The Use of Blockchain Technology for Private Data Handling for Mobile Agents in Human-Technology Interaction*

—With the rising importance of automation and digitization in the ﬁelds of logistics and production systems, society is facing new challenges when it comes to human-technology interaction and the authority over personal data management. This paper proposes a method to use individual-related data for process optimization and raise of acceptance of technology and at the same time keeping the data safe and giving the individual sovereignty over the use of its personal information. In this work a multi-agent system is used for the integration of humans in technical systems, where a special software agent keeps information about the dedicated human, like abilities and properties, and acts in favour of the human. To ensure the privacy of this data, the human can decide which data he wants to expose to the system to make it adapt to his needs. This allows the system to form socio-technical system consisting of humans and robot, where multi-robot systems, like a ﬂeet of AGVs, can interact with the individual. Furthermore, blockchain technologies and databases are used to store the personal date after usage in a secure manner. The methods to safely share, store and transfer personal information in robotics and automation application are described in the following. Index Terms


I. INTRODUCTION
Due to changing requirements in increasingly complex and dynamic industrial environments and growing autonomy level in flexible process chains, multi-agent systems (MAS) have to be extended for the use of human-technology interaction (HTI). In the focus of this development, humans have to retain control and also have to be included as part of this system. This architecture aims on the intelligent integration of machines and humans in decentralized control systems. The Internet of Things and Services is a major building block in the fourth industrial revolution which includes methods for simplifying the interaction between machines and humans as a result of adaptive systems. Especially, in warehouse logistics and production facilities the developments of Industry 4.0 face changes in the population and employment market, besides *This project has received funding from the European Union's Horizon 2020 research and innovation programme under grant agreement No 688117 (SafeLog). rising complexity. People work as leased employees, thus not being able to fit right into the process from the beginning or being of higher age with the necessity to earn one's living, face impairments and need support more often. In relation to Industry 4.0, it is straight-forward to represent the human worker by a virtual entity and let this entity support the worker by mitigating problems in place of him or her and adapt to specific situations. It makes sense to deploy these entities with human interface devices like wearables. Wearables and human interface devices available on the market today, offer many features, are quite powerful and appear in different types of variation, so that they are very useful interfaces for HTI. There are smartphones, smartglasses and smartwatches, only to mention the most common. These devices partially offer high performance CPUs and relatively high storage capacities. The operating systems like Android or iOS offer access to network communication and inbuilt sensors. Not only display, microphone and audio speakers feature many communication channels for the user and his interaction in technology-driven production and logistics systems. Unfortunately, state-of-theart frameworks for multi-agent systems do not provide functionality to implement a lightweight adaptive decentralized control system for human-technology interaction with the features of interoperability, agent mobility and real decentralized multi-agent design at the same time. The following work proposes an architecture which bypasses these disadvantages.

A. Multi-Agent Systems
Agents in computer science are defined as programs, which can fulfil tasks autonomously. They are described by features and behaviours. They interact with each other using certain communication infrastructures such as LAN or WLAN. Software-agents are defined by their behaviour. In general, there are reactive agents, adaptive agents and cognitive agents. Additionally, their autonomy is described by features like persistence, social ability, robustness, communication ability, and reactivity [1]. A system of agents is called multi-agent system (MAS). Due to its autonomous behaviour, MAS can be used for decentralized control systems.
JADE [2] is well known for years and implements FIPA Agent Communication Language Specifications and provides agent mobility but needs a main container to connect to, which portrays a single point of failure (SPOF). ROS is very powerful and provides a communication framework and a great community, but is limited to Linux and only partially to Windows operating systems and needs an instance called roscore, which constitutes also a SPOF [3]. For a detailed look into existing MAS frameworks and comparison, Iñigo-Blasco [4] collected an extensive compilation on these frameworks.
Kirks et al. [5] introduce a system that includes a multirobot system, that is based on cellular transport vehicles (CTV), and human workers that are interconnected by a multiagent system. The entities CTV, Human Worker and Fusion Provider, each represented by software agents and being part of a multi-agent system. The agents exist in the same physical network and offer their services using service discovery. They followed the agent implementation of [6] and adapted the three agents according to the layered concept architecture. In the Cyber Layer the worker agent represents the human worker with the smart glasses and offers the service that provides the calculated relative poses retrieved by the recognition of CTVs in the view field. The CTV agent represents the CTV with its properties and the location service that is used by the fusion provider. A third party needed for the system to work is the fusion provider that retrieves the relative pose of the worker agent, relates it to the absolute pose of the corresponding CTV and returning an estimated absolute pose to the human worker agent. We will use this system as base for our work and extend it to ensure secure data management of personal information.

