The Auto-ID Labs are working closely with GS1 to develop a framework for Event-Based Traceability, which can be used to make supply chains safer and more secure.
The foundation for this work is the use of the GS1 EPC Information Services (EPCIS) standard to capture and share observations of individual objects as they move through supply chain networks. EPCIS events can record the initial creation ('commissioning') of an individual serialised product instance, as well as the details about when it is shipped from the manufacturer, together with each subsequent receiving and shipping operation further downstream, as well as information about changes of containment (e.g. when items are packed into cases and cases are bound together on pallets, as well as the subsequent disaggregations).
Counterfeiters are becoming increasingly successful at producing counterfeit products that look like the genuine product but typically lack the quality, safety or effectiveness of the original product. This is a particular concern for products that might be ingested (e.g. food products, pharmaceuticals) or for safety-critical parts (e.g. aircraft components, automotive / locomotive parts). Already in the USA a number of states have introduced legislation requiring much better systems for recording and checking the provenance of prescription pharmaceuticals. This is often known as Electronic Pedigree. The advantage of an Event-Based Traceability founded on open standards such as EPCIS is that all supply chain parties can share traceability information using a standardised data model and interfaces and the data can be automatically checked at each change of custody or change or ownership for any gaps or inconsistencies in the data that might indicate an attempt to insert counterfeit product into a legitimate supply chain; the idea of Event Based Traceability is that counterfeit products will lack the traceability information all the way back to the original manufacturer, so it will be possible to use analysis of the traceability data to promptly detect such counterfeit products and quickly eliminate them from supply chains.
In 2013 we have contributed to the development of a technical framework for the security of such Event-Based Traceability systems. Serial-level traceability data is commercially highly sensitive and can reveal information about inventory volumes, production rates, sales rates, trading relationships etc. It is therefore very important that companies can contribute such serial-level observation data to a secure system that ensures that it is only shared with trusted parties on a need-to-know basis, for establishing the traceability history of each individual product that a company handles - and that the data will not be available for unauthorised data mining or analysis for other purposes. It is equally important that when EPCIS event data repositories are being used as systems of record, that there is adequate security to protect such systems against various well-known security threats and to ensure that the data stored in the repository was contributed by legitimate trusted parties and that falsification of data can be efficiently detected and eliminated.
In 2014, we expect to contribute to the definition of an open standard for Checking Services, a new component of the GS1 architecture which can automatically perform a number of configurable test procedures on EPCIS event data, to check for gaps and inconsistencies and report any failures or warnings well in advance of arrival of the physical goods, so that a receiving party can decide which individual product instances to accept and which packages to refuse or quarantine for further inspection.