Over the course of the coming years, the web could permeate even more aspects of our lives than just computers and smartphones. The new smart devices are fridges and bicycles, forklifts and robotic vacuum cleaners, trucks and industrial machinery. In this internet-of-things, devices measure data points to adjust their workings and exchange data with users.
But how do IoT devices record, store and transfer their data in a secure manner? And is decentralized technology the right approach technology for identification and certification in the internet-of-things? Internet Entrepreneur Stephan Noller has answers – and provides insights into the development of Europe’s first digital vaccination certificate.
Our Guest: Stephan Noller, CEO at UBIRCH
Psychologist, Internet expert, deep-tech serial entrepreneur. Cologne, Tel Aviv, Dubai. Stephan Noller has pursued software, blockchain and data-exchange projects with international appeal. He is the founder and CEO of UBIRCH GmbH, but he also co-founded a variety of other businesses, like Calliope gGmbH, which created an educational micro-computer for schools, or nugg.ad, the European market leader for targeting technology.
Together with a consortium of renowned companies, the Cologne-based company has developed and is operating the official infrastructure of the EU Digital COVID Certificate for Germany.
trimplement: Stephan, last time we met at a finfinity meetup in 2018. Back then, you predicted that by 2028 we would no longer own our home appliances. Rather, we would enjoy “Coffee-as-a-service” or the like – subscribe to an internet-of-things provider and get our devices with the subscription. Would you say we are still on track?
Stephan Noller: Well, in the meantime we had this little thing called the pandemic. And it changed up quite a few things worldwide. On the one hand, it pushed digitization. A few sectors, like the educational sector, advanced and will not go back (except in Germany maybe). On the other hand, in the industrial sector, a big disruption happens. Companies are struggling to reorganize their supply chains, manage missing parts, and so on.
I would say, in terms of economic growth and development of new features and solutions, the pandemic delayed us. And now we have a war in Europe, too. It’s no longer the linear growth we anticipated back then. Nevertheless, I think Gates’ law applies: In the short run, we overestimate. In the long run, we underestimate.
trimplement: So, you stay confident?
Stephan Noller: I believe the shift from ownership to service subscription models is still ongoing. Mobility, home appliances, or the like will move in that direction. Internationally, the adoption of what I call the “Digital Layer” proceeds. Maybe we will see a little delay, but I am confident, yes.
trimplement: You had the opportunity to make the healthcare industry a little more digital. Your company UBIRCH has worked together with IBM to implement the digital vaccination certificate for the German Department of Health. What were the challenges?
Stephan Noller: When you think about the German healthcare ecosystem, you realize it’s complicated, slow, and not very digital. Then you suddenly find yourself in a pandemic. And the German health ministry requires you to develop a vaccination passport solution for every citizen in Germany within 3 months’ time. A solution that cannot be hacked and that can be made available all over the country, mind you.
trimplement: Tough call.
Stephan Noller: Yes, but we made it, thanks to our groundwork. As one of the first digital vaccination certificates in Europe, Ubirch had a pilot project in Altötting, Bavaria which was been deployed to citizens and tested regarding privacy concerns. We had our trust platform, to run such projects on. Also, security checks were already in. This was the basis to form a great partnership with IBM and thus, we could get the solution ready within 3 months.
The project now ranks as one of the most successful digital projects of any German government. 3 months time, 50-60 million citizens onboarded, 250 million certificates issued – it’s impressive by the numbers.
trimplement: How was the solution received?
Stephan Noller: We saw high acceptance, with citizens lining up in pharmacies to get a QR code. Now German citizens know that health care products can be fully digital. And that they don’t have to worry about privacy – we deployed a very privacy-friendly architecture, in compliance with GDPR.
We tried to make it as accessible as possible for elderly people, too. Even my father, who’s approaching 90, has it, on a plastic card with a QR code because he doesn’t have a smartphone.
trimplement: Yeah, I have one of them, too.
Stephan Noller: Yeah, and if I would have told you back in 2018, that we will see digital health care products across the country, you wouldn’t have believed me.
Of course, we had the pandemic – no one wanted this to be the inciting incident. But still, it proves we can make digitization happen much faster than we often think. Expectations also changed: Now even older people in the countryside wonder: Why do I get my yellow fever vaccination certificate on paper and not as a QR code? Good question!
trimplement: At the same time, in Asia, this has become the standard.
Stephan Noller: Yes. But the project wasn’t just a German effort. The digital standard of the vaccination certificate works across the EU. And even beyond: Today, more than 60 countries around the world have settled for this standard, too. So we can say, Germany and the EU really pushed boundaries here.
trimplement: Your company UBIRCH works with the security protocols on the Blockchain. What does that look like?
Stephan Noller: Well, for one, I would say we are a cryptography backend. We call it the Trust Platform and this has blockchain adapters. In some cases, blockchain is a good solution. Like for establishing a certain level of trust or storing assets in a digital way, so they can be queried and verified.
