurement system is capable fully emulating a functional tag reader.  In most cases a “golden” tag reader is insufficient for this task, because it cannot be programmed with the same flexibility as an instrumentation system.  In addition, use of a “golden” reader approach lacks the RF measurement capability of a vector signal analyzer.    

The ideal approach to protocol testing is with a combined emulation and measurement system, such as the VISN-100 RFID tester from VI Service Network.  As we briefly highlighted in our section on instrumentation systems, this product is based on the NI PCI-5640R RF Transceiver.  The transceiver features both IF input and IF output channels which are connected to external upconverter (PXI-5610) and downconverter (PXI-5600) modules.  One unique characteristic of this product is that both input and output channels are directly connected to an NI LabVIEW FPGA target.  The FPGA conducts all baseband processing and through real-time execution is able to fully emulate and demodulate commands to and from an RFID tag.  A block diagram of this is illustrated in the figure below:

Figure 15. PCI-5640R Enables Real-Time Baseband Processing (update image!!!)

As a result of the baseband processing engine illustrated in figure 15, the RFID measurement system is capable of simultaneously emulating an RFID interrogator and characterizing the tag’s response.  In the following section, we will describe how this system can be used for three unique protocol functional tests: data rate validation, link timing validation, and command set validation.

Data Rate Timing Validation

According to the ISO 18000-6C specifications for, a tag must be designed so that it can communicate with interrogators operating at range of data rates.  In addition, it also specifies that RFID readers must use the same data rate for the duration of the interrogation round. 

In the interrogator-to-tag transmission, interrogators utilize PIE (pulse interval encoding) encoding to make demodulation easier within the tag.  The basic premise of PIE encoding is that different pulse intervals are used to represent a ‘0’ and ‘1.’  This is illustrated in figure 16 below.

Figure 16. ISO 18000-6 Type C timing diagram

As we observe in figure 16, pulse interval encoding uses variable pulse lengths to transmit digital information.  Note that the data rate is often specified by the time interval required to transmit a zero bit when using PIE encoding.  This value is known as the ‘Tari,’ which stands for ‘Type A Reference Interval.’ 

According to the ISO 18000-6C standard, tags are required to respond to commands whenever the Tari value is between 6.25 to 25 μs [1].  Thus, multi-vendor interoperability testing requires that we validate a tag’s performance across all potential data rates.  In a typical test sequence, we can emulate multiple interrogators by performing a stimulus-response measurement for a range of Tari values between 6.25 to 25 μs.  For each Tari step, we can both functionally validate that that is response and measure the PHY layer characteristics of the tag’s response.

Link Timing Validation

One series of measurements that requires full emulation of the RFID interrogator is validation of the link timing characteristics.  As specified by the ISO 18000-6C standard, the link timing specifications govern the maximum and minimum response times of a tag to a reader – and vice versa.  To perform this measurement, it is important to simulate a complete interrogation round between the reader and tag.  In this case, a simple stimulus-response measurement is insufficient, because it is possible for the link timing to vary from one command to the next.  Thus, in order to validate that the link timing is within spec for all communications between the tag and reader, it is important to simulate an entire interrogation round.  An example of this is illustrated in figure 17, shown below:

Figure 17. Link Timing Parameters for ISO 18000-6 Type C

As we observe in figure 17, an interrogation round results in a series of commands being exchanged between the interrogator and tag.  In addition, these commands are exchanged in a hand-shake manner.  In other words, when the tag responds to the interrogator, it is essential for the interrogator to issue its command within the specified limits of the T₂ link timing parameter.

For example, consider a scenario in which a tag takes longer to issue a RN16 command than it does to issue a PC + EPC + CRC16 command sequence.  As illustrated in the figure above, the interrogator first issues a Query or QueryRep command.  Upon receiving the command, the tag responds with an RN16 command in according with the T₁ link timing specifications.  Based on the exchange of these two commands, it is essential that the interrogator respond with an Ack command within the given T₂ specification to ensure that that tag will respond with the PC + EPC + CRC16 command sequence.  Thus, to validate that the tag will respond to all commands within the allotted T₁ time period for all commands, it is necessary to simulate a complete inventory round.

