David – Yes, a licensed user will have to scan the bottle confirm the leger in the Chai Vault. That could be the seller, if they are licensed. A licensed authenticator (which can be someone in the employ of the vendor, or a contractor brought in) will have to be the one to inspect and add in new bottles and update a ledger with a new condition report – when needed.
For the last year, I have been training 20 people all over the globe (Australia, Singapore, China, Macau & Taipei, HK, USA, Canada, UK, France, Switzerland & Italy) to be authenticators using my method and standards. There are more interested, and we are going to have a second group start training soon. So, there will be people to complete the authentication and certify secondary market bottles in the vault.
Currently wines that are offered for sale are inspected (theoretically) for sale. The firm puts the “trust us” sign out and the sale moves forward. I find millions of dollars per year in people’s cellars of wines that are fakes which have made it through this system. Some firms are really trying – others rely on plausible deniability – others clearly rely on paralyzed, blind inspectors. Regardless - any bottle purchased is only authenticated for that sale: should the buyer want to sell the same bottle in the future the bottle will have to be inspected again. This also costs money and resources.
Chai Vault certification takes care of the authentication for the lifespan of the bottle. Labor costs may vary, but the cost of the hardware, creating the ledger and software is less than those who currently offer stickers and chips only. And the more chips a vendor orders, the cheaper the manufacture gets. You are looking at just a few dollars per bottle for the chip and the software. We are less expensive than other, less robust, technologies.
The only people that will use the Chai Vault will be people r=trained and licensed by me. We have built in oversight protocols so that if an individual authenticator is effing up - their license is revoked and their ledgers scrutinized / revisited.
Other competitors may try and make similar systems - but it will not be with my The Chai Method authentication techniques and standards, and Everledger’s blockchain technology.
The owner’s name is encrypted from other’s views. R_Gilbane would always look like that to you, but when you go to sell wines others would see some number and letter code, so your name, and any private details, are not all over the internet. We also encrypt some docs regarding sourcing info of direct wine. With multiple vendors as licensed users we do not want our users to be seeing and poaching allocations from the negotiates, distributors…. So that has been addressed already as well.
If they die - the next generation can definitively prove provenence and authenticity using the ledgers. How great will that be?
In the supply chain world, Blockchain is the trendy topic and presented as the answer to … well … everything. I share the skepticism to some degree but also the hope we can gain better transparency - whether for wine or other goods.
I did recently meet a young woman who has started a company that embeds RFID information into basically a thread which can be woven into apparel - providing continuous tracking of the individual item from initial fabric through customer’s use. For example, a store where I bought a t-shirt would be able to flag when I returned to that store and have a sales person suggest items to go with, etc. Pretty astonishing - and potentially … interesting.
Greg – just a chip is what others are doing. Just a chip can be counterfeited. Just a chip (if not destroyed in removal) can be reused on an empty if there is no ledger against which to compare the bottle using more than just a chip. Just a chip under a label, or imbedded in the glass – is ideal authentication for a refill. Prooftags can be 3-d printed top look just like the real thing. I’ve seen them peeled off and reused on counterfeit Roumier. AND - How many owners actually scan and check all the anti-fraud BEFORE they purchase? Lots of people will be stuck with counterfeit bottles that “looked ok” because they have counterfeit single layer packaging. Anything that is label and glass only based can used to substantiate a refill.
(QR codes are for marketing)
How many of you have asked for verification of the anti-fraud on bottles before making a purchase? Has anyone asked for visual proof? Do you even know what the anti-fraud is? Even if supplied with assurances that the anti-fraud is in place and correct for vintage, you still have to rely on the good ole “trust us” from the vendor when it comes to provenance.