“Blockchain is very good where you have multiple endpoints with the same authority – a distributed ecosystem, in which different stakeholders want to agree on data validity.”
Stephan Noller, CEO of Ubirch
Trimplement: Why is that?
Stephan Noller: Well, let’s take an example:
Say you want to establish a digital ownership certificate for your apartment. And you want to establish it in a way, that its persistence and validity exist out of your immediate control. Just like you would expect from a certificate you get in the notary. If you want to claim ownership of your flat or sell it to someone and move the ownership to another party – what you need there is infrastructure everyone trusts, everyone sees as valid.
In IT projects it’s the same. Whether it’s your digital vaccination state or proof of ownership of digital art or property documents. You want to have them in a digital form, that parties all around the world accept and rely on.
And in this case, you need a cryptography backend. It cannot be a simple database that you run in your basement – no one would trust that as you could change records in a database operated by you.
So you need something decentralized and secured. On the blockchain, the data is under control by many independent parties at once. And it would be secured by crypto mechanisms, like asymmetric cryptography.
Now, you can develop that in a project from scratch – happy times. But you could also say: Maybe a blockchain brings exactly what I need.
trimplement: But the vaccination card was not based on blockchain?
Stephan Noller: No. The examples I gave are trying to outline a multi-tier environment, where you have no central authority that organizes it. Because in the case of a central authority like a government, blockchain is not the best solution. Blockchain is very good where you have multiple endpoints with the same authority – a distributed ecosystem, in which different stakeholders want to agree on data validity.
The vaccination certificate was the former: You had a central authority in place, as this certificate allows you to travel or enter public buildings and so on. It’s a typical “central power” project, where the government puts a system in place. Blockchain is not the perfect match here. It’s the domain of more centralized cryptographic solutions like Public Key Infrastructure.
trimplement: And where does Blockchain apply in modern IoT environments?
Stephan Noller: Think of supply chain tracking, for example. There, you typically don’t have a central governing body that’s directly involved in supplying. Rather, you have many players, often around the globe.
Take textile manufacturing: If a customer was interested if sustainability was an issue, if specific chemicals were used, and so on, that would be easy to track back. In a decentralized system you would not have to trust the database of the textile manufacturer – it would be very hard to be fraudulent and alter the records.
trimplement: UBIRCH also creates something that you are calling “Blockchain-on-a-SIM”. What is that exactly?
Stephan Noller: You see, IoT infrastructure of connected devices requires good scaling mechanisms. This assumes that we can provide endpoints – coffee machines, smart fridges, etc. – with a unique, secure identity. And also, mechanisms to issue records – like the number of espressos you subscribed for.
Now, SIM cards already sit in many of those devices. For example, if you buy a connected car today, you have an average number of 14 SIM carts in it – for e-call, for service connections and so on. Cisco Systems made a prediction that roughly one in two edge IT devices will feature cellular uplinks with a SIM Card in the near future. By the way, the SIM card is a quite standardized thing – it’s basically the same in every country around the world. And the SIM card has memory, it has computing power, it can run little Java applets.
“In a decentralized system you would not have to trust the database of the manufacturer – it would be very hard to be fraudulent and alter the records.”
Stephan Noller, CEO of Ubirch
So we approached Giesecke & Devrient, one of the largest SIM card manufacturers worldwide. Together we created a UBIRCH client, that runs on a SIM card. It creates a digital identity with a pair of keys- a public and a private key. That gives the device holding the card its own cryptographical identity. And our technology also allows issuing these certificates – like the vaccination certificates from earlier, a smart coffee machine could issue an espresso certificate.
Now, if you would want to invoice subscriptions and the like, you would have a very reliable mechanism. From the SIM card you can accept these credentials and create an invoice out of that, for example.
trimplement: You often read that the crypto asset industry has a huge environmental toll, regarding power usage. Do you think that blockchain-based IoT systems can be made scalable in an environmentally friendly way?
Stephan Noller: Absolutely, yes. Our technology is made for scaling. Technically you could say that UBIRCH is a kind of side chain platform and we make blockchain much more scalable – which also means you consume much less energy per transaction. That’s how our platform was built from the very beginning on. We achieve 100-times less energy consumption compared to a direct transaction.
The other thing is that the biggest public blockchain infrastructure Ethereum is moving from proof-of-work to proof-of-stake till the end of the year (actually predicted for September 15 at the moment), which will remove the question of energy consumption very much from the equation. It’s the biggest blockchain infrastructure at the moment and they managed to get rid of that computing issue very much by moving to proof-of-stake mechanisms.
But nonetheless, it’s a very important issue. Ideally, these infrastructures should be carbon-positive.
trimplement: Stephan, thank you for the interview.
