RECITALS Core

The RECITALS Core is the backbone of the RECITALS platform and it is formed by the following components:

  1. The Distributed Ledger forms the bedrock on top of which all RECITAL components are built, because it conveys several key advantages:
    • (i) it offers a decentralized transparent view of transactions to all participants in the network, building trust among participants,
    • (ii) it forbids the manipulation of records, enhancing the overall security of transactions, due to immutability, thus preventing fraud. This way, it also provides a reliable audit trail,
    • (iii) it is resilient to failures or attacks, as it lacks a single point of failure that can disrupt the entire network.

    RECITALS takes special care to support private ledgers for identity management within organizations and hybrid ledgers for cross-organization data sharing scenarios.

  2. The Identity Lifecycle Manager supports all possible stages of digital identities from provisioning to deprovisioning:
    • (i) Audit and reporting functionalities, which provide detailed insights into identity-related activities, offering transparency and compliance verification.
    • (ii) Policy checks, which ensure alignment with regulatory and organizational policies, maintaining a consistent and secure approach.
    • (iii) Self-service capabilities, which is a prerequisite for self-sovereign identity management, empowering users to independently manage their identities and privacy settings.
    • (iv) Administration, which centralizes control over identity management.
    • (v) Notifications, which ensure that end users and administrators are promptly informed about any significant identity-related events or changes.
    • (vi) Password management, which reduces the risk of unauthorized access.
    • (vii) Approval, which introduces the necessary checks and balances by requiring authorized individuals to validate identity-related actions, ensuring that they remain controlled and secure.
    • (viii) Compliance, which continually verifies that all identity management practices adhere to EU regulatory standards.

    This holistic approach will accommodate applications of any type, from legacy to cloud-based ones.

  3. The Cryptography Manager includes the state-of-the-art encryption techniques:
    • (i) Differential privacy, which protects the privacy of individuals’ data while allowing aggregate analysis. It adds carefully calibrated noise to sensitive data before sharing it, ensuring that any inference on the dataset is limited. The noise distribution is designed in such a way that it is difficult to link an individual’s record to their true data, while still allowing useful statistical analysis.
    • (ii) Homomorphic encryption, which allows computations to be performed directly on encrypted data without requiring decryption first. This enables data to be processed in a privacy-preserving manner, as the raw data never needs to be exposed. The results of the computations can then be decrypted to reveal the outcome.
    • (iii) Secure multi-party computation, which enables multiple parties to jointly compute a function while keeping their input data private. Each party computes a share of the output and only when all parties combine their shares, the final result can be revealed. This ensures that no single party learns anything about the other parties’ inputs.
    • (iv) Zero-knowledge proofs (ZKPs), which constitute cryptographic protocols that allow one party to prove to another that they possess a certain piece of information, without revealing it. This can be used to authenticate users or prove membership in a group without revealing sensitive data. ZKPs can be constructed in various ways, such as using polynomial commitments, interactive proofs, or more recently, zk-SNARKs (Zero-Knowledge Succinct Non-Interactive Argument of Knowledge).
    • (v) Verifiable credentials (VCs) which are digital credentials that can be cryptographically verified and authenticated. They allow users to prove their identity or membership in a group without revealing their personal data. VCs are especially useful in RECITALS’ identity management, as they enable trusted assertions without needing a central authority.
  4. The Anonymization Manager implements techniques from the main established anonymization approaches:
    • (i) k-Anonymity, which generalizes the sensitive attributes of individuals. It essentially requires that for a given dataset, each record is indistinguishable from at least k-1 other records with respect to certain attributes, i.e., the more general an attribute is, the less likely it is to reveal sensitive information about an individual.
    • (ii) l-Diversity, which ensures that any released dataset contains at least l different values for any given attribute in the dataset, thus preventing the identification of individual records by making it more difficult to link records across multiple datasets, as it increases the number of possible values an attacker would need to guess.
    • (iii) t-Closeness, which minimizes the probability of an attacker linking two records in a released dataset belonging to the same individual by adding noise to the data to increase the distance between the true values and the noisy values in a multi-dimensional attribute space.
    • (iv) Differential privacy, which is also offered by the Cryptography Manager, adds carefully calibrated noise to sensitive attributes, ensuring that any inference on the dataset is limited.
    • (v) Controlled data publishing, which involves the controlled release of data while minimizing the risk of re- identification by removing direct identifiers, generalizing sensitive attributes, and applying various anonymization techniques – it often involves the use of access control mechanisms to limit the disclosure of data to authorized users only.
  5. The Compliance Manager (CM) is crafted for automatically checking the information necessary to assess that compliance is present, is correct, and that the interpretation is compliant with legal requirements. It will build on top of results from previous H2020 projects such as SPECIAL, TRAPEZE, and BPR4GDPR which utilised a ‘knowledge graph’ approach combined with logic-based reasoning techniques. Where these projects only addressed GDPR, RECITAL will also include other laws, standards, and guidelines, such as DGA and NIS2. The CM will utilise and extend state-of-the-art resources such as the Data Privacy Vocabulary (DPV), which provides a vocabulary to describe relevant information, and which can be extended for specific regulations and use-cases. The CM will provide a highly efficient and innovative automation capability to automate common tasks such as ensuring cybersecurity measures of the CIA triad (confidentiality, integrity, and availability) are in effect for all data and systems within the RECITALS platform. The goal of the CM is to establish robust trustworthy services that can be relied upon by users and organizations throughout the EU Data Spaces. RECITALS CM will be a state-of- the-art implementation that can be easily extended to changes in compliance requirements and introduction of new horizontal EU legislation.