Access control

This is a means to ensure that access to assets is authorised and restricted based on business and security requirements.[111]


Characteristic of information that does not permit a personally identifiable information principal to be identified directly or indirectly.

Anti-money laundering (AML)

A set of laws and regulations designed to ensure that financial services companies do not aid in criminal and/or terrorist enterprises. Efforts to combat money laundering and terrorism finance include KYC requirements, suspicious activity reports and currency transaction reports, all of which require financial institutions to investigate and report any customers or transactions that could be furthering a criminal enterprise. AML obligations can be burdensome, but failure to comply can result in heavy criminal and civil penalties. Global AML obligations differ by jurisdiction.

Application Program Interface (API)

An Application Program Interface (API) is a piece of code that governs the access point to a server and the rules developers must follow to interact with a database, library, a software tool or a programming language.

Artificial intelligence (AI)

The capacity of a machine to imitate intelligent human behaviour.


Verifying the identity of a user, process or device, often as a prerequisite to allowing access to resources in an information system.[112]

Autonomous software agent (ASA)

An autonomous software agent is a component that has the intelligence necessary to autonomously decide when to perform an action. An ASA runs autonomously on the blockchain and enables a network participant to collaborate and negotiate transactions among themselves on behalf of, and instructed by, the entities controlling them. It is also called a decentralised application (Dapp).

Availability (in computer security)

Property of being accessible and useable upon demand by an authorised entity.

Bill of landing (B/L or BOL)

A document issued by a carrier to acknowledge receipt of cargo for shipment.

Commercially sensitive data

Data of a commercial nature or origin that, if known to parties other than the owner of the data, can result in adverse business consequences. Examples of such data include pricing, identity of subcontractors, true cost of goods and identity of end buyers downstream in a supply chain.


Property that information is not made available or disclosed to unauthorised individuals, entities, or processes.

Consensus mechanism

Set of rules and process(es) that determines how nodes reach agreement about a set of data and whether to approve (validate) transactions in the blockchain network. As per the MIT Center for Information Systems Research’s definition, it is defined as the algorithm used to validate transactions and blocks. Consensus may rely on cryptography and a percentage of participant votes (nodes) to validate a block. Consensus protocols must also provide a mechanism for resolving block conflicts. At the other end of the spectrum, in some privately owned blockchains the owner may decide that only the transacting parties and one other node are required to validate. The amount of time and computing power necessary to run a blockchain vary significantly based on the consensus type and percentage of nodes required.


Companies often collaborate and partner up with other companies for various projects, and in doing so they form consortiums or joint ventures. Generally, a consortium or a joint venture is a strategic business association, combination or group of two or more entities or individuals formed to undertake an enterprise together. The intention when entering into a consortium or joint venture is to combine the individual resources and strengths of the parties involved to ensure the success of the new business venture. There are differences between a consortium and joint venture, but those differences depend on the jurisdiction in question.


Under the GDPR (Article 4), the natural or legal person, public authority, agency or other body that, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by European Union or EU member state law, the controller or the specific criteria for its nomination may be provided for by those laws.


An object or data structure that authoritatively binds an identity – via an identifier or identifiers – and (optionally) additional attributes, to at least one authenticator possessed and controlled by a subscriber.


The generic term for any digital asset or “token” that can be mined, purchased or transacted within a blockchain or distributed ledger network. The most famous cryptocurrency is bitcoin and others, of which there are over 1,000, include ether, Litecoin and NEO.

Cryptographic key

Sequence of symbols that controls the operation of a cryptographic transformation. A cryptographic transformation can include but is not limited to encipherment, decipherment, cryptographic check function computation, signature generation, or signature verification.

Cryptographic techniques / cryptography

A discipline or technique that embodies principles, means and mechanisms for the transformation of data in order to hide its information content, prevent its undetected modification and/or prevent its unauthorised use.

Data subject

As defined in the GDPR (Article 4), an identified or identifiable natural person where an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Decentralised application (Dapp)

A digital program that runs on a P2P network of computers and utilises Smart Contracts to access a Blockchain network and enforce each term of agreement between two parties.

Decentralised autonomous organisation (DAO)

An organisation that operates autonomously in accordance with preset rules, utilising a blockchain and coordinated through a distributed consensus model. The DAO, established in 2016 utilising Ethereum, was an example of this type of organisation.

