The Orion blockchain database: Empowering multi-party data governance

Blockchain databases were designed to enhance trust in centralized ecosystems by incorporating tamper-evidence features into traditional databases. They are easier to use and can reduce operational and development costs compared to decentralized ledger technologies. However, existing blockchain databases lack efficient tools for multiple parties to control shared data on the ledger.

Orion is an open source blockchain database that provides unique capabilities, such as multi-signature and proof functionalities, along with extensive key-level access control. These features empower parties to jointly control and validate values written to the database. Orion combines these capabilities with other blockchain properties, offering tamper evidence, provenance, data lineage, authenticity and non-repudiation, all while utilizing a standard data model and transactional APIs. Orion’s technology is highly valuable in enhancing system integrity and reducing errors, disputes and fraud.

In this post, we explore trust requirements across various business environments, identify existing trust gaps and outline how Orion can effectively bridge those gaps. We delve into the key features of Orion and explore its potential applications across diverse domains.

Importance of trust in business ecosystems

Trust is essential for the growth and success of business ecosystems. However, establishing trust in complex environments, such as global supply chains, poses significant challenges due to the involvement of diverse parties. For instance, in response to sustainability trends, product manufacturers may need to prove the carbon footprint of their products to regulators and clients. Thus, ensuring transparency and integrity in calculating the carbon consumption of all components across the entire supply chain becomes imperative. The adoption of mutually trusted technology can assist businesses, customers, partners and government authorities in verifying the existence, authenticity and integrity of interactions among parties. By doing so, it not only serves as a safeguard against potential disputes and fraudulent activities, but also fosters an environment of trust and reliability.

Understanding trust requirements

Different business ecosystems exhibit varying levels of trust among participants, which influences their specific trust requirements. In highly trusted ecosystems, it may be enough to ensure independent, consistent and crash-tolerant recording of the data, while in limited-trust environments we may also want to verify the correctness of the recorded data, ensure authenticity and provide tamper evidence and data lineage. Finally, in low-trust environments we may need to control the transaction execution by supporting multi-party approval and parallel execution of smart contracts, and even reaching a consensus in the presence of malicious parties.

From a topological standpoint, ecosystems can be classified into centralized and decentralized ecosystems. In centralized ecosystems, there is usually at least one party that enjoys a certain level of trust from all participants, whereas decentralized ecosystems lack a single entity that is trusted by all. Currently, the majority of business ecosystems operate under a centralized trust assumption. In such ecosystems, a trusted party (such as a cloud provider, government organization or other influential player) plays a significant role, while other participants within the ecosystem are not required to trust each other directly. For example, organizations typically rely on trust in the cloud provider, expecting them to refrain from intentionally blocking client access to services, despite having the capability to do so.

However, the presence of a trusted party does not imply blind trust from other participants. Our experience highlights significant room for enhancing trust within centralized ecosystems. Transparency throughout the data lifecycle and the ability to demonstrate data integrity and consistency are critical factors for improvement. These elements play a vital role in streamlining the auditing process, particularly in highly regulated environments. Ensuring the authenticity of data is crucial in preventing potential disputes over authorship in multi-party interactions. Furthermore, even trusted parties often seek to restrict the power of their privileged users to mitigate the risks associated with mistakes and fraud. By addressing these trust gaps, centralized ecosystems can be further strengthened, fostering increased confidence and reliability in business interactions.

Technological choices to address the trust gaps

There are three major types of technologies that can help close the trust gap in business ecosystems. Classical databases with basic recording features are usually sufficient for the proper operation of highly trusted centralized ecosystems. On the other hand, blockchain databases, which extend classical database capabilities with verifications and proofs, are the best choice for limited trust centralized ecosystems. Finally, decentralized ledger technologies typically provide a full stack of trust features and are commonly used in low-trust decentralized environments. It is worth noting that the support of advanced trust features usually leads to higher complexity and may impact the performance and increase the operational cost of the solution. Consequently, it is important to match the needs of the ecosystem with the most suitable technology available. Figure 1 illustrates the topography of trust in the business ecosystems.

Figure 1: Topology of trust

While the use of existing blockchain database technologies can address some of the trust gaps in centralized environments, they fall short in enabling efficient control of shared data among multiple parties. Decentralized blockchain ledger technologies provide these capabilities and can be used in centralized systems, but that’s often inefficient and fails to justify increased costs and complexity. This is where Orion, our novel open-source blockchain database, comes into play. Orion differentiates itself from other centralized blockchain databases by offering a comprehensive set of blockchain properties while empowering multiple parties to govern access to shared data. It achieves this by introducing broad key-level read/write access control and multi-signature capabilities, ensuring that database transactions are approved only when jointly signed by designated parties.

