Onboarding Dispensers to the OCI architecture

Member Projects
Written By Christiane Wirrig

Utilizing Verifiable Credentials to authenticate Authorized Trading Partner Status

Challenge

OCI’s credential-based solution for Authorized Trading Partners (ATP) authentication has been developed together with manufacturers, wholesalers, VRS, and credentialing and digital identity solutions providers. More information on the respective industry-wide ATP pilot can be found on the OCI website. The business requirements of Dispensers (e.g. suspicious product verification) were considered but not specifically addressed in the ATP pilot. Hence, Spherity together with fellow OCI members Legisym and RxScan decided to run a Dispenser proof-of-concept (PoC) as an extension to the original ATP pilot.

The Dispenser PoC focused on the use case of pharmaceutical product identifier (PI) verification. The objective of the PoC was to demonstrate that solution providers serving Dispensers are able to use the OCI architecture and provide affordable credentialing services to their customers. The key challenge was to clarify how Dispensers can be onboarded to receive both an Identity and ATP Credential and how to manage their credentials using a digital wallet.

Solution

Onboarding

Before acquiring the Identity Credential, a Dispenser needs to go through a due diligence process with the Credential Issuer. After successful proof of identity, the Credential Issuer bestows an ATP Credential based on a valid State-issued license. Leveraging legal documents that local pharmacies and small dispensers are already commonly familiar with keeps the onboarding process simple and secure.

Credential Management

Using a digital wallet, Dispensers can manage their own credentials and obtain an automatically generated audit trail of all DSCSA-relevant ATP authentications.

ATP authentication

The solution is intended to be compatible with existing Data or Warehouse Management Systems. Respective service providers are able to integrate via API with the Credential Issuer and Digital Wallet Provider. 

In order to route the PI Verification Request to the respective responder, a Verification Routing Service (VRS) is required. This can either be directly integrated or connected to a third party VRS provider. The utilized GS1 Lightweight Standard for Product Verification Messages within the OCI architecture can be employed to enable VRS to route Dispenser-triggered requests regarding suspicious products.

DSCSA-compliant suspicious product verification message roundtrip

Source: Spherity

For any suspicious product verifications, a dispenser would scan the product code and send the verification request to their data management service provider. In the background the VRS finds the respective manufacturer and handles the ATP status authentication. Upon successful authentication, the Dispenser receives the requested information. Should the ATP authentication fail, the PI verification process would stop at that point.

Benefits

This PoC demonstrates that existing OCI systems and processes can be leveraged to enable affordable solutions for the adoption of OCI-standardized credentialing by Dispensers. The readiness of the OCI-enabled solution and professional network support Dispensers in meeting the Nov 2023 deadline. By integrating the OCI architecture into apps or devices currently in use at pharmacies and other dispensing outlets, little training, if any, will be required for Dispenser staff to adopt the new features.

Leave OCI’s website to find the full report here.

Contact us

Please send any feedback or enquiries to hello@oc-i.org.

About OCI

The Open Credentialing Initiative (OCI) is a collaborative non-profit industry collaboration formed in April 2021 by a group of trading partners, solution providers, and standards organizations to support the pharmaceutical industry in adopting credentialing and digital wallet technologies to enhance supply chain security, and thus the protection of consumers.

The ecosystem is open to Trading Partners, Solution Providers, Associations, Standards Bodies and others interested in contributing to future enhancements of the architecture and use cases.

About Spherity

Spherity is a German software provider bringing secure and decentralized identity management solutions to enterprises, machines, products, data and even algorithms. Spherity provides the enabling technology to digitalize and automate compliance processes in highly regulated technical sectors. Spherity’s products empower cyber security, efficiency and data interoperability among digital value chains. Spherity is certified according to the information security standard ISO 27001.

About Legisym

For over a decade, Legisym, LLC has successfully provided the pharmaceutical industry with affordable and effective regulatory compliance technologies. In early 2020, driven by the 2023 authorized trading partner (ATP) requirements, Legisym began leveraging their existing Controlled Substance Ordering System (CSOS) and license verification technologies and experience, to engage as a credential issuer. By performing thorough credential issuer due diligence processes, first to establish a root of trust, Legisym promotes confidence in the trading partner’s digital identity prior to the issuance of all ATP credentials.

About RxScan

RxScan is a privately held corporation, established by a pharmacist whose primary goal was to bring barcode scanning technology to the pharmacy profession. The company offers products that improve medication handling in pharmacy environments and create sustainable change. RxScan’s solutions save lives every day while also providing pharmacy staff with peace of mind.

Christiane Wirrig