Why I’m Using Bitmarks on my Products

One dirty secret of hardware is that a profitable business isn’t just about design innovation, or even product cost reduction: it’s also about how efficiently one can move stuff from point A to B. This explains the insane density of hardware suppliers around Shenzhen; it explains the success of Ikea’s flat-packed furniture model; and it explains the rise of Amazon’s highly centralized, highly automated warehouses.

Unfortunately, reverse logistics – the system for handling returns & exchanges of hardware products – is not something on the forefront of a hardware startup’s agenda. In order to deal with defective products, one has to ship a product first – an all-consuming goal. However, leaving reverse logistics as a “we’ll fix it after we ship” detail could saddle the venture with significant unanticipated customer support costs, potentially putting the entire business model at risk.

This is because logistics are much more efficient in the “forward” direction: the cost of a centralized warehouse to deliver packages to an end consumer’s home address is orders of magnitude less than it is for a residential consumer to mail that same parcel back to the warehouse. This explains the miracle of Amazon Prime, when overnighting a pair of hand-knit mittens to your mother somehow costs you $20. Now repeat the hand-knit mittens thought experiment and replace it with a big-screen TV that has to find its way back to a factory in Shenzhen. Because the return shipment can no longer take advantage of bulk shipping discounts, the postage to China is likely more than the cost of the product itself!

Because of the asymmetry in forward versus reverse logistics cost, it’s generally not cost effective to send defective material directly back to the original factory for refurbishing, recycling, or repair. In many cases the cost of the return label plus the customer support agent’s time will exceed the cost of the product. This friction in repatriating defective product creates opportunities for unscrupulous middlemen to commit warranty fraud.

The basic scam works like this: a customer calls in with a defective product and gets sent a replacement. The returned product is sent to a local processing center, where it may be declared unsalvageable and slated for disposal. However, instead of a proper disposal, the defective goods “escape” the processing center and are resold as new to a different customer. The duped customer then calls in to exchange the same defective product and gets sent a replacement. Rinse lather repeat, and someone gets rich quick selling scrap at full market value.

Similarly, high-quality counterfeits can sap profits from companies. Clones of products are typically produced using cut-rate or recycled parts but sold at full price. What happens when customers then find quality issues with the clone? That’s right – they call the authentic brand vendor and ask for an exchange. In this case, the brand makes zero money on the customer but incurs the full cost of supporting a defective product. This kind of warranty fraud is pandemic in smart phones and can cost producers many millions of dollars per year in losses.


High-quality clones, like the card on the left, can cost businesses millions of dollars in warranty fraud claims.

Serial numbers help mitigate these problems, but it’s easy to guess a simple serial number. More sophisticated schemes tie serial numbers to silicon IDs, but that necessitates a system which can reliably download the serialization data from the factory. This might seem a trivial task but for a lot of reasons – from failures in storage media to human error to poor Internet connectivity in factories – it’s much harder than it seems to make this happen. And for a startup, losing an entire lot of serialization data due to a botched upload could prove fatal.

As a result, most hardware startups ship products with little to no plan for product serialization, much less a plan for reverse logistics. When the first email arrives from an unhappy customer, panic ensues, and the situation is quickly resolved, but by the time the product arrives back at the factory, the freight charges alone might be in the hundreds of dollars. Repeat this exercise a few dozen times, and any hope for a profitable run is rapidly wiped out.

I’ve wrestled with this problem on and off through several startups of my own and finally landed on a solution that looks promising: it’s reasonably robust, fraud-resistant, and dead simple to implement. The key is the bitmark – a small piece of digital data that links physical products to the blockchain.

Most people are familiar with blockchains through Bitcoin. Bitcoin uses the blockchain as a public ledger to prevent double-spending of the same virtual coin. This same public ledger can be applied to physical hardware products through a bitmark. Products that have been bitmarked can have their provenance tracked back to the factory using the public ledger, thus hampering cloning and warranty fraud – the physical equivalent of double-spending a Bitcoin.

One of my most recent hardware startups, Chibitronics has teamed up with Bitmark to develop an end-to-end solution for Chibitronics’ newest microcontroller product, the Chibi Chip.

As an open hardware business, we welcome people to make their own versions of our product, but we can’t afford to give free Chibi Chips to customers that bought cut-rate clones and then report them as defective for a free upgrade to an authentic unit. We’re also an extremely lean startup, so we can’t afford the personnel to build a full serialization and reverse logistics system from scratch. This is where Bitmark comes in.

Bitmark has developed a turn-key solution for serialization and reverse logistics triage. They issue us bitmarks as lists of unique, six-word phrases. The six-word phrases are less frustrating for users to type in than strings of random characters. We then print the phrases onto labels that are stuck onto the back of each Chibi Chip.


