=Paper=
{{Paper
|id=Vol-1688/paper-03
|storemode=property
|title=A Secure Shopping Experience Based on Blockchain and Beacon Technology
|pdfUrl=https://ceur-ws.org/Vol-1688/paper-03.pdf
|volume=Vol-1688
|authors=Remo Manuel Frey,Denis Vučkovac,Alexander Ilic
|dblpUrl=https://dblp.org/rec/conf/recsys/FreyVI16
}}
==A Secure Shopping Experience Based on Blockchain and Beacon Technology==
https://ceur-ws.org/Vol-1688/paper-03.pdf
A Secure Shopping Experience
Based on Blockchain and Beacon Technology
Remo Manuel Frey Denis Vučkovac Alexander Ilic
ETH Zurich ETH Zurich University of St. Gallen
Weinbergstrasse 56/58 Weinbergstrasse 56/58 Dufourstrasse 40a
8092 Zurich 8092 Zurich 9000 St. Gallen
+41 44 632 48 18 +41 44 632 89 15 +41 71 224 73 00
rfrey@ethz.ch vdenis@ethz.ch alexander.ilic@unisg.ch
ABSTRACT 1. BEACON
The present work proposes a novel approach for a future shopping Beacons enables a wide range of new application in retail sector.
system. Customers’ personal data are protected by a blockchain- These are tiny, low-cost Bluetooth low energy devices whose
based storage network. Based on the bitcoin protocol, the system single function is to broadcast a universal unique identifier. If a
transacts encrypted data in a tamper-proof way and is able to run mobile application (‘app’) on a smartphone receives the signal, it
secure multiparty computations while no one but the data owner displays a push notification on the screen to trigger user’s
has access to the input data. Thus, a potential customer is able to attention. For instance, store owners can place one or more
allow a company to apply functions like a recommendation devices in front of the store. Potential customers who pass by are
algorithm without revealing personal data. In combination with a invited to enter the store and/or to check special offers or new
low-energy transmitter (beacon), a completely new shopping products directly on their mobile device. In another scenario, a
experience arises. The beacon automatically triggers a group of beacons can be used for indoor localization. Using
recommendation process based on encrypted personal data. The triangulation, an app is able to guide customers to the shelf
resulting outcome is a recommendation system, a self-checkout containing the searched products. Apple’s iBeacon protocol [4] is
system, and a payment system all in one, thereby full anonymity de facto standard.
is guaranteed and the customer never lose control on her data.
2. CONSUMER PROFILES
CCS Concepts Several marketing studies proved that personalized offers are
• Information systems➝Recommender systems more successful than non-personal ones and the satisfaction of the
• Security and privacy➝Privacy-preserving protocols customers increases [5]. Companies gather customer data and
• Information systems➝Electronic commerce create individual profiles. They use it to predict consumer needs
• Human-centered computing➝Mobile phones and future consumptions, and to optimize recommender systems
for products and services. Sensors from the ‘Internet of Things’
Keywords additionally support the data collecting by observing people’s
Privacy; Blockchain; Beacon; Shopping; m-Commerce; daily life. Sharing such personal data with a company might be a
Recommender System; Self-Checkout; benefit for companies and customers as well. Unfortunately,
customers have often strong privacy concerns related to
INTRODUCTION collecting, storing, and applying personal data, especially in the
In an early stage of the Internet, the online and offline world were online context. Awad and Krishnan [2] provide a broad overview
strictly separated. People either shopped in a physical store or of corresponding research questions in recent privacy literature.
they ordered a desired product online on their personal computer Companies use several well-established countermeasures which
at home. Soon, a hybrid form of shopping behavior evolved [3]. primarily aim to reduce customers’ risk perception. For example,
People search online for product information and go afterwards to they provide transparent information how they deal with user data
the store. Another mixed strategy is to search online, check it out or they enable customers to remove personal data themselves.
in-store, and then buy it online. Due to the massive proliferation Transparency and customer empowerment are two effective
of smartphones in the last decade, several approaches try to fuse instruments among many others. But, a practicable mechanism to
offline and online shopping. People are invited use their device in cryptographically guarantee the anonymity of a customer and the
the stores to get an enriched shopping experience. A well-known protection and controllability of personal data is still lacking.
application is self-checkout by customers’ own mobile devices
[1]. First, the customers pick products from the shelf, scan their 3. SOLUTION
barcodes to add them into a virtual basket, and may read A fairly new approach, called ‘Enigma’, is described by Zyskind,
additional product information on the screen. Then, they may Nathan, and Pentland [6, 7]. It contains a peer-to-peer network to
activate online coupons and pays the products directly on their jointly share data. A blockchain controls the network and manage
devices. No cashier is needed anymore in the store. In the present the access control. The clue is that one can run computations
work, we propose a similar process which uses blockchain [6, 7] within the network while keeping data completely private (‘secure
and beacon technology [4]. In contrast to the described multiparty computation’). The authors provide detailed
application, the privacy of the customers is cryptographically information about the technical realization and possibilities for
guaranteed. innovative future applications. To overcome the mentioned
deficiencies concerning personal data, we propose to use Enigma
for a novel shopping system. In doing so, the customer invokes a
Copyright is held by the author(s). contract with a company and gives access to a part of her personal
� Store Blockchain Network
Beacon
2. Request for recommendations
7. Recommendations
Customer 8. Payment
Figure 1: The interactions between customer, store, and blockchain network in the proposed shopping system.
