Blockchain: Potential Uses – Incorporating International Standards – Part 1

Blockchain: Potential Uses – Incorporating International Standards – Part 1

Blockchain

Potential uses incorporating international standards (Part 1)

Presentation to the Industry Blockchain Expedition
Linz, Austria
26th November 2018

Introduction

This is the online version of a speech that I was asked to deliver at the ‘Industry Blockchain Expedition‘  hosted in Linz, Austria. We have included the visuals and video’s used to illustrate some of the concepts of Blockchain and its use. This is rather a lengthy blog so, I have included a shortcut menu on the right, so you can navigate to an area of interest or resume reading.

I would like to thank the organisers of this event for inviting me to speak with you today. When I received the invitation, initiated I believe by Paul Dietl, a contact I have been working with at SKF in Steyr, I was obliged to explain to the team that I am not a blockchain expert, although I am working on a potential use case for blockchain.

However, as I explained, that one interesting feature of this use case that was different to any others we had come across, was that we were incorporating international standards into the solution.

“Perfect”, said the organisers.

So here I am!

I have three aims to achieve in my talk today:

  1. To demystify blockchain;
  2. To show the role international standards will play in the growth of blockchain;
  3. To demonstrate how small businesses can find practical applications for blockchain technology and benefit from this technology.

Firstly, to give you some context. I am not an academic, I not employed by the UK government, nor am I employed by a global corporation, although I have worked for global corporations in the past.

I am a small business owner, I have two businesses; the longer established business is my consultancy business, through which I help companies with their materials management issues.

A large part of my time in that business is helping organisations resolve their materials management issues, the root cause of which is frequently poor data quality.

My efforts to find appropriate tools that incorporated international data quality standards to help solve these data quality issues that my clients were facing was frustrating, and so, a couple of years ago I decided to start my own software company to create the software that I felt the market needed.

I am recognised by the British Standards Institute and the International Organization for Standardization as an industrial data expert, I give up a lot of my time developing standards in that area, and I sit on two international working groups.

Following this meeting I am off to Houston for a weeks work on the oil and gas interoperability standard ISO 18101 that will be published next year.

This talk is presented from the perspective of my software company, KOIOS Master Data Limited.

Before you hear me speak on the subject, I would like to play you a short advertisement created by IBM to explain blockchain.

IBM Blockchain: The Blockchain built for smarter business

Building a Blockchain

The first block

  • The first block contains initial information;
  • This information could take the form of transactional data or master data;
  • This block represents the start of a blockchain

Blockchain was created to securely exchange transaction data; to record tangible and intangible assets; and to create an alternative to central bank controlled currencies.

One compelling feature of blockchain is that these records are immutable; that means that they are unchanged over time, and unable to be altered.

As you saw in the video, implementations of blockchain have moved beyond alternative currencies, and are being used to record master data as well as transactional data.

A block is essentially a data record, just like an individual record in a traditional ledger.

The second block

  • The user creates the second block and it links to the first block

When a second block of data is added it is linked to the first block, creating a chain.

Blocks record the time and the sequence of transactions. Each block contains a HASH key, which is a unique digital identifier.

The third block

      • The third block in the chain is created and links to the second block;
      • New blocks are always added to the latest block;
      • Blockchains store transactional data;
      • A hyperledger can contain both master data and transactional data

When a third block of data is added to the chain, it links to the second block, not the first block. All blocks are linked sequentially.

As I mentioned earlier, there are a number of ways to implement blockchain, and in this presentation we will be discussing examples where Hyperledger may be the appropriate technology.

Hyperledger is hosted by the Linux foundation, an open source community, whose vision is to be the facilitator for mainstream commercial applications.

Blockchain is decentralized

      • A blockchain can be thought of in terms of transaction data storage in the same way as a database;
      • The key difference to traditional databases is that blockchain is decentralized;

Another key feature of blockchain is the decentralised architecture. This decentralisation means that there is no single point of failure that would bring the network down. This is a key differentiator to the traditional single database model that is increasingly vulnerable in today’s world.

What is a Network Node?

      • Network nodes enable blockchain to be decentralized
      • The role of a node is to support the network by maintaining a copy of a blockchain.
      • All participants in a private, permissioned, system can be a part of the network

Decentralisation is achieved by the creation of network nodes. A network node is another term for a computer that maintains a copy of the database.

