Ensyc Technologies RF24BLK User Manual
RFID UHF Short Range Controller
RF2400
Product Specification
Revision 1.0
Prepared by: Synergy Technology, Inc. & Synaptec Enterprises, Inc.
Author: Richard L. Hicksted & Michael A. Spahr
________________________________________________________________________
- C
ONFIDENTIAL
3/30/2008
-
L
EGAL NOTICES
Copyright © 2007 Ensyc Technologies. All rights reserved.
Ensyc Technologies maintains intellectual property rights pertaining to technology
incorporated in the product(s) described in this document; including without limitation
certain patent rights or patent pending applications in the U.S. and other countries
This document and related product(s) are distributed under licenses restricting use,
copying, distribution, and decompilation. No part of this documentation may be
reproduced without prior written consent of Ensyc Technologies
FCC C
OMPLIANCE
Every effort has been made to design and manufacture this product in accordance with
the limits for a Class A digital device, pursuant to Part 15 of the FCC Rules. These limits
are designed to limit interference when the equipment is used in a commercial
environment. The related equipment generates, uses, and radiates radio frequency energy
and if not installed and used in accordance with this specification may cause harmful
interference with radio communications. Operation in a residential area is likely to result
in interference in which case the user will be required to correct the interference at his
expense.
It is the responsibility on an OEM to obtain certification to operate per FCC Part 15
Subpart A Section 15.21 regulations for the entire system into which this product is
installed.
FCC RF R
ADIATION EXPOSURE STATEMENT
:
The antenna(s) used for this transmitter must be installed to provide a separation distance
of at least 20 cm from all persons and must not be co-located or operating in conjunction
with any other antenna or transmitter. End-users and installers must be provided with
antenna installation instructions and transmitter operating conditions for satisfying RF
exposure compliance.
________________________________________________________________________
- C
ONFIDENTIAL
3/30/2008
-
NOTE
Part 15.21
Changes or modifications not expressly approved by the
party responsible for compliance could void the user’s
authority to operate the equipment.
NOTE: The manufacturer is not responsible for any radio
or TV interference caused by unauthorized modifications to
this equipment. Such modifications could void the user’s
authority to operate the equipment.
________________________________________________________________________
- C
ONFIDENTIAL
3/30/2008
-
Table of Contents
1 Scope...................................................................................................................................................1
2 Revision History..................................................................................................................................3
3 Reference Documents .........................................................................................................................5
3.1 Specifications & Requirements.........................................................................................5
3.2 Reference Material ............................................................................................................5
4 Overview.............................................................................................................................................7
4.1 DSP Processor...................................................................................................................8
4.2 Transmitter Circuitry.........................................................................................................8
4.3 Receiver Circuitry .............................................................................................................9
4.4 User Interface....................................................................................................................9
4.5 Power Regulation ..............................................................................................................9
4.6 Battery Operation ..............................................................................................................9
5 Functional Description........................................................................................................................11
5.1 Host Protocol.....................................................................................................................11
5.1.1 Message Format...............................................................................................11
5.1.1.1 Message Packet Format.................................................................12
5.1.1.2 Host-to-Reader Payload.................................................................12
5.1.1.3 Reader-to-Host Payload.................................................................13
5.1.1.4 Response Data Formats .................................................................15
5.1.1.4.1 Simple Command Response ........................................15
5.1.1.4.2 Low-Level Command Response..................................15
5.1.1.4.3 Error Response.............................................................15
5.1.2 Reader Commands...........................................................................................16
5.1.2.1 Get Firmware Version (0x00)........................................................16
5.1.2.2 Set Baud Rate (0x03).....................................................................17
5.1.2.3 Set IO Port Value (0x05)...............................................................17
5.1.2.4 Get IO Port Value (0x06) ..............................................................18
5.1.2.5 Get Reader Status (0x0F) ..............................................................18
5.1.2.6 Get Reader Hardware Information (0x11).....................................19
5.1.2.7 Set Reader Hardware Information (0x13) .....................................20
5.1.2.7.1 Paper Sensor Triggered Read ......................................21
5.1.2.8 Set Bi-Directional I/O DDR (0x16)...............................................22
5.1.2.9 Get Bi-Directional I/O DDR (0x17)..............................................22
5.1.3 Tag Commands................................................................................................23
5.1.3.1 Sleep Tag (0x21) ...........................................................................23
5.1.3.2 Get Tag ID (0x24) .........................................................................23
5.1.3.3 Auto Get Tag ID (0x26) ................................................................24
5.1.3.4 Dump ID Data (0x28)....................................................................25
5.1.3.5 Get Raw Tag ID (0x3E).................................................................26
5.1.3.6 Program Tag (0x50).......................................................................27
5.1.3.7 Erase Tag (0x51) ...........................................................................28
5.1.3.8 Kill Tag (0x52)..............................................................................29
5.1.3.9 Lock Tag (0x53)............................................................................30
5.1.3.10 Program Tag Init (0x54)................................................................31
5.1.3.11 LockG2 (0x55) ..............................................................................32
5.1.3.12 Access G2 (0x56) ..........................................................................34
5.1.3.13 Read Tag Memory (0x57) .............................................................35
5.1.3.14 Write Tag Memory (0x58).............................................................36
