September 28, 2022 | Written by: Inna Skarbovsky
Categorized: Hyperledger Fabric | Supply chain
Share this post:
Have you ever thought about the complexity behind operations at a maritime port? The port ecosystem is enormous and involves a huge number of different stakeholders and entities. Each port’s daily logistics include retailers, freight forwarders, carriers, consignees, port authority, container terminals, shippers, shipping agents and more.
Unfortunately, every one of these operators usually has their own digital systems of record, allowing almost no interconnection between peer companies. Stagnant silos of duplicated, unverifiable, inaccessible pools of information are produced, and the real potential of the data goes almost totally untapped.
Now imagine the smart port of the future, with interconnected digital hubs enhancing the supply chain of all operators and carriers. There is a single unified view of the data across the entire chain, serving as a source of truth accessible to all ecosystem stakeholders. This is exactly what IBM is doing in the Port of Valencia as part of the Dataports H2020 EU project. IBM joined forces with the Valencia Port Foundation to modernize the port’s business processes by creating transparent, verifiable and trusted data sharing across the port’s ecosystem. We accomplished this using blockchain technology and Hyperledger Fabric.
The goal: Improve regulatory compliance with digitalized cargo weight verification
One of the common business processes in a seaport involves support for the request and provisioning of a Verified Gross Mass (VGM) certificate. A VGM certificate is a mandatory document, required by the International Convention for the Safety of Life at Sea (SOLAS), attesting to the verified gross mass of cargo in a given container.
By digitizing the VGM process, we would build a system to facilitate compliance with the SOLAS regulations on container weighing for the port logistics community. The digitalized process enables containers to arrive at the port with the verified gross weight, reducing last-minute incidents, congestion and delays at container terminals. In the high-speed, high-pressure supply chain industry, these reduced delays give the port a competitive advantage.
Many different organizational stakeholders take part in the VGM request and weighing process. The shipping company and its representative, the freight forwarder, own the container and request the VGM certificate. The scale operator provides the weighing services and generates VGM. The road haulier transports the containers on land and provides vehicle information such as vehicle weight. The shipping line and its representative in the port — the shipping agent — carry the containers. The port community system (PCS) notifies the port container terminal once the VGM certificate is completed. The port container terminal requires the completed certificate to allow loading of the container on board.
By implementing this solution on top of a blockchain business network, we sought to create a single, verifiable and immutable view of the shared data throughout the entire chain of these stakeholders.
The blockchain serves as an excellent platform for such a solution. Blockchain holds an inherent promise of consensus: no single organization can update or remove a record without approval of other organizations. The shared ledger is replicated to all participants and provides data transparency and a single source of truth. And the blockchain is immutable and final. Once a record is written on the ledger, it is there to stay. But the Port of Valencia use case presented additional data privacy concerns.
Some of the VGM certificate data, filled in by the scale-operator and involving weight operation details and prices, is considered business sensitive. It can’t be shared with the company’s competitors, who are the other scale operators on the network. This data should be shared only with “neutral” stakeholders of the network, such as the PCS, and with the companies involved in the weight request lifecycle itself (such as shipper/freight forwarder, road haulier and shipping line).
Scale operators are blockchain organizations that hold their own copy of the ledger. Theoretically, if all the data, including all weight request data, is replicated in the ledger of all peers in an equal manner, the scale operator’s competitors could gain access to this sensitive data.
Additionally, all data access must be on a “need to know” basis. Each stakeholder needs the ability to access and edit only those weight requests that are relevant to their company, and only those parts of the weight request relevant to the company’s role in the weight request lifecycle.
The solution: Hyperledger Fabric
Hyperledger Fabric, one of the best-known enterprise-grade blockchain technology implementations, offers multiple built-in privacy protection mechanisms, such as certificate authority-based authorization, channels, private data collections and attribute-based access control.
Channels allow us to segregate the blockchain network into multiple sub-networks, each with a separate ledger accessible only to the channel participants. Creating multiple channels, each used by a subset group of blockchain network organizations, allows us to separate the data among those groups, enabling entire transactions to be visible and accessible only to a particular subgroup.
Private data collections can be used to keep sensitive data private from specific channel participants. Private data is shared only among designated blockchain organizations, and their content is not replicated to the peers of organizations not defined as part of the private data collection.
Data access can be restricted to users within the blockchain organization who possess certain attributes, such as a specific organizational role.
Given the richness of these built-in data privacy-preserving mechanisms, we found that a combination of these built-in features would cover all our requirements.
To ensure the privacy of business-sensitive data, possible built-in options in Fabric include using multiple channels or private data collections. We decided to use private data collections for two major reasons.
First, separating the network and ledger data into multiple channels better works for cases where entire transactions or ledgers need to be kept confidential within a subset of network organizations. In our case, we wanted all the network participants to see all the transactions, while keeping only part of the weight record transaction data (such as cost of the weight operation) private from competitors.
Second, multiple channels have management and performance overhead.
To grant data access on a need-to-know basis, we decided to use the Fabric’s attribute-based access control feature. This feature relies on adding additional custom attributes to the user certificate to indicate the user role and company affiliation. The values of those attributes are checked in chaincode to grant the user access only to those records that user is allowed to see, based on their role and company.
Your turn
Now that we shared a real-life use case for the Hyperledger Fabric blockchain in a maritime solution, you should have a better understanding of how to use Fabric privacy features to provide fine-grained role-based access control and preserve data privacy.