What happens when
a ‘Node’ is corrupted?

      • If a third party alters a part of the chain the network may determine that the blockchain on that node is no longer the longest chain and is potentially corrupt.

I explained earlier that each block contains a unique HASH key as well as the HASH key of the previous block. This architecture is designed to ensure it is impossible to insert a new block between two existing blocks, or to alter the contents of a block without detection.

Should there be a conflict, then protocols such as Practical Byzantine Fault Tolerance (PBFT) are used as a method of conflict resolution.

Terminology

One difficulty in understanding the topic is the bewildering array of terminology. One particular term that can cause confusion is ‘distributed’, which can lead to the misconception that because something is distributed there is therefore no overall controlling authority or owner.

This may or may not be the case — it depends on the design of the ledger. In practice, there is a broad spectrum of distributed ledger models, with different degrees of centralization and different types of access control, to suit different business needs.

These may be ‘unpermissioned’ ledgers that are open to everyone to contribute data to the ledger and cannot be owned; or ‘permissioned’ ledgers that may have one or many owners and only they can add records and verify the contents of the ledger.

In my efforts to demystify blockchain, I have already introduced a number of terms that may be unfamiliar to people new to the subject. In my standards work, terms and definitions are a vital element of the documents we produce.

In this slide pack, that will be distributed after this event, I have added an annex with explantations of some of the terms for you to study at a later date. I will also add a copy of this speech and the slides to the KOIOS website.

When blockchain is discussed, one of the areas of confusion is the term “distributed’ as in distributed ledger. The word distributed may imply to some people that there is no overall control or authority.

That may or may not be the case.

All distributed ledger applications are designed for the specific use case, and that use case will determine the degree of central control and other parties access control.

More from this presentation

Blockchain: Potential Uses – Incorporating International Standards – Part 2

Blockchain: Potential Uses – Incorporating International Standards – Part 2

Blockchain

Potential uses incorporating international standards (Part 2)

INTERNATIONAL 

DATA STANDARDS

International Data Standards

As I discussed earlier, I am actively involved in the development of international standards.

Standards are a consensus of best practice. International standards affect many areas in our everyday lives, and I am going to show a short video to highlight this.

But, before I start the video, can I please have a show of hands? If you have heard of the standard ISO 8000, can you please raise your hand. If you thought I said ISO 9000, please put your hand down!

Thank you. Let us watch this short video showing how ISO Standards influence the world around us.

What ISO standards do for you

As you can see from the video, ISO 8000 is the international standard covering data quality; and part 110 covers the exchange of quality data.

Why is this relevant?

Blockchain is not a cure for data quality problems, if you exchange poor quality data in a blockchain you have the same issues as you do currently when you exchange poor quality data using traditional methods.

By adopting ISO 8000, organisations will benefit enormously from improved data quality; data provenance; data interoperability; and improved operational efficiency.

Facsimile of ISO 800-115: Source iso.org

The working group that develops ISO 8000 is one of the most active ISO working groups, and this year we published ISO 8000-115, the standard for the exchange of quality identifiers. Identifiers are used to point to data records, but before this standard was introduced it was rare for an identifier to state who owns the identifier, or part number, and the associated data record. The lack of the prefix leads to confusion over the provenance of the relevant data set.

The syntax of an ISO 8000-115 complaint identifier ensures that the owner of the data set is clearly identified by the adoption of this standard. The standard also requires that the complete identifier resolves to an ISO 8000-110 complaint specification.

The data cleaning industry is guilty of creating data specifications with no other provenance than their own, which frankly is no guarantee of accuracy or quality. If you employ third party data cleaners, I challenge you to ask them about provenance and data quality standards, and compare their answers with these slides.

Facsimile of ISO 800-116: Source iso.org

I will be talking more about trust shortly.

A key element of trust in commercial contracts is knowing who you are dealing with. Know your Client or customer (KYC) is becoming an accepted business and compliance norm.

ISO 8000-116 is an implementation of ISO 8000-115. ISO 8000-116 will be published early in 2019. The standard defines a method of identifying organisations and individuals by the using the reference of the issuing authority that created the record.

