A Unified Approach to Combat Counterfeiting: Use of the Digital Object Architecture and ITU-T Recommendation X.1255 Robert E. Kahn President & CEO CNRI, USA ITU Workshop Preventing Counterfeit & Substandard ICT Devices Geneva, Switzerland November 17 – 18, 2014 Overview of the Talk • • • • • • • • • Some Terminology & Basic Concepts What are Devices and other things Internet Resources -- Examples Managing the Supply Chain Obtaining relevant Information about Devices The Digital Object Architecture ITU-T Recommendation X.1255 DONA Foundation Conclusions Some Terminology & Basic Concepts • Devices and other Physical Things • Entities: such as computers, networks, services and applications • Digital Entities (same as Digital Objects) • Unique Persistent Identifiers • State Information • Resolution of Identifiers • Interoperability What are Devices & Other Physical Things Things Devices Non-Devices ICT Devices Non ICT Devices Devices are able to do something that is determined in part by embedded software and other information Non-Devices may also be useful but they may just sit there otherwise Internet Resources -- Examples • ICT Devices -- although not all may be active in the Internet at any time • Networks • People (represented as digital entities) • Software • Detectable Measurable Internet constructs – Such as network flows, virtual gatherings Managing the Supply Chain • From fabricating components for sale to manufacturers • To Manufacturing the ICT device • To distributing or disseminating it to Stores and other outlets • To managing inventory • To providing devices to end customers • To refurbishing devices for sale or repurposing Obtaining Relevant Information about Devices (and other things) • • • Identifiers play a critical role here; many ways of conveying them To understand a device’s provenance and other related information, first obtain the device’s unique persistent identifier Resolve the ID to state information – – – – Short description of the Device (usually generic) Components or other ingredients (again generic) Relevant details about software that makes the device operate Where the particular device is in the supply chain • • If a generic device is available in a few places, list them Each instance of a generic device is assumed to have a unique identifier. – Perhaps other information (such as price) • • • Enable additional device-related information to be accessible (with appropriate access controls, as appropriate) The resolution process should really make use of a standard means of resolving identifiers, but a few well known methods would be acceptable Ideally, obtaining the additional information should also make use of a standard means of accessing it as well. Digital Object (DO) Architecture • Enables infrastructure to manage information in a network environment • Provides a machine independent data model for DOs; each DO must have an associated unique persistent identifier – called its handle • Handles have a defined identifier structure, of the form prefix/suffix that is consistent with existing identifier systems • Supports resolution of identifiers via the Handle System – a global resolution mechanism • Provides a repository component to store DOs (accessible by their identifiers) and a searchable registry component to store metadata about DOs. Digital Object Architecture (continued) • Current implementations of all three components exist and are available in the Internet at no cost with public licenses • Each Repository contains a Registry of its DOs and each Registry uses a Repository to store its metadata records; these are now being combined • Repositories support an interface that uses only identifiers so it is interoperable with all such other Repositories in the Internet; and a Repository may itself be structured as a DO • Security is provided by an integrated Public Key Infrastructure • Type Registries are a subset of registry technology being developed to enable user communities to develop their own semantics for use in structuring DOs ICT Devices as Information Systems • ICT devices may interact with other Information systems • Small changes in the interfaces to those other systems can dramatically affect its performance. • Information provided from those other systems may be critical to the accurate performance of the device. • The integrity of such a device thus depends on the integrity and performance of such other systems, as well as the information embedded in the device itself, and, indeed, many parts of the whole ecosystem that support it. • And the ability of an ICT device as an information resource to validate the software and information it gets from those systems. ITU-T Recommendation X.1255 • A framework for interoperability - based on the Digital Object Architecture • Adopted via the TAP process in Sept. 2013 • Developed in ITU-T, SG17 to address issues in discovery of Identity Management information • But applicable more widely to interoperability of heterogeneous information systems DONA Foundation • Created to provide administrative oversight of the Handle System, and to further the global development of pilot projects making use of the digital object architecture, an important component of which is the Global Handle Registry (GHR) • Established in January, 2014 as a non-profit organization in Geneva, Switzerland • A technical body whose Board of Directors must exhibit diverse geographical and multi-stakeholder representation. • Enables multiple organizations to be responsible for collaborative administrative of the GHR, once authorized as Multi-Primary Administrators (MPAs) by DONA • Local records in the GHR are created and administered locally • Initially, four MPAs have been designated • Plan to add four more per year for the next two years and then take stock. Conclusions • Any approach for detecting counterfeit ICT devices will likely be applicable, at least in part, to other devices and things. • Prevention requires attention of many parties at each step in the overall supply chain • Reliable access to information about the devices, as well as information embedded in such devices is critical: ability to dynamically resolve identifiers and interpret results is key • Detecting counterfeit devices requires learning about the nature and provenance of software that enables these devices to operate • The Digital Object Architecture and X.1255 are enablers to progress • The DONA Foundation overall administration of the Global Handle Registry enables widespread use of the technology • Thus enabling a more dynamic and useable approach to detecting counterfeit devices and, hopefully, enabling those in a position to do so, to prevent them from getting into the marketplace