Note that in addition to simply measuring the link timing characteristics of an interrogation round, we can also simulate how a tag will respond to variable link timing.  Using a software-defined emulation approach, we are able to configure our RFID test system to use custom T₂ and T₄ link timing values for each interrogator-to-tag transmission.  By sweeping these parameters through the range of values specified by the ISO18000-6C standard, we are able to validate that the tag is conformant with the protocol.

In all, there are actually four link timing parameters that we must consider when testing either tags or readers.  These parameters, T₁, T₂, T_3, and T₄, are determined primarily by the data rate used for transmission.  A detailed look at limits and descriptions for each link timing parameter is illustrated in table 3, below:

 

Figure 18. Link timing requirements as specified by ISO1800-6C [1]

 Note, in figure 18, we can define RTcal as the duration of a data-0 symbol plus the duration of a data-1 symbol in an interrogator-to-tag transmission.  In addition T_pri is the equivalent of 1/BLF, where BLF is the backscatter link frequency.

Tag Command and State Machine Validation

A final aspect of protocol testing is tag command and state machine validation.  According to the ISO18000-6C standard, RFID tags are designed to respond to pre-defined commands with pre-defined responses.  As we observed in the earlier section, an RFID tag will respond to the “Query” command with a “RN16” command response.  In addition, the tag will enter will entry the Reply state, which defines how the tag will respond to the next command.  In all, there are 7 tag states in the ISO18000-6C standard [1] [8].  These states are: Ready, Arbitrate, Reply, Acknowledged, Secured, and Killed.  In fact, we can take a quick look at the state transition of the tag during a simple inventory round in table 4, below:

Figure 19. An RFID tag transitions through several states during a standard inventory round

As figure 19 suggests, a protocol-conformant tag will respond with a command that is dependent upon its state.  Because all states and potential tag responses are defined by the RFID standard, it is important to validate that the tag will behave as expected to a broad range of conditions.  In this scenario, the RFID test system must be capable full emulation of the interrogator.  In the case of the VISN-100 RFID tester, the instrumentation not only demodulates the tag response, but it also returns the complete command information – including the binary information contained in the tag response.  By analyzing the raw bitstream returned from the tag, we are even able to troubleshoot the tag during the design validation phase of product development.

To understand this in greater detail, consider a subset of a tag’s state machine information in figure 20, shown below.

Figure 20. Partial implementation of ISO18000-6C protocol [1][8]

Because figure 20 is somewhat complex, let us consider the case where the tag is in the Ready state.  While the tag is in this state, a Query command from the interrogator will cause the tag to move into the Arbitrate state.  From there, a QueryAdjust command will yield a New RN16 response from the tag and move to the Reply state.  One interesting characteristic about the Reply state that we observe from the state diagram is that interrogator must respond within the specified T₂ link timing to stay in the Reply state.  In fact, as the diagram illustrates, the tag will actually move back into the Arbitrate if the interrogator does not issue next command within the appropriate window of time.

As the exercise above illustrates, protocol testing can often be complex.  In addition, it requires a measurement system that is capable of reader emulation to complete the entire communication cycle.  In this scenario, one of the primary benefits of the VISN-100 RFID tester is that it can be configured to respond with a wide range of commands to emulate the functionality of interrogators from various manufacturers.

Note that one growing requirement for protocol validation has resulted from the need for tag security.  According to the class 1, gen 2 specifications [1], the security features that enable an interrogator to lock or kill a tag are optional.  Because of this, researchers at the University of Pittsburgh RFID Center for Excellence have approached this problem by automatically configuring the command set of each tag [8].  They developed an RFID compiler that automatically generates controller code for a microprocessor or hardware device based a high-level description of the command set that the user desires to support.  While we will not discuss their research here, you can find more information in the article, “The Unwinding of a Protocol,” by  Dontharaju, Tung, Jones, Mats, Panuski, Cain, and Mickle.

Protocol testing is an important part of RFID tag and reader validation.  While protocol testing is important to validate protocol conformance, perhaps the greater need is to validate interoperability between tags and readers of different vendors.  As we’ve observed, the ISO18000-6C specification allows for significant variability in characteristics such as data rate (Tari), link timing, and even command set.  Thus, tag or reader emulation is an important aspect of product validation because it allows us to simulate a full range of conditions that a product might encounter in the deployment environment.