5.2 Service Port Commands....................................................................................................37
5.2.1 Standard Commands........................................................................................37
5.2.1.1 Baud Rate (baud) command..........................................................37
________________________________________________________________________
P
i
RODUCT SPECIFICATION
5.2.1.2 Transmit Power Step (Txp[0-3]) command...................................37
5.2.1.3 Receive Threshold (rxt) command ................................................38
5.2.1.4 Phase (phs) command....................................................................38
5.2.1.5 Tag Class (tc) command................................................................39
5.2.1.6 Read Retry (rrty) command...........................................................39
5.2.1.7 Read Tag (rt) command.................................................................39
5.2.1.8 Read Loop (rl) command...............................................................39
5.2.1.9 Sequential Loop (sl) command......................................................40
5.2.1.10 Write Tag (wt) command...............................................................40
5.2.1.11 Lock Tag (lt) command .................................................................40
5.2.1.12 Lock Tag G2 (l2) command...........................................................41
5.2.1.13 Access (apw)..................................................................................41
5.2.1.14 Kill Tag (kt) command...................................................................41
5.2.1.15 Quiet Tag (qt) command................................................................41
5.2.1.16 Erase Tag (et) command................................................................42
5.2.1.17 Paper Sensor Triggered Read (pstr) command..............................42
5.2.1.18 Paper Sensor (ps) command ..........................................................42
5.2.1.19 Paper Sensor Threshold (pst) command ........................................43
5.2.1.20 Auto Read Tag (art) command......................................................43
5.2.1.21 Dump ID Data (did) command......................................................44
5.2.1.22 Program Flash (pf) command ........................................................44
5.2.1.23 Speaker Test (st) command............................................................44
5.2.1.24 Beep (beep) command...................................................................45
5.2.1.25 Set EEPROM Defaults (eedef) command......................................45
5.2.1.26 Read EEPROM (ree) command.....................................................45
5.2.1.27 No initial message (noim) command .............................................45
5.2.1.28 Diagnostic (di) command ..............................................................46
5.2.1.29 Ignore CRC (icrc) command .........................................................48
5.2.1.30 Exit (exit) command.......................................................................48
5.2.1.31 Display menu (??) command.........................................................48
5.2.1.32 Standard command summary.........................................................49
5.2.2 Protected Commands.......................................................................................50
5.2.2.1 Password (pw) command...............................................................50
5.2.2.2 Transmit power (txp) command.....................................................50
5.2.2.3 Maximum transmit power (txpmax) command..............................50
5.2.2.4 Minimum transmit power (txpmin) command...............................50
5.2.2.5 Channel select (chan) command....................................................51
5.2.2.6 Hop (hop) command......................................................................52
5.2.2.7 Gen2 Read (g2r) command ...........................................................52
5.2.2.8 Gen2 Write (g2w) command .........................................................52
5.2.2.9 Transmit zeros (t0) command........................................................52
5.2.2.10 Transmit ones (t1) command.........................................................53
5.2.2.11 Transmit alternating (ta) command ...............................................53
5.2.2.12 Transmit random (tr) command.....................................................53
5.2.2.13 Transmit data (td) command..........................................................53
5.2.2.14 Carrier on (con) command.............................................................54
5.2.2.15 Carrier off (coff) command............................................................54
5.2.2.16 Localization (local) command.......................................................54
5.2.2.17 Chipcon register read (ccr) command............................................54
5.2.2.18 Chipcon register write (ccw) command.........................................54
5.2.2.19 Protected command summary........................................................55
5.2.3 Service port error codes...................................................................................56
5.3 Radio Frequency Interface ................................................................................................57
________________________________________________________________________
P
ii
RODUCT SPECIFICATION
5.3.1 Auto-ID Class 1...............................................................................................57
5.3.1.1 Class 1 Reader-Tag RF communications.......................................57
5.3.1.2 Class 1 Tag-Reader RF communications.......................................58
5.3.2 Class 1 – Gen 2................................................................................................59
5.3.2.1 Gen 2 Reader-Tag RF communications.........................................59
5.3.2.2 Gen 2 Tag-Reader RF communications.........................................60
5.4 Logical Structures and Data content..................................................................................62
5.4.1 Gen 2 Tag Structures and Data content...........................................................62
5.5 Autonomous Operation .....................................................................................................63
6 Hardware Description .........................................................................................................................65
6.1 Host Communication Interface..........................................................................................66
6.2 DSP Processor...................................................................................................................67
6.3 EEPROM...........................................................................................................................67
6.4 Transmitter/VCO...............................................................................................................68
6.5 Power Splitter....................................................................................................................68
6.6 Power Amplifier................................................................................................................68
6.7 PA Modulation..................................................................................................................68
6.8 Directional Coupler/RF FIlter ...........................................................................................69
6.9 Selectable LC Phase Delay/Mixer.....................................................................................69
6.10 Base-band Amplifier .........................................................................................................69
