Progress Report

December 2018

Contents

Executive Summary

Secured Software Development Life Cycle

Enterprise Technology Readiness

System Architecture

Collaboration via ZK-Snark

Blockchain Scalability

Tomochain (Packet Tracker Node)

Quorum (Packet Tracker Node)

Scalability Comparison Matrix

Solution Overview

Electronic Product Code Information Services (EPCIS) Processing and the FarmaTrust API

API Endpoints

Sample Code Example

Batch EPCIS XML Processing

Software Quality Assurance Management

Test Status Report

Traceability Matrix

Data Centre Design

Infrastructure

Smartphone Apps

FarmaTrust Track & Trace app

FarmaTrust Verify app

Zoi Exchange

Certification and Governance

Conclusion and Next Steps

Executive Summary

FarmaTrust has created a supply chain track & trace solution to meet any serialization requirements from any country and to meet any standards for supply chain events including GS1 EPCIS event model or extension of it.

Now we have an enterprise solution to create a full network effect in the pharmaceutical industry fostering collaboration among various major players in the supply chain but at the same time protecting their competitive interests. The work for our cost-efficient B2B Zoi exchange is in progress. We have demonstrated our white label capability via OEM relationship by integrating with Systech One.

We have provided solution design to Systech One and a confidential client in CT / GT field and used it for Mongolia feasibility study (which is signed off now) by selecting appropriate architecture building blocks from our enterprise platform.

Secured Software Development Life Cycle

This procedure provides guidance for the activities that occur during the software development life cycle (SDLC) for projects at FarmaTrust. It’s an abstraction of the Open Unified Process for software development. Click here for direct access.

The aim being to implement the approved scope via the agreed scheduled milestones, within the agreed cost budget, and with the agreed to level of quality; while, retaining control over the project’s associated risks.

This procedure is light-weight by design; balancing the needs of delivering a quality product with the desire for useful documentation and having a product that is relatively easy to maintain.

The diagram that follows, shows the process flow for the activities that occur during the software development life cycle.

Figure 1. S-SDLC Process

Enterprise Technology Readiness

We are making process consistently at a speed that is expected according to our roadmap. Our technical vision to support the business strategy is progressively realized via our target reference architecture given below. I like to emphasise a capability required in pharma packet level serialization which is bulk loading of packets. We will achieve it via asynchronous processing using our message queueing solution.

System Architecture

Our key technical components that we have finished developing are:

We have completed our 11 plus node implementation to provide a permissioned blockchain network using POA consensus. Our RESTful API, a private client, now invokes smart contract per trade partner such as manufacturer, whole distributor and so on.

Collaboration via ZK-Snark

We are progressing in the implementation of this capability by closing working on the ZSL provided by Quorum Blockchain technology.

Blockchain Scalability

Tomochain (Packet Tracker Node)

We have deployed our track & trace smart contract onto a permissioned / private node and conducted a load and performance testing running various test case using LoadRunner scripts invoking the FarmaTrust API at burst of 1000 tps, 2000 tps, 3000 tps and 4000 tps. During the runs we found the results below. Each node has a capacity of 2 VCPUs and 4GB RAM.

Quorum (Packet Tracker Node)

We have deployed our track & trace smart contract onto a Quorum Blockchain, a permissioned / private node. It’s a fork off EVM developed as open source solution. Apart from its Zero Knowledge Security Layer we are using it native consensus layer to process smart contracts. We conducted a load and performance testing running various test case using LoadRunner scripts invoking the FarmaTrust API at burst of 1000 tps, 2000 tps, 3000 tps and 4000 tps. During the runs we found the results below. Each node has a capacity of 2 VCPUs and 4GB RAM. Below is a comparison matrix of existing smart contract on Geth node and Quorum node.

Scalability Comparison Matrix

Scalability Comparison Matrix

Solution Overview

Using appropriate architecture components from our enterprise platform FarmaTrust system is scalable, flexible and modular and can operate between different systems between the production line and business departments. Smart contracts enable us to tailor our system for different needs and automate the processes and with our permissioned blockchain network we provide now real-time tracking of product ownership. The diagram below illustrates one such solution architecture.

FarmaTrust / Systech Solution Architecture

To prevent duplicate serialized packet while maintaining transaction privacy work, the solution leverages EPCIS event model and private messages to exchange sensitive data between trade partners, execute business rules in smart contracts and API to prevent double transfer and transaction manager ensures authenticity of such transactions.

