NISO Webinar: RFID Systems in Libraries Part 2: Standards
 

Like this? Share it with your network

Share

NISO Webinar: RFID Systems in Libraries Part 2: Standards

on

  • 1,088 views

 

Statistics

Views

Total Views
1,088
Views on SlideShare
1,064
Embed Views
24

Actions

Likes
0
Downloads
27
Comments
0

2 Embeds 24

http://www.niso.org 23
http://translate.googleusercontent.com 1

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • AFI – a way of categorizing a tag so it is processed by the application it was meant for.Layers of Security (1 section in a library (A/V) could have a different AFI value, and the rest of the library could have another).
  • In addition to implicit comments on each bullet, comment on germane experience as public librarian, administrator and library director30 year history dealing with censorship and privacy issues including challenges by municipal police, FBI as well as religious & political challengesPast President of PLA during period ALA and IFC policies were developed and adoptedDefine PII for those who don’t know: personally identifiable informationFamiliarity with RFIDFull scale implementation of >$10 million of RFID tagging of >2 million items including CDs & DVDsMulti-branch system, > 13 million circulation remodeling of circulation workrooms to accommodate automated returnEstablishment of central sortingPublic Hearings conducted to advance public information campaign and address policy issuesIntegration of ILS self-check client with RFID vendor system and fine and fee payment at RFID self-check station
  • In addition to implicit comments on each bullet, comment on germane experience as public librarian, administrator and library director30 year history dealing with censorship and privacy issues including challenges by municipal police, FBI as well as religious & political challengesPast President of PLA during period ALA and IFC policies were developed and adoptedDefine PII for those who don’t know: personally identifiable informationFamiliarity with RFIDFull scale implementation of >$10 million of RFID tagging of >2 million items including CDs & DVDsMulti-branch system, > 13 million circulation remodeling of circulation workrooms to accommodate automated returnEstablishment of central sortingPublic Hearings conducted to advance public information campaign and address policy issuesIntegration of ILS self-check client with RFID vendor system and fine and fee payment at RFID self-check station
  • Comment regarding long standing, ingrained professional ethos regarding privacy and confidentialityRefer to first two ALA background documents, continually amended as technology and federal policy changes Note “Privacy Audit” reference in Q & A documentNote that (ALA / BISG) policy study began in 2004Transition to ALA Resolution on RFID and IFC adopted Privacy and Confidentiality Guidelines
  • Adopted by ALA Council, June 2005AdoptedPrivacy Principles fit in long standing ALA policy contextProtecting privacy and confidentiality is an integral part of library missionALA Code of Ethics calls for protection of patron policyLibrary Bill of Rights affirms that intellectual freedom depends upon patron privacy and confidentialityRepeat five tenetsEmphasize importance of institutional audit and references in Questions and Answers on Privacy and ConfidentialityTransitionNote that Council charged IFC with developing “privacy and confidentiality guidelines” and suggesting “best practices”
  • Adopted by ALA IFC, June 2006Configuration of system to include“Ensure that institutional privacy policies and practices addressing notice, access, use, disclosure, retention, enforcement, security, and disposal of records are reflected in the configuration of the RFID system. As with any new application of technology, librarians should ensure that RFID policies and procedures explain and clarify how RFID affects users' privacy.”“Delete personally identifiable information (PII) collected by RFID systems, just as libraries take reasonable steps to remove PII from aggregated, summary data.”“Assure that all library staff continue to receive training on privacy issues, especially regarding those issues that arise due to the implementation and use of RFID technology. ““Be prepared to answer users' questions about the impact of RFID technology on their privacy. Either staff at all levels should be trained to address users' concerns, or one person should be designated to address them.”Reemphasize importance of institutional audit and references in Questions and Answers on Privacy and Confidentiality“Privacy Audit” policy should be adopted during / immediately following RFID implementation once configuration issues have been determinedTransition to “best practices” section
  • “Use the most secure connection possible for all communications with the Integrated Library Systems (ILS) to prevent unauthorized monitoring and access to personally identifiable information”Protect the data on RFID tags by the most secure means available, including encryptionRe limiting information on tag to bibliographic dataUse the security bit on the tag if it is applicable to implementationNISO document provides for option to provide limited bibliographic dataPLA Board passed recommendation in opposition to this specific IFC recommended “best practice” when proposed guidelines were considered by IFC in 2006. Additional ‘best practices’ “Train staff not to release information about an item's unique identifier in response to blind or casual inquiries.” “Limit the information stored on RFID-enabled borrower cards to a unique identifier.”“ Label all RFID tag readers clearly so users know they are in use. Keep informed about changes in RFID technology, and review policies and procedures in light of new information.”Talking to Vendors about RFID“Assure that vendor agreements guarantee library control of all data and records and stipulate how the system will secure all information.”“Investigate closely vendors' assurances of library users' privacy.”“Evaluate vendor agreements in relationship with all library privacy policies and local, state, and federal laws.”“Influence the development of RFID technology by issuing Requests for Proposals requiring the use of security technology that preserves privacy and prevents monitoring.”
  • Refer to other panelists who can comment best on technologies used to intentionally modify tags