6.11 General Purpose Digital I/O Port ......................................................................................70
6.12 Digital I/O Interface ..........................................................................................................71
6.13 Buzzer Circuit....................................................................................................................72
6.14 Optical Sensor Interface....................................................................................................72
6.15 Power Regulators ..............................................................................................................73
7 Specifications......................................................................................................................................75
7.1 Electrical Specifications....................................................................................................75
7.1.1 RF Interface.....................................................................................................75
7.1.2 Communications Interface...............................................................................75
7.1.3 Power Supply ..................................................................................................75
7.1.4 Battery (optional).............................................................................................76
7.2 Environmental Specifications............................................................................................76
7.3 Mechanical Specifications.................................................................................................76
7.4 I/O Connectors ..................................................................................................................77
________________________________________________________________________
P
iii
RODUCT SPECIFICATION
Figures
Figure 4-1
Figure 5-1
Figure 5-2
Figure 5-3
Figure 5-4
Figure 5-5
Figure 5-6
Figure 5-7
Figure 5-8
Figure 5-9
Figure 6-1
Figure 6-2
Figure 6-3
Figure 6-4
Figure 6-5
Figure 6-6
Figure 6-7
Figure 7-1
RF2400 Block Diagram __________________________________________________ 7
Message Packet Format _________________________________________________ 12
Host to Reader Payload Format___________________________________________ 12
Reader to Host Payload Format___________________________________________ 13
Low-Level Command Response ___________________________________________ 15
Class 1 Reader Modulation Timing for Binary 0______________________________ 58
Class 1 Reader Modulation Timing for Binary 1 ______________________________ 58
Class 1 Tag to Reader Encoding __________________________________________ 59
Gen 2 Reader to Tag PIE Encoding ________________________________________ 60
Gen2 Tag to Reader Encoding ____________________________________________ 61
Host Interface _________________________________________________________ 66
Digital I/O Port________________________________________________________ 70
Digital I/O Interface ____________________________________________________ 71
Buzzer Circuit_________________________________________________________ 72
Optical Sensor Interface_________________________________________________ 72
Main Power 4.2V Regulator ______________________________________________ 73
+3.3V and +1.8V Regulator ______________________________________________ 73
RF2400 Mechanical Assembly ____________________________________________ 78
________________________________________________________________________
P
iv
RODUCT SPECIFICATION
Tables
Table 5-1
Table 5-2
Table 5-3
Table 5-4
Table 5-5
Table 5-6
Table 5-7
Table 5-8
Table 5-9
Table 5-10
Table 5-11
Table 5-12
Table 5-13
Table 5-14
Table 5-15
Table 5-16
Table 5-17
Table 5-18
Table 5-19
Table 5-20
Table 5-21
Table 5-22
Table 5-23
Table 5-24
Table 5-25
Table 5-26
Table 5-27
Table 5-28
Table 5-29
Table 5-30
Table 5-31
Table 5-32
Table 5-33
Table 5-34
Table 5-35
Table 5-36
Table 5-37
Table 5-38
Table 5-39
Table 5-40
Table 5-41
Table 5-42
Message Encapsulation Characters ________________________________________ 12
Command/Response Payload Fields _______________________________________ 13
Communication Codes __________________________________________________ 14
Low-Level Response Fields ______________________________________________ 15
Get Firmware Version __________________________________________________ 16
Set Baud Rate _________________________________________________________ 17
Set IO Port Value ______________________________________________________ 17
Get IO Port Value______________________________________________________ 18
Get Reader Status ______________________________________________________ 18
Get Reader Hardware Information_________________________________________ 19
Set Reader Hardware Information _________________________________________ 20
Set Bi-Directional I/O DDR ______________________________________________ 22
Get Bi-Directional I/O DDR______________________________________________ 22
Sleep Tag ____________________________________________________________ 23
Get Tag ID ___________________________________________________________ 23
Auto Get Tag ID _______________________________________________________ 24
Dump ID Data Command________________________________________________ 25
Get Raw Tag ID _______________________________________________________ 26
Program Tag__________________________________________________________ 27
Erase Tag ____________________________________________________________ 28
Kill Tag______________________________________________________________ 29
Lock Tag _____________________________________________________________ 30
Program Tag Init ______________________________________________________ 31
LockG2 ______________________________________________________________ 32
Lock bit usage_________________________________________________________ 33
Lock action field functionality ____________________________________________ 33
AccessG2_____________________________________________________________ 34
Read Tag Memory______________________________________________________ 35
Write Tag Memory _____________________________________________________ 36
Service Port Lead-in sequence ____________________________________________ 37
Transmit Power Level___________________________________________________ 38
Service Port Commands - Standard ________________________________________ 49
RF2400 USA Hopping Table _____________________________________________ 51
RF2400 E.U. Hopping Table TBD _________________________________________ 51
RF2400 Japan Hopping Table TBD________________________________________ 51
Service Port Commands - Protected________________________________________ 55
Service Port Error Codes ________________________________________________ 56
Class 1 Reader-Tag Modulation Parameters_________________________________ 57
Class 1 Tag-Reader Communication Parameters _____________________________ 58
Gen 2 Reader-Tag Modulation Parameters __________________________________ 60
Gen 2Tag-Reader Communication Parameters _______________________________ 61
Class 1 Gen 2 Memory Map ______________________________________________ 62
________________________________________________________________________
P
v
RODUCT SPECIFICATION
________________________________________________________________________
P
vi
RODUCT SPECIFICATION
RFID UHF Short Range Controller (RF2400)
__________________________________________________________________________
1 SCOPE
This document is a detailed technical specification for the RFID UHF Short Range
Controller (RF2400). It provides a comprehensive description of the hardware with
detailed design notes and a complete functional description of the product. This
document is contains proprietary and confidential information and is not intended to be
used as an end user’s manual.
