in a computer network and system

The present disclosure refers to a method for controlling distribution of a product in a computer network and a system.

Background

Chain-of-custody may be referred to the chronological electronic documentation trail that records the sequence of custody, control, and transfer of a product or product item.

Document WO 2017 / 027648 A1 refers to a system for tracking and recording the chain-of- custody for assets within a supply chain that creates a non-repudiatable electronic log of each custody transfer at each transfer point from initial creation, to final transfer or disposal. The system uses encryption technology to register assets that are to be transferred and whose chain of custody is to be ensured. Through use of encryption key pairs and blockchain encryption technology, an electronic document is created in an encrypted transaction log updated at each change of custody point. At each such change of custody point, the new custodians who receive the product are provided with the information generated by the originator.

Document WO 2016/138447 A1 discloses a system for tracking end-to-end provenance of labeled goods despite re-unitization, repackaging, or transformation of the goods. The sys tem comprises cryptographic codes including a first cryptographic code and a second cryp- tographic code. Each cryptographic code can include a private key to serve as a label and a public key that serves to identify a cryptographic address in a distributed consensus network. The system can track a source item by publishing a first cryptographically verifiable record that associates an original stock keeping unit and an original quantity with a first cryptograph- ic address associated with the first cryptographic code. The system can re-unitize the source item by publishing, to the distributed consensus network, a second cryptographically verifia- ble record that indicates the first cryptographically verifiable record as a source and associ ates a new stock keeping unit and a new quantity with a second cryptographic address associated with the second cryptographic code. Summary

It is an object of the present disclosure to provide an improved method and system for con- trolling distribution of a product in a computer network.

For solving the object, a method for controlling distribution of a product in a computer network according to the independent claims 1 is provided. Further, a system according to the independent claims 13 is provided. Embodiments are disclosed in the dependent claims.

According to an aspect, a method for controlling distribution of a product in a computer network is provided, the method comprising providing a computer network having a plurality of processing devices each comprising one or more processors and a storage. Keys for asym metric cryptography are provided in the computer network, comprising; providing a pair of product keys, the pair of product keys assigned to a product to be distributed and comprising a private product key and a public product key; and providing a pair of manufacturer keys, the pair of manufacturer keys assigned to a manufacturer and comprising a private manufac turer key and a public manufacturer key. In a first data processing device assigned to the manufacturer in the computer network, the method is further comprising; generating a matrix code by encoding first electronic information comprising the private product key; providing the public product key, the public manufacturer key, and the private manufacturer key; generating a first transaction assigned to the product, a first transaction content of the first trans action comprising the public product key, and the public manufacturer key, and signing the first transaction with both the private product key and the private manufacturer key. Imprint- ing data are provided for imprinting an imprint of the matrix code is provided on the product.

According to another aspect, a system is provided, comprising a computer network having a plurality of processing devices each comprising one or more processors and a storage; and data processing instructions. The data processing instructions are provided by one or more software applications running in the computer network and are to be processed by the one or more processors provided in the plurality of data processing devices for controlling a chain- of-custody for a product in the computer network. The data processing instructions are con figured for providing keys for asymmetric cryptography in the computer network, comprising: providing a pair of product keys, the pair of product keys assigned to a product to be distributed and comprising a private product key and a public product key; and providing a pair of manufacturer keys, the pair of manufacturer keys assigned to a manufacturer and comprising a private manufacturer key and a public manufacturer key. Further, the data processing in- structions are configured for, in a first data processing device assigned to the manufacturer in the computer network: generating a matrix code by encoding first eiectronic information comprising the private product key; providing the public product key, the public manufacturer key, and the private manufacturer key; generating a first transaction assigned to the product, a first transaction content of the first transaction comprising the public product key, and the public manufacturer key; and signing the first transaction with both the private product key and the private manufacturer key. The data processing instructions are configured for providing imprint data for imprinting an imprint of the matrix code on the product.

The product is distributed to a customer, such distributing may comprises providing the product through the first distributor or through the first distributor and at least one additional (sec- ond) distributor to the customer.

By the method and the system, a chain-of-custody for distribution of the product can be con trolled.

