whitepaper on distributed ledger technology platform for ... · whitepaper on distributed ledger...
TRANSCRIPT
Commissioned by MoneySQ Blockchain Limited
1 2
Whitepaper on Distributed 3
Ledger Technology Platform 4
for Business Innovation 5
June 2018 6
7
8
1 Whitepaper on Distributed Ledger Technology Platform for Business Innovation
9 10
Table of Contents 11
1. Executive Summary ......................................................................................................................... 4 12
2. Distributed Ledger Technology Overview ....................................................................................... 6 13
2.1 Introduction of Distributed Ledger Technology ....................................................................... 6 14
2.2 Powering Business by Blockchain ............................................................................................ 7 15
• Simplify Business Process ........................................................................................................ 7 16
• Identify Trusted Business Partners .......................................................................................... 7 17
• Seize Business Opportunity ..................................................................................................... 8 18
2.3 Business Implications ............................................................................................................... 8 19
• Fraud Detection ........................................................................................................................ 8 20
• Double Spending ...................................................................................................................... 8 21
• Traceability ............................................................................................................................... 9 22
• Business Collaboration .............................................................................................................. 9 23
• Ecosystem ................................................................................................................................ 9 24
• Process Automation .................................................................................................................. 9 25
2.4 Security and Data Privacy ...................................................................................................... 10 26
• Key Management .................................................................................................................. 10 27
• Certificate Authority .............................................................................................................. 10 28
• Enrollment Certificate Authority ........................................................................................... 11 29
• Transaction Certificate Authority .......................................................................................... 11 30
• TLS Certificate Authority ....................................................................................................... 11 31
• Identity Management ............................................................................................................ 11 32
• Data Encryption ..................................................................................................................... 11 33
• Privacy Preserving ................................................................................................................. 13 34
3. Use Cases....................................................................................................................................... 14 35
3.1 Property Mortgage Business ................................................................................................. 14 36
3.2 Manufacturing Business ........................................................................................................ 15 37
3.3 Retail Distributor Business ..................................................................................................... 17 38
3.4 Insurance Business ................................................................................................................. 18 39
3.5 Healthcare Business ............................................................................................................... 19 40
4. Governance and Regulation .......................................................................................................... 20 41
4.1 Roles and responsibilities ...................................................................................................... 20 42
4.2 Developers ............................................................................................................................. 20 43
Whitepaper on Distributed Ledger Technology Platform for Business Innovation 2
4.3 Operators ............................................................................................................................... 20 44
4.4 Users ...................................................................................................................................... 20 45
4.5 Report and audit .................................................................................................................... 21 46
4.6 Regulatory compliance ............................................................................................................ 21 47
5. Conclusion ..................................................................................................................................... 22 48
6. Reference ...................................................................................................................................... 23 49
Appendix – Enterprise Level Blockchain Application Practice.............................................................. 24 50 51 52 53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
3 Whitepaper on Distributed Ledger Technology Platform for Business Innovation
This page intentionally left blank 84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
Whitepaper on Distributed Ledger Technology Platform for Business Innovation 4
124
125
1. Executive Summary 126
In 2008, a Distributed Ledger Technology (DLT) was conceptualized in a paper titled “Bitcoin: A Peer-to- 127
Peer Electronic Cash System” [1]. The paper suggested how some mature technologies, such as 128
decentralized peer-to-peer networks, asymmetric-key cryptography, hashing algorithms and Byzantine 129
Fault Tolerance design, could be chained together to form a database that put records in a block in a 130
disruptive fashion. In January 2009, the first Bitcoin system which was built on the DLT, made its advent in 131
“a system for electronic transactions without relying on trust” [1]. Since then, DLT is gaining popularity and 132
adoption by various types of industry as DLT supports distributed databases and enables participants to 133
store and share information in a secure manner [4]. 134
DLT allows network databases to interact with each other smoothly and securely without a central party 135 from which each participating party seeks acknowledgement. It is with this versatility, traceability, 136
decentralization, transparency and efficient sharing of data that DLT transforms the way organizations 137
conduct and deliver their businesses. The DLT’s revolution introduces huge impact to the information 138
