The UBIRCH client is provided as a SIM application (SIGNiT) and additional library code that handles the communication between customer code and the SIM card application. The library code is provided as open source.
A testkit based on Pycom modules is available.
Library Source Repository:
TestKit Source Repository:
– a system with access to a modem that supports AT+CSIM commands
– alternatively a ubirch test kit
The SIM application is protected by a unique PIN. The example testkit code handles retrieving
the PIN from the UBIRCH backend. Developers should consider storing this PIN securely on the
device, as it is the key to cryptographic functionality provided by the SIM application.
The SIM application client provides signature and chaining services to seal original data,
generated on embedded devices through the SIM card. It takes care of packaging the hashed
data and signing the package into the UBIRCH PROTOCOL PACKET (UPP) . Sending the UPP to
the UBIRCH backend must be handled by the customer application. At the backend the
anchoring in the blockchain is performed. The backend can also be used to verify already
The original data must be stored in a customer database to be able to execute verification
requests at a later stage. UBIRCH does not store any original sensitive data!
⚠ If the SIM Card is used together with the Testkit, the sensor data is sent to the UBIRCH
Simple Dataservice, which stores the data. It is an example for a data service to be
implemented by the customer.
UPP data is sent to the SIM application via SIM APDU commands. The data encoding and
handling of AT commands is done by the library code. Each SIM card comes pre-provisioned
with a UUID (Universally Unique Identifier) and a cryptographic key pair that is registered with the UBIRCH backend system and just needs to be claimed using the IMSI of the SIM at the UBIRCH console .
To claim the SIM and start working with the SIM Application, simply follow the steps in Setup
SIM card and device . If you still cannot manage to setup your device, please also check the
FAQs and if this does not help, contact us.
The UBIRCH Trust Service is a fast cloud-based backend responsible for identity management,
blockchain anchoring, device and account management. It offers simple to use REST API
endpoints to anchor incoming UPPs and to verify received data.
To improve performance, scalability and to keep transaction cost manageable, the UBIRCH
Trust Service creates its own merkle-tree structure, aggregating incoming UPPs into larger
root-hashes, which get anchored into a blockchain every minute.
The Trust Service is built as a Kubernetes cluster being hosted on Microsoft AZURE. All
performance-critical components can equally be deployed on-premise, should the necessity
arise. It is optimized for very high throughput.
The following two sections will shortly describe the two most important processes of sealing
and verifying data.
In general the process always consists of:
The following simplified sequence diagram uses pseudo code to show the process of sealing
and anchoring data. This example shows the usage of an application which is sharing data
/measurements, test results) with any kind of data receiver. This is just an example to show the
process and not necessarily the exact final architecture to use UBIRCH.
Each received data packet which has been sealed with the UBIRCH CLIENT (has been ubirched )
at the place of its ‘birth’, can easily be verified by the receiver, regarding its authenticity,
integrity and chain validity. Since the seal is not directly attached to the data and anchored to
the blockchain, the verification can be done by anyone, who has (access to) the data. This
process is completely independent from the channel of transmission, which has been used to
share the data and is also beyond any system boundaries.
The following simplified sequence diagram uses pseudo code to show the process of verifying
UBIRCHed data (HASH-method).