Electronic Product Code Information Services (EPCIS) Processing and the FarmaTrust API

Transactions can be sent to the FarmaTrust blockchain via the FarmaTrust API. The API provides endpoints that correspond to a subset of the EPCIS core business vocabulary. It also includes a variety of other endpoints that enable chain-of-custody verification, batch EPCIS XML processing and product custody transfer.

Note: For a full and detailed description of the FarmaTrust API, please refer to the official API documentation entitled, “FT Project API”

API Endpoints

GET Jobs

GET Proof

GET proof/last_id

GET Proofs

GET Tx

GET Serial

GET android/chronological

GET android/detail

GET android/jobs

GET android/batch

GET android/sgtin

POST Commission

POST Pack

POST Ship

POST Receive

POST Dispense

POST Transfer

POST Upload

POST Reset

Sample Code Example

Manufacturer: Transfer custody to Wholesale Distributor 1

Example Request:

curl -X POST \

http://{{HOST}}/transfer \

-H ‘Content-Type: application/json’ \

-m 300 \

-d ‘{

“from” : “{{manufacturer}}”,

“to” : “{{wholesale_distributor_1}}”,

“proofId” : “5”,

“jobId”: “{{JobId}}”

}’

Sample Response:

tx_hash: “0x357313014a711f9a4fb710a4f81f3753d7329f7a0610b55e3e57c5f1a4e1a51f”

Batch EPCIS XML Processing

While discrete data capture events can be issued to the blockchain via individual API endpoint calls, it is also possible to process batches of EPCIS events through submission of EPCIS XML files to the /upload endpoint.

Software Quality Assurance Management

Among various management tools that we use, the primary one we use is TestLink, JMeter, Selenium, TestNG and BlazeMeter. Few screen shots given below of the usage of TestLink.

Test Status Report

Traceability Matrix

Data Centre Design

Infrastructure

The diagram below shows how we have created servers for UAT/Production environments on Azure availability zone. It shows single part of infrastructure architecture, the same way we have Geth/DB servers with Firewall, load balancer and multiple availability zone.

Regional and global failover options Availability Zones are physically separate locations within an Azure region 99.99% for uptime of virtual machines

Our security policy across all environments:

Subnetting through different vNet switch for each environment

Strong inbound firewall policy for each server

IPSec VPN tunnel to access server

Server security patch/Vulnerability management

Control routing behaviour

Intrusion detection/Intrusion Prevention

Monitor antivirus/malware alerts through Azure Security Center

Smartphone Apps

FarmaTrust Track & Trace app

We are performing intense stress and performance testing of our track and trace app. We have already started the google play store onboarding process.

FarmaTrust Verify app

We are performing intense stress and performance testing of our track and trace app. We have already started the google play store onboarding process.

Zoi Exchange

FarmaTrust Management Team moved up the publishing date of Zoi Exchange. The delivery is on schedule by our vendor but if there any unexpected delay we will notify the community.

Certification and Governance

We believe our ecosystem will be effective by working with Enterprise Ethereum Alliance to create a body called Pharma Blockchain Governance Authority. Working with the industry we will create a governance framework comprising principles, standards and guidelines and to support the governance process and to conduct quarterly review.

Governance for a blockchain platform will be critical for such a system to operate effectively and gain adoption.

The success of governance lies in performing only the necessary oversight of the system — what minimally needs to be done — thereby allowing for innovation and free market competition for the provision of services related to aspects of the platform.

Further work needs to be done to determine if existing infrastructure already exists that could be an appropriate “home” for such governance. Regardless of where this governance will finally sit, a key expectation is that it will be collaboratively performed with industry working groups and will leverage dialogue and decisions made elsewhere to be implemented on the blockchain.

Conclusion

FarmaTrust is at the cusp of solving a huge problem that is affecting the international pharmaceutical industry. The FarmaTrust solution will make the world a safer, healthier and economically better place for everyone. FarmaTrust solves the problem in an optimal way that minimizes a burden on the industry and is easy to use.

We do not underestimate the effort required to work with regulators to ensure that our product will be certified and compliant within the industry. Our goal is to make the supply chain more efficient, and thereby helping people and saving lives.

Next Steps