Recommendations on data and network standards

• Use synergies between “Internet of Things” and RFID emergence

It is a great challenge to work out sustainable application independent data and network standards. As the characteristics of RFID components and the complexity of the system may vary significantly from application to application, the standards have to meet the middle course between regulation and flexibility. The definition of the system architecture clustered in building blocks separated by well defined interfaces is crucial. It is evident that due to the novelty of most interface standards, optimisation of single standards is still going on.

The stage of maturation is decreasing from interface definitions close to the reader to the network infrastructure of the World Wide Web.

Discussions about data management over web are very much influenced by the idea of the “Internet of Things”.

Over a decade ago Mark Weiser developed a vision of technological ubiquity, meaning that the availability of local processing power is combined with miniaturisation to a degree that makes it possible to have online connection of anything, anytime and anywhere. It is anticipated that the technological development for miniaturised computer power as well as hardware elements like sensors and nanotechnology will enable applications that include objects transferring information about themselves or their environment to relevant addressees by them. Connections will multiply and create an entirely new dynamic network of networks – the “internet of things”. The mobile phone can be regarded as an early form of this type of ubiquitous information network. In mid-2005 the number of mobile phones sold worldwide surpassed 2 billion. Such a kind, people in principle can communicate on a worldwide basis. The idea of the internet of things includes the concept of having communicating objects in addition.

This vision includes a big number of different technologies, like smart sensor networks, RFID, Nanotechnology etc. RFID is only one part of this new technology and developed somehow independently from the big vision. Regarding data and network standards, some of the basic ideas of the internet of things are reflected in the ONS (Object Naming Service) defined by EPCglobal. It can be expected that further development of this concept will be linked more to the emergence of the internet of things than now. RFID applications of today and the near future can be built without the usage of ONS.

The emergence of ONS will very much depend on the market needs and user acceptance.

The recommendation therefore is to foster R&D activities to look for alternative concepts to fulfil market needs and privacy and synchronise standardisation activities accordingly.

• Ensure proper ONS implementations (Object Name Service)

The Object Name Service (ONS) standard describes an automated networking service that points computers to sites on the World Wide Web. It uses methodologies of the internet, namely the Domain Name Service (DNS). When an RFID reader reads an EPC, it is passed to middleware, which, in turn, goes to an ONS on a local network or the internet to find out where information on the product is stored. ONS points the middleware to all EPC-IS servers, where files about that product are stored. The middleware retrieves the files and the information about the product in the file can be forwarded to a company's inventory or supply chain application. The EPC-IS servers might be located at different participants of the supply chain.

It is obvious that by using this methodology there is a potential risk that highly sensitive information about products, involved companies or even individuals can be spied out. Another threat is that root data or product data is being faked for criminal reasons. Therefore proper security measures have to be foreseen in addition to ONS in order to ensure privacy. One option would be to set up VPN (Virtual Private Network) connections between companies being involved in data exchange. The advantage is that the methodology is reliable. Unfortunately it requires high coordinative and administrative effort.

A further risk is the loss of system functionality for technical reasons. It is not acceptable that high sensitive processes like the supply chain depend on the availability of internet connections. It is essential that redundancies will be foreseen in the system.

The ONS concept requires the availability of centralized root information. A hierarchical approach is used to assign ranges of EPCs to issuing agencies in a way that the uniqueness of an EPC for a specific product can be guaranteed. Each issuing agency can assign EPC ranges to EPC managers. EPC managers again are able to assign EPCs to companies.

Big enterprises may have the role of an EPCmanager. By this approach issuing agencies and EPCmanagers are able to assign EPCs completely independent from the central system. Each assignee can decide whether the related EPC range should be stored in the root ONS or not. The minimum set of information there is the segmentation for the assignment agencies.

Up to now EPCglobal has awarded the US company VeriSign a contract to maintain the root ONS only. By this no redundancies are available and the security measures for data transfer apply to US regulations only. There are ongoing activities to improve the situation by setting up a second platform in France. It is planned to have the European root ONS available until March 2008, a first step to improve the situation.

There is a lot of work to be done in order to define comprehensive systems and standards around ONS. EPCglobal has started to investigate the white spots in the architecture framework. It is essential to develop proper methodologies quickly, and this is a good opportunity to enable European experts to participate in the solution finding. 

In the meantime RFID systems can be managed without using ONS. State of the art data exchange mechanisms built on bilateral high security networks can be used to connect EPC-IS data bases. The concept of the EPC Architecture Framework foresees to migrate to ONS later on.

• Ensure data interoperability between different code issuing agencies

One of the big advantages of RFID over barcode is that many objects can be identified automatically at once without having the need for a line of sight. This means every RFID transponder communicating with the right air interface protocol coming into the reading range of the antennae is read by the reader. The relevant data standards defined by ISO and EPCglobal provide smart filtering methodologies making sure that transponders not belonging to the specific application are filtered out from data processing.

Precondition for this functionality is the uniqueness of code for a single item.

 For EPCs GS1 acts as the issuing agency for codes. For many end users a lot of synergies could be leveraged by building on the family of GS1 identification numbers, known collectively as the GTIN, GLN, SSCC, GRAI, etc. GS1 assigns EPCs to end users and is taking care that the numbering schemes guarantee uniqueness.

Industries not making use of EPC have to be forced to use the relevant ISO standards to assign identifiers.

Even when RFID transponders are used in closed loop applications, it has to be considered that transponders remaining on an item might cause number collision problems in a downstream process outside the closed loop.

The potential risk of number collision will increase tremendously with the evolvement of RFID applications.

Therefore it is eminent to force RFID users to make use of the relevant data standards and it is mandatory to force industries planning to issue codes to apply to the rules defined by the standards.

• Speed up the development of standard compliant products

As the network standards defined by EPCglobal have been released recently, the number of standard compliant products available today is very limited. Most RFID projects are integrated still basing on proprietary protocols. Therefore, the integration effort and project cost is high. As there is still risk that recently released standards will be updated, suppliers hesitate to replace their proven proprietary solutions. In the future market there will be needs for main drivers. Especially in case of data and network standards the involvement of end users will thus play a major role. Due to the organisational impact caused by data exchange, the specific requirements of end users should be incorporated. More European end users should be involved in the standardisation process.

• Review network standards against suitability for specific applications

The level of data security and privacy measures is defined by the needs for specific applications. As data and network standards are defined independent of applications, existing standards used in various applications have to be tested from case to case whether they still fulfil relevant requirements or not. Moreover, many applications have a need to transfer additional data to RFID data, typical examples are global master item data or additional multimedia data.