NISO Webinar: RFID Systems in Libraries Part 2: Standards Presentation Transcript

  • 1. http://www.niso.org/news/events/2011/nisowebinars/rfidparttwo/ RFID Systems in LibrariesPart Two: Standards for RFID Systems April 20, 2011Speakers:VinodChachra, Matt Bellamy, and Dan Walters
  • 2. NISO RFID Systems in Libraries (Part 2) Webinar April 20, 2011 at 1:00 PM Vinod Chachra, CEO, VTLS Inc.Co-chair, NISO RFID Revision Working Group for U.S.A. Libraries
  • 3. Intent of this SectionThe intent of this section of the Webinar is to present the NISO Data Model and U. S. Profile for ISO 28560-2The main goal of the Data Model is to provide interoperability for libraries and efficiencies for distributors of RFID products and service.The idea is to help create an environment that allows libraries to invest in this technology with confidence and with some assurance that they will have choices now, and in the future, without being locked into any one supplier or vendor.The model dictates a certain amount of consistency in support of interoperability but also provides flexibility to suppliers to be creative in providing new and different solutions to the library industry.The ultimate intention is that RFID tags programmed by one vendor in compliance with the data model will be usable by another RFID vendor without any reprogramming. Visionary Technology in Library Solutions
  • 4. Background on NISO workIn 2008 NISO published a report --NISO RP-6-2008 -- RFID in U.S. Libraries.At the National Level: The 2008 report – was the result of deliberations by a working group which I chaired. outlined best practices for RFID in US Libraries. presented a data model for use in US libraries.At the International Level: ISO TC 46/SC 4/WG 11 for ISO-28560 was formed Vinod Chachra and Paul Sevcik were US representatives to ISO. Standard was published in March 2011.In anticipation of ISO-28560 -- New NISO RFID Revision Group was formed Co-chaired by Vinod Chachra and Paul Sevcik Goal: revise 2008 report to conform with the requirements of ISO 28560 Status: Work on report is almost complete; Report will be ready for public comment very soon. Visionary Technology in Library Solutions
  • 5. Goals of 2008 RFID Working GroupTo review existing RFID standards… and promote its use where appropriate;To examine and assess privacy concerns;To investigate the way RFID is used in the United States and identify best practices in standards development and implementation;To focus on security and data models for RFID tags, along with issues of interoperability and privacy;To create a “best practices” document for libraries … and help safeguard library investments in RFID and minimize the cost of obsolescence. Visionary Technology in Library Solutions
  • 6. Scope of 2008 Working GroupRFID solutions run at several frequencies – Low – from 125KHz to 134KHz High – 13.56MHz Ultra High – 860-960 MHz Micro Wave – 2.45 GHzNISO’s work is limited to Tags used in librariesNote: At present, these tags operate at 13.56 MHz,though this may change in the future Visionary Technology in Library Solutions
  • 7. NISO Revision Working Group1. Co-Chairs Vinod Chachra (VTLS) and Paul Sevcik (3M)2. Goal – Revise best practices document NISO RP-6-20083. Objectives – a. Make the US data model consistent with the proposed ISO 28650 data model (Part 1) b. Determine if USA will recommend Part 2 or Part 3 of the ISO 28560 standard for implementation. c. More broadly, determine if a US National Profile is necessary and if necessary, develop it. d. Review and update the original document e. Consider new items Visionary Technology in Library Solutions
  • 8. ISO 28560 Parts 1, 2 & 3Technical Committee TC46 (Information and Documentation)Subcommittee SC4 (Technical Interoperability)Working Group WG11 (RFID in Libraries) … ISO TC46/SC4/WG11ISO 28560-1 : Part 1: Data Elements and general guidelines forimplementation, deals with the definitions of the data elements that maybe encoded onto RFID tags in the library application.ISO 28560-2: Part 2: Encoding based on ISO/IEC 15962, defines anencoding method for compacting data elements into objects and placingthem on RFID tags for use in libraries which utilizes the encoding rulesdefined in the existing standard, ISO/IEC 15962.ISO 28560-3: Part 3: Fixed Length Encoding, defines an encodingmethod for placing data elements on RFID tags for use in libraries whichhas its basis in the Danish Data Model. Visionary Technology in Library Solutions