B. Data Storage Technologies
Data on computers is stored in files on storage media. Depending on the storage media type, the way of storing and loading of files is the same. But there is a great difference in managing this loaded data. A common way to manage a great amount of data is the use of databases. A database is a collection of data respectively information, controlled by a database management systems (DBMS). In this sense, a database is a collection of relatively homogeneous and highly structured informations. But the kind of distinction between the technical infrastructure (the DBMS) and its controlled data collection (the database) is not always upheld by computer science. Mostly the term database is used as a preamble for DBMS and the controlled collection of data [7].
There are different types of databases. Most known are the relational (e.g. SQL) and the object-oriented (e.g. db4o) databases. A relational database is used for electronic data management in computer systems and is based on a table-based relational database model. An object database or object-oriented database is a database based on the object database model. Unlike the relational database, data is managed here as objects in terms of object orientation. An object model usually is a an item or concept of the real world and contains associated attributes -for example the color and weight of a car. Data and methods (the functions for accessing the data) are stored together in these objects [8].
A way more newer idea of data managing is the blockchain, widely known through bitcoin, a digital currency. The blockchain is a decentralized system, allowing transactions between two entities without a third party. Decentral in this case means, all entities being part of the blockchain know all the data. The blockchain consists of blocks connected to a chain. A block contains multiple transactions signed through the asymmetric key pairs of participating entities. If there are multiple chains, the longest one is the true/accepted one. To make sure not everybody creates as many blocks as possible to make his chain the longest and so true/accepted one, there are two ways to secure the blockchain against such kind of manipulations.
One can either decide whether to use a private or a public blockchain. In a private blockchain one makes sure to only add trusted entities. Entities that are known will avoid to manipulate the chain for his/her purpose. In a public blockchain everybody can join. To make sure no one adds to many blocks and might manipulate the chain, a cryptic puzzle needs to be solved before a new block is getting added [9].
A refinement of the bitcoin blockchain is the ethereum blockchain. The ethereum blockchain contains a build in Turing-complete programming language, allowing any participating entity to write smart contracts and/or decentralized applications ruled by their custom format. In that way ethereum transactions are different from bitcoin transactions and so getting called messages. A message can be created by external entities or a contract, whereas bitcoin transactions can only be created by external entities. Another difference is, that an ethereum message can respond, realizing a kind of conceptual function [10].
Another implementation of the blockchain is the so-called multichain. Multichain allows to create public and private blockchains, whereas bitcoin and ethereum only allow a public chain. Multichain works similar to ehtereum and bitcoin with an additional feature called streams. Streams provide a natural abstraction for a blockchain used with the focus to store data and timestamps rather than currencies or assets amongst participants. They can be used to store timestamp-ordered key-value pairs. Any number of streams can be added to a blockchain. Each stream inside this blockchain acts independently from the other streams [11].
For companies it is important to share information in a secure way. For this purpose the International Data Space (IDS) was developed. A possibility to create a save dataspaces for companies in all different structures and sizes. IDS is not limited to closed networks, but it was developed to operate world wide [12].

C. Mobile Agents
The proposed system is based on the concept that there is a digital representation of the human worker, which is referred to as a human agent. The human agent should run on wearable interface devices but is not limited to these. On the one hand, it enables the worker to be part of a decentralized control system, to communicate directly with machines and robots and interact with them. On the other hand, the machines are aware of the human and are able to react and most conveniently adapt to the users behavior and needs. This human agent incorporates features of mobile agents as Dalmeijer et al. discussed [13].

D. Human-Technology Interaction
Not only in their everyday life, do humans encounter technology, also does technology find its way into nowadays work life e.g. in production and logistics facilities. Both, technology as well as human workers with their different capabilities, offer various advantages and therefore, the interaction between technology e.g. robots and humans becomes more and more important [14]. According to Jost and Kirks [15], humantechnology interaction denotes the mutual action between two or more interaction partners, one being human and one being any type of technology which offers communication through at least one information channel e.g. visual. The technology has to be controllable by the human and needs to adapt to him. Further, interaction includes to being responsive to one another. Therefore, not only various safety regulations have to bet met [16] while developing applications for humantechnology interaction. Further, the adapting and learning of the technology is a useful feature for long-term humantechnology interaction [14].

