Blog
What is GLOchain?
Background
Since GrowLab Organics Ltd is a Medicinal Cannabis Producer we are required to comply with guidelines and regulations to ensure that our products and services are safe, effective and usable. These requirements instruct us to control our processes, procedures, staff and premises to ensure consistency and quality in our products.
The Problem
At GrowLab Organics we must provide seed to sale tracking, based on regulatory requirements in the British cannabis industry. The quality management systems available to the industry today are not built with the future in mind. Many include costly licensing models and are built on proprietary technologies and subject to vendor lock-in. Cloud-based offerings limit innovation opportunities with restrictive integration options and on-premises solutions require significant upfront investment in both hardware and operational overhead.
The Solution
An immutable and verifiable system of record, built in-house called GLOchain. Combining RFC6962 with sophisticated technologies, GLOchain gives everyone the ability to audit our data, without revealing sensitive information.
Understanding change
In order to comply with regulation we must prove to auditors and regulators that the information we store has not changed between audits. That is, we must prove nothing has been modified after an auditor signs-off our current records. Crucially, at GrowLab Organics we manufacture a controlled substance, an adversary could falsify information allowing them to sell large volumes of pharmaceutical grade cannabis to illicit markets.
An important thing to note is change in a compliant system must be detectable. GLOchain uses a suite of automated testing mechanisms to ensure that information has not been tampered with between audits, if change occurs we are alerted immediately.
Our data guardian
GLOchain is an information storage and retrieval system, in order to provide its immutable guarantees, the following steps occur:
- A unique signature is created for every piece of information which is stored.
- These unique signatures are used to assemble an optimised data structure which can be quickly traversed, to confirm information inclusion and verify immutability.
- A signed electronic certificate is periodically published. This is used by auditors to confirm the systems current state and verify information inclusion and our immutability claims.
A system of truth
Data stored within GLOchain is cryptographically coherent and verifiable, just like Blockchains, but without all the complexity. Unlike Blockchains however, GLOchain can handle millions of transactions per second and survive catastrophic failure.
GLOchain is our system of truth, providing the fundamental building block for creating compliant products and services.
How does it work? Let’s explore the three previously mentioned steps in a bit more detail.
Unique Signatures – To efficiently detect change within GLOchain, it passes each piece of information that needs to be stored through a hash algorithm (we use double-SHA256 for stronger collision prevention).
A hash algorithm takes arbitrary data as its input, known as a “message” and produces a fixed-length output, known as a “message digest”.
The “message digest” can be used to uniquely identify a piece of information based on its content. The output from passing data through a hash function is commonly referred to as a “hash”, we’ll use this terminology going forward.
A common use of hashes is checking a file downloaded from a website, such as a computer program you’ll install on your computer. Ensuring the file you have received is the file they have published and the contents have not been tampered with.
It is important to note the following properties of a hash: A hash can be used to check if data has changed without knowing anything about the contents.
Hashes are a fundamental part of computing. As such, utilities for working with hashes are available on all major operating systems and devices
A hash cannot be reversed, that is—you cannot take a hash and use it to reconstruct the original data.
Optimised data structure – In order to quickly verify nothing has changed across an ever increasing volume of data, we must use each hash to assemble a data structure called a Merkle Tree.
A Merkle Tree is a tree-like data structure, which is a widely used abstract data type that represents a hierarchical data structure with a set of connected nodes.
In a Merkle Tree every “leaf” (node) is labelled with the hash of a data block, and every node that is not a leaf (called a branch, inner node, or inode) is labelled with the hash of the labels of its child nodes.
Merkle Trees allow efficient and secure verification of large amounts of data.Electronic certificates
In order to provide nonrepudiation we use asymmetric cryptography to sign a published record, every time data is added to GLOchain.
Certificates are published to third-party immutable systems such as IPFS and Blockchains, which provide further assurance that data has not been tampered with.
Asymmetric cryptography, also known as public key cryptography is a method of encrypting or signing data with two different keys and making one of the keys, the public key, available for anyone to use.
This type of cryptography is widely used, especially in TLS/SSL, making HTTPS possible which secures over 80% of global internet traffic.
Capabilities – Let’s take a closer look at the benefits of using an immutable system of record for storing all of our data.
Discourage insider threats – A tamper-evident system of record makes it impossible for a malicious insider to cover their tracks.
- Every operation within GrowLab Organics is logged to GLOchain to maintain regulatory compliance. GLOchains tamper-evident log discourages malicious behaviour by increasing the chance of discovery.
- Data transparency protects our users against malicious insiders by making updates visible. Anyone can verify the integrity of our data without having to see the contents.
Simplifies regulator compliance – A tamper-evident log keeps us in control of our audit artifacts and gives auditors confidence in our data.
By using a tamper-evident log to store compliance records, GLOchain keeps them in one place and simplifies presenting them to an auditor. GLOchain cryptographically proves records have not been tampered with.
- A tamper-evident log is a more efficient way of presenting compliance records to an auditor who can easily verify our record history and its integrity.
- Sophisticated access controls ensure auditors view only what is required to complete their task.
Monitor third-party ecosystems – A tamper-evident log enables multiple parties to monitor each other’s actions.
Regulations and compliance can extend to our partners and organisations within our supply chain. Where businesses are required to publish their data, GLOchain can hold a permanent record of their activities.
- Supply chain transparency discourages misbehaviour by making their actions public.
- Tamper-evident logs can frustrate supply chain attacks by providing a shared, global view
Innovation – GLOchains ability to provide immutable guarantees for the data it stores unlocks some very interesting opportunities for innovation.
Counterfeit Prevention with GLOchain
In 2020, a study showed that Pharmaceuticals was the second most affected sector by loss of sales due to counterfeit goods. We are developing an in-house solution powered by GLOchain to provide product verification, ownership and history features as part of our digital patient services.
Software supply chain protection with GLOchain
In 2021, a study found that software supply chain attacks had tripled, impacting some of the worlds largest organisations. Our Software Bill of Materials technology powered by GLOchain provides increased protection from software supply chain attacks by allowing us to verify the composition of our software.
Artificial intelligence development
It was estimated in 2021 the global spend on A.I. development would reach 237.5 billion U.S. dollars, demonstrating the increased need for businesses to cultivate A.I. driven technology in order to maintain a competitive advantage. Using GLOchain as our source of truth and with immutable guarantees, we are exploring ways in which we can build machine learning models to helps us with tasks such as forecasting and autonomous facility management.
Summary
GLOchain is an in-house, purpose built system to comply with the regulations and guidelines which govern the manufacture and distribution of medicinal cannabis. GLOchain provides the following key features, which help to support our mission of helping everyone access medicinal cannabis to treat their condition.
- Created for regulatory compliance.
- Completely transparent auditing capabilities.
- Unlocks new technology opportunities.
- Designed for the future.
We’re working on a wide range of technologies to help us establish stronger connections with our customers and partners. Stay tuned for future updated!
Contact Us
Get in touch
We love hearing from people who believe in the power of cannabis. If you are a patient, a potential supplier or an investor please say hello!