  • 9. Questions for Revision Working Group1. Do we need a national profile? Yes2. Do we recommend a preferred encoding scheme for USA? a. Should we follow ISO 28560 Part 2 specifications? Or, b. Should we follow ISO 28560 Part 3 specifications? Part 23. Do we limit our discussion to 13.56 MHz tags? Yes Or, a. Should we include UHF tags? For information only b. UHF tags are not currently part of the Standard.4. Do we include a Section on “state of the industry”. No5. Other items as may come up Visionary Technology in Library Solutions
  • 10. USA National Profile for RFIDWithin the framework of ISO 28560 a US National Profile may define -- which data elements are mandatory (versus optional) -- which encoding scheme is to be used for the tag -- which data elements are to be locked or left unlocked -- which encoding values to be used for specific data elements -- other considerations for interoperability Visionary Technology in Library Solutions
  • 11. US Profile for ISO 28560 -- 1 of 3 U.S. Profile for ISO 28560 – RFID in U. S. Libraries ` Relative Main Purpose or Locked Formatting CategoryData Object OID Codes Used If Used?Primary Item ID Variable length(unique item 01 Alphanumeric. Character set Mandatory Item Identification Optionalidentifier) = ISO/IEC 646 IRV Determining whatTag Content Key 02 Bit mapped code Mandatory* other data is on the No tagOwner Variable length field Use ISIL code (ISO 03 Optional (1) OptionalLibrary/Institution Max: 16 bytes 15511)Set Info (number of {Total in Set / Part Number}parts; ordinal part 04 structure. Maximum size Optional (2) Item Properties Optionalnumber) 255Type of Usage: Fixed Item Usage (codedCirculating? 05 Optional (3) Optional 1 byte list)Reference? Visionary Technology in Library Solutions
  • 12. US Profile for ISO 28560 -- 2 of 3 Main Purpose Relative Locked Formatting Category orData Object OID If Used? Codes Used ` Variable length Alphanumeric. SupportShelf Location 06 Character set = ISO/IEC 646 Optional (4) Inventory– Optional IRV (LC Call Number, Dewey) Fixed length – 2 uppercase Item Properties (ONIXONIX Media Format 07 Optional (5) Optional chars code list) Fixed length – 2 lowercase Item Properties (MARCMARC Media Format 08 Excluded (6) N/A chars code list) Variable length Alphanumeric.Supplier Identifier 09 Character set = ISO/IEC 646 Optional (7) Acquisitions Processing Not recommended IRV Variable length Alphanumeric.Order Number 10 Character set = ISO/IEC 646 Optional (8) Acquisitions Processing Not recommended IRVILL Borrowing Variable length field Support ILL – Use ISIL 11 Optional (9) NoInstitution Max: 16 bytes code (ISO 15511) Variable length Alphanumeric. Optional (10) NoILL Borrowing 12 Character set = ISO/IEC 646 ILL Transaction trackingTransaction ID IRVGS1-13 (including Fixed length numeric field – Optional 13 Optional (11) IdentificationISBN) 13 digits Optional – Should not beAlternative unique item 14 used until Identification Not recommendedidentifier – Reserved defined by ISO 28560 Visionary Technology in Library Solutions
  • 13. US Profile for ISO 28560 -- 3 of 3 Main Purpose Relative Locked Formatting Category orData Object OID If Used? Codes Used ` Variable length Alphanumeric. For Local orLocal Data – A 15 Character set = ISO/IEC 646 IRV, Optional (13) Optional or UTF-8 Regional Use Variable length Alphanumeric. For Local orLocal Data – B 16 Character set = ISO/IEC 646 IRV, Optional (14) Optional or UTF-8 Regional Use Variable length Alphanumeric.Title 17 Character set = ISO/IEC 646 IRV, Optional (15) Identification Optional or UTF-8Product Identifier Variable length Alphanumeric. 