A Secure Shopping Experience Based on Blockchain and Beacon Technology Remo Manuel Frey Denis Vučkovac Alexander Ilic ETH Zurich ETH Zurich University of St. Gallen Weinbergstrasse 56/58 Weinbergstrasse 56/58 Dufourstrasse 40a 8092 Zurich 8092 Zurich 9000 St. Gallen +41 44 632 48 18 +41 44 632 89 15 +41 71 224 73 00 rfrey@ethz.ch vdenis@ethz.ch alexander.ilic@unisg.ch ABSTRACT 1. BEACON The present work proposes a novel approach for a future shopping Beacons enables a wide range of new application in retail sector. system. Customers’ personal data are protected by a blockchain- These are tiny, low-cost Bluetooth low energy devices whose based storage network. Based on the bitcoin protocol, the system single function is to broadcast a universal unique identifier. If a transacts encrypted data in a tamper-proof way and is able to run mobile application (‘app’) on a smartphone receives the signal, it secure multiparty computations while no one but the data owner displays a push notification on the screen to trigger user’s has access to the input data. Thus, a potential customer is able to attention. For instance, store owners can place one or more allow a company to apply functions like a recommendation devices in front of the store. Potential customers who pass by are algorithm without revealing personal data. In combination with a invited to enter the store and/or to check special offers or new low-energy transmitter (beacon), a completely new shopping products directly on their mobile device. In another scenario, a experience arises. The beacon automatically triggers a group of beacons can be used for indoor localization. Using recommendation process based on encrypted personal data. The triangulation, an app is able to guide customers to the shelf resulting outcome is a recommendation system, a self-checkout containing the searched products. Apple’s iBeacon protocol [4] is system, and a payment system all in one, thereby full anonymity de facto standard. is guaranteed and the customer never lose control on her data. 2. CONSUMER PROFILES CCS Concepts Several marketing studies proved that personalized offers are • Information systems➝Recommender systems more successful than non-personal ones and the satisfaction of the • Security and privacy➝Privacy-preserving protocols customers increases [5]. Companies gather customer data and • Information systems➝Electronic commerce create individual profiles. They use it to predict consumer needs • Human-centered computing➝Mobile phones and future consumptions, and to optimize recommender systems for products and services. Sensors from the ‘Internet of Things’ Keywords additionally support the data collecting by observing people’s Privacy; Blockchain; Beacon; Shopping; m-Commerce; daily life. Sharing such personal data with a company might be a Recommender System; Self-Checkout; benefit for companies and customers as well. Unfortunately, customers have often strong privacy concerns related to INTRODUCTION collecting, storing, and applying personal data, especially in the In an early stage of the Internet, the online and offline world were online context. Awad and Krishnan [2] provide a broad overview strictly separated. People either shopped in a physical store or of corresponding research questions in recent privacy literature. they ordered a desired product online on their personal computer Companies use several well-established countermeasures which at home. Soon, a hybrid form of shopping behavior evolved [3]. primarily aim to reduce customers’ risk perception. For example, People search online for product information and go afterwards to they provide transparent information how they deal with user data the store. Another mixed strategy is to search online, check it out or they enable customers to remove personal data themselves. in-store, and then buy it online. Due to the massive proliferation Transparency and customer empowerment are two effective of smartphones in the last decade, several approaches try to fuse instruments among many others. But, a practicable mechanism to offline and online shopping. People are invited use their device in cryptographically guarantee the anonymity of a customer and the the stores to get an enriched shopping experience. A well-known protection and controllability of personal data is still lacking. application is self-checkout by customers’ own mobile devices [1]. First, the customers pick products from the shelf, scan their 3. SOLUTION barcodes to add them into a virtual basket, and may read A fairly new approach, called ‘Enigma’, is described by Zyskind, additional product information on the screen. Then, they may Nathan, and Pentland [6, 7]. It contains a peer-to-peer network to activate online coupons and pays the products directly on their jointly share data. A blockchain controls the network and manage devices. No cashier is needed anymore in the store. In the present the access control. The clue is that one can run computations work, we propose a similar process which uses blockchain [6, 7] within the network while keeping data completely private (‘secure and beacon technology [4]. In contrast to the described multiparty computation’). The authors provide detailed application, the privacy of the customers is cryptographically information about the technical realization and possibilities for guaranteed. innovative future applications. To overcome the mentioned deficiencies concerning