How does Themis work

Any digital information can be converted into a unique fingerprint. This fingerprint is an alphanumeric code of fixed length capable of summarizing data of arbitrary size, which can only be generated from the content of the original information, but which in no way allows external observers to reconstruct the original digital information. However given the original information it is always possible to verify the correctness of the fingerprint. Technically a data fingerprint is obtained with a hash function.

Writing the fingerprint of digital information on blockchain together with appropriate metadata (such as the name of the author of the information, the underlying company, any digital signature created with certificates issued by third parties), is sufficient to conclusively prove that a certain information, in possession of a specific entity, existed at a certain time, not necessarily exposing the content of the information itself.

In fact the combination of the fingerprint of a data and its timestamp on blockchain allow to demonstrate that this data existed in a certain moment, while the possession of the data (if private) or the presence of a digital signature affixed on the metadata of the timestamp allows to conclusively prove that this information was produced by a certain company or person.


Thanks to the fact that the data on blockchain are publicly accessible, all verifications can be performed independently by interested and authorized third parties, after accessing the original data, if it is restricted.

Tech Details

To understand how Themis works, the following terminology should be understood.

  • Authority: the physical or legal entity that is publishing data.

  • Auditor: the physical or legal entity that optionally signs data declaring that is correct.

  • Original data: arbitrary information that you want to protect, like a text, a PDF document, a picture, a video or any other digital format.

  • Hash: the mathematical operation for calculating the fingerprint of a data.

  • Sign: the operation of cryptographically signing some information with a public certificate published on the web.

  • Data fingerprint: the digital signature of the original data, generated through the hash operation.

  • Metadata: data that describes other data, some metadata depend on the nature of the original data. Examples of metadata are:

    • the fingerprint of the original data;

    • the name of the authors;

    • the location of the acquisition of the data (for a photo or video could be geographic coordinates);

    • the digital signature that signs all the metadata with a registered public certificate.

  • Item: all the metadata that describes the original data.

  • Item fingerprint: the fingerprint of the metadata that constitutes the item.

  • Timestamping: the operation of writing an item on blockchain through a transaction.

  • Timestamp: the data published in a transaction that certifies an item.

  • Receipt: all the information necessary to link the timestamp on blockchain with the item and the original data.

  • Verification: the possible operation with which the ownership of the information is demonstrated, which requires the receipt, in some cases the original data (which must be kept by the owner) and the timestamp, present on the blockchain.

Themis Data Flow

 
Themis Platform Item Raw Data Information Metadata (UID, owner, creation-datetime, etc) WRITE Fingerprint / Raw Data Block Transaction Fingerprint +Timestamp Auditor API APPEND / IMPORT Raw DataAttribute1 = Value1Attribute2 = Value2AuditorSig = Sig Authority2 Raw DataAttribute1 = Value1Attribute2 = Value2AttributeRef = UID Authority1 Raw Data Storage Indexer Validator STORE INDEX QUERY AND VERIFICATION User

Themis Architecture

Ethereum Network Themis Platform(Centralised off-chain) Raw Data StorageCentrally stores all raw data. User InterfaceExposes all platform services via web app. APIExposes all platform services via REST API. User IdentificationIdentifies users and store private keys. Data ValidationValidates relationships among Items. Data IndexingIndexes all Items data attributes and relations to fast search and navigation. Data WriterWrites data / fingerprints on blockchains. Fiat / Token ManagerManages the fiat to token conversion required for fees. Data CertificationSmart Contract (on-chain) Block Transaction Block Block Bitcoin Network OpenTimestampsServers Block Transaction Block Block

Visibility Modes Pro / Cons

PostVisibility Public(plain) Hash Expensive Possibly not GDPR compliant Directly verifiable on blockchain(permissionless verification) Cheap GDPR compliant Public Hash Private Hash Verifiable on platform(permissioned verification) Visible on platform to every Revocable / modifiable visibility Visible on platform to authorised users

Visibility Modes

Themis supports different ways of writing metadata on blockchain. 

 

  • Single hash: each item has a distinct timestamp, written on blockchain with distinct transactions, the timestamp in every transaction contains only the fingerprint of the item. This is the simplest, cheapest and most compliant operating mode, in respect of data privacy and protection of sensitive information, however, this mode requires the intermediation of Themis and the owner of the original data for verification.

  • Single hash store: each item has a distinct timestamp on blockchain with distinct transactions, the timestamp contains the plain metadata, this mode is not compatible with confidential or sensitive data (for example subjected to GDPR) but guarantees verification of the data even without the intermediation of Themis, and possibly of the owner of the original data.

  • Coalesced hash: multiple items share the same timestamp, written on blockchain through a single transaction. This mode guarantees cost-effectiveness and the possibility of scaling up an unlimited number of timestamps, but as in the previous case, it requires the intermediation of Themis and the owner of the original data  for verification.

 

Information Types

 

Data Stamping

Themis allows users to manage the timestamping of any type of data, provided they have the entire data in order to calculate the fingerprint

 

Small files can be uploaded directly on the Themis web app, which calculates the fingerprint and suggests other boundary metadata, depending on the type of file.

 

Large files instead must be processed locally by owners to extract the fingerprint to be provided to Themis.

 
Multimedia Stamping

Themis allows you to manage the timestamping of multimedia contents such as photos, video and audio files, the small files can be uploaded directly on the Themis web app, which calculates the fingerprint and suggests other metadata around it, depending on the specific content.

Certification Modes

 
 
 
Data Notarisation Guarantees that a certain data has existed for a certain time(timestamp) Guarantees that an information can be verified by anybody but created only by the owner of the key. Guarantees that an information has been created by an asymmetric key (authentication) Asymmetric Key Guarantees that the sender cannot deny having sent the information (non-repudiation) Guarantees that the information has not been altered (integrity) Identity Certification Guarantees that an asymmetric signature is used by a certain natural or legal person Self-Identity Certification 3rd Party Identity Certification The demonstration to own an asymmetric key by presenting a proof A centralised authority certifying that a natural or legal entity is connected to an asymmetric key Data Certification Data is notarised from a certified identity Data Self Certification 3rd Party Data Certification Data notarised by a natural / legal person is accepted as true Data notarised by a natural / legal person is declared true by an external certification authority