Trust and governance
We help governments, industries and people live in a world based on trust. The Otentik Trust Network defines the governance, trust framework and control mechanisms to ensure the authenticity and legitimacy of the billions of objects, goods and documents that we create, use or consult daily.
At the heart of this governance are 5 foundational principles
- Trusted identity: Embrace the highest standards to trust the identity of the party certifying the information, whether it is an organization, a department or a person.
- Proven legitimacy: Design the specification to ensure the legitimacy of the party that certifies the information.
- Longevity and resilience: Develop the standard to ensure the information can be trusted for days, months, years… or decades!
- Privacy-by-Design: Optimise both transparency and privacy. Architect it so anyone can audit the operations of the network, while only relevant parties have access to the published information. When possible, make sure the network never sees the information.
- Online… or offline*: Keep in mind that despite an ever more connected world, many use cases must be resilient in environments where online access is not possible, not practical or not reliable. This doesn’t prevent a use case to use online information for additional value-added features.
* Note that some VDS technologies (such as Blockchain based), and some use cases, always require an online connection.
AFNOR & ISO "VDS" Standards
The Otentik network is based on a trust framework supported by technical Standards. It is engineered to carry various type of trustworthy data on its network in the form of VDS (Visible Digital Seal), a low cost 2D barcode applied to an object, a good or a document (it’s RFID friendly too). The VDS includes key validation data and embeds an electronic signature to detect tampering and to confirm the authenticity and legitimacy of the issuer.
The Otentik network is architected to carry multiple VDS specifications,
whether they are secured by a PKI or a blockchain.
X-eHealth Interoperability Award 2022
1. Scope and objectives of our project and why it should be considered for this award:
Our project, the OTENTIK Interoperable Trust Network, like the X-eHealth, is a project of strategic importance for the EU.
Interoperability is the structuring functional axis of the OTENTIK Trust Network and the health data interoperability is the « raison d’être » of the X-eHealth project.
For this reasons, these two projects are therefore made for each other.
Our Vision / Our Ambition / Our Will:
To create a non-proprietary international trusted infrastructure, open and fully interoperable that allows a wide diffusion of secured documents.
It is therefore both a broader project than the X-eHealth Project in terms of its scope, and a more circumscribed project in terms of its functionalities since it concerns the securing of key data for electronic or paper documents, and their interoperability.
The strength of our project is that this trust framework is already operational that applicable in a wide range of sectors and use cases. Like never before, information systems that are not familiar with each other to communicate can achieve the interoperability.
The European Union knows very well how difficult situation can occur when it comes to ensure interoperability between the documents (like COVID Certificate) developed in different Member States. A very costly system of gateways between different IT systems needs to be developped, to arrive at a common QR Code for securing the data. Such a QR Code is a Visible Digital Seal (VDS), since this 2D code contains electronically signed data.
The use of our Trust Network would have allowed very simple communication between various IT systems that did not know each other, thanks to the our totally innovative,VDS :
– AFNOR and ISO standardized
– ensuring simply the function of a secure gateway
– multilingual, universal OTENTIK reading application for all VDS use cases
– fully compliant RGDP, local decoding
– free of charge, available for Android and iOS
Our system is system based on eIDAS qualified certificate use cases and opetares without database. The data is self-contained within the 2D code, so natively respecting the RGPD.
Standardized (Afnor and ISO), very flexible and easy to implement, it can easily be adapted to specific use sase dependent problems.
So, rather than designing a specific system each time a new problem arises for a new use case that includes a secure interoperable data exchange, why not use this new available infrastructure ?
OTENTIK Network is a trust infrastructure, fully available and functional.
With the OTENTIK Trust Network, users will only have to freely define themselves the data concerned by the project.
Such an approach will allow, depending on the choices made for each VDS, if any IT system will be authorised to use VDS – even if it was not originally issued for their needs.
The use of the OTENTIK Trust Network infrastructure could be a basic building element of the common EU framework, using OTENTIK VDS as for example, discharge letters or laboratory results that are in the first objectives of X-eHealth project.
2. How our project inspires confidence in the field of health data interoperability:
The foundations of trustworthiness in the OTENTIK International Trust Network:
– OTENTIK Trust Network was created by the Visible Digital Seal International Council (VDSIC), acting as a TSO (Trust Service Operator), which is administered by reference members such as the French Ministry of the Interior (MDST), the National Agency for Secure Documents (ANTS), the CDC (Caisse des Dépôts et Consignations), the French Post Office, IN Groupe, the CFONB (French Committee for Banking Organization and Standardization), the CNOEC (National Council of the Order of Chartered Accountants), the FNTC (National Federation of Digital Trusted Third Parties) and other private compagnies.