world. First of all, digital currencies built on DLT use decentralized control to exchange digital assets and 139
transform the society into a cashless one. The total digital currency market value has reached more than 140
$370 billion in December 6, 2017 according to Coinmarketcap.com data [2]. This figure has surpassed the 141
stock market value of JPMorgan Chase, the largest bank in the United States, with approximately $366.8 142
billion value on that day. 143
In Hong Kong, the Hong Kong Monetary Authority(HKMA) had conducted a research on DLT and released 144
the Whitepaper 1.0 [3] and Whitepaper 2.0 [4] on Distributed Ledger Technology in November 2016 and 145
October 2017 respectively, aware of the potential use of DLT in the banking sector and public service sector 146
in the future, and burnishing Hong Kong’s credentials as a global trading hub with its development of proof-147
of-concept prototypes for property evaluation, trade finance and digital identity management using DLT. 148
MoneySQ Blockchain Limited, is a pioneer in Hong Kong to launch a business platform supported by 149
Blockchain technology called, "trustME". It is a breakthrough business platform, which supports the 150
development of Guangdong-Hong Kong-Macao Greater Bay Area and provides SMEs in China, Taiwan and 151
Hong Kong with the opportunities of using Blockchain technology. There is a significant development and 152
commercialization on the Blockchain initiatives, training, certification and applications aiming to allow 153
business to take advantage of this technology to create a more robust and secured application that serve 154
both private and public users by lowering uncertainty and improving trust among the society. As such, 155
MoneySQ has commissioned the Hong Kong Applied Science and Technology Research Institute (ASTRI) to 156
conduct a research project on how Blockchain technology is shaping the business model and challenge 157
organization to rethink and transform their businesses. 158
This whitepaper aims to bring out the impact of DLT technology on business and how it can utilize the 159
unique characteristics of DLT to gain a competitive edge. We use this whitepaper to introduce Blockchain 160
technology and demonstrate some real-life use cases. Chapter 2 provides a broad overview of DLT and its 161
association with Blockchain. It illustrates the design, collaboration model, business implication and 162
opportunity when adopting DLT technology for business. Chapter 3 describes five use cases based on 163
5 Whitepaper on Distributed Ledger Technology Platform for Business Innovation
Blockchain technology in property mortgage, manufacturing, Supply Chain distribution, insurance and 164
healthcare businesses. Chapter 4 addresses the necessary governance and regulatory requirements along 165
with the roadmap for the future of Blockchain technology. The paper concludes with the reflection on how 166
Blockchain is disrupting the current business model by offering a higher-security and transparency platform 167
that transforms the way business is conducted. 168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
Whitepaper on Distributed Ledger Technology Platform for Business Innovation 6
189
190
2. Distributed Ledger Technology Overview 191
2.1 Introduction of Distributed Ledger Technology 192
Distributed Ledger Technology (DLT) is a computer system that utilizes advanced cryptographic 193
technology and peer-to-peer distributed networks to create secure, collaborative and reliable applications 194
in a cost-efficient and trustworthy manner [3]. This technology plays a critical role in various applications 195
such as digital currency and payment systems, identity management, asset ownership, contract 196
automation, digital rights management, and healthcare management etc. It is considered a disruptive 197
financial technology (FinTech) that can potentially cut out some expensive costs in the legacy computer 198
systems and provide process automation and information digitization. The relationship of DLT and 199
Blockchain is illustrated in the following diagram where Blockchain is a subset of DLT. 200
201 202
Illustration: Relationship of Distributed Database, DLT, Blockchain and Permissioned Blockchain 203
Blockchain technology has the potential to redefine enterprise ecosystems and economies. In 2017, 33% 204
of organizations already active on Blockchain are experimenting with a business model that connects 205
people, resources and organizations in an ecosystem [5]. Many organizations are learning and 206
experimenting this technology by connecting multiple entities across multiple processes. 207
Blockchain is a distributed ledger that is used to maintain a continuously growing list of records, called 208
blocks. Each block contains a timestamp and a link to the previous block. By its nature, Blockchains are 209
inherently resistant to modification of data once they are recorded. The data stored in any given block 210
cannot be altered retroactively without the alteration of all subsequent blocks and a collusion of the 211
network majority nodes, thus making it a viable solution for decentralized database and applications. 212
213
7 Whitepaper on Distributed Ledger Technology Platform for Business Innovation
2.2 Powering Business by Blockchain 214
• Innovate Business Process 215
Prestigious organizations that have dived into Blockchain area from prototype research to real-world 216
practice are surprised to find that in order to implement a Blockchain project, it requires a high degree of 217
planning, internal lobbying, re-engineering of business process and substantial effort to make it a success. 218
Like any other new technologies, for any organizations to engage in Blockchain, they need to identify the 219
key objectives, focus on the real demand from users, agree on the business workflow, start from small 220
scale, and take into account the governance and regulatory issues. Although the key objectives may be 221
similar from cost reduction, process automation to workflow performance improvement, the potential 222
friction may still arise from time to time. Collaboration is needed between multiple organizations, from 223
business line to technology division. Leaders need to consider how they can work together for greater 224
mutual benefits. 225
New technology deployment always involves changing of current systems. Legacy system owners or 226
operators may be reluctant to change. Blockchain systems can run side by side with legacy systems and 227
replace them only after the expected Return of Investment(ROI) is realized. 228
• Identify Trusted Business Partners 229
What value a partner can bring to the Blockchain network should be evaluated carefully because not all 230
partners will bring positive contributions to the network. Does the candidate partner possess the 231
ownership of the source? Will it become a barrier if this partner is not involved in the Blockchain network? 232
What value will it gain from the network? The critical success factor is to have a mutual understanding and 233
agreement before the collaborative network is formed. 234
Although it is tempting to turn to your most trusted partners, however, it may not always be necessary. 235
Increasing the level of trust between organizations is precisely what Blockchain is designed to do even 236
without the traditional business collaboration with the existing trusted partners. Six in ten organizations 237
