DataMatrix or how to properly label shoes

Since July 1, 2019, mandatory labeling of a group of goods has been introduced in Russia. From March 1, 2020, shoes were to fall under this law. Not everyone had time to prepare, and as a result, the launch was postponed to July 1. Lamoda is among those who managed to.

Therefore, we want to share our experience with those who have yet to label clothes, tires, perfumes, etc. The article describes a number of industry standards, some regulatory documentation and personal experience. The article is intended primarily for integrators and developers who have yet to understand this project.

Please note that the regulatory framework changes frequently, and the author does not have the opportunity to constantly update the material. Therefore, by the time of reading, some of the information may already be outdated.

The author gained personal experience both in the framework of the Datamatrix project in Lamoda and in the development of his own free application for marking BarCodesFx.

Since July 1, 2019, a law on mandatory labeling has been in force in Russia. The law does not apply to all groups of goods, and the timing of the entry into force of mandatory labeling for product groups varies. Now tobacco, fur coats, shoes, medicines are subject to mandatory labeling. In the near future will be introduced for tires, clothing, perfume and bicycles. Each group of goods is regulated by a separate government decree (GPR). Therefore, some statements that are correct for shoes may not be true for other product groups. But we can hope that the technical component will not vary greatly for different product groups.

MarkingThe main idea of ​​labeling is that each unit of goods is assigned an individual number. By this number, you can track the history of a particular item of goods from the moment of production or import into the country, until the moment of disposal at the checkout. It sounds nice, but in practice it is extremely difficult to implement. The concept is described in more detail on the official website of the honest sign.

Common terms and concepts

UOT - participant in the circulation of goods.
MDG is a center for the development of advanced technologies. Private company, the only state. marking project contractor. It operates under the public private partnership (PPP) scheme. Unfortunately, there is no information about other participants in the tender for the project, as well as about the tender itself.
TG - commodity group. Shoes, clothing, tires, etc.
GTIN - in fact, the article, taking into account the color and size. Issued in GS1 or the national catalog for each importer or manufacturer for his product. The manufacturer or importer must first describe this product.
Outage - Decree of the Government of the Russian Federation. For shoes - 860.
KM - marking code. A unique set of characters assigned to a particular item. For shoes, it consists of GTIN, serial number, verification code, and crypto tail.
GS1 is an international organization that issues GTINs. Also compilers of a number of standards for labeling.
National catalog - analogue of GS1, developed by CRPT.
cryptotail - an analogue of a digital signature, confirming the legality of the CM. Must be in the datamatrix on the stamp. Storage in text form is prohibited. After printing, the stamp must be removed in accordance with the agreement with the CRPT. No actual use cases are known.
CPS - order management station. The system in which KMs are ordered for the item.
EDO - electronic document management.
UKEP — enhanced qualified electronic signature.

Terms and concepts within the scope of this article

ChZ - an honest sign.
LK - Personal Area.
Mark - printed marking code.

The process is as follows: first, the participant (UOT) issues an electronic signature (ECES), registers in an honest sign (CHZ), describes the product in the national catalog or GS1, and receives GTINs for the product. On the website of the honest sign, these steps are described in detail, so we will not dwell on them.

Ordering and receiving codes

After receiving the GTINs, the participant (UOT) makes an order for codes (KM) in the CPS system.
Important, but not obvious.

1. You can request codes for up to 10 GTINs per order. In principle, an incomprehensible limitation. An importer with 14 GTINs has to create 000 orders.
2. A maximum of 150 codes can be requested in one order.
3. There is a limit of 100 orders in work. That is, no more than 100 orders can be processed at the same time. If there are more than 100, then the API will start returning an error instead of a list of orders. The only way to fix this error is to close some of the orders through the web interface. The API does not provide a parameter to partially display orders.
4. There is a limit on the number of requests - no more than 10 requests per second. According to my data, this restriction does not appear in the documents, but it exists.

From personal experience with orders for KM marking codes through the CMS API.