18 Optional (16) Identification Optional(local) Character set = ISO/IEC 646 IRV Item Properties (noMedia Format (other) 19 Single Octet (coded list) Optional (17) Optional code list defined) Fixed For multi useSupply Chain Stage 20 Optional (18) No 1 Byte (coded list)Supplier Invoice Variable length Alphanumeric. 21 Excluded (19) Acquisitions N/ANumber Character set = ISO/IEC 646 IRVAlternative Item Variable length Alphanumeric. 22 Optional (20) Item Identification OptionalIdentifier Character set = ISO/IEC 646 IRV Item IdentificationAlterative Owner Variable length Alphanumeric. 23 Optional (21) – for codes not ISIL OptionalLibrary Identifier Character set = ISO/IEC 646 IRV compliantSubsidiary of an Variable length Alphanumeric. 24 Optional (22) Item Identification OptionalOwner Library Character set = ISO/IEC 646 IRVAlternative ILL Variable length Alphanumeric. Support ILL – For 25 Optional (23) NoBorrowing Institution Character set = ISO/IEC 646 IRV non-ISIL code Variable length Alphanumeric. For Local orLocal Data – C 26 Character set = ISO/IEC 646 IRV, Optional (24) Optional or UTF-8 Regional Use Visionary Technology in Library Solutions
  • 14. InteroperabilityInteroperability(from Whatis.com)Interoperability (pronounced IHN-tuhr-AHP-uhr-uh- BIHL-ih-tee) is the ability of a system or a product to work with other systems or products without special effort on the part of the customer. Interoperability becomes a quality of increasing importance for information technology products as the concept that "The network is the computer" becomes a reality. For this reason, the term is widely used in product marketing descriptions. Visionary Technology in Library Solutions
  • 15. Four Levels of InteroperabilityLevel 1: Within the LibraryLevel 2: Within the communityLevel 3: For ILL purposesLevel 4: Within the Supply Chain Visionary Technology in Library Solutions
  • 16. Other Considerations :Data encoding Using ISO 28560-2 requires that data be encoded using ISO 15962. Appendix D of the report shows exactly how the data should be encoded providing numerous examples. This is not a simple process – however, there is good news. The encoding scheme optimizes the storage of data on the tag – so you get greater efficiency. It has to be done once (correctly) by your software or hardware supplier and then you can essentially forget about it. See next slide as an example of some of the complexity. Visionary Technology in Library Solutions
  • 17. Data Encoding: Compaction Schemes ISO/IEC 15962 compaction schemesCode Name Description000 Application-defined As presented by the application001 Integer Integer010 Numeric Numeric string (from "0" to "9")011 5 bit code Uppercase alphabetic100 6 bit code Uppercase, numeric, etc101 7 bit code US ASCII110 Octet string Unaltered 8-bit (default = ISO/IEC 8859-1)111 UTF-8 string External compaction to ISO/IEC 10646Note 1: There are 8 different compaction schemes and all may be used on the same tag.Note 2: RFID users will not have to worry about this. It will be a part of the software provided by your RFID Software SupplierNote3: See Appendix D of the NISO document for details on usage and implementation. Visionary Technology in Library Solutions
  • 18. Other Considerations1.How soon will the standard be implemented?2.What is minimum implementation requirement for me to becomplaint?3.What does the library have to do migrate to the newenvironment?4.How do I know that the tag I am getting is an ISO 18000-3Mode 1 tag?5.How can I confirm/verify that my supplier is following thestandard and has implemented it correctly?6.Do we need a US certification process for compliant RFIDsystems/ suppliers? Visionary Technology in Library Solutions
  • 19. Report Outline & Todays Presentations Forward Section 1 – Use of RFID Section 2 – Data Model & US Profile VinodChachra Section 3 – Security Matthew Bellamy Section 4 – Migration to ISO Tags Section 5 – Supply Chain Section 6 – Privacy Daniel Walters Section 7 – Vandalism Daniel Walters Appendix A: RFID Technology Basics Appendix B: Interoperability Characteristics Appendix C: UHF RFID in Libraries Appendix D: Encoding Data on the RFID Tag Visionary Technology in Library Solutions
