A Close Look at Everledger—How Blockchain Secures Luxury Goods
Why provenance matters
The Easter weekend of April 2015 marks an event that many call one of Britain’s biggest robberies. Referred to as Hatton Garden heist, the robbery was successfully carried out by a gang of thieves, who made off with an estimated value of £200 million in diamonds and other jewellery. The actual value of the stolen goods was never revealed due to the lack of certifications for some of the lost items.
“(Provenance) is the life story of an item and in the world of luxury goods, provenance matters, because you cannot separate the value of an item from its origin and its history,” notes Leanne.
“It [provenance] relates to diamonds, to watches, to art, and to jewelry, but there’s a problem. The world’s provenance is locked in paper. When provenance is lost, another word emerges and that word is risk.” —Leanne Kemp, Everledger
According to Leanne, “international headlines are plagued with stories of fraud, document tampering, synthetic stones, black markets, and conflict stones.” Most of these issues were rooted on a lack of visibility and provenance along the supply chain, underpinned by a paper-based certification system vulnerable to tampering.
“These problems are real, they’re quantifiable and they cost insurers $50 billion annually, but sadly and more importantly, they cost every single one of us…an increased cost of insurance.”
—Leanne Kemp, Everledger
A diamond thumbprint on a blockchain
Everledger was created to minimize fraud, being a “digital global ledger that tracks and protects items of value.” The team has built a platform that brought greater transparency to the open market places and global supply chain—by ensuring that the authenticity of the asset is secured and stored among all industry participants.
“We integrated the supply chain onto the same digital network creating a single version of the truth for all parties involved in the diamond trade,” says Leanne. “We shared records visible across the industry participants.”
By involving major certification houses around the globe—including those in America, India, Israel, and Belgium (Antwerp) where diamonds are graded and certified—Everledger was able to create a digital thumbprint for individual diamonds.
These unique identifiers consist of 40 metadata points, the laser inscription on the girdle, and the stone’s four Cs—color, clarity, cut, and carat weight. These digital thumbprints would then be written on the blockchain.
Everledger also makes use of the Kimberley Process, which started in the year 2000. It is a certification scheme imposing extensive requirements in the process of rough diamond production to prevent the occurrence of conflict stones.
Master certificates of the Kimberley Process certified rough diamonds are also digitally stored on the blockchain.
Everledger in action
So far, we know Everledger stores digital certificates on the blockchain. What does this mean, though?
Blockchain is a permanent, secure, and immutable ledger that records assets, participants, and transactions. This means participants in the network, such as merchants, banks, and insurers, can verify if an asset (a diamond in this case) is legitimate.
In this scenario, Lucy purchases a diamond, insures it, and registers it on the Everledger blockchain.
Next, she loses the diamond and reports it as stolen. The insurance company then compensates her for the loss.
Finally, Thomas the thief attempts to sell the stolen diamond to Jane the jeweller. She requests verification from Everledger and finds out that it’s a stolen diamond. The insurance company is notified about the stolen diamond and they take possession of it.
“We now know where diamonds are being sold and resold online in marketplaces, such as Amazon and eBay. We work with insurance companies on fraudulent claims, with Interpol and Europol as diamonds cross borders and enter into black markets. We work with banks to help them in financing the middle part of the pot more efficiently, but more importantly to create a digital vault, so you can store all of your valuables inside the blockchain.” —Leanne Kemp, Everledger
Globally connected via API
The sequence of transactions shown in the sample scenario above is achieved through APIs.
Everledger offers an API for the following participants:
- Banks and insurers. Tracks the identity of digitized items to help banks and insurers in the management of fraudulent transactions.
- Law enforcement. Enables the tracking of fraud based on the data collected.
- Online marketplaces. Assists with detecting the sale of stolen items.
Providing access to certificates, policies, and claims information, the Everledger API relies on REST, JSON, resource-oriented URLs, and standard HTTP methods. Client requests require signed HMAC-SHA512 signatures.
— Duncan Johnston-Watt (@duncanjw) March 20, 2017
Today, Everledger is powered by IBM Blockchain, which relies on Hyperledger Fabric. Before 2016, Everledger made use of other blockchain technologies, such as Ethereum, Eris, and BigchainDB. Hovewer, in July 2016, the first Hyperledger pilot was delivered, according to IBM.
(In the spirit of this migration, it’s worth mentioning a recent incubation of Burrow storage into the Hyperledger project. The database was formerly known as ErisDB, serving as a blockchain storage in the Ethereum-based Eris platform.)
Secured by LinuxONE
A vault, digital or not, is meaningless if it’s not secure. Everledger protects its network, where certificates worth millions are stored, using High Security Business Networks on IBM Bluemix and LinuxONE.
This provides several security benefits:
- Protection against misuse of privileged user credentials. Blockchain operating environments and data are protected by Secured Service Containers against access and abuse by root users, system administrator credentials, and other privileged user access.
- Malware protection. Blockchain data and software is secured from malware being installed.
- Protection of peers from one another. Blockchain peers are able to run in protected, isolated environments to prevent deliberate or unintentional leakage of information from one party’s environment to another.
- Key safety. Identity, communications, and data privacy are safeguarded by having all keys in a Secure Services Container. Key security is further enhanced by implementing a “secure key” using a tamper-resistant cryptocard (certified to the highest level—FIPs 140-2 Level 4).
- A highly auditable operating environment. Hardware and firmware audit logs provide information about any critical actions done to the system, such as replacing hardware or changing configurations. This enables such changes to be audited, including verification of unauthorized actions.
Protecting art, wine, metals, and minerals
To date, over 1.2 million diamonds are digitally stored on the Everledger blockchain. “Amazon started with books, and Everledger started with diamonds,” says Leanne. However, she notes, “our vision is so much bigger.”
“The blockchain is re-imagining the world’s luxury goods supply chain. —Leanne Kemp, Everledger
Now, Everledger is gradually expanding its reach and has partnered with other organizations—Vastari for art, Chai Consulting for wine, Britannia Mining for commodities trading, and SAP Ariba for supply chain—with the goal of providing much needed provenance for risky goods. What luxury product will be next for Everledger?
- IBM: Blockchain to Transform IoT, Supply Chains, and the World Around Us
- Blockchain Security: Choosing a Platform Is Only the First Step
- How Hyperledger Fabric Delivers Security to Enterprise Blockchain