that are already active in Blockchains expect the technology to increase transparency and trust in data and 238
transactions [5]. 239
In Blockchain, no single organization is granted supreme control of the network. The privileges to access 240 the data in Blockchain are equally or evenly assigned among all the predefined organizations. No 241 organization needs to trust any organization in the network as every organization bears the same goal in 242 mind: every organization has control but no organization is in total control. 243
The trustless trust in Blockchain is achieved by the technology instead of relying on any specific 244
organization’s providing trust of safety, correctness or consistency. The trust in Blockchain network is 245 native, in other words, Blockchain network itself creates the trusts by the technology by default. 246
247
Whitepaper on Distributed Ledger Technology Platform for Business Innovation 8
• Seize Business Opportunity 248
Every new venture represents both a challenge and an opportunity. Embarking a Blockchain business 249
network is no exception. Organizations need to examine their existing business flow to gain the most 250
benefits from the Blockchain projects. Here are some common questions that organizations may ask. 251
How can I transform the current business rules to build up an ecosystem? How can I resolve arguments 252
among partners? How can I encourage different parties to collaborate smoothly? How can I establish trust 253
in transactions and processes? 254
How organizations incentivize other industry players to join the network to create a global ecology system? 255
What value will the new entrant brings? Governance and regulation on the Blockchain network should be 256
established and amended accordingly as the business expands. The roles and responsibilities for each 257
organization, especially for data privacy and sharing, should also be considered. 258
259
Blockchain platform grants the data access rights only to the related parties to retrieve sensitive data by 260
adding multiple channel feature. In addition, a large enterprise may own multiple ledgers, one for each 261
business unit for example. This isolation of peers and ledger in the form of segregated channels allows 262
network participants who prefer private and confidential transactions to coexist with potential business 263
competitors on the same Blockchain network [6]. For many enterprises and financial institutes, permissioned 264
Blockchain can meet these business requirements which are not possible with public Blockchain platform. 265
In addition, using cloud services is recommended since cloud environments allow enterprises to shift from 266
a highly centralized operating model to a secure ecosystem model. 267
268
2.3 Business Implications 269
Below sections illustrate how the characteristics of DLT such as tamper-resistant, transparency and 270
decentralization can facilitate some business implications. 271
272
• Fraud Detection 273
The tamper-resistant characteristic of DLT could inspire logging key information in an unalterable block to 274
enable fraud detection in sorts of scenarios. For example, the personal information or organization 275
information could be pinned into the digital asset transaction, every spending of the digital asset could 276
come along with the payer’s digital signature, monitoring the clear path of this digital asset circulation such 277
that any fraud could be detected. 278
279
• Double Spending 280
Double spending means spending the same digital assets more than once in digital asset world. DLT 281
provides the power to prevent such double spending issue by its transparency characteristic. Since all the 282
asset transactions are witnessed and verified by all the participants in DLT, nobody can spend the same 283
asset more than once. 284
In traditional fiat currency systems, there is some counterfeit money which carry the same serial number 285
9 Whitepaper on Distributed Ledger Technology Platform for Business Innovation
as the real one. In this scenario, the “double-spending” of this piece of counterfeit paper money is double 286
spending the “serial number”, which is hard to be figured out by community. DLT opens a door for the 287
world on how it can help to change the currency issuing and circulation business. 288
289
• Traceability 290
Essentially, Blockchain is a shared and distributed database system that every participant in the network 291
can witness and update. As such no individual participant can change the history of any logged transaction, 292
interrupt the flow of transactions, or unfairly manipulate the order of transactions. All actions or events 293
could be traced or retrieved from the ledgers which preserve an ultra-origin source for possible disputes 294
resolution. 295
296
• Business Collaboration 297
DLT can be used in cross-department business collaboration to make the process more accountable and 298
auditable. With the unique feature of DLT where the most up to date information is done in real time and 299
secured across the entire network, different business department can share the same information or 300
perform verification to reduce potential business risk. In addition, as all transactions are traceable; it will 301
greatly facilitate and reduce audit effort. For example, an employee can submit a procurement form to the 302
DLT and DLT will notify his supervisor to approve it. If the supervisor approves the application, it will go to 303
next level management approval. If not, the form will be rejected and sent back to the applicant. All these 304
actions are recorded into Blockchain no matter how many levels in the approval system, it will bring simple 305
way for risk management or audit department to trace all the records. 306
307
• Ecosystem 308
DLT ecosystem involves two types of DLT platform: permissionless and permissioned. The former type is 309
operated by public nodes, and is open to anyone. The typical representative is Bitcoin platform which 310
debuted as a digital currency and payment system since 2008. The latter type, which has as an example of 311
the Hyperledger Fabric [7] version 1.0 from the Linux Foundation in which only authorized nodes can join 312
the network and thus supports higher throughput, faster, and more secure transactions. 313
In permissionless platforms, more digital currencies are created for payment or asset exchange and fork of 314
major chains such as Bitcoin or Ethereum is emerging on the market that contribute to the rapid growth of 315
this DLT ecosystem. A continuous effort is made to improve the transaction throughput to cater for such 316
a rapid transaction demand. These permissionless platforms inspire business implications on how to use 317
them in variety of digital payment methods. 318
In permissioned platforms, using a Blockchain implementation as a media for secured sharing of 319
information attracts plenty of attentions in many industries. Different permissioned platforms focusing on 320
different characteristics of DLT as emerged on the market are to fulfill different business requirements. 321
322
• Process Automation 323
One of the best things about Blockchain is that it could be used for process automation in the form of smart 324 contracts (a.k.a self-executing contracts or Blockchain contracts). In this way, contracts could be converted 325
Whitepaper on Distributed Ledger Technology Platform for Business Innovation 10
