2. NISO RFID Systems in Libraries (Part 2) Webinar
April 20, 2011 at 1:00 PM
Vinod Chachra, CEO, VTLS Inc.
Co-chair, NISO RFID Revision Working Group for U.S.A. Libraries
3. Intent of this Section
The intent of this section of the Webinar is to present the NISO Data Model and
U. S. Profile for ISO 28560-2
The main goal of the Data Model is to provide interoperability for libraries and
efficiencies for distributors of RFID products and service.
The idea is to help create an environment that allows libraries to invest in
this technology with confidence and with some assurance that they will have
choices now, and in the future, without being locked into any one supplier or
vendor.
The model dictates a certain amount of consistency in support of interoperability
but also provides flexibility to suppliers to be creative in providing new
and different solutions to the library industry.
The ultimate intention is that RFID tags programmed by one vendor in compliance
with the data model will be usable by another RFID vendor without any
reprogramming.
Visionary Technology in Library Solutions
4. Background on NISO work
In 2008 NISO published a report --NISO RP-6-2008 -- RFID in U.S. Libraries.
At the National Level: The 2008 report –
was the result of deliberations by a working group which I chaired.
outlined best practices for RFID in US Libraries.
presented a data model for use in US libraries.
At the International Level: ISO TC 46/SC 4/WG 11 for ISO-28560 was formed
Vinod Chachra and Paul Sevcik were US representatives to ISO.
Standard was published in March 2011.
In anticipation of ISO-28560 -- New NISO RFID Revision Group was formed
Co-chaired by Vinod Chachra and Paul Sevcik
Goal: revise 2008 report to conform with the requirements of ISO 28560
Status: Work on report is almost complete;
Report will be ready for public comment very soon.
Visionary Technology in Library Solutions
5. Goals of 2008 RFID Working Group
To review existing RFID standards… and promote its use
where appropriate;
To examine and assess privacy concerns;
To investigate the way RFID is used in the United States and
identify best practices in standards development and
implementation;
To focus on security and data models for RFID tags, along
with issues of interoperability and privacy;
To create a “best practices” document for libraries … and
help safeguard library investments in RFID and minimize the
cost of obsolescence.
Visionary Technology in Library Solutions
6. Scope of 2008 Working Group
RFID solutions run at several frequencies –
Low – from 125KHz to 134KHz
High – 13.56MHz
Ultra High – 860-960 MHz
Micro Wave – 2.45 GHz
NISO’s work is limited to Tags used in libraries
Note: At present, these tags operate at 13.56 MHz,
though this may change in the future
Visionary Technology in Library Solutions
7. NISO Revision Working Group
1. Co-Chairs Vinod Chachra (VTLS) and Paul Sevcik (3M)
2. Goal – Revise best practices document NISO RP-6-2008
3. Objectives –
a. Make the US data model consistent with the
proposed ISO 28650 data model (Part 1)
b. Determine if USA will recommend Part 2 or Part 3 of
the ISO 28560 standard for implementation.
c. More broadly, determine if a US National Profile is
necessary and if necessary, develop it.
d. Review and update the original document
e. Consider new items
Visionary Technology in Library Solutions
8. ISO 28560 Parts 1, 2 & 3
Technical Committee TC46 (Information and Documentation)
Subcommittee SC4 (Technical Interoperability)
Working Group WG11 (RFID in Libraries) … ISO TC46/SC4/WG11
ISO 28560-1 : Part 1: Data Elements and general guidelines for
implementation, deals with the definitions of the data elements that may
be encoded onto RFID tags in the library application.
ISO 28560-2: Part 2: Encoding based on ISO/IEC 15962, defines an
encoding method for compacting data elements into objects and placing
them on RFID tags for use in libraries which utilizes the encoding rules
defined in the existing standard, ISO/IEC 15962.
ISO 28560-3: Part 3: Fixed Length Encoding, defines an encoding
method for placing data elements on RFID tags for use in libraries which
has its basis in the Danish Data Model.
Visionary Technology in Library Solutions
9. Questions for Revision Working Group
1. Do we need a national profile? Yes
2. Do we recommend a preferred encoding scheme for USA?
a. Should we follow ISO 28560 Part 2 specifications? Or,
b. Should we follow ISO 28560 Part 3 specifications?
Part 2
3. Do we limit our discussion to 13.56 MHz tags? Yes Or,
a. Should we include UHF tags? For information only
b. UHF tags are not currently part of the Standard.
