SIST-TP CEN/TR 16669:2014

SLOVENSKI STANDARD
SIST-TP CEN/TR 16669:2014
01-september-2014
Informacijska tehnologija - Vmesnik za izvajanje ISO/IEC 18000-3
Information technology - Device interface to support ISO/IEC 18000-3
Informationstechnik - Geräteschnittstelle zur Unterstützung von ISO/IEC 18000-3 Mode 1
and Mode 3 tags
Technologie de l’information - Interface de prise en charge d’ISO/IEC 18000-3 Mode 1
pour les appareils
Ta slovenski standard je istoveten z: CEN/TR 16669:2014
ICS:
35.020 Informacijska tehnika in Information technology (IT) in
tehnologija na splošno general
SIST-TP CEN/TR 16669:2014 en,fr,de
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

---------------------- Page: 1 ----------------------

SIST-TP CEN/TR 16669:2014

---------------------- Page: 2 ----------------------

SIST-TP CEN/TR 16669:2014

TECHNICAL REPORT
CEN/TR 16669

RAPPORT TECHNIQUE

TECHNISCHER BERICHT
June 2014
ICS 35.240.60
English Version
Information technology - Device interface to support ISO/IEC
18000-3
Technologies de l'information - Interface de prise en charge Informationstechnik - Geräteschnittstelle zur Unterstützung
d'ISO/CEI 18000-3 pour les appareils von ISO/IEC 18000-3 Mode 3 tags


This Technical Report was approved by CEN on 20 January 2014. It has been drawn up by the Technical Committee CEN/TC 225.

CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia,
Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania,
Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and United
Kingdom.





EUROPEAN COMMITTEE FOR STANDARDIZATION
COMITÉ EUROPÉEN DE NORMALISATION

EUROPÄISCHES KOMITEE FÜR NORMUNG

CEN-CENELEC Management Centre: Avenue Marnix 17, B-1000 Brussels
© 2014 CEN All rights of exploitation in any form and by any means reserved Ref. No. CEN/TR 16669:2014 E
worldwide for CEN national Members.

---------------------- Page: 3 ----------------------

SIST-TP CEN/TR 16669:2014
CEN/TR 16669:2014 (E)
Contents Page

Foreword .4
Introduction .5
1 Scope .6
2 Normative references .6
3 Terms and definitions .6
4 Symbols and Abbreviations .6
5 Executive Summary .7
6 Evaluation privacy protection level of ISO/IEC 18000-3 Mode 3 .7
6.1 General .7
6.2 Technology does not depend on a persistent tag id for air interface communications .8
6.3 Support of standardized access passwords .8
6.3.1 ISO/IEC 18000-3 Mode 3 tags .8
6.3.2 Kill password .9
6.3.3 Access password.9
6.4 Support of the Kill function. .9
6.5 Conclusion .9
7 Industry feedback on the need for the device interface .9
7.1 General .9
7.2 General description of system architecture for Library Management Systems . 10
7.3 Feedback on various quotes to justify the development of a device interface . 11
7.3.1 General . 11
7.3.2 Need for a device interface standard . 11
7.3.3 Migration from old to new technology . 11
7.3.4 Inertia associated with any attempt to standardize the device interface . 12
7.3.5 Additional security features built into the device interface. . 12
7.3.6 Delaying for two years will result in a lost opportunity? . 12
7.3.7 Leaving operators to choose between the technologies . 12
7.3.8 Standardized device interface to be incorporated into the PIA? . 12
7.3.9 Conclusion . 13
8 Industry feedback on features of the device interface as listed in the scope . 13
8.1 General . 13
8.2 Features of the device interface as listed in the scope . 13
8.3 GS1/EPCglobal LLRP and ISO/IEC 24791 . 14
8.4 Conclusion . 15
9 Threats through memory content in library RFID tags . 15
9.1 Analysis . 15
9.2 Conclusion . 15
Annex A (Informative) Industry representatives . 16
A.1 Libraries . 16
A.1.1 KopGroep Bibliotheken . 16
A.1.2 Stadtbibliothek Hannover . 16
2

---------------------- Page: 4 ----------------------

SIST-TP CEN/TR 16669:2014
CEN/TR 16669:2014 (E)
A.2 Library RFID System Integrators . 17
A.2.1 Bibliotheca . 17
A.2.2 Nedap . 17
A.3 Providers of ISO/IEC 18000-3 readers . 18
A.3.1 Feig . 18
A.3.2 Tagsys Europe . 18
Bibliography . 19