The imprint may be provided, for example, on at least one a product packaging and a package insert. The imprint may comprise a QR code (abbreviated from Quick Response Code) and / or some other type of matrix barcode (or two-dimensional barcode). A barcode is a machine-readable optical label that contains information encoded. A QR code consists of black squares arranged in a square grid on a white background, which can be read by an imaging device such as a camera, and processed using Reed-Solomon error correction until the image can be appropriately interpreted. The required data is then extracted from patterns that are present in both horizontal and vertical components of the image.

The imprinting data are configured to be provided or outputted to a printing device for imprinting the imprint of the matrix code.

The method may be further comprising providing a pair of first distributor keys, the pair of first distributor keys assigned to a first distributor and comprising a first private distributor key and a first public distributor key; and providing the first transaction content further comprising the first public distributor key.

The method may be further comprising providing a pair of second distributor keys, the pair of distributor keys assigned to a second distributor in the computer network and comprising a second private distributor key and a second public distributor key; and scanning the imprint on the product by a first scan device connected to a second data processing device assigned to the first distributor. In the second data processing device, the following may be provided: providing the private product key by decoding the matrix code scanned; providing the public product key, the first public distributor key, and the second public distributor key; generating a second transaction assigned to the product, a second transaction content of the second transaction comprising the public product key, the first public distributor key, and the second public distributor key; and signing the second transaction with both the private product key and the first private distributor key.

The method may be further comprising scanning the imprint by a second scan device connected to a third data processing device assigned to the second distributor, and, in the third data processing device, the following may be provided: providing the private product key by decoding the matrix code scanned; providing the public product key, the second public distributor key, and a customer code indicating that the product is to be distributed to a customer; generating a third transaction assigned to the product, a third transaction content of the third transaction comprising the public product key, the second public distributor key, and the customer code; and signing the third transaction with both the private product key and the second private distributor key.

The method may further comprise scanning the imprint on the product by the first scan device connected to the second data processing device assigned to the first distributor in the computer network. In the second data processing device, the method may further comprise the following: providing the private product key by decoding the matrix code scanned; providing the public product key, and the customer code indicating that the product is to be distrib uted to the customer; generating a fourth transaction assigned to the product, a fourth transaction content of the fourth transaction comprising the puhlic product key, the first public dis- tributor key, and the customer code; and signing the fourth transaction with both the private product key and the first private distributor key. Signing each of the first to the fourth transaction with both the private product key and the private key of a distribution instance allows for securely controlling the distribution of different products in different distribution chains corn- prising different distribution instances. In particular, key verification of both product and distribution instance can take place at each distribution stage.

The method may further comprise scanning the imprint on the product by a third scan device connected to a fourth data processing device assigned to the customer in the computer network; and, in the fourth data processing device, providing the private product key by decod- ing the matrix code scanned. Since the same product key pair is employed throughout the distribution of the product and the corresponding transaction signing via the respective data processing devices, a constrained data overhead is provided.

The method may be further comprising, in the fourth data processing device assigned to the customer: receiving a customer request for generating a fifth transaction assigned to the product; verifying whether the customer is assigned authority for generating product related transaction; if the customer is assigned authority, generating the fifth transaction; and if the customer is not assigned authority, preventing generation of the fifth transaction in response to the customer request.

The method may be further comprising, in the fourth data processing device, determining from the customer code whether the customer is authorized to generate the product related transaction, the customer code indicating one of a customer authority and a customer non authority for generating the product related transaction. Accordingly, the customer code may be generated indicating customer authority and a customer non-authority for the customer.

The generating of the fifth transaction may further comprise, in the fourth data processing device, generating the fifth transaction for the product with a customer identification, the cus tomer identification identifying the customer. The customer identification may be a private or personal identification for the customer. The customer identification may be registered before generating the fifth transaction. There may be a step of verifying whether the customer registration has been registered prior to generating the fifth transaction in the fourth data pro cessing device. In case registration cannot be verified, in the fourth data processing device, in response to the customer request, generating the fifth transaction may be prevented.

