whitepaper on distributed ledger technology platform for ... · whitepaper on distributed ledger...

Commissioned by MoneySQ Blockchain Limited

1 2

Whitepaper on Distributed 3

Ledger Technology Platform 4

for Business Innovation 5

June 2018 6

7

8

1 Whitepaper on Distributed Ledger Technology Platform for Business Innovation

9 10

Table of Contents 11

1. Executive Summary ......................................................................................................................... 4 12

2. Distributed Ledger Technology Overview ....................................................................................... 6 13

2.1 Introduction of Distributed Ledger Technology ....................................................................... 6 14

2.2 Powering Business by Blockchain ............................................................................................ 7 15

• Simplify Business Process ........................................................................................................ 7 16

• Identify Trusted Business Partners .......................................................................................... 7 17

• Seize Business Opportunity ..................................................................................................... 8 18

2.3 Business Implications ............................................................................................................... 8 19

• Fraud Detection ........................................................................................................................ 8 20

• Double Spending ...................................................................................................................... 8 21

• Traceability ............................................................................................................................... 9 22

• Business Collaboration .............................................................................................................. 9 23

• Ecosystem ................................................................................................................................ 9 24

• Process Automation .................................................................................................................. 9 25

2.4 Security and Data Privacy ...................................................................................................... 10 26

• Key Management .................................................................................................................. 10 27

• Certificate Authority .............................................................................................................. 10 28

• Enrollment Certificate Authority ........................................................................................... 11 29

• Transaction Certificate Authority .......................................................................................... 11 30

• TLS Certificate Authority ....................................................................................................... 11 31

• Identity Management ............................................................................................................ 11 32

• Data Encryption ..................................................................................................................... 11 33

• Privacy Preserving ................................................................................................................. 13 34

3. Use Cases....................................................................................................................................... 14 35

3.1 Property Mortgage Business ................................................................................................. 14 36

3.2 Manufacturing Business ........................................................................................................ 15 37

3.3 Retail Distributor Business ..................................................................................................... 17 38

3.4 Insurance Business ................................................................................................................. 18 39

3.5 Healthcare Business ............................................................................................................... 19 40

4. Governance and Regulation .......................................................................................................... 20 41

4.1 Roles and responsibilities ...................................................................................................... 20 42

4.2 Developers ............................................................................................................................. 20 43

Whitepaper on Distributed Ledger Technology Platform for Business Innovation 2

4.3 Operators ............................................................................................................................... 20 44

4.4 Users ...................................................................................................................................... 20 45

4.5 Report and audit .................................................................................................................... 21 46

4.6 Regulatory compliance ............................................................................................................ 21 47

5. Conclusion ..................................................................................................................................... 22 48

6. Reference ...................................................................................................................................... 23 49

Appendix – Enterprise Level Blockchain Application Practice.............................................................. 24 50 51 52 53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83


This page intentionally left blank 84

85

86

87

88

89

90

91

92

93

94

95

96

97

98

99

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123


124

125

1. Executive Summary 126

In 2008, a Distributed Ledger Technology (DLT) was conceptualized in a paper titled “Bitcoin: A Peer-to- 127

Peer Electronic Cash System” [1]. The paper suggested how some mature technologies, such as 128

decentralized peer-to-peer networks, asymmetric-key cryptography, hashing algorithms and Byzantine 129

Fault Tolerance design, could be chained together to form a database that put records in a block in a 130

disruptive fashion. In January 2009, the first Bitcoin system which was built on the DLT, made its advent in 131

“a system for electronic transactions without relying on trust” [1]. Since then, DLT is gaining popularity and 132

adoption by various types of industry as DLT supports distributed databases and enables participants to 133

store and share information in a secure manner [4]. 134

DLT allows network databases to interact with each other smoothly and securely without a central party 135 from which each participating party seeks acknowledgement. It is with this versatility, traceability, 136

decentralization, transparency and efficient sharing of data that DLT transforms the way organizations 137

conduct and deliver their businesses. The DLT’s revolution introduces huge impact to the information 138

world. First of all, digital currencies built on DLT use decentralized control to exchange digital assets and 139

transform the society into a cashless one. The total digital currency market value has reached more than 140

$370 billion in December 6, 2017 according to Coinmarketcap.com data [2]. This figure has surpassed the 141

stock market value of JPMorgan Chase, the largest bank in the United States, with approximately $366.8 142

billion value on that day. 143

In Hong Kong, the Hong Kong Monetary Authority(HKMA) had conducted a research on DLT and released 144

the Whitepaper 1.0 [3] and Whitepaper 2.0 [4] on Distributed Ledger Technology in November 2016 and 145

October 2017 respectively, aware of the potential use of DLT in the banking sector and public service sector 146

in the future, and burnishing Hong Kong’s credentials as a global trading hub with its development of proof-147

of-concept prototypes for property evaluation, trade finance and digital identity management using DLT. 148

MoneySQ Blockchain Limited, is a pioneer in Hong Kong to launch a business platform supported by 149

Blockchain technology called, "trustME". It is a breakthrough business platform, which supports the 150

development of Guangdong-Hong Kong-Macao Greater Bay Area and provides SMEs in China, Taiwan and 151

Hong Kong with the opportunities of using Blockchain technology. There is a significant development and 152

commercialization on the Blockchain initiatives, training, certification and applications aiming to allow 153

business to take advantage of this technology to create a more robust and secured application that serve 154

both private and public users by lowering uncertainty and improving trust among the society. As such, 155