Denial-of-service (DoS)

Prevention of authorised access to a system resource or the delaying of system operations and functions, with resultant loss of availability to authorised users.

Digital asset

An asset that is digitally represented on an electronic medium or stored on a digital device.[113]

Digital document

Digital information that has been compiled and formatted for a specific purpose, that includes content and structure and may include context.

Digital identity

A unique representation of a subject engaged in an online transaction. A digital identity is always unique in the context of a digital service but doesn’t necessarily need to uniquely identify the subject in all contexts.

Digital signature

Data appended to, or a cryptographic transformation of, a data unit that allows a recipient of the data unit to prove the source and integrity of the data unit and protect against forgery e.g. by the recipient.

Distributed ledger technology (DLT)

Software that uses a blockchain or similar data structure shared over a network of participants who distribute and verify information about transactions.


The eIDAS Regulation 910/2014 sets a framework for electronic identification and trust services for electronic transactions in the European single market.

Endpoint security

This is the process of securing the various endpoints on a blockchain network, often defined as end-user devices such as mobile devices, laptops, and desktop PCs, although hardware such as servers in a data centre are also considered endpoints. Precise definitions vary among thought leaders in the security space, but essentially, endpoint security addresses the risks presented by devices connecting to an enterprise network.[114]

Fourth industrial revolution (4IR)

A way of describing the blurring of boundaries between physical, digital and biological worlds created from advancements in artificial intelligence, the Internet of Things, and other technologies.[115]

General Data Protection Regulation 2018 (GDPR)

Regulation number 2016/679 entitled Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

Goods and services tax (GST)

A tax on goods and services sold domestically for consumption which is included in the final price and paid by consumers at the point of sale to the government from the seller.


(A person to) computer hacking (as by infiltration and disruption of an IT network or website) done to further the goals of political or social activism.[116]


A hash is the result of a function that transforms data into a unique, fixed-length digest that cannot be reversed to produce the input. It can be viewed as the digital version of a fingerprint, for any type of data.

Homomorphic encryption

Symmetric or asymmetric encryption that allows third parties to perform operations on plaintext data while keeping them in encrypted form.


Refers to the ability not to be changed – data stored in a blockchain is very hard to be changed, even by administrators. However, absolute immutability does not exist.

Initial coin offering

A fundraising method through which an entity creates a certain number of Tokens or Coins and sells them to the public.

Internet of things (IoT)

A network of items – each embedded with sensors – that are connected to the internet.

JIT inventory

JIT, or just-in-time, inventory is a supply chain management technique whereby inventory is procured and transported to the point of need only when that inventory will be used imminently for production or the fulfilment of orders. Using this technique, supply chain managers can avoid holding excess inventory.

Know your customer (KYC)

The requirement, pursuant to the US Bank Secrecy Act, that financial institutions conduct due diligence on their customers prior to engaging in transactions with them. The goal is to avoid inadvertently engaging in criminal activity by furthering money laundering, terrorism finance or other criminal enterprises, or engaging in business with persons on the Office of Foreign Assets Control sanctions list.

Membership service provider (MSP)

A modular component that is used to manage identities on the blockchain network. This provider is used to authenticate clients who want to join the network. A certificate authority (CA) will be used in MSP to provide identity verification and binding service.

Memorandum of understanding (MOU)

A document that expresses mutual accord on an issue between two or more parties. To be legally operative, it must (1) identify the contracting parties, (2) spell out the subject of the agreement and its objectives, (3) summarise the essential terms of the agreement, and (4) be signed by the contracting parties.


A person engaged in Mining, and an opportunity for computer geeks to sound tough when asked what they do. In addition, the Miners act almost as shareholders and earn voting rights when a change, such as a Fork, is proposed.

Minimum Viable Ecosystem (MVE)

A network that has enough diverse stakeholders on board to be able to create the basic amount of interactions to function.

Mutual recognition

A principle of international law whereby states party to mutual recognition agreements recognise and uphold legal decisions taken by competent authorities in another member state.


A node is a computer running specific software which allows that computer to process and communicate pieces of information to other nodes. In blockchains, each node stores a copy of the ledger and information is relayed from peer node to peer node until transmitted to all nodes in the network.