The method may further comprise, in the providing of the pair of product keys, providing a pair of product recall keys, the pair of product recall keys assigned to a product recall and comprising a private product recall key and a public product recall key. In the first data pro- cessing device the following may be provided: generating a recall transaction assigned to the product, a recall transaction content of the recall transaction comprising the public product recall key and indicating a recall request for the product; and signing the recall transaction with the private product recall key and the private manufacturer key. In addition, scanning the imprint on the product by the second scan device connected to the fourth data processing device may be provided. In addition, in the fourth data processing device assigned to the customer, the following may be provided: providing the public product recall key by decrypt- ing the matrix code scanned; receiving the recall transaction; decrypting the recall transaction by applying the public product recall key; generating recall status output data indicating the recall request; and notifying the customer of the recall request by outputting the output data through an output device of the fourth data processing device.

The method may be further comprising providing a blockchain topology in the computer net work, the blockchain topology comprising: a plurality of data blocks; each of the plurality of data blocks provided in a blockchain of one or more data blockchains; and in the one or more blockchains, a subsequent data block comprising a hash value of a previous data block to be followed by the subsequent data block in the blockchain. The data processing devices of the computer network may be provided with a copy of each the one or more blockchains or only a subset of the blockchains. in the one or more blockchains, at least one transaction from the following group may be stored: the first transaction, the second transaction, the third transac- tion, the fourth transaction, and the fifth transaction.

The one or more blockchains each may be provided with a data super-block. In the context of the present disclosure, a super-block of a blockchain refers to a distinguished data block of the blockchain comprising information about the blockchain and/or the other data blocks of the blockchain. It may be provided that write access to a super-block of a blockchain is restricted to certain entities or authorities which are, e.g., in charge of administering the block- chain.

The super-block of the blockchain may comprise information about entities with write access for (non-super-block) data blocks. If the blockchain is a meta-blockchain, the super-block may also comprise information about the sub-blockchains of the meta-blockchain. The super- block of the blockchain may, e.g., specify authorities administering the sub-blockchains.

The alternative embodiments described above with regard to the method for controlling a chain-of-custody for a product in a computer network may also apply to the system mutatis mutandis.

Description of further embodiments

Following, further embodiments are described with reference to figures. In the figures, show: Fig. 1 schematic representation of a computer network provided with a plurality of data processing devices each having one or more processors and a storage; Fig. 2 a schematic diagram of a blockchain topology;

Fig. 3 a further schematic diagram with regard to the blockchain topology;

Fig. 4 a schematic diagram with respect to registration of a vendor and a vendor-block- chain in the blockchain topology

Fig. 5 a schematic diagram with respect to registration of a distributor;

Fig. 6 a schematic diagram with respect to registration of another distributor;

Fig. 7 a schematic diagram with respect to registration of a manufacturer;

Fig. 8 a schematic diagram with respect to registration of a customer;

Fig. 9 a schematic diagram with respect to registration of a product; and

Fig. 10 a schematic diagram with respect to transfer of a product in the course of distribution of the product.

Fig. 1 shows a schematic representation of a computer network provided with a plurality of data processing devices each having one or more processors and a storage. The plurality of data processing devices comprises a first data processing device 10 assigned to a manufacturer, a second data processing device 20 assigned to a first distributor, (optionally) a third data processing device 30 assigned to a second distributor, and a fourth data processing device 40 assigned to a customer. The fourth data processing device 40, for example, may be provided as a portable device such as a laptop computer or a mobile phone. The plurality of data processing devices is configured to exchange electronic data.

Some of the data processing devices from the plurality of data processing devices, namely the second data processing device 20, the third data processing device 30, and the fourth data processing device 40, each have assigned or connected one of scan devices 50, 51 , 52 configured to scan an imprint 60 provided on a product 70 such as a medical product. The scan devices 50, 51 , 52 may be provided with an optical scanner known as such with different device design. The product 70 is to be distributed through at least one of the first distribu- tor and the second distributor to the customer owning the fourth data processing device 40. The imprint 60 is provided, for example, with a matrix code 80 such as a two-dimensional code, for example, QR code or barcode.

In the computer network an infrastructure for asymmetric cryptography is provided. A plurality of pairs of keys each comprising a private key and a public key is provided in the computer network. In an embodiment, the plurality of keys comprises the following: A pair of product keys comprising a public product key (Pub-PIK) and a private product key (Priv-PIK); a pair of manufacturer keys comprising a public manufacturer key (Pub-MK) and a private manu- facturer key (Priv-MK); a pair of first distributor keys comprising a private first distributor key (Priv-DK1) and a public first distributor key (Pub-DK1 ); and a pair of second distributor keys comprising a private second distributor key (Priv-DK2) and a public second distributor key (Pub-DK2). In this embodiment, the second distributor may be a pharmacy distributing the product 70 to customers.