4. Do we include a Section on “state of the industry”. No
5. Other items as may come up
Visionary Technology in Library Solutions
10. USA National Profile for RFID
Within the framework of ISO 28560 a US National Profile may
define
-- which data elements are mandatory (versus optional)
-- which encoding scheme is to be used for the tag
-- which data elements are to be locked or left unlocked
-- which encoding values to be used for specific data elements
-- other considerations for interoperability
Visionary Technology in Library Solutions
11. US Profile for ISO 28560 -- 1 of 3
U.S. Profile for ISO 28560 – RFID in U. S. Libraries
`
Relative Main Purpose or Locked
Formatting Category
Data Object OID Codes Used If Used?
Primary Item ID Variable length
(unique item 01 Alphanumeric. Character set Mandatory Item Identification Optional
identifier) = ISO/IEC 646 IRV
Determining what
Tag Content Key 02 Bit mapped code Mandatory* other data is on the No
tag
Owner Variable length field Use ISIL code (ISO
03 Optional (1) Optional
Library/Institution Max: 16 bytes 15511)
Set Info (number of {Total in Set / Part Number}
parts; ordinal part 04 structure. Maximum size Optional (2) Item Properties Optional
number) 255
Type of Usage:
Fixed Item Usage (coded
Circulating? 05 Optional (3) Optional
1 byte list)
Reference?
Visionary Technology in Library Solutions
12. US Profile for ISO 28560 -- 2 of 3
Main Purpose
Relative Locked
Formatting Category or
Data Object OID If Used?
Codes Used
`
Variable length Alphanumeric. Support
Shelf Location 06 Character set = ISO/IEC 646 Optional (4) Inventory– Optional
IRV (LC Call Number, Dewey)
Fixed length – 2 uppercase Item Properties (ONIX
ONIX Media Format 07 Optional (5) Optional
chars code list)
Fixed length – 2 lowercase Item Properties (MARC
MARC Media Format 08 Excluded (6) N/A
chars code list)
Variable length Alphanumeric.
Supplier Identifier 09 Character set = ISO/IEC 646 Optional (7) Acquisitions Processing Not recommended
IRV
Variable length Alphanumeric.
Order Number 10 Character set = ISO/IEC 646 Optional (8) Acquisitions Processing Not recommended
IRV
ILL Borrowing Variable length field Support ILL – Use ISIL
11 Optional (9) No
Institution Max: 16 bytes code (ISO 15511)
Variable length Alphanumeric. Optional (10) No
ILL Borrowing
12 Character set = ISO/IEC 646 ILL Transaction tracking
Transaction ID
IRV
GS1-13 (including Fixed length numeric field – Optional
13 Optional (11) Identification
ISBN) 13 digits
Optional –
Should not be
Alternative unique item
14 used until Identification Not recommended
identifier – Reserved
defined by
ISO 28560
Visionary Technology in Library Solutions
13. US Profile for ISO 28560 -- 3 of 3
Main Purpose
Relative Locked
Formatting Category or
Data Object OID If Used?
Codes Used
`
Variable length Alphanumeric.
For Local or
Local Data – A 15 Character set = ISO/IEC 646 IRV, Optional (13) Optional
or UTF-8 Regional Use
Variable length Alphanumeric.
For Local or
Local Data – B 16 Character set = ISO/IEC 646 IRV, Optional (14) Optional
or UTF-8 Regional Use
Variable length Alphanumeric.
Title 17 Character set = ISO/IEC 646 IRV, Optional (15) Identification Optional
or UTF-8
Product Identifier Variable length Alphanumeric.
18 Optional (16) Identification Optional
(local) Character set = ISO/IEC 646 IRV
Item Properties (no
Media Format (other) 19 Single Octet (coded list) Optional (17) Optional
code list defined)
Fixed For multi use
Supply Chain Stage 20 Optional (18) No
1 Byte (coded list)
Supplier Invoice Variable length Alphanumeric.
21 Excluded (19) Acquisitions N/A
Number Character set = ISO/IEC 646 IRV
Alternative Item Variable length Alphanumeric.
22 Optional (20) Item Identification Optional
Identifier Character set = ISO/IEC 646 IRV
Item Identification
Alterative Owner Variable length Alphanumeric.
23 Optional (21) – for codes not ISIL Optional
Library Identifier Character set = ISO/IEC 646 IRV
compliant
Subsidiary of an Variable length Alphanumeric.
24 Optional (22) Item Identification Optional
Owner Library Character set = ISO/IEC 646 IRV
Alternative ILL Variable length Alphanumeric. Support ILL – For
25 Optional (23) No
Borrowing Institution Character set = ISO/IEC 646 IRV non-ISIL code
Variable length Alphanumeric.