3

---------------------- Page: 5 ----------------------

SIST-TP CEN/TR 16669:2014
CEN/TR 16669:2014 (E)
Foreword
This document (CEN/TR 16669:2014) has been prepared by Technical Committee CEN/TC 225 “AIDC
technologies”, the secretariat of which is held by NEN.
Attention is drawn to the possibility that some of the elements of this document may be the subject of patent
rights. CEN [and/or CENELEC] shall not be held responsible for identifying any or all such patent rights.
This Technical Report is one of a series of related deliverables, which comprise mandate 436 Phase 2. The
other deliverables are:
— EN 16570, Information technology — Notification of RFID — The information sign and additional
information to be provided by operators of RFID application systems
— EN 16571, Information technology — RFID privacy impact assessment process
— EN 16656, Information technology - Radio frequency identification for item management - RFID Emblem
(ISO/IEC 29160:2012, modified)
— CEN/TR 16684, Information technology — Notification of RFID — Additional information to be provided
by operators
— CEN/TS 16685, Information technology — Notification of RFID — The information sign to be displayed in
areas where RFID interrogators are deployed
— CEN/TR 16670, Information technology — RFID threat and vulnerability analysis
— CEN/TR 16671, Information technology — Authorisation of mobile phones when used as RFID
interrogators
— CEN/TR 16672, Information technology — Privacy capability features of current RFID technologies
— CEN/TR 16673, Information technology — RFID privacy impact assessment analysis for specific sectors
— CEN/TR 16674, Information technology — Analysis of privacy impact assessment methodologies relevant
to RFID
4

---------------------- Page: 6 ----------------------

SIST-TP CEN/TR 16669:2014
CEN/TR 16669:2014 (E)
Introduction
In response to the growing deployment of RFID systems in Europe, the European Commission published in
2007 the Communication COM(2007) 96 ‘RFID in Europe: steps towards a policy framework’. This
Communication proposed steps which needed to be taken to reduce barriers to adoption of RFID whilst
respecting the basic legal framework safeguarding fundamental values such as health, environment, data
protection, privacy and security.
In December 2008, the European Commission addressed Mandate M/436 to CEN, CENELEC and ETSI in the
field of ICT as applied to RFID systems. The Mandate M/436 was accepted by the ESOs in the first months of
2009. The Mandate addresses the data protection, privacy and information aspects of RFID, and is being
executed in two phases. Phase 1, completed in May 2011, identified the work needed to produce a complete
framework of future RFID standards. The Phase 1 results are contained in the ETSI Technical Report TR 187
020, which was published in May 2011.
Phase 2 is concerned with the execution of the standardisation work programme identified in the first phase.
This Technical Report is related to the development of a Technical Specification to define the device interface
to support ISO/IEC 18000-3 Mode 3 tags.
The proposed Technical Specification on a device interface was intended to support two high frequency air
interface protocols; ISO/IEC 18000-3 mode 1 that has been established and used for 15 years and
ISO/IEC 18000-3 mode 3 that is just emerging. The assumption was that ISO/IEC 18000-3 mode 3 would
offer greater security and that the protection of the privacy would be better served by it. The proposed device
interface is intended as a serious attempt to bring greater control to this highly used air interface protocol. In
addition, by developing a device interface that supports both air interface protocols, there is the potential to
assist in the migration from the older, and (suggested) less secure, technology to a newer and (assumed)
more robust technology. Robustness, in this case, is not only of benefit to the operator of the system but also
to end users who come into daily contact with the technologies.
In the exploration phase to start with the preparations for the Technical Specification the project team
encountered a challenge to translate the specifics of the required device interface features into practical
specifications. First it was not clear why ISO/IEC 18000-3 mode 3 would offer greater security to protect the
privacy of the consumers. Second it was not obvious to which “application” the reader should connect and
how the proposed device interface would contribute to improving the privacy protection of the consumer.
Therefore the project team decided to consult the industry to get their feedback on the proposed standard for
a device interface.
The device interface is aimed at supporting ISO/IEC 18000-3 technology. The Library industry is by far the
largest market for the ISO/IEC 18000-3 tags. Therefore this Technical Report will focus on the value that the
proposed device could offer to improve the protection of the privacy of the consumer of the European Library
Industry.
This Technical Report describes the project team's approach to resolve the challenges. Clause 6 described
the evaluation of the privacy protection level of 18000-3 Mode 3. Clause 7 describes the feedback of the
industry on the need for the device interface. Clause 8 describes the feedback of the industry on features of
the device interface as listed in the scope. Clause 9 points to some potential threats caused by some of the
memory content in library RFID tags. Annex A contains the list of industry representatives who have
contributed to the creation of this report. Clause 5 draws the conclusions.
5

