i4Q Blockchain Traceability of Data¶
General Description¶
The Blockchain Traceability of Data (i4Q-BC) solution aims to enhance the level of trust that different solutions and components can place on data. Thus, it shall serve as one of the cornerstones of data storage services to be consumed by different solutions. This solution provides services of immobility and finality of data, serving as the source of truth, enabling trust in data by providing the possibility for full provenance and audit trail of data stored. Thus, the main functionality offered by this solution is comprised of data trust traceability, enabling a full audit trail of assets and data.
The Blockchain Traceability of Data (i4Q-BC) solution is based on the Hyperledger Orion blockchain database. Hyperledger Orion is a centralised, trusted blockchain database that provides tamper-evidence, provenance, data lineage, authenticity, and non-repudiation through data centric Application Programming Interfaces (APIs), with transactional semantics and very simple well-known programming model.
The Hyperledger Orion server implements a replicated blockchain database, and is available as open source: https://github.com/hyperledger-labs/orion-server It can be deployed native on a Linux server or as a docker container and supports cluster deployments.
The Hyperledger Orion SDK-Go implements a client SDK that exposes a rich and easy to use transactional database API. It is available as open source: https://github.com/hyperledger-labs/orion-sdk-go The client SDK can be used to easily integrate the Orion DB into any solution.Besides the Hyperledger Orion SDK-Go, it provides a Orion BCDB client SDK for Java. The SDK for Java is available as open source: https://github.com/orion-bcdb/orion-sdk-java.
In addition to the Hyperledger Orion blockchain database, the i4Q-BC solution provides a machine-configuration tracking infrastructure, which takes advantage of the Blockchain (BC) technology, i.e., Hyperledger Orion blockchain database, to track the value changes of the machine configuration data and provide the capability of tracking data validation and verification as well as data auditing. See: Machine configuration infrastructure
Features¶
The main features provided by this solution include:
A key-value database: A replicated key-value database with transactional APIs. A data centric API provides a familiar and easy to use programming paradigm, which reduces complexity and cost compared to traditional blockchain platforms. A cluster of servers provide a fault tolerant & highly available solution.
Immutability and tamper evidence: All stored data is bound with cryptographic data structures (e.g.: a hash-chain), which ensures immutability and tamper evidence.
Authentication and non-repudiation: The use of digital signatures by clients and servers, for both requests, responses, and stored data, provides authentication as well as non-repudiation.
Privacy: Fine-grain privacy is achieved using key-level access control, which is enforced by the digital signatures provided by users.
Multi-party transactions: The ability to require that multiple users sign a transaction in order to make it valid, allowing tight controls on data mutations and multi-party agreements.
Provenance: All historical changes to the data are maintained within the ledger as well as in a graph structure. The solution allows the user to execute provenance queries on those historical changes to understand the lineage of each data item.
ScreenShots¶
The main components of Hyperledger Orion are depicted below:
The cluster, server API, and SDK of Hyperledger Orion are shown below:
An example showing how machine configuration can be tracked using Hyperledger Orion:
The capabilities of Hyperledger Orion for manufacturing quality were demonstrated using a simple application that saves all the changes to machine and production line configuration in to the blockchain database.
Data records are machine configuration files, in JSON format.
The actors are:
Operator: manages multiple machines by changing their configuration, has RW access to machine configuration. The operator initiates a machine configuration change, prepares it, and passes it for review to the Controller.
Controller: reviews and approves operator requests to change machine configuration. The controller is a required signatory on each configuration change request and has to approve and commit each request to the database. The controller has RO access to machine configuration, so he cannot change the configuration by itself.
Auditor: verifies and audits the configuration changes, periodically or upon request. The auditor has RO access to machine configuration records and can execute full provenance queries, tracing the activity of both the operator and controller.
In the demo it was shown how to setup the database, manage users (operators, controller, auditor), execute configuration change transactions, execute operator change transactions, and execute various provenance queries, tracing the activities of the actors and evolution of the data.
See video: https://ibm.box.com/v/i4Q-BC-demo-April2022
Commercial Information¶
License¶
The Hyperledger Orion server and the Go-SDK are open source with Apache License 2.0. See:
Pricing¶
Subject |
Hyperledger Orion (Server, SDK) |
---|---|
Payment Model |
One-off |
Price |
Free |
Associated i4Q Solutions¶
Required¶
i4Q Blockchain Traceability of Data solution has no dependency on another i4Q solutions.
Optional¶
i4Q IIoT Security Handler may be used as a Certificate Authority (CA) provider.
System Requirements¶
OS: Linux (tested on Ubuntu and RedHat).
Hardware: a set of servers capable of running a database cluster. For production at least 3 are required for fault tolerance, however 5 servers are recommended.
API Specification, User Manual, and Deployment Instructions¶
The easiest way to learn how to use Hyperledger Orion is through the Getting started guide.
Hyperledger Orion server exposes a REST API. For example, the specification of the REST API for a data transaction can be seen in this part of the user manual.
However, it is far easier to work against Orion using a client SDK, which exposes a much easier to use abstraction of atomic transactions. For example, this part of the user manual presents how to execute a data transaction using the Golang SDK.
Hyperledger Orion can be deployed as a binary on a Linux server, as a docker container, or as a container in a kubernetes cluster. Simple deployment instructions can be found here.
The complete documentation of Hyperledger Orion, including API Specification, User Manual, and Deployment Instructions is specified in the Orion documentation site: http://labs.hyperledger.org/orion-server
The sources of Hyperledger Orion can be found here:
Docker images can be found here: https://hub.docker.com/r/orionbcdb/orion-server
Hyperledger Orion was presented in a Hyperledger London meetup, see the video on YouTube.