Blockchain and distributed ledger technology

CUREX addresses comprehensively the protection of the confidentiality and integrity of health data by producing a novel, flexible and scalable situational awareness-oriented platform. It allows a healthcare provider to assess the realistic cybersecurity and privacy risks they are exposed to and suggest mathematically optimal strategies for addressing these risks with safeguards tailored specifically for each business case and application.

CUREX is fully GDPR compliant by design. At its core, a decentralised architecture enhanced with a private blockchain infrastructure ensures the integrity of the risk assessment process and of all data transactions that occur between the diverse range of stakeholders involved. Crucially, CUREX expands beyond technical measures and places emphasis on improving cyber hygiene through training and raising awareness activities for a healthcare institutions personnel.

Its validation focuses on the highly challenging condition of (cross-border) health data exchange, spanning patient cross-border mobility, remote healthcare, and data exchange for research. CUREX consortium will also utilise the outcomes of the well-known MyHealthMyData project in a dedicated demonstration that will use their blockchain-enabled platform which will control the actual data exchange.

We envisage that CUREX will impact the European market developing one of the first blockchain platforms for risk assessment management under the GDPR.

The aim of TAPESTRY is to investigate, develop and demonstrate transformational new technologies to enable people, businesses and digital services to connect safely online, exploiting the complex "tapestry" of multi-modal signals woven by their everyday digital interactions; their digital personhood. In this way we will de-risk the digital economy, delivering completely new ways of determining or engendering trust online, and enabling users and businesses to make better decisions about who they trust online.

Online fraud and scams cost the UK economy £670m each year; crimes often perpetrated through false identities. It is difficult to make good decisions about who to trust when the digital identities of people and services are presented through pseudonyms or addresses. How can we trust that the identity we are interacting with today wasn't created out of thin air yesterday to pull a scam? Or whether the service we are registering our personal data with is trustworthy? In an era of users curating multiple digital identities that evolve over their physical lifespan, and the coming ability to migrate identities between providers (most of whom reside outside the EU), there is an urgent need for decentralised technologies to enable proofs of trust between people and services wishing to interact safely within the digital economy.

TAPESTRY will co-create and evaluate prototype services with end-users to determine how online behaviour and attitudes to trust could evolve in the presence of a trusted decentralised technology to prove the veracity of online identities. TAPESTRY proposes to collect, on an opt-in basis, digital trails of users' interactions (photos shared, comments left, posts 'liked', internet of things devices interacted with) as encrypted trust evidence within a decentralised database (blockchain). Users grant third parties access to trust evidence for a given time period and at a given granularity, in order to prove trustworthiness of their identity via their digital personhood. For example, a crowdfunder might invite new backers to submit two years' history of regular social media interactions to guard against fraudulent pledging from transient identities. Community forums are becoming increasingly important for emotional support and well-being. A similar check could safeguard against trolling, or an identity posting advice could collect positive ratings within their blockchain, enabling vetting of their reputation. Deviations from behavioural norms could also be detectable within TAPESTRY to alert users to their digital identity being hacked.

From a technological standpoint, the project will develop the decentralised infrastructure necessary to make sense of the vast number of digital interactions using multimodal signals aggregated via machine learning from social media and internet of things interactions. Additionally, new cryptographic strategies will be needed to secure the privacy of trust evidence and to disseminate access on a granular basis. From a HCI and co-design perspective, the development of trust services and the shift to use of the digital personhood and interaction history as trust evidence will break new ground, fundamentally altering the way users think about identity and interaction online.

To undertake this adventurous and ambitious project we have formed a strategic multi-disciplinary partnership uniting world-leading groups in multi-modal signal processing and machine learning (CVSSP), a BIS/GCHQ recognised centre of excellence for cyber security (SCCS), the UK's first and only 5G test-bed for next-gen mobile and internet of things (ICS/5G/6GIC), and reflecting the importance of co-designing and evaluating technology in tight integration with end-users, two leading UK groups for socio-digital interaction (DJCAD) and interaction design (UNN).

End-user partners participating in the co-design and evaluation of TAPESTRY span the technology, legal, social reform, health and well-being and commercial sectors.

Our key objectives are:

• Create a demonstrator running on a live payment system that submits live Gift Aid claims to HMRC on behalf of a charity and complies with all HMRC requirements.
• Create a formal model of the system.
• Investigate future distributed nature of the underlying blockchain.

Areas of focus include:

• Digital receipting linked to payments
• Blockchain
• Live payment system integration

With Swiftaid, a donor will sign up, register their card and authorise Swiftaid to generate the Gift Aid declaration on their behalf. All gifts then made by that card, Gift Aid will be automatically attached. The donor would remain in control, allowing them to manage and view all donations while staying anonymous to the charity. We are well aware that there will need to be a great value to both the charity and the donor in order for them to sign up for Swiftaid. The main benefits include:

• Swiftaid handles the compliance with HMRC regarding record keeping and auditing, removing the burden from the charity.
• Removes tax processing burden of both charity and donor making Gift Aid accessible to the smallest charities.
• No personal data passed to charity so can keep GDPR compliance to the minimum.
• Full donation reporting for donors, simplifying the process for higher rate taxpayers and tax rebates.

Blockchain is an obvious choice for such an application as it provides an immutable ledger, ensuring the six years of auditable records are available to HMRC, along with smart contracts, to guarantee the whole end-to- end process stays in lock step. By fully automating the Gift Aid process using blockchain it allows claiming Gift Aid on even the smallest donations to remain economical and results in increasing the money charities receive without costing the donors more.