In the process of distributing the product 70 from the manufacturer to the customer, a method for controlling a chain-of-custody for the product 70 in the computer network is applied. In the first data processing device 10, the method comprises generating the matrix code 80 by en coding first electronic information comprising the private product key (Priv-PIK); providing the public product key (Pub-PIK), the public manufacturer key (Pub-MK), and the private manu- facturer key (Priv-MK). A first transaction assigned to the product 70 is generated in the first data processing device 10, a first transaction content of the first transaction comprising the public product key (Pub-PIK), and the public manufacturer key (Pub-MK). The first transac tion is electronically signed with the private product key (Priv-PIK) and the private manufacturer key (Priv-MK) in the first data processing device 10. Imprinting data are provided for imprinting the imprint 60 with the matrix code 80, and the imprint 60 is provided on the product 70.

After the product 60 has been distributed to the first distributor, the imprint 60 on the product 70 is scanned by the scan device 50 connected to the second data processing device 20 assigned to the first distributor. In the second data processing device 20, the private product key (Priv-PIK) is provided by decoding the matrix code 80 scanned. Further, in the second data processing device 20 the public product key (Pub-PIK), the first public distributor key (Pub-DK1), and the second public distributor key (Pub-DK2) are provided. A second transaction assigned to the product 70 is generated in the second data processing device 20, a sec ond transaction content of the second transaction comprising the public product key (Pub- PIK), the first public distributor key (Pub-DK1 ), and the second public distributor key (Pub- DK2). The second transaction is electronically signed with the private product key (Priv-PIK) and the first private distributor key (Priv-DK) in the second data processing device 20.

After distributing the product 70 to the second distributor such as a pharmacy, the imprint 60 is scanned by the scan device 51 connected to the third data processing device 30 assigned to the second distributor. In the third data processing device 30, the private product key (Priv- PIK) is provided by decoding the matrix code 80 of the imprint 60. In an embodiment, the public product key (Pub-PIK), the second public distributor key (Pub-DK Pharmacy), and a customer code indicating are provided in the third data processing device 30. The customer code is indicating that the product 70 is to be distributed to the customer. According to an embodiment, the customer code may comprise the following information: Label product as sold to end customer (0x00). It allows customer to create a final transaction that adds a private identification (ID) which was previously registered with a vendor of the respective product, i.e. customer ID of a MySugar user. In an alternative embodiment, the customer code may comprise the following information: Identity of an end customer.

A third transaction assigned to the product 70 is generated in the third data processing de vice 30, a third transaction content of the third transaction comprising the public product key (Pub-PIK), the second public distributor key (Pub-DK2), and the customer code. The third transaction is electronically signed with the private product key (Priv-PIK) and the second private distributor key (Priv-DK2) in the third data processing device 30.

In an alternative embodiment, the product may be distributed from the first distributor to the customer directly, not through the second distributor.

In such embodiment, after distributing the product 70 to the first distributor, the imprint 60 on the product 70 is scanned by the scan device 50 connected to the second data processing device 20. In the second data processing device 20, the private product key (Priv-PIK) is provided by decoding the matrix code 80. The public product key (Pub-PIK), and the customer code are provided in the second data processing device 20. A fourth transaction assigned to the product 70 is generated in the second data processing device 20, a fourth transaction content of the fourth transaction comprising the public product key (Pub-PIK), the first public distributor key (Pub-DK), and the customer code. The fourth transaction is electronically signed with the private product key (Priv-PIK) and the first private distributor key (Priv-DK) in the second data processing device 20.

Further, after the product has been distributed to the customer, the imprint 70 on the product 60 is scanned by the scan device 52 connected to the fourth data processing device 40 assigned to the customer in the computer network. In the fourth data processing device 40 the private product key (Priv-PIK) is provided by decoding the matrix code 80 scanned. The use of the product

The method may be further comprising, in the fourth data processing device 40, receiving a customer request for generating a fifth transaction assigned to the product 70. In the fourth data processing device 40, it is verified whether the customer is assigned authority for gen erating product related transaction in the computer network. For example, for verification of the customer's authority it may be checked whether the customer has been registered before in a central register provided in the computer network. In an embodiment, one of the following may be checked for verification: customer number, a pair of keys for asymmetric cryptog raphy assigned to the customer.