Part 5: RFID Test Vendors and Partners

RFID test systems can be implemented in a variety of ways according to the test needs.  While several National Instruments customers have implemented the PHY layer specific RFID protocols on their own using a standard PXI RF vector signal analyzer and RF vector signal generator, the same task can now be accomplished with an out-of-the box solution.  National Instruments recommends the VISN-100 RFID tester from VI Service Network (VISN).  This solution is detailed in the section below.

VISN-100 RFID Tester

The NI-VISN-100 RFID Tester, designed by VI Service Network, a comprehensive conformance test solution for RFID tags and readers.  Because it implements the RFID protocol stack within the FPGA of the PCI-5640R IF Transceiver, it is capable of full RFID tag and reader emulation.  The tester is based on National Instruments vector RF modules, including the NI PXI-5610 2.7 GHz RF Upconverter and the NI PXI-5600 2.7 GHz RF Downconverter.  While brief specifications follow below, for more information on the product shown above, see: VI Service Network Offers RFID Tester.

Product Specifications:

• 250 kHz to 2.7 GHz Frequency range
• 20 MHz Real-time bandwidth
• -130 dBm/Hz Noise density
• High-stability OCXO timebase
• +15 dBm Maximum output power

Measurements / Features:

• Frequency Accuracy, Frequency Drift
• Power in Band, OBW, ACPR
• Frequency and Power Sweeping
• Power On/Off Time, Settling Time
• Transmission Ripple, Pulse Width, Duty Cycle, Modulation Depth
• Tari, Delimiter, Preamble
• Link Timing, Turn-around Time
• Data Rate, Coding Test
• AnticollisionTest, Protocol State Transition

RFID Standards Supported:

• ISO 14443 Type A&B
• ISO 15693
• ISO 18000-3 Mode 1&2
• ISO 18000-6 Type A&B&C
• EPC HF Class 1
• EPC Class 1 Generation 2
• Customized Standard
• Future RFID Standard

Partners and Distributors

The VISN-100 RFID tester is distributed worldwide through various distributors.  These are listed below:

Greater China: VI Service Network 

About VI Service Network: http://www.vi-china.com.cn

VI Service Network is an independent instrumentation engineering service company that serves the growing instrumentation needs in China and elsewhere. We have expertise in the following areas: cellular phone and related radio frequency testing, sound & vibration testing, vision and motion integration. VI Services was started by Dr. Hui Shao, a former NI Shanghai RD manager.

Contact Information: hui.shao@vi-china.com.cn

 

Europe: CISC Semiconductor Design and Consulting  

About CISC: http://www.cisc.at

CISC Semiconductor Design and Consulting GmbH is a design and consulting service company for industries developing embedded microelectronic systems with extremely short Time-To-Market cycles.  Their core competences are: System design, modeling, simulation, verification and optimization of heterogeneous embedded microelectronic systems with a particular focus on Automotive and RFID systems.

 

Japan: Peritec 

About Peritec: http://www.peritec.co.jp/

Peritc specializes in system integration and general consulting for LabVIEW and other National Instruments products.  Their specialties include manufacturing test and RFID measurements.

Contact Information: Peritec@peritec.co.jp

 

    United States: Nexjen Systems 

About Nexjen: http://www.nexjen.com

Nexjen Systems is a division of Jenkins Electric - a century-old supplier of industrial electrical test equipment and repair services. Nexjen continues this test solution tradition by focusing on today's need for test, measurement, and automation solutions. Nexjen is a full service integrator providing our clients with robust solutions that are non-proprietary, modular, using open architecture.

Contact Information: sales@nexjen.com

 

Korea: Infinity Wireless

Taiwan: T&C Technologies

 

Conclusion

The unique challenges of RFID tag testing have spawned a wide variety of testing methodologies.  From simple configuration of a vector signal analzyer as a packet “sniffer,” to full interrogator emulation, increasing complexity of the test instrumentation offers increasing completeness of measurement capabilities.  Thus, when performing RFID tag validation and verification, careful consideration of desired measurements must be performed in order to select the appropriate measurement hardware.  For comprehensive testing that involves both PHY layer measurements and protocol validation, National Instruments is pleased to recommend the VISN-100 RFID test system.