Bitmark claim code on the back of a Chibi Chip

We release just enough of these pre-printed labels to the factory to run our authorized production quantities. This allows us to trace a bitmark back to a given production lot. It also prevents “ghost shifting” – that is, authorized factories producing extra bootleg units on a midnight shift that are sold into the market at deep discounts. Bitmark created a website for us where customers can then claim their bitmarks, thus registering their product and making it eligible for warranty service. In the event of an exchange or return, the product’s bitmark is updated to record this event. Then if a product fails to be returned to the factory, it can’t be re-claimed as defective because the blockchain ledger would evidence that bitmark as being mapped to a previously returned product. This allows us to defer the repatriation of the product to the factory. It also enables us to use unverified third parties to handle returned goods, giving us a large range of options to reduce reverse logistics costs.

Bitmark also plans to roll out a site where users can verify the provenance of their bitmarks, so buyers can check if a product’s bitmark is authentic and if it has been previously returned for problems before they buy it. This increases the buyer’s confidence, thus potentially boosting the resale value of used Chibi Chips.

For the cost and convenience of a humble printed label, Bitmark enhances control over our factories, enables production lot traceability, deters cloning, prevents warranty fraud, enhances confidence in the secondary market, and gives us ample options to streamline our reverse logistics.

Of course, the solution isn’t perfect. A printed label can be peeled off one product and stuck on another, so people could potentially just peel labels off good products and resell the labels to users with broken clones looking to upgrade by committing warranty fraud. This scenario could be mitigated by using tamper-resistant labels. And for every label that’s copied by a cloner, there’s one victim who will have trouble getting support on an authentic unit. Also, if users are generally lax about claiming their bitmark codes, it creates an opportunity for labels to be sparsely duplicated in an effort to ghost-shift/clone without being detected; but this can be mitigated with a website update that encouraging customers to immediately register their bitmarks before using the web-based services tied to the product. We also have to exercise care in handling lists of unclaimed phrases because, until a customer registers their bitmark claim phrase in the blockchain, the phrases have value to would-be fraudsters.

But overall, for the cost and convenience, the solution outperforms all the other alternatives I’ve explored to date. And perhaps most importantly for hardware startups like mine that are short on time and long on tasks, printing bitmarks is simple enough for us to implement that it’s hard to justify doing anything else.

Disclosure: I am a technical advisor and shareholder of Bitmark.

Tags: , ,

20 Responses to “Why I’m Using Bitmarks on my Products”

  1. Simson says:

    Great idea, but it’s not clear why Bitmark needs to tie itself into the blockchain. It seems that all it needs is a large database of bitmarks that have been issued. Is there additional power by using the link to the blockchain as a kind of timestamp? If so, how does one account for the lag between the bitmark is issued and when it is used?

    • Flemming Frandsen says:

      Hmm, if each mark is an RSA signature over a serial number, then everybody can verify the validity of the signature and you still need to consult the central database of revoked serial numbers to see if one has been revoked.

      You could RSA sign the revocation list you so you can distribute it and let others check it.

      All of it works just fine without bothering with blockchains.

      Blockchain seems like wankery to me.

      • K Chang says:

        A better question is why would there need to be a revocation of the digital right?

        It seems Bitmark was created specifically to address the situation where Amazon remotely deleted a book from all the Kindles and issued refund, i.e. you don’t “own” anything digital, and Bitmark says, “yes you can”.

        Subscription / limited duration access seems to be not addressed well by Bitmark, from what I can see.

    • Curt J. Sampson says:

      The blockchain is how Bitmark’s customers and users verify that Bitmark is not cheating: it provides cryptographically verifiable proof of both receipt and order of receipt of claims. (By ‘claim’ I mean any assertion, such as ‘MyCorp has issued a Frazzit device with serial number 1234.) It also provides protection against Bitmark failure: if the company vanished off the face of the earth one day, the database would still be here and verifiable.

      Note, too, that this is just one application running on Bitmark and doesn’t require all of Bitmark’s features. Proposing building a whole new platform from scratch when an existing platform works, just because the existing one has features you don’t use, would be a bit silly.

  2. Adrian says:

    I’m probably missing something, but I don’t understand how this is any different than creating old-fashioned, non-consecutive and check-summed serial numbers, and having a database and customer registration process to keep track of them.

    Ok, the key phrase may be easier to enter than numbers (if my customers speak the that language). And Bitmark may take care of my database and registration website (at a fee, I presume). But neither will protect me from clones, dishonest vendors and unhappy owners of illegitimate goods.

    • K Chang says:

      Hmmm… Clones won’t be able to access the blockchain. They can put random phrases on the label, but those won’t authenticate as genuine, which I assume can be verified with public key. And unhappy owners of clone goods? They are not your concern if they did not authenticate that they got a genuine product using public API, if it’s on the box that “verify your product’s authenticity” and give a QR code to website to verify such, esp. if the code’s “before you open”. Packaging may need a transparent window, of course.

      Bitmark added an interesting wrinkle in that it also encrypts the ownership details, i.e. the “digital title” issuer doesn’t need to know who bought their title to know the “digital title” is valid. No more warranty cards revealing all sorts of information about you. The catch is of course, the new owner needs a Bitmark account/ID.

      Is Bitmark the next iteration of OpenID? Hmmm…

  3. K Chang says:

    Interesting idea, but using Bitmark, meant for digital data, on a PHYSICAL asset, seems to be a really round-about way of doing things.