Meet Orion: A centralized blockchain database with multi-party data access control

Orion is an advanced open-source blockchain database that combines the power of blockchain technology with the reliability of traditional database features. It provides a comprehensive solution for secure, transparent and trustworthy data management. By integrating a cryptography-based layer on top of a classical database, Orion offers a wide range of blockchain functionalities, including a highly available, secure, and replicated distributed database with an immutable tamper-proof ledger. The ledger delivers tamper evidence, enabling the detection of any modifications made to the data, even if carried out by privileged users. This additional layer of security ensures data integrity, while reinforcing trust and reliability. Figure 2 illustrates the blockchain functionalities that Orion offers.

Figure 2: Key Orion features

A key distinguishing aspect of Orion is its support for multi-signature (multi-sig) transactions, achieved through a unique read-write key-level access control mechanism. This functionality is crucial for facilitating trusted interactions among multiple parties. Transactions are committed only when signed by several designated participants, ensuring a secure and reliable environment for multi-party engagements.

One of Orion’s most notable features is its ability to facilitate provenance and data lineage. It records every transformation that the data undergoes, enabling history queries to extract information on when, how and by whom the data was modified. By utilizing a graph-DB-based provenance engine, Orion can provide valuable insights into the history and origin of the data, promoting transparency and accountability.

Orion empowers users with authenticity and non-repudiation features, providing solid evidence that the received data matches precisely what was sent by the original source. All transactions are signed, and the server generates a digital receipt that can be used to verify the data’s integrity. This capability prevents disputes regarding authorship and further enhances trust.

Furthermore, Orion seamlessly integrates classical database functionalities alongside its blockchain capabilities. It offers efficient queries, robust resilience and scalability. With a standard key-value JSON store and transactional APIs, Orion guarantees the execution of a set of read/write operations as an atomic transaction, preserving consistency and data integrity. Figure 3 illustrates how Orion’s architecture provides transparent insights that ensure accountability.

Figure 3: Orion architecture

Key applications lead to valuable solutions

Orion caters to a wide range of key applications that address various industry needs and provide valuable solutions for businesses and organizations. One notable application is within the supply chain domain. Orion can serve as a robust repository for storing the carbon footprint data of all product components, provided by part manufacturers. Additionally, it can store the contracting terms between buyers and sellers of these parts, signed by both parties. Furthermore, Orion enables the inclusion of the formula used to compute the carbon footprint of the product, along with links to the carbon consumption data of its individual parts, which can be updated by the product owner. By leveraging Orion, organizations can ensure the authenticity, non-repudiation and integrity of this critical data. Moreover, key-level access control mechanisms guarantee data privacy between the involved parties. If necessary, privacy-preserving techniques like zero-knowledge proofs can be employed to conceal sensitive details, even from the central party. In such cases, Orion can retain only the necessary metadata required to demonstrate the accuracy of the records, which can be kept outside the system for third-party auditors.

In addition to the supply chain application, Orion offers numerous highly beneficial use cases that our clients have identified. For instance, within the financial sector and regulated domains, Orion can facilitate auditing processes by providing proof of authenticity, data integrity and tamper evidence for company records. Our multi-signature capabilities enable the automation of various business contracting processes and support notary services across different domains. Furthermore, Orion can be used for maintaining the authenticity and integrity of evidence collected through insurance claims processes. It can simplify the management of licenses, certificates, educational records and property ownership rights for government organizations. Orion can also serve as a secure digital platform for managing vaccination processes, records and statuses while ensuring trustworthiness. Moreover, it enables the establishment of provenance for goods and compliance with maintenance requirements in supply chains. Additionally, Orion can serve as an off-chain store for decentralized ledger ecosystems, ensuring data integrity across hybrid environments.

Orion has already been successfully deployed as a blockchain platform in several EU-funded projects. In the C4IIoT project, Orion enhanced the level of trust in an IoT cybersecurity platform by providing traceability, provenance and non-repudiation features to track changes in machine and production line configurations. In the COPA EUROPE project, Orion is being utilized to track the production and lifecycle of media assets, facilitating trusted and secure trading of sport videos, rights and participant incentivization. In the i4Q project, Orion is employed to safeguard the integrity of industrial IoT data, including device access policies and critical location information, supporting smart manufacturing use cases. These projects demonstrate the versatility and reliability of Orion as a blockchain database technology in real-world scenarios.

To delve deeper into Orion’s capabilities, read our paper “Orion: A Centralized Blockchain Database with Multi-Party Data Access Control,” which we presented and published at ICBC 2023.

The Orion blockchain database offers a robust solution that enhances transparency, authenticity and integrity across business ecosystems. Orion sets itself apart from other centralized blockchain databases by empowering numerous parties to govern access to shared data. Its broad key-level read/write access control and multi-signature capabilities allow organizations to exercise fine-grained control over data governance and ensure trust in multi-party interactions.

Learn more about turning blockchain strategy into business outcomes

The post The Orion blockchain database: Empowering multi-party data governance appeared first on IBM Blog.