DataTrust Technology

As promised, here is the technology portion of our identity blockchain. The complete white paper can be found here. We’re grateful for the feedback we’ve received so far and we’re looking forward to the next phases. Find me on twitter at @cnkeller and email at ckeller@datanexus.org and Eddie at @eddie_satterly and esatterly@datanexus.org.

The DataTrust technology stack used to implement the Trusted Identity Platform (TIP) is based both upon popular open source packages, as well as the commercial DataNexus platform. Figure 1 shows how multiple entities interact using the distributed ledger platform.

datatrust

Figure 1: DataTrust Platform Overview

DataNexus  Platform

The underlying platform is a Zero Touch Provisioning (ZTP) enterprise data capture and routing solution which serves as the base technology layer. While extensible to any technology, the standard open source implementation is comprised of:

Using the concept of commercial overlays for encryption, certificate and key management, the platform can seamlessly provide end-to-end security and compliance enabling features. This extends the underlying data platform to not only provide internal security, but to also ensure data security from collection to processing through storage to consumption. This enables the use of open source core components without the traditional concern over security and compliance.

Distributed Ledger

The Hyperledger project provides the technology behind the distributed ledger components. Specifically:

  • The Hyperledger Sawtooth project provides the distributed ledger building blocks and digital wallet
  • The Hyperledger Indy project provides for additional ledger and identity functionality

As mentioned above, the ledger is only used to record the interactions between entities, never identity or key data. DataNexus only stores entity public keys, which are used to facilitate transactions and encrypt entity metadata, never identity data or private keys. This ensures that any disclosure of the ledger outside of the DataNexus identity network has minimal, if any, impact. The types of interactions that are recorded fall into the following categories:

  • identity grants from any entity to any entity, e.g., individual to company or company to company
  • identity transfer between entities, e.g., individual to a company or one company to another
  • public key transfer between entities
  • identity acceptance from entities
  • data revocation between entities, e.g., individual to company or company to individual
  • public key revocation between entities

The underlying DataNexus platform can validate and verify the ledger transactions to ensure adherence, e.g., that an identity revocation has been recorded and implemented successfully.

Key Storage

Each entity has at least one digital wallet capable of handling multiple identities and supporting operational functions on those identities. The Hyperledger wallet supports the following operations:

  • store public and private key pairs that are uniquely associated to an identity
  • validate key pair operations on the ledger, e.g., creation, grants, revocation/deletion, and transfer
  • query information on distributed identities
  • secure (encrypt) key pairs

The wallet can be stored offline on removable media, but must have connectivity and access to the ledger in order to facilitate operations.

Identity Storage

Each business entity is responsible for securely storing identity information and implementing all ledger transactions relating to each identity under storage, which are then recorded back to the ledger for validation and verification by other entities. While the encrypted storage can be implementation specific, the DataNexus platform provides the necessary hooks for automatic verification of the ledger transactions.

Author: Christopher Keller

CTO @ DataNexus

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s