Context Navigation

Shared Records Architecture

A notion of “shared records” lies at the core of the CNS architecture. A shared record is similar to an entry in a paper passbook or ledger in the sense of "double entry" accounting. If two parties, Alice and Bob, engage in a transaction, then a record of the interaction should appear in the accounts of both parties. An independent third party, Charlie, given some information about the transaction by Alice (or Bob) should be able to verify that information with Bob (or Alice). This auditability and transparency provides the necessary basis for trusted exchanges between community members.

The core engine makes this process efficient and provides a common denominator for all community applications. Note that while the system ensures that users of two different community applications, say a clinic and a homeless shelter, can securely exchange data, it does not guarantee that the applications can make sense of the data. In other words, the “semantics” of the data reside at the application layer.

The core engine primarily provides secure storage of records (arbitrary data objects). Each record has a unique identifier (rID) and symmetric encryption key (rKey). The engine also stores accounting information. Each account is associated with one or more public keys (aPubKey). A Records, R, is “deposited” into account A by encrypting the record key, rKey, using aPubKey and adding the result to the list of A’s records indexed by rID. Given a record id, rID, and an account, A, anyone can verify that the record is listed in A’s account (without necessarily having access to the underlying data). Note that neither the private keys associated with accounts nor unencrypted record keys are ever stored by the engine. (Stealing the physical box will not provide access to the underlying data.) Also note that the storage engine supports P2P sharing of the encrypted records for widespread accessibility.

Shared Records Consortium Demo Application

The Shared Records Service is a distributed system infrastructure for creating, storing, and sharing digital records in a networked environment. It is a light-weight service, permitting the storage of diverse types of records (text or images, for example). Since a common use of Shared Records is to store membership records, information about a customer service request or administrative filing, the ability to access records from anywhere is a valuable feature that lets the subject of the record access the information from home, office, or a public kiosk.

The Shared Records Consortium Application Demo is a standalone pure-java reference implementation of a Shared Records client. It allows the secure storage of sensitive data, recall of data from multiple (local and remote) access points, and secure sharing of information with other users. It provides a demonstration of the various Shared Records features, including file encryption and user access management.

The Shared Records Consortium Application Demo is fully functional and we invite feedback to tailor the user interface to specific applications. We aim to make the source code open source at some point in the near future; please do not distribute the source code before then.