---------------------- Page: 7 ----------------------

SIST-TP CEN/TR 16669:2014
CEN/TR 16669:2014 (E)
1 Scope
The scope of this Technical Report is to assess the need to develop a Technical Specification to define an
interface that provides RFID system control components with low-level access to RFID interrogators for the
purpose of optimising RFID data access and control operations.
2 Normative references
Not applicable.
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
3.1
air interface
complete communication link between an Interrogator and a Tag including the physical layer, collision-
arbitration algorithm, command and response structure, and data-coding methodology
3.2
contactless
pertaining to the achievement of signal exchange with and supplying power to the card without the use of
galvanic elements (i.e., the absence of an ohmic path from the external interfacing equipment to the integrated
circuit(s) contained within the card)
3.3
interrogator (also known as reader)
a transmitter/receiver that reads the contents of RFID tags in the vicinity
3.4
RFID tag
an electronic identification device that is made up of a chip and antenna
4 Symbols and Abbreviations
AFI Application family identifier
CRC-5 5 bit Cyclic redundancy check
CRC-16 16 bit Cyclic redundancy check (calculated on power-up)
CRC-16c 16 bit Cyclic redundancy check (calculated in transmission)
CW Continuous Wave
ERC European Radiocommunications Committee
ETSI European Telecommunications Specifications Institute
HF High frequency
LMS Library Management System
PC Protocol Control
RF Radio frequency
SRD Short Range Devices
6

---------------------- Page: 8 ----------------------

SIST-TP CEN/TR 16669:2014
CEN/TR 16669:2014 (E)
TID Tag-identification or tag identifier, depending on context
UHF Ultra High Frequency
UID Unique device IDentifier
UII Unique Item Identifier
XPC Extended Protocol Control
TM
XTID Extended TID indicator (see version 1.3 and above of the EPCglobal Tag Data Standards)
5 Executive Summary
The three "assumed" security features of ISO/IEC 18000-3 mode 3 do not provide any improvement for the
protection of the consumer's privacy.
The differences between ISO/IEC 18000-3 Mode 1 and Mode 3 are on the physical layer and on the memory
addressing. Mode 3 in comparison to Mode 1 does not provide any additional feature that could be used to
improve consumer privacy.
The device interface will not help to improve the privacy protection of the European citizen.
The feedback from the representatives of the European Library Industry in Clause 7 makes clear that the
industry sees neither an advantage nor a need for the proposed standard for it will not improve the privacy
protection of the citizen in any way.
Besides the fact that the proposed standard will not help to improve the privacy protection of the citizen, the
cost of developing and implementing such interface in the existing infrastructure of the RFID Application
Software or Library Management Systems would be prohibitive.
Therefore CEN/TC 225 Project Team E recommends dropping the development of the proposed device
interface standard.
6 Evaluation privacy protection level of ISO/IEC 18000-3 Mode 3
6.1 General
The description of Deliverable Task E.4 states:
There is one event that might completely change the situation: the introduction of ISO/IEC 18000-3 Mode 3 air
interface protocol and tags. This technology is still in its infancy, but has been developed as the high
frequency 'equivalent' of the ISO/IEC 18000-6 Type C technology. It offers higher performance, greater
security, and the attributes of medium range reading that has proved acceptable for many applications. As
examples ISO/IEC 18000-3 Mode 3 offers three features not supported by the established high frequency
RFID tags:
1) the technology does not depend on a persistent tag id for air interface communications;
2) it supports standardized access passwords;
3) it supports a kill function.
This is remarkable, because key difference of ISO/IEC 18000-3 Mode 3 versus ISO/IEC 18000-3 Mode 1 is
the speed of reading so that more items could be scanned per second. Mode 3 does not offer any more
features that can be used to protect the privacy of the consumer. This clause describes the evaluation if the
assumed security features.
7