data only for specific computation. The company has never access 4. DISCUSSION AND FUTURE WORK
to customer’s raw data directly. The computations a company is We outline an efficient and powerful solution in three core
allowed to perform is regulated in a well-defined contract. For processes of current and future retail business: providing
instance, an apparel company gets access for computing recommendations, self-checkout and mobile payment. Blockchain
recommendations for clothes based on customer’s body and beacon technology are merged together. The result is a
measurements. The company has never access to the smooth and secure shopping experience which fuses the
measurements and the customer is even able to completely block advantages of online and offline worlds in retail. We plan to
other sensitive data like detailed textures resulted from a 3D body develop a prototype of the described solution with the aim to
scan. All involved data are permanently encrypted. There is no demonstrate the feasibility and reliability of the system. Analogue
need for a trusted-third party. In the next three subsections, we to Bitcoins, the technical feasibility is not sufficient to guarantee
outline the process between a customer, a store, and a blockchain cryptographic secureness because an adequate number of users
network like Enigma. An overview of the system is shown in and network nodes are required as well. Therefore, user
Figure 1. In sum, it acts as a recommender, self-checkout and acceptance is crucial and we intend to evaluate consumer
payment system. acceptance in terms of privacy concerns as a second step. We
expect an increase of trust, better transparency, improved comfort,
3.1 Setup and support for the desire of controlling personal data. The system
First of all, the potential customer downloads and installs the does not prevent companies to gather data without explicit user
company’s app from a trusted app market platform like ‘Google permission. But, we plan to extend our solution for a secure
Play Store’ or ‘App Store’. On the app, she defines a contract handover of such data to the customer. An additional payment
about what kind of confidential data she is willing to share with option could then allow customers to sell their data and its usage.
the company and which kind of computations are allowed. It will
be interesting to see how the companies align with the new 5. REFERENCES
situation in which they do not possess the user data anymore. [1] Andriulo, S., Elia, V. and Gnoni, M.G. 2015. Mobile self-
Moreover, users could use of the data in, say, two shops to help checkout systems in the FMCG retail sector: A comparison
make better recommendations in a third shop. analysis. International Journal of RF Technologies: Research and
Applications. 6, 4 (2015), 207–224.
3.2 Recommender System [2] Awad, N.F. and Krishnan, M.S. 2006. The Personalization
When she approaches the store, the Beacon sends a signal to her Privacy Paradox: An Empirical Evaluation of Information
smartphone and triggers two actions (1). First, the app computes a Transparency and the Willingness to Be Profiled Online for
new blockchain address for the upcoming transactions. Second, an Personalization. MIS Quarterly. 30, 1 (2006), 13–28.
encrypted message including the personal data and its permissions [3] Farag, S., Schwanen, T., Dijst, M. and Faber, J. 2007. Shopping
is automatically send into the blockchain network to company’s online and/or in-store? A structural equation model of the
address (2). The company gets a notification (3) and starts the relationships between e-shopping and in-store shopping.
recommendation algorithm (4). When the company receives the Transportation Research Part A: Policy and Practice. 41, 2
results (5), the recommendations are forwarded to user’s address (2007), 125–141.
(6, 7). Finally, the app decrypts/visualize the recommendations. [4] Newman, N. 2014. Apple iBeacon technology briefing. Journal of
Direct, Data and Digital Marketing Practice. 15, 3 (2014), 222–
3.3 Self-Checkout and Payment 225.
[5] Smutkupt, P., Krairit, D. and Esichaikul, V. 2010. Mobile
The customer may decide to buy one of the recommended
Marketing : Implications for Marketing Strategies. International
products. She selects the product on her smartphone and put it into
Journal of Mobile Marketing. 5, 2 (2010), 126–139.
a virtual shopping basket. Then she directly pays with a [6] Zyskind, G., Nathan, O. and Pentland, A. 2015. Decentralizing
transaction into the blockchain network to the address of the privacy: Using blockchain to protect personal data. Proceedings -
company (8, 9). After completion, she may terminate all data 2015 IEEE Security and Privacy Workshops. (2015), 180–184.
access and computation permissions. During the whole process, [7] Zyskind, G., Nathan, O. and Pentland, A. 2015. Enigma:
the full anonymity for the customer is guaranteed and the Decentralized Computation Platform with Guaranteed Privacy.
company never received customer’s personal data. arXiv:1506.03471.
