Twin of Things is a solution for securing the ownership and provenance of everyday objects by using blockchain technology in combination with crypto NFC tags and an Android App.
RIDDLE&CODE patented technology allows users to stick non-removable inlay NFC tags to objects and then provision them with public keys and metadata. Public keys, metadata and signatures are than turned into blockchain certificates.
The Android app is used for three purposes:
- Provisioning the tags
- Creating blockchain transactions, and
- Validation of the tags data and blockchain transactions
By using elliptic curve PKI enables NFC tags all the trust and security of blockchain technology get embedded into objects in an uncompromisable way.
It is also a very illustrative and elegant solution to make blockchain technology comprehensible for non-experts.
We implement an extended system for our tags. In addition to the existing functionality we need the capability to combine the multikey related transaction with metadata.
These metadata will also come from the Android App. During the validation process these metadata have them also be sent back to the App. to be displayed.
What are the metadata we are talking about:
- A brand name for the tagged object: input field Android App
- A product name for the tagged object: input field Android App
- Timestamp: date field autogenerated Android App
- A name / ID for the Owner / User: input field Android App
- A serial ID of the product: input field Android App
- Material of product: multiline or comma separated list field Android App
- Colour of the product: multiline or comma separated list field Android App
- Comments for the tagged object. Limited to 255 characters: input field Android App
- If possible there is also an image for the product available
- An application ID: and invisible text field Android App. Defining app for internal use
Mifare Desfire EV1 Tags
Mifare Desfire EV1 tags are used. They are based on AES and RSA instead of Elliptic Curve.
As the tags will be already pre-provisioned with a public key they will also already be attested (multi-signature transactions are already written to a public ledger) within the blockchain. This means we have to create a second transaction where another multi-signature transaction including the new metadata has to be created. As the Mifare Desfire EV1 is not creating on demand signatures, a signature for every tag has to be pre-produced. Therefore a special provisioning hardware and software was developed. It works a follows.
For every tag a randomised challenge gets calculated. Then with a program on the provisioning hardware an elliptic curve secret key gets created. The secret key gets written AES encrypted to the tags EEPROM. It is never readable to the outside world.
At the same time the provisioning hardware derives a public key from the secret. The public key gets written in readable way to the tag’s EEPROM. Then the provisioning hardware signs the pre-calculated challenge with secret. The resulting signature and the challenge gets written AES encrypted to the EEPROM of the tag. AES means that there has to be a symmetric crypto key for encrypting and decrypting the specific crypto key is stored within the Android App. For this purpose we use either bouncy castle or the secure hardware module inside android phones.
Thanks to the encryption we will have information on the tag. Any NFC reader can read, however and only a valid RIDDLE&CODE reader (Android App) can read and can make sense out of it.