  • 20. Closing CommentsExciting times ahead!Thanks to all the individuals named below who havegenerously shared their time and expertise for this project. Livia Bitner Corrie Marsh Vinod Chachra, co-chair Paul Sevcik, co-chair Alan Gray Paul Simon Margaret hazel Robert Walsh Gretchen Herman Dan Walters Nancy Kress Karen Wetzel Visionary Technology in Library Solutions
  • 21. NISO RFID in Libraries Solutions + Technologies NISO RFID Systems in Libraries – RFID Security Library Systems© 3M 2010. All Rights Reserved. 21
  • 22. NISO RFID in Libraries Hello 3M Library Systems for nearly 10 years Matthew Bellamy and has worked with hundreds libraries 3M Library Systems to help them improve SelfCheck™ System usage and leverage technology to provide enhanced customer service.  3M employee since 2001  Current responsibilities  Lead new product development teams  Support 3M’s global library business© 3M 2010. All Rights Reserved. 22
  • 23. NISO RFID in Libraries Today’s Objectives Aspects of RFID security Methods of security Variables that Impact RFID Security Threats to RFID Security What the standards say about security Interlibrary loan and how it relates to security© 3M 2010. All Rights Reserved. 23
  • 24. NISO RFID in LibrariesAspects of Security  ROI  What is the loss or potential loss  Does it justify the expense  Does it come as an extra with other uses (RFID for materials handling)  Psychological  Fake detection systems  Guilt  Enhanced Security  Behind the counter  Items checked at the door  EM with RFID 24
  • 25. NISO RFID in LibrariesAspects of Security – Disc Media  Demand and popularity drive theft  CDs/DVDs are popular and attract thieves  They also tend to be more difficult to protect except by using physical behind the counter or dispensing solutions  Metal in the media interferes with RFID  Cost of materials may justify different security solution levels  Dispensing systems  Locked cases  Behind the counter 25
  • 26. NISO RFID in LibrariesThe Methods for RFID Security  AFI – Application Family Identifier  Part of the ISO 18000-3 Mode 1 Standard  Original use was not intended for security  Each industry and application allocated unique value  ISO Recommended Values • 07hex = secure, C2hex. = unsecure  EAS – Electronic Article Surveillance  Proprietary solution from NXP  Single bit – 1 = secure, 0 = unsecure  Virtual Security – Database of security values  Security status is maintained in an online database  Typically keyed using the Unique ID on the tag  Typically cannot be tampered withbecause the Unique ID cannot be changed 26
  • 27. NISO RFID in LibrariesWhat variables impact RFID Detection System Performance? Detection system  Antenna and reader design  Proximity and number of pedestals RFID Tag  Antenna / chip design not necessarily total tag size  Composition of tagged material Environmental variables  Presence of other RFID equipment  Proximity of Detection System to metal Patron characteristics  Carrying position- location and orientation (low/high, backpacks)  Other things in their possession (laptops, etc.)  Number of items with tags- single versus multiple 27
  • 28. NISO RFID in LibrariesIdentification During Detection  Provide the item ID of the object as it moves through the corridor  May be limited by:  Multiple item interference  Throughput if many items are present  Detection system reader and antenna design  Tag impact:  Tag performance and design  Tag placement  User Impact  Carrying position  Speed of travel 28
  • 29. NISO RFID in LibrariesThreats to RFID security  Vandalism  Tags ripped out of or off of materials  Shielding Tags  Booster Bags  Covering in foil  Electronic alteration  Rewriting of data on the tag  Other  Kids fascination with taking things apart or picking at labels 29
