The MEDINA Evidence Trustworthiness Management System, provides a secure mechanism for MEDINA to maintain an audit trail of evidence and assessment results. It is implemented in Smart Contracts backboned by a common Blockchain network for several MEDINA instances, providing the following functionalities:
- Includes the logic to provide the required information to be audited (about evidence and assessment results).
- Provides long-term information recording, creating a secure record of information on a verifiable (verification), permanent (traceability) and resistant to modification (integrity) way.
- Includes the logic for external users to access MEDINA’s audited information (about evidence and assessment results) in a graphical and user-friendly way.
The component is composed of five main elements, as shown in Figure 1:
- Blockchain client, for providing the information (evidence/assessment results) to be saved on the Blockchain.
- Smart contract, deployed on Blockchain nodes, for information (evidence/assessment results) writing and reading operations as well as events generation indicating the provision of new information.
- Viewer tool, for subscription to the Blockchain based events and notification to the different viewer clients.
- Blockchain Viewer client, for gathering and showing all the information saved on the Blockchain (and be able to manually verify it, without needing any interaction with the Blockchain).
- Automatic Verification Service, for evidence and assessment results integrity automatic check.
The MEDINA Evidence Trustworthiness Management System provides a service of trustworthy records for auditors to be able to perform manual or automated inspections when needed while guaranteeing the integrity of information. In particular, the Automatic Verification Service provides auditors a user friendly and automatic way to verify the integrity of current evidence and assessment results. The first step is to obtain the integrity status of the currently stored evidence and assessment results in the MEDINA Orchestrator, as shown in Figure 2.
Obtaining an incorrect integrity check means that different hashes are obtained (evidence currently stored in the Orchestrator different from that initially stored in the Blockchain) or no information is found in the Blockchain because it has not been previously recorded (the integrity of the current information cannot be guaranteed). In this sense, auditors can also obtain the reason for specific evidence with incorrect integrity status, as shown in Figure 3.
In addition, auditors can use the Blockchain viewer client, which displays details of all evidence and assessment results recorded in the MEDINA Evidence Trustworthiness Management System , in case they need additional information.
Cristina Regueiro. (2023). D3.3 Tools and techniques for the management of trustworthy evidence – v3 (1.0). Zenodo. https://doi.org/10.5281/zenodo.7927220
Debora Benedetto, Claudio Caimi, Ahmed Ibrahim, & Claudia Zago. (2023). D5.5 MEDINA integrated solution-v3 (1.0). Zenodo. https://doi.org/10.5281/zenodo.8214685