Network nodes

Nodes represent blockchain network agents or participants, such as banks, government agencies, individuals, manufacturers and securities firms within a distributed network. Depending on the permissions set in the network, they may be able to approve/validate, send or receive transactions and data. They may validate transactions through a consensus mechanism before committing them to a shared ledger (though not all nodes perform validations depending on the system, architecture and other elements).


A transaction in which the value moves outside of a blockchain.


A transaction that occurs on the records of a blockchain.


An interface with a data source external to a blockchain that provides input data (e.g., share price information) required for a determination of outcomes under a Smart Contract.

Oracle problem

A problem of ensuring the accuracy and correctness of data at the time it is submitted to the blockchain.

Peer to Peer (P2P)

The transfer of an asset from one person to another person. It is a model in which two or more persons share resources and distribute tasks through a Decentralised Network, rather than a centralised server or network.

Penetration testing (pentesting)

The process of probing and identifying security vulnerabilities and the extent to which they are used to a cracker’s advantage. It is a critical tool for assessing the security state of an organisation’s IT systems, including computers, IT network components, and applications. Hackers of the White Hat variety are often hired by companies to do penetration testing. It is money well spent; computer security experts contend.[117]


A system that uses a layer of access control to dictate the actions that may be taken by the Node users of such systems.


A blockchain network in which users have equal permission to utilise and interact with the network and in which users’ permission to utilise and interact with the network is not set by the network itself or any central person or institution.

Personal data

As defined in the GDPR (Article 4), personal data means any information relating to a data subject. It is important to note that information that relates to a data subject, even without a name, can qualify as personal data under the GDPR.

Private blockchain

A blockchains to which access is restricted. A private blockchain is often controlled by a central person or institution.


As defined in the GDPR (Article 4), any operation or set of operations that is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.


As defined in the GDPR (Article 4), a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller.

Proof of existence

The ability to show that a document has not been changed since it was written to the blockchain.

Public blockchain

A blockchains that anyone may access and participate in. The Bitcoin blockchain is an example of a public blockchain.

Risk management

Process of assessing and quantifying risk and establishing an acceptable level of risk for the organisation.

Role-based access control (RBAC)

Permissions attributed to a role granting access to an object.

Service provider

An entity that delivers application functionality and associated services across an IT network to multiple service consumers.

Smart contract

A smart contract is a computerised transaction protocol that automatically executes (whether by all or a large number of blockchain network nodes) the terms of a contract upon a blockchain once predefined conditions are met. Blockchains can be programmed to automate business processes (e.g. making payments) in different entities.


Potential cause of an unwanted incident, which may result in harm to a system or organisation.

Token (for a blockchain network)

A digital asset used in a blockchain transaction. A token can be native to the blockchain, such as a cryptocurrency, or it can be a digital representation of an off-chain asset (known as tokenised asset) such as the title to a house.


The process of replacing a primary account number (usually a credit card) with a surrogate number (or token – different from a Token) that is randomly generated and not otherwise associated with a payment device. Tokenisation is supposed to provide account holders with additional security, especially at point-of-sale terminals, so that their credit card numbers are not vulnerable to hacking.

Transaction (blockchain)

Transaction is the most granular piece of information that can be shared among a blockchain network. They are generated by users and include information such as the value of the transfer, address of the receiver and data payload. Before sending a transaction to the network, a user signs its contents by using a cryptographic private key. By controlling the validity of signatures, nodes can figure out who is the sender of a transaction and ensure that the transaction content has not been manipulated while being transmitted over the network.

Trust anchor

An organisation that conducts identity proofing, then issues physical documents and/or digital credentials/attestation on which others rely.

Validator (blockchain)

Someone who is responsible for verifying transactions within a blockchain. In the Bitcoin Blockchain, any participant can be a blockchain validator by running a full-node.

Value added tax (VAT)

A tax added on a product whenever value is added at each stage of the supply chain, from production to the point of sale.


Weakness of software, hardware, or online service that can be exploited.


A non-physical storage device for cryptocurrency that a person downloads as a software file and that remains connected to the internet. A Wallet can be downloaded and installed on a computer, run online via the cloud, or run on a smart device via a mobile application.