---------------------- Page: 9 ----------------------

SIST-TP CEN/TR 16669:2014
CEN/TR 16669:2014 (E)
6.2 Technology does not depend on a persistent tag id for air interface communications
ISO/IEC 18000-3 Mode 1 and ISO/IEC 18000-3 Mode 3 have a different way of collision resolution, but in both
case the end result is a constant reply that always returns the same number for the tag. Mode 1 tags always
return the UID, Mode 3 tags always return the UII. Figure 1 illustrates the interaction between an interrogator
and a tag for mode 3 tags.

Figure 1 — Interaction between interrogator and tag
While the UII could be empty for the purpose of the anti-collision the TID memory is defined to contain unique
information, where read access cannot be prevented.
6.3 Support of standardized access passwords
6.3.1 ISO/IEC 18000-3 Mode 3 tags
ISO/IEC 18000-3 Mode 3 tags do support passwords, but they have no relevance for the protection of the
consumer's privacy. The memory of a Mode 3 tag is logically separated into four distinct banks, as shown in
Figure 2.

Figure 2 — Memory map of ISO/IEC 18000-3 mode 3 tags
8

---------------------- Page: 10 ----------------------

SIST-TP CEN/TR 16669:2014
CEN/TR 16669:2014 (E)
The memory banks are:
— Reserved memory contains the kill and and/or access passwords.
— UII memory contains the UII that identifies the object to which the tag is or shall be attached.
— TID memory contains the TID that identifies the tag.
— USER memory is optional and might contain user data.
6.3.2 Kill password
The Kill password is a 32-bit value that an Interrogator may use to kill a tag and render it nonresponsive
thereafter. See also 6.4.
6.3.3 Access password
The Access password is a 32-bit value that an Interrogator needs to submit before the tag will transition to the
secured state. In the secured state the interrogator can change the Access password and the write lock bits.
The Access password does not prevent the Interrogator from reading the UII, TID or User Memory. In other
words, the Access password cannot be used for read-protection.
6.4 Support of the Kill function.
ISO/IEC 18000-3 Mode 3 supports a Kill function to render a tag nonresponsive after the execution of the Kill
command. This feature is implemented to protect the privacy of the consumer when he or she purchases a
product that has an RFID tag attached to it. The tag can be killed before the consumers leave the store, which
practically eliminates any privacy risk.
For applications where a tag cannot be killed because it needs to be re-used, for example an RFID tag in a
library book, the Kill feature does not offer any improvement to protect the consumer's privacy.
6.5 Conclusion
From a privacy protection perspective the differences in air interfaces communications offer no difference in
privacy protection of an ISO/IEC 18000-3 Mode 1 versus an ISO/IEC 18000-3 Mode 3 tag.
The passwords on the ISO/IEC 18000-3 Mode 3 tags can only be used to protect the Reserved Memory and
the lock functions of the tag. They do not offer any feature to improve the protection of the privacy.
For the library industry the Kill feature does not offer any improvement to protect the consumer's privacy.
Compared to ISO/IEC 18000-3 Mode 1 tags the three additional security features of ISO/IEC 18000-3 Mode 3
do not provide any improvement for the protection of the consumer's privacy.
As a conclusion the statement in the description of the deliverable that "the introduction of ISO/IEC 18000-3
Mode 3 air interface protocol and tags might completely change the situation" does not apply and is not useful
for the improvement of the protection of the consumers' privacy.
7 Industry feedback on the need for the device interface
7.1 General
The description of Deliverable Task E.4 states:
9

---------------------- Page: 11 ----------------------

SIST-TP CEN/TR 16669:2014
CEN/TR 16669:2014 (E)
"Developing a device interface specification that encompasses the new (ISO/IEC 15693-mode3) and the older
legacy technology (ISO/IEC 15693-mode1) will provide an option for migration from the legacy technology and
interoperability between the two technologies."
In the exploration phase to prepare for the Technical Specification the project team encountered a challenge
to translate the specifics of the required device interface features into practical specifications. It was not
obvious to which “application” the reader should connect and how the proposed device interface would
contribute to improving the privacy protection of the consumer. Therefore the project team decided to consult
the industry to get their feedback on the proposed standard for a device interface. This clause reports the
feedback from the European Library Industry on the value of the proposed device interface to improve the
privacy protection of the European consumer.
7.2 General description of system architecture for Library Management Systems
This subclause provides a brief description of the LMSs that are used in the European Library Industry. Figure
3 illustrates typical system architecture of an LMS, and its connections with the RFID System Integrators
Application Software (eg Self Service, Security, Automation, Inventory and Staff Services).

