This document discusses Microsoft's Project Bletchley and blockchain initiatives. It provides an overview of blockchain regulatory compliance capabilities, digital transformation opportunities in financial services, and the large number of financial services regulators engaged. It also discusses blockchain characteristics, opportunities, challenges, and use cases across multiple industries including supply chain management, Internet of Things, and more.
5. Regulatory Compliance
Microsoft cloud services have the largest compliance portfolio in the industry
United
States
HIPAA /
HITECH
FedRAMP
JAB P-ATO
FIPS 140-2 FERPA DISA Level 2 ITAR-readyCJIS21 CFR
Part 11
IRS 1075 Section
508 VPAT
Industry
ISO 27001 PCI DSS Level 1SOC 1 Type 2 SOC 2 Type 2 ISO 27018Cloud Controls
Matrix
Content Delivery and
Security Association
Shared
Assessments
Regional
European Union
Model Clauses
United
Kingdom
G-Cloud
Singapore
MTCS Level 3
Australian
Signals
Directorate
Japan
Financial
Services
China Multi
Layer Protection
Scheme
China
CCCPPF
New
Zealand
GCIO
China
GB 18030
EU Safe
Harbor
ENISA
IAF
6. DIGITAL
TRANSFORMATION
Leading edge regulatory
compliance capabilities
empowering financial
services
“The cloud is
inevitable…
But right now the
timing isn’t right.”
Two years ago…
“Tell me how to get
there in a safe
compliant way…”
Today…
Over 45 Financial Services Regulators Engaged
in Last 12 Months
Customers are Moving!
7 of the Top 8 “Too Big to Fail” Insurers
17 of the Top 26 “Too Big to Fail” Banks
Are Now Committed to Our Cloud…
Online Services
(All Customers)
Financial Services
Amendment
(FS Only)
Financial Services
Compliance
Program
(FS Only)
Regulator Right
to Examine
Institution is accountable
& in control
11. Technical View ..
Traditional System
Centralized system
with stored ledger
Blockchain System
Distributed system
with distributed ledger
12. Characteristics .
Cryptographically Authentic
Uses tried and true public/ private signature
technology. Blockchain applies this technology to
create transactions that are impervious to fraud
and establishes a shared truth.
Shared
Blockchain’s value is directly linked to the number of
organizations or companies that participate in them.
There is huge value for even the fiercest of competitors
to participate with each other in these shared database
implementations.
Distributed
There are many replicas of the Blockchain
database. In fact, the more replicas there are, the
more authentic it becomes.
Ledger
The database is a read/write-once database so it is
an immutable record of every transaction that
occurs.
13. Characteristics ..
Control
Access to Data
Traceability
Data integrity
Immutability
Real-time
Traditional Databases Distributed database
Centralized control provides efficiencies but
requires trust in a central entity
Decentralized control reduces dependency on trusted
parties
Tracked through rights and permissioned access
managed centrally
Non-trusted participants can may be allowed to join the
blockchain with restricted access to data
Complex data dependency and business model
makes auditing difficult
Easy traceability due to combination of IDs and history of
transactions
Subjective protocols and techniques to ensure
security while providing more control.
Manipulation of historical interactions with data
is possible and immutability is lost
Cryptographically signed history maintains data integrity.
Unchangeable transactions on the blockchain make it
immutable but gives lesser control
Prolonged query times for large databases
reduces possibility of real time reporting
Shared ledger and sync-ing enhances response time for
reports
Source: Private blockchains are more than “just” shared databases – a MultiChain blog
14. Opportunities
Blockchain can bring greater transparency, security, and efficiency in our current business processes eliminating
inefficiencies. It can enable new business models based on distributed marketplaces and technology
Grow Revenue
Reduce Fraud
Increase Speed
Efficiency
Eliminate intermediaries
Build New Relationships
Enter New Markets
Transformation
15. Network Types .
Public Private Consortium
Many, unknown participants
Writes by all participants
Reads by all participants
Consensus by Proof of Work
Known participants from one org
Write permissions centralized
Reads may be public or restricted
Multiple algorithms for consensus
Known participants from multiple orgs
Writes require consensus of n
participants
Reads may be public or restricted
Multiple algorithms for consensus
Public
blockchain
Person a
Woodgrove
Financial
Person B
Northwind
Traders
Bank 6
Bank 1
Consortium
6
Bank A
Blockchain
Location 1
Location 2
Location 3
Location 4
Department
A
Department
B
Consortium
Woodgrove
Financial
Contoso
Bank
Northwind
Traders
Bank b
Insurance c
Investment
consortium
c
16. Network Types ..
Public Blockchain
( Permissionless)
Private/ Consortium Blockchain
( Permissioned)
Access
Speed
Transaction
Security
Identity
Examples
Open Read/Write access to the
database
Permissioned Read/Write access to selected
nodes
Slower Faster
Proof of work/ Proof of stake Pre- approved participants
Anonymous / Pseudonymous Known identities
Bitcoin/ Ethereum R3 / Eris Industries / Multichain
17. Consensus Algorithms
Proof of Work
The Proof-of-Work (PoW)
method asks users to
repeatedly run hashing
algorithms or other client
puzzles, to validate
electronic transactions in
exchange for the
opportunity of a reward.