Chai Vault, blockchain certification gives us so much more: The point is not only to authenticate, but to give the buyer transparency BEFORE making a purchase on both authenticity and provenance – and to have all that info transfer with purchase to be useable agian. If the buyer can see proof of authenticity (including who the authenticator was, where and when) ONLINE with all the provenance history (available) about the bottle in an immutable, timeless, distributed ledger – BEFORE making the purchase, we have brought a level of transparency to what is now an opaque market which relies on “trust”. Ask David Doyle how that worked for him.
Bottles are easier than diamonds. Diamonds get acid washed and re-cut. Everledger can still verify them through that process. We employ many of the same data points in the blockchain ledger for bottles (over 60 data points plus images and docs) that they do for diamonds. Again – they are doing this with computer parts, meat and produce as well. Once you really understand the power of the blockchain it you can see the strengths it brings, and the possibilities for logistics and inventory tracking and control.
A lot of my questions have to do with the cost/business model? Assume the producers/bottlers pay for the initial bottling/tamper protection costs? Is there a transaction fee every time a bottle changes hands or is verified? At the end of the day of course all costs are passed to the consumer, but curious how it is structured along the way?
Beware. Big brother is watching you! The gummint will track your wine bottle and determine when you opened it. They will then tell your insurance company, which will pull your life insurance if you drink too much.
Jay, I think there are two issues here. First is how to uniquely identify individual bottles without having that “identity” transferable or able to be cloned. The second issue is integrating those unique identities into a blockchain which is nothing more than the distributed cryptographic ledger of those bottles identities. If it were up to me to accomplish the first part I reckon I’d probably go with a contactless tag that contains a secret asymmetric key and embed that into the capsule over the cork. Or even integrate it into the top of the cork itself. If it’s removed/damaged/coravined the tag is physically damaged and ceases to operate, rendering the bottle unable to be authenticated. So that would solve the transfer or cloning issue. Then I’d embed a cryptographic challenge into the blockchain ledger for the tag. So each ledger entry for any given bottle will have both certainty of the bottle identity and the ledger entry in the blockchain.
It’s doable, but not simple. Getting security right is really hard. This would be no exception. But in the long run it would be a way to provide as much of a guarantee with regards to what’s actually in the bottle when compared to current technologies.
I also recall some time ago reading about a epoxy/glitter elliptical curve cryptography technology that basically did ECC calculations off the diffraction of light shone through the epoxy/glitter medium. I reckon if that could be leveraged to provide a thin cap (similar to a wax seal on a bottle under cork) on top of the bottle that would be damaged if tampered with could also work. That said my memory could be slipping and my googling doesn’t really produce any results for this tech.
This idea has some promise, but the critical component is not the block chain, it’s the tag on the bottle that cannot be disturbed without destroying it. The only value I see to the block chain is maybe to people in the chain before the end user. Let’s define the end user as the person who actually opens the bottle, as opposed to the retail buyer who intends to hold and resell. To the end user, your system could just as well give him a sensor that reads the tag and tells him the bottle is the one that it is supposed to be just before he breaks the seal. Come to think of it, why couldn’t the people in the chain just get sensors that confirm that the tag is under the bottle? So long as the tag can’t be spoofed, that would work. What does block chain add? It allows third parties to figure out who supposedly owns a particular bottle if the anonymity of block chain technology is avoided, but who wants to let John know that Sam owns a bottle of 2023 La Tache?
Blockchain, fundamentally, allows a group of people who don’t trust each other to agree on some digital data. If there is a company, government, or other organization in charge of vetting the data, the blockchain is not adding anything. Might as well just have the producer, certification authority, whoever, publish a database and a SHA-2 hash of it. That type of security model has been used with great (though not by any means perfect) success for software updates. Maybe there’s a slight increase in security because multiple parties are each holding their own copy, so it would be harder to diddle with the contents and the hashes.