MoneySQ has commissioned the Hong Kong Applied Science and Technology Research Institute (ASTRI) to 156

conduct a research project on how Blockchain technology is shaping the business model and challenge 157

organization to rethink and transform their businesses. 158

This whitepaper aims to bring out the impact of DLT technology on business and how it can utilize the 159

unique characteristics of DLT to gain a competitive edge. We use this whitepaper to introduce Blockchain 160

technology and demonstrate some real-life use cases. Chapter 2 provides a broad overview of DLT and its 161

association with Blockchain. It illustrates the design, collaboration model, business implication and 162

opportunity when adopting DLT technology for business. Chapter 3 describes five use cases based on 163

https://www.cnbc.com/quotes/?symbol=JPM

https://en.wikipedia.org/wiki/List_of_largest_banks_in_the_United_States

http://www.hkma.gov.hk/


Blockchain technology in property mortgage, manufacturing, Supply Chain distribution, insurance and 164

healthcare businesses. Chapter 4 addresses the necessary governance and regulatory requirements along 165

with the roadmap for the future of Blockchain technology. The paper concludes with the reflection on how 166

Blockchain is disrupting the current business model by offering a higher-security and transparency platform 167

that transforms the way business is conducted. 168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188


189

190

2. Distributed Ledger Technology Overview 191

2.1 Introduction of Distributed Ledger Technology 192

Distributed Ledger Technology (DLT) is a computer system that utilizes advanced cryptographic 193

technology and peer-to-peer distributed networks to create secure, collaborative and reliable applications 194

in a cost-efficient and trustworthy manner [3]. This technology plays a critical role in various applications 195

such as digital currency and payment systems, identity management, asset ownership, contract 196

automation, digital rights management, and healthcare management etc. It is considered a disruptive 197

financial technology (FinTech) that can potentially cut out some expensive costs in the legacy computer 198

systems and provide process automation and information digitization. The relationship of DLT and 199

Blockchain is illustrated in the following diagram where Blockchain is a subset of DLT. 200

201 202

Illustration: Relationship of Distributed Database, DLT, Blockchain and Permissioned Blockchain 203

Blockchain technology has the potential to redefine enterprise ecosystems and economies. In 2017, 33% 204

of organizations already active on Blockchain are experimenting with a business model that connects 205

people, resources and organizations in an ecosystem [5]. Many organizations are learning and 206

experimenting this technology by connecting multiple entities across multiple processes. 207

Blockchain is a distributed ledger that is used to maintain a continuously growing list of records, called 208

blocks. Each block contains a timestamp and a link to the previous block. By its nature, Blockchains are 209

inherently resistant to modification of data once they are recorded. The data stored in any given block 210

cannot be altered retroactively without the alteration of all subsequent blocks and a collusion of the 211

network majority nodes, thus making it a viable solution for decentralized database and applications. 212

213


2.2 Powering Business by Blockchain 214

• Innovate Business Process 215

Prestigious organizations that have dived into Blockchain area from prototype research to real-world 216

practice are surprised to find that in order to implement a Blockchain project, it requires a high degree of 217

planning, internal lobbying, re-engineering of business process and substantial effort to make it a success. 218

Like any other new technologies, for any organizations to engage in Blockchain, they need to identify the 219

key objectives, focus on the real demand from users, agree on the business workflow, start from small 220

scale, and take into account the governance and regulatory issues. Although the key objectives may be 221

similar from cost reduction, process automation to workflow performance improvement, the potential 222

friction may still arise from time to time. Collaboration is needed between multiple organizations, from 223

business line to technology division. Leaders need to consider how they can work together for greater 224

mutual benefits. 225

New technology deployment always involves changing of current systems. Legacy system owners or 226

operators may be reluctant to change. Blockchain systems can run side by side with legacy systems and 227

replace them only after the expected Return of Investment(ROI) is realized. 228

• Identify Trusted Business Partners 229

What value a partner can bring to the Blockchain network should be evaluated carefully because not all 230

partners will bring positive contributions to the network. Does the candidate partner possess the 231

ownership of the source? Will it become a barrier if this partner is not involved in the Blockchain network? 232

What value will it gain from the network? The critical success factor is to have a mutual understanding and 233

agreement before the collaborative network is formed. 234

Although it is tempting to turn to your most trusted partners, however, it may not always be necessary. 235

Increasing the level of trust between organizations is precisely what Blockchain is designed to do even 236

without the traditional business collaboration with the existing trusted partners. Six in ten organizations 237

that are already active in Blockchains expect the technology to increase transparency and trust in data and 238

transactions [5]. 239

In Blockchain, no single organization is granted supreme control of the network. The privileges to access 240 the data in Blockchain are equally or evenly assigned among all the predefined organizations. No 241 organization needs to trust any organization in the network as every organization bears the same goal in 242 mind: every organization has control but no organization is in total control. 243

The trustless trust in Blockchain is achieved by the technology instead of relying on any specific 244

organization’s providing trust of safety, correctness or consistency. The trust in Blockchain network is 245 native, in other words, Blockchain network itself creates the trusts by the technology by default. 246

247


• Seize Business Opportunity 248

Every new venture represents both a challenge and an opportunity. Embarking a Blockchain business 249

network is no exception. Organizations need to examine their existing business flow to gain the most 250

benefits from the Blockchain projects. Here are some common questions that organizations may ask. 251

How can I transform the current business rules to build up an ecosystem? How can I resolve arguments 252

among partners? How can I encourage different parties to collaborate smoothly? How can I establish trust 253

in transactions and processes? 254

How organizations incentivize other industry players to join the network to create a global ecology system? 255

What value will the new entrant brings? Governance and regulation on the Blockchain network should be 256

established and amended accordingly as the business expands. The roles and responsibilities for each 257

organization, especially for data privacy and sharing, should also be considered. 258

