BigMart (fictional) has announced they are launching a project to track the provenance of food that they sell in their stores – from farm and feedlot through distributors all the way to the individual retail outlet. To do this, they’ve implemented a private blockchain within their ecosystem of 8,000 plus suppliers. Suppliers and distributors submit transactions to the immutable blockchain documenting every change in status for a particular good.
The types of companies that comprise the supply chain of BigMart vary from very small family-owned businesses (<50 full time employees) to public companies. These companies not surprisingly vary widely in their technology capabilities – both in personnel, processes, existing platforms, and budgets. Yet it is critical that each of these entities be able to initiate transactions at each relevant state for their individual products that get shipped, regardless of size. In the design stage of the project, participants realized that use of digital crypto wallets posed a significant impediment to usage and adoption:
- Multiple personnel at the entities would be responsible for various transaction signing; though the entity would be the same; meaning issues around using the same digital wallet whether mobile or on desktop form
- Security practices and capabilities across suppliers varied widely; for example protecting against “spear phishing” attack would be a large project in and of itself
- Lack of technical sophistication in many entities made the prospect of “lose private key, lose ability to transact” a non-starter
- Many transactions would be high volume and should be automated based on rules and algorithms vs. requiring individual to “submit”
BigMart realized there was no way to use on-device crypto wallets in this project.
BigMart adopted ChainFront Cloud Service (CCS) to resolve these issues. Using the CCS, BigMart was able to make the use of crypto technology completely invisible to the entities, as well as algorithmically send high volumes of transactions. Entities will authorize with ChainFront via OAuth 2; entities will approve transactions via multi-factor authentication (MFA).
How it Works
- As part of setup, BigMart worked with ChainFront to establish a set of security roles and rules for their supply chain participants in this project.
- BigMart devs are provided API credentials to access the ChainFront APIs. They are also given access to full audit logs to track activity.
- BigMart uses the MFA API calls of ChainFront to enable MFA approval of transactions for all their suppliers.
- BigMart uses CCS APIs to create a master supplier file that will be used to track transactions via private blockchain.
- Private keys are set up within the secure storage area of Vault using the CCS APIs. The private keys never leave the secure area.
- BigMart and suppliers uses provided APIs to programmatically sign and execute transactions on required by their application. While the public signed transactions are transmitted across the internet, the private keys never leave the secure area.
- ChainFront configures multiple geographically distributed storage areas that will hold the private keys within Vault. Cold storage will also be used as additional security measure.
- ChainFront also automatically queues transactions to the extent the blockchain ever goes down or experiences latency of any sort
By using ChainFront, BigMart suppliers can fully participate in the asset tracking project, without any exposure to private keys or digital wallets. All barriers to adoption have been eliminated. BigMart did not have to spend precious development resources on an on-device wallet solution. BigMart did also not need to do large security project for all 8,000 suppliers.
Also published on Medium.