VeChain Technical AMA — Hardware Questions Part 1
VeChainOfficial last edited by VeChainOfficial
Originally published on Feburary 20th, 2018.
Thank you for submitting your questions! VeChain Chief Technology Officer, Gu Jianliang, has taken the time to answer your questions throughout Chinese New Year and is excited to see the curiosity and dedication shown by the community.
Given the abundance of questions and length of Gu’s answers, we will be breaking this AMA into multiple parts. The order the AMA will be released is as follows:
1. Hardware related questions (Part 1| Part 2)
2. Software related questions
3. Business related questions
4. Addressing the concerns of the community on perceived competitors and so-called competing projects
Q1: How do you prevent tampering with chips/codes? As a consumer purchasing fresh produce, how do I know the code attached to the tomato is unique and wasn’t replicated?
A1:There are three key pillars in securely digitizing physical products:
- Tamper proof digital tags — The VeChain 3.0 chip has built-in an asymmetric encryption algorithm, the private key is generated within the card / chip using TRNG(true random number generator) and it is protected from being accessed externally. The tag’s ID is the corresponding public key which is registered on the blockchain. This ensures the first step of the requirements.
- Tags and products cannot be separated — We use a one-time card/tag, meaning that, if the card/tag that are torn renders the product broken. This process ensures that the card/tags and items cannot be separated. It also ensures that the card/tags can not be reused.
- Registration of the Tag IDs on the blockchain — The card/tag ID is registered on the blockchain, likewise, all operations relating to the ID will be recorded on the blockchain. Our RFID/NFC chips can not be duplicated as the private key is generated within the hardware and stored in the protected area, making it impossible to access. For fast moving consumer goods (FMCG), NFC/RFID card/tags are likely too expensive, QR code will be more appropriate, we closely monitor the frequency of QR code scanning, location and detail time and date, determining whether the QR code has been duplicated.
Q2: How much of an issue is the cost of your IoT sensors? Are they being produced in large enough volumes that it is feasible/cheap enough to use them on low-value/disposable items or will they be restricted to high-value shipments for the foreseeable future?
I understand that RFID/NFC tags are not expensive, but incorporating sensors and interfacing hardware seems like it could drive the cost per tag up a fair amount.”
A2: VeChain has designed and manufactured a wide variety of sensors some of those we can talk about are environmental sensors for temperature/humidity/barometric pressure, inertial sensors for accelerometer/gyroscope/compass, gas sensors, and GPS/Glonass/Beidou positioning sensors.
The chips used in these sensors are sourced from the world’s best manufacturers, such as Bosch, ST, Qualcomm, MTK and other manufacturers of products, so the quality is guaranteed.
For example, the sensors we designed for our cold-chain logistics solution have both offline and online versions. They are in mass production and available for commercial use.
- Offline temperature sensors use NFC as a data transmission interface. It’s easy to use, and the product can be repeatedly used, the cost can be offset. With software optimization, a CR2032 battery can have nearly one year working time for this solution and this battery can be replaced as needed.
- Online temperature sensors can capture and upload temperature data in a real time manner. This solution uses Qualcomm MDM9206 solution, which support NB-IoT and 2G/eMTC.
In terms of the cost, for example, the cost of our NFC humidity & temperature sensor is under 100 RMB. Considering it can be reused unlimited times, so that the benefits outweighs the costs significantly for our clients.
Q3: What will be the future of drone usage on the VeChain Platform?
A3:With the combination of IoT and Blockchain, VeChain can help drones in the setup and disclosure of controlled zone, flight path tracking, and the record of geographic and location data.
Another usage of drone is to integrate an RFID scanner within, so that in large warehouse it is easy to do an inventory count.
Besides, the control of drone authorization and the acquisition of images can also be achieved removing many of the regulatory concerns being brought about in commercial drone use.
The application of blockchain within drones will have a lot of room for imagination, not limited to what is listed above. The blockchain can be a powerful tool in making drone usage commercially applicable in automating processes and reducing human error within procedures.
Q4: How does information get stored on VeChains blockchain? For instance you have more than 1 variable like temperature, or pressure or time stamps etc, does that info all go onto the one ledger or will there be separate ledgers for each variable considering how many different industries VeChain seems to be wanting to expand to.
A4: Only the hash value of the raw data is stored on the VeChain blockchain. In addition, hash value can only be accessed upon authorization. The raw data is stored in the CHAOS which is a decentralized data encryption and storage solution developed by VeChain.
