The Identity of Things: Products and Provenance

blue and yellow phone modules

If we think about the idea of digital identity in the internet of things then luxury goods such as watches make for an interesting example. How would you tell a fake Rolex from a real one in an always-on, interconnected world? You might say just put a hologram in it, or a chip that can’t be forged or something. And these might be good starting points but it’s a much more complicated problem than it seems at first.

Let’s think about secure microchips. Suppose contactless technology is used to implement some kinds of ID for the Internet of Things (IDIoT) for luxury goods. If I see a Gucci handbag on sale in a shop, I will be able to wave my mobile phone over it and read the IDIoT. My mobile phone can decode the IDIoT and then tell me that the handbag is Gucci product 999, serial number 888. This information is, by itself, of little use to me. I could go onto the Gucci-lovers website and find out that product 999 is a particular kind of handbag, but nothing more: I may know that the chip in the handbag label is ‘valid’, but that doesn’t tell much about the bag. For all I know, a bunch of tags might have been taken off of real products and attached to fake products.

To know if something is real or not, I need more data. If I wanted to know if the handbag were real or fake, then I would need know about the provenance as well as the product. The provenance might be distributed quite widely between different organisations with different drivers (this is why many people are keen on the using the blockchain as a means to co-ordinate and obtain consensus in such an environment). The retailer’s system would know from which distributor the bag came; the distributor’s system would know from which factory the bag came and Gucci’s system would know who stitched and where the components came from, a supplier system would know that the material came from sustainable hippos or whatever else it is they make handbags from. I would need access to these data to get the data I would need to decide whether the bag is real or fake. (Of course, I might want access to other data to give me more information to support my purchases decisions too. Such as ethical data for example: Who guarantees that my new jeans were not made by children and so on?)

This is a critical point. The key to all of this is not the product itself but the provenance. A secure system of provenance (for example) is the core of a system to tell real from fake at scale.

Provenance

Who should control the provenance of a product, and who should have access to the all or part of that provenance, is rather complicated. Even if I could read some identifier from the product, why would the retailer, the distributor or Gucci tell me anything about the provenance? How would they know whether I am a retailer, one of their best customers, one of their own ‘brand police’, a counterfeiter (who would love to know which tags are in which shops and so on) or a law enforcement officer with a warrant?

This is where the need for a digital identity comes into the picture. A Gucci brand policeman might wave their phone over a bag and fire off a query: the query would have a digital signature attached (from secure hardware in the mobile phone, as in iPhones, for example) and the provenance system could check that signature before processing the query. It could then send a digitally signed and encrypted query to the distributor’s system which would then send back a digitally signed and encrypted response to be passed back to the brand policeman: ‘No we’ve never heard of this bag’ or ‘We shipped this bag to retailer X on this date’ or ‘We’ve just been queried on this bag in Australia’ or something similar.

(And, of course, each time an IDIoT is created, interrogated, amended or removed from the system, the vent will be recorded on a shared ledger to guarantee the integrity.)

The central security issue for brand protection is therefore the protection of (and access to) the provenance data. Who exactly is allowed to scan my pants and under what circumstances? If I give my designer shirt to a charity shop, what information should they learn about the idea? An approach to this issues that uses the right combination of tools (ie, using secure chips to link the provenance on a shared ledger to the physical objects) will deliver a powerful new platform for a wide variety of potential services.

What might these services be? I don’t know, because I’m only a consultant and can’t afford luxury goods but perhaps if such a system adds £20 to the price of a Rolex to implement this infrastructure, so what? The kind of people who pay £5,000 for a Rolex wouldn’t hesitate to pay £5,020 for a Rolex that can prove that it is real.

In fact, such a provenance premium might be rather popular with people who like brands. Imagine the horror of being the host of a dinner party when one of the guests glances at their phone and says “you know those jeans aren’t real Calvin Klein, don’t you?”. Wouldn’t you pay an extra £5 for the satisfaction of knowing that your snooping guest’s app is steadfastly attesting to all concerned that your jeans, watch and sunglasses are all real? Of course you would.

This international identity day, remember that identity is not just for people. It is for droogs and droids, pants and pets. The digital identity infrastructure that we need for the future is for everything. Everything.

Identity in the Metaverse

An aurora accents Earth's atmospheric glow underneath a starry sky

I had the privilege to chair a discussion about identity in the metaverse at the Identiverse conference in Denver in June 2022, and had great fun discussing the new landscape for identity with Heather Vescent, Jonathan Howle, Katryna Dow and Gopal Padinjaruveetil. In order to frame my thoughts and get the discussion about identity and privacy going, I needed a mental model.