259

Blockchain platform grants the data access rights only to the related parties to retrieve sensitive data by 260

adding multiple channel feature. In addition, a large enterprise may own multiple ledgers, one for each 261

business unit for example. This isolation of peers and ledger in the form of segregated channels allows 262

network participants who prefer private and confidential transactions to coexist with potential business 263

competitors on the same Blockchain network [6]. For many enterprises and financial institutes, permissioned 264

Blockchain can meet these business requirements which are not possible with public Blockchain platform. 265

In addition, using cloud services is recommended since cloud environments allow enterprises to shift from 266

a highly centralized operating model to a secure ecosystem model. 267

268

2.3 Business Implications 269

Below sections illustrate how the characteristics of DLT such as tamper-resistant, transparency and 270

decentralization can facilitate some business implications. 271

272

• Fraud Detection 273

The tamper-resistant characteristic of DLT could inspire logging key information in an unalterable block to 274

enable fraud detection in sorts of scenarios. For example, the personal information or organization 275

information could be pinned into the digital asset transaction, every spending of the digital asset could 276

come along with the payer’s digital signature, monitoring the clear path of this digital asset circulation such 277

that any fraud could be detected. 278

279

• Double Spending 280

Double spending means spending the same digital assets more than once in digital asset world. DLT 281

provides the power to prevent such double spending issue by its transparency characteristic. Since all the 282

asset transactions are witnessed and verified by all the participants in DLT, nobody can spend the same 283

asset more than once. 284

In traditional fiat currency systems, there is some counterfeit money which carry the same serial number 285


as the real one. In this scenario, the “double-spending” of this piece of counterfeit paper money is double 286

spending the “serial number”, which is hard to be figured out by community. DLT opens a door for the 287

world on how it can help to change the currency issuing and circulation business. 288

289

• Traceability 290

Essentially, Blockchain is a shared and distributed database system that every participant in the network 291

can witness and update. As such no individual participant can change the history of any logged transaction, 292

interrupt the flow of transactions, or unfairly manipulate the order of transactions. All actions or events 293

could be traced or retrieved from the ledgers which preserve an ultra-origin source for possible disputes 294

resolution. 295

296

• Business Collaboration 297

DLT can be used in cross-department business collaboration to make the process more accountable and 298

auditable. With the unique feature of DLT where the most up to date information is done in real time and 299

secured across the entire network, different business department can share the same information or 300

perform verification to reduce potential business risk. In addition, as all transactions are traceable; it will 301

greatly facilitate and reduce audit effort. For example, an employee can submit a procurement form to the 302

DLT and DLT will notify his supervisor to approve it. If the supervisor approves the application, it will go to 303

next level management approval. If not, the form will be rejected and sent back to the applicant. All these 304

actions are recorded into Blockchain no matter how many levels in the approval system, it will bring simple 305

way for risk management or audit department to trace all the records. 306

307

• Ecosystem 308

DLT ecosystem involves two types of DLT platform: permissionless and permissioned. The former type is 309

operated by public nodes, and is open to anyone. The typical representative is Bitcoin platform which 310

debuted as a digital currency and payment system since 2008. The latter type, which has as an example of 311

the Hyperledger Fabric [7] version 1.0 from the Linux Foundation in which only authorized nodes can join 312

the network and thus supports higher throughput, faster, and more secure transactions. 313

In permissionless platforms, more digital currencies are created for payment or asset exchange and fork of 314

major chains such as Bitcoin or Ethereum is emerging on the market that contribute to the rapid growth of 315

this DLT ecosystem. A continuous effort is made to improve the transaction throughput to cater for such 316

a rapid transaction demand. These permissionless platforms inspire business implications on how to use 317

them in variety of digital payment methods. 318

In permissioned platforms, using a Blockchain implementation as a media for secured sharing of 319

information attracts plenty of attentions in many industries. Different permissioned platforms focusing on 320

different characteristics of DLT as emerged on the market are to fulfill different business requirements. 321

322

• Process Automation 323

One of the best things about Blockchain is that it could be used for process automation in the form of smart 324 contracts (a.k.a self-executing contracts or Blockchain contracts). In this way, contracts could be converted 325


into computer programs, stored and replicated on the DLT system and supervised by the entire network. 326

This help participating parties to exchange information, asset in a transparent, automated, fairly, conflict-327

free way without a third-party involvement thus correlate to the decentralization characteristic of DLT. 328

Take an example of a car rental business between two parties. The deal agreement and delivery date could 329

be stored in smart contract. After payment by cryptocurrency, the borrower gets a receipt and the digital 330

entry key which comes by a specified date. If the key doesn’t come on time, the smart contract releases a 331

refund. If the key and fee are both ready, smart contract sends the fee to lender and key to borrower 332

respectively when the rental date arrives. The smart contract works on the If-Then condition and is 333

validated and witnessed by all the DLT network participants, so a faultless delivery can be expected. 334

335

2.4 Security and Data Privacy 336

337

The security feature of Blockchain can be viewed at both macro and micro levels. At the macro level, 338

Blockchain network is a peer-to-peer (p2p) network covering large geographical area with many 339

collaborating peers. Failure of some peers will not affect the whole Blockchain network within the tolerance 340

threshold level configured by the specific consensus algorithm. The process of logging new transactions to 341

the ledger needs to perform a consensus endorsing mechanism, which can prevent malicious entities from 342

logging forged transactions into blocks [3]

. 343

At the micro level, Blockchain platform uses hash technology to detect any alteration made to the original 344 data. Hash function is a mathematical unidirectional function which summarizes the raw data, no matter 345

how large it is, to generate a fixed-size short data named “hash value”. Any alteration on the source data 346

will cause its hash value to change correspondingly. Key cryptography technologies such as Advanced 347

Encryption Standard (AES), Rivest Shamir Adleman (RSA) and Elliptic Curve Cryptograph (ECC) algorithms 348

are also applied to encrypt and sign the data exchange through the Blockchain network. 349