References

[1] EPCTM Radio-Frequency Identification Protocols Class-1 Generation-2 RFID Protocol for Comunications at 860 MHz – 960 MHz Version 1.10, EPCglobal Inc, 2006.

[2] Dobkin, Daniel M.  “The RF in RFID,” Elsevier Inc, 2008.

[3] Ng, Mun Leng. Leong, Kin Seong.  Cole, Peter H. Analysis of Constraints in Small UHF RFID Tag Design, 2005.

[4] P. V. Nikitin and K. V. S. Rao, Theory and measurement of backscattering from RFID tags, IEEE Antennas and Propagation Magazine, vol. 48, no. 6, pp. 212-218, December 2006.

[5] P. V. Nikitin, K. V. S. Rao, and R.D. Martinez, “Differential RCS of RFID tag,” Electronics Letters, 12^th April 2007, Vol. 43 No. 8.

[6] P. V. Nikitin, K. V. S. Rao, and S. Lazar, “An overview of near field UHF RFID”, IEEE RFID 2007 Conference, March 2007.

[7] Rao, K. V. Seshagiri, Nikitin, Pavel V. Nikitin, and Lam, Sander F. Lam.  “Antenna Design for UHF RFID Tags: A Review and a Practical Application.”  IEEE Transactions on Antennas and Propagation, VOL. 53, NO. 12, DECEMBER 2005.

[8] S. Dontharaju, S. Tung, A. K. Jones, L. Mats, J. Panuski, J. T. Cain, and M. H. Mickle, “The Unwinding of a Protocol,” IEEE Applications & Practice, RFID Series, Vol. 1, No. 1, pp. 4 - 10, April 2007.

[9] Jones, A. K., Dontharaju, S., Mats, L., Cain, J. T., and Mickle, M. H., “Exploring RFID Prototyping in the Virtual Laboratory,” MSE Conference, 2007.

[10] Sweeney, Patrick J.  RFID for Dummies, pp.119-138. Wiley Publishing Inc, 2005. 

[11] Mickle, Marlin H. "Establishment of the University of Pittsburgh RFID Center of Excellence," IEEE Applications and Practice Magazine, April 2007. 

[12] Nikitin, Pavel V., Using National Instruments Software and Hardware to Develop and Test RFID Tags, 2008.

Appendix A: Terms and Definitions

Term	Definition
Air Interface	Referring to the RF link (electromagnetic) between an interrogator and tag
ASK	Amplitude Shift Keying (modulation scheme
BLF	Backscatter-link frequency (BLF = 1 / Tpri )
CRC16	16-bit cyclic redundancy check
dBm	Power in decibels relative to 1 mW
DR	Divide ratio
DSB-ASK	Double-Sideband Amplitude Shift Keying (modulation scheme)
EPC	Electronic Product Code
FSSS	Frequency Hopping Spread Spectrum
Inventory Round	A session between interrogator and tag initiated by the interrogator with a Query command and ended with a Query or Select command
PIE	Pulse Interval Encoding
PR-ASK	Phase-Reversal Amplitude Shift Keying (modulation scheme)
PSK	Phase Shift Keying (modulation scheme)
PHY Layer	Physical layer - refers to RF, modulation, and encoding characteristics
RN16	16-bit random or pseudo-random number
RTcal	Duration of data-0 plus duration of data-1 in interrogator-to-Tag transmission
SS-ASK	Single-Sideband Amplitude Shift Keying (modulation scheme)
Tari	Duration of a data-0 symbol in interrogator-to-tag signaling
TAT	Turn-around-time (general link timing term for T1,T2,T3, andT4
T1	Time for interrogator transmission to tag response
T2	Time from tag response to interrogator transmission
T3	Time an interrogator waits, after T1, before it transmits another command
T4	Minimum time between interrogator commands
Tf	RF signal envelope fall time
Tpri	Backscatter-link pulse-repetition interval (Tpri =1/BLF)
TRcal	TRcal = (DR/BLF) – refers to Tag-to-Interrogator calibration symbol
VSA	Vector signal analyzer
VSG	Vector signal generator

 

 

 

 

Reader Comments | Submit a comment »