Information architecture for a certification and chain-of-custody system on the blockchain

Here we show how existing certifications and audits of supply chains can take on a new guise implemented on the blockchain. There are six different types of actors involved in our exemplar set-up:

Producers (e.g., a cotton grower); Manufacturers (e.g., a maker of fabric or jeans); Registrars, which are organizations that provide credentials and a unique identity to actors (e.g., an accreditation service); Standards organizations, which define the rules of a certain scheme (e.g., Fairtrade); Certifiers and auditors, which are agents — usually separate agents, to maximize security — that inspect producers and manufacturers and verify certain standards, like annual production capacity; and Customers, the buyers of products all along a supply chains, including the end consumer.

Below we explain the principal architecture. The architecture consists of a number of modular programs. Each program is deployed on the blockchain and controlled independently, but because they work within the same blockchain system they are able to interact without friction.

Registration program

On Provenance everyone has a profile accessible with a private key. Profiles can be public or private depending on use case and permissions. Some are rich with information, whilst others simply contain an anonymous ID.

It is this program alone that forms the fundamental trust relationship between the customer and the system as a whole. All other programs derive their “trustability” through their own reputation (which may be imported through their real-world name). This program will initially be deployed by the registrar, who implements a process for the registration of named participants (i.e. certifiers, auditors, producers, and manufacturers). Such participants may request registration of their digital identity (for details, see the “Public- Key Infrastructure” box), which links their real-world identity with their blockchain-based digital identity, thus allowing them to interact with the blockchain using their real-world identity. Upon request, the registration authority verifies their identity and records the result in the blockchain, available for all to inspect.

Importantly, the system could allow participants to remain anonymous, at the cost of opacity at the stage of the supply chain at which that actor operates (although information about earlier stages can remain retrievable). The exception is certifiers, who need to register and identify themselves in order to make the system work.

Standards programs

Marks and certifications that are printed on today’s consumer products and shown at the point of sale. On the blockchain certifications can be linked to their real meaning and information verifying their status.

These programs represent the implementation of schemas for proper recognition of a standard (e.g. no animal testing, biodynamic, fair labor). Through these programs, standards organizations provide for the creation of compliant production or manufacturing programs (see below), allowing instances or batches of goods and materials to be added to or processed on the blockchain. Such producers or manufacturers may require inspection by a certifier or auditor of their facilities and processes to be able to obtain and operate a certified program. Successful verification results in the deployment of a production or manufacturing program that is both registered with the certification program and authenticated by an auditor, and allows a producer to create the digitally tradeable equivalent of a good (i.e., a token that shadows the real-world material or product), which acts as its blockchain-based avatar.

Production programs

From cotton growers to gold miners the blockchain presents a method for securely documenting and transferring key information about a raw material.

Deployed following successful certification, these programs are used by producers to prove the creation of materials or primary goods. The program specifies and implements the parameters for each production facility, including:

the certification of the production capacity for the production of the good (e.g., 500t of cotton/year);

a taxonomical description of the good, which would include a detailed description of the output, together with any additional “tags” to help identify specific attributes (e.g., fair trade, fair labor, organic);

the production accounting; i.e., the registration of created produce up to the maximum annual capacity, as well as the registration of their sales.

These parameters can be adjusted according to desired guidelines by certifiers or following the inspection by an auditor, and in case of an unsuccessful audit, the program can be easily (temporarily) revoked if necessary. Since they are principally responsible for the creation of goods, producer programs are the root for the traceability of finished goods, which then link back to the identity provided by the registrar.

Manufacturing programs

Information from the producer is securely cascaded to the manufacturer on receipt.

These programs implement the transformation of input goods from production into output goods. Much as with production programs, once deployed by the certifier the programs are operated by manufacturers, but with one additional constraint: input goods must be “used” for any output to be created, just as in the physical world. For example, the registration of a certain amount of organic cotton fabric requires as input the appropriate amount of raw organic cotton, and after this usage the raw organic cotton should no longer be usable. Because of its auditability, the blockchain provides the same cast-iron guarantee as in the physical world; namely, that creation of an output good can happen if and only if the required input is used.

Tagging — establishing secure links between the digital and the physical world

Label with a unique cryptographic QR code and NFC tag that links to the Provenance of the material, ingredient or product to the physical item.

Beyond the implementation of the fundamental business logic on the blockchain as described above, a method to securely link physical goods to their digital counterparts is also necessary, as well as a user interface that enables informed purchases both along the supply chain and for the customer.

