AWS for Industries
Britvic enables secure, touchless drink dispense using AWS IoT and serverless technologies
Achieving tasty, healthy, and sustainable hydration can’t be done without a technical overhaul—especially when solving the touchless challenge.
Britvic, a UK-based soft drinks company, is the largest supplier of branded still soft drinks and the second largest supplier of branded carbonated soft drinks in the UK, as well as an industry leader in Brazil, Ireland, and France. Britvic supplies to brands that include Robinsons, Tango, J2O, Drench, MiWadi, Ballygowan, Teisseire, Fruité, Maguaray, and DaFruta. It also produces and supplies PepsiCo branded soft drinks, including Pepsi, 7UP, and Mountain Dew.
Under its “Healthy People, Healthy Planet” mission, Britvic has been exploring new strategies to provide healthy and tasty hydration in a sustainable fashion. Combining its grand scale and depths of experience with liquids and equipment—and driven by a mission to develop industry-leading consumer solutions aimed at reimagining dispense technology to reduce packaging waste and carbon footprints—Britvic worked with AWS and Green Custard, an AWS Partner, to create the Aqua Libra Flavour Tap. This new digital flavor tap—under Britvic’s Aqua Libra Co brand—is a pure, flavored-water digital tap, offering sustainable and healthy hydration that bypasses the single-use plastic bottle and, instead, goes straight to a reusable vessel.
Eliminating single-use plastic bottles
Britvic’s Aqua Libra Flavour Tap uses the AWS digital interface to collate data analytics on the flavor tap usage. This digital interface is a high-tech cartridge, powered by technology that releases microdoses of sugar- and additive-free flavoring into the water.
Read the full case study here >>
The touchless side of the story
When the COVID-19 pandemic struck, Britvic set out to investigate a touchless interface for the flavor tap. It worked with Green Custard to develop a secure and touchless solution for controlling the tap that can be initiated from almost any smartphone device that can scan a QR code. The team explored several options to limit physical contact, including voice or foot operation, infrared buttons, and screens that do not require physical contact. The teams quickly agreed that a touchless solution using QR codes and the consumer’s own smartphone presented the simplest and most universal solution to meet this need.
The solution, built using AWS IoT and serverless technologies, allows consumers to walk up to the flavor tap, scan a unique QR code, and control the experience from a responsive webpage on their smartphones. Since the tap already used AWS IoT Core, it was a natural fit to deliver messages to control the dispense of drinks. The solution is designed to be secure—so that drinks can be dispensed only by someone physically present near the dispenser unit—and designed for a responsive experience because consumers expect to hit a button on their phones and have the selected drink be dispensed immediately.
Building a secure, touchless vending experience
Using AWS Managed Services, the Green Custard team rapidly designed and built the flavor tap solution alongside Britvic. The architecture below shows how the AWS services were used to create a solution to help Britvic achieve its mission.
- The flavor tap requests a new security token by sending an MQTT message using AWS IoT Core. This initiates an Amazon Lambda function which:
- Generates a new public / private key pair
- Adds a session to a table in Amazon DynamoDB
- Creates a new URL containing a new authentication token encrypted with the private key
- Returns the URL to the flavor tap, via an MQTT message, from which the tap generates a QR code
- The QR code is displayed on the screen controlling the flavor tap, allowing a consumer to scan the QR code on a smartphone.
- The smartphone retrieves a static website containing the dispense web application stored in Amazon Simple Storage Service (Amazon S3)and delivered using Amazon CloudFront, and displays it to the user.
- The web application connects to an Amazon API Gateway web socket service passing the authentication token from the URL provided by the QR code. Amazon API Gateway invokes a custom authorizer to validate the authentication token by decrypting it using the associated public key.
- The consumer is now able to send dispense requests using the web socket service to Amazon API Gateway. These requests are forwarded by the dispense MQTT topic to the flavor tap, which will act appropriately depending on the consumer’s request.
- Once the drink has been dispensed, the flavor tap publishes an MQTT message to a dispense topic that initiates an AWS Lambda function to complete the session. It will update the session in the Amazon DynamoDB table and inform the web app through the web socket service. This will update the current consumer through the web application, and the flavor tap will request a new URL to be ready for the next consumer.
The request to generate a new QR code starts from the dispense solution, using the existing secure connection between the dispense solution and AWS IoT Core. Each dispense solution contains its own certificate to authenticate with AWS IoT Core, which means that if the dispense solution or the certificates are compromised, an attacker will be able to generate tokens to control only that single dispense solution.
To complete the security picture, the teams used AWS IoT Device Defender to spot unusual patterns of behavior, notifying you of suspicious activity and automatically taking action if required, such as automatically revoking certificates. In addition, any embedded endpoints, such as those used in the dispense solution, adhere to security best practices, using hardware security modules for storing confidential data, such as the security keys. The use of AWS IoT Greengrass and FreeRTOS within the flavor tap solution simplifies tasks around security, connectivity, and over-the-air (OTA) updates.
The future of the tap
By walking through the technical side of Britvic’s sustainable solution, this blog has shown how AWS services can be used to build a secure, touchless vending experience with the mutual authentication between the dispense solution and AWS IoT Core. This establishes a secure connection to Amazon API Gateway. Working alongside AWS has provided Aqua Libra Co with the option of a touchless vending interface for its new digital flavor taps, reducing the number of high-contact surfaces its consumers interact with while also streamlining drink selection through the use of consumers’ smartphones.
In the future, the web application could be extended for consumers to earn loyalty points, facilitate faster ordering by specifying their favorite flavor, or perhaps even allow them to personalize the exact combination of flavors with their own unique drink recipes.
Britvic continues to work alongside the AWS and Green Custard teams to support the future development of the tap as it continues to be deployed across office and retail locations.
To learn more about Britvic’s innovation journey with the flavor tap and to hear real-world examples of how other leading retail and consumer packaged goods (CPG) companies are using the cloud to innovate faster, register here to access the on-demand content from the recent Industry Innovators: Retail & CPG event.
AWS Partner spotlight
Green Custard is a professional services software company and AWS Partner specializing in IoT, infrastructure and application development. Green Custard is an AWS Service Delivery Partner for AWS IoT Core, AWS CloudFormation, and Amazon QuickSight.
Green Custard partners with businesses like Britvic to help develop their future products and services and ensure that they can deliver on the business outcomes they desire. Green Custard makes exclusive use of AWS Cloud services for their customers.