In an alternative embodiment, it may not be verified whether the customer is assigned au- thority for generating product related transaction in the computer network. In such case the customer may add fifth transaction assigned to the product 70 by using the Priv-PIK only.

If the customer is verified to have been assigned authority, the fifth transaction is generated in the fourth data processing device 40 assigned to the customer. If the customer is not assigned authority, generation of the fifth transaction is prevented in response to the customer request in the fourth data processing device 40. Thereby, unauthorized customers or other persons are prevented from generating product related transaction in the computer network.

It may be checked whether the product has been registered before (see also Fig, 9), such as registration in the blockchain topology.

In the fourth data processing device 40, in the course of determining whether the customer is assigned authority it may be determined from the customer code whether the customer is authorized to generate electronic data indicating the product related transaction in the computer network. In such embodiment, the customer code is indicating one of a customer au- thority and a customer non-authority for generating the product related transaction. Accordingly, the customer code is generated indicating customer authority and a customer non- authority for the customer.

The generating of the fifth transaction may further comprise, in the fourth data processing device 4, generating the fifth transaction for the product 70 with a customer identification, the customer identification identifying the customer, for example by customer information such as at least one of name, address, email address, or anonymously. The customer identifica- tion may be a private or personal identification for the customer. The customer identification may be registered before generating the fifth transaction. There may be a step of verifying whether the customer registration has been registered prior to generating the fifth transaction in the fourth data processing device 40. Such verification may be conducted by one of the data processing devices authorized to act as miner, for example, in case customer key information is integrated into the biockchain topology. In case registration cannot be verified, in the fourth data processing device 40, in response to the customer request, generating the fifth transaction may be prevented.

In an embodiment, the method may further comprise, in the step providing of the pair of product keys, providing a pair of product recall keys, the pair of product recall keys assigned to a product recall and comprising a private product recall key (Priv-RK) and a public product recall key (Pub-RK) for cryptography. In the first data processing device 10, the following may be provided: generating a recall transaction assigned to the product 70, a recall transaction content of the recall transaction comprising the public product recall key (Pub-RK) and indicating a recall request for the product 70. The recall transaction is electronically signed with the private product recall key (Priv-RK) and the private manufacturer key (Priv-MK) in the first data processing device 10. In such embodiment, the imprint 60 on the product 70 is scanned by the scan device 52 connected to the fourth data processing device 40. Further, in the fourth data processing device 40 assigned to the customer, the following is provided: providing the public product recall key (Pub-RK) by decrypting the matrix code 80 scanned; receiving the recall transaction; decrypting the recall transaction by applying the public prod uct recall key (Pub-RK); generating recall status output data indicating the recall request; and notifying the customer of the recall request by outputting the output data through an output device of the fourth data processing device 40, the output display, for example, provided with a display.

The method may comprise providing a biockchain topology in the computer network. By the biockchain topology an electronic ledger may be implemented. In general, in the computer network a biockchain is a continuously growing list of electronic data records, called (data) blocks, which are linked and secured using cryptography. Each block may contain a hash pointer as a link to a previous block, a timestamp and transaction data (content of transac tion) indicative of a transaction. By design, blockchains are inherently resistant to modifica- tion of the data. in the computer network provided with the plurality of data processing devices, the block- chain topology is provided with a plurality of data blocks, each of the plurality of data blocks provided in a blockchain of one or more data blockchains. In the one or more blockchains, a subsequent data block comprises a hash value of a previous data block to be followed by the subsequent data block in the blockchain. The data processing devices of the computer network may be provided with a copy of each the one or more blockchains or only a subset of the blockchains. In the one or more blockchains, at least one transaction from the following group may be stored: the first transaction, the second transaction, the third transaction, the fourth transaction, and the fifth transaction.

In the blockchain topology of the computer network there is tree structure provided for a plu rality of blockchains.

The one or more blockchains each may be provided with a data super-block. In the computer network, the blockchain topology provided is schematically shown in Fig. 2 (see also Fig. 3).