Proof of Stake
In Proof of Stake (PoS)
based blockchians the
creator of the next block is
chosen in a deterministic
(pseudo-random) way, and
the chance that an account
is chosen depends on its
wealth (i.e. the stake).
Proof of Authority
Proof-of-Authority (PoA)
uses a hard-configured set
of "authorities" - nodes that
are explicitly allowed to
create new blocks and
secure the blockchain. This
makes it easier to maintain a
private chain and keep the
block issuers accountable.
Voting
“Voter” nodes can vote on
which block should eb the
canonical head at a
particular height.
The most recent block with
the most votes is considered
the canonical head of the
chain. A block is only
considered valid once a
given threshold of votes has
been received from valid
voters.
19. Evolution .
Smart Contracts are unable to access external data or events based on time or market conditions.
Calling code or data outside of a Smart Contract or blockchain breaks the general trust barrier and authenticity of transactions.
Cryptlets will allow the blockchain to access external data securely, while maintaining the integrity of the blockchain.
28. Challenges
Co-operation & Establishing Standards
• In order to gain widespread adoption, standards need to be agreed between
participants that create a common set of protocols for individual firms to adopt.
This is challenging given the number of participants that need to come to
agreement
• For some markets “Critical mass” will be achieved by a smaller group that will then
work together and create de-facto standards
Regulatory Framework
• Regulators will focus on how blockchain achieves outcomes
that align with regulatory concerns (e.g. AML/KYC,
Resilience, Recovery and Resolution)
• Specific local regulations such as specific Asian data Secrecy
requirements will need to be met
• Negative connotations associated with bitcoin impact on
regulator’s perceptions
Scalability & Resilience
• Bitcoin’s transaction capacity (~3 transactions per
second) precludes mainstream capital markets
adoption
• Regulators concerns around operational resilience will
need to be satisfied
Legal Framework
• To trade significant values of assets firms need to ensure that they
can perfect legal title to the underlying asset recorded by the
tokenised asset in the distributed ledger
• An identified challenges is achieving a uniform legal framework
across a distributed set of peer parties with no centralised authority
Settling value in “real money”
• Any mainstream application will need settlement certainty in
real money
• Tokenized solutions pose an added layer of settlement and
counterparty risk that will not be acceptable
Legal and regulatory, rather than technology are primary barriers for blockchain adoption
31. Use Cases .
Blockchain has the potential to disrupt multiple industries
Retail & Manufacturing
Financial Healthcare Government
32. Internet of Things
Freight Transportation
• Moving freight is a complex process involving different
parties with different priorities
• An IoT-enabled blockchain can store the temperatures,
position, arrival times and status of shipping containers as
they move through the system
• Indelible blockchain transactions ensure that all parties
can trust the data and take action to move the product
quickly and efficiently
Components tracking & compliance
• The ability to track the components that go into an aircraft,
automobile, or other vehicle is critical both for safety and
regulatory compliance
• IoT data stored in shared blockchain ledgers enables all
parties to see component provenance throughout the
vehicle’s life
• Sharing this information with regulatory agencies, shippers,
manufacturers and so on is secure, easy, and cost-effective
Log operational maintenance data
• IoT devices track the state of safety of critical machines and their
maintenance in your organization
• From aircraft engines to elevators blockchain provides for a tamper-
free ledger of operational data and the resulting maintenance
• Third-party repair partners can monitor the blockchain for
preventive maintenance and record their work back on the
blockchain
• Operational records can also be shared with government entities to
verify compliance
Smart Vending Machines, Package Drones, Machinery
Maintenance
• Vending machines could automatically pre-order and pay for
the delivery of more soft drinks before they run dry
• Factory machine could monitor their own componentry and
initiate and pay for required maintenance and parts
automatically.
• Package delivery drones could not only verify a recipient’s
address but also collect payment once that verification has
been received
33. Supply Chain
PRODUCER
Food Processor
Milk producer supplies Milk to
Food Processing Company
SMART CONTRACT
IoT Enabled
The package has to be
maintained at :
Temperature < 10º C
Humidity < 65%
The terms of shipping are
registered using a smart
contract on the Blockchain
Origin
8ºC
60% Warehouse Carrier 2 Store
CARRIER 1
Warehouse
CARRIER 2
Retail Store
9ºC
64%
9ºC
64%
11ºC
66%
At various points in the journey, the IoT device from the package sends the Temperature & Humidity data which are recorded on the blockchain
SMART CONTRACT
UPDATED
11ºC
66%
The conditions of the contract
have been violated.
Carrier 2 is liable for penalty as
the temperature of the package
when it reached the retail store
was above the prescribed limit
The Food product is sealed in an
IoT enabled package for shipping
SHARED LEDGER
34. Scenarios
Asset Titles
Diamonds
Designer brands
Car leasing & sales
Home Mortgages & payments
Land title ownership
Digital asset records
Government
Voting
Vehicle registration
WIC, Vet, SS, benefits, distribution
Licensing & identification
Copyrights
Identity
Personal
Objects
Families of objects
Digital assets
Multifactor Auth
Refugee tracking
Education & badging
Purchase & review tracking
Employer & Employee reviews
Media
Digital rights mgmt.
