1.1 本指南旨在介绍在Web3区块链技术存储平台上跟踪物理和数字商品以及用于交易或营销和品牌目的的加密资产的概念。这代表着技术的重大转变，区块链资产可以在公共数字账本上使用，对所有人开放查看和验证。它标志着Web2基础设施平台目前使用的私有云存储的范式转变。本指南提供了使用区块链技术在供应链中跟踪任何产品的认证证书（COA）的安全验证的最低要求。区块链技术的实施可以提高供应链的透明度、可追溯性和可信度，确保产品质量和真实性，同时减少欺诈、篡改和其他恶意活动的可能性。每个真实性证书（COA）都是在区块链上铸造的，在非真实性证书的前面有一个摘要页面的截图- 可替换令牌（NFT），具有标记为元数据的实验室报告的独特特征。此元数据的示例包括实验室名称、客户名称、测试样本的唯一标识符和测试日期。为了增强这些COA的跟踪和安全性，可以根据产品的特定需求和供应链的性质，将各种跟踪设备链接到区块链上的COA。这些设备包括RFID标签、二维码、全息图、微型应答器和可嵌入水印。每种都有其独特的用途，从通过二维码进行即时验证到通过RFID和微型应答器进行高级安全和跟踪。全息图和可嵌入水印提供了额外的安全层，使伪造更具挑战性，验证真实性更简单可靠。 1.2 真品证书（COA）应由授权方根据管辖机构内的适用法规进行验证。 各方都要求确保核查过程的合规性和合法性。 1.3 应制定并执行基于风险评估的验证计划，以使用区块链上的真品证书跟踪产品。验证计划应确定/解决以下问题: 1.3.1 在供应链流程的各个阶段，需要保护的资产和数据以及对这些资产和数据的已识别威胁。一个例子是复制到区块链上的实验室报告，其中摘要页面的图像位于不可替换令牌（NFT）的前面。 1.4 COA跟踪计划中部署的具体验证措施与被跟踪的实物资产的价值相称，分为三个关键领域。COA的物理安全措施确保证书的硬拷贝以及与之相关的任何样品或产品得到安全存储，并防止未经授权的访问、篡改或损坏。 用于跟踪实物产品的跟踪设备可能包括RFID、二维码或微型应答器。COA的技术安全措施围绕着保护证书在区块链上铸造后的数字版本或电子记录。COA的行政安全措施包括监督其生命周期的政策、协议和做法，通过定期审计、培训和明确的责任确保合规性、真实性和信任。 1.5 本标准并不旨在解决与其使用相关的所有安全问题（如果有的话）。本标准的使用者有责任在使用前建立适当的安全、健康和环境实践，并确定监管限制的适用性。 1.6 本国际标准是根据世界贸易组织技术性贸易壁垒委员会发布的《关于制定国际标准、指南和建议的原则的决定》中确立的国际公认的标准化原则制定的。 =====意义和用途====== 4.1 不可替代代币（NFT）作为唯一的数字证书，用于验证产品的历史和细节，如包裹上的特殊标签或实验室中的报告，使用称为区块链技术的安全在线系统跟踪它们从创建到交付的整个过程。与普通数字货币（加密货币）不同，它们都是一样的，可以相互交换，每个NFT都是独一无二的，可以用来跟踪单个单位批次或产品线的批次。它们不能只是平等地交换，因为每种都有其特殊的功能、历史，有时甚至是数字签名，这使得它们对所认证的产品是独一无二的。这些NFT是在特殊的数字平台上制造和管理的，以确保它们保持独特和安全。这使他们能够在清晰可信的历史和真实性记录中被看到。 4.2 使用区块链时间戳进行NFT身份验证的重要性-- 对NFT进行身份验证的过程是验证它是真实的，而不是伪造或未经授权的副本。 一种创新的身份验证方法涉及为NFT创建真品证书（COA）的快照，并将其与时间戳一起放置在区块链上。这个区块链时间戳提供了NFT来源和真实性的不可变和可验证的记录。身份验证有助于维护使用该COA跟踪的产品的完整性，在参与者之间建立信任，并保护实物资产的价值。通过利用区块链的时间戳功能并验证NFT的真实性，批发商和消费者可以对他们在任何市场上的购买充满信心。 4.3 身份验证过程概述-- 在区块链上验证NFT涉及检查数字资产的底层智能合约、元数据、数字签名和交易历史。这些组件以及各种工具和服务可用于验证NFT的来源、所有权和唯一性。身份验证过程通常包括以下步骤: 4.3.1 检查NFT的智能合约-- 这包括分析管理NFT的智能合约的代码和结构，确保其符合既定标准，如ERC-721或ERC-1155，并检查是否有任何违规或篡改迹象。 4.3.2 验证NFT的元数据-- 元数据是与NFT相关的信息，如名称、描述、图像和创建者。通过验证元数据，个人可以确保它与预期的数字资产相匹配，并且没有被更改或操纵。 4.3.3 确认数字签名-- 数字签名是用于确认数字数据真实性和完整性的加密工具。它们可用于验证NFT是由其声称的创建者创建的，并且没有被篡改。 4.3.4 检查NFT的交易历史记录-- 通过检查NFT在区块链上的交易历史，个人可以追踪其所有权和来源，确保其是合法获得和转让的。 通过遵循这些步骤并使用适当的工具和资源，个人可以在区块链上对NFT进行身份验证，并对数字资产的合法性和价值充满信心。

1.1 This guide was written to introduce the concept of tracking physical and digital goods as well as crypto assets for transactions or marketing and branding purposes on a Web3 blockchain technology storage platform. This represents a significant shift in technology, where blockchain assets are available on a public digital ledger, open for all to view and verify. It marks a paradigm shift from the private cloud storage currently used in Web2 infrastructure platforms. This guide provides minimum requirements for the secure verification of a Certificate of Authentication (COA) used to track any product through their supply chain by utilizing Blockchain Technology. The implementation of blockchain technology can enhance the transparency, traceability, and trustworthiness of the supply chain, ensuring product quality and authenticity while reducing the potential for fraud, tampering, and other malicious activities. Each Certificate of Authenticity (COA) is minted on the blockchain, featuring a screenshot of the summary page on the front of a Non-Fungible Token (NFT) with the unique traits of that lab report tagged as metadata. Examples of this metadata include the name of the lab, the name of the client, the unique identifier of the sample tested, and the date the test was performed. To enhance the tracking and security of these COAs, various tracking devices can be linked to the COA on the blockchain, depending on the product's specific needs and the nature of the supply chain. These devices include RFID tags, QR codes, holograms, micro transponders, and embeddable watermarks. Each serves a unique purpose, from instant verification via QR codes to advanced security and tracking through RFID and micro transponders. Holograms and embeddable watermarks provide additional layers of security, making counterfeiting significantly more challenging and verifying authenticity more straightforward and reliable. 1.2 Certificates of Authenticity (COA’s) should be verified by authorized parties in accordance with the applicable regulations within the authority having jurisdiction. It is the requirement of each party to ensure compliance and legal authority for the verification process. 1.3 A verification plan, based on a risk assessment, should be in place and executed for tracking products using a Certificate of Authenticity on the blockchain. The verification plan should identify/address: 1.3.1 The assets and data to be protected and the identified threats to those assets and data during the phases of the supply chain process. An example of this is a lab report that copied onto the blockchain with the image of the summary page on the front of the Non Fungible Token (NFT). 