A. Use Case in Warehouse Logistics
As an example of application we consider an environment in warehouse logistics, where human workers are involved in different processes and work together or along with multiple robots. The goal is to let the human work as productive as possible in collaboration with robots while retaining the control over robots and making the worker feel comfortable during the process. To connect humans with robots, they use wearables as interfaces to the control system of the AGVs (respectively the multi-agent system). The human agents run on the wearables and keep the personal information for targetoriented assistance of the human. In this way it is possible to have the human agent forward specific information to other robot agents, so that they can adapt to the human. To sum up, in the use case there are different entities like humans using their related wearables, multiple robots working alone or together with the humans and a secure server which stores and provides private data for the human.
1) Experimental Setup: In the following we will describe a system, managing decentralized agent authentication and secure exchange of private individual-related information inside and between companies. A participating company has the requirement to provide a server with a database. This database stores encrypted data provided by some agent. All participating companies databases should share the same database status. To be sure of this, a multichain blockchain is introduced storing the history of all stored data. The database servers schedule this data and update their local database. The advantage in this mechanism is that the update blockchain can be cleared once in a while. If a server breaks down or is offline, there are plenty others providing access to their database. A second multichain blockchain contains information about the agent authentication. This will be some id and a public key. The matching private key has to be stored by the agent, or might be stored in the database too, being encrypted with an agents custom password. The server of participating companies has to provide an api allowing an agent to authenticated himself using the authentication blockchain.
After the authentication the agent has multiple options. Either it could enter new data about its actual state and knowledge about its physical entity and environment, read the stored data, release data for other agents to use it for their purposes or restrict it again. These changes will be stored in the update blockchain and hence will be provided for the other servers. The agent itself never has a direct contact with the blockchains and in this way does not have to download the whole blockchain or parts of it. It only interacts through the api. For a user agent this could be realised with a web application.

2) Mobile Human Agents:
To let the human work in different processes where different wearables are needed and at the same time have his personal data available for humanrobot interaction, the human agent is designed as mobile agent which can migrate from one wearable to another. The proposed system is based on the multi-agent system of Kirks et al. [5]. The human agent is configured according to the individual once before the first use and will provide information like certificates of qualification, impairments, proxemics distances (which will be described later) or physical properties like height of the person. At runtime these information are available to the human agent and it can use the data to modify its behaviour in the context of HTI with other technical entities in the logic core 1. For the purpose of migration, the agent state and the individual-related information is saved and transferred from one wearable to another and made available there again.
Listing 1 shows an excerpt of the configuration of personal data in JSON format. One can find information like the name of the person or the preferred distance towards mobile robots, on which these can react in order to make the human feel comfortable. In this manner, different properties and abilities of the user can be stored and managed. The service discovery (cf. 1) announces the ability of an empty agent container to accept an agent that want to migrate. The human agent initiates the transfer, where the (updated) personal data will be stored on the servers' database by authenticating through the multichain. On the new wearable the user logs in and the human agent retrieves the previously stored personal data from the server using the credentials for the multichain again. In this way the information access is secured and the migration of the mobile human agent is provided.

3) Human-Technology Interaction:
The designed mobile human agent enables new possibilities for human-technology interaction. In general, one can distinguish two types of technology. On the one hand technologies exist which are enhanced with some form of intelligence and are able to adapt to different situations accordingly. On the other hand there are technologies which cannot adjust themselves to various situations but can be easily controlled. The mobile agent offers an adaptation of the technology for the human worker for both technology types. The former just needs some personal information of the represented worker e.g. height of the user or proxemical zones. For example, an automated transport vehicle (ATV), or CTV referring to [5], which can adapt to the users needs can adjust its planned movement according to the distances the human worker feels comfortable around it (proxemical zones). Various users might have different proxemical zones depending on their experience with such technologies or their daily stress level. By offering further information about the user the ATV can also use this as input for its learning routine and can for example classify persons according to their information into different proxemical zones and velocities used. The latter one has to be controlled for example through sending specific commands from the human agent to the technology. As an example the human agent can stop an ATV or lower its speed while moving towards the ATV. In both ways, the human worker does not have to act by himself. More probably, he might not notice any action taking by the mobile agent and instead might feel more comfortable while interacting with the technology.