________________________________________________________________________
Ensyc
- C
Technologies P
ONFIDENTIAL
AGE
1 11:56:13 AM
- M
ARCH
30, 2008
RFID UHF Short Range Controller (RF2400)
__________________________________________________________________________
2 REVISION HISTORY
1.0 11/28/07 Initial Release
________________________________________________________________________
Ensyc
- C
Technologies P
ONFIDENTIAL
AGE
3 11:56:13 AM
- M
ARCH
30, 2008
RFID UHF Short Range Controller (RF2400)
__________________________________________________________________________
3 REFERENCE DOCUMENTS
The following documents form part of this specification to the extent specified herein. In
the event of a conflict between the requirements of this specification and the associated
product drawings, referenced documents or firmware listings, the drawings, documents
and listings shall take precedence.
3.1 SPECIFICATIONS & REQUIREMENTS
MIT Auto-ID Center – Operational Specification for a UHF Radio Frequency Identification (RFID) System – Part I.
Class 1 UHF Devices - May 29, 2002
MIT Auto-ID Center – Technical Report - 860MHz–930MHz Class 1 Radio Frequency Identification Tag Radio
Frequency & Logical Communication Interface Specification Candidate Recommendation, Version 1.0.1 – November
14, 2002
EPC™ Radio-Frequency Identity Protocols Class-1 Generation-2 UHF RFID Protocol for Communications at 860
MHz – 960 MHz Version 1.0.9 – January 31, 2005
FCC - Title 47 Part 15.247 – Operation within the bands 902-928MHz, 2400-2483.5 MHz, and 5725-5850 MHz.
3.2 REFERENCE MATERIAL
Texas Instrument – TMS320F2808 Data Manual – SPRS230H – October 2003-Revised June 2006
Chipcon AS / Texas Instrument – CC1070 Single Chip Low Power RF Transmitter for Narrowband Systems –
SWRS043 - Rev 1.3
Chipcon AS – AN014 Frequency Hopping Systems (Rev 1.0) – 2002-03-20
Hittite Microwave Corporation – HMC545 GaAs MMIC SPDT Switch, DC-3 GHz – V00.0905
Triquint Semiconductor – TQM7M4006 - 3V Quad-Band GSM850/GSM900/DCS/PCS Power Amplifier Module Data
Sheet-Revision E – February 22, 2006
Mini-Circuits – ADE-2 – Surface Mount Frequency Mixer Level 7 (LO Power +7dBm) 5 to 1000MHz REV. D. –
M102713, RVN/TD/CP/AM 070412
Linear Technology – LT6231 – 215MHz, Rail-to-Rail Output, 1.1nV/Hz
623012fs
Analog Devices – ADG723 – CMOS, Low Voltage, 4Ω Dual SPST Switch – Rev B - C00045-0-2/07(B)
Analog Devices – ADG823 - <1 Ω 1.8V to 5.5V, Dual SPST Switch – REV.0 – C02851-0-8/02(0)
1/2
, 3.5mA Op Amp Family – sn623012
________________________________________________________________________
Ensyc
- C
Technologies P
ONFIDENTIAL
AGE
5 11:56:13 AM
- M
ARCH
30, 2008
RFID UHF Short Range Controller (RF2400)
__________________________________________________________________________
4 OVERVIEW
The RF2400 RFID Controller is a low cost implementation of a UHF RFID reader
designed specifically for short range applications. The Controller has been designed to
read, write, and verify EPC Class 1 and Generation 2 tags, is implemented as a single
electronics module and requires a separate antenna. (Refer to Figure 4-1)
Figure 4-1 RF2400 Block Diagram
________________________________________________________________________
Ensyc
- C
Technologies P
ONFIDENTIAL
AGE
7 11:56:13 AM
- M
ARCH
30, 2008
RFID UHF Short Range Controller (RF2400)
__________________________________________________________________________
4.1 DSP PROCESSOR
The heart of the RF controller is a 100 MIPS DSP processor. The processor
communicates with the host over an RS232 interface using a media independent protocol.
Message packets from the host direct all RF2400 reader operations and upon completion
the processor sends a response packet.
The processor is interfaced to a highly integrated single chip UHF transmitter/VCO over
an SPI bus which provides the RF carrier and Frequency Hopping Spread Spectrum
(FHSS) signaling. Using a PWM the processor establishes the gain of a RF amplifier and
amplitude shift keys (ASK) modulates the carrier by switching this signal on/off.
The processor demodulates the backscatter signal from a tag using a high-pass filter and a
FET switch to remove the DC component from the signal and samples the output of the
base-band amplifier using a 12-bit A/D input. The processor phase locks to the signal,
synchronizes to clock edges, and follows the average signal level/gain to properly decode
the data.
Additionally, the processor controls an optical sensor to identify the presence of a tag to
implement auto interrogation. A scheme involving modulation of the sensor emitter and
demodulation of the reflected signal is used as a means to suppress ambient light and
improve the reliability of the sensor. The sensor input can be configured as a switch
input and used to manually trigger reads.
Finally, the processor drives several LEDs to indicate power, activity and error
conditions as well as a speaker to attract user attention.