1.4 The specific verification measures to be deployed in the COA tracking program commensurates with the value of the physical assets being tracked and are broken into three key areas. Physical security measures for a COA ensure that the hard copies of the certificate, as well as any samples or products associated with it, are stored safely and are protected from unauthorized access, tampering, or damage. Tracking devices used to track the physical products could include RFID, QR codes or micro transponders. Technical security measures for a COA revolve around protecting the The digital versions or electronic records of the certificate once it is minted onto the blockchain. Administrative security measures for a COA encompass policies, protocols, and practices to oversee its lifecycle, ensuring compliance, authenticity, and trust through regular audits, training, and defined responsibilities. 1.5 This standard does not purport to address all of the safety concerns, if any, associated with its use. It is the responsibility of the user of this standard to establish appropriate safety, health, and environmental practices and determine the applicability of regulatory limitations prior to use. 1.6 This international standard was developed in accordance with internationally recognized principles on standardization established in the Decision on Principles for the Development of International Standards, Guides and Recommendations issued by the World Trade Organization Technical Barriers to Trade (TBT) Committee. ====== Significance And Use ====== 4.1 Non-fungible tokens (NFTs) as unique digital certificates that verify the history and details of products – like a special label on a package or a report in a lab – tracking them from creation to delivery using a secure online system known as Blockchain Technology. Unlike regular digital money (cryptocurrencies), which are all the same and can be swapped one for another, each NFT is one-of-a-kind and can be used to track a single unit batch or lot of a product line. They can not just be exchanged equally because each has its special features, history, and sometimes even digital signatures, making it unique to the product they are authenticating. These NFTs are made and managed on special digital platforms that ensure they stay unique and secure. This allows them to be viewed in a clear and trustworthy record of their history and authenticity. 4.2 Importance of NFT Authentication with Blockchain Timestamps— Authenticating an NFT is the process of verifying that it is genuine and not a counterfeit or unauthorized copy. One innovative method of authentication involves creating a snapshot of a Certificate of Authenticity (COA) for the NFT and placing it with a timestamp on the blockchain. This blockchain timestamp provides an immutable and verifiable record of the NFT’s origin and authenticity. Authentication helps maintain the integrity of the products tracked with that COA, builds trust among participants, and protects the value of physical assets. By leveraging blockchain's timestamp capabilities and verifying the authenticity of an NFT, wholesalers and consumers can be confident in their purchases in any marketplace. 4.3 Overview of the Authentication Process— Authenticating an NFT on the blockchain involves examining the digital asset's underlying smart contract, metadata, digital signature, and transaction history. These components, along with various tools and services, can be used to verify the NFT's origin, ownership, and uniqueness. The authentication process typically includes the following steps: 4.3.1 Examining the NFT’s Smart Contract— This involves analyzing the code and structure of the smart contract that governs the NFT, ensuring that it conforms to established standards, such as ERC-721 or ERC-1155, and checking for any irregularities or signs of tampering. 4.3.2 Verifying the NFT’s Metadata— Metadata is the information associated with an NFT, such as its name, description, image, and creator. By verifying the metadata, individuals can ensure that it matches the intended digital asset and has not been altered or manipulated. 4.3.3 Confirming the Digital Signature— Digital signatures are cryptographic tools used to confirm the authenticity and integrity of digital data. They can be used to verify that an NFT was created by its claimed creator and has not been tampered with. 4.3.4 Checking the NFT's Transaction History— By examining the NFT's transaction history on the blockchain, individuals can trace its ownership and provenance, ensuring that it has been legitimately acquired and transferred. By following these steps and using the appropriate tools and resources, individuals can authenticate an NFT on the blockchain and have confidence in the digital asset's legitimacy and value.