IBM Blockchain is open for business with the announcement of security enhancements within its cloud environment to coincide with the release of Hyperledger Fabric version 1.0.
IBM is also announcing a blockchain-based KYC and digital identity system with SecureKey and a number of Canadian banks, as well as partnership with Beijing Energy-Blockchain Labs to deploy the first carbon assets development platform based on Hyperledger Fabric.
The announcements are being made at InterConnect, IBM's annual 20,000-strong cloud and cognitive developer bonanza in Las Vegas.
Jerry Cuomo, head of blockchain at IBM, pointed out that blockchain networks were only as safe as the cloud infrastructure they resided on.
"For that reason, IBM's High Security Business Network is built on the industry's most secure infrastructure, IBM LinuxONE.
"Secure services containers help guard against privileged user threats and tamper-resistant cryptographic keys ensure the highest levels of encryption for sensitive data," he said.
A few weeks ago Hyperledger Fabric was promoted by Linux Foundation from incubator state to active state and is now at version 1.0. The IBM Blockchain is being refreshed to include Fabric version 1.0.
Cuomo said the High Security Business Network, which underpins the IBM cloud environment, can be thought of as a sub-brand like Intel Inside. He said this can involve physical hardware-based security modules; one of the rules of deployment could be that everyone must keep their crypto keys in a vault, for example.
"It's like a handshake. There is a governance rule that says, when you join our network you are going to put your keys here and if your keys aren't in there then you can't run on this network," said Cuomo.
In detail, the IBM Blockchain security offering meets the industry's highest Evaluation Assurance Level certification of EAL5+, found in highly regulated industries such as government, financial services and healthcare.
It features secure service containers to protect all code throughout the blockchain application, effectively encapsulating the blockchain into a virtual appliance and denying access even to someone with the highest level of security credentials.
Tamper-responsive hardware security modules protect encrypted data for storage of cryptographic keys. These modules are certified to FIPS 140-2, the highest level of security certification available for cryptographic modules.
Cuomo added: "With some security systems, if you are tampering with the vault it will record it in a log. That's like the lower levels of support. But in the case of higher levels of support, if the system is being tampered with it will shut it down within your environment; it will turn your system into a brick and disable all operation for your piece of the network.
"You want to make sure members are using physical security as well, like your software stack won't boot unless it matches a fingerprint of all of the other software stack users in that network.
"This is where the cloud can actually help. We are trying to make running blockchain on a cloud more intuitive and actually flip it around and say, you should always run it this way.
"It is another dimension to the security model. One is the security of the ledger, and the second is the security of environment in which the ledger is running. We are not leaving any stone unturned."
IBM also announced new governance and open-source developer tools for IBM Blockchain that make it easy to set up a blockchain network and assign roles and levels of visibility from a single dashboard. They help network members set rules, manage membership and enforce compliance once the network is up and running.
Once setup is initiated, members can determine the rules of the blockchain and share consent when new members requesting to join the network. In addition, the deployment tool assigns each network a Network Trust Rating of 1 to 100.
Cuomo said the reputation score will inform prospective members of a network how trustworthy and reliable that network is, and also provides hints about how to make it more trustworthy and reliable.
"There will also be policies such as who is allowed to invite new members to come in. One policy is that the founder can have a dictator condition. It can make sense for one company in the business network or a government institution, like a department of motor vehicles, that is more trusted than the others.
"Or you may have more democratic policy, so it has to be a majority of the members vote yes. The more democratic your policies, the higher your trust score. It's early days still but these are some of the things we have learned by having some of these real networks running on IBM Blockchain."
IBM and SecureKey blockchain identity system
IBM Blockchain and SecureKey's digital identity and attribute sharing network, which will go live later in 2017, allows consumers to better control their identifying information and instantly verify their identity for new bank accounts, driver's licences or other utilities, said a statement.
The system is being tested by a number of Canadian banks, including BMO, CIBC, Desjardins, RBC, Scotiabank and TD. The Digital ID and Authentication Council of Canada (DIACC) and the Command Control and Interoperability Center for Advanced Data Analytics (CCICADA), are also invested in the project.
Reducing carbon emissions in China
Beijing Energy-Blockchain Labs and IBM are breaking ground by helping enterprises in China foster carbon asset development, also known as CER (Carbon Emission Reduction) quota issuing.
Following a proof of concept in late 2016, a beta version of the carbon trading platform on blockchain will be released in May. Energy-Blockchain Labs and IBM intend to commercially offer this platform later this year, keeping pace with China's unified national carbon market opening.
Regarding the Energy-Blockchain Labs project, Cuomo said it was another fortuitous example of the Hyperledger Project's reach in building a worldwide community.
"The folks in China they are members of the Hyperledger Project. If it weren't for that, I don't think we'd have ever met them, let alone team up with them to work on a project."