4.2 TRANSMITTER CIRCUITRY
An integrated single chip transmitter is used and controlled by the DSP processor to
produce the RF carrier required to communicate with a UHF RFID tag. Additionally,
this component incorporates the necessary circuitry to implement Frequency Hopping
Spread Spectrum (FHSS) signaling for noisy environments and to meet agency spectral
requirements. To enhance speed of operation, the Transmitter/VCO includes dual sets of
frequency control registers to allow overlapped frequency configuration during operation.
UHF frequency is synthesized from an inexpensive crystal using a programmable
fractional divider to achieve high resolution and is ideal for narrow band applications. An
external loop filter is provided to meet the stabilization requirements imposed by FHSS.
A power splitter is used to divide the VCO output for use as both a local oscillator and
RF carrier. An LC phase shifter between the splitter and mixer is used to select the inphase and 90 degree phase components providing a mechanism to compensate for the
phase of the received signal
A 2-watt GSM Power Amplifier is used to boost the RF carrier and is adjustable from
0dBm (1mW) to 24dBm (250mW). The amplifier is designed for low cost cellular phone
applications and requires only a few external power filtering components. Output power
is adjusted using a voltage control input from the DSP processor. A PWM output sets the
voltage which is filtered by a 2-pole Sallen-Key low-pass filter. The filtered voltage is
________________________________________________________________________
Ensyc
- C
Technologies P
ONFIDENTIAL
AGE
8 11:56:13 AM
- M
ARCH
30, 2008
RFID UHF Short Range Controller (RF2400)
__________________________________________________________________________
switched to the power amplifier through two independent time constants. This shaping
meets EPCTM and FCC requirements reducing transmit spurs by controlling the on and
off rate of the power amplifier. The output of the amplifier is connected to the antenna
using a PCB implemented directional coupler with 8dB coupling loss and directivity
between 25dB and 30dB. A LC PI filter couples the output of the filter to the antenna
filtering any harmonic components.
4.3 RECEIVER CIRCUITRY
Tag backscatter is coupled to a precision mixer from the directional coupler. The output
of the mixer is coupled to the receiver circuitry using an impedance matching amplifier.
An acquisition switched high-pass filter removes the DC component before applying the
signal to the 34dB base-band amplifier/800KHz filter. The amplified signal is sampled
by the DSP using a 12-bit A/D input. The DSP processor tracks the average value of the
signal; phase locks to the signal, and synchronizes to the clock edges in order to decode
the data.
4.4 USER INTERFACE
The RF2400 reader is interfaced to the host using an RS232 serial connection.
Commands and responses are communicated using packets. The protocol includes
commands to configure and status the reader as well as commands to program and read
tags. Several LED outputs and an integrated speaker provide user feedback of power,
activity and error conditions. A separate optical sensor interface allows to processor to
sense presence of a tag providing a means to auto interrogate the tag
4.5 POWER REGULATION
The RF2400 reader is powered from a single 5volt power source and requires only 900
mA to provide 24dBm(250mW) of RF power. Main 5 volt power is converted to 4.2
volts by a Li-Ion battery charger. This can charge an optional battery for portable
operations. The 4.2V power is used directly by the RF power amplifier but also feeds the
3.3volt low noise RF power and 1.8 volt processor core voltage LDO regulators.
4.6 BATTERY OPERATION
An optional 3.7V 3200mA/hr Li-Ion battery can be used for remote operation. A battery
charging circuit maintains the battery voltage between 4.0 and 4.1V. In order to extend
battery life and prevent overheating and the possibility of explosion, both the battery and
charging circuit include protection circuitry. Additionally, firmware monitors the charge
state and shuts down the charger when the battery is fully charged.
While operating on battery, steps have been taken to reduce the operating current in order
to extend the operational time between charges. Normally the processor runs at
100MHz, which is required while accessing tags. When idle, the processor clock is
decreased to 20 MHz, greatly reducing the required current.
________________________________________________________________________
Ensyc
- C
Technologies P
ONFIDENTIAL
AGE
9 11:56:13 AM
- M
ARCH
30, 2008
RFID UHF Short Range Controller (RF2400)
__________________________________________________________________________
5 FUNCTIONAL DESCRIPTION
The RF2400 reader is a radio frequency identification (RFID) communication interface
designed specifically for short range applications. The reader interfaces to a host
processor with an industry standard RS232 or optional USB interface adapter using a
media independent protocol. The RF2400 reader supports the reader commanded
functionality required for both the Auto-ID Center Class1 and Gen 2 Tags operating in
the frequency range of 860MHz-960MHz.
5.1 HOST PROTOCOL
This section describes the format and commands for the bi-directional communication
between the RF2400 reader and the host including command codes, parameters, and
response data.
Commands are divided into several code groups:
00 – 1F setting and retrieving RF2400 reader parameters
20 – 3F reader-to-tag modulation commands that return a single response message
40 – 4F reader-to-tag modulation commands that result in a tag-list response
50 – 5F tag programming commands
60…6F setting and retrieving RF2400 reader configuration data
D0 – DF loading RF2400 firmware code
F0 – FF reserved for managing a tag list
The following section describes the binary protocol for serial communication between
the host and the RF2400 Module. This protocol is media independent and can be
implemented using RS232, USB, or other serial interfaces
5.1.1 Message Format
Messages encapsulate commands from the host and responses from the RF2400 reader
that are sent as packets over the serial interface between the host and the RF2400 reader.