Figure 3 — System architecture of a Library Management System
Heart of the LMS is the library database and the application software that controls it. The database contains
all the data that is necessary to run the LMS, including all data related to the books. The RFID tag in the book
only contains a unique "book identifier" number that is used as "record locater" for the information about the
book that is stored in the database.
As indicated in Figure 3 the LMS is connected with several "sub-systems" of the RFID System Integrators
Application Software that provide some dedicated functionality for the libraries, like sub-systems for self-
checkout, book returns, sorters etc. When comparing different LMSs and RFID Application Software, first thing
that is noticed is that all are different and are build with custom architectures and proprietary interfaces. None
of the LMSs or RFID Application Software have the same architecture. Only one interface, between the self-
service unit and the LMS database, has a degree of standardization with either a SIP2, NCIP or a Web
Services interface, but even then many have proprietary additions/features; however this has nothing to do
with RFID or the privacy of the consumer, as this interface relates to any self service equipment irrespective of
ID/security technology (barcode, RF, and EM are used, as well as RFID). The sub-systems with self-service
10

---------------------- Page: 12 ----------------------

SIST-TP CEN/TR 16669:2014
CEN/TR 16669:2014 (E)
software and RFID-reader are offered as one package delivered by one supplier, so no advantage is gained
with a standard interface.
The interfaces of the RFID readers are all proprietary and customised for its various purposes. In general
these interfaces support different tag protocols and use the same user commands for common tag operations
like read, write and lock. So the reader protocol is identical for tags that are compliant with ISO/IEC 18000-3
Mode 1 and ISO/IEC 18000-3 Mode 3. That makes it very easy to integrate the protocol in all kinds of readers;
from simple short-range (proximity, few cm) reader modules up to highly sophisticated long-range (up to 100
cm) readers. Although most reader manufacturers offer similar functionality on the reader interface, their
implementation is always proprietary.
In the library industry the RFID readers have turned into a commodity, where price is the most differentiating
factor. Most RFID reader manufacturers produce "general purpose" readers and customise them for specific
functionality at the request of an RFID system integrator or an LMS.
With regards to the protection of the privacy of the consumer it is important to point out that RFID technology
has already been in use for the libraries for many years and has already delivered effective economic & social
benefits for the library markets. Safeguards have been put in place to protect access to the LMS database
effectively. RFID readers have no access to the LMS! There is also no link from the "book identifier" that is
stored on the RFID tag to any privacy related data. The "book identifier" is just a number that acts as a pointer
to a record in the LMS database. It can only be connected to personal data through access to the LMS and its
database. In summary, the Library Industry has managed to effectively protect the privacy of the European
consumer.
7.3 Feedback on various quotes to justify the development of a device interface
7.3.1 General
This subclause lists the feedback from the European Library Industry on the various quotes in the "call for
experts" to justify the development of the device interface.
7.3.2 Need for a device interface standard
Quote: "Although the air interface has been standardized, there is no standardization of the device interface to
the application. Instead there is a multiplicity of proprietary device interfaces."
The industry confirms that there are several different device interfaces on the market and that most of them
are proprietary to the various reader vendors. The brief summary of the LMS architecture in 7.2 already shows
that all interfaces of the RFID readers are proprietary. It is interesting that the requirements have not
considered the impact of the changes on the LMS side. Besides the effort to develop such device interface
standard, the introduction of it will cause tremendous development and implementation costs for both the
manufacturers of the RFID readers and the system integrators of the LMSs.
In addition, the introduction of such interface will also lead to the need for compliancy tests, causing an even
greater increase of the total cost of the introduction.
7.3.3 Migration from old to new technology
Quote: "There is the potential to assist in the migration from the older, and less secure, technology to a newer
and more robust technology."
Quote: "Developing a device interface specification that encompasses the new and the older legacy
technology will provide an option for migration from the legacy technology and interoperability between the
two technologies."
11

----------
...