In Austria, the Federal Ministry of Justice maintains the commercial register, and each company has a registration number. This number is used as the suffix of the identifier, and the prefix is the ISO two letter code for Austria (AT), followed by CR for the commercial register.

This format allows every organisation to be given a globally unique authoritative identifier, not a proxy identifier issued by a third party.

This will prove a very useful standard for managing your supplier database and eliminating duplicate records.

The Electronic Commerce Code Management Association (ECCMA) has launched a very useful website www.ealei.org where you can search a growing, global, authoritative register of companies. I encourage you to add your company details to the site.

Facsimile of ISO TC/307: Source iso.org

ISO creates standards through a series of technical committees and working groups. Blockchain and distributed ledger technologies are being developed by technical committee 307.

Technical committees and working groups consist of experts from participating member countries. Technical committee 307 consists of 39 participating members, and the Austrian Standards Institute (ASI) is the member body through which local experts are appointed to help develop the standards.

Facsimile of ISO TC/307: Source iso.org

This technical committee is currently responsible for developing 11 standards under the heading of blockchain and distributed ledger technology. Subjects include governance, interoperability, smart contracts, and data protection.

Technological convergence

The convergence of creativity and technology can lead to radical changes in existing business models and the organizational structures they sit within.

Distributed Ledger Technology (DLT) is presently as much a series of challenges and questions to existing structures, as opposed to a set of answers and practical possibilities.

But it appears to have at least some qualities, and to be in the appropriate context, to produce change at the more revolutionary end of the spectrum.

DLTs offer significant challenges to established orthodoxy and assumptions of best practice, far beyond the recording of transactions and ledgers. These potentially revolutionary organizational structures and practices should be experimentally trialled — perhaps in the form of technical and non-technical demonstrator projects — so that practical, legal and policy implications can be explored.

More from this presentation

Blockchain: Potential Uses – Incorporating International Standards – Part 3

Blockchain: Potential Uses – Incorporating International Standards – Part 3

Blockchain

Potential uses incorporating international standards (Part 3)

TRUST IN A

DIGITAL WORLD

Trust in a digital world

As I previously mentioned, trust in the digital world is an important subject, and I have explained how standards can play a part in building that trust.

Technological convergence

The convergence of creativity and technology can lead to radical changes in existing business models and the organizational structures they sit within.
Distributed Ledger Technology (DLT) is presently as much a series of challenges and questions to existing structures, as opposed to a set of answers and practical possibilities.
But it appears to have at least some qualities, and to be in the appropriate context, to produce change at the more revolutionary end of the spectrum.
DLTs offer significant challenges to established orthodoxy and assumptions of best practice, far beyond the recording of transactions and ledgers. These potentially revolutionary organizational structures and practices should be experimentally trialled — perhaps in the form of technical and non-technical demonstrator projects — so that practical, legal and policy implications can be explored.

Make no mistake, blockchain is potentially disruptive to any existing organisations whose business model is founded on centralised control.

It is this potential for disruption and the ability to create global networks quickly that gives smaller, more agile, businesses an opportunity to compete in global markets in the same way as the internet has done in recent years.

There are challenges to be overcome, and new best practices will emerge through the development and adoption of standards, but small companies are well placed to benefit from this disruption to traditional ways of doing business.

Trust and interoperability

Trust is a risk judgement between two or more people, organizations or nations. In cyberspace, trust is based on two key requirements:

  • Prove to me that you are who you say you are (authentication)
  • Prove to me that you have the permissions necessary to do what you ask (authorization)

 

All contracts, smart or otherwise, rely on the ability for each party in a transaction to know who the other parties are.

There are many cases currently where the true identity of certain parties is not clear, and ISO 8000-116 identifiers will play a massive role in the future of smart contracts.

Another key element to ensure trust, is the level of security based on public key infrastructure federations, known as PKI. These security systems are rated by their Level of assurance (LoA).

In any system that has achieved a very high assurance, level 3 or 4, some sort of encryption standard will have been deployed.

In Austria, the e-government scheme is a level 3+ PKI.

Trust and interoperability

Trust is a risk judgement between two or more people, organizations or nations. In cyberspace, trust is based on two key requirements:

  • Prove to me that you are who you say you are (authentication)
  • Prove to me that you have the permissions necessary to do what you ask (authorization)

Interoperability involves several factors:

Data interoperability. We need to understand each other in order to work together, so our data has to have the same syntactic and semantic foundations;

Policy interoperability. Our policies need to be aligned or based on agreed common policy, so that I can be confident that you will treat my information in the way that I expect (and vice versa)

The effective, collaborative implementation and use of international standards.