Linking

The technologies by which the physical goods and materials are identified and linked with their digital representation on the blockchain (e.g., serial numbers, bar codes, digital tags like RFID and NFC, genetic tags) is crucial in uniquely identifying a physical good with its digital counterpart. At Provenance we are exploring many new and existing technologies; an overview of recent technologies can be found here. Identities are recorded in production and manufacturing programs, and for simplicity and easy adoption we expect them to take the form of existing barcodes and serial numbers which are linked to blockchain identifiers using a secure hash.

User-facing applications facilitate access to the blockchain

The final owner of the product has access to secure information about the product’s supply chain, without having access to identification details.

By design, every transaction along a supply chain on the blockchain is fully auditable. By inspecting the blockchain, smartphone applications can aggregate and display information to customers in a real-time manner; furthermore, due to the strong integrity properties of the blockchain, this information can be genuinely trusted. A thoughtful user interface that sheds light on the digital journey of a product can empower better purchases by giving users a true choice that they can exercise.

There are substantial broad effects of bringing near-frictionless transparency to consumer purchase decisions and product identity; clearly there is likely to be an additional “virtuous” component in purchase decisions, especially among mid-level purchases where a marginal increase of 20% to the price does not affect the willingness to buy. Additional levels of guarantee over genuine articles is a high-value use case. While an initial introduction of this technology may be in the form of a discrete and removable label, easily verified through a smartphone-readable QR-code, a more progressive possibility would be a conspicuous hologramatic or RFID tag, embedded in the brand label, allowing the owner to prove the authenticity of the product at any time by accessing the data on the blockchain through the tag.

Early extensions of the proposed certification system

Interoperability allowing arbitrary schemes to interact with each other could massively reduce the level of trust required for the implementation of a joint system as well as help against concerns regarding adverse cost–benefit trade-offs and privacy. Additional features could securely provide crowd-sourced scrutiny as a complement the formal certification process; e.g., workers themselves could report from farms and factories about the operational processes if they obtain a secure identity in the system.

Public-Private Key Infrastructure

Public/private key infrastructure allows us to mimic a physical signature by way of provably registering our identity with a digital document or instruction without at any time giving others the ability to further produce such signatures for other instructions or documents.

Notionally, physical signatures are difficult to reproduce, especially on demand, leading to their common usage as a way of proving that a counterparty is engaged under a particular agreement. In the digital age where facsimiles are trivial to create and face-to-face engagement no longer the norm for most transactions, they no longer serve their purpose: access to a signature generally leads to ability to reproduce the signature.

Mathematics, however, has provided a fully digital alternative by way of cryptography. Through the use of functions with special properties, it is possible to hold a small piece of data known as a secret (or private key), and use it to demonstrate that you have explicitly sanctioned a particular piece of information (a document, image, order or other such digital item) without ever uncovering that secret to another party. To do so, the secret is combined with the document in question (using a special mathematical function) to produce a signature. This may be freely distributed (usually, but not necessarily, with the document). All secrets have a counterpart public key, which may be published by the secret holder as their identity. When a third party recombines the document with the signature, they are able to retrieve not the secret, but rather the secret’s public counterpart, the public key and the secret holder’s published identity. This allows them to be sure that the document was sanctioned by the secret holder without ever knowing their secret and thus compromising the fidelity of future signatures.

Anonymity and protection of sensitive business information

The information that’s accessible to consumers all along the supply chain depends on the privacy permissions granted. With the blockchain even if the identity of the farmer is not revealed you can still feel secure that verified information is trustworthy.

The success of the proposed systems relies on the registration of identities and recording of transactions and information. This enables actors on the supply chain to carry and prove the defining attributes of their material products to any actor further along the chain. Certain users, however, might be concerned about their privacy or the privacy of their suppliers further up the chain. Technologically, it is possible for identities to be protected in a blockchain-based system, while still transferring other salient information. For example, manufacturers in the middle of the supply chain could securely pass a certificate with full authenticity downstream while keeping their identity private. For customers, the described system provides the ability to check important attributes of purchased goods without necessarily seeing the full intricacies of the supply chain that created them. The system also allows for the trusted proof of ownership thanks to Public-Private Key Infrastructure (see above) without revealing their the identity of owners to the system. In fact, customers could even use the system to sell a good on a secondary market, allowing the chain to continue post sale throughout the product lifecycle.