Why your privacy does matter: a case for Secure Container Release
Mid 2016, T-Mining looked into an alternative for the commercial release of containers in the port of Antwerp.
Carriers release containers to consignees who can then pick up the container at a terminal in the port. As part of the release, a pin code is generated, and the person who picks up the container must know this pin code. These pin codes are often forwarded by means of email to subcontractors, which is not very secure, and they are often manually entered into existing transport management systems, which is error-prone.
The release process was backed by a web application, but it did not offer sufficient security, and it did not support transferring the pin codes any further than the consignees, which means that the latter still had to use e-mail to forward the pin codes.
At T-Mining we had several years of experience in the logistics market, so we were aware of these problems and therefore we looked into possibilities to offer a more secure solution. Around that time, blockchain technology seemed to be a promising new technology. T-Mining investigated the possibilities and it became clear that the release of containers was a good use case for a blockchain-based system.
You can consider a blockchain to be a list of grouped (i.e. blocks) transactions that are linked together in such a way that it’s extremely difficult to change individual transactions once they are part of the list. Rather than keeping this list on a single computer, it is replicated on many computers in a network, by a special algorithm that serves to reach consensus among all these computers about what transactions are added to each computer’s list. This way, we get the same list of transactions on all these computers.
In December 2016, T-Mining built the first version of a system to release containers, using blockchain. This solution did no longer require pin codes to pick up a container. Instead, a digital pickup right is created, which is owned by 1 account, and only this owner is entitled to transfer that ownership to another account, and to pick up the container. This pickup right and its ownership are recorded in blockchain, so it’s easy to verify if the person who wants to pick up the container, is indeed the current owner of the pickup right. No more pin codes can be stolen or get lost! And no need to send emails with pin codes to your business partners, with the risk to introduce errors.
Of course, you could easily build a central system to implement a release process. We’ve been there, done that before.
But a central system by definition is under the control of a single company or authority. You may or may not trust them. That’s up to you. But this means that this single company has total control. Someone inside can make changes, or get access to the data in their central database. Or a hacker might break into that single system and get access to all data.
Blockchain however is a decentralized technology. There is no single server or database. Instead, there is a network of computers that all maintain their copy of the blockchain, with a "consensus algorithm” that ensures the consistency of all copies. With this approach, there is no single company that controls the data, and hackers would need to hack all computers of the network because otherwise there would be inconsistency among the different nodes in the network.
This was one of the reasons why T-Mining decided to build its SCR product on blockchain. But there is another feature of T-Mining’s SCR product, which is equally important: participating companies stay in control of their identity, and can define private connections with their business partners.
The Logistics market is characterized by complex partnerships between companies that work together but also compete with each other.
A forwarder may work with a transport company, which in turn may use subcontractors. Obviously, such relationships are commercially sensitive and should not be disclosed.
In a central system, all transfers of releases would be recorded in a single database, meaning that this database knows the companies you are working with in order to pick up containers, Since the database is under control of a single party, they can see this information. Again, it’s up to you to trust them... or not.
From the start, T-Mining wanted to tackle this problem, in order to allow logistics companies to keep their business partnerships private, as well as the data they exchange.
That’s why T-Mining’s SCR solution also includes an “Identity wallet”. This is a software application that you install on a machine that you control and which generates a cryptographic key pair. The public key serves to identify yourself, and this is what you share with your partners. The wallet uses your private key to sign transactions and send them to the blockchain if appropriate, like a transfer of a pickup right you own.
Public-key cryptography involves the creation of 2 keys: a private and a public key. The public key is what everybody can see, and which identifies yourself. Such a key pair allows you to create digital signatures of a message using your private key, and everybody who knows your public key can use that to verify this signature. Changing the message is not possible, as this would make the signature invalid. And nobody else can produce a signature without your private key. In addition, these keys enable encryption. Everybody can encrypt a message with your public key, and only you can decrypt this by means of your private key. Public-key cryptography is part of blockchain technology. Blockchain account addresses are based on your public key, and transactions that are included in the blockchain are signed with your private key.
The identity wallet also enables you to invite your business partners to set up a private connection with your company. Each connection leads to a new set of dedicated public keys that are exchanged between the two companies. Once such a relationship is established, companies can transfer pickup rights they own to any of their connections. The outside world only sees a transfer between 2 public keys which are only known by the 2 parties involved. By doing so, information on who works for who remains private and confidential at all times. Only the 2 parties involved have access to this data. Even more, only these 2 parties have this data. Even we, at T-Mining, do not have this information.".
The identity wallet is T-Mining’s implementation of a “self-sovereign identity” of the companies that participate in the network, as it also serves to keep track of your capabilities, certificates, etc. which you can prove to your business partners so they can trust you. This means that each company remains in control of its identity rather than exposing this information to a central party.
Thanks to our experience in the logistics market, T-Mining was aware of the sensitivity of these relationships -called “commercial privacy”-, and took this into account when building their SCR solution.
So many people have been trusting large companies like e.g. Google and Facebook and use their systems because it’s “convenient” and “cheap”. But more and more people start to realize that this comes with a price: they are actually the “product”, as these companies collect so much information about their lives, which they are then selling for real money...
On a business level, there is a similar risk for companies using central (cloud) systems that are under the control of a single company: their data and their identity is actually in the hands of a central entity.
There is an emerging number of peer-to-peer technologies, blockchain being only one of them, that offer new ways to build decentralised systems. At T-Mining we use these technologies to build a new kind of logistics system, enabling you to collaborate with your partners, without disclosing or centralising sensitive information, and by staying in control yourself.
That is our mission, and we hope to get there together with our clients.