Below sections illustrate a permissioned Blockchain platform security design in general. 350

351

• Key Management 352

A permissioned DLT platform has two major roles: controlling access to the network and the content of 353

each transaction. These two roles usually require a membership service provider and a cryptographic key 354

manager. A membership service provider controls the admission of members to the network. A 355

cryptographic key manager controls key generation, distribution, usage and storage. If transactions in the 356

network are encrypted, the cryptographic key manager, together with the membership service provider, 357

determines which users will be granted rights of access to the transactions in plain form [3]

. 358

359

• Certificate Authority 360

The Certificate Authority (CA) provides two different certificate services to DLT users, including user 361

enrollment, transaction certificate authority and TLS-secured connections between users or components 362

of the Blockchain, from front-end to back-end. 363

364


365

• Enrollment Certificate Authority 366

The enrollment certificate authority (ECA) [6] supports new users to register with the DLT network and 367

enables registered users to request an enrollment certificate for data signing with Elliptic Curve Digital 368

Signature Algorithm (ECDSA) providing the public keys to be embedded in the certificates. 369

370

• Transaction Certificate Authority 371

The transaction certificate authority(TCA) [6] enables network participants to bind every transaction with a 372

temporary pseudonymous credential, such that other participants can only infer the temporary identity 373

from the transaction and the origin identity may not be leaked. The activity or transaction history of the 374

members can be separated from each other by issuing a temporary or one-time credential. 375

376

• TLS Certificate Authority 377

In addition to enrollment and transaction certificates, users will need the Transport Layer Security (TLS) 378

certificates to secure their communication channels. TLS certificates can be requested from the TLS 379

certificate authority (TLSCA). 380

381

• Identity Management 382

Two-factor authentication can be used for identity management. For example, mobile phone number will 383

be a compulsory field upon account registration through the web portal. SMS message verification will be 384

adopted as a second factor authentication to improve the security. Google Authenticator with QR code will 385

also be provided in the administration panel to allow a higher level of authentication. 386

With two-factor authentication, the full privileges of a subscriber account can only be accessed after two 387

levels’ verification, one is email verification and the other is SMS or Google Authenticator verification. When 388

subscriber wants to perform sensitive operation, such as stopping/restarting DLT network, adding new 389

nodes, two pieces of information—the password and the six-digit verification code that's displayed on 390

Email, SMS or Google Authenticator should be provided together. 391

With a password-only protection mechanism, it is no longer secured enough to protect the account. A two-392

factor authentication adds an extra layer of security, significantly enhances the security of the user ID and 393

all the information stored in the DLT. Once logged in, user will not be asked again for a verification code 394

unless user logs out completely from the DLT or needs to reset the password. 395

396

• Data Encryption 397

Any type of information or digital asset can be stored in a Blockchain regardless of its application. 398

Information stored in the Blockchain is encrypted and digitally signed by the creator to ensure its 399

authenticity and accuracy. Blockchain platform can adopt AES 256 algorithm as symmetric key encryption 400

and RSA 2048 as asymmetric key encryption for the data encryption protection while ECDSA can be applied 401

for digital signature algorithm. The primary benefit brought by elliptic curve cryptography is a smaller key 402

https://en.wikipedia.org/wiki/Key_size


size which helps to reduce storage and transmission overhead. An elliptic curve cryptography group could 403

promise the same level of security afforded by a RSA-based system with a large modulus and 404

correspondingly larger key. Smart contract for data encryption is also provided for other developers to 405

change encryption mechanism on demand in their own DLT network. Here is the general practice for a data 406

communication activity. 407

1. The network participant uses the pubic key of RSA 2048 algorithm to encrypt the symmetric key of 408

AES 256 algorithm and then uses its ECDSA private key to sign the encrypted data. 409

2. Over the first-time communication, the client sends the encrypted and signed data to the server. 410

The server authenticates the signature first, if it is authentic, then the server uses the private key 411

of RSA 2048 to decrypt the data and get the symmetric key of AES 256 algorithm. 412

3. And then the client uses the AES 256 algorithm to encrypt and operate the subsequent business 413

data communication. 414

The combination of AES 256 and RSA 2048 algorithms enhance the security and promise an approximate 415

impossible decryption of the ciphertext for an unauthorized party over current computational power in the 416

world. 417

418

419 Illustration: Data encryption and decryption process 420

421

In DLT, the blocks’ conjunctions are built with a hash function, which is used to transform data of arbitrary 422

size to data of fixed size. Tiny changes to the data will change the hash value dramatically and in an 423

unpredictable way thus making it impossible to derive the original information from the hash. By facilitating 424

hash mechanism, each transaction is represented by a hash value and the summary of hash values form a 425

Merkle tree. Transaction hashes are appended to the bottom of the Merkle tree as leaf nodes which are 426

built upward until it reaches the top of the tree, called the Merkle root as the final node. Merkle tree not 427

only dramatically enhances the speed of verifying transactions but also reducing the amount of block 428

information required to prove the existence of a transaction within the block [3]. With the combination of 429

cryptography and digital signatures, Blockchain provides proof of identify and authenticity of the creator 430

and that data stored in Blockchain is well protected. 431

https://en.wikipedia.org/wiki/Key_size

https://en.wikipedia.org/wiki/Level_of_security

https://en.wikipedia.org/wiki/RSA_(cryptosystem)

https://en.wikipedia.org/wiki/Data_(computing)


