1 of 24

2 of 24

Steve Lasker

Director of Ecosystem

DataTrails

Steve.Lasker@DataTrails.ai

@SteveLasker

Associating Trust�In the Information We Consume

S upply

C hain, � I ntegrity, � T ransparency & � T rust

datatracker.ietf.org/wg/scitt

3 of 24

https://market.us/report/call-center-ai-market

4 of 24

Elements of Information We Make Decisions Upon

A Standards Based Approach

5 of 24

6 of 24

Statement

Artifact

SCITT records

Who made

an immutable Statement

about an Artifact

recorded “when”

Identity

7 of 24

Statement

Artifact

Who are the Who’s

Identity

People (Whoville who’s)
Services
Processes
Companies
Anything with any type of identity
Parties to a Conversation

8 of 24

Statement

Artifact

Subject: �vCon Identifier

SCITT records immutable Statements about Artifacts

What is an Artifact?

Binary data (software, AI Training Data)
Digital media (pictures, videos, contracts)
Virtual Conversation (vCon)

Identity

9 of 24

Statement

Artifact

Subject: �vCon identifier

What are Statements?

SBOMs about binaries

Test results
Compliance to certifications
Security Scans
VEX Reports

Responsible AI Claims

Model Cards

Text Messages
Voicemail Recordings
Updates about vCons

Transcription Completed
Transcription Updated
Approval (Consent) for Use
Consumed for use
Revocation of Use
Confirmed Removal

Identity

Updates

10 of 24

Statement

Artifact

Identity

COSE Envelope

eNotary

Ledger

Subject: �vCon identifier

The envelope is submitted to the DataTrails SCITT APIs

registration is evaluated
the identity is verified
upon entry to the ledger,�a receipt is returned

CBOR

Object

Signing and

Encryption

Concise

Binary

Object

Representation

11 of 24

SCITT Statement (vCon)

Envelope : COSE_SIGN1

18( / COSE Sign 1 /

[

h'a4012603...6d706c65', / Protected /

h’ea478a4g…..a20abe28’, / Payload /

h'79ada558...3a28bae4’, / Signature /

h’a023b128…..210gbaeh’ / Unprotected /

)

Protected_Header

{ Protected

16: application/hash+cose / type /

1: -7, (ECDSA w/ SHA-256) / Algorithm /

TBD2: application/vcon+json, / payload_preimage_content_type /

4: h'50685f55...50523255', / Key identifier /

-42,-16 (SHA-256) / payload-hash-alg /

TBD3: vcon.service/2aefa…afaf9,/ Statement Location /

TBD4: [ meta-map /

0: vcon_operation: create / key:value /

]

15: { CWT Claims

1: ztelco.com, / Issuer /

2: vcon://2aefa…afaf9, / Subject /

}

Unprotected_Header

{ / Unprotected /

}

Statement

Artifact

Issuer

vCon hash

vCon (UUID)

Lets look what goes into a SCITT Statement:

The issuer represents the identity making the statement about the artifact.
[CLICK]A set of CWT_Claims capture the issuer and the subject identifier of the artifact
[CLICK] A protected header captures the CWT_Claims, as the only required property
[CLICK] An unprotected header captures additional information, including receipts from previously registered signed statements
[CLICK] An envelope captures all the elements, including the statement, as the payload. However, the statement can be a detached payload, as a verifiable data structure for content stored in another location.
[CLICK] The Protected and Unprotected header are added to the envelope.