For Local or
Local Data – C 26 Character set = ISO/IEC 646 IRV, Optional (24) Optional
or UTF-8 Regional Use
Visionary Technology in Library Solutions
14. Interoperability
Interoperability(from Whatis.com)
Interoperability (pronounced IHN-tuhr-AHP-uhr-uh-
BIHL-ih-tee) is the ability of a system or a product
to work with other systems or products without
special effort on the part of the customer.
Interoperability becomes a quality of increasing
importance for information technology products as
the concept that "The network is the computer"
becomes a reality. For this reason, the term is
widely used in product marketing descriptions.
Visionary Technology in Library Solutions
15. Four Levels of Interoperability
Level 1: Within the Library
Level 2: Within the community
Level 3: For ILL purposes
Level 4: Within the Supply Chain
Visionary Technology in Library Solutions
16. Other Considerations :Data encoding
Using ISO 28560-2 requires that data be encoded using
ISO 15962.
Appendix D of the report shows exactly how the data
should be encoded providing numerous examples.
This is not a simple process – however, there is good
news. The encoding scheme optimizes the storage of
data on the tag – so you get greater efficiency. It has to
be done once (correctly) by your software or hardware
supplier and then you can essentially forget about it.
See next slide as an example of some of the complexity.
Visionary Technology in Library Solutions
17. Data Encoding: Compaction Schemes
ISO/IEC 15962 compaction schemes
Code Name Description
000 Application-defined As presented by the application
001 Integer Integer
010 Numeric Numeric string (from "0" to "9")
011 5 bit code Uppercase alphabetic
100 6 bit code Uppercase, numeric, etc
101 7 bit code US ASCII
110 Octet string Unaltered 8-bit (default = ISO/IEC 8859-1)
111 UTF-8 string External compaction to ISO/IEC 10646
Note 1: There are 8 different compaction schemes and all may be used on the same tag.
Note 2: RFID users will not have to worry about this. It will be a part of the software provided
by your RFID Software Supplier
Note3: See Appendix D of the NISO document for details on usage and implementation.
Visionary Technology in Library Solutions
18. Other Considerations
1.How soon will the standard be implemented?
2.What is minimum implementation requirement for me to be
complaint?
3.What does the library have to do migrate to the new
environment?
4.How do I know that the tag I am getting is an ISO 18000-3
Mode 1 tag?
5.How can I confirm/verify that my supplier is following the
standard and has implemented it correctly?
6.Do we need a US certification process for compliant RFID
systems/ suppliers?
Visionary Technology in Library Solutions
19. Report Outline & Todays Presentations
Forward
Section 1 – Use of RFID
Section 2 – Data Model & US Profile VinodChachra
Section 3 – Security Matthew Bellamy
Section 4 – Migration to ISO Tags
Section 5 – Supply Chain
Section 6 – Privacy Daniel Walters
Section 7 – Vandalism Daniel Walters
Appendix A: RFID Technology Basics
Appendix B: Interoperability Characteristics
Appendix C: UHF RFID in Libraries
Appendix D: Encoding Data on the RFID Tag
Visionary Technology in Library Solutions
20. Closing Comments
Exciting times ahead!
Thanks to all the individuals named below who have
generously shared their time and expertise for this project.
Livia Bitner Corrie Marsh
Vinod Chachra, co-chair Paul Sevcik, co-chair
Alan Gray Paul Simon
Margaret hazel Robert Walsh
Gretchen Herman Dan Walters
Nancy Kress Karen Wetzel
Visionary Technology in Library Solutions
24. NISO RFID in Libraries
Aspects of Security
ROI
What is the loss or potential loss
Does it justify the expense
Does it come as an extra with other uses (RFID for materials handling)
Psychological
Fake detection systems
Guilt
Enhanced Security
Behind the counter
Items checked at the door
EM with RFID
24
25. NISO RFID in Libraries
Aspects of Security – Disc Media
Demand and popularity drive theft
CDs/DVDs are popular and attract thieves
They also tend to be more difficult to protect except by using physical behind
the counter or dispensing solutions
Metal in the media interferes with RFID
Cost of materials may justify different security solution levels
Dispensing systems
Locked cases
Behind the counter
25
26. NISO RFID in Libraries
The Methods for RFID Security
AFI – Application Family Identifier
Part of the ISO 18000-3 Mode 1 Standard
Original use was not intended for security
Each industry and application allocated unique
value
ISO Recommended Values
• 07hex = secure, C2hex. = unsecure
EAS – Electronic Article Surveillance
Proprietary solution from NXP
Single bit – 1 = secure, 0 = unsecure
Virtual Security – Database of security values
Security status is maintained in an online
database
Typically keyed using the Unique ID on the tag
Typically cannot be tampered withbecause the
Unique ID cannot be changed
26
27. NISO RFID in Libraries
What variables impact RFID Detection System Performance?
