In this code pattern, we'll demonstrate how to leverage blockchain technology and biometrics to automate a passport control system.

This is achieved here by tracking the status of a traveller, and storing all related updates on a blockchain ledger. As users go through each flight checkpoint, such as retrieving their ticket, checking in to security, etc, the application will receive some biometric data, such as an image of their face, iris, or fingerprint. The biometric data is then validated, and the check-in event is then stored on a blockchain.

1. Provision Cloud Services
2. Clone Git Repository
3. Package Smart Contract
4. Deploy Blockchain Ledger
5. Deploy Facial Comparison Service
6. Deploy Node.js application
7. Populate Ledger and Simulate Transactions

If expecting to run this application locally, please continue by installing Node.js runtime and NPM. We'd suggest using nvm to easily switch between node versions, which can be done with the following commands.

curl -o- https://raw.githubusercontent.com/creationix/nvm/v0.33.11/install.sh | bash
# Place next three lines in ~/.bash_profile
export NVM_DIR="$HOME/.nvm"
[ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh"  # This loads nvm
[ -s "$NVM_DIR/bash_completion" ] && \. "$NVM_DIR/bash_completion"  # This loads nvm bash_completion
nvm install v8.9.0
nvm use 8.9.0

Navigate to the following links to provision each service. The free "Lite" plan will suffice for this demonstration.

• Cloudant
• Kubernetes

git clone https://github.com/IBM/airexit/

We'll interact with VSCode via a graphic interface. If you're running on Linux or a headless operating system, or would prefer to manage the network manually via shell scripts, please skip ahead to the section labelled "Deploy Blockchain Ledger" section

These smart contracts are written in Golang, so the source code for the smart contracts will need to be copied to the src folder in your GOPATH. This can be done like so.

mkdir -p $GOPATH/src/github.com/airexit
cp chaincode/*go $GOPATH/src/github.com/airexit/

After this step, there should be several .go files in the directory, we can confirm with a ls command like so

Kalonjis-MacBook-Pro:~ [email protected]$ ls $GOPATH/src/github.com/airexit
airexit_chaincode.go airexit_chaincode_certs.go

• Open VS Code

• In the menu, Click "File" and then "Open" (Or press CMD + O). Navigate to the directory where your GOPATH directory is set (this should default to ~/go), and select the directory at $GOPATH/src/github.com/airexit

• Press "F1", and choose the option "IBM Blockchain Platform: Package a Smart Contract Project"

• Enter a name and version. Here we'll use "airexit" and "1.0".

• Select the "IBM Blockchain Platform" button on the left hand menu

• In the "Smart Contract Packages" section, right click on the newly generated smart contract, and then click "export" to save the generate chaincode as a .cds file. Keep note of the directory, as we'll need to reference it later.

We'll then need to deploy an Hyperledger network. This is done by provisioning each component in a docker container, and running configuration scripts to create and join a peer and channel. There are two methods to do so, and we'll need to only do one or the other.

Local Scripts

We can use the Hyperledger fabric scripts to provision a network like so.

cd local
./startFabric.sh

# confirm hyperledger containers are up and running
docker ps

Next, we'll need to install the "Smart Contracts" / "Chaincode", which are a series of functions that have the ability to modify the ledger. This is done by copying the source code into the cli container, and then running peer chaincode install and peer chaincode instantiate to activate the chaincode.

./installChaincode.sh

The install script should result in the following output. Confirm that all status codes have the value of "200" and "OK"

VSCode

• Select the menu in the "Local Fabric Ops" section, and click "Start Fabric Runtime". This downloads and starts the Hyperledger docker images.

• If the network is started successfully, we should see options to "Instantiate" and "Install" the smart contracts.

• First, click "Install", select the default peer (peer0.org1.example.com), and then select the name of the contract we've just built, which will be "[email protected]" in our case. If this is successful, our chaincode should show up in the "Installed" section.

• Next, click "Instantiate", select the default channel (mychannel), and then select the name of the contract we've just built, which will be "[email protected]" in our case. Enter Init for the function, and enter an integer "101" as the argument. This Init function is called whenever chaincode is being instantiated or upgraded, and initializes the application state. More information can be found on the Init method and other Chaincode inferface methods here

• After the chaincode is installed and instantiated, we should see the following output in the Local Fabric Ops section

To validate a passenger's biometric identity, we can simply start the service in a docker container like so

docker run -it -p 9000:9000 kkbankol/face_recognition python ~/face_recognition/server.py

This will start a Flask server that accepts images via a POST request, and has the ability to compare two facial images using the facial_recognition library.

Once the container is up, we can test the facial comparison service with curl.