432

• Privacy Preserving 433

Strong data encryption and sufficient access control mechanisms are the necessary elements to protect 434

privacy in a permissioned DLT network. The cryptographic technology will always be needed over time to 435

provide refined protection. The elliptic curve cryptosystem has the property of safeness, high speed in 436

encryption and occupies small space. In addition, sensitive transaction information in a DLT network should 437

be treated with confidentiality, and access to such information should be restricted to authorized parties 438

only. 439

The common practice is to store the hashed value only in the Blockchain. Even one managed to obtain the 440

hashed value from the Blockchain, it is meaningless as it contains only a random representation of the 441

information. With data encryption, digital signature algorithm, key management and three types of 442

certificate management, together with multi-channel support and channel separation which will be 443

explained more in the Appendix section can be applied in Blockchain to ensure data privacy and security at 444

both macro and micro levels. Blockchain also makes use of the hash function as described above to make 445

it extremely difficult to reconstruct the original data as only the hashed value of data is stored in the 446

Blockchain. Even one is managed to decipher the hash value, it is meaningless in its own form as only partial 447

information of the original data is contained in the hash value. 448

The faster quantum computer is a threat to current cryptography world, including Blockchain technology. 449

However, substantial research has been carried out to protect the data safety against this quantum threat. 450

For example, the first quantum-secured Blockchain technology adopting quantum signature to tackle the 451

identity of each participant has been tested in Moscow [10]. 452

453

454

455

456

457

458

459

460

461

462

463

464


465

466

3. Use Cases 467

The previous chapter provided a high-level overview of DLT. In this chapter, we will describe how business 468

can adopt Blockchain technology and turn it into a business advantage. As shown in the following diagram, 469

Blockchain can be integrated into many industries. There is virtually no limitation for its application. 470

471 Illustration: Blockchain can be integrated into various industries 472

The benefits of distributed ledger ecosystem push the frontier of financial technology into everyday life and 473

extend far beyond the financial and public service sectors. Below are just some of the businesses where 474

Blockchain can overcome the current business issues and make a substantial impact to the business. 475

476

3.1 Property Mortgage Business 477

At present, the property mortgage industry is facing plenty of challenges like long processing time due to 478

manual verification of documents. For example, for a mortgage applicant, it will usually take several days for 479

applicant to receive the application result. In addition, data integrity issues, fraudulent financing and lack of 480

transparency due to lack of standardized contract and data format are commonly exhibited in the current 481

mortgage industry. 482

483

Can current inefficient mortgage process be improved? Blockchain could be a good technology to overcome 484


these problems. With Blockchain, the processing time can be greatly reduced as all necessary documentation 485

and verification could be retrieved and performed almost instantly. The authenticity of the application can 486

also be verified across the network thus reducing the risk of fault. 487

488

With these advantages of Blockchain for the mortgage industry, it will surely revolutionize the business. The 489

below procedure illustrates how end-to-end process flow of a property mortgage business can be operated 490

assuming MoneySQ as a platform provider: 491

1. Loan applicants/agents submit loan applications via MoneySQ Blockchain web portal. 492

2. Smart contract in Blockchain will review the application for duplicating finance and any fraudulent 493

factors, and alert will be sent out if these factors are found. 494

3. MoneySQ pre-qualification team will check the loan application and update the result, if it is 495

qualified, the applications will flow to Banks. 496

4. Banks retrieve the loan details, pre-qualification result and supporting documents from 497

Blockchain, then make a loan offer or reject the application. 498

5. Loan applicants will get the latest application status update right away. 499

500

The decentralization characteristics of Blockchain combined with business automation would be a major 501

step toward to a more optimized workflow for the property mortgage industry. 502

503

3.2 Manufacturing Business 504

As one of the world’s largest import/export harbor, many enterprises in Hong Kong run their businesses on 505

manufacturing products and selling them all over the world. Supply chain control is an essential business tool 506

for these enterprises. Wholesaler, manufacturer, banks, forwarders are involved globally where banks act as 507

intermediary providing assurance and liquidity services. However, traditional processes involve labor-508

intensive and time-consuming work because of the due diligence checking, and heavily rely on multi-party 509

paper documentation to mitigate business risk. Various consortiums around the globe have carried out 510

different types of proof-of-concept work using Blockchain’s tamper-proof, transparent, decentralized 511

characteristics in attempts to streamline the manual processes for business automation, improving 512

operational efficiency, reducing errors, and increasing convenience for all parties. 513

514

In Blockchain, a pre-defined smart contract could be negotiated and instantiated on the Blockchain system 515

among all supply chain parties. A holistic view of the contract terms for a trade transaction and the flow of 516

goods from manufacturers to wholesalers will allow instant sharing of information thus lowering potential 517

business risk. Here is the main process for a supply chain business. 518

1. Wholesaler and manufacturer agree on a trade transaction on open account terms at a specific 519

date and time. The wholesaler creates a Purchase Order (PO) and sends it to a manufacturer for 520

confirmation. 521

2. The manufacturer prepares the goods based on the PO and notifies forwarder for goods delivery. 522

3. When the goods have been transported to the export terminal and inspected by customs, they are 523

transported by freight to the wholesaler. 524


4. Once the goods have been well received by the wholesaler, the wholesaler confirms the trade 525

transaction is a success and notifies the bank to remit the money to the manufacturer and then 526

provides invoices, bills of lading and other transport documents to the wholesaler via a document 527

courier. 528

529

In this scenario, manufacturer, wholesaler, clearing agent, customs, forwarder(fright/shipping), bank and 530

retailer can all join in to this platform to build up a complete supply chain ecosystem to generate the network 531

effect. 532

Similarly, for the wine industry, the current challenges are that there are a lot of bogus wine in circulation 533

worldwide. The source of this problem is that there is no central authority or standardized industry practices 534

one can verify the provenance of the wine. The usual way is to rely on an experienced or educated expert 535

to evaluate each wine for signs of authenticity within the wine industry. Examining wine is an expensive and 536