1. The request (json itself) must be signed with a GOST signature. This is work with cryptopro. We must carefully monitor that the framework or library used does not change the original json for a single byte. Otherwise, the signature immediately ceases to be valid.
2. Order signature. The order can be signed by any signature of any client. If the signature is valid, the KMS system will accept it. During the integration, it was possible to sign the request with someone else's signature issued on the test CA. The combat circuit of the CPS processed the order and released the codes. In my opinion, this is a security hole. The developers reacted to the bug report “we'll see”. Hope it's been fixed.

   Therefore, be extremely careful if more than one legal entity works at one workplace. faces. Today, the CPS will accept these requests, and tomorrow the requests will be rechecked and half of the codes will be withdrawn because of someone else's signature. And in principle, formally they will be right.

3. Auto-signing orders is a functionality no longer available in the CMS. For its operation, it was required to upload the private part of the key in the personal account of the honest sign. This is a key compromise. And according to the current legislation, in the event of a compromise of an enhanced qualified electronic signature, the owner must inform his certification center (CA) and revoke the UKES. If this functionality is returned, then carefully make sure that the private part of the key does not leave the computer.
4. In February, the Center for the Development of Advanced Technologies (CRPT) silently introduced a limit on the number of requests to the KMS API. No more than one request per second. Then, just as unexpectedly and silently, he lifted this restriction. Therefore, I recommend putting in the system the ability to limit the number of requests to the CRPT API in case of a relapse. Now there is information about the limit of 10 requests per second.
5. Also in February, without warning, the behavior of the KMS API changed significantly. The API has a request to get the status of orders. The status indicated the buffers and their state. One GTIN = one buffer. It also indicated how many codes are available to receive from the buffer. One fine day, all buffers had a count of -1. I had to query the state of each buffer separately through a separate method. Instead of one request, I had to make eleven.

Structure of codes

So, the codes are ordered and generated. They can be picked up via api in text form, in pdf as labels for printing and as a csv file with text.

The API has already been written above. As for the other two ways. Initially, the CPS allowed you to pick up the codes only once. And if a pdf file was taken, then it was possible to get the codes in text form only by rescanning all the datamatrices from pdf. Fortunately, they added the ability to pick up codes several times, and this problem was solved. Within two days, the codes are still available for re-download.

If you pick up in csv format, then never, under any circumstances, open it in excel. And don't let anyone. Excel has an autosave feature. At the time of saving, Excel can modify your codes in the most unpredictable way. I recommend using notepad++ to view the codes.

If you open a file from the CMS in notepad ++, you can see lines like this. The third code is invalid (it does not have GS delimiters).

Partners gave us codes for marking their goods. With the naked eye, you can see which files were generated using Excel - up to 5% of the codes were invalid.

I strongly recommend reading about Standards GS1. The description of the standard contains answers to many questions on the formation of DataMatrix.

The identification code consists of the GTIN and the serial number. According to the GS1 standard, they correspond to application identifiers (UI) 01 and 21. Please note that application identifiers are not part of the GTIN and serial number. They indicate that the Application Identifier (UI) is followed by the GTIN or serial number. This is especially important when programming POS software. To fill in tag 1162, you need exactly the GTIN and serial number, without application identifiers.

For UTD (universal transfer document) and other documents, on the contrary, most often a complete record with application identifiers is needed.

The GS1 standard states that the GTIN has a fixed length of 14 characters and can only consist of numbers. The serial number is of variable length and is described on page 155 of the standard. There is also a link to a table with symbols that can be found in the serial number.

Since the serial number has a variable length, the separator GS indicates its ending. In the ASCII table, it has the code 29. Without this separator, no program will understand at what point the serial number ended and other data groups began.

More details about the marking code (KM) can be found in official documentation.

For shoes, the serial number is fixed at 13 characters, however, its size can be changed at any time. For other product groups (TG), the length of the serial number may vary.

