-
Notifications
You must be signed in to change notification settings - Fork 4
EPCIS Data Sanitizer
Organization: fTrace
Challenge Owner Name: Carsten Mohr mohr@ftrace.de
EPCIS events (concise messages about the ‘what’, ‘when’, ‘where’ and ‘why’ of business process steps) often contain business-sensitive data which presents a problem for early testing or posting events to a public blockchain. If certain data elements of an event could be sanitized for testing or publishing purposes, many uses of the event framework could still occur while protecting trading partner(s) data.
EPCIS is an information sharing standard for communicating visibility event data (e.g. production, inspecting, packing, shipping, etc. of goods) between trading partners. In a nutshell, the standard defines a data model for visibility event data and interfaces to capture and share the data. The data elements recorded identify objects, places, times and parties which can often be used to infer business relationships between trading partners that may not otherwise be public. While encryption appears to be an easy solution, the possibility of the private key becoming known or the inability of retracting access make it an undesirable option. Trialing proof of concepts, leveraging public blockchains, ensuring chain of custody, and more are a few of the use cases where selective disclosure of event data would be advantageous.
An effective solution to this challenge will demonstrate a mechanism for obscuring and/or truncating data from an EPCIS event such that the essence of the event is preserved for use cases mentioned above while sensitive data is hidden. Hackers addressing this challenge could consider using a hashing algorithm to obscure certain data elements of the event in such a way that the data would only be knowable by the sender and recipient. While much of the data contained in the event will be obscured or truncated, it is still essential for a receiving trading partner to be able to discover the event. Effective solutions will enable this discovery without revealing the identities of the trading partners or an underlying transaction.
For instance, instead of a specific product batch/lot identifier (which, in EPCIS, is typically represented in the form of a URN, e.g. urn:epc:class:lgtin:4012345.000151.4711), a sanitized equivalent of the ID could look like this: ni:///sha-256; 1b1df92df91b706c68dbec89ac521649a85abc4b74523700d444358d2 f0079c3?input=lgtin. In this particular instance, the sample string includes the hash value of the above LGTIN EPC Class URI, the hash algorithm, and the input of the hash function, so that organizations having knowledge of a given product identifier can query a shared ledger for datasets pertaining to this very product batch/lot. Other, more static identifiers (such as a GLN) should follow a multi-hash approach to ensure privacy, e.g. through including previously agreed salt values (e.g. masking codes having a certain validity period).
- EPCIS Standard 1.2
- EPCIS Standard webpage
- EPC Tag Data Standard 1.12
- Innovative Solution Approach for Controlling Access to Visibility Data in Open Food Supply Chains
- Naming Things with Hashes
- [Sample seafood EPCIS event data – GDST team will supply]
-
CTEs and KDEs
-
Challenges
-
Global Food Traceability Center Resources
-
Help Videos
-
Tools
- VeChain Resources
- JSON EPCIS Formatter
- Check Digit Calculator
- EPC Encoder/Decoder
- GS1 Company Database
- Build a Sample UPC Barcode
- Barcode Generator
- UUID Generator
- QR Code Generator
- Visibility Workbench
- Free EPCIS
- Oliot Project Overview
- Oliot Project Github
- Oliot Project Tutorial
- Open Ag Alliance Trellis
- FlureeDB Free Blockchain Database
- Global Fishing Watch Map & Data
- FAO Blue Bridge
- Marine Traffic
- Example Pedigree File, uid Request pw is baguette
- Scandit: Barcode Scanning Software and Technology Solutions
-
Documentation for Commercial Systems that Use EPCIS