4) Examined Scenarios in the Use Case:
To explain the implementation of the described system, the necessary procedures are explained as follows: There are two canonical processes (P1 and P2) in this proposed system, deploying the human agent and unloading the human agent. At first the human agent has to be started and load the private data from the blockchain and database when the worker start his process.
Process P1 -Deploying the human agent: To interact with the system (for example with an ATV) a worker decides to use the HoloLens device (augmented reality glasses) for his order picking process in warehouse logistics. The human agent connects through the api to the local or available server and authenticates himself in favor of the physical entity -the human worker. This can be achieved by scanning a QR-code encoding the workers id and password. After the authentication, the dedicated human agent may now receive the workers stored private data from one of the available data servers (see Fig. 2). After completion of the workers task, the private data has to be updated to the blockchain/database and the human agent has to be unloaded from the wearable.
Process P2 -Unloading the human agent: A human worker ends his session on the wearable and in case the environment model and private data has changed during the process, the private data on the blockchain/database has to be updated. This may happen at the end of the worker's shift or when the worker has to change the wearable for another process or change his location (a different premise of the company or even another company). If there had been any changes to the human worker related data, this data is submitted to his connected server, which adds the new data to the update chain -in that way, every other server gets informed (see Fig. 3). To clarify how the system acts in specific warehouse use cases (U1 to U3), we consider a human worker is working at a specific company's warehouse in an order picking process and has to change the wearable device to be able to work adequately in another process.
Use case U1 -The change of a wearable: The human worker has finished his work at the order picking process and wants to change to his next task in a process at the storage area. He has to remove the smartglasses for example the HoloLens. He will sign off of the HoloLens and the human agent on the HoloLens will start process P2 as mentioned before. Afterwards, he will have to use a smartphone for the process at the storage area. On the smartphone he has to authenticate on the new device to receive his data (cf. process P1). This use case is depicted in  Sometimes workers are deployed at different facilities (premises of different locations). In this case, the associated data of the worker has to be accessible throughout the whole company, respectively the company's network.
Use case U2 -Change of premises: Bob is currently working in Munich and has to work the next day at Berlin. To do so, he has to end his session with the active device (P2) and drive to Berlin. The company location at Berlin has to have access to the server in Munich or provide an own server. Is this done, Bob can use the new device in Berlin and load his data (P1).
In case the worker ends his employment at the specific company and wants to work with another employer, he has to have access to his private data at the new company, too. Here, we assume this is the case.
Use case U3 -Change of company: On the last day of his work at the previous company, the human worker has to make sure to sign off of the wearable and fetch the latest updates of his related data by unloading the human agent (cf. P2). To use the proposed system on the premises of the new employer, this company must be a participant of the described system to provide the same data. If this is the case, the worker may start his work by deploing the human agent on the wearable which he will use in the process.

IV. CONCLUSION
The proposed work shows an architecture for an secure method for adaptive decentralized control system for humantechnology interaction with multi-robot systems such as fleets of AGVs. The mobile human software agent was designed to ensure adaptivity integrated heterogeneous multi-agent systems. The human agent is able to migrate amongst human interface devices in a secure way without disclosing personal data of the users. In this way, the users retain sovereignty over their individual information and decide which information to share across processes, premises and company borders. This method may push forward the integration of Industry 4.0 systems since it complies to the Reference Architecture Model for Industry 4.0 and foster flexibility when it comes to integrate the human worker in complex systems and to include the human's individual needs. The mobile human agent with its security aspects offers a broad usage without many limitations due to numerous operation systems, interface devices or company boundaries.

V. OUTLOOK
The explained system was designed to be as user-friendly as possible while being easily portable and flexible for different technologies. The stored data is encrypted with asymmetric and symmetric keys. As long as no one knows the keys, the system is safe. Still, there has to be a survey if the proposed solution is practical for human users and if the would use it. For that purpose we intend to conduct user studies with UEQ and appropriate questionnaires. Some next improving step will be, to introduce public blockchains instead of private chains. In that way, companies could join the described system more easily. The security aspect for this solution has still to be solved, especially if one wants it to be as secure as the private chain solution. Finally, another step will be, to improve the data decentralization. The data could be split up between participants instead of making them store the same data.