Electric Vehicle Battery Passport: Distributed Architecture on AWS Managed Blockchain

Introduction to Electric Vehicle Battery Passport Project and possible solution for EVBP implementation

Introduction

Welcome to the ever-evolving realm of sustainable transportation, where groundbreaking initiatives like the Electric Vehicle Battery Passport project are revolutionizing the landscape of mobility. In this discourse, we aim to explore how Amazon Web Services (AWS) serves as the foundational infrastructure powering the innovative solutions of the Electric Vehicle Battery Passport project, paving the way for a more efficient and transparent electric vehicle ecosystem.

The Electric Vehicle Battery Passport project represents a pivotal advancement in the pursuit of sustainable transportation. As the adoption of electric vehicles continues to soar, the need for efficient battery management and transparency becomes increasingly paramount. AWS emerges as a key enabler, providing the robust cloud infrastructure necessary to support the complexities of the Electric Vehicle Battery Passport project.

Table of Contents

1. The Electric Vehicle Battery Passport Project
2. AWS Managed Blockchain
3. The Challenge: Building a Prototype
4. The AWS Solution Architecture
5. Future Scope & Conclusions

1. The Electric Vehicle Battery Passport Project

This article elucidates the significance of a battery passport — a digital record mandated by Article 77 of the EU Battery Regulation. While primarily focused on sustainability and regulatory adherence, the passport also serves as a repository for material traceability and lifecycle management. It advocates for a decentralized approach to implementation, emphasizing its benefits in preserving proprietary information, enhancing traceability, and promoting inclusivity.

The aim is to create a digital twin of the physical battery, capable of storing and maintaining all relevant data about battery history and state of health. The article outlines high-level requirements, implementation architectures, and strategies to overcome associated challenges, positioning the battery passport as a cornerstone of transparent and accountable battery management.

2. AWS Managed Blockchain

The prototype aims to utilize Amazon AWS Managed Blockchain services to tackle supply chain management challenges by establishing a tailored Blockchain network. Emphasizing transparency and traceability, it creates a decentralized ledger system to securely record transactions.

Innovative data representation models like Verifiable Credentials ensure data authenticity. Leveraging Blockchain’s security features, it safeguards sensitive information, maintaining privacy and compliance. Ultimately, the initiative seeks to enhance supply chain interactions, fostering resilience and sustainability.

3. The Challenge: Building a Prototype

The Electric Vehicle Battery Passport prototype aims to facilitate secure information sharing among three key actors: Issuer, Holder, and Verifier, focusing on verified battery information for a specific vehicle. Information is stored as Verifiable Credentials.

The Issuer, representing the authority certifying battery details, issues Verifiable Credentials stored in the Holder’s wallet. The Holder, typically the vehicle owner, securely stores these credentials and can generate Verifiable Presentations, selectively disclosing information to Verifiers. Verifiers assess the authenticity and validity of the presented information without accessing the entire Verifiable Credential.

At Blockchain level, all these information and certificates (Verifiable Credentials) are stored in “wallets” that can be accessible only by their owner, which are, in this context, the owner of the information stored in the wallet.

The Electric Vehicle Battery Passport prototype consists of the following interconnected components:

1. A blockchain layer which stores the transactions and information about Verifiable Credentials related to battery passports. This includes when a Verifiable Credential is issued, revoked or simply stored inside a holder wallet
2. A backend that sits between a frontend and the blockchain layer, capable of interfacing and configuring itself properly in order to interact and execute transactions and actions on the blockchain layer. This layer exposes APIs that can perform the requested functionalities at the blockchain level, and includes a DynamoDB database necessary for tracking certain transactions at a higher level of abstraction than that of the blockchain.
3. A frontend used as a graphical interface to showcase the project’s functionalities to the end user, enabling them to understand the project’s capabilities and the functionalities it offers.

Target Functionalities

To provide a comprehensive overview of the Electric Vehicle Battery Passport (EVBP) project’s capabilities, let’s delve into the range of functionalities it aims to achieve within its blockchain network:

1. Creation of a wallet: Users can establish a digital wallet to securely store their battery-related information.
2. Reading the contents of a wallet: Authorized entities (mostly holder users) can access and review the data stored within a user’s wallet.
3. Generation of a Verifiable Credential (VC): The system enables the creation of digital certificates containing verified battery information
4. Generation of a Verifiable Presentation (VP): Users can generate presentations of their battery data for verification purposes.
5. Verification of a Verifiable Presentation: External verifiers can authenticate the information presented by users regarding their batteries.
6. Creation of a custom VC schema: The project allows for the development of tailored schemas to accommodate diverse battery attributes.
7. Upgrade of a Verifiable Credential: Based on new available dynamic data, Verifiable Credentials can be updated with real-time data to reflect the latest battery information.
8. Change ownership events: The system records and manages ownership transitions of batteries within the network.
9. Revocation of a Verifiable Credential: In cases of battery disposal or transfer, credentials can be revoked to invalidate outdated information.

To ensure seamless integration and relevance to real-world applications, each functionality is carefully assigned to specific actors within the EVBP project framework.

