Trusted Exchange

Definition

This building block facilitates trusted data exchange among participants, reassuring participants in a data exchange transaction that other participants really are who they claim to be and that they comply with defined rules/agreements. This can be achieved by organisational measures (e.g. certification or verified credentials) or technical measures (e.g. remote attestation).

Role and Scope

Facilitates trusted data exchange among participants.

Features

DSBA - CTO architecture coherence [DRAFT. NOT APPROVED]
  • Security Profiles

  • Certification

  • Remote Attestation, remote integrity verification

  • Trust Authority for verifying trustworthiness of participants

  • European identification

  • IDS Connector implementation

i3-Market Project
  • An Identity and Access Management system based on Decentralized/Self Sovereign Identity and Verifiable Credentials

  • Smart Wallets with different level of security (Cloud/HW Wallet).

  • Smart Contracts.

  • A Data monetization system based on crypto currency for secure, trusted and cost-effective peer-to-peer payments.

Go to the source.

Components and Technologies

i3-Market Project
  • Tokenization

  • interaction with the decentralized ledger of the Data Storage system and with the Data Access System for the monetization of the data assets.

Smart Connected Supplier Network
  • Digital platforms, interconnected using IDS

  • Independent ‘address book’ for routing communication

  • Several providers

  • One-time integration with own ERP system

  • Registration in the SCSN address book

ECI - TNO
iSHARE Foundation
  • iSHARE Satellite

  • Participant registration service for data spaces, allowing data spaces to make participants known in their data space and also across data spaces.

  • Totally federated 'trust phone book' to discover participants, find the trust level and the roles, and of course the data space.

i4Trust
  • iSHARE Satellite services are used at this moment. This service has been defined implementing Trust Anchor functions within data spaces to verify trust of participants.

CS4EU project
  • FE2MED (Functional encryption to Medical Data)

Technical Reference Implementation

Design Principles Position Paper

Trust is a necessary feature in any data-sharing environment, i.e. also for predictive maintenance. Unfortunately, predictive maintenance is difficult to achieve, as algorithms used are still not as effective as desired, and the quality of outcome often is not sufficient, due to a lack of reliable data. Nevertheless, integrating and leveraging data from partners – and even from competitors or companies from different sectors (OEMs, maintenance equipment producers, energy companies) – can be of great benefit for all participants. To overcome the lack of trust currently still prevailing, data sovereignty concepts and services should be employed

AgriSpace4Trust

AgriSpace4Trust aims to integrate i4Trust Marketplace Framework working with FIWARE’s Smart Models and linked data following the latest NGSI-LD specifications. In addition, iSHARE integration to a third-party SensorPassport implementation will build trust within the community. SensorPassport includes functionalities on validating sensor operations, credibility, access, authorization and account control through iSHARE integration.

iSHARE Foundation

Distributed Ledger node for federated registration of participants in data spaces, hence enabling legal and organisational interoperability.

Datavillage
  • The Data Cage: A confidential computing environment to process data from different parties while ensuring data confidentiality and algorithm ownership.

    • End to end data encryption with algorithm integrity through enclaving

    • No data leak with whitelist sandboxing

    • Automate secure deployment on cloud providers

    • Data access management with data activity ledger

    • Interoperability with linked data and knowledge graph

  • The Data Pod: A personal data store where individuals control and manage their data.

    • Extend your data mesh with personal data store

    • Rely on user centric data model, feed and connect first and third party data

    • Get customer consent and access data in full transparency

    • Process data from Data Pod to the Data Cage

i4Trust
  • iSHARE provides testing and operation instances of the service.

  • API gateways used in i4Trust are available in the FIWARE Catalogue. The extended version of the Kong API gateway via plugins is recommended.

  • Portfolio of pioneer use cases relying on the i4Trust framework and using iSHARE Satellite services as basis for verifying trust of participants.

CS4EU project

The Functional Encriptation for Medical (FE2MED) asset is used in CyberSec4Europe (CS4EU) projec. CS4RU goal is provide security measures when medical data are shared. It secures data sharing by using this functional encryption tool. FE2MED ensures data integrity and confidentiality, Leveragecrypto libraries which implement Inner product schemes (e.g., simpleDDH or damgardDDH) for computing data sets providing statistical results to the data consumers. It also implements ABE schemes: KP-ABE schemes ensuring that only selected recipients are able to see certain data. It provides a graphical user interface for facilitating the KP-ABE use. FE2MED is a service currently deployed on premise.