For the plurality of blockchains, amendments to the super-block can only be made by an authority. In case an amendment is requested by a not authorized data processing device, such request is denied. The data processing device authorized may enforce an update.

With regard to the meta-blockchain, the following characteristics are provided. The superblock of the meta-blockchain 100 comprises registration of registrars. Each vendor is a registrar for a vendor-blockchain of the vendor. The super-block of the meta-blockchain 100 provides for“a starting point” of the tree structure. In the blocks of the blockchain, all distributors are contained who are allowed to generate transactions in the vendor-blockchains. In other words, the meta-blockchain comprises information about who is allowed to generate transactions for the vendor-blockchains. Differently, the vendor-blockchain comprises product relat ed transactions, i.e. for products assigned to the vendor.

The meta-blockchain 100 is provided with a super-block 1 10 and a block 120. A plurality of blocks 0...n may be provided.

There is a plurality of sub-blockchains 200, 210, referred to as vendor-blockchains in Fig, 2. Each of the vendor-blockchains 200, 210 is provided with a super-block 201 , 211 and at least one block 202, 212. Following, further aspects with regard to the process of controlling custody-of-chain within the blockchain topology are provided.

Referring to Fig. 4 registration of a vendor and a vendor-blockchain are schematically represented. A vendor sends a request to a Root Authority 300 (see Fig 3) to register a vendor- blockchain. The meta-blockchain 100 (see Fig. 3) is assigned to the Root Authority 300.

The following steps are involved. In a step 400, the vendor provides a public vendor key (Pub-VBOK) of a self-generated asymmetric key comprising the public vendor key (Pub- VBOK) to the Root Authority 300 alongside with additional vendor-related information (such a s company name, ...) and a reference to a super-block of the vendor-blockchain (“Vendor- blockchain Ref.”).

The authenticity of the vendor is verified (step 410).

The Root Authority adds the Pub-VBOK alongside with the reference to the vendor- blockchain and vendor-specific information to the super-block of the meta-blockchain (step 420). The Root Authority increments the meta-blockchain version number to signal clients that the super-block was updated. The Root Authority signs the super-block of the meta- blockchain with its private key (Priv-RAK). The meta-blockchain super-block now includes the new vendor and a reference to his vendor-blockchain.

Referring to Fig. 5, registration of a distributor (such as Pharmacy or another distributor) is schematically depicted. The distributor to be registered may be the first or second distributor disclosed above.

In step 500, the distributor (pharmacy) sends a request to the Root Authority to register as a distributor (an alternative option would be to send the request to a registered vendor). The following steps are involved: The pharmacy provides the Pub-DK of a seif-generated asym- metric key (Pub-DK, Priv-DK) to the Root Authority alongside with additional pharmacy- related information (company name, ...).

The authenticity of the pharmacy is verified (step 510).

The Root Authority creates a transaction to add the Pub-DK of the pharmacy to the next block of the meta-blockchain (step 520). For distributors being pharmacies the entire info field may be mandatory to allow end users / customers to judge about the identity of a seller. The Root Authority signs the transaction with its private key (Priv-RAK). The Root Authority pushes the transaction to so-called miners provided in the blockchain topology. One or more data processing devices may implement a miner provided with a software application for min ing in the computer network. Only data processing device registered as an authorized instance in the blockchain topology may act as miner. Data processing devices authorized to act as a miner are provided with a copy of ail blockchains of the blockchain topology in the computer network. Other data processing devices not authorized to do mining are provided only with a subset of the blockchains of the blockchain topology in the computer network.

Mining conducted by the one or more miners is the process by which transactions are veri- fied and added to an electronic public ledger, the blockchain. The mining process may in volve compiling recent transactions into blocks. In addition or alternatively, the mining pro- cess may involve trying to solve a computationally difficult puzzle. The miner first solving the puzzle gets to place the next block on the block chain and claim optional rewards.

The meta-blockchain is updated with a new transaction which publishes the pharmacy as a valid distributor. The pharmacy can now create transactions for the product 70 in the vendor- blockchains in the computer network.

With respect to Fig. 6, registration of another distributor is schematically represented.