time-consuming practice, and this practice is still a risky maneuver since it is highly subjective to individual’s 537

sense. 538

DLT could help to make the wine verification process in a more objective manner. As an example, imagine 539

there is a DLT platform established in the winery industry, winery, auction house, wholesaler and retailer can 540

all join the platform. Each participant holds a replicated ledger that records all the wine transactions since 541

day one the bottle of wine is sealed. 542

543

544 Illustration: DLT integration with Wine bottle circulation 545

546

As shown in the above figure, starting from the producer, a bottle is assigned a unique digital ID etched in 547

the glass or simply printed on the label when it is created. Every time the winery created a distinct bottle, a 548

transaction record will be logged in the ledger with the winery’s digital signature. When the bottle is sold, 549

the winery as part of that transaction will also give the transaction block information in the ledger to the new 550

owner. As the wine changes hands again and again, the digital ID and transaction block information is passed 551

along, keeping a life history of that wine on the DLT network. 552

Wholesalers, retailer and other industry players would also leave their digital signatures on each wine 553


transaction. The caretaker that ultimately receives the wine from the retailer will use the retailer’s public 554

key to verify the onchain transaction by scanning the smart tag (either QR Code or NFS) in the bottle. 555

The Blockchain solution allows traceability starting from the manufacturer’s site through transportation 556

to distributor, importers, warehouse, merchants, transporters, auction houses, retailers. All these points 557

can be referred as intermediaries and are completely traceable. 558

559

3.3 Retail Distributor Business 560

Utilizing Blockchain, retail distributor can digitize all the product information and log a permanent record of 561

transactions in order to trace the food products from farms through the whole supply chain. In addition, it 562

also provides a way to capture online consumer who purchases the product for consumer behavior analysis. 563

564 Illustration: DLT based tracking comparing traditional paper-based way in Retail distributor business 565

566

This could prove to be a great business advantage for food safety in the world, when digital information such 567

as farm origin, slaughterhouse, packing and processing record and shipping details are digitally attached to 568

the food product, it will be grouped together and stored in the Blockchain [8]. 569

570

The Blockchain existence in product tracking brings obvious advantages comparing to traditional paper-571

based product tracking system in terms of cost, effectiveness and traceability. Most importantly, the instant 572

share of information of the products will bring the retail distributor a greater convenience for inventory 573

control and capital optimization thus reducing the risk of over stocking at the same time. 574

575

There is an increasing trend that consumers want to know that the ethical claims from the manufacturers 576

about their products are authentic. Blockchain provides an innovative new way to verify that the backstories 577


of the products we are purchasing are genuine. Transparency and tamper proof will come with Blockchain 578

in terms of timestamp of a date and location on the goods which correspond to a permanent product identity 579

stored in the ledgers. With mass data contained in numerous devices and multiple networks throughout the 580

supply chain, the Internet of Things (IoT) combining with Blockchain technology will create a tamper-proof, 581

distributed filing system and real-time records. 582

583

3.4 Insurance Business 584

The insurance market is another industry which is revolutionizing its old systems and benefiting from the 585

Blockchain technology. Double claiming or lack of trust between insurer and customer are two typical issues 586

in the current industry. Blockchain may overcome these issues with its transparent and trustless 587

characteristics. Transparency prevents the double claiming while trust on technology instead of insurers will 588

bring more confidence to consumers. 589

590

For instance, with an insurance Blockchain platform, passengers simply choose their flight by selecting a 591

destination airport, and the date of their departure. Then they apply for a policy showing the probabilities 592

of flights being delayed more than 30, 60, 120 minutes, or canceled or diverted altogether [9]. 593

594

595 Illustration: Smart contract checks the flight time table and execute the insurance terms automatically 596

597

Blockchain plays two key roles here. Firstly, it maintains an accessible and immutable record of the insurance 598

contract within a smart contract or “smart insurance”. Secondly it serves as a mechanism for triggering the 599

payment to the client once 30, 60 or 120 minutes mark is passed. The payment process is activated 600

automatically by events coded in the smart contract. 601

602

The smart contract is the party that decides if the insurer should indemnify the policy holder and trigger a 603

payment request. The use of a smart contract to trigger claims will add trust in the whole process. Smart 604

contract is basically a program code which will trigger automatically based on pre-defined condition and self-605

https://www.coindesk.com/information/ethereum-smart-contracts-work/


executed the agreement between two or more parties. Smart contracts avoid the delays and expenses 606

incurred by existing paper contracts as well as the intermediaries. With smart contracts, intermediaries can 607

be eliminated thus saving the time and cost. 608

609

3.5 Healthcare Business 610

In the current healthcare industry, there is a substantial amount of duplicated medical tests conducted on 611 patients and isolated treatments history. The source of this problem is that there is no central authority or 612

standardized industry practices that one can verify the provenance of the medical record. 613

614

Blockchain could help to address the interoperability currently present in the health care system. As an 615

example, with a Blockchain platform established in the healthcare industry, hospitals, clinics, and 616

laboratories can all join the platform and access a shared ledger where the source of truth of medical 617

transaction is stored. In addition, the transaction information is encrypted and digitally signed to guarantee 618

its authenticity and accuracy. 619

620

621 Illustration: DLT information sharing center lowers the medical cost 622

623

Every time a piece of medical record is created, a transaction record will be logged in the ledger with the 624

participant’s digital signature and the record is immutable and cannot be changed or removed. When the 625

patient visits another hospital for treatment, the hosting hospital can access the patient’s complete medical 626

records in Blockchain. It will help to provide better treatment and save the medical cost. 627