into computer programs, stored and replicated on the DLT system and supervised by the entire network. 326
This help participating parties to exchange information, asset in a transparent, automated, fairly, conflict-327
free way without a third-party involvement thus correlate to the decentralization characteristic of DLT. 328
Take an example of a car rental business between two parties. The deal agreement and delivery date could 329
be stored in smart contract. After payment by cryptocurrency, the borrower gets a receipt and the digital 330
entry key which comes by a specified date. If the key doesn’t come on time, the smart contract releases a 331
refund. If the key and fee are both ready, smart contract sends the fee to lender and key to borrower 332
respectively when the rental date arrives. The smart contract works on the If-Then condition and is 333
validated and witnessed by all the DLT network participants, so a faultless delivery can be expected. 334
335
2.4 Security and Data Privacy 336
337
The security feature of Blockchain can be viewed at both macro and micro levels. At the macro level, 338
Blockchain network is a peer-to-peer (p2p) network covering large geographical area with many 339
collaborating peers. Failure of some peers will not affect the whole Blockchain network within the tolerance 340
threshold level configured by the specific consensus algorithm. The process of logging new transactions to 341
the ledger needs to perform a consensus endorsing mechanism, which can prevent malicious entities from 342
logging forged transactions into blocks [3]
. 343
At the micro level, Blockchain platform uses hash technology to detect any alteration made to the original 344 data. Hash function is a mathematical unidirectional function which summarizes the raw data, no matter 345
how large it is, to generate a fixed-size short data named “hash value”. Any alteration on the source data 346
will cause its hash value to change correspondingly. Key cryptography technologies such as Advanced 347
Encryption Standard (AES), Rivest Shamir Adleman (RSA) and Elliptic Curve Cryptograph (ECC) algorithms 348
are also applied to encrypt and sign the data exchange through the Blockchain network. 349
Below sections illustrate a permissioned Blockchain platform security design in general. 350
351
• Key Management 352
A permissioned DLT platform has two major roles: controlling access to the network and the content of 353
each transaction. These two roles usually require a membership service provider and a cryptographic key 354
manager. A membership service provider controls the admission of members to the network. A 355
cryptographic key manager controls key generation, distribution, usage and storage. If transactions in the 356
network are encrypted, the cryptographic key manager, together with the membership service provider, 357
determines which users will be granted rights of access to the transactions in plain form [3]
. 358
359
• Certificate Authority 360
The Certificate Authority (CA) provides two different certificate services to DLT users, including user 361
enrollment, transaction certificate authority and TLS-secured connections between users or components 362
of the Blockchain, from front-end to back-end. 363
364
11 Whitepaper on Distributed Ledger Technology Platform for Business Innovation
365
• Enrollment Certificate Authority 366
The enrollment certificate authority (ECA) [6] supports new users to register with the DLT network and 367
enables registered users to request an enrollment certificate for data signing with Elliptic Curve Digital 368
Signature Algorithm (ECDSA) providing the public keys to be embedded in the certificates. 369
370
• Transaction Certificate Authority 371
The transaction certificate authority(TCA) [6] enables network participants to bind every transaction with a 372
temporary pseudonymous credential, such that other participants can only infer the temporary identity 373
from the transaction and the origin identity may not be leaked. The activity or transaction history of the 374
members can be separated from each other by issuing a temporary or one-time credential. 375
376
• TLS Certificate Authority 377
In addition to enrollment and transaction certificates, users will need the Transport Layer Security (TLS) 378
certificates to secure their communication channels. TLS certificates can be requested from the TLS 379
certificate authority (TLSCA). 380
381
• Identity Management 382
Two-factor authentication can be used for identity management. For example, mobile phone number will 383
be a compulsory field upon account registration through the web portal. SMS message verification will be 384
adopted as a second factor authentication to improve the security. Google Authenticator with QR code will 385
also be provided in the administration panel to allow a higher level of authentication. 386
With two-factor authentication, the full privileges of a subscriber account can only be accessed after two 387
levels’ verification, one is email verification and the other is SMS or Google Authenticator verification. When 388
subscriber wants to perform sensitive operation, such as stopping/restarting DLT network, adding new 389
nodes, two pieces of information—the password and the six-digit verification code that's displayed on 390
Email, SMS or Google Authenticator should be provided together. 391
With a password-only protection mechanism, it is no longer secured enough to protect the account. A two-392
factor authentication adds an extra layer of security, significantly enhances the security of the user ID and 393
all the information stored in the DLT. Once logged in, user will not be asked again for a verification code 394
unless user logs out completely from the DLT or needs to reset the password. 395
396
• Data Encryption 397
Any type of information or digital asset can be stored in a Blockchain regardless of its application. 398
Information stored in the Blockchain is encrypted and digitally signed by the creator to ensure its 399
authenticity and accuracy. Blockchain platform can adopt AES 256 algorithm as symmetric key encryption 400
and RSA 2048 as asymmetric key encryption for the data encryption protection while ECDSA can be applied 401
for digital signature algorithm. The primary benefit brought by elliptic curve cryptography is a smaller key 402
Whitepaper on Distributed Ledger Technology Platform for Business Innovation 12
size which helps to reduce storage and transmission overhead. An elliptic curve cryptography group could 403
promise the same level of security afforded by a RSA-based system with a large modulus and 404
correspondingly larger key. Smart contract for data encryption is also provided for other developers to 405
change encryption mechanism on demand in their own DLT network. Here is the general practice for a data 406
communication activity. 407
1. The network participant uses the pubic key of RSA 2048 algorithm to encrypt the symmetric key of 408
AES 256 algorithm and then uses its ECDSA private key to sign the encrypted data. 409
2. Over the first-time communication, the client sends the encrypted and signed data to the server. 410
The server authenticates the signature first, if it is authentic, then the server uses the private key 411
of RSA 2048 to decrypt the data and get the symmetric key of AES 256 algorithm. 412
3. And then the client uses the AES 256 algorithm to encrypt and operate the subsequent business 413
data communication. 414
