Enabling document authenticity through DLT – a project by CGI and NORDAKADEMIE
The full article was originally published by the IOTA Foundation on blog.iota.org. Read the full article here.
We are driven by ambition to deliver the best distributed ledger technology available to market. This cannot go without academic recognition. A recognition that combines both validation and endorsement of our research efforts, core technology development and adoption in more applied research contexts, developing solutions for tomorrow’s challenges.
For these reasons we are constantly engaging with academic organizations across Europe and the world, to get them close to IOTA technologies and enable and empower their students to research and build on it. It is in this context that last year, despite the new challenges brought by national lockdowns and on-going pandemic, we worked with CGI, a globally leading service provider for IT and business innovation, to deliver an online workshop and to set the research challenges for an innovation project with future professionals from the NORDAKADEMIE Graduate School in Hamburg ().
The validation of documents is a lesser-known, yet promising use case of DLT, that we asked students to address. Based on the IOTA technology, the project team of students, and supporters from CGI, the IOTA Foundation and the NORDAKADEMIE, iteratively developed a proof of concept for a safe and tamperproof exchange of data between business partners.
The team has consolidated their thought process and experiences around the ideation, innovation and implementation, which we are happy to jointly share.
“We are very pleased to be able to give our students the opportunity to carry out innovative, practical projects in interdisciplinary teams with the support of leading companies,” says Prof. Dr. Joachim Sauer, scientific supervisor of the project.
The necessity for secure document exchange within a world of social hacking, physical and digital document forgery and insecure communication channels is constantly increasing. Usually dedicated institutions provide this kind of service and act as a trustworthy third party between business partners. Such institutions could be notaries, governmental organizations or digital file exchange services. Replacing this third party provider with an IOTA tangle solution allows not only faster and highly secure document transfer, but also provides an opportunity for cost savings.
As a decentralized network, the Tangle can act as a truly neutral layer between partners. Since the ledger is immutable, transactions (such as data exchanges) cannot be manipulated and are traceable for all users. Therefore, there is also no need for a central administration to validate those transactions – the trust is built by the network itself.
“The aim of the project was to create a concept for a flexible and user-friendly solution to exchange documents while exploring the possibilities of the IOTA technology” says Alexander Leonard Ronge, Director Industry 4.0 / IoT at CGI.
Therefore, the solution was intended to integrate easily into existing infrastructure and support two central use cases.
A big than you to the team that worked in the project:
Use Case: Standalone
The first use case supports the possibility of verifying a document with an app to check whether it was manipulated. In order to do this, the document must be uploaded to the tool by the sender first in order to be validated. Afterwards, the sender can download the document again and send it to the desired recipient. The recipient can then upload the document to the tool and validate it. Moreover, the recipient will be informed wherever there is a newer version of the document available. For this use case, the method of transfer can be chosen freely, which makes this implementation suitable for a document exchange between users who are not associated with each other.
Use Case: Integrated
With the second use case, users can connect with each other through a dedicated communication channel and share documents which are saved to a document management system. Here, the sender can simply upload a document and create a group of recipients. Once the recipient downloads the document, it is validated automatically. Moreover, if there is a newer version of the document available, the recipient will be informed accordingly and will be provided with newer document versions. This use case offers more convenience to the sender and recipient than the first use case but is only suitable if the users are associated with each other and have constant communication, such as within an organization or between business partners.
The central functions of the solution are to receive, return and validate metadata of a document exchange, which could be the document hash and a pointer to the document storage location and optionally track revisions of the document. The document itself is stored and transferred off-tangle, to save storage space, retain data confidentiality and increase the speed of transaction. Technically, the exchange of data is handled via IOTA Masked Authenticated Messaging (MAM) which provides channels that recipients can be on- and off-boarded to.
Through a modular architecture the solution allows adaptation to customer-specific use cases and simplifies updates along the advancement of IOTA technologies. Having this focus on flexibility allows choices in a variety of central decisions:
– Identity management which could either be handled by an existing solution at an organization or be connected to a standalone solution.
– Architecture and hosting, depending on the number of parties using the tool, making it usable as one central open access platform or a company-owned platform
– Hashing and encryption of the documents which is essential to maintain security along developing standards
To prove the feasibility of the concept, proof of concepts for each use case were built. The first use case was a web app for document upload, hashing and validation. The second one was an integrated solution comprising an interface with immediately accessible, and automatically verified documents of an integrated document storage. This proves that the same backend can handle a wide range of business scenarios that allow safe document transfer supported by the IOTA tangle.
“The project results were very pleasing and of high quality. Further initiatives can be based on the concepts developed,” says Prof. Dr. Joachim Sauer.
The project team had many valuable experiences and learnings, which we would like to share. The following learnings may be helpful to others who want to start their own project with IOTA Technology as well:
Get a birds-eye view
The IOTA ecosystem grows continuously and provides solutions for common challenges in all kinds of projects. In our experience the combination of the different IOTA technologies and products really make a project come together. Therefore, it makes sense to get an overview of the different existing and upcoming IOTA solutions before starting. Sometimes you can build your product upon already-existing elements of the IOTA technology.
Due to the innovativeness of projects in the DLT space, developing a tool is a process of learning, testing and trial and error. At the beginning, there was only a rough idea. Requirements changed and the tool itself evolved throughout the project. Therefore, if you are new to the IOTA ecosystem and the requirements are not perfectly clear from the start, we suggest planning your project iteratively as well.
The innovation of the IOTA platform has moved at an incredible pace since we finished the PoC of our platform. Since then IOTA Streams have seen an alpha release which replaces the MAM-Technology we used initially. Also, IOTA Identity has seen a release of their core library which provides a solution for identifying the parties involved in a transaction. Moreover, Chronicle provides a solution for storing data-transactions indefinitely, to archive all data exchanges for later retrieval and auditing. We especially welcome the outlook towards the Chrysalis update, as new features like reusable addresses and user friendly libraries will make developing on IOTA much more simple.
If you encounter challenges during your own project or want to exchange ideas with like-minded people, we suggest getting involved with the IOTA community. The easiest place to do this is the IOTA discord.
CGI, founded in 1976, is a global service provider for IT and business processes with 76,000 employees offering strategic IT and business consulting, systems integration, managed IT, business process services and intellectual property at the highest level.
CGI helps clients adopt emerging technologies—such as Advanced Analytics, Artificial Intelligence, Augmented Reality, RPA, Blockchain, digital twin, IoT and more—to drive new business models, services and products, reinvent customer touchpoints and address increasing cyber threats and regulatory demands.
With over 2,500 students, NORDAKADEMIE, founded in 1992, is one of the largest private Universities of Applied Sciences with on-campus and in-class room lectures in Germany. In October 2013, the NORDAKADEMIE Graduate School was opened in Hamburg’s Dockland. The NORDAKADEMIE offers dual Bachelor’s degree programs, part-time Master’s programs, education modules and certificate courses as well as a part-time doctoral program. All degrees are internationally recognized. Top ranks within the CHE university ranking and the FIBAA accreditation reflect the high standards and quality education. The advantage of the dual concept lies in the close integration of theory and practice. More than 800 companies from all sectors have already cooperated with the private university in Elmshorn, just outside Hamburg.