A vendor requests a distributor of its supply chain in the meta-blockchain. The following steps are involved: The vendor obtains the first public distributor key (Pub-DK), i.e. public part of distributor's asymmetric key, and additional information to be added to the meta- blockchain (step 600). For example, name, address and / or data identifying a geo-location for the distributor may be provided. The additional information provided for different distributors may be different with regard to the kind of information provided. The vendor to whom the distributors are registered will decide about what additional information is made public for what distributor.

The authenticity of the distributor is verified (step 610).

The vendor creates a transaction to add the distributor to the next block of the meta- blockchain which is signed with his Priv-VBOK (step 620). The transaction includes the first public distributor key (Pub-DK) of the first distributor as a mandatory field. In the mandatory filed, for example, name, address and / or data identifying a geo-location for the distributor may be provided. The information provided for different distributors may be different with regard to the kind of information provided.

The vendor can select the additional amount of distributor information to be made available in a eta-blockchain transaction. For pharmacies the entire info field may be made mandato- ry to allow end users / customers to judge about the identity of a seller.

The vendor pushes the transaction to the miners for inclusion in the next block of the meta- blockchain.

The meta-blockchain is updated with a new transaction which publishes the distributor as an authorized distributor in the computer network. The distributor can now create transactions for existing products in the vendor-sub-block.

Referring to Fig. 7, registration of a manufacturer in the blockchain topology is depicted.

A vendor registers a manufacturer of its supply chain in its vendor-blockchain. The following steps are involved: The vendor obtains the public manufacturer key (Pub-MK), i.e. public part of manufacturer’s asymmetric key, and additional information to be added to the super-block of the vendor-blockchain (step 700). For example, name, address and / or data identifying a geo-location for the manufacturer may be provided. The additional information provided for different manufacturers may be different with regard to the kind of information provided. The vendor to whom the manufacturers are registered will decide about what additional information is made public for what manufacturer.

The authenticity of the manufacturer is verified (step 710).

The vendor adds the public manufacturer key (Pub-MK) alongside with manufacturer- specified information, the vendor likes to disclose, to the super-block of the vendor- blockchain (step 720). The vendor increments the super-block version number to signal clients that the super-block in the vendor blockchain was updated. The vendor signs the super block of the vendor-blockchain with his Priv-VBOK. The super-block of the vendor-blockchain now includes the new manufacturer. The manufacturer has been registered. The manufacturer is now able to add new products to the vendor- blockchain.

Regarding Fig. 8, registration of a customer in the blockchain topology is depicted.

A customer, through the fourth data processing device 40, sends a request to the vendor to register a customer. The following steps are involved: In the data processing device assigned to the vendor a customer ID is assigned to the customer (800). Alternatively, also crypto- graphic customer keys can be used to support secure SMART contracts within the vendor- blockchain. The customer ID (or public key) associated with the customer’s information is stored in a storage outside of the blockchain topology, in order to not disclose the customers privacy. in the data processing device assigned to the vendor, the authenticity of the customer is veri fied (step 810). For verification, for example, personal information assigned to the customer may be verified, such as data about an account of the customer, and / or data about a mobile phone number of the customer.

The customer obtains a customer ID (steps 820 and 840). In an embodiment, without cryptographic customer keys, the customer can label the product 70 with his customer ID to obtain additional services from a vendor which are not implemented with blockchain technology. In an alternative embodiment, with cryptographic customer keys, additional smart contract- based services can be supported between customer and vendor.

Referring to Fig. 9 registration of the product 70 is schematically depicted.

The manufacturer registers the (new) product 70 in a vendor-blockchain in which he has write permissions (step 900), i.e. in which the manufacturer is whitelisted.

Referring to Fig. 9, the following steps are depicted:

Step 900: Initiating a process for registration;

Step 910: Generating a pair of keys for asymmetric cryptography for the product by the manufacturer;

Step 920: Imprinting a QR Code with Priv-PIK and Pub-RK of product and assign to pack- aging; Step 930: Creating an initial transaction to add a new product to its respective vendor blockchain;

Step 940: signing the initial transaction with Priv-MK to allow miners to check for manufacturer’s permission to create new products in the vendor-blockchain (is Pub-MK of manufacturer whitelisted) and Priv-PIK to allow miners to check that manufactur- er is in ownership of the product to which Pub-PIK belongs;

Step 950: the transactions are submitted to the computer network running the blockchain topology.