What Exactly Is A Smart Wallet?

pexels-photo-887751.jpeg

A wallet is a way of organising things. My Apple Wallet, just like my real wallet, doesn’t have any cash in it. It has credit cards, debit cards, loyalty cards, vaccination records, boarding passes, train tickets and driving licences (Apple have just gone live with their driving licence and state in Arizona). These things are all held independently in the wallet: they don’t talk to each other and they don’t share data with each other. They are also, as you will have noticed, mostly about identity, not money.

How Could Digital Currency Work?

The Bank of England and the UK Treasury have announced a Central Bank Digital Currency (CBDC) Taskforce to coordinate the exploration of a potential British CBDC. But how could a digital Pound actually work? As it happens, this is something that Consult Hyperion knows rather a lot about. Apart from our work on the first British central bank digital currency (Mondex) back in the 1990s, our work on the first population-scale mobile money scheme (M-PESA) in the 2000s and our work on the most transformational contactless payment roll-out (Transport for London) in the 2010s, our practical experience across implementation platforms means that we understand the architectural options better than anyone.

Chip and PIN? Remember that?

three red roses

This weekend marks an anniversary. Although Consult Hyperion’s romance with smart cards had started many years before that, it will be fifteen years on Sunday that chip and PIN went live in the UK. I remember St. Valentine’s Day 2006 as if it was yesterday!

Merchant Payments Ecosystem 2021

When we look forward to 2021, it is no surprise that COVID-19 is the dominant factor. So far as the merchant payments world is concerned, the shape of the post-pandemic new normal transaction environment must be the key strategic consideration for stakeholders and I am desperately keen to hear the variety of informed opinion on this topic that I have come to expect at Merchant Payments Ecosystem every year. At Consult Hyperion we like to contribute to these conversations by providing a useful framework for discussion: our annual “Live 5”, our yearly set of suggestions for strategic focus. This year, we choose to look at the key issue of pandemic transformation and its impact of on the three key domains where our clients operate: Payment, Identity and Transit, together with (as is traditional!) a suggestion as to a technology that the POS world may not be thinking about but probably should be.

Fintech South 2020 – Maintaining trust and safety in a digital world

At the (sadly, virtual) Fintech South event the year, I was asked to chair a discussion on identity and privacy with three extremely well-qualified experts who had informed perspectives on the state of, and trends in, those important pillars of a digital society. These were Adam Gunther (SVP, Digital Identity for Equifax), Andrew Gowasack (Co-Founder and President at TrustStamp) and Megan Heinze (President, Financial Institutions, North America for IDEMIA). It was great to talk to a group of people who were not only well-informed on these topics but had some passion for them too.

I won’t go over everything that was discussed, but I do want to pick up on a comment that was made in passing when I was chatting to the panelists: someone said that a guiding principle should be “no scary systems”. Hear hear! But what is a scary system? It is, in my opinion, a system that privileges security over privacy. This is not how we should be designing the identity systems for the 21st century!

4+4 | Strategic thinking for post-pandemic payments

mountains nature arrow guide

Early on in the pandemic my colleagues at Consult Hyperion and I did a lot of research to explore how it might impact our customers and our customers’ customers, just as I am sure every other organisation in the payments sector did. We looked at a lot of speculative forecasts, we looked at research and analysis from quite a wide range of organisations in the financial sector and beyond, we spoke to a number of people in the industry and we took part in a fair few discussions and debates on the topic. As a result of this, we identified a number of strategic areas where stakeholders in the payment space should be developing or at least preparing their strategies and where they should be planning for some changes to take them through and beyond the COVID-19 crisis.

City Currency

The pandemic has revised interest in a topic that has surfaced repeatedly in Tomorrow’s Transactions events over the years, and that is the issue of local and complementary currencies. The Bristol Pound, the Brixton Pound, the Lewes Pound and many other experiments have sprung up around the country (indeed, around the world) to try to stimulate and regenerate local and regional trade and prosperity in response the changing economic circumstances. We tend to think of currencies as being instruments of the nation state but that’s actually a recent invention in the great scheme of things. There’s no reason to see optimal currency areas as inviolable laws of nature rather than transitional borders under prevailing monetary and financial arrangements.

The day that digital currency started

Mondex paraphernalia

We’ve just had an important anniversary. I’m sure you are all thinking of July 4th and, of course, who can forget it! It’s a date that is very important to many people because it is the anniversary of the birth of The Clash, who played their first live gig on 4th July 1976. But for me, there is a much more important and personal anniversary. Here is the front page of the Swindon Evening Advertiser from 4th July 1995. The day I finally made the front page of my home town newspaper. Got to see my picture on the cover, got to buy five copies for my mother…

MONDEX-History in the making

Yes, I was there on 3rd July 1995 in Swindon town centre when the Swindon Evening Advertiser vendor Mr. Don Stanley (then 72) made the first ever live Mondex sale. And here is the photographic evidence of same — in case you don’t happen to have copy of that Swindon Evening Advertiser — as I emerge Zelig-style from the crowd to watch Don take the e-cash. It was a very exciting day because by the time this launch came, my colleagues at Consult Hyperion, who were instrumental in creating Mondex devices and software, had been working on the project for some years (and for the first three or four years it was entirely in secret).