personal data, we propose to use Enigma for a novel shopping system. In doing so, the customer invokes a Copyright is held by the author(s). contract with a company and gives access to a part of her personal Store Blockchain Network Beacon 2. Request for recommendations 7. Recommendations Customer 8. Payment Figure 1: The interactions between customer, store, and blockchain network in the proposed shopping system. data only for specific computation. The company has never access 4. DISCUSSION AND FUTURE WORK to customer’s raw data directly. The computations a company is We outline an efficient and powerful solution in three core allowed to perform is regulated in a well-defined contract. For processes of current and future retail business: providing instance, an apparel company gets access for computing recommendations, self-checkout and mobile payment. Blockchain recommendations for clothes based on customer’s body and beacon technology are merged together. The result is a measurements. The company has never access to the smooth and secure shopping experience which fuses the measurements and the customer is even able to completely block advantages of online and offline worlds in retail. We plan to other sensitive data like detailed textures resulted from a 3D body develop a prototype of the described solution with the aim to scan. All involved data are permanently encrypted. There is no demonstrate the feasibility and reliability of the system. Analogue need for a trusted-third party. In the next three subsections, we to Bitcoins, the technical feasibility is not sufficient to guarantee outline the process between a customer, a store, and a blockchain cryptographic secureness because an adequate number of users network like Enigma. An overview of the system is shown in and network nodes are required as well. Therefore, user Figure 1. In sum, it acts as a recommender, self-checkout and acceptance is crucial and we intend to evaluate consumer payment system. acceptance in terms of privacy concerns as a second step. We expect an increase of trust, better transparency, improved comfort, 3.1 Setup and support for the desire of controlling personal data. The system First of all, the potential customer downloads and installs the does not prevent companies to gather data without explicit user company’s app from a trusted app market platform like ‘Google permission. But, we plan to extend our solution for a secure Play Store’ or ‘App Store’. On the app, she defines a contract handover of such data to the customer. An additional payment about what kind of confidential data she is willing to share with option could then allow customers to sell their data and its usage. the company and which kind of computations are allowed. It will be interesting to see how the companies align with the new 5. REFERENCES situation in which they do not possess the user data anymore. [1] Andriulo, S., Elia, V. and Gnoni, M.G. 2015. Mobile self- Moreover, users could use of the data in, say, two shops to help checkout systems in the FMCG retail sector: A comparison make better recommendations in a third shop. analysis. International Journal of RF Technologies: Research and Applications. 6, 4 (2015), 207–224. 3.2 Recommender System [2] Awad, N.F. and Krishnan, M.S. 2006. The Personalization When she approaches the store, the Beacon sends a signal to her Privacy Paradox: An Empirical Evaluation of Information smartphone and triggers two actions (1). First, the app computes a Transparency and the Willingness to Be Profiled Online for new blockchain address for the upcoming transactions. Second, an Personalization. MIS Quarterly. 30, 1 (2006), 13–28. encrypted message including the personal data and its permissions [3] Farag, S., Schwanen, T., Dijst, M. and Faber, J. 2007. Shopping is automatically send into the blockchain network to company’s online and/or in-store? A structural equation model of the address (2). The company gets a notification (3) and starts the relationships between e-shopping and in-store shopping. recommendation algorithm (4). When the company receives the Transportation Research Part A: Policy and Practice. 41, 2 results (5), the recommendations are forwarded to user’s address (2007), 125–141. (6, 7). Finally, the app decrypts/visualize the recommendations. [4] Newman, N. 2014. Apple iBeacon technology briefing. Journal of Direct, Data and Digital Marketing Practice. 15, 3 (2014), 222– 3.3 Self-Checkout and Payment 225. [5] Smutkupt, P., Krairit, D. and Esichaikul, V. 2010. Mobile The customer may decide to buy one of the recommended Marketing : Implications for Marketing Strategies. International products. She selects the product on her smartphone and put it into Journal of Mobile Marketing. 5, 2 (2010), 126–139. a virtual shopping basket. Then she directly pays with a [6] Zyskind, G., Nathan, O. and Pentland, A. 2015. Decentralizing transaction into the blockchain network to the address of the privacy: Using blockchain to protect personal data. Proceedings - company (8, 9). After completion, she may terminate all data 2015 IEEE Security and Privacy Workshops. (2015), 180–184. access and computation permissions. During the whole process, [7] Zyskind, G., Nathan, O. and Pentland, A. 2015. Enigma: the full anonymity for the customer is guaranteed and the Decentralized Computation Platform with Guaranteed Privacy. company never received customer’s personal data. arXiv:1506.03471.