The combination of AES 256 and RSA 2048 algorithms enhance the security and promise an approximate 415
impossible decryption of the ciphertext for an unauthorized party over current computational power in the 416
world. 417
418
419 Illustration: Data encryption and decryption process 420
421
In DLT, the blocks’ conjunctions are built with a hash function, which is used to transform data of arbitrary 422
size to data of fixed size. Tiny changes to the data will change the hash value dramatically and in an 423
unpredictable way thus making it impossible to derive the original information from the hash. By facilitating 424
hash mechanism, each transaction is represented by a hash value and the summary of hash values form a 425
Merkle tree. Transaction hashes are appended to the bottom of the Merkle tree as leaf nodes which are 426
built upward until it reaches the top of the tree, called the Merkle root as the final node. Merkle tree not 427
only dramatically enhances the speed of verifying transactions but also reducing the amount of block 428
information required to prove the existence of a transaction within the block [3]. With the combination of 429
cryptography and digital signatures, Blockchain provides proof of identify and authenticity of the creator 430
and that data stored in Blockchain is well protected. 431
13 Whitepaper on Distributed Ledger Technology Platform for Business Innovation
432
• Privacy Preserving 433
Strong data encryption and sufficient access control mechanisms are the necessary elements to protect 434
privacy in a permissioned DLT network. The cryptographic technology will always be needed over time to 435
provide refined protection. The elliptic curve cryptosystem has the property of safeness, high speed in 436
encryption and occupies small space. In addition, sensitive transaction information in a DLT network should 437
be treated with confidentiality, and access to such information should be restricted to authorized parties 438
only. 439
The common practice is to store the hashed value only in the Blockchain. Even one managed to obtain the 440
hashed value from the Blockchain, it is meaningless as it contains only a random representation of the 441
information. With data encryption, digital signature algorithm, key management and three types of 442
certificate management, together with multi-channel support and channel separation which will be 443
explained more in the Appendix section can be applied in Blockchain to ensure data privacy and security at 444
both macro and micro levels. Blockchain also makes use of the hash function as described above to make 445
it extremely difficult to reconstruct the original data as only the hashed value of data is stored in the 446
Blockchain. Even one is managed to decipher the hash value, it is meaningless in its own form as only partial 447
information of the original data is contained in the hash value. 448
The faster quantum computer is a threat to current cryptography world, including Blockchain technology. 449
However, substantial research has been carried out to protect the data safety against this quantum threat. 450
For example, the first quantum-secured Blockchain technology adopting quantum signature to tackle the 451
identity of each participant has been tested in Moscow [10]. 452
453
454
455
456
457
458
459
460
461
462
463
464
Whitepaper on Distributed Ledger Technology Platform for Business Innovation 14
465
466
3. Use Cases 467
The previous chapter provided a high-level overview of DLT. In this chapter, we will describe how business 468
can adopt Blockchain technology and turn it into a business advantage. As shown in the following diagram, 469
Blockchain can be integrated into many industries. There is virtually no limitation for its application. 470
471 Illustration: Blockchain can be integrated into various industries 472
The benefits of distributed ledger ecosystem push the frontier of financial technology into everyday life and 473
extend far beyond the financial and public service sectors. Below are just some of the businesses where 474
Blockchain can overcome the current business issues and make a substantial impact to the business. 475
476
3.1 Property Mortgage Business 477
At present, the property mortgage industry is facing plenty of challenges like long processing time due to 478
manual verification of documents. For example, for a mortgage applicant, it will usually take several days for 479
applicant to receive the application result. In addition, data integrity issues, fraudulent financing and lack of 480
transparency due to lack of standardized contract and data format are commonly exhibited in the current 481
mortgage industry. 482
483
Can current inefficient mortgage process be improved? Blockchain could be a good technology to overcome 484
15 Whitepaper on Distributed Ledger Technology Platform for Business Innovation
these problems. With Blockchain, the processing time can be greatly reduced as all necessary documentation 485
and verification could be retrieved and performed almost instantly. The authenticity of the application can 486
also be verified across the network thus reducing the risk of fault. 487
488
With these advantages of Blockchain for the mortgage industry, it will surely revolutionize the business. The 489
below procedure illustrates how end-to-end process flow of a property mortgage business can be operated 490
assuming MoneySQ as a platform provider: 491
1. Loan applicants/agents submit loan applications via MoneySQ Blockchain web portal. 492
2. Smart contract in Blockchain will review the application for duplicating finance and any fraudulent 493
factors, and alert will be sent out if these factors are found. 494
3. MoneySQ pre-qualification team will check the loan application and update the result, if it is 495
qualified, the applications will flow to Banks. 496
4. Banks retrieve the loan details, pre-qualification result and supporting documents from 497
Blockchain, then make a loan offer or reject the application. 498
5. Loan applicants will get the latest application status update right away. 499
500
The decentralization characteristics of Blockchain combined with business automation would be a major 501
step toward to a more optimized workflow for the property mortgage industry. 502
503
3.2 Manufacturing Business 504
As one of the world’s largest import/export harbor, many enterprises in Hong Kong run their businesses on 505
manufacturing products and selling them all over the world. Supply chain control is an essential business tool 506
for these enterprises. Wholesaler, manufacturer, banks, forwarders are involved globally where banks act as 507
intermediary providing assurance and liquidity services. However, traditional processes involve labor-508
intensive and time-consuming work because of the due diligence checking, and heavily rely on multi-party 509
paper documentation to mitigate business risk. Various consortiums around the globe have carried out 510
different types of proof-of-concept work using Blockchain’s tamper-proof, transparent, decentralized 511
characteristics in attempts to streamline the manual processes for business automation, improving 512
operational efficiency, reducing errors, and increasing convenience for all parties. 513
514
In Blockchain, a pre-defined smart contract could be negotiated and instantiated on the Blockchain system 515
among all supply chain parties. A holistic view of the contract terms for a trade transaction and the flow of 516