628

In conclusion, Blockchain platform can be integrated into a wide range of industries. The previous five use 629

cases are just samples of what Blockchain can bring to the industry. It could also play a key role in global 630

application such as personal identity management, property evaluation, digital asset management and so 631

on. 632

633

634


635

636

4. Governance and Regulation 637

It is unavoidable that with any introduction of new technology, it also brings in new types of risk, and DLT 638

is no difference. For instance, denial of access or denial of service attacks and other cyber-attacks may still 639

happen in DLT and cause its operation to fail. It is of paramount important that proper governance and 640

regulation are established if DLT is to be successfully implemented [3]. 641

642

4.1 Roles and responsibilities 643

Different groups of people are involved in DLT networks. They can be grouped by their functions with 644

different roles and responsibilities. 645

646

4.2 Developers 647

Developers are responsible for implementing the DLT smart contract to represent business flow, including 648

setting up endorsement policies and putting rules in place. 649

650

In addition, developers should ensure that the changed source code is adequately tested and passed the 651

User Acceptance Test (UAT). Importantly, proper software documentations must be version controlled and 652

kept updated to ensure that ongoing systems operation and support can be carried out by DLT operators 653

smoothly. 654

655

4.3 Operators 656

Operators must be capable of overseeing the operational status of the DLT network. Any attack attempt 657

to alter the transaction history or inject malicious transactions should be proactively alerted and identified 658

by other peers. All this information will also be logged and summarized in a bird eyes’ view in DLT dashboard. 659

Operators should be aware of the warning appearing on the dashboard and investigate the system logs for 660

further information. 661

662

Operators should also have the capability of conducting business continuity planning, disaster recovery, 663

closely follow the conduct codebook on adding, deleting and revoking new nodes in the DLT network. 664

665

4.4 Users 666

Users of DLT network plays an important role in making the DLT network alive and operational by 667

conducting different kinds of transactions in the network [3]. 668

669

A private key represents the user identity in the public network, specifically, the ownership of digital assets. 670

The private key usually should be presented when transferring asset to others, storing them or its 671

alternative key phrase in an offline place, or called “cold storage” such as a USB device or paper is a good 672

practice. Identity thefts or other perpetrators often choose the online private key storage, i.e. hot wallet, as 673


the first choice of attack. Users should bear in mind that safely and securely storing of the private key is the 674

only way for anti-theft and asset protection. 675

676

4.5 Report and audit 677

Reporting and auditing of financial activities are the key aspects of regulation by overseers. In reality, the 678

financial institutions have the obligation to prepare reports on a regular or ad hoc basis. DLT enables 679

regulators or auditors to directly access transactional information stored on the DLT through supervisor 680

node for monitor or governance purpose in a near real-time fashion. Regulatory reporting and financial 681

reporting (e.g. the filing of tax returns) can be made possible through the supervisor node [4]. 682

683

4.6 Regulatory compliance 684

Financial and banking stability and sustainability are the most important objectives of all regulatory 685

authorities. The increasing adoptions and applications of DLT are dramatically attracting attentions by the 686

regulatory authorities. 687

688

In general, principles for technology business continuity planning, disaster recovery, risk management and 689

other relevant guidelines are equally applicable in DLT implementation and deployment. In addition, the 690

decentralization and multi-geography nature of DLT platforms make the regulatory compliance issues more 691

complex. However, DLT is still evolving and in a not too distant future, we believe there will be a more 692

standardization on the governance model and regulatory guideline. 693

694

695

696

697

698

699

700

701

702

703

704

705

706

707

708

709

710

711


712

713

5. Conclusion 714

This paper provides a description of Blockchain technology and how it could revolutionize the way business 715

is conducted today. It also reveals some business innovation with use cases employing Blockchain 716

technology to streamline the business workflow and possible collaboration amongst partners to create an 717

ecosystem that could benefit all participants. As Blockchain can provide a distributive, permanent ledger 718

that is immutable, transparent and securely record transactions, it can apply to virtually any industry such 719

as Banking and Financial payments, Supply Chain, Insurance, Health Care, Transportation, Retails and Real 720

Estate. 721

Internet connects people while Blockchain connects people with trust and privacy. Big data on cloud 722

provides a fertile soil to digital marketing and AI to grow, while Smart Contract makes innovative business 723

model possible. To consumer, applications integrated with Blockchain technology can provide a seamless 724

operation and a whole new user experience. Organizations adopting Blockchain can take full advantage of 725

it and create a business advantage by exploiting its feature like security, authenticity, trust and 726

instantaneous data access. 727

We hope that organizations who are new or planning to explore Blockchain will now have a better 728 understanding of Blockchain and what advantages it can bring to your business. 729

MoneySQ Blockchain Limited uses Blockchain technology to develop the first business DLT platform in Hong 730 Kong, named “trustME”. Through tight collaboration with Microsoft cloud system expert, Deloitte as the 731

Blockchain implementation leader and Hong Kong Applied Science and Technology Research Institute 732

(ASTRI) Blockchain team to provide the best practices, knowledge and processes on system security, 733

technical advisory and platform architecture design. With this close consortium, trustME creates an 734

ecosystem that is built with a permissioned DLT network in such a way that data privacy and security 735

requirements are enacted allowing business to run their critical applications knowing that the platform is 736

secured, transparent, trusted, immutable and provide operation efficiency. MoneySQ believes its works 737

will go towards supporting the development of Guangdong-Hong Kong-Macao Greater Bay Area and 738

provides SMEs in China, Taiwan and Hong Kong to transform their business with Blockchain technology. 739

