Provenance and traceability

• Audit-proof logging of data exchange transactions

• Data Provenance Tracking

- Encryption module with digital signature, hashing function, web framework, unique identifier generator, watermarking, fingerprinting. - Data use traceability component module.

In the scope of a circular supply chain, there is need for providing end-to-end traceability of the status and conditions of key circular entities, like products or materials. The building block allows authorised participants to query on the status of specific products and materials, and to receive detailed information about their status and location in the circular chain.

- Data use traceability component module has two purposes: (1st) to trace data flows by fingerprinting/watermarking, and (2nd) the identification of data leakages. The module addresses the need of Data Providers, OEMs and Data Processors to get a solution which enables the identification of data leakages or misuses. Basis for this component are data fingerprinting and watermark technologies that shall enable the identification of the last data source within the smashHit ecosystem. The fingerprint or watermark will provide answers about where the leaked or misused data was located or forwarded the last time which will avoid the blaming of guiltless participants in a consent chain.

Figure.Application of smashHit’s Data Use Traceability Component

- A Data Provider get the authorization from the Data Owner to use and transfer the data to a specific list of Data Processors/Processing entities. The data is transferred from the Data Provider to different data Processors or among Data Processors. From the transfer logs, the Data Owner can view the different transactions, thus providing the transparency of data sharing.

Another use case is that a data is transferred from a Data Provider to several Processing entities which show their interest to the data. From the transfer logs and general information about Processing entities, it is possible to analyse categories of businesses interested to a specific kind of data, and perform targeted advertising to other Processing entities.

While transferring data, the Data Provider and the Data Processor should make sure that the transfer respect the consent signed with the data Owner (authorized processing entities, expiration date of consent, ...). The receiving company of the data, before using that data, should make sure (using hashing, watermarking or fingerprinting technologies) that it hasn’t been tempered by a third party.

There is no gap in our implementation, however it could be extended to perform further data analysis.

https://smashhit.eu/enabling-data-use-traceability-with-smashhit/ Implementations of data analysis methods, that could be applied on any kind of data and also transfer logs, are under development and could be found here: https://github.com/D-Stiv/smashHitUBO