The envelope is now complete, and ready to be submitted to a SCITT Transparency Service, such as DataTrails

12 of 24

Dealer Network

Data Controller

vConGPT

Data Source

zTelco

SCITT

subject: vcon://abc123

Registered: 01-01-2024-00-01

Payload: aaaa..1111

vcon_operation: create

subject: vcon://abc123

Registered: 01-01-2024-00-02

Payload: bbbb..2222

vcon_operation: transcribe

{ vcon_uuid: abc123,

created: 01-01-2024-00-01,

dialog: {

call.mp3},

consent: {

111-867-5309,

111-555-0199}

}

Hash:aaaa..1111

Gavin – (Consumer)

{ vcon_uuid: abc123,

created: 01-01-2024-00-01,

dailog: {

call.mp3},

consent: {

111-867-5309,

111-555-0199}

}

Hash:aaaa..1111

{ vcon_uuid: abc123,

created: 01-01-2024-00-01,

updated: 01-01-2024-00-02,

dialog: {

call.mp3

transcription},

consent: {

111-867-5309,

111-555-0199},

^*license: private,

consenst_lifetime: 15d,

data_controller: vcongpt

}

Hash:bbbb..2222

13 of 24

{ vcon_uuid: abc123,

created: 01-01-2024-00-01,

dialog: {

call.mp3},

consent: {

111-867-5309,

111-555-0199},

^*license: private,

consenst_lifetime: 15d,

data_controller: vcongpt

}

Hash:aaaa..1111

Dealer Network

Data Controller

vConGPT

Data Source

zTelco

Data Processor

Strolid

SCITT

subject: vcon://abc123

Registered: 01-01-2024-00-01

Payload: aaaa..1111

vcon_operation: create

subject: vcon://abc123

Registered: 01-01-2024-00-02

Payload: bbbb..2222

vcon_operation: transcribe

subject: vcon://abc123

Registered: 01-01-2024-00-03

Payload: cccc..3333

vcon_operation: sentiment

{ vcon_uuid: abc123,

created: 01-01-2024-00-01,

dialog: {

call.mp3},

consent: {

111-867-5309,

111-555-0199}

}

Hash:aaaa..1111

Gavin – (Consumer)