4. The AWS Solution Architecture

The prototype is based on multiple architectural layers as previously described. Each of these layers is implemented differently depending on the type of actor being considered. This is because, in relation to the functionalities that need to be performed by that specific actor, the architecture required for implementation also changes. Below is the complete architectural schema.

Complete AWS Architectural Schema

The final architecture of the prototype involves the creation of a web app hosted on Amplify, a Lambda function, and an instance of API Gateway for each of the three main actors within the project. Additionally, for the issuer and holder, a user pool of authenticated users is defined, along with a WebSocket API instance for communication between the holder and verifier, and a DynamoDB table for the issuer to track some high-level transactions.

AWS Managed Blockchain and Hyperledger Fabric

The blockchain network powering the prototype was established using AWS Managed Blockchain, a service facilitating the creation of robust infrastructure with ease. It supports both private networks, primarily based on Hyperledger Fabric, and public networks like Ethereum, allowing for smart contract development.

For the prototype, a private blockchain network using Hyperledger Fabric was created. Fabric offers features tailored for enterprise applications, such as modular architecture, scalability, and high performance. It supports smart contracts written in common languages like Go, JavaScript, and Java, and features a permissioned network structure for granular access control.

Fabric introduces channels for private sub-networks within the main blockchain, enabling sensitive data sharing among select peers. Each channel has its own ledger, chaincode, peers, and genesis block, ensuring privacy and security in information exchange.

Membership Service Provider (MSP) manages identities of network participants in Hyperledger Fabric, defining authentication policies and overseeing identity creation and validation. Members have identities managed by an MSP instance, ensuring access control and permissions.

When a new identity is created, a pair of cryptographic keys is generated, and a registration request is submitted to the MSP. The MSP reviews and approves the identity based on predefined policies, issuing a digital certificate signed by the associated Certificate Authority (CA).

Hyperledger Fabric utilizes MSP for identity management, simulating the concept of a wallet. A wallet contains identities necessary for executing transactions and interacting with network peers, with access controlled by defined policies and roles.

Backend: Lambda and API Gateway

Lambda and API Gateway are utilized for the backend implementation. When the endpoints exposed by API Gateway are invoked, a Lambda function is triggered. This Lambda function can interact, using appropriate libraries, with the Hyperledger Fabric blockchain management framework and execute actions and transactions at the blockchain level.

As mentioned earlier, for the Lambda to execute transactions, it must authenticate and obtain certificates for a specific blockchain user (with a specific role) and store the certificates associated with that user locally. In order to do so, correct username and password must be passed to the Certificate Authority in order to retrieve correct certificates associated with a specific user. Only by attaching the certificate to the transaction request will it be able to execute that specific transaction.

Authentication at higher level: Amazon Cognito

With the aim of correctly providing access credentials for the user authenticating at the blockchain level, a “higher” level of authentication is defined within the prototype context utilizing the functionalities offered by Amazon Cognito. Despite authentication also occurring at the blockchain level, a higher level of abstraction has been introduced within the prototype context so that Cognito manages the authentication procedure through its functionalities, preventing an unauthenticated user from invoking the required APIs.

Among the information stored in relation to the authenticated user with the Amazon Cognito user pool are also the username and password that the user has at the blockchain level. These credentials are used by the Lambda function to execute the authentication procedure with the Certificate Authority once the interface to the blockchain network is opened.

WebSocket API for Holder-Verifier Interaction

Within the prototype context, a WebSocket API is defined to facilitate interaction between the holder and verifier when a Verifiable Presentation needs to be generated. For proper synchronization, both actors involved in the transaction must be capable of receiving and sending messages, hence the requirement for a WebSocket.

Specifically, for the holder to release a Verifiable Presentation to the verifier’s wallet, it must necessarily know the verifier’s ID at the blockchain level. The procedure involves the holder generating a QR code and opening a WebSocket, into which the verifier enters when the holder wants to release a new verifiable presentation. The verifier communicates its ID to the holder, who then decides which information to share with the verifier through a mechanism of selective disclosure. Subsequently, the holder generates a VP, and when the transaction takes effect at the blockchain level, informs the verifier that a new VP has been generated in their wallet. At this point, the verifier retrieves the contents of their wallet, receiving the newly generated Verifiable Presentation among them.

Issuer Interface: creation of a new Verifiable Credential

Holder Interface: visualization of a owned Verifiable Credential

Holder Interface: generation of a new Verifiable Presentation

Verifier Interface: visualization of a generated Verifiable Presentation

5. Future Scope & Conclusions

The development of a digital battery passport aims to track electric battery wear and conditions, in alignment with EU Battery Regulation and the 2030 Agenda for sustainability. While prioritizing sustainability and compliance, the passport also facilitates material traceability and lifecycle management. It’s crucial to consider data storage and security standards early on to ensure integrity and confidentiality.

Engaging stakeholders in a consortium for comprehensive battery data is the goal, with a decentralized approach favored for diverse data sources. Blockchain technology, particularly Hyperledger Fabric in this prototype scenario, ensures information security and granular data access, with encoded interaction policies maintaining data integrity and preventing false data insertion.

Written in collaboration with vatemecum.py