Digital original documents, secure by design
The trace:original solution consists of three components:
The trace:original document, a fully portable document (in PDF format) that contains all business and transaction data, signatures, attachments, etc. It can be amended and each version is
cryptographically sealed with the private key of the one in possession.
A cryptographic key pair with a public and private key. The public key is written to the document and ledger, evidencing who is in possession. The private key is held by the one in possession and used to manage the document.
A public distributed ledger (i.e., block-chain), with the function of being a cryptographic notary service for all trace:original documents. It stores only cryptographic evidence of the document and transactions but zero business data.
The trace:original document
The trace:original document is content agnostic and can carry any type of content including electronic signatures or seals. It is designed to fulfil all requirements in current document laws, rules and regulations provided they are technology neutral.
The trace:original document is stored and managed by the holder. All document content, like business data and agreement texts, are written only into the document file. No content is published on the public distributed ledger or elsewhere. Thus, information is only shared with anyone that is given access to the document.
The trace:original document is a Ricardian contract and can be created as a normal PDF file or as a structured plain text file (YAML using the UTF-8 format standard).
JSON schemas can be used to specify structured data content adherence and enabling standardisation of content and Straight Through Processing (STP).
By using the PDF standard, the document can be read and shared like a normal PDF document but with all the added trace:original features.
To ensure that the document and its content has not been altered or manipulated, it is secured using mathematical one-way algorithms, “Hash-functions” and digital signatures. By publishing these cryptographic references in a publicly available distributed ledger, the existence and the properties of the document are evidenced with mathematical certainty.
Each trace:original document gets a unique ID, the trace:original ID, on its creation. This ID is the unique reference to each “digital paper” on which the document content has been written. As the document is unique and possessable it is a non-fungible asset and thus an original. In the blockchain world this is sometimes called an NFT (Non Fungible Token), the difference with a trace:original document to standard NFTs is that you can continue writing on it, it is not a fixed data set, like an image or art. It is a live document. However, even the one in possession can only “add” amendments, not change what has already been written to the document.
The cryptographic key pair
To enable control and possession of the trace:original document the document is linked to an asymmetric keypair. The keypair consists of a public and a private key. The public key of the current private key in possession of a trace:original is inserted into the document and also published together with the unique identification of the document (the trace:original id) on the distributed ledger.
The private key should always be kept secret by the holder. By presenting a signature done with a private key, the one in possession of the private key can prove the possession of it without sharing or presenting the private key itself to anyone. By evaluating a signature by the private key anyone can mathematically prove that the one producing the signature must be in possession of the private key corresponding to the public key of an asymmetric keypair.
To be able to prove possession of an original and be able to add content, transfer or invalidate the document one needs the correct private key as well as the latest version of the document file.
The keypair used by trace:original needs to be of ECDSA type (Elliptic Curve Digital Signature Algorithm) using the curve secp256r1.
The Public Distributed Ledger
The publicly distributed ledger is a mathematically secured ledger containing evidence of all trace:original documents and the audit trail of all previous versions.
The ledger is shared publicly and kept by each node participant in the network to create a secure and shared verifiable truth. The ledger cannot be corrupted or manipulated without this being detected as mathematics will break. Therefore, it can work as a notary being able to verify and securely assess the authenticity, originality and possession of a document as well as the history and the audit trail contained in the document without revealing anything about the content of the document.
All the trace:original public distributed ledger does is to provide “proof of the truth” with regards to all trace:original documents, it is not storing any business or personal data. The content of the ledger can only be used to verify the mathematical validity of the ledger as well as a document file and its current possession (in the form of a potentially anonymous public key).
To create new trace:original documents users need to subscribe to or operate a trace:original Fullnode. The simplest way of integrating with a Fullnode is to use it as a digital printer, sending the document that should otherwise be printed physically to the Fullnode and print the document on a unique new “digital paper”. In this way a current process producing paper document can easily be changed into a fully electronic process without any big changes to current ways of working.
The next step to integrate is to fully us the capabilities of implementing industry standards for structured data to make the document fully interoperable between computer systems as well as humans reading and managing the document.
The Fullnode have a basic stand-alone web application to create and manage trace:original documents. But high volume users and more advanced workflow integrations would normally require integration with front and back-office systems to the Fullnode RESTful API.
The Fullnode connects to a document store and a compatible keystore and will maintain and verify a synchronised and fully updated copy of the full trace:original ledger. Other high-volume receivers of documents who do not have the need to create their own documents could also maintain and manage received documents by running a Stakeholder node with same features as a Fullnode except without the possibility to create new trace:original documents.
A trace:original node (either Fullnode or Stakeholder node) can be installed on premise, as a cloud service or as a fully operated and maintained SaaS solution (Software as a Service).