It’s hard to believe that the industry would switch en masse to a new expensive system when, apparently, some sellers aren’t even checking the serial numbers that do exist. Didn’t one of these fakers get caught serving the same number bottle in more than one dinner? A QR code on each bottle would, in fact, be very helpful, but only if auctioneers and purchasers scanned them. If you trust your authenticator, that QR could even be applied to existing bottles. Could it be duplicated? Sure, it’s just a really long serial number. But it would drastically cut down on the ease of fraud if it were easy to look up the chain of custody, even past some arbitrary point. Anyone trying to sell any quantity of bottles would have to do so without attracting the attention of the legitimate owners, or past owners.
I don’t in any way want to talk down what Maureen Downey and company are doing to make fraud more difficult, but anything with “blockchain” on it is basically 90% b.s. at this point, so it makes me substantially more skeptical, not less. History is littered with “unbreakable” cryptographic systems whose creators made incredible claims about security. At this point, without a positive third-party audit by somebody like Bruce Schneier, I would bet money that there are serious flaws. A quick google didn’t turn up any audits at all.
I think what the block chain provides is a distributed ledger that everyone agrees on and yet no one individual controls. So in Walter’s example above, what’s to stop a malicious actor from hacking the producer, certification authority, etc database and include their own spoofed hashes in the database. At best it would lead to bad press for the DB owner, at worst it would cause them financial loss due to the mistrust the compromise imparts on customers. That’s the “killer app” of the block chain, the fact that no one person or entity controls it. It also helps because it provides a “chain of custody” from a bottle being entered into the block chain to the present despite how many times it changes hands. It could be anonymously recorded or not, that could be determined by the current holder of the bottle that’s on the ledger.
Sadly none of this would address storage/provenance issues but it would go a long way to ensuring the juice in the bottle behind that fancy label is actually what it claims to be.
Anyone who describes their crypto system as unbreakable is most likely a hack (no offence Jay!). Mathematically cryptography is quite strong, it’s the implementation into a system (hardware or software) where the troubles come into play. Schneier would agree with that statement I suspect. Strong crypto doesn’t necessarily deliver good security but strong crypto and a solid implementation does have a better chance of being and staying secure when compared to weakly implemented crap that relies on whatever buzzworthy crypto that’s current in the market to prove its worth.
Specifically regarding block chain tech, I’ve not seen a serious “takedown” piece that pulls apart the foundation on which it’s built. I have seen plenty of cryptocurrency website compromises and cryptowallet issues. but none of that is down to the block chain or bitcoin per se, more so the crap people have cobbled around it to make it a “useable” system.
Oh, I wasn’t talking down cryptography or blockchain in general. When done well, as you say, they are on incredibly solid footing. But they are also families of technology, and everything depends on how they are used. When someone says, our data is protected by cryptography, do they mean the website connections, data in transit, data at rest, encrypted vs. merely signed, what ciphers, and most importantly, what security researchers have audited for vulnerabilities?
I read a technical presentation on the IBM Hyperledger that it’s based on, and it seems like a standard IBM turnkey solution. Which is to say buzzword-compliant, and probably decent implementation. It’s based on Ethereum, which as I understand it is well-audited and a good choice when you want large numbers of concurrent transactions. My B.S. detector really went off when it says they protect against “Snowden attacks”, which is where the sysadmin is able to bypass the normal security restrictions and export data wholesale. That seems clearly impossible. Systems need maintenance, and most importantly they need security updates. A sysadmin has to be able to get in there and update things, just like on your home computer. You can try to minimize the access, but systems are going to have privileged users at some level.
Reading between the lines a bit, it seems that the blockchain part of the system is used so that multiple independent entities are running their own virtual servers inside containers within the same physical system. Which I don’t understand the value of, because well-implemented blockchain works just fine with truly distributed nodes. Again, the secret sauce in the authentication of physical goods is the trust that someone has verified the item accurately.
Again, I’m just an enthusiastic amateur (though I’ve been following cryptography since 1999 or so when one of my dorm-mates started a distributed computing project to break RC5, a symmetric block cipher that was popular in the 90s).