Detection system
Antenna and reader design
Proximity and number of pedestals
RFID Tag
Antenna / chip design not necessarily total tag size
Composition of tagged material
Environmental variables
Presence of other RFID equipment
Proximity of Detection System to metal
Patron characteristics
Carrying position- location and orientation (low/high, backpacks)
Other things in their possession (laptops, etc.)
Number of items with tags- single versus multiple
27
28. NISO RFID in Libraries
Identification During Detection
Provide the item ID of the object as it moves through the corridor
May be limited by:
Multiple item interference
Throughput if many items are present
Detection system reader and antenna design
Tag impact:
Tag performance and design
Tag placement
User Impact
Carrying position
Speed of travel
28
29. NISO RFID in Libraries
Threats to RFID security
Vandalism
Tags ripped out of or off of materials
Shielding Tags
Booster Bags
Covering in foil
Electronic alteration
Rewriting of data on the tag
Other
Kids fascination with taking things apart or picking at labels
29
30. NISO RFID in Libraries
What do the standards say about security?
The standards do not mandate a particular method of security
If AFI is used for security,
Checked - out value is C2hex.
Checked - in value is 07hex.
AFI must always be programmed to C2hex when the item is not physically
inside the library regardless of security method
Recommendation is to avoid locking the AFI, so it can be used later for
security. This future need could arise in your library or at an ILL borrowing
library.
Informatively, the standards documentation notes that EAS
implementations are typically proprietary and may inhibit a library’s ability
to change chip providers in the future, should there be a desire to change.
30
34. Patron Privacy & RFID
• Privacy & RFID discussion context
– Institutional and patron orientations regarding
privacy issues
– Professional and trade association orientations
regarding privacy
• ALA & BISG began work in 2003 on RFID privacy
– Vendor and technology issues and constraints
• RFID privacy strategies share approaches of ILS and
other legacy systems to protect PII
35. ALA, BISG & RFID
• Privacy and Confidentiality – ALA document
– http://www.ala.org/ala/aboutala/offices/oif/ifissues/privacyconfidentiality.cfm
• Questions and Answers on Privacy and Confidentiality
– http://www.ala.org/ala/issuesadvocacy/intfreedom/librarybill/interpretations/qa-privacy.cfm
• Book Industry Study Group RFID Policy Statement, September 2004
– http://www.bisg.org/docs/BISG_Policy_002.pdf
• Resolution on Radio Frequency Identification (RFID) Technology and
Privacy Principles – ALA Council, January 2005
– http://www.ala.org/template.cfm?section=ifresolutions&template=/contentmanagement/contentdi
splay.cfm&contentid=85331
• RFID in Libraries: Privacy and Confidentiality Guidelines –ALA Intellectual
Freedom Committee, June 2006
– http://www.ala.org/template.cfm?section=otherpolicies&template=/contentmanagement/contentdi
splay.cfm&contentid=130851
36. Resolution on Radio Frequency Identification
(RFID) Technology and Privacy Principles
• Acknowledges longstanding privacy and
confidentiality
• Five main policy tenets
– Implement & enforce privacy policy that discloses all
uses and changes of new RFID system
– No Personally Identifiable Information (PII) but
transactional data is permitted
– Protect data by reasonable security safeguards against
interpretation by any unauthorized third party
– Comply with applicable law and follow best practices
– Ensure that above four principles are verifiable by audit
37. RFID in Libraries: Privacy and Confidentiality
Guidelines
• Policy Guidelines
– Use RFID selection and procurement process to
educate users and staff
– Consider using two systems for circulation – RFID
or no RFID
– Update privacy policies /procedures in accordance
with critical ALA policies
– Assure appropriate configurations of RFID system
– Notify public about Library’s use of RFID
38. RFID in Libraries: Privacy and
Confidentiality Guidelines
• Best Practices
– Continue practices securing bibliographic and
patron databases from unauthorized use
– Limit the bibliographic information stored on a tag
to a unique identifier; store no PII
– Block public from searching by unique RFID
identifier
• Talking To Vendors about RFID
– Provides guidelines to determine vendors
approach to privacy
39. Vandalism
• Acknowledge limits to preventing vandalism and
theft in public lending institution
• Technical modification of data using RFID readers
– Security data
– Tag contents
– RFID Viruses
– Detuning a tag
• Physical defacing or removal of tag
– Children play with stickers!