  • 30. NISO RFID in LibrariesWhat do the standards say about security?  The standards do not mandate a particular method of security  If AFI is used for security,  Checked - out value is C2hex.  Checked - in value is 07hex.  AFI must always be programmed to C2hex when the item is not physically inside the library regardless of security method  Recommendation is to avoid locking the AFI, so it can be used later for security. This future need could arise in your library or at an ILL borrowing library.  Informatively, the standards documentation notes that EAS implementations are typically proprietary and may inhibit a library’s ability to change chip providers in the future, should there be a desire to change. 30
  • 31. NISO RFID in Libraries Inter-library loan and how it affects security  Host library is responsible for supporting security method  When checked in, the host library would set the appropriate security method  AFI or EAS  Lending library is responsible for re-securing the item when it returns.© 3M 2010. All Rights Reserved. 31
  • 32. NISO RFID in Libraries Thank you  If you have any questions please don’t hesitate to contact me Matthew Bellamy Global RFID Product Marketing Manager 3M Track & Trace Solutions - Library Systems 3M Center, Building 225-04-N-14 | St. Paul, MN 55144 Office: 651-733-5373 | Mobile: 612-414-1809 | Fax: 651-732-8246 mbellamy2@mmm.com | www.3m.com/us/library© 3M 2010. All Rights Reserved. 32
  • 33. NISO Recommended Practice Sections 6 & 7: Privacy and Vandalism Dan Walters, Retired
  • 34. Patron Privacy & RFID• Privacy & RFID discussion context – Institutional and patron orientations regarding privacy issues – Professional and trade association orientations regarding privacy • ALA & BISG began work in 2003 on RFID privacy – Vendor and technology issues and constraints • RFID privacy strategies share approaches of ILS and other legacy systems to protect PII
  • 35. ALA, BISG & RFID• Privacy and Confidentiality – ALA document – http://www.ala.org/ala/aboutala/offices/oif/ifissues/privacyconfidentiality.cfm• Questions and Answers on Privacy and Confidentiality – http://www.ala.org/ala/issuesadvocacy/intfreedom/librarybill/interpretations/qa-privacy.cfm• Book Industry Study Group RFID Policy Statement, September 2004 – http://www.bisg.org/docs/BISG_Policy_002.pdf• Resolution on Radio Frequency Identification (RFID) Technology and Privacy Principles – ALA Council, January 2005 – http://www.ala.org/template.cfm?section=ifresolutions&template=/contentmanagement/contentdi splay.cfm&contentid=85331• RFID in Libraries: Privacy and Confidentiality Guidelines –ALA Intellectual Freedom Committee, June 2006 – http://www.ala.org/template.cfm?section=otherpolicies&template=/contentmanagement/contentdi splay.cfm&contentid=130851
  • 36. Resolution on Radio Frequency Identification (RFID) Technology and Privacy Principles• Acknowledges longstanding privacy and confidentiality• Five main policy tenets – Implement & enforce privacy policy that discloses all uses and changes of new RFID system – No Personally Identifiable Information (PII) but transactional data is permitted – Protect data by reasonable security safeguards against interpretation by any unauthorized third party – Comply with applicable law and follow best practices – Ensure that above four principles are verifiable by audit
  • 37. RFID in Libraries: Privacy and Confidentiality Guidelines• Policy Guidelines – Use RFID selection and procurement process to educate users and staff – Consider using two systems for circulation – RFID or no RFID – Update privacy policies /procedures in accordance with critical ALA policies – Assure appropriate configurations of RFID system – Notify public about Library’s use of RFID
  • 38. RFID in Libraries: Privacy and Confidentiality Guidelines• Best Practices – Continue practices securing bibliographic and patron databases from unauthorized use – Limit the bibliographic information stored on a tag to a unique identifier; store no PII – Block public from searching by unique RFID identifier• Talking To Vendors about RFID – Provides guidelines to determine vendors approach to privacy
  • 39. Vandalism• Acknowledge limits to preventing vandalism and theft in public lending institution• Technical modification of data using RFID readers – Security data – Tag contents – RFID Viruses – Detuning a tag• Physical defacing or removal of tag – Children play with stickers!