740

741

742 743


744 745

6. Reference 746

1 See “Bitcoin: A Peer-to-Peer Electronic Cash System” at https://bitcoin.org/bitcoin.pdf 747 2 See “Coin Market Capitalizations | CoinMarketCap” at https://coinmarketcap.com/coins/ 748 3See “Whitepaper on Distributed Ledger Technology” at 749 http://www.hkma.gov.hk/media/eng/doc/key-functions/finanical-750 infrastructure/Whitepaper_On_Distributed_Ledger_Technology.pdf 751 4See “Whitepaper 2.0 on Distributed Ledger Technology” at 752 http://www.hkma.gov.hk/media/eng/doc/key-functions/finanical-infrastructure/infrastructure/20171025e1a1.pdf 753 5See “Forward Together: Three ways Blockchain Explorers chart a new direction.” IBM Institute for Business Value. May 754 2017. at https://www-935.ibm.com/services/studies/csuite/blockchain/ 755 6 See “Hyperledger Fabric Official Document” at http://fabrictestdocs.readthedocs.io/en/latest/ 756 7 See “[Hyperledger-fabric] multichannel consensus and subledgers” at 757 https://lists.hyperledger.org/pipermail/hyperledger-fabric/2016-October/000389.html 758 8 See “China: IBM and Walmart use Blockchain technology to track pork” at 759 http://www.fleischwirtschaft.de/economy/news/China-IBM-and-Walmart-use-Blockchain-technology-to-track-pork-33638 760 9 See “Ethereum Within the Insurance Industry - ETHNews.com” at 761 https://www.ethnews.com/ethereum-within-the-insurance-industry 762 10 See “First Quantum-Secured Blockchain Technology Tested in Moscow - MIT Technology Review” at 763 https://www.technologyreview.com/s/608041/first-quantum-secured-blockchain-technology-tested-in-moscow/ 764 765 766 767

768

https://bitcoin.org/bitcoin.pdf

http://www.hkma.gov.hk/media/eng/doc/key-functions/finanical-infrastructure/Whitepaper_On_Distributed_Ledger_Technology.pdf

http://www.hkma.gov.hk/media/eng/doc/key-functions/finanical-infrastructure/Whitepaper_On_Distributed_Ledger_Technology.pdf

http://www.hkma.gov.hk/media/eng/doc/key-functions/finanical-infrastructure/infrastructure/20171025e1a1.pdf

https://www.ethnews.com/ethereum-within-the-insurance-industry


769

770

Appendix – Enterprise Level Blockchain Application Practice 771

The business ready Blockchain platform needs to cater for the full life cycle (develop, administration 772

and operate) of a multi entities DLT network. It is designed to achieve enterprise levels of security, data 773

atomic, scalability, and high availability to meet business demanding from different industries. 774

775

776 System Architecture Overview 777

The system architecture at the enterprise platform level requires robustness, scalability and seamless 778 integration. Blockchain platform has taken all these design principles into account. The diagram below 779

illustrates the system architecture of permissioned Blockchain platform. 780

781

782 Illustration: System architecture of Blockchain Platform 783

784

• Interface Layer - Enables clients and business applications to run on top of Blockchain via 785 Application Programming Interface (API). 786

• Service Layer – Enables new nodes or organizations’ enrollment, registration, revocation 787

procedures during network operation. Also, it is responsible for the management of various 788

policies specified in the network, such as the endorsement policy and account management 789

policy. 790

• Block Layer - Responsible for reaching an agreement on the correctness, the order, and the 791

confirming the group of transactions that constitute a block. 792

• Resource Layer - Responsible for scheduling resource for each node’s run time environment 793 overhead, world state, history and index data storage. 794

795

Permissioned Blockchain platform grants the data access rights only to the related parties to retrieve 796


sensitive data by adding multiple channel feature. In addition, a large enterprise may own multiple ledgers, 797

one for each business unit for example. This isolation of peers and ledger in the form of segregated channels 798

allows network participants who prefer private and confidential transactions to coexist with potential 799

business competitors on the same Blockchain network [6]. For many enterprises and financial institutes, 800

permissioned Blockchain can meet these business requirements which are not possible with public 801

Blockchain platform. In addition, using cloud services is recommended since cloud environments allow 802

enterprises to shift from a highly centralized operating model to a secure ecosystem model. 803

804 Multi-Channel Support and Channel Separation 805 806

Inspired by the concept of publish-subscription messaging queue, a channel is like a topic that restricted 807

peers may subscribe to and become participants of the channel. Only participants of a channel may transact 808

on that channel, and transactions on a channel are not visible on the other channels. 809

810

Permissioned Blockchain extends the channel management setting and supports multiple co-existing 811

channels in a Blockchain network with a tailor-made ledger per channel for data protection and isolation 812 [7]. This feature allows for multilateral contracts where only the authorized participants with a certificate on 813

the channel can submit proposal, endorse, order, or commit transactions on that channel. As a result, a single 814

peer can maintain multiple ledgers without sacrificing privacy and confidentiality. 815

816

817 Illustration: Multi-channel and channel separation 818

819 As shown above, Peer 1, 2, and N subscribe to the red channel and operate the corresponding red ledgers 820

among them. Peer 1 and N subscribe to the green channel and operate the green ledger with the absence 821

of Peer 2 because it is not in the green channel. Peer 2 and N are in the yellow channel and operate the 822

yellow ledger without the attendance of Peer 1. 823

824

Its consensus mechanism is also unique. Instead of implementing consensus on a system level, consensus is 825

implemented at individual level. Different types of consensus are supported. However, transactions are 826


validated only by designated validating nodes. 827

828 In practice, business logic may be transformed into applications, which constitute business agreements in 829

the form of smart contracts. DLT serves as the platform where the smart contracts can be executed. The 830

agreement is endorsed, validated and stored in the ledger, then executed in DLT’s secure environment by 831

designated peers on the segregated channels. 832

whitepaper on distributed ledger technology platform for ... · whitepaper on distributed ledger...

Documents