Game monetization
Art authentication
Purchase & usage monitoring
Ticket purchases
Fan tracking
Ad click fraud reduction
Resell of authentic assets
Real time auction & ad placements
Computer Science
Micritization of work (pay for
algorithms, tweets, ad clicks, etc.)
Expanse of marketplace
Disbursement of work
Direct to developer payments
API platform plays
Notarization & certification
P2P storage & compute sharing
DNS
Medical
Records sharing
Prescription sharing
Compliance
Personalized medicine
DNA sequencing
IoT
Device to Device payments
Device directories
Operations (e.g. water flow)
Grid monitoring
Smart home & office management
Cross-company maintenance markets
Payments
Micropayments (apps, 402)
B2B international remittance
Tax filing & collection
Rethinking wallets & banks
Consumer
Digital rewards
Uber, AirBNB, Apple Pay
P2P selling, craigslist
Cross company, brand, loyalty tracking
Supply Chain
Dynamic ag commodities pricing
Real time auction for supply delivery
Pharmaceutical tracking & purity
Agricultural food authentication
Shipping & logistics management
Financial
Trading
Deal origination
POs for new securities
Equities
Fixed income
Derivatives trading
Total Return Swaps (TRS)
2nd
generation derivatives
The race to a zero middle office
Collateral management
Settlements
Payments
Transferring of value
Know your client (KYC)
Anti money laundering
Client and product reference data.
Crowd Funding
Peer-to-peer lending
Compliance reporting
Trade reporting & risk visualizations
Betting & prediction markets
Insurance
Claim filings
MBS/Property payments
Claims processing & admin
Fraud prediction
Telematics & ratings
39. An Open Cloud
HyperScale
EnterpriseGrade
Hybrid
We’ve delivered an open, broad, and flexible
cloud acrossthe stack
AzureBaaS
Applications Management Clients
Web App Gallery
Dozens of .NET & PHP CMS and Web
apps
Infrastructure Databases App Frameworks
SQL Server
+Hundreds of community supported
images on VM Depot
46. Marketplace
A bank, defines a certified Commercial Loan
SmartContract and places it in the
Marketplace, charging $10 per use
Company A wants to raise funds to kick off a
new campaign and needs a loan to do so,
they create an instance of the SmartContract
filling in the details and putting it on the
ledger, the Bank gets $10
Blockchain ledger
Investors see the Commercial Loan SmartContract
and agree to its terms and signs the SmartContract
putting it in force and action
48. Cryptlets .
Securely Bridge off- to on-chain
Cryptlet to Chain binding
Key management integration
Routing and reliable delivery
Written in tech of your choice
Code attestation travels with transaction
Agnostic to blockchain below
Hosted in any cloud, on prem or internet
Smart contracts enforce data validity –
hoist rich business logic to cryptlets
49. Cryptlets ..
Limitation Example
No notion of real world time Do something @ specific Time i.e. 4:00 PM EST
Do this every 5 minutes
Can’t react to real world events directly Do this when oil hits $40 a barrel
Code execution scaling is not straight forward I need this to run FAST
Hard to implement libraries, versioning is DLL Hell How do I get code reuse?
I need to version a referenced SmartContract
Code in the clear in all cases My algorithm is company IP
Trusting and using external code or data is
dangerous
How can I trust this data hasn't been tampered
with?
Is this code running in isolation?
50. Cryptlets ...
Blockchain ledger
A bank, hedge fund and
insurance company enter into a
SmartContract
Everyday at 4 PM EST it needs a calculated rate like:
(LIBOR * .04%) + Diff(Gold)
51. Cryptlets ….
Cryptlets oracles
(+)Trust with Verification – trust hoster (HTTPS),
trust Cryptlet key & trust enclave signature
(-)Requires trust but no formal verification
(+)Standard Infrastructure - Hardware based
isolation and attestation via enclaves available
Globally in Azure
(-)Custom – write & host separately and
establishing trust difficult
(+)Integrated developer use with Aspects and
tooling
(-)Custom – write your own
(+)Marketplace for publishing and discovery (-)No common marketplace, no publishing or
discover tools
(+)Bletchley Cryptlet SDK frameworks to get
started quickly creating and consuming Cryptlets
(Utility, Contract)
(-)Platform specific, documentation sparse
(+)Multiple language options as well as
blockchain agnostic
(-)Custom
58. SIGN UP FOR AN AZURE ACCOUNT
https://azure.microsoft.com/en-us/solutions/blockchain/
PLAY AROUND WITH VARIOUS TEMPLATES
https://azure.microsoft.com/en-us/documentation/templates/
SETUP BLOCKCHAIN ON AZURE
https://github.com/Azure/azure-blockchain-projects/tree/master/baas-
artifacts
Getting Started
ONCE YOU FEEL CONFIDENT, ESTABLISH A LAB
Create your own DevTest Blockchain Lab
• Contact us with any questions BaaS@Microsoft.com
• Keep up-to-date https://azure.com/blockchain