The Smart Data Protocol: Combining Web3 Innovations With Proven Enterprise Data Technologies
Part II of III
I interviewed Alan Rodriguez, founder of the nonprofit Data Freedom Foundation and inventor of the Smart Data Protocol, to get his insights and observations regarding the best Web3 innovations and how they are combined with trusted enterprise data technologies to create revolutionary solutions to current unsolvable data provenance and quality problems. This article is the second in a three-part series, capturing the highlights of our interview.
Observation 4 – Smart Data Is Inevitable
Derek:
In the first segment of our interview, we discussed data security challenges with current data sharing paradigms and the data sharing risk-reward paradox, and you proposed the idea of “smart data.” Tell us more about smart data within the context of all the other “smart” technologies emerging in recent years.
Alan:
The term “smart” was originally invented for hard drives to self-monitor and report their health using locally installed software and specialized firmware. In this original context, ‘SMART’ means Self-Monitoring Analysis and Reporting Technology. Put another way, we decided every hard drive needed to be its own little computer to monitor its own health and report any problems within its own hardware.
Speaking more broadly, according to Wikipedia, “Smart software-defined products are capable of environmental awareness, group intelligence, and can automatically respond to internal and external events.”
The smart object concept was introduced by Kallman and Thalmann in 1998 as an object that can describe its own possible interactions.
A smart physical object models and simulates the interactions with other smart physical objects and with other smart virtual objects. This includes physical and virtual humans as well as software agents in virtualized worlds. If this sounds like the Metaverse, congratulations! You’re understanding the concepts and the fact that these ideas have been around for a very long time.
A smart object enhances interaction with not only people but also with other smart objects. Also known as smart connected products or smart connected things (SCoT), they are products, assets, and other things embedded with processors, sensors, software, and connectivity that allow data to be exchanged between the product and its environment, manufacturer, operator/user, and other products and systems.
Beginning with intelligent storage systems, we’ve witnessed the slow and steady march of software control of complex hardware up the technology stack over the last 20 years – from software-defined networking and network virtualization to software-defined storage and storage virtualization to server virtualization to software defined data centers or cloud data centers and cloud computing to application containerization and application virtualization.
Surprisingly, data remains the final tier of the technology stack that has not completed this “smart” transformation.
Each step up the technology stack enabled hardware automation which drove exponential cost efficiencies. Each step changed application architectures, allowing new business models, and fundamentally altering technology roles which in turn altered the structure and operation of technology organizations. Arguably, each step up the technology stack was more disruptive than the previous steps.
To help conceptualize “smart data,” it helps to draw parallels between other” smar”t objects. For instance, smart data can also be called software-defined data, or “programmable data”, or even “data as code,” all of which have been repeatedly proposed and explored in the past.
When we talk about these ideas, we’re asking technology professionals to imagine distributed data architectures that move data around protected inside software instead of moving data around in a raw and unprotected state.
In fact, once technology professionals understand we can now control our data by moving it around inside software that just happens to contain the necessary data for a specific transaction, all existing data-sharing paradigms begin to look simplistic, immature, and even irresponsible from a security, privacy, and compliance perspective.
Why would we choose to transfer raw data when we can transfer software that contains the relevant data instead?
Some of the benefits include:
Nontechnical data owners and end-users can visualize and control their shared data usage by others. We can control when and where others use it. We can revoke access. In more complex scenarios, we can temporarily orchestrate our data flows across multiple digital services.
This level of visibility and control over our shared data expands the foundational trust required to share exponentially more data with more parties in more creative ways.
This exponential growth in data sharing unleashes endless potential for highly tailored orchestration of the technology around while prohibiting all other uses by all other people.
As we look at each step up the technology stack, there are repeating themes which reveal what we can expect from programmable data (see our blog post on Medium, titled Smart Data – A Brief Time of Intelligent Technology for more details.)
In the fullness of time, we can really begin to imagine our data as self-aware and responsive to their environment; allowing a new era of data agility, regulatory and policy compliance automation, distributed and dynamic data architectures, and transparent and accountable data usage with trustable data security, provenance, and quality.
Observation 5 – Data Needs an Open Container Standard
Derek:
How can data protect itself without relying entirely on the established layers of defense, including physical barriers like network security and firewalls, operating system security, and identity and access management to networks and applications? Can you give us some examples of proven enterprise-ready technologies that have been developed to address these key issues?
Alan:
Our team at the nonprofit Data Freedom Foundation began working to solve this problem over a decade ago. Our mission is to invent consent technology that operates at the data level. Our approach to consent technology secures, protects, and monitors data everywhere it moves.
In collaboration with our partners, we began by adding another layer around an individual’s data — a Data Container — within which we propose a standard for binding smart contracts to data secured within these data containers.
The foundational data security technology developed by Sertainty.com encapsulates sensitive data inside self-protecting, self-authenticating, and self-governing computer files. This is accomplished by combining encryption keys, authentication credentials, and an Intelligence Engine with the data, creating impenetrable data files — like traditional database files. We call these data containers Smart Data Objects.
Smart Data Objects-contained data structures can be broken into multiple parts, with each part separately secured, providing independent governance rules and encryption keys for each part. The Smart Data Object uses AES-256 encryption plus other obfuscating techniques. The goal is to ensure the secured file is used by the right person, at the right time, in the right location (physical or logical), and on the right device.