Further, steps with regard to a recall action related to the product 70 are depicted in Fig. 9:

Step 1000: Generating a pair of asymmetric keys (Priv-RK, pub-RK) for a recall action of the product by the manufacturer;

Step 1010: Storing the private recall key (Priv-RK) in a data processing device assigned to the manufacturer;

Step 1020: Creating an initial transaction to add a recall action for a new product item to its respective vendor blockchain;

Step 1030: signing initial transaction with Priv-MK to allow miners to check identity of manufacturer and his permission to create a new product item in the adequate ven- dor-blockchain (Is Pub-MK of manufacturer whitelisted?), and Priv-RK to allow miners to check that manufacturer is in ownership of the recall action for the product item to which Pub-RK belongs.

For the product 70 multiple transactions can be added to the vendor-blockchain, depending on the functionality provided with the blockchain topology (publish new product item, recall setup, different smart contracts for automatic reordering...).

Two transactions may be provided (see Fig. 9). Firstly, a publish product transaction to publish a new product in the vendor-blockchain. This allows everyone to check if a bought prod uct is a genuine product. Secondly, a publish recall transaction which allows the manufacturer to recall a certain product item in case problems with a certain product item become known.

Both transactions are set up with the following minimum content = [

1. Public key identifying the product 70 (Pub-PIK) or its recall action (Pub-RK),

2. Public key of the manufacturer which is used by miners to verify if the manufacturer has write privileges to the vendor-blockchain and to establish chain-of-custody, 3. Public key of a distributor (Pub-DK1) / new owner to which the product 70 will be shipped or who will be able to execute a recall in case of a recall transaction. Only the (first or second) distributor which the here defined key (pair of asymmetric keys of the here given public distributor key (Pub-DK)) will be able to add a new transaction for the public key identifying this product 70 (Pub-PIK) or recall action, given he also has access to the respective private keys (Priv-DK, Priv-PIK). The attribute is also required to establish the chain-of-custody.]

Additional content attributes may be provided, like a reference to a vendor-blockchain to which the item shall be added. However, the here given description shall only explain the general concept of securing transactions. The additional content attributes, for example, may refer to information with respect to the product, e.g. a link to a website presenting the prod- uct, date of production of the product, and / or date of the product’s expiry.

Both transactions are finally signed by the manufacturer with

- the private manufacturer key (Priv-MK), and

(This allows miners to check if the manufacturer is the one he pretend to be in the block- chain topology. The transaction will be accepted if the manufacturer is also whiteiisted as an authorized manufacturer for the respective vendor-blockchain.)

- the product-specific respective Priv-PIK / Priv-RK.

(With this signature of the last transaction for the respective product key, miners can verify that the product is owned by the instance submitting the transaction.)

Referring to Fig. 10 distribution (transfer) of the product 70 is schematically depicted.

After starting action in step 1100, the product 70 is transferred from the first distributor (dis tributor A) assigned the second data processing device 20 to second distributor (distributor B) assigned the third data processing device 30 by creating a transaction for the product (item) 70 with the Pub-DK of distributor B as receiver (step 11 10). The transaction, with re- gard to a minimum required content, for maintaining chain-of-custody content may comprise: Pub-PIK to identify relevant product 70; Pub-DK of distributor A, which is used by miners to verify if distributor A is current owner of the relevant product item in the relevant blockchain, and to establish chain-of-custody; and Pub-DK of distributor B to which the product item shall be transferred. Only the distributor with the here defined key will be able to add a new transaction for the Pub-PIK identifying the product 70, given he has also access to the respective Priv-PIK of the product 70. Attribute is also required to maintain the chain-of-custody. Additional content information may be required (by means of attributes or special characteristics of public keys), like a reference to the relevant vendor-blockchain to which the transac- tion shall be added.

The transaction is signed with Priv-DK (step 1120), for miners to be able to verify that the sender of the transaction is really the owner of Pub-DK distributor A according to the transac- tion. Also sign with Priv-PIK of product item for miners to verify that distributor A is also physical owner of the product item.

In step 1 130 the transaction is pushed to the data processing devices acting as miners in the computer network.