Some research: Here's an FDA document on pharmacuetical barcodes: https://www.fda.gov/downloads/BiologicsBloodVaccines/GuidanceComplianceRegulatoryInformation/Guidances/UCM267392.pdf
In the USA a barcode with the NDC (National Drug Code) is required. A13 explains the barcode: Under 21 CFR 207.35(b)(2), the Agency uses the National Drug Code (NDC) > numbering system in assigning an NDC number. The number is a 10-character > code that uses only numerals. > The NDC number is divided into three segments. The first segment, the > labeler > code, identifies the manufacturer or distributor and is four or five > characters long. > The second segment, the product code, identifies the drug product and is > three or > four characters long. The third segment, the package code, identifies the > trade > package size and type and is one or two characters long. The 10-character > NDC > number can be in the following three configurations of labeler code–product > code–package code: 4–4–2, 5–4–1, or 5–3–2. Here's a wikipedia page that lists some private databases and other codes: https://en.wikipedia.org/wiki/Pharmaceutical_code I wouldn't want to write an original cryptographic implementation for an industry where lives are at risk and large amounts of money could be lost from a mistake. Is there a similar mechanism to ECDSA in the Go crypto packages? Thanks, Matt On Friday, December 29, 2017 at 1:51:37 PM UTC-6, Frank Davidson wrote: > > I've started on the code to generate the barcodes: > > https://github.com/verxcodes/codegen > > It's totally just a start, but I wanted to get it out so everyone could > check it out and provide input, etc. > > Please take a careful look at the ECDSA encryption and whether or not I'm > doing it right... > > Comments, criticisms, edits, and pull requests welcome! > > I envision three repos - codegen, website, server - or something like > that. What does everyone think? > > I totally agree we should get input from the manufacturers, but I don't > want to stop work before hearing from them as I think that will be a long > time coming... Part of this will be convincing them to change anyway. > > Cheers and Happy New Year! > > Frank > > On Friday, December 29, 2017 at 2:03:18 PM UTC-5, matthe...@gmail.com > wrote: >> >> Well all we really have for a specification is that the problem is >> counterfeit medication from unknown sources at untrustworthy pharmacies in >> Kenya and we assume around the world, and we have a few possible >> Internet-based labeling solutions without manufacturer input. We would like >> to use Go as a way to contribute back to the Go community and technology. >> >> Reading about the many barcode types shows that there are printing >> tradeoffs that may make both QR and Aztec unusable for some or all of the >> manufacturers we’ll ask to change. Distribution to pharmacies or consumers >> may completely remove the original packaging. Additionally the >> pharmaceutical industry may partially or completely already be doing >> manufacturer-verifying barcodes. >> >> We need input from industry experts before proceeding. >> >> Matt >> >> On Thursday, December 28, 2017 at 12:34:08 PM UTC-6, Frank Davidson wrote: >>> >>> I saw this which seems to say using a QR code is freely allowed: >>> http://www.qrcode.com/en/faq.html >>> >>> On Thursday, December 28, 2017 at 11:19:27 AM UTC-5, matthe...@gmail.com >>> wrote: >>>> >>>> Here's the aztec patent that's in the public domain: >>>> http://www.adams1.com/patents/US5591956.pdf >>>> >>>> For QR it seems that the "patent is not exercised": >>>> https://stackoverflow.com/questions/3710937/what-is-the-spec-for-formatting-data-in-qr-codes-i-can-not-find-it-anywhere >>>> >>>> So I suggest we do use the aztec code. I've started a github project >>>> with the Apache 2.0 license where I'll add an initial API soon: >>>> https://github.com/pciet/aztec >>>> >>>> Perhaps the central authority could be a blacklist instead of a >>>> whitelist? While the report indicates Kenya has no law against drug >>>> counterfeiting we could aid in notifying authorities and providing >>>> evidence >>>> in places that do have these laws. >>>> >>>> I'd assume most CA's would remove organizations misrepresenting >>>> themselves. But is that the case for all of them? >>>> >>>> Matt >>>> >>>> On Wednesday, December 27, 2017 at 10:25:07 AM UTC-6, Tamás Gulácsi >>>> wrote: >>>>> >>>>> Yes, exactly. >>>>> That's why I think this needs some central authority - maybe >>>>> cross-signing the manufacturer's public key is enough. >>>> >>>> -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
