Trust4Xchain: Chains of Trust for Trustworthy Data-Space Ecosystems for Value Chains

The ability to share data securely is not only a basic requirement for manufacturers transitioning into Industry 4.0. It also enables new business models in the form of data-driven applications and digital services. Secure data transfers also offer a real competitive advantage for globally connected manufacturers and supply chains. But for identities to be reliable and communication secure, trustworthy data spaces are needed, as several initiatives, including International Dataspaces or GAIA-X, have recognized.

The Trust4Xchain project aims to create secure and reliable data spaces for distributed value chains. It intends to protect the invaluable production data in transfer between different infrastructures by means of cryptographically linking all important transactions in a chain of trust. Research is under way to find out how suitable network nodes in telecommunications, so-called data space gateways, can be developed and operated from both the manufacturer’s and the operator’s perspective. To that end, the devices’ manufacturing process itself will be revised to include the immediate creation of a unique device identity for components. This is followed by the reliable monitoring and management of the relevant sensor components during actual use in factories or processing plants. By covering these two use cases, interconnectable data spaces are created in which data can be exchanged between connected factories and supply chains, flexibly and across companies.

The central development goal of the “Rights4DataChains” sub-project of Wibu-Systems in the context of the Trust4Xchain project is to provide the ability to “readjust the security level” in the mentioned use cases in the making and active use of IoT devices. The dynamic development of cloud and edge services requires flexibility in the architecture of the rights management system, as made possible by the CodeMeter system from Wibu-Systems, to be integrated as a security framework into the ecosystems’ federated structures.

Reliable DRM services (trust services) must be available to contribute as a form of trustworthy rights management to provide and maintain trustworthiness in end devices. Increasing containerization of software in virtualized environments creates new requirements concerning support for heterogeneous system platforms. The individual components of the CodeMeter DRM system, consisting of a series of cloud-based DRM services and the corresponding components on the OT level, require containerization to generally be rolled out automatically by central instances on such heterogeneous platforms. Containerization also affects the trust services rolled out as such in cloud environments. The Wibu-Systems CA instances, which serve as the root of trust for the PKI-based and containerized trust services, are located in a specially secured and proprietary IT environment. The Wibu-Systems proprietary services support updating of its own trust services components and authorization of sub-CAs or third party CAs to allow data-driven collaboration in the federated ecosystems between the parties involved in the value chain’s chain of trust. The certificates in the trust anchors are rolled out via the parties’ certificate management.