OTENTIK is based on standards that we initiated and helped to develop.
Two ISO Standards :
– ISO/DIS 22385 – (publication Q4 2022) related to the governance
– ISO/AWI 22376 – (publication in 2023) relating to the data format – which is an enriched transposition of the French AFNOR XP Z42-105 standard published in 2020 and already widely implemented in Africa
– All the elements involved in the chain of trust (manifests, TSL, VDS and LOTL) are audited and signed directly by OTENTIK or authorised members – using eIDAS qualified certificate.
– The editors of the OTENTIK VDS generation and reading solutions must be certified,
– The Certification Authorities must be approved by the OTENTIK Network,
– Document Issuers must be referenced by the OTENTIK Network.
The authenticity and legitimacy of the data is therefore guaranteed.
3. How our project is innovative in the field of health data interoperability.
Our project is innovative because the OTENTIK VDS has been designed to be technically open, including the possibility of using various encoding schemes, withiin a trust environment that is designed as a federation of network federations that does not encroach on any sovereign or private prerogatives.
This is a guarantee for X-eHealth project to have its own Governance Perimeter.
The introduction of the Manifest technique revolutionises the VDS implementation.
The use of Manifest for eache single use case allowes :
– development of a totally innovative interoperable system architecture,
– development of a unique OTENTIK Universal Reader, guaranteeing interoperability,
– introduction of new functionalities including multilingualism (some forty languages – including all EU languages plus Arabic)
– creation of presentation views directly linked to each use case, and the right management of read autorisations,
The OTENTIK trust environment does not encroach on any sovereign or private prerogatives:
– the only constraints are related to compliance with technical and governance standards,
– Each sovereign Perimeter will be free to choose its ACs, the colpluing certificates (ex. RGS for France or eIDAS for Europe) to sign the Manifests of the different use cases and to sign its TSL (with a qualified eIDAS certificate).
4. How our project is technically excellent in the field of health data interoperability.
OTENTIK universal reader, the base of interoperability, does not need to be updated for each use case. When a reader (smartphone or any other device) has to read a use case for the first time, it fetches the specific reading grid of the data encoded in the VDS online thanks to the Manifest. The following times, the same reader that has already stored the reading grid locally for this use case will not need to go online. Everything will be performed locally.
As a result, as soon as a new use case is created, the universal reader “Otentik Code Reader” (downloadable on Android and iOS platforms, available and usable free of charge) will be able to decode it, regardless of the country and the language of issue in the EU.
Our OTENTIK VDS, thanks to the use of a Manifest, has got rid of the very restrictive use of a data dictionary (especially in a multilingual environment), and works without any recourse to any Database.
This makes it possible to personalise and comply with Article 5.1 of the GDPR on data minimisation. Thanks to this innovative technical solution RGPD is natively respected, as the data is self-contained by the VDS code.
Our project uses electronic signature, a technically proven technology under eIDAS administration in the EU. Manifests as well as the TSL of each Governance Perimeter and the LOTL (TSL of TSLs) are electronically signed.
OTENTIK governace model correspondig to ISO/DIS 22385 model is ready to cover any other than VDS data structures since it is designed to manage any Electronically Signed Encoded Data Set (ESEDS).
5. How our project is positioned to benefit from X-eHealth’s work, or how it has benefited from your project’s work in the past.
OTENTIK Trust Network is intended to be deployed internationally.
OTENTIK already has members in Ivory Coast (first operational use cases of the network), Canada (first operational CA), Tunisia and Austria.
Joining the OTENTIK Network and the use of the OTENTIK VDS by the members of the X-eHealth project, would be a great opportunity to deploy OTENTIK in the EU within X-eHealth Perimeter, especially as it would allow to generate new use cases in other sectors of activity.
We will also be supported at the EU level by France Identité Numérique (FIN) for whom we should very quickly prepare a POC for their “Digital Identity Credential”. This will be an opportunity for FIN to defend the use of the OTENTIK VDS to DG Connect during the work on the EU eWallet.
It should be noted that a recognised expert from DG Connect, to whom we were able (too late) to present our solution for making the various European Health Passes interoperable, described our proposal as a “fascinating solution”.
In France, ANTS is working on migration of its technically dated (2014) and French “2D-Doc” VDSs to the innovative Afnor XP Z42-105 (future ISO 22376) standards. These includes the VDS for the electronic National Identity Card.
VDS is a variation of the electronic signature (reliable and proven technology) in compliance with the eIDAS Regulation.