Hinweis der Redaktion
AFI – a way of categorizing a tag so it is processed by the application it was meant for.Layers of Security (1 section in a library (A/V) could have a different AFI value, and the rest of the library could have another).
In addition to implicit comments on each bullet, comment on germane experience as public librarian, administrator and library director30 year history dealing with censorship and privacy issues including challenges by municipal police, FBI as well as religious & political challengesPast President of PLA during period ALA and IFC policies were developed and adoptedDefine PII for those who don’t know: personally identifiable informationFamiliarity with RFIDFull scale implementation of >$10 million of RFID tagging of >2 million items including CDs & DVDsMulti-branch system, > 13 million circulation remodeling of circulation workrooms to accommodate automated returnEstablishment of central sortingPublic Hearings conducted to advance public information campaign and address policy issuesIntegration of ILS self-check client with RFID vendor system and fine and fee payment at RFID self-check station
In addition to implicit comments on each bullet, comment on germane experience as public librarian, administrator and library director30 year history dealing with censorship and privacy issues including challenges by municipal police, FBI as well as religious & political challengesPast President of PLA during period ALA and IFC policies were developed and adoptedDefine PII for those who don’t know: personally identifiable informationFamiliarity with RFIDFull scale implementation of >$10 million of RFID tagging of >2 million items including CDs & DVDsMulti-branch system, > 13 million circulation remodeling of circulation workrooms to accommodate automated returnEstablishment of central sortingPublic Hearings conducted to advance public information campaign and address policy issuesIntegration of ILS self-check client with RFID vendor system and fine and fee payment at RFID self-check station
Comment regarding long standing, ingrained professional ethos regarding privacy and confidentialityRefer to first two ALA background documents, continually amended as technology and federal policy changes Note “Privacy Audit” reference in Q & A documentNote that (ALA / BISG) policy study began in 2004Transition to ALA Resolution on RFID and IFC adopted Privacy and Confidentiality Guidelines
Adopted by ALA Council, June 2005AdoptedPrivacy Principles fit in long standing ALA policy contextProtecting privacy and confidentiality is an integral part of library missionALA Code of Ethics calls for protection of patron policyLibrary Bill of Rights affirms that intellectual freedom depends upon patron privacy and confidentialityRepeat five tenetsEmphasize importance of institutional audit and references in Questions and Answers on Privacy and ConfidentialityTransitionNote that Council charged IFC with developing “privacy and confidentiality guidelines” and suggesting “best practices”
Adopted by ALA IFC, June 2006Configuration of system to include“Ensure that institutional privacy policies and practices addressing notice, access, use, disclosure, retention, enforcement, security, and disposal of records are reflected in the configuration of the RFID system. As with any new application of technology, librarians should ensure that RFID policies and procedures explain and clarify how RFID affects users' privacy.”“Delete personally identifiable information (PII) collected by RFID systems, just as libraries take reasonable steps to remove PII from aggregated, summary data.”“Assure that all library staff continue to receive training on privacy issues, especially regarding those issues that arise due to the implementation and use of RFID technology. ““Be prepared to answer users' questions about the impact of RFID technology on their privacy. Either staff at all levels should be trained to address users' concerns, or one person should be designated to address them.”Reemphasize importance of institutional audit and references in Questions and Answers on Privacy and Confidentiality“Privacy Audit” policy should be adopted during / immediately following RFID implementation once configuration issues have been determinedTransition to “best practices” section
“Use the most secure connection possible for all communications with the Integrated Library Systems (ILS) to prevent unauthorized monitoring and access to personally identifiable information”Protect the data on RFID tags by the most secure means available, including encryptionRe limiting information on tag to bibliographic dataUse the security bit on the tag if it is applicable to implementationNISO document provides for option to provide limited bibliographic dataPLA Board passed recommendation in opposition to this specific IFC recommended “best practice” when proposed guidelines were considered by IFC in 2006. Additional ‘best practices’ “Train staff not to release information about an item's unique identifier in response to blind or casual inquiries.” “Limit the information stored on RFID-enabled borrower cards to a unique identifier.”“ Label all RFID tag readers clearly so users know they are in use. Keep informed about changes in RFID technology, and review policies and procedures in light of new information.”Talking to Vendors about RFID“Assure that vendor agreements guarantee library control of all data and records and stipulate how the system will secure all information.”“Investigate closely vendors' assurances of library users' privacy.”“Evaluate vendor agreements in relationship with all library privacy policies and local, state, and federal laws.”“Influence the development of RFID technology by issuing Requests for Proposals requiring the use of security technology that preserves privacy and prevents monitoring.”
Refer to other panelists who can comment best on technologies used to intentionally modify tags