So for those of you who don’t remember what all of the fuss was about: Mondex was an electronic purse, a pre-paid payment instrument based on a tamper-resistant chip. This chip could be integrated into all sorts of things, one of them being a smart card for consumers. Somewhat ahead of its time, Mondex was a peer-to-peer proposition. The value was transferred directly from one chip to another with no intermediary and therefore no cost. In other words, people could pay each other without going through a third party and without paying a charge. It was true cash replacement, invented at National Westminster Bank (NatWest) in 1990 by Tim Jones and Graham Higgins. Swindon had been chosen for the launch because, essentially, it was the most average place in Britain. Since I’d grown up there, I was rather excited about this, and while my colleagues carried out important work for Mondex (software specification, development and testing for all of the core components), I watched as the fever grew out in the West Country.

Many of the retailers were quite enthusiastic because there was no transaction charge and for some of them the costs of cash handling and management were high. I can remember talking to a hairdresser who was keen to get rid of cash because it was dirty and she had to keep washing her hands, a baker who was worried about staff “shrinkage” and so on.

The retailers were OK about it.

“From a retailer’s point of view it’s very good,” said news-stand manager Richard Jackson. “But less than one per cent of my actual customers use it. Lots of people get confused about what it actually is, they think it’s a Switch card or a credit card.”

That’s if they thought about it all.

It just never worked for consumers. It was a pain to get hold of, for one thing. I can remember the first time I walked into a bank to get a Mondex card. I wandered in with 50 quid and had expected to wander out with a card with 50 quid loaded onto it but it didn’t work like that. I had to set up an account and fill out some forms and then wait for the card to be posted to me. Most people couldn’t be bothered to do any of this so ultimately only around 14,000 cards were issued.

So, why I am wallowing in this nostalgia again? Why do I think more people should be celebrating the Mondex Silver Jubilee? Well, look East, where the first reports have appeared concerning the Digital Currency/Electronic Payment (DC/EP) system being tested in four cities: Shenzen, Chengdu, Suzhou and Xiong’an. DC/EP is the Chinese Central Bank Digital Currency (CBDC).

with the kind permission of Matthew Graham @mattysino

The implementation follows the trajectory that I talk about in my book The Currency Cold War, with the digital currency being delivered to customers via commercial banks. The Deputy Governor of the People’s Bank of China, Fan Yifei, recently gave an interview to Central Banking magazine in which he expanded on the “two tier” approach to central bank digital currency (CBDC). His main points were that this approach, in which the central bank controls the digital currency but it is the commercial banks that distribute it, is that is allow “more effective exploitation of existing business resources, human resources and technologies” and that “a two-tier model could also boost the public’s acceptance of a CBDC”.

He went on to say that the circulation of the digital Yuan should be “based on ‘loosely coupled account links’ so that transactional reliance on accounts could be significantly reduced”. What he means by this is that the currency can be transferred wallet-to-wallet without going through bank accounts. Why? Well, so that the electronic cash “could attain a similar function of currency to cash… The public could use it directly for various purchases, and it would prove conducive to the yuan’s circulation”. How will this work? Well, you could have the central bank provide commercial banks with some sort of cryptographic doodah that would allow them to swap electronic money for digital currency under the control of the central bank. Wait a moment, that reminds me of something because… yep, that’s how Mondex worked.

MONDEX wallet

That was the big difference between Mondex and other electronic money schemes of the time, which was that Mondex would allow offline transfers, chip to chip, without bank (or central bank) intermediation. Offline person to person transfers. Just like cash. That’s huge. Libra can’t do it, and never will be able to because, like Bitcoin, it needs to be online to check for “double spending”.

Mondex was a window into the future of money.

That’s why this week’s special webinar is a Mondex reunion! Tim Jones, one of the co-inventors and Mondex CEO, will be joining with Debbie Gamble who was head of Mondex North America. On our side, our CEO, Neil McEvoy (who led the Mondex specification and implementation team) and Tim Richards (who designed the underlying portable, secure operating system), will join Tim and Debbie to reminisce and have a bit of fun, but much more importantly, to talk about the lessons learned from that incredible experiment, and to share ideas for the coming generation of digital currency innovators. And there may be one or two special guests…

Those who cannot learn from history are doomed to repeat it!


Subscribe to our newsletter

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

By accepting the Terms, you consent to Consult Hyperion communicating with you regarding our events, reports and services through our regular newsletter. You can unsubscribe anytime through our newsletters or by emailing us.
Verified by MonsterInsights