Integration Guide
DSPIP is designed as an authentication layer for shipping that enhances rather than replaces
existing logistics systems. Learn how to integrate with your infrastructure.
DSPIP complements existing shipping standards by adding cryptographic authentication.
Organizations can add DSPIP QR codes alongside existing barcodes, include DSPIP
signatures in EDI messages, integrate with Last Mile Providers for privacy-preserving
delivery, or use blockchain for immutable delivery confirmation.
GS1 EPCIS Integration
GS1 EPCIS provides event-based supply chain visibility. DSPIP adds cryptographic
authentication to verify that events and identifiers are genuine.
How to Integrate
- Include GS1 identifiers (GTIN, SSCC, GLN) in the DSPIP payload's
typeData field
- Add DSPIP QR codes alongside existing GS1 barcodes on shipments
- Use DSPIP signatures to authenticate EPCIS events
- Cross-reference item IDs with GS1 Digital Link URIs
- Use privacy modes to protect recipient information during transit
Payload Example (Standard Mode)
{
"type": "SHIP",
"issuer": { "name": "ACME Corp", "facility": "Warehouse-A" },
"subject": { "name": "Jane Doe", "address": "123 Main St" },
"itemId": "ACME-2025-000123",
"timestamp": 1703548800000,
"typeData": {
"privacyMode": "standard",
"gs1": "urn:epc:id:sscc:0614141.1234567890"
}
}
By including the GS1 identifier in typeData, scanners can verify the DSPIP signature and then
look up additional information in GS1-based systems.
EDI Integration
Electronic Data Interchange (EDI) provides structured shipping notices between
trading partners. DSPIP adds decentralized verification without requiring
database access.
Integration Approaches
1
Reference in Payload
Include EDI transaction reference numbers in the DSPIP payload for cross-referencing.
2
Embed in EDI
Include DSPIP signatures in EDI messages for end-to-end authentication.
3
Parallel Systems
Run DSPIP alongside EDI, using parcel IDs as the common reference.
Payload Example
{
"type": "SHIP",
"issuer": { "name": "ACME Corp", "facility": "DC-East" },
"subject": { "name": "Partner Warehouse", "gln": "0614141000012" },
"itemId": "ACME-2025-000123",
"timestamp": 1703548800000,
"typeData": {
"privacyMode": "standard",
"ediRef": "856-20251225-001234"
}
}
Last Mile Provider Integration
Last Mile Providers (carriers like UPS, FedEx, USPS) can deliver packages without seeing
recipient personal information. The shipper encrypts recipient data to the LMP's public key,
who decrypts only at delivery time.
How It Works
- LMP publishes secp256k1 public key in DNS TXT record at
lmp._dspip.carrier.com
- Shipper encrypts recipient info using ECIES + AES-256-GCM + HKDF-SHA256 to LMP's key
- Encrypted data stored in QR code's private message field
- LMP DNS record includes
address field for facility location display on labels
- Carrier scans QR, decrypts recipient address only when needed
- Delivery confirmation signed with LMP's key proves successful delivery
LMP DNS Record (with address and coverage)
omaha-main._dspip.usps.gov. IN TXT "v=DSPIP1; k=ec; c=secp256k1;
p=AzmjYBMwFZfa70H75ZOgLMUT0LVVJ+wt8QUOLo/0nIXC;
types=SHIP; auth=government; address=86HJW222+22;
coverage=68101,68102,68103,68104,68105"
Address Field Schemes
The address field in LMP records specifies physical facility location,
displayed on labels for encrypted mode where recipient address is hidden:
- Plus Code (default):
address=86HJW222+22 - Open Location Code for compact global addressing
- Street address:
address=street:1234%20Post%20Office%20Way%2C%20Omaha%2C%20NE
- Geographic:
address=geo:41.2565,-95.9345 - Decimal lat/lng coordinates
- Facility reference:
address=facility:USPS-OMAHA-MAIN - Named facility ID
Encrypted Payload Example
{
"type": "SHIP",
"issuer": { "name": "ACME Corp", "facility": "Warehouse-A" },
"subject": {
"lastMileProvider": "omaha-main._dspip.usps.gov"
},
"itemId": "ACME-2025-000123",
"timestamp": 1703548800000,
"typeData": {
"privacyMode": "encrypted",
"lastMileProvider": "omaha-main._dspip.usps.gov",
"encryptedRecipient": "base64_encrypted_data"
}
}
Privacy benefit: Warehouse workers, intermediate handlers, and anyone who
scans the QR code during transit cannot see the recipient's personal information.
Blockchain Integration
DSPIP uses secp256k1 keys, the same curve used by Ethereum, Bitcoin, and many other
blockchain networks. This enables cryptographic delivery confirmation that can be
optionally recorded on-chain for immutable proof of delivery.
Supported Networks
Polygon
Low-cost transactions
Recommended
Ethereum
Maximum security
Compatible
Bitcoin
Key compatibility
Compatible
Any EVM Chain
secp256k1 based
Compatible
Delivery Confirmation Protocol
When a package is delivered, the carrier signs a delivery confirmation:
{
"itemId": "ACME-2025-000123",
"deliveryTimestamp": 1703635200000,
"status": "delivered",
"carrierKeyLocator": "lmp._dspip.carrier.com",
"signature": "MEUCIQDx...base64..."
}
On-Chain Recording (Optional)
For high-value shipments or compliance requirements, record confirmation on-chain:
{
"itemIdHash": "sha256(itemId)",
"issuerAddress": "0x742d35Cc...",
"carrierAddress": "0x8ba1f109...",
"confirmationHash": "bytes32",
"timestamp": "block.timestamp"
}
Privacy note: Only hashed item IDs and confirmation hashes are stored on-chain.
Personal information is never recorded on public blockchains.
WMS/ERP Integration
DSPIP integrates with Warehouse Management Systems (WMS) and Enterprise
Resource Planning (ERP) systems to add cryptographic authentication to your
shipping workflow.
Integration Methods
- JSON API: Native DSPIP SHIP type format for label generation
- Privacy Mode Selection: Configure standard, encrypted, or split-key per shipment class
- Webhooks: Real-time delivery confirmation notifications
- LMP Integration: Automatic key lookup for Last Mile Provider encryption
Shipping Workflow
Label Generation
Generate signed DSPIP QR codes during pick/pack with appropriate privacy mode.
Carrier Handoff
Encrypt recipient data to LMP key for privacy-preserving carrier transit.
Delivery Tracking
Receive signed delivery confirmations and update order status automatically.
Revocation
Publish revocation records for cancelled orders or suspected fraud.
Revocation List Integration
Publish revoked labels via DNS TXT record for real-time fraud prevention:
_revoked._dspip.example.com. IN TXT "v=DSPIP1; items=ACME-2025-000123,ACME-2025-000456"
RFID Complementary Use
DSPIP can work alongside RFID systems to provide defense in depth:
- Redundancy: If RFID tag is damaged, QR code provides backup
- Authentication: RFID provides identification, DSPIP provides authentication
- Cost optimization: Use RFID for high-value items, DSPIP for all items
- Cross-reference: Link RFID EPC to DSPIP parcel ID for unified tracking
The DSPIP payload can include RFID identifiers for cross-referencing between systems.