There are three aspects of Sertainty Smart Data Objects that I find fascinating:
When Smart Data Objects are transferred outside traditional network security perimeters or dedicated secure cloud enclaves, they remain as secure as data protected inside traditional network security perimeters or dedicated secure cloud enclaves.
Smart Data Objects rely entirely on their own internal Key Management System (KMS). This approach streamlines integration as data trading partners can drop Smart Data Object exchange into existing applications without traditional multi-party KMS system integration complexity.
Smart Data Objects maintain data security while also supporting read and write operations. Like me, many application and data architects will find this third aspect of Smart Data Objects revolutionary.
Sertainty pioneered zero-trust tenants a decade ago before zero-trust gained widespread adoption, and their Smart Data Objects are used in a range of highly sensitive defense related use cases. Their data security technology has been in continuous development since 2002 and backed by $70 million in investment.
Derek:
So, the Smart Data Protocol is based on well-established and trusted data security technology. What are some of the more interesting Web3 innovations being combined into the Smart Data Protocol?
Alan:
One of the most interesting “smart” capabilities we’re integrating into the Smart Data Protocol is Cryptographic Proof of Provenance. This provides mathematical verifiability of the Smart Data Object’s integrity.
Observation 6 – Data Needs Its Own State Engine
Blockchains provide communities with cryptographic verifiable State Engines, which are trusted by tens of millions of users to create digital currencies and facilitate tens of millions of transactions a day. The expanding trust in the integrity of these shared community-operated State Engines has empowered a rapidly expanding set of blockchain use cases across all major industries.
In the same way, a data container State Engine could empower a wide range of data integrity, provenance, and trusted use cases that are simply unavailable with today’s data, security, and cryptographic paradigms.
TODAQ is a Web3 technology that solves data integrity issues using cryptographic or mathematical techniques to provide Smart Data Objects their own State Engine. This is like having an immutable audit log bound to data that records every transaction and interaction event in a manner that is mathematically verifiable by the data trading partners.
A digital asset is basically a row in a database or entry in a ledger that changes over time while keeping its uniqueness. TODAQ files are a way to represent an asset so you can take it out of your database or ledger and put it somewhere else, like a laptop or mobile device, while still having the same uniqueness it had before. When someone brings that TODAQ file back to you after validating its proof of provenance, you know it has the same integrity — the same uniqueness — as if it had been in your database the whole time.
In the digital world, we have less integrity, less agency, less control and less security, with more expense, more gate keepers, more fake people, more fake businesses, more fake assets, and fraudulent markets than ever before. Authentic people and businesses need to be able to trade peer-to-peer with integrity, without rent-seeking intermediaries, while having strong ownership control of their identity and assets.
TODAQ empowers Smart Data Objects with Cryptographic Proof of Provenance, thus enabling any software system, person, or device in the cloud or at the Network Edge to do its own verifiable peer-to-peer trade and payments that are fully decentralized with any other compatible Smart Data Protocol system. TODAQ empowers Smart Data Objects to function as unique, decentralized digital twins and portable, unforgeable digital bearer assets.
With TODAQ, Smart Data Objects act as decentralized digital twins that create a unique two-way binding between software programs, artificial intelligence solutions, any kind of physical object, connected Internet of Things (IoT) devices, human personas, or even bank custodial accounts.
These digital twin-empowered Smart Data Objects perform three main functions for the physical or digital object they are bound to.
They are binders of record that capture all inputs, outputs, and actions, producing a complete, authentic, and mathematically verifiable audit log.
They interact like a form of digital cash because any data can now be converted into a digital bearer asset.
Peer-to-peer finance enables instant payment transactions and distributions between twinned objects as defined by smart contract terms.
Digital twin-empowered Smart Data Objects deliver significant benefits, including 90% payment processing savings, 50% back-office savings, and 99% cash settlement acceleration, with the throughput capacity to handle millions of transactions a second.
Smart Data Objects as portable digital bearer assets are ubiquitously interoperable and allow for markets with many different parties and systems to interoperate with significantly higher trust.
Derek:
This is all fascinating to learn and to contemplate the disruptive possibilities. But what happens when data-sharing partners access the secure data inside the data containers and pull the data out? Doesn’t this defeat the whole purpose of securing the data inside the data container in the first place?
Alan:
Yes, it absolutely does — this is The Big Question and the Last Mile Problem we’ve solved to create a workable data consent solution like the Smart Data Protocol.
DEREK:
That’s a cliff-hanger concluding remark!
What’s Next?
The third and final segment of this interview with Alan Rodriguez will explore Privacy Enhanced Technologies (PETs) and how they provide theSmart Data Protocol’s most fascinating capabilities.
References:
Kallman, Marcelo; Daniel Thalmann (1998). Modeling Objects for Interaction Tasks. Proc. Eurographics Workshop on Animation and Simulation. Springer. pp. 73–86.
About the Author
Founder, CEO and Principal Consultant of Gavroshe. Derek has over 3 decades of Data & Analytics experience, including Big Data, Information Resource Management (IRM) and Business Intelligence/ Data Warehousing fields. He established Data Resource Management and IRM Functions in several large Corporations using Bill Inmon's DW2.0 and the Zachman Framework as a basis. Derek established and managed numerous enterprise programs and initiatives in the areas of Data Governance, Business Intelligence, Data Warehousing and Data Quality Improvement. He is a founding member of MIT's International Society for CDOs.