goods from manufacturers to wholesalers will allow instant sharing of information thus lowering potential 517
business risk. Here is the main process for a supply chain business. 518
1. Wholesaler and manufacturer agree on a trade transaction on open account terms at a specific 519
date and time. The wholesaler creates a Purchase Order (PO) and sends it to a manufacturer for 520
confirmation. 521
2. The manufacturer prepares the goods based on the PO and notifies forwarder for goods delivery. 522
3. When the goods have been transported to the export terminal and inspected by customs, they are 523
transported by freight to the wholesaler. 524
Whitepaper on Distributed Ledger Technology Platform for Business Innovation 16
4. Once the goods have been well received by the wholesaler, the wholesaler confirms the trade 525
transaction is a success and notifies the bank to remit the money to the manufacturer and then 526
provides invoices, bills of lading and other transport documents to the wholesaler via a document 527
courier. 528
529
In this scenario, manufacturer, wholesaler, clearing agent, customs, forwarder(fright/shipping), bank and 530
retailer can all join in to this platform to build up a complete supply chain ecosystem to generate the network 531
effect. 532
Similarly, for the wine industry, the current challenges are that there are a lot of bogus wine in circulation 533
worldwide. The source of this problem is that there is no central authority or standardized industry practices 534
one can verify the provenance of the wine. The usual way is to rely on an experienced or educated expert 535
to evaluate each wine for signs of authenticity within the wine industry. Examining wine is an expensive and 536
time-consuming practice, and this practice is still a risky maneuver since it is highly subjective to individual’s 537
sense. 538
DLT could help to make the wine verification process in a more objective manner. As an example, imagine 539
there is a DLT platform established in the winery industry, winery, auction house, wholesaler and retailer can 540
all join the platform. Each participant holds a replicated ledger that records all the wine transactions since 541
day one the bottle of wine is sealed. 542
543
544 Illustration: DLT integration with Wine bottle circulation 545
546
As shown in the above figure, starting from the producer, a bottle is assigned a unique digital ID etched in 547
the glass or simply printed on the label when it is created. Every time the winery created a distinct bottle, a 548
transaction record will be logged in the ledger with the winery’s digital signature. When the bottle is sold, 549
the winery as part of that transaction will also give the transaction block information in the ledger to the new 550
owner. As the wine changes hands again and again, the digital ID and transaction block information is passed 551
along, keeping a life history of that wine on the DLT network. 552
Wholesalers, retailer and other industry players would also leave their digital signatures on each wine 553
17 Whitepaper on Distributed Ledger Technology Platform for Business Innovation
transaction. The caretaker that ultimately receives the wine from the retailer will use the retailer’s public 554
key to verify the onchain transaction by scanning the smart tag (either QR Code or NFS) in the bottle. 555
The Blockchain solution allows traceability starting from the manufacturer’s site through transportation 556
to distributor, importers, warehouse, merchants, transporters, auction houses, retailers. All these points 557
can be referred as intermediaries and are completely traceable. 558
559
3.3 Retail Distributor Business 560
Utilizing Blockchain, retail distributor can digitize all the product information and log a permanent record of 561
transactions in order to trace the food products from farms through the whole supply chain. In addition, it 562
also provides a way to capture online consumer who purchases the product for consumer behavior analysis. 563
564 Illustration: DLT based tracking comparing traditional paper-based way in Retail distributor business 565
566
This could prove to be a great business advantage for food safety in the world, when digital information such 567
as farm origin, slaughterhouse, packing and processing record and shipping details are digitally attached to 568
the food product, it will be grouped together and stored in the Blockchain [8]. 569
570
The Blockchain existence in product tracking brings obvious advantages comparing to traditional paper-571
based product tracking system in terms of cost, effectiveness and traceability. Most importantly, the instant 572
share of information of the products will bring the retail distributor a greater convenience for inventory 573
control and capital optimization thus reducing the risk of over stocking at the same time. 574
575
There is an increasing trend that consumers want to know that the ethical claims from the manufacturers 576
about their products are authentic. Blockchain provides an innovative new way to verify that the backstories 577
Whitepaper on Distributed Ledger Technology Platform for Business Innovation 18
of the products we are purchasing are genuine. Transparency and tamper proof will come with Blockchain 578
in terms of timestamp of a date and location on the goods which correspond to a permanent product identity 579
stored in the ledgers. With mass data contained in numerous devices and multiple networks throughout the 580
supply chain, the Internet of Things (IoT) combining with Blockchain technology will create a tamper-proof, 581
distributed filing system and real-time records. 582
583
3.4 Insurance Business 584
The insurance market is another industry which is revolutionizing its old systems and benefiting from the 585
Blockchain technology. Double claiming or lack of trust between insurer and customer are two typical issues 586
in the current industry. Blockchain may overcome these issues with its transparent and trustless 587
characteristics. Transparency prevents the double claiming while trust on technology instead of insurers will 588
bring more confidence to consumers. 589
590
For instance, with an insurance Blockchain platform, passengers simply choose their flight by selecting a 591
destination airport, and the date of their departure. Then they apply for a policy showing the probabilities 592
of flights being delayed more than 30, 60, 120 minutes, or canceled or diverted altogether [9]. 593
594
595 Illustration: Smart contract checks the flight time table and execute the insurance terms automatically 596
597
Blockchain plays two key roles here. Firstly, it maintains an accessible and immutable record of the insurance 598
contract within a smart contract or “smart insurance”. Secondly it serves as a mechanism for triggering the 599
payment to the client once 30, 60 or 120 minutes mark is passed. The payment process is activated 600
automatically by events coded in the smart contract. 601
602
The smart contract is the party that decides if the insurer should indemnify the policy holder and trigger a 603
payment request. The use of a smart contract to trigger claims will add trust in the whole process. Smart 604
contract is basically a program code which will trigger automatically based on pre-defined condition and self-605
19 Whitepaper on Distributed Ledger Technology Platform for Business Innovation
executed the agreement between two or more parties. Smart contracts avoid the delays and expenses 606