 

Smart contracts of the future will take many forms. Whether these are permissioned or unpermissioned, public or private shared systems, depends on the use case.

Permissioned smart contracts could give a user the right to either share or withhold data with or from another party.

In this part of this section, we will discuss some practical, potential applications for the use of this technology. 

Trust in a digital world

Several industries use security systems based on Public Key Infrastructure (PKI) federations that rely on a cryptographic standard called X.509. These offer high and very high assurance levels (LoA 3 and 4) for employee authentication, notably in aviation, the pharmaceutical industry, defense, banking and, increasingly, e-health.

The US and China have the largest deployments of international-standard PKI federations, closely followed by South Korea (where it is mandated for all companies by regulation), Estonia, Netherlands and many others.

At LoA 3+, it is possible to link a user’s identity to other trust functions, such as legally-robust digital signatures, identity-linked encryption and physical access control in buildings. PKI federation isn’t the only option for high assurance supply chain collaboration and sharing sensitive information at scale, but it is the de facto norm today

Personalausweis, the Austrian e-government scheme is a level 3+ PKI

Today, most businesses run a centralised business model. This is a very controlled model, and it is vulnerable to a single point of failure.

At the other end of the scale we have unpermissioned, public shared systems that are 100% decentralised. Bitcoin and other crypto currencies are examples of unpermissioned, public, shared systems that are 100% decentralised.

Crypto currencies rely on anonymity, therefore must also rely on a control to gain consensus that transactions are genuine. Crypto currencies achieve this consensus through a protocol called “proof of work”. You may of heard that machines linked to Bitcoin require a lot of power to solve complex puzzles. These puzzles are the way in which thisproof of work is verified.

Business is not likely to adopt the crypto currency model. It is likely that the future of smart contracts will involve a private network of trusted parties who are authorised to verify transactions,

Permissioned, public shared, smart contracts

  • User 1 opts in to a smart contract on a shared ledger to share their address with an institution that possesses a blue key (there may be many other institutions, with many different keys).
  • But User 2 has opted out of sharing their address, so the institution only receives a copy of the latest address from User 1.
  • Opting in via a trusted agency may be useful when an individual changes their address, because the change could be reflected on their passport, drivers license and other key department databases.

Public authorities however, are predicted to adopt permissioned, public shared systems.

More from this presentation

Blockchain: Potential Uses – Incorporating International Standards – Part 3

Blockchain: Potential Uses – Incorporating International Standards – Part 4

Blockchain

Potential uses incorporating international standards (Part 4)

PRACTICAL

APPLICATION

Practical application

In the UK when we move house, we currently have to individually inform many different public and private organisations, including subsidiaries of parent organisations we may already have contacted.

This is not only a waste of time for all parties, it inevitably leads to errors in adding these records into the multiple databases, hence why there is a major industry sector involved with updating name and address records in the customer relation management databases of both public and private sector organisations.

Current process

Address updating following a house move

Trust is a risk judgement between two or more people, organizations or nations. In cyberspace, trust is based on two key requirements:

  • Water
  • Gas
  • Electricity
  • Internet
  • Landline
  • Mobile
  • TV Licensing
  • Local Authority
  • Vehicle licensing
  • Bank
  • Employer
  • Post

Future process

Address updating following a house move

A hyperledger application could allow the creation of golden records so that users can choose who they share their data with, ensuring all records are current and verified.

Application of Blockchain

Businesses often find ‘permissioned’ block chains far more appealing than Bitcoin’s unpermissioned model, because specific parties are authorized to verify transactions. This allows the businesses to create secured, shared, private networks involving mutually trusting firms and individuals.

Public authorities are likely to adopt permissioned, public, shared systems

A permissioned, public, shared system based on Hyperledger technology would enable users to upload their personal address data to a single site, and decide who to share it with. As the data exchange would be digital, the number of errors in organisation databases would be vastly reduced, as would the time and cost of updating all these disparate databases.

The details would have the provenance of the individual, and verification built into the system so that multiple documents are not required as evidence.