________________________________________________________________________
Ensyc
- C
Technologies P
ONFIDENTIAL
AGE
11 11:56:13 AM
- M
ARCH
30, 2008
RFID UHF Short Range Controller (RF2400)
__________________________________________________________________________
5.1.1.1 Message Packet Format
Messages between the host and reader are binary data packets, consisting of a message
payload encapsulated with two bytes preceding any message (
completing any message (
[DLE][EOM]
). All communications are initiated by the host.
[DLE][SOM]
) and two bytes
(Refer to Figure 5-1 and Table 5-1)
Note: ITEMS IN PARENTHESIS (…) ARE NOT REQUIRED FOR ALL MESSAGES.
[DLE] [SOM] [Payload] [DLE] [EOM]
Figure 5-1 Message Packet Format
Token Description
[DLE]
[SOM]
[EOM]
Data Link Escape token; 0x10
Start of Message token; 0x01
End of Message token; 0x02
Table 5-1 Message Encapsulation Characters
In order to avoid ambiguities, if a data value in the payload is a DLE (0x10) character, the DLE (0x10) is
repeated as the message packet is formed.
5.1.1.2 Host-to-Reader Payload
The host to reader payload includes a session identification
number
(CommandData)
[Reader#]
,
a command to execute
, followed by a two byte CRC
[Command]
[CRC-CCITT16]
[SessionID]
,
optional command data
,
a target reader
. (Refer to Figure 5-2 and
Table 5-2)
[SessionID] [Reader#] [Command] (CommandData) [CRC-CCITT-16]
Figure 5-2 Host to Reader Payload Format
________________________________________________________________________
Ensyc
- C
Technologies P
ONFIDENTIAL
AGE
12 11:56:13 AM
- M
ARCH
30, 2008
RFID UHF Short Range Controller (RF2400)
__________________________________________________________________________
5.1.1.3 Reader-to-Host Payload
The reader to host payload includes a session identification
number
[CommCode],
CCITT16]
[Reader#]
,
the command executed
optional response data
[CommandEcho],
(ResponseData)
, followed by a two byte CRC
. (Refer to Figure 5-3, Table 5-2 and Table 5-3)
[SessionID]
,
a target reader
type of communication
[SessionID] [Reader#] [CommandEcho] [CommCode] (ResponseData) [CRC-CCITT16]
Figure 5-3 Reader to Host Payload Format
Payload
Field
Description
[CRC-
[SessionID]
[Reader # ]
[Command]
[CommandEcho]
(CommandData)
[CommCode]
(ResponseData)
[CRC-CCITT16]
Single-byte value. Every command gets a new number defined by the host.
Every response matches the session ID of the initiating command. Normal
session IDs can range from 0x01 to 0xFF. A SessionID of 0x00 in a
command message forces the reader to repeat the previous response. This
feature allows the Host to request the previous response in case of a
communication error.
Single-byte value. In a Host command, a Reader # of 0x00 indicates that the
command is addressed to all readers. A Reader will reply to commands only
if its internal RDRNUM matches or if a command is addressed to all readers
The factory default reader number is 0xFF.
Single-byte value. Defines the command to be executed or has been
executed (refer to section 5.1.2 for details).
Variable length value specifying command parameters (refer to the section
5.1.2 for details)
Single-byte value. Indicates the type of message or error. CommType < 0x80
indicates that a valid command was received. CommType >= 0x80 indicates
that an error occurred, either in the command format, parameters, or in the
execution of the command. (refer to Table 5-3 for details)
Contains a variable number of bytes (including none) (refer to section 5.1.1.4
for details).
Two bytes of CRC-CCITT16 polynomial (X^16+X^12+X^5+1) seed 0xFFFF.
The CRC is calculated over all data from Session ID to Response Data
inclusive. DLE packetization is not included into the CRC. The CRC is sent
MSB first, LSB last.
Table 5-2 Command/Response Payload Fields
________________________________________________________________________
Ensyc
- C
Technologies P
ONFIDENTIAL
AGE
13 11:56:13 AM
- M
ARCH
30, 2008
RFID UHF Short Range Controller (RF2400)
__________________________________________________________________________
CommCode Description
0x00
0x01
0x02
0x03
0x04
0x05
0x06
0x07
0x08
0x09
0x0A
0x0B
0x0C
0x0D
0x40
0x41
0x81
0x82
0x83
0x84
0x85
0x86
0x87
0x88
0x89
0x8A
0x8B
0x8C
0x8D
0x8E
0x8F
0x90
0x91
0x92
0x93
0x94
0x95
0x96
0x97
0x98
MSGOK Success
STARTINV Starting inventory message
TAGINV Tag Data inventory message
ENDINV Ending inventory message
STARTLIST Starting list dump
RECLIST List dump data record
ENDLIST End of list dump
STARTDIAG Starting diagnostic message
DIAGDATA Diagnostic data message
ENDDIAG End of diagnostic message
UPLOADOK Upload line success
UPLOADEND Upload complete
SUSPEND Reader entering suspend state
RESUME Reader resuming from suspend state
NO PASSW Kill password is locked, can’t be read
LOCKNPW EPC locked but Kill password not set because locked
UNKLEN Unknown message length
UNKVAL Unknown value
UNKCMD Unknown command
UNKTAGCMD Unknown or disabled tag command
OVRERR Overflow error on directed list entry
NOTAG No tag to read or program
ERASEFAIL Erase failure
PROGFAIL Program data verification error
TAGLOCK Tag is locked, cannot program error
KILLFAIL Kill failure
LOCKFAIL Lock attempt failure
DATASIZE Tag data memory size mismatch
HWERR Hardware error
LISTFULL List for directed inventory is full
UPLOADERR Upload line contained an error
UPLOADINV Command invalid for bootloader
UPLOADCRC Upload Program Memory CRC Error
NVFAIL EEPROM error
RESV Reserved
RESV Reserved
UNKIDLEN Unknown ID Length
TAGLOST Tag lost after earlier communication
TAGNXM Addressed word doesn’t exist
LOGFULL EEPROM ID storage is full
Table 5-3 Communication Codes
CommCode < 0x80 indicates a successful operation, CommCode >= 0x80 indicates an error condition of
some kind.
