Twin of Things is a solution for securing the ownership and provenance of everyday objects by using blockchain technology in combination with crypto NFC tags and an Android App.
RIDDLE&CODE patented technology allows users to stick non-removable inlay NFC tags to objects and then provision them with public keys and metadata. Public keys, metadata and signatures are than turned into blockchain certificates.
The Android app is used for three purposes:
- Provisioning the tags
- Creating blockchain transactions, and
- Validation of the tags data and blockchain transactions
By using elliptic curve PKI, NFC tags, that act as microcomputers with autonomous public key generation function, once applied to the object, embed all the trust and security of blockchain into their transporter.
It is also a very illustrative and elegant solution to make blockchain technology comprehensible for non-experts.
We implement an extended system for our tags. In addition to the existing functionality we need the capability to combine the multikey related transaction with metadata.
These metadata will also come from the Android App. During the validation process these metadata have them also be sent back to the app to be displayed.
What are the metadata we are talking about:
- A brand name for the tagged object: input field Android App
- A product name for the tagged object: input field Android App
- Timestamp: date field autogenerated Android App
- A name / ID for the Owner / User: input field Android App
- A serial ID of the product: input field Android App
- Material of product: multiline or comma separated list field Android App
- Colour of the product: multiline or comma separated list field Android App
- Comments for the tagged object. Limited to 255 characters: input field Android App
- If possible there is also an image for the product available
- An application ID: and invisible text field Android App. Defining app for internal use
Mifare Desfire EV1 Tags
Mifare Desfire EV1 tags are used. They are based on AES and RSA instead of ECC.
As the tags will be already pre-provisioned with a public key they will also already be attested (multi-signature transactions are already written to a public ledger) within the blockchain. This means we have to create a second transaction where another multi-signature transaction, including the new metadata, has to be created. As the Mifare Desfire EV1 is not creating on-demand signatures, a signature for every tag has to be pre-produced. Therefore a special provisioning hardware and software was developed. It works a follows:
- For every tag a randomised challenge gets calculated,
- ECC secret key gets created using a program on the provisioning hardware,
- The secret key gets AES encrypted and written to the tag's EEPROM. It is never readable to the outside world.
AES means that there has to be a symmetric crypto key for encrypting and decrypting the specific crypto key is stored within the Android App. For this purpose we use either bouncy castle or the secure hardware module inside android phones.
Thanks to the encryption we will have information on the tag. Only a valid RIDDLE&CODE reader (Android App) can read it and operate on the basis of it.