DataMatrix generation

The next step is to convert the data into DataMatrix code. The Decree of the Government of the Russian Federation 860 specifies GOST, according to which it is necessary to form a DataMatrix. Also, PPR 860 specifies the mandatory use of application identifiers. Note that there is no concept of "application identifiers" in the DataMatrix standard. They are only in the GS-1 DataMatrix standard. It turns out that PPR 860 implicitly requires the use of GS-1 DataMatrix. Fortunately, the standards are similar. Main difference: In GS-1 DataMatrix, the first character must be FNC1. The GS symbol does not have to come first in the DataMatrix, only FNC1.

FNC1 cannot simply be taken and added to the line as GS. It must be added by the program that generates the DataMatrix. Several mobile applications, with which you can check the correctness of the generated DataMatrix codes.

Important. The honest sign application accepts invalid DataMatrix. Even QR codes. The fact that the brand is recognized and product information is displayed does not mean that the DataMatrix is ​​formed correctly. Even when the crypto-tail was replaced, the CZ application recognized the brand and displayed the data on the product.

Later CZ released explanationhow to generate codes correctly. Due to the large number of error codes, they recognized codes without FNC1 as valid, but, nevertheless, they recommend generating a GS-1 DataMatrix.

Unfortunately, a fairly large percentage of datamatrices from partners came with errors. Thanks to the clarifications from CZ, the question “Is it possible to trade such a product after July 1 or not?” was completely resolved. Spoiler - you can.

print

Pay attention to the way stamps are printed. When printed on a thermal printer, the stamp quickly fades, and this product can no longer be sold. An illegible stamp is a violation of PPR 860. Which leads to the seizure of goods, fines, and criminal liability.

Use thermal transfer printing. In this case, the stamp is not so much prone to fading. The label material also determines how susceptible the brand is to mechanical damage. If the code is not readable due to mechanical damage, this is tantamount to the absence of a brand with all the ensuing consequences.

Choose a printer from the planned print volumes. Desktop printers are not designed to print 100 labels per day.

Stopping and starting printing increases wear on the printer. Some programs send the print job one label at a time. It is better not to use such programs.

Work with documents

After the stamps are printed and pasted, all further operations with them take place through documents or a personal account of an honest mark.

When working with a large number of codes, you can create xml files containing the required codes and upload these files through the API or the web interface of your personal account.

XSD schema can be downloaded in the "help" section of the LC CZ.

Pay attention to the following points.

1. Xsd schemes in the LC CZ contain errors in the TIN validation and restrictions on the length of the line. Only by correcting errors, you can use the schemes. Fortunately, the errors are obvious, so this is not difficult to do.
2. The scheme most often consists of two parts - common for all types of documents and separate for a specific type. The general schema is added via import to the specific one. Both schemes are located in the help section in the LC ChZ.
3. The escaping rules for CM differ from those generally accepted for XML, this is written in the official documentation from CZ, pay attention to this. Here here on page 4 all the rules.
4. You should not try to enter 150 codes into circulation in one file. According to eyewitnesses, files over 000 usually go through..
5. An Xml file can be wrapped with an error “xml validation error”, and five minutes later the same file is accepted without problems.
6. If the file contains a code that has already been put into circulation, then the put into circulation file will most likely not be accepted.
7. Shipment and receiving documents are used as a temporary solution. In the future, they plan to abolish them and switch to UPD in accordance with PPR 860.
8. Myth about 60 days. There is an opinion that codes that are not put into circulation “burn out” after 60 days. This is a myth, source unknown. Codes "burn out" only if you have not collected them from the CPS within 60 days. The lifetime of the collected codes is not limited.

Conclusion

When developing my free labeling application BarCodesFX, integration with the KMS API was initially done. When an honest sign for the second time unexpectedly changed the logic of the API, the integration had to be abandoned. I hope that in the future the CZ will be able to stabilize the development and the API, because. for a non-commercial product, it is very costly for me to double-check every day whether there have been changes in the API and quickly refine it.

When implementing the marking, carefully read the regulatory documentation for your TG product group, print the GS1-DataMatrix correctly and be prepared for any unforeseen changes from the fair CZ mark.

The Fort Alliance has created an information space (wiki, chat rooms telegram, seminars, webinars), where you can find useful and up-to-date information on labeling in all industries.

Source: habr.com