It can be ceployed as a Service

Business Use Cases Implementation

ECI - TNO

A metal company purchases metal sheets to their providers as well as they receive orders from customers. Through the SCSN and IDS network they can receive orders through ECI gatewise and the IDS network to supply drive. Therefore, they can send a purchase order to their providers and they can receive purchase orders from their clients, even though they have different platforms. Information can be transmitted no matter where connectors and suppliers are connected, making sure that every type of business gets digitized and isn’t left behind.

ADVANEO DMP

The ADVANEO DMP is a collaboration portal that enables the data-sovereign formation of Data Spaces for data-driven applications. Integrated AI tools, data models and applications as well as free access to millions of Open Data support the development of data-driven innovation projects. The DMP has no contact with the actual raw data, being directly transmitted to the interested party in peer-to-peer encrypted form by an IDS-Connector. Only the exploitation result is accessible, enabling the sharing of confidential data in value chains.

Vastuu Group

The goal of the project was to use the IDS standard to reveal the energy consumption and emissions information found in Helsinki Region Transport’s (HSL) and a specific city district’s data platforms. This way the data of both public transport and buildings could be taken into account when searching for ways to reduce the energy consumption and carbon footprint in a certain area. The project required developing a solution that would enable smooth data transfer without sacrificing information security.

Vastuu project's structure

AgriSpace4Trust

AgriSpace4Trust enables the prosumption of data services to optimise energy inputs in olive production creating new data-driven services. It proposes to create data hubs supported by i4trust data space that exploit local weather stations or agro-environmental sensors and open them to a broader community of local users. This way, opinion leaders and tech-savvy farmers will invest in buying specialised equipment, and data can be shared at will, including cooperatives and farm advisors/ agronomists.

Datavillage
  • TAILORED CONTENT DISCOVERY FOR END-USERS

Enable the analysis and processing of sensitive personal data aiming better content recommendation through data sourced directly by your users in a compliant and secure way. Let users consume online content on multiple platforms with their own reputation, identity and history. Don't collect the data in your system but access and process it via the end-users Data Pod and the Data Cage.

  • TAILORED CONTENT DISCOVERY FOR END-USERS

Enable the exploration and processing of user behaviors with other media & entertainment companies in a compliant and secure way (GDPR, e-privacy ...).

CS4EU project

Use Case MD-UC1: Sharing Sensitive Health Data Through an API The FE2MED asset, used in CyberSec4Europe project, secures data sharing by using this functional encryption tool.

The Medical Data Exchange demonstrator is intended to increase the trustworthiness between stakeholders when sharing medical data through a marketplace platform thus generating new business opportunities. This will be achieved by using a real environment provided by the COVID-19 Data Exchange platform50 (COV19DEP)launched by Dawex, which will offer to the users an anonymization service and a functional encryption service for increasing the user privacy and security when sharing data.

The figure below shows the basic flow of this Medical Data use case.

Best practices identification and recommendations

iSHARE Foundation
  • There is a governance structure to the ledger and hence provides measures for changes and eventual fixes.

Datavillage
  • Flexibility to deploy on any cloud provider

  • Development environment with test data required

  • In memory processing

CS4EU project

The main functionalities should be deployed on the data provider infrastructure for minimising data leaks.

## Gap or what is missing?

Datavillage
  • A database integrated into the confidential computing environement is missing. We are looking to integrate an in memory graph database like redis.

i4Trust
  • Convergence with other alternative Trust Anchor services (Gaia-X, IDS, EBSI) is being analysed under the DSBA (Data Spaces Business Alliance).

CS4EU project

User interface could be made more friendly and additional crypto schemes can be included. Mechanisms for sharing decrypting keys.

TRL

High TRL
  • High-tech domain: Smart Connected Supplier Network (SCSN) + IDSA

Low TRL
  • Metal domain: Market 4.0

  • Plastic domain: Market 4.0

Comments

Additional Information

iSHARE Foundation

Find more information in iSHARE Foundation's webpage.

i4TrustMore information about iSHARE can be found here:

CS4EU project

More information about Cyber Security for Europe project and the use cases are described at the D5.5 Specification and set-up demonstration case Phase 2. [https://cybersec4europe.eu/wp-content/uploads/2022/01/D5.5-Specification-and-set-up-demonstration-case-Phase-2-v1.0_submitted.pdf]

Last updated

© 2016 – 2024 | All Rights Reserved | International Data Spaces Association