We'll start by submitting a picture to be registered with the service. Note the number at the end of the register endpoint is the passport number or driver's license ID.

curl -X POST localhost:9000/register/1234 -F "file=@${image_path}"

And then comparing a different image like so

curl -X POST localhost:9000/compare/1234 -F "file=@${compared_image_path}"

If a similar facial structure is detected, we'll get a HTTP 200 OK response, also with a payload {'message':'faces match'}

Otherwise, we'll get a 406 NOT ACCEPTABLE response, with the payload {'message':'faces do not match'}

In a separate tab, you can run docker logs $(docker ps -lq) to view the logs of the latest container. The logs should look like so

request payload received
comparing faces
face_distance
[0.34975307]

The "face_distance" value is the primary score here, and the lower the score, the closer the match. The library author suggests a threshold of about 0.6.

Install frontend dependencies

cd ..
npm install -g gulp-cli bower
npm install
bower install
# run bower install --force if no output from last command

Start frontend server

gulp build
gulp

Install backend dependencies

cd server
npm install fabric-client fabric-ca-client
npm install

Start backend server

export DB_TEST_CREDENTIALS=https://{CLOUDANT_DB_ENDPOINT}
export DEPLOY_TYPE=local
node server.js

The application UI should then be accessible at http://localhost:8997/

Now that we can access the application, the next step is to register passengers with the Airexit service. This can be done by navigating to the home page, and then clicking "Registration".

Next, fill out the form with information specific to the traveller, such as their Passport number/nationality, Visa, etc. After this information has been filled out, then click "continue". This will trigger the "init_traveller" smart contract, which saves this information to the blockchain ledger.

After registering a user, we can then associate a purchased flight ticket with that user. This can be done by navigating to the "Ticket" view. Fill out the form with flight information, such as Carrier, Destination, etc and click "Continue". Be sure to enter the same passport number as the user that was created in the previous step to ensure they are properly associated.

Now, we can begin simulating the following stages of a passenger checking in to their flight.

• Check in, retrieve flight ticket
• Security
• Board plane at Gate

Each of these steps will be saved as an "event" on the blockchain ledger, which will reference the Traveller information and their picture at each checkpoint.

We can begin the simulation by navigating to the "Check In" section. This view renders a WebCam with facial tracking. Once the traveller's face is centered, they can select the "Capture" button. This will take a photograph, trim the background, and store that check in information on the blockchain.

This same process can be repeated for both the security check-in and the boarding gate.

Authorized airport employees can also see a high level overview of passenger checkins in the "Monitor" view.

We can find this by navigating back to the home page, then "Monitor", and then selecting the user we'd like to inspect. This will show a high level overview of all information pertaining to that traveller.

Behind the scenes, these events can be validated by smart contracts on the ledger. For example, we have a smart contract defined here titled verify_traveller_status. This should be triggered once a user is checking in to the airport.

if fName == "verify_traveller_status" {
  passportNumber := args[0]
  travellerAsBytes, err := stub.GetState(passportNumber)
  traveller := Traveller{}
  err = json.Unmarshal(travellerAsBytes, &traveller)    //un stringify it aka JSON.parse()
  if err != nil {
    return shim.Error(err.Error())
  }

  if (traveller.NoFly) {
    return shim.Error("Traveller is on No Fly list, alerting agent for assistance")
  }

  if (traveller.Reservation.VisaNumber != "") {
    if ( traveller.Reservation.VisaExpiration < int(time.Now().Unix())  ) {
      return shim.Error("Traveller has expired Visa, alerting agent for assistance")
    }
  }
  return shim.Success([]byte("Traveller cleared to fly"))
}

This works like so

Load all information associated with the traveller from the blockchain

passportNumber := args[0]
travellerAsBytes, err := stub.GetState(passportNumber)
traveller := Traveller{}
err = json.Unmarshal(travellerAsBytes, &traveller)

Each traveller should have a boolean value which determines if they're on a no fly list. The value should default to "False", but if it is set to true, than the traveller will be denied further access to the check-in process.

if (traveller.NoFly) {
  return shim.Error("Traveller is on No Fly list, alerting agent for assistance")
}

Some Travellers may have a Visa. This method checks to see if a Visa is associated with the traveller's reservation. If there is a valid Visa number, we'll check the expiration date, which should be stored as a Unix timestamp. If the Visa is expired, an exception will be triggered.

if (traveller.Reservation.VisaNumber != "") {
  if ( traveller.Reservation.VisaExpiration < int(time.Now().Unix())  ) {
    return shim.Error("Traveller has expired Visa, alerting agent for assistance")
  }
}

This code pattern is licensed under the Apache Software License, Version 2. Separate third-party code objects invoked within this code pattern are licensed by their respective providers pursuant to their own separate licenses. Contributions are subject to the Developer Certificate of Origin, Version 1.1 (DCO) and the Apache Software License, Version 2.

Apache Software License (ASL) FAQ