incurred by existing paper contracts as well as the intermediaries. With smart contracts, intermediaries can 607
be eliminated thus saving the time and cost. 608
609
3.5 Healthcare Business 610
In the current healthcare industry, there is a substantial amount of duplicated medical tests conducted on 611 patients and isolated treatments history. The source of this problem is that there is no central authority or 612
standardized industry practices that one can verify the provenance of the medical record. 613
614
Blockchain could help to address the interoperability currently present in the health care system. As an 615
example, with a Blockchain platform established in the healthcare industry, hospitals, clinics, and 616
laboratories can all join the platform and access a shared ledger where the source of truth of medical 617
transaction is stored. In addition, the transaction information is encrypted and digitally signed to guarantee 618
its authenticity and accuracy. 619
620
621 Illustration: DLT information sharing center lowers the medical cost 622
623
Every time a piece of medical record is created, a transaction record will be logged in the ledger with the 624
participant’s digital signature and the record is immutable and cannot be changed or removed. When the 625
patient visits another hospital for treatment, the hosting hospital can access the patient’s complete medical 626
records in Blockchain. It will help to provide better treatment and save the medical cost. 627
628
In conclusion, Blockchain platform can be integrated into a wide range of industries. The previous five use 629
cases are just samples of what Blockchain can bring to the industry. It could also play a key role in global 630
application such as personal identity management, property evaluation, digital asset management and so 631
on. 632
633
634
Whitepaper on Distributed Ledger Technology Platform for Business Innovation 20
635
636
4. Governance and Regulation 637
It is unavoidable that with any introduction of new technology, it also brings in new types of risk, and DLT 638
is no difference. For instance, denial of access or denial of service attacks and other cyber-attacks may still 639
happen in DLT and cause its operation to fail. It is of paramount important that proper governance and 640
regulation are established if DLT is to be successfully implemented [3]. 641
642
4.1 Roles and responsibilities 643
Different groups of people are involved in DLT networks. They can be grouped by their functions with 644
different roles and responsibilities. 645
646
4.2 Developers 647
Developers are responsible for implementing the DLT smart contract to represent business flow, including 648
setting up endorsement policies and putting rules in place. 649
650
In addition, developers should ensure that the changed source code is adequately tested and passed the 651
User Acceptance Test (UAT). Importantly, proper software documentations must be version controlled and 652
kept updated to ensure that ongoing systems operation and support can be carried out by DLT operators 653
smoothly. 654
655
4.3 Operators 656
Operators must be capable of overseeing the operational status of the DLT network. Any attack attempt 657
to alter the transaction history or inject malicious transactions should be proactively alerted and identified 658
by other peers. All this information will also be logged and summarized in a bird eyes’ view in DLT dashboard. 659
Operators should be aware of the warning appearing on the dashboard and investigate the system logs for 660
further information. 661
662
Operators should also have the capability of conducting business continuity planning, disaster recovery, 663
closely follow the conduct codebook on adding, deleting and revoking new nodes in the DLT network. 664
665
4.4 Users 666
Users of DLT network plays an important role in making the DLT network alive and operational by 667
conducting different kinds of transactions in the network [3]. 668
669
A private key represents the user identity in the public network, specifically, the ownership of digital assets. 670
The private key usually should be presented when transferring asset to others, storing them or its 671
alternative key phrase in an offline place, or called “cold storage” such as a USB device or paper is a good 672
practice. Identity thefts or other perpetrators often choose the online private key storage, i.e. hot wallet, as 673
21 Whitepaper on Distributed Ledger Technology Platform for Business Innovation
the first choice of attack. Users should bear in mind that safely and securely storing of the private key is the 674
only way for anti-theft and asset protection. 675
676
4.5 Report and audit 677
Reporting and auditing of financial activities are the key aspects of regulation by overseers. In reality, the 678
financial institutions have the obligation to prepare reports on a regular or ad hoc basis. DLT enables 679
regulators or auditors to directly access transactional information stored on the DLT through supervisor 680
node for monitor or governance purpose in a near real-time fashion. Regulatory reporting and financial 681
reporting (e.g. the filing of tax returns) can be made possible through the supervisor node [4]. 682
683
4.6 Regulatory compliance 684
Financial and banking stability and sustainability are the most important objectives of all regulatory 685
authorities. The increasing adoptions and applications of DLT are dramatically attracting attentions by the 686
regulatory authorities. 687
688
In general, principles for technology business continuity planning, disaster recovery, risk management and 689
other relevant guidelines are equally applicable in DLT implementation and deployment. In addition, the 690
decentralization and multi-geography nature of DLT platforms make the regulatory compliance issues more 691
complex. However, DLT is still evolving and in a not too distant future, we believe there will be a more 692
standardization on the governance model and regulatory guideline. 693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
Whitepaper on Distributed Ledger Technology Platform for Business Innovation 22
712
713
5. Conclusion 714
This paper provides a description of Blockchain technology and how it could revolutionize the way business 715
is conducted today. It also reveals some business innovation with use cases employing Blockchain 716
technology to streamline the business workflow and possible collaboration amongst partners to create an 717
ecosystem that could benefit all participants. As Blockchain can provide a distributive, permanent ledger 718
that is immutable, transparent and securely record transactions, it can apply to virtually any industry such 719
as Banking and Financial payments, Supply Chain, Insurance, Health Care, Transportation, Retails and Real 720
Estate. 721
Internet connects people while Blockchain connects people with trust and privacy. Big data on cloud 722
provides a fertile soil to digital marketing and AI to grow, while Smart Contract makes innovative business 723
model possible. To consumer, applications integrated with Blockchain technology can provide a seamless 724
operation and a whole new user experience. Organizations adopting Blockchain can take full advantage of 725
it and create a business advantage by exploiting its feature like security, authenticity, trust and 726
instantaneous data access. 727
