Radio frequency identification (RFID) tags, especially passive tags, can suffer momentary power loss during write operations resulting in incomplete execution of the write. If the loss of power occurs during a write of new identification or other data, the problem can be detected and corrected by rewriting the data at a later time. However, if instead the loss of power occurs during an update to a stored memory pointer, the pointer can be corrupted and may point to a random address. The corruption problem is particularly severe if the pointer is used to indicate one or more regions of locked (read and/or write) or permanently-locked memory. The term “locked” is typically used to indicated read or write permission, temporarily or for the life of the tag (known as “permalocking”).
An expected typical mode of operation on tag user memory is for an interrogator to write a new data item to the lowest available unlocked memory address and then to lock the region of memory containing the new data. In typical applications, a single address pointer is utilized to indicate the current boundary between locked and unlocked memory. Such traditional pointers are sometimes call “log” pointers, because they achieve a range of “n” addresses using only log2(n) bits (e.g., an 8 bit pointer handles up to 256 addresses). A limitation of the use of traditional “log” points is that an arbitrary number of bits may change when an address changes. A “brownout” that prevents completion of the pointer update could result, for example, in un-locking memory that had previously been protected against accidental or malicious rewrites. This traditional approach is commonly used. For example, the ISO/IEC 15962:2004 standard describes the use of an increment-only pointer for the ISO/IEC 18000-3 Mode 2, for the 13.54 mHz RFID air interface.
Two techniques have been proposed to mitigate the problems potentially cause by “brownouts” or similar situations. One technique uses a non-traditional Gray-Coded address pointer. The advantage of incrementing addresses using a Gray code is that only one bit changes every time the pointer is incremented. Thus, changing an address by repeatedly incrementing it by one value will guarantee that the result, after a brownout, is either correct, or at worst, one less than the correct value. For additional details of the Gray-code technique, see U.S. patent application Ser. No. 11/835,201, entitled “Protecting Critical Pointer Value Updates To Non-Volatile Memory Under Marginal Write Conditions,” which is incorporated herein by reference in its entirety.
A disadvantage of the Gray-code technique, compared to the traditional log pointer approach, is that to change the address by “n” locations, “n” separate successive write cycles are required. This approach, when large address changes are involved, may be slow, reducing processing throughput. Additionally, the approach may increase the probability that the tag will lose power before the full update is completed and may shorten the life of the tag which has a maximum guaranteed number of write cycles.
A second technique uses a “bitmap” instead of a standard address pointer to indicate which “blocks” of memory are permanently locked. For example, each ‘1’ bit in the bitmap indicates a locked block. This approach is sometimes referred to as a “linear” pointer. Because the individual bits each control a separate block, no logical dependencies exist between the bits. Therefore, changing protection on one block changes only one bit, with no effect on the other bits. Moreover, in a “permalocking” application of the memory pointers, new blocks are allowed to “protected,” but previously-protected blocks are by definition not allowed to become “unprotected.” Therefore, the tag is only allowed to set bits to ‘1’ within the bitmap, never to ‘0.’ Thus, a “brownout” may result in incomplete protection, but will not result in lost protection.
A disadvantage to this approach is that it forces a tag vendor, as user memory size increases, to choose between a very large “bitmap” and a smaller “bitmap” where each bit represents a larger block of addresses. Choosing a large block size incurs the penalty that, as each new data item is written (then locked), a significant portion of the last bytes of each last-written block will be wasted.
A log-linear hybrid approach uses a linear pointer to protect blocks of memory coupled to a log pointer for each block to provide fine-grained protection within each block. Because the secondary pointers are traditional “log” pointers, they are also susceptible to the “brownouts” described above.
What is therefore needed is a method and system to ensure that previously locked data is not accidentally unlocked due to power loss.
What is further needed are methods and systems to minimize wasted nonvolatile memory when multiple items are written then locked over time.
The present invention will now be described with reference to the accompanying drawings. In the drawings, like reference numbers can indicate identical or functionally similar elements. Additionally, the left-most digit(s) of a reference number may identify the drawing in which the reference number first appears.