{ vcon_uuid: abc123,

created: 01-01-2024-00-01,

updated: 01-01-2024-00-02,

dialog: {

call.mp3

transcription},

consent: {

111-867-5309,

111-555-0199},

^*license: private,

consenst_lifetime: 15d,

data_controller: vcongpt

}

Hash:bbbb..2222

{ vcon_uuid: abc123,

created: 01-01-2024-00-01,

updated: 01-01-2024-00-02,

dialog:{

call.mp3

transcription},

consent: {

111-867-5309,

111-555-0199},

^*license: private,

consenst_lifetime: 15d,

data_controller: vcongpt

}

Hash:bbbb..2222

{ vcon_uuid: abc123,

created: 01-01-2024-00-01,

updated: 01-01-2024-00-03,

dialog: {

call.mp3

transcription,

sentiment,

leads},

consent: {

111-867-5309,

111-555-0199},

^*license: private,

consenst_lifetime: 15d,

data_controller: vcongpt

}

Hash:cccc..3333

14 of 24

{ vcon_uuid: abc123,

created: 01-01-2024-00-01,

updated: 01-01-2024-00-02,

dialog: {

call.mp3

transcription},

consent: {

111-867-5309,

111-555-0199},

^*license: private,

consenst_lifetime: 15d,

data_controller: vcongpt

}

Hash:bbbb..2222

{ vcon_uuid: abc123,

created: 01-01-2024-00-01,

dialog: {

call.mp3},

consent: {

111-867-5309,

111-555-0199},

^*license: private,

consenst_lifetime: 15d,

data_controller: vcongpt

}

Hash:aaaa..1111

Dealer Network

Data Controller

vConGPT

Data Source

zTelco

Data Processor

Strolid

Dealer1

Dealer2

Dealer3

Dealer4

Dealer5

SCITT

subject: vcon://abc123

Registered: 01-01-2024-00-01

Payload: aaaa..1111

vcon_operation: create

subject: vcon://abc123

Registered: 01-01-2024-00-02

Payload: bbbb..2222

vcon_operation: transcribe

subject: vcon://abc123

Registered: 01-01-2024-00-03

Payload: cccc..3333

vcon_operation: sentiment

{ vcon_uuid: abc123,

created: 01-01-2024-00-01,

dialog: {

call.mp3},

consent: {

111-867-5309,

111-555-0199},

}

Hash:aaaa..1111

{ vcon_uuid: abc123,

created: 01-01-2024-00-01,

updated: 01-01-2024-00-03,

dialog: {

call.mp3

transcription,

sentiment,

leads}

consent: {

111-867-5309,

111-555-0199},

^*license: private,

consenst_lifetime: 15d,

data_controller: vcongpt

}

Hash:cccc..3333

Gavin – (Consumer)

{ vcon_uuid: abc123,

created: 01-01-2024-00-01,

updated: 01-01-2024-00-02,

dialog: {

call.mp3

transcription},

consent: {

111-867-5309,

111-555-0199},

^*license: private,

consenst_lifetime: 15d,

data_controller: vcongpt

}

Hash:bbbb..2222

15 of 24

{ vcon_uuid: abc123,

created: 01-01-2024-00-01,

updated: 01-01-2024-00-02,

dialog: {

call.mp3

transcription},

consent: {

111-867-5309,

111-555-0199},

^*license: private,

consenst_lifetime: 15d,

data_controller: vcongpt

}

Hash:bbbb..2222

{ vcon_uuid: abc123,

created: 01-01-2024-00-01,

updated: 01-01-2024-00-02,

dialog: {

call.mp3

transcription},

consent: {

111-867-5309,

111-555-0199},

^*license: private,

consenst_lifetime: 15d,

data_controller: vcongpt

}

Hash:bbbb..2222

Dealer Network

Data Controller

vConGPT

Data Source

zTelco

Data Processor

Strolid

Dealer1

Dealer2

Dealer3

Dealer4

Dealer5

SCITT

subject: vcon://abc123

Registered: 01-01-2024-00-01

Payload: aaaa..1111

vcon_operation: create

subject: vcon://abc123

Registered: 01-01-2024-00-02

Payload: bbbb..2222

vcon_operation: transcribe

subject: vcon://abc123

Registered: 01-01-2024-00-03

Payload: cccc..3333

vcon_operation: sentiment

{ vcon_uuid: abc123,

created: 01-01-2024-00-01,

dialog: {

call.mp3},

consent: {

111-867-5309,

111-555-0199},

}

Hash:aaaa..1111

Gavin – (Consumer)

{ vcon_uuid: abc123,

created: 01-01-2024-00-01,

updated: 01-20-2024-00-04,

dialog: {

call.mp3

transcription},

consent: {

111-555-0199},

revoke-consent: {

111-867-5309}

^*license: private,

consenst_lifetime: 15d,

data_controller: vcongpt

}

Hash:dddd..4444

{ vcon_uuid: abc123,

created: 01-01-2024-00-01,

updated: 01-01-2024-00-02,

dialog: {

call.mp3

transcription},

consent: {

111-867-5309,

111-555-0199},

^*license: private,

consenst_lifetime: 15d,

data_controller: vcongpt

}

Hash:bbbb..2222

{ vcon_uuid: abc123,

created: 01-01-2024-00-01,

updated: 01-01-2024-00-03,

dialog: {

call.mp3

transcription,

sentiment,

leads}

consent: {

111-867-5309,

111-555-0199},

^*license: private,

consenst_lifetime: 15d,

data_controller: vcongpt

}

Hash:cccc..3333

subject: vcon://abc123

Registered: 01-01-2024-00-04

Payload: dddd..4444

vcon_operation: revoke-consent

16 of 24

Data Processor

ACME-Rockets

Data Processor

ACME-Rockets

Data Processor

ACME-Rockets

{ vcon_uuid: abc123,

created: 01-01-2024-00-01,

updated: 01-01-2024-00-02,

dialog: {

call.mp3

transcription},

consent: {

111-867-5309,

111-555-0199},

^*license: private,

consenst_