________________________________________________________________________
Ensyc
- C
Technologies P
ONFIDENTIAL
AGE
14 11:56:13 AM
- M
ARCH
30, 2008
RFID UHF Short Range Controller (RF2400)
__________________________________________________________________________
5.1.1.4 Response Data Formats
The following sub-sections detail specific response data formats
5.1.1.4.1 Simple Command Response
The RF2400 reader responds to a simple command (for example getting a reader
parameter) with the specified number of bytes.
5.1.1.4.2 Low-Level Command Response
In response to a tag-related low-level command such as Get Tag ID. The Response Data
is sent to the Host in the following format (Refer to Figure 5-4 and Table 5-4)
[TagDecodeStatus] [Antenna#] (TagDataLength) (TagData)
Figure 5-4 Low-Level Command Response
Low-Level
Field
[TagDecodeStatus]
[Antenna # ]
(TagDataLength)
(TagData)
Description
Single-byte value indicating status of data acquisition by a low-level command
0x00 – Good ID
0x01 – No tag
0x02 – Collision
0x03 – CRC Error (returned for Get Tag ID only)
Bit4 – Kill password is locked
Bit5 – Access password is locked
Single-byte value indicating the Antenna number used for the current air
interface transaction. The only valid value for the RF2400 is 0x00
Length of Tag Data in bytes
Included for TagDecodeStatus of 0x00 "GoodID and 0x03 "CRC Error" only
Variable length defined by TagDataLength. Data is sent MSB first ending with
the LSB of the last byte.
Included for TagDecodeStatus of 0x00 "GoodID and 0x03 "CRC Error" only
Table 5-4 Low-Level Response Fields
5.1.1.4.3 Error Response
The RF2400 reader responds to every host command except when a communication error
is detected. If a reader detects a CRC Error in a host payload, the message will be
ignored. However, if the host detects a CRC Error, it may request the previous response
by sending a packet with a
[SessionID]
of zero.
If the host payload is less than four bytes long including the two bytes of CRC (no
Reader# or Command) the reader will ignore the message. If the payload is four bytes
________________________________________________________________________
Ensyc
- C
Technologies P
ONFIDENTIAL
AGE
15 11:56:13 AM
- M
ARCH
30, 2008
RFID UHF Short Range Controller (RF2400)
__________________________________________________________________________
long including the two bytes of CRC (no Command), the reader will respond with a 0x81
UNKLEN “unknown message length”
[CommCode]
.
5.1.2 Reader Commands
The RF2400 controller responds to numerous commands using the media independent
format described in paragraph 5.1. These commands provide a mechanism to configure
(Set) the reader as well as retrieve (Get) reader status. The reader will respond to all Set
commands with an echo of
followed by a two byte CRC
will respond to all Get commands with an echo of
[CommCode]
CCITT16]
and a variable length
as described in paragraphs 5.1.1.3 and 5.1.1.4.
[SessionID], [Reader#], [CommandEcho]
[CRC-CCITT16]
(ResponseData)
as described in paragraph 5.1.1.3. The reader
[SessionID], [Reader#], [CommandEcho],
field followed by a two byte CRC
, and
[CommCode]
[CRC-
Any command may result in a
[CommCode]
of one of the following: MSGOK, UNKLEN,
UNKVAL, and UNKCMD as defined in Table 5-1. Other possible codes are identified in
the description of the specific command. If the RF2400 has been initialized into its
integral bootloader firmware, there will be no response to host reader commands
5.1.2.1 Get Firmware Version (0x00)
The Reader will reply with five (5) bytes specifying Localization Code, Reader Type,
and Firmware Version Number. Response data is in binary hex format.
The localization code and the reader type are stored in non-volatile memory and
automatically configured for USA (0x01) operation on the initial firmware upload.
Subsequent firmware updates preserve the existing configuration in non-volatile memory.
Command
Code
0x00 0 Bytes
Size Valid Values Size Valid Values
Command Data Response Date
--
5 Byte
1st Byte -- Localization Code
0x01 -- USA
0x02 -- Japan
0x03 -- E.U.