An e-government scheme could easily be extended to cover this use case.

The private sector however, is predicted to adopt permissioned, private, shared systems.

Smart contracts

Smart contracts are being considered for a wide variety of uses, particularly for regulatory compliance, product traceability and service management, and also to defeat counterfeit products and fraud in the following sectors:

  • Food
  • Financial Services
  • Energy
  • Pharmaceuticals
  • Health
  • Aerospace
  • Aviation
  • Telecommunications
  • IT and communications
  • Transport
  • Utilities
  • Agriculture
  • Oil and gas

A lot of sectors are examining how they can benefit from blockchain technology.

I chair a working group looking at master data management practices in blockchain solutions. This working group was set up as a result of a UK Government report.

The working group consists of representatives from industry, academia, and government who are working together to look at where this technology can help with regulatory compliance.

You saw in the earlier IBM video, that traceability of foodstuffs, known as the farm to fork solution, is a potential use case for blockchain.

I am delighted to announce that today, my company, KOIOS Master Data has been awarded a UK Government innovation grant to examine the use of artificial intelligence and distributed ledger technology incorporating international standards.

The use case is smart borders based on the World Trade Organization facilitation of trade agreement, that agreement is designed to lead to intelligence led, computerised pre-clearance of consignments.

The adoption of blockchain in this area, along with the ISO 8000 identifiers will enable customs authorities to identify irregular trends in shipping patterns, or supply chain irregularities, well before it is possible currently using existing systems.

The system will also allow for the automated mapping of tariff codes to the product specification, as the adoption of ISO 8000 will make all this data machine readable, so enabling the power of artificial intelligence to automate what is currently a very manual and subjective process.

So, it is not only the big organisations who can influence the future. Smaller organisations with a high level of subject matter expertise can be far more knowledgeable and agile than large organisations.

Scalability of these solutions is far less of an issue for small companies with distributed ledger technology than it is with large, monolithic, single instance, central databases.

KOIOS has been working on developing the potential for this solution for a number of months.

We are not blockchain experts, so we worked with the University of Southampton computer sciences and machine learning centres to employ two interns, one for the artificial intelligence element, and one for the blockchain element.

The work that Callum and Marcin did over the summer got us to a position to launch our bid for the funds.

The combination of our interns, our young team of developers and operations staff combined with our experienced directors and our domain knowledge created a compelling use case.

You may be aware that smart borders and international trade are hot topics in the UK at present, so the timing of the grant is very opportune.

We will continue our engagement with the University of Southampton to develop a working solution, probably using Hyperledger Fabric

Supply chain and
 Smart Borders

Using Artificial Intelligence and Distributed Ledger Technology with ISO 8000 Authoritative Identifiers and product data to address international trade and counterfeiting challenges.
This type of system is the basis for smart borders. The WTO facilitation agreement, and the Technical Barriers to Trade Agreement, commit countries to moving towards intelligence led, computerized pre-clearances.

    Let us reflect for a moment on what we have discussed so far. Let us reflect for a moment on what we have discussed so far. 

    The advantages of such a smart contract solution for international consignments include: provenance of the data records through the use of authoritative identifiers; quality, machine readable, data to international standards; known and identified trusted parties in the contract; ability to track the chain of custody through immutable records.

    We also believe that this solution will play a part in reducing the problems caused by counterfeiting.
    I have detailed here some of the steps we have included in our outline proposal for smart borders. 

    We will also work with parties in the supply chain from manufacturers of items, through third party logistics companies, to freight forwarders and shipping companies, and also with customs authorities. 

    If you are one of those parties and wish to join us on our journey please speak with me later this evening

    Acknowledgements

    There are many sources of information on the internet, some of them more reliable than others. I have used the following resources to create the content for this talk.

    As we have discussed, small businesses are much more responsive to customer needs than large businesses, and as small businesses adopt new strategies and technology they force larger incumbents to adapt and improve.

    Disruption is inevitable.

    To finish, I would like to share with you one more video that sums up some of what I have highlighted in this post.

    Distributed Ledger Technology: beyond block chain
    A report by the UK Government Chief Scientific Adviser

    ISO – The International Organization for Standardization
    IBM
    hyperledger.org
    UK Government Office for Science
    The intern programme from the University of Southampton

    More from this presentation