That was exactly my response, Eric. I absolutely see the value of respected authenticators combined with the ability to check against the unique physical characteristics of the bottle. That all makes perfect sense. And someone like Maureen is the ideal person to do it. But when I hear “AI”, “blockchain”, “Internet of things”, without a clear application, I immediately assume I’m being sold a bill of goods.
I did read some of the job listings for Everledger, they are looking for generalists, so-called “full stack” developers who know how to code a webpage and deploy it. But there’s a whole wish list of skills after that (again, this is nothing sinister, I do the same thing when I’m writing a job description for a technical person; no harm in seeing if there’s a unicorn out there). Pretty generic, and lots of copy-pasting. “Deep learning, computer vision, Experience with AI tooling such as Tensorflow, or Scikit Learn, … , Cryptography, Cyber Security, …, Deep learning, computer vision, …, Experience with AI tooling such as Tensorflow, or Scikit Learn, Cryptography, Cyber Security, Machine learning, Computer vision, …” It’s a relatively early startup, and they just raised $10m in a “Series A” round which means that some VCs are putting in some real money, hopefully the technology will become more clear quickly.
We are adopting, and will be improving on, existing Everledgerhttps://www.everledger.io/ AI functions to recognize authenticity faster and more precisely than can the human eye. This is technology that already exists to vet handbags, perfume packaging and other products for some of the world’s the top luxury brands.
We are creating a streamlined processes for secondary market wine inspection to eliminate or reduce the time needed for initial inspection or re-inspection/ verification of a ledger based on AI. For Chai Vault use, scan results can confirm and match a bottle to the ledger automatically, or fail if a bottle shows deviation from the ledger. For bottles not yet certified and inputted in the Chai Vault, scanning can result in a match with authenticity, be markedly counterfeit or need more human inspection. It’s Hot Dog, Not Hot Dog, or needs more physical inspection to determine.
Certification in the Chai Vault includes over 90 data points, and requires individual bottle images, and input of proof of provenance when possible. The more we can automate that system - the better. Integration with existing POS & inventory systems can help pre-populate many fields - as you are abundantly aware, Eric. Of course initial input of individual bottles of secondary market wines is more time time consuming and takes more inspection time as while wine info may pre-populate, many aspects of the bottles unique condition and characteristics will not. Also - authenticators will have to make the final call as authentication is as still much more of an art than a science. But once that data has been uploaded and tied to the chip creating the bottle’s blockchain ledger, future recognition of that particular bottle and having to both match its chip ID and it’s “unique thumbprint” can be streamlined through a level of automation. That is possible through AI.
Buzzwords may be what many of you see here, but we see existing technology that is changing the world: From the elimination of blood diamonds and conflict stones (Everleger started to support the UN Kimberley Process Resolution), to the way luxury brands are protecting themselves, to how your food gets to your table, blockchain technology and AI are real and are already in place. You would be astounded to know how many farmers are already using blockchain technology to track their products, and how many food purveyors and even fast food companies are using blockchain technology to verify the authenticity and provenance of their raw products.
Eric, I think that the term AI has taken on a commercial usage that does injustice to the term Artificial Intelligence. It seems to now be in general use for camera based inspection systems.
I was at brunch with a couple that we meet in NYC about once a month. I was told that their son, who apparently is fabulously wealthy, had founded and owned an AI company. When I inquired as to the company I received a company name that I was not only familiar with, but one that I have been doing business with for a number of years. They are basically a very advanced vision inspection system company. They are very innovative, but AI, not by my definition or standards.
I guess it is the evolution of the term. If you are in the engineering or computer field, AI takes on another dimension that is way beyond capabilities being referred to as AI outside of those technical fields.
Labels could have similar technology to US currency like watermarks and security threads. That would be a huge hurdle to overcome and very easy to identify with optical technology not requiring sophisticated “AI”
![[soap.gif]](/uploads/db3686/original/2X/a/a7ea1fffd3ef237e8f19d17a83270ad8452218ca.gif "soap"){kind=small}