2nd Byte -- Reader Type
0x09 – RF1200 Reader
0x0A – RF2400 Reader
3rd Byte -- 0x00
4th Byte -- Major Revision #
5th Byte -- Minor Revision #
Table 5-5 Get Firmware Version
COMMAND DLE SOM SesID Rdr# Cmd CRCH CRCL DLE EOM
10 01 01 FF 00 54 0C 10 02
RESPONSE DLE SOM SesID Rdr# Echo Mtype Local Rtype Nused FverH FverL CRCH CRCL DLE EOM
10 01 01 FF 00 00 01 09 00 00 0A 75 A8 10 02
Get Firmware Version Example
Note: this example reflects firmware version V0.10
________________________________________________________________________
Ensyc
- C
Technologies P
ONFIDENTIAL
AGE
16 11:56:13 AM
- M
ARCH
30, 2008
RFID UHF Short Range Controller (RF2400)
__________________________________________________________________________
5.1.2.2 Set Baud Rate (0x03)
This command will only accept 0 thru 5 as valid data fields. The reader will respond to
the command at the old baud rate before changing to the new rate. The updated baud rate
will be stored in non-volatile memory replacing the previous value. The factory default
setting is 19,200 baud using 8 data bits, no parity, and one stop bit.
If the user inadvertently sets the baud rate to one not supported by the host, a hardware
reset is provided. Disconnect power from the board, connect pins 1 to 2 of the 11 pin
connector, re-connect power. The EEPROM will be reset to defaults (19,200 baud).
Command
Code
0x03 1 Bytes Baud Rate
Size Valid Values Size Valid Values
Command Data Response Date
0 Byte - 0x00 9,600
0x01 19,200 (default)
0x02 38,400
0x03 57,600
0x04 115,200
Table 5-6 Set Baud Rate
5.1.2.3 Set IO Port Value (0x05)
Sets or clears specified output port pins. Ports start at LSB corresponding to physical port
0 and are bitmapped toward the MSB. The RF 2400 has two bi- directional IO ports. Bits
in the send data with no corresponding physical port will be ignored. Additionally, since
the RF2400 IO ports are bi-directional, the value will be ignored in the case of the
corresponding port pin defined as input. A bit value of 1 in the send data will cause the
corresponding port to be driven high. A bit value of 0 will cause the corresponding port
pin to be pulled low. A Get Reader Hardware Information command can be issued to
determine the number and type of output ports available. The Set Bi-Directional I/O
DDR and Get Bi-Directional I/O DDR commands may be used to setup and determine
the I/O port configuration.
Command
Code
0x05 1 Bytes 0x00 -- 0xFF 0 Byte --
Size Valid Values Size Valid Values
Command Data Response Date
Table 5-7 Set IO Port Value
COMMAND DLE SOM SesID Rdr# Cmd Data CRCH CRCL DLE EOM
10 01 01 FF 05 01 F8 26 10 02
RESPONSE DLE SOM SesID Rdr# Echo Mtype CRCH CRCL DLE EOM
10 01 01 FF 05 00 E8 07 10 02
Set IO Port Value Example
________________________________________________________________________
Ensyc
- C
Technologies P
ONFIDENTIAL
AGE
17 11:56:13 AM
- M
ARCH
30, 2008
RFID UHF Short Range Controller (RF2400)
__________________________________________________________________________
5.1.2.4 Get IO Port Value (0x06)
This command returns the current state of the input port pins. Response data is a bitmap
with the LSB corresponding to physical port 0. The RF2400 reader has two bidirectional ports and will return a 0 bit value for all remaining bit positions.
Additionally, since the RF2400 IO ports are bi-directional, any port defined as an output
will return the current level of the IO port. A Get Reader Hardware Information
command can be issued to request the hardware configuration. The Set Bi-Directional
I/O DDR and Get Bi-Directional I/O DDR commands may be used to setup and
determine the I/O port configuration.
Command
Code
0x06 0 Bytes -- 1 Byte 0x00 -- 0xFF
Size Valid Values Size Valid Values
Command Data Response Date
Table 5-8 Get IO Port Value
COMMAND DLE SOM SesID Rdr# Cmd CRCH CRCL DLE EOM
10 01 01 FF 06 34 CA 10 02
RESPONSE DLE SOM SesID Rdr# Echo Mtype Data CRCH CRCL DLE EOM
10 01 01 FF 06 00 01 17 0F 10 02
Get IO Port Value Example
Note: this example assumes that the SET IO Port and Set Bi-Directional I/O DDR examples have been executed first
5.1.2.5 Get Reader Status (0x0F)
This command returns operating status information from the reader. The sensor status
returns the state of the optical sensor indicating the presence of a tag for subsequent
RFID interrogation.
Command
Code
Size Valid Values Size Valid Values
Command Data Response Date
0x0F 1 Bytes
0x00 General Status
0x10 Get Sensor Status
1 Byte 0x01 Tag Present (Reflection)
Table 5-9 Get Reader Status
Note: When getting general status, if the EEPROM log is full, the Mtype returned will be
0x98 (LOGFULL).
COMMAND DLE SOM SesID Rdr# Cmd Sub Rpt CRCH CRCL DLE EOM
10 01 01 FF 0F 10 10 3D F7 10 02
RESPONSE DLE SOM SesID Rdr# Echo Mtype Data CRCH CRCL DLE EOM
10 01 01 FF 0F 00 01 BF 73 10 02
Get Sensor Status Example (with reflection)
________________________________________________________________________
Ensyc
- C
Technologies P
ONFIDENTIAL
AGE
18 11:56:13 AM
- M
ARCH
30, 2008
Loading...