    It really is just a fancy “serial number” in this case. If it can be integrated into the Bitmark account identity / registration to be almost foolproof, then yes, it can really be something.

    • BrettW says:

      Any checksumed serial number can be reversed by anyone with a handful of valid serials allowing them to generate all the valid serial numbers they want. See also the early days of computer game and software CDKeys that only had to pass a checksum and not get crossed off a list over the internet.

      • William says:

        Putting a MAC in the serial makes it pretty hard to forge new serials without the key, and you can truncate it to whatever length is convenient for your security tradeoff.

        They’re still cloneable though unless the serial is strongly tied to the hardware, e.g. a manufacturer’s serial in the SOC, and those are pretty hard to clone already so why bother with blockchain? I too don’t see how this approach is any better than using a known list of randomly-generated serials and a database, or silicon serials and a database.

        Putting blockchain in the serial numbers just seems pretty egregious to me; you don’t need the benefits of distributed verification of transactions because the serials and their attached warranties are worthless when the vendor goes under anyway, so there’s no harm in the vendor running the serial db.

  4. Dave says:

    Bunnie should see if he can distribute Chibitronics at Micro Center. Good place, Ada Fruit products are distributed there. See: http://www.microcenter.com/site/content/Micro-Center-Media-Kit.aspx

    Newark (Element 14) is also a good place to inquire as both places have parents and teachers trying to intice there kinder to start early. That’s mandatory these days and will be lifetime learning. (MCM just got merged into Element 14 (Newark) (Premier Farnell “Parent”).

    Good article, appears to be a good solution to the many IP issues. Only thing is the legal fees protecting them. Need a better solution to that issue.

  5. aki009 says:

    Good luck with Bitmark. It’s certainly needed in several of the markets that are out there.

    Another obvious solution is available for internet connected devices. Simply trace the provenance of a hardware device using its serial number from manufacture to end of life. It has the added benefit of helping optimize product quality. The downside is that some companies can’t help but find “innovative” uses for the data that they thus collect.

  6. I sell a small random number generator (OneRNG) one of my goals is to make sure that they haven’t been compromised by 3rd parties (nation state actors?) during shipping.

    Each one contains a unique bit string, a portion of which is used a a unique device ID, another portion is used as a secret key, and final portion is used as secret data ….

    These strings cannot be read from the chip after it’s been locked after programming (without extreme stuff like decapping/etc), you can write new code into the chip but only by erasing all its contents.

    I have a DB of these bit strings, but have no idea who has which device. I have a tiny web server running that will talk a customer through running a crypto exchange that leaves them with two strings one from the device and one from the web server/DB that they compare – they are essentially the secret data (plus a nonce) encrypted with the secret key – if the data is the same it’s a device we programmed

    Finally in the DB we keep a count of the number of times a person has checked a particular device – if someone manages to extract that data and plugs it into lots of devices that counter wont be 1 when you first check it … something fishy will have been going on

    Now here’s the somewhat cool part\, a side effect of trying to make malfeasance hard for nation state actors – I’m making an open source product, my hardware and software are all there for anyone to copy, anyone can clone it and sell their own product, but as Bunny points out my reputation is on the line here – however no one can make a device and claim it’s mine and still have it pass the identity check above – I give away my code and designs, but not my crypto keys (you don’t need them for the device to perform its primary purpose)

    (If you have a OneRNG and don’t know about this it’s still experimental, have a look on the mailing list, instructions are there – the actual server is still a bit, um, bouncy – if it’s not working drop me a note)

  7. […] engineer Andrew ‘bunnie’ Huang has written a piece detailing his use of bitmarks, a blockchain-backed source and authenticity verification system, to fight back against recycling […]

  8. […] Why I’m Using Bitmarks on my Products. […]

  9. […] Why I’m Using Bitmarks on my Products. […]

  10. […] speaking of overseas manufacturing, famed Xbox hacker Bunnie Huang (@bunniestudios) wrote this week about his experiments tracking product shipments and recalls using Bitmarks (@BitmarkUpdates), a […]

  11. […] talking of abroad manufacturing, famed Xbox hacker Bunnie Huang (@bunniestudios) wrote this week about his experiments monitoring product shipments and remembers […]

  12. […] speaking of overseas manufacturing, famed Xbox hacker Bunnie Huang (@bunniestudios) wrote this week about his experiments tracking product shipments and recalls using Bitmarks (@BitmarkUpdates), a […]

  13. The worlds best Bitcoin game

  14. Abdussamad says:

    >This scenario could be mitigated by using tamper-resistant labels.

    They can just make their own labels so tamper resistance is worth nothing. Write down the words and print out your own labels.

    >And for every label that’s copied by a cloner, there’s one victim who will have trouble getting support on an authentic unit.

    Are you saying because the fakes will seek warranty first?

    I don’t see how your “solution” solves anything.

    The only way this would work is if the phrases were single use only. You claim them and after that you can’t sell your product in the secondary market unless you get a new phrase (via the site) to mark the change of ownership. No phrase can be claimed more than once.