Most people in the watch industry have heard the phrase "blockchain authentication" and assumed it means something complicated, something speculative, or something designed for people who own crypto.
None of those assumptions are accurate.
What we are building at AllChrono is a portable, permanent, publicly verifiable record for a physical object. The underlying technology is blockchain. But the thing it produces — the passport — is better understood as a watch's permanent file.
Let me explain exactly what that means and how it works.
The Problem With Every Certificate That Exists Today
Before explaining what a passport is, it helps to explain what it replaces.
Today, when a watch is authenticated, the result is a PDF. Sometimes a card. Sometimes a platform-specific badge that lives inside one marketplace's interface. The problem with all of these formats is the same.
They cannot travel.
A certificate issued by Dealer A in New York means nothing to Buyer B in Riyadh. A platform badge from Chrono24 does not carry over to Christie's. A service record from an authorised maison centre exists in someone's archive and may or may not be produced when the watch changes hands again.
The watch carries forty years of history inside its case. The documentation carrying that history usually cannot survive a single transaction.
This is the core problem AllChrono is solving.
What a Passport Is
An AllChrono passport is an ERC-721 token minted on Polygon, using the open Arianee protocol.
For those unfamiliar with that language: it is a unique digital record stored on a public blockchain. It cannot be deleted. It cannot be altered after it is written. It can be read by anyone with the token ID and costs us approximately fifteen to twenty cents to create.
The passport captures eight categories of information: the watch's identity, its physical condition at time of authentication, any anomalies or concerns noted by our verifiers, its service history, its ownership chain, any provenance documents, a log of every re-authentication event, and any insurance or valuation records attached to the piece.
That record accumulates over time. Every time the watch passes through our network — for a re-authentication, a service record update, or an ownership transfer — the passport is updated, not replaced. The history compounds on the same token.
What Goes On-Chain and What Does Not
Not everything lives on the blockchain directly. The architecture separates two types of data deliberately.
On-chain, on Polygon, we store the authentication verdict, the timestamp, the authenticator's identity, the watch reference, any ownership transfers, and the cryptographic fingerprints of all associated media. These records are small, cheap to write, and immutable.
Off-chain, on IPFS, we store the full inspection photographs, movement close-ups, serial number images, complete inspection reports, service invoices, and any video documentation. These files are too large for on-chain storage, but they are content-addressed — which means they have a unique fingerprint based on their content.
That fingerprint is what gets stored on-chain.
The system is designed so that if anyone tampers with a photograph stored on IPFS, the content fingerprint changes. The changed fingerprint no longer matches what is recorded on the blockchain. The tamper is detectable at a system level without anyone needing to investigate manually.
The chain does not store the photograph. It stores proof that the photograph has not changed since the day it was taken.
How We Bind the Physical Watch to the Digital Record
The hardest problem in any physical-asset authentication system is the same: how do you prevent someone from simply swapping the object?
For watches, our answer is the photographic fingerprint.
At the time of authentication, our verifiers photograph the watch in precise detail: the serial number placement, dial printing variations, hand alignment, any movement details visible through the caseback, case wear patterns, and patina. No two watches of the same reference share these characteristics exactly — not even two pieces that left the factory on the same day.
Every time the watch re-enters our network for any reason, we compare the new photographs against the original fingerprint. A mismatch is a failure.
This approach has one important advantage over alternatives like NFC chips: it works on vintage pieces. A 1972 Royal Oak cannot accept an embedded chip without modification. It can absolutely be photographed.
NFC chips remain an option for new pieces from maisons who participate in our partner programme. But for the secondary and pre-owned market — which is AllChrono's primary focus — the photographic fingerprint is the binding mechanism.
Who Can Read a Passport
Anyone.
That is the point.
A buyer in Riyadh can go to passport.allchrono.com and enter a token ID before wiring money to a dealer in Geneva. A competing marketplace can display "Authenticated by AllChrono" on a listing. An insurance company can pull the provenance chain for a claim. A maison service centre can verify the piece's history before accepting it for work.
We earn nothing from those external reads. The strategy is deliberate: let the signature compound across the market, and earn on the transactions that occur on the AllChrono platform itself, where GCC buyer liquidity concentrates.
Open standard on trust. Closed network on liquidity.
Key Management
One question we get from sophisticated buyers: what happens to the passport if AllChrono ceases to operate?
The honest answer is: nothing happens to it.
The Arianee smart contracts are already deployed on Polygon. They cannot be removed. Every passport minted through those contracts remains readable and transferable regardless of whether AllChrono exists as a company. The contracts are MIT-licensed, which means any successor organisation could fork them and operate a compatible registry.
AllChrono's own signing key — the key that authorises new passport issuances — is held in Google Cloud KMS with Cloud HSM protection, using a multi-signature scheme that requires three of five separate hardware modules to approve any signing operation. This is institutional-grade key custody, not a single point of failure.
What This Means in Practice
The passport is not a marketing asset. It is operational infrastructure.
A dealer who submits a watch for AllChrono authentication comes out with a piece that has a permanent, publicly readable provenance record attached to it. That record clears faster in cross-border transactions, supports higher asking prices, and travels with the piece through every future sale without needing to be recreated.
A buyer who purchases a watch with an AllChrono passport owns more than the watch. They own a documented history that they can share with the next buyer without depending on the current seller's word.
That is the difference between a certificate and a passport.
One proves a moment. The other proves a life.
— Raihan Ahmed, CTO, AllChrono