We hope that organizations who are new or planning to explore Blockchain will now have a better 728 understanding of Blockchain and what advantages it can bring to your business. 729
MoneySQ Blockchain Limited uses Blockchain technology to develop the first business DLT platform in Hong 730 Kong, named “trustME”. Through tight collaboration with Microsoft cloud system expert, Deloitte as the 731
Blockchain implementation leader and Hong Kong Applied Science and Technology Research Institute 732
(ASTRI) Blockchain team to provide the best practices, knowledge and processes on system security, 733
technical advisory and platform architecture design. With this close consortium, trustME creates an 734
ecosystem that is built with a permissioned DLT network in such a way that data privacy and security 735
requirements are enacted allowing business to run their critical applications knowing that the platform is 736
secured, transparent, trusted, immutable and provide operation efficiency. MoneySQ believes its works 737
will go towards supporting the development of Guangdong-Hong Kong-Macao Greater Bay Area and 738
provides SMEs in China, Taiwan and Hong Kong to transform their business with Blockchain technology. 739
740
741
742 743
23 Whitepaper on Distributed Ledger Technology Platform for Business Innovation
744 745
6. Reference 746
1 See “Bitcoin: A Peer-to-Peer Electronic Cash System” at https://bitcoin.org/bitcoin.pdf 747 2 See “Coin Market Capitalizations | CoinMarketCap” at https://coinmarketcap.com/coins/ 748 3See “Whitepaper on Distributed Ledger Technology” at 749 http://www.hkma.gov.hk/media/eng/doc/key-functions/finanical-750 infrastructure/Whitepaper_On_Distributed_Ledger_Technology.pdf 751 4See “Whitepaper 2.0 on Distributed Ledger Technology” at 752 http://www.hkma.gov.hk/media/eng/doc/key-functions/finanical-infrastructure/infrastructure/20171025e1a1.pdf 753 5See “Forward Together: Three ways Blockchain Explorers chart a new direction.” IBM Institute for Business Value. May 754 2017. at https://www-935.ibm.com/services/studies/csuite/blockchain/ 755 6 See “Hyperledger Fabric Official Document” at http://fabrictestdocs.readthedocs.io/en/latest/ 756 7 See “[Hyperledger-fabric] multichannel consensus and subledgers” at 757 https://lists.hyperledger.org/pipermail/hyperledger-fabric/2016-October/000389.html 758 8 See “China: IBM and Walmart use Blockchain technology to track pork” at 759 http://www.fleischwirtschaft.de/economy/news/China-IBM-and-Walmart-use-Blockchain-technology-to-track-pork-33638 760 9 See “Ethereum Within the Insurance Industry - ETHNews.com” at 761 https://www.ethnews.com/ethereum-within-the-insurance-industry 762 10 See “First Quantum-Secured Blockchain Technology Tested in Moscow - MIT Technology Review” at 763 https://www.technologyreview.com/s/608041/first-quantum-secured-blockchain-technology-tested-in-moscow/ 764 765 766 767
768
Whitepaper on Distributed Ledger Technology Platform for Business Innovation 24
769
770
Appendix – Enterprise Level Blockchain Application Practice 771
The business ready Blockchain platform needs to cater for the full life cycle (develop, administration 772
and operate) of a multi entities DLT network. It is designed to achieve enterprise levels of security, data 773
atomic, scalability, and high availability to meet business demanding from different industries. 774
775
776 System Architecture Overview 777
The system architecture at the enterprise platform level requires robustness, scalability and seamless 778 integration. Blockchain platform has taken all these design principles into account. The diagram below 779
illustrates the system architecture of permissioned Blockchain platform. 780
781
782 Illustration: System architecture of Blockchain Platform 783
784
• Interface Layer - Enables clients and business applications to run on top of Blockchain via 785 Application Programming Interface (API). 786
• Service Layer – Enables new nodes or organizations’ enrollment, registration, revocation 787
procedures during network operation. Also, it is responsible for the management of various 788
policies specified in the network, such as the endorsement policy and account management 789
policy. 790
• Block Layer - Responsible for reaching an agreement on the correctness, the order, and the 791
confirming the group of transactions that constitute a block. 792
• Resource Layer - Responsible for scheduling resource for each node’s run time environment 793 overhead, world state, history and index data storage. 794
795
Permissioned Blockchain platform grants the data access rights only to the related parties to retrieve 796
25 Whitepaper on Distributed Ledger Technology Platform for Business Innovation
sensitive data by adding multiple channel feature. In addition, a large enterprise may own multiple ledgers, 797
one for each business unit for example. This isolation of peers and ledger in the form of segregated channels 798
allows network participants who prefer private and confidential transactions to coexist with potential 799
business competitors on the same Blockchain network [6]. For many enterprises and financial institutes, 800
permissioned Blockchain can meet these business requirements which are not possible with public 801
Blockchain platform. In addition, using cloud services is recommended since cloud environments allow 802
enterprises to shift from a highly centralized operating model to a secure ecosystem model. 803
804 Multi-Channel Support and Channel Separation 805 806
Inspired by the concept of publish-subscription messaging queue, a channel is like a topic that restricted 807
peers may subscribe to and become participants of the channel. Only participants of a channel may transact 808
on that channel, and transactions on a channel are not visible on the other channels. 809
810
Permissioned Blockchain extends the channel management setting and supports multiple co-existing 811
channels in a Blockchain network with a tailor-made ledger per channel for data protection and isolation 812 [7]. This feature allows for multilateral contracts where only the authorized participants with a certificate on 813
the channel can submit proposal, endorse, order, or commit transactions on that channel. As a result, a single 814
peer can maintain multiple ledgers without sacrificing privacy and confidentiality. 815
816
817 Illustration: Multi-channel and channel separation 818
819 As shown above, Peer 1, 2, and N subscribe to the red channel and operate the corresponding red ledgers 820
among them. Peer 1 and N subscribe to the green channel and operate the green ledger with the absence 821
of Peer 2 because it is not in the green channel. Peer 2 and N are in the yellow channel and operate the 822
yellow ledger without the attendance of Peer 1. 823
824
Its consensus mechanism is also unique. Instead of implementing consensus on a system level, consensus is 825
implemented at individual level. Different types of consensus are supported. However, transactions are 826
Whitepaper on Distributed Ledger Technology Platform for Business Innovation 26
validated only by designated validating nodes. 827
828 In practice, business logic may be transformed into applications, which constitute business agreements in 829
the form of smart contracts. DLT serves as the platform where the smart contracts can be executed. The 830
agreement is endorsed, validated and stored in the ledger, then executed in DLT’s secure environment by 831
designated peers on the segregated channels. 832