Q5: Will the official wallet support hardware wallets, such as a Ledger?
A5: Hardware wallet is part of our Technical Roadmap. Meanwhile, we are seeking and welcome wallet support from Ledger Nano, Trezor and other hardware wallets in the market
Q6: Will the IoT part of VeChain be ran within VETs own infrastructure or by using a third party’s blockchain which is solely focussed on IOT interoperability?
A6: Currently, VeChain designs and manufactures its own IoT devices and those IoT devices run on the VeChain Thor blockchain. VeChain will also specify the standards and requirements of IoT device integration so that more IoT devices from other manufacturers can be connected on VeChain Thor blockchain platform.
Moreover, in the VeChain Thor roadmap, we are building an ID registration services for all IoT device makers to register and manage their devices on the platform with a universal ID. And subsequently, the service will enable the interoperability, human to machine and machine to machine transaction via further services including authentication and authorization, data formatter, notary services. We presented this initiative in the Trusted IoT Alliance meeting in Berlin and received overwhelming interest from well established companies in the alliance.
Q7: “Maybe this has been answered before, but how will the chips actually write the data to the blockchain. You’ll need an internet connection for that right?
A7: Yes, with Internet connection, data can be uploaded to VeChain Thor blockchain. In addition the data can be uploaded through multiple telecommunication protocols, such as Ethernet, 2/3/4G, NB-IoT, eMTC, CAT-1, etc.
Q8: “As part of my research into VeChain I have started looking into any potential flaws and weaknesses in currently used RFID and NFC, the main security exploit I have seen used actively in the “real world” and not just Proof of concept appears to cloning RFID ID badges (Proxmark3) to gain access to electronic locks and using relays to spoof the real location of an RFID card (Mercedes ‘relay’ box) to steal cars while keys are in another location.
Do you have security methods in place to avoid these currently known RFID exploits.”
A8: Data security and data privacy have always been the top principles when we deliver BaaS solutions to our clients. Therefore, we have implemented multiple layers of security countermeasures against potential security vulnerabilities.
One example is that we utilize an asymmetric encryption algorithm in our smartchips to ensure its security and uniqueness. Take NFC chips as an example:
- Enterprise server sends random generated numbers to NFC chips
- Using private key stored in the NFC chip to sign the random number
- Then the digital signature will be sent back to the enterprise server
- Enterprise server verifies the digital signature
Due to the uniqueness of each random number, the above process cannot be duplicated as the random number can’t be predicted.
Q9: Is there a specified body/authentication in place to take on the role of verifying/authenticating the products in the first place before it’s tag? (I see DNVGL playing a role in this, correct me if i’m wrong). If there is one, how can this be done? IoTs in place to authenticate the manufacturing process of the products to be tagged?
What stops a retailer from uploading fake information on the tag and then put it on a product?
A9: In the use case of luxury goods, the ID of the product will only be activated after the brand completes their quality check of the products delivered by the manufacturer. It’s in their best interests to make sure all the products activated on the blockchain are authentic.
In the cases where there is a risk or conflict of interests, we are working with DNV GL to develop certification services to ensure this. In addition, when the entire supply chain uses VeChain’s platform, various players are only allowed to upload data relating to their responsibilities. E.g. retailer will only be able to upload sale information of the product.
If anyone uploads fake information, there will be huge credit and reputation risk as all the operation history is on the blockchain forever. Businesses run a large risk as VeChain has KYC requirements for major business activities and backed by auditing and assurance companies such as PwC and DNV GL.
When IoT devices are manufactured, third-party vendors such as DNV GL can certify the production process to ensure that the production process is monitored and regulated.
IoT devices will have an embedded identity, VeChain provides PC-side tools, as well as a complete solution for securing identity implants.
After the identity is implanted, IoT devices can be authenticated on the VeChain Thor blockchain via a VeChain VeVID solution to ensure the authenticity of data sources generated by subsequent devices. The VeVID shows the device has been certified when it has correct performance/assembling/use/installation.
Q10: The volume of data received by the RFID chips on an everyday basis will be enormous. How will this data be stored? What type of privacy protocol will be implemented with this data?
A10: The amount of data uploaded by RFID/IoT can be quite large. VeChain will take different strategies for this problem, such as subchains (e.g. for vertical industries) and cross-chain technology to solve the throughput and storage problems.
Besides, VeChain Thor is a public blockchain platform, the raw data itself is not stored on VeChain Thor but rather the hash of the raw data and that hash value can only be accessed upon authorization.