Canopyright combines a number of technical solutions to create a platform that stores information in a way that is publicly verifiable without disclosing your private data.

There is no master key or back door – Canopyright cannot access your private data.

Here are the key technical features that Canopyright utilizes:

HEDERA DISTRIBUTED LEDGER

What is blockchain, and why is it important to Canopyright?

At its core, a blockchain is a log of all messages that have passed through a network of computers. The network agrees on the contents of each message, and the order in which those messages were observed by the network. Messages are bundled together into blocks, and each block is linked (chained) to the previous block using cryptography – a chain of blocks, or a blockchain! The benefit of storing information in a blockchain is that the information becomes tamper-proof. Once a message is accepted by the network and written to a block its contents cannot be changed.

Blockchains deliver a few important benefits that Canopyright uses to help protect breeders’ intellectual property, enabling breeders and growers to enter into licensing agreements.

Timestamping: Each message is timestamped by the network, which establishes that information was in the possession of a specific person at a specific time. For example, if a genetic report for a unique strain of cannabis is passed through a blockchain, the network timestamp can be used later on to prove “prior art” in a patent infringement dispute.

Immutability: You might be wondering how passing information through a blockchain is different than keeping a timestamped file on your computer or in the cloud. The answer is that the information stored in a blockchain is immutable – it can’t be changed after the fact by anyone. 

Public Accountability: When information is accepted into a blockchain, all the computers participating in the blockchain have come to agreement on the contents of a message and when it was received. It is the digital equivalent of having witnesses to a conversation – information that is shared by dozens or hundreds of people is more reliable than information held by a single individual.

You can read more about Hedera at: https://hedera.com.

CRYPTOGRAPHIC HASHING

A “hashing function” is simply a function that takes a large amount of data and converts it to a smaller amount of data (a “hash”). Any change to the input data, no matter how insignificant, will change the resulting hash. A “cryptographic hashing function” is a one-way hashing function. In other words, the amount of time and computing power that would be required to figure out the original data that generated the hash is so great that it is practically impossible.

We use cryptographic hashing as a means to keep data passed through Hedera private. Instead of sending your genetic report or sample photo through Hedera, we compute a hash for that information and send the hash instead. Anyone inspecting data on Hedera sees only the hash, and it isn’t possible to reverse-engineer the original data from the hash. If you ever need to prove when you were in possession of a document stored with Canopyright, you can produce the original document, recompute the hash, and use the timestamped record of the hash from the ledger to prove when that document was submitted to Canopyright.

ASYMMETRIC ENCRYPTION

Asymmetric encryption uses two related keys, called a keypair. Generally, one key is kept private by the owner of the keypair (the private key), while the other key is distributed to those whom the owner communicates with (the public key). Information that is encrypted using the private key can only be decrypted with the public key. The reverse is also true – information that is encrypted with the public key can only be decrypted using the private key.

If the private key was used to encrypt a message, anyone with the public key can read that message. There isn’t much of a privacy benefit to the owner, since anyone with the private key can read the message. There is, however, a benefit to the recipients: because the owner has the only key, the recipients know that the message came from the owner and nobody else.

On the other hand, if the public key was used to encrypt the message, only the owner of the private key can read the message. The public key can’t be used to decrypt messages encrypted with the public key, so the sender can be confident that others who hold the public key can’t read the message – only the owner of the private key can do that.

Canopyright holds copies of each user’s public key. When private information is submitted to the system, that information is encrypted by the system using the public key of the users authorized to read it – each user gets a copy, but only that user’s private key can decrypt it. 

Once the Canopyright encrypts users’ information, we lose the ability to see it.

SYMMETRIC ENCRYPTION

With symmetric encryption there’s only one key, and the same key is used to encrypt and decrypt data.

Ideally, each user would hold their own private key on their own device. Unfortunately, web browsers haven’t yet implemented the features they need to securely manage cryptographic keys. 

To get around this technical limitation, Canopyright stores users’ private keys using symmetric encryption. When users log in, their key is decrypted and held in memory while using the system. When users log out, the in-memory key is destroyed leaving only the encrypted key in our possession.

Canopyright can be thought of like a secure library with two keys: one key held by Canopyright, and the other held by you. The key that Canopyright holds can only be used to put things into the library. The key you hold can only be used to remove things from the library. In this scenario, your plant information is what you will be depositing into the library. You want to keep your own key safe, so you keep your key in a special vault that only you have the combination to.

Our library is special because when you put something into it, the library itself generates a unique identifying code for that item. The library then tells the librarians: “Hey, something with this code has gone into this library!” All of the librarians write down the code and a timestamp in a special, tamper-proof log. If you later give the librarians an item, they can figure out its code and tell you if and when that item was added to the library. If you give them a code, they can tell you if and when something with that code was added to the library – but not what that something is.

When you upload a photo of a cannabis strain sample or another piece of plant information to Canopyright, we use our key to unlock the library and put your item securely inside. Once we do so, we can’t get those items back out without your key. The library generates codes and keeps track of the date and time of any new entries, but lacks access to know what, specifically, those entries are.

Imagine if, after depositing your plant material in the library, you find out that someone is selling the strain you worked hard to create, and passing it off as their own work. Luckily, you have documented your genetics in Canopyright. You provide your code for the librarians to look up in the library records. The librarian confirms: “Yes, my records say that this is the same document that went into the library last year, and my records can’t be changed or tampered with so you can trust them.”

In our case, instead of a library we have asymmetric cryptography to ensure that your private data remains private. Instead of a vault, we have symmetric cryptography that we use to keep your private key safe. Instead of physical keys, we have digital cryptographic keys. We use cryptographic hashing to generate the codes that represent your documents, and we use the Hedera public ledger instead of a room full of librarians to log when each item was added.

In the case of a dispute, you can retrieve your documentation from Canopyright and re-generate the codes (hashes) for those documents. Hedera will have a record for each document that includes the hash and the date and time when Hedera was notified that the document was added to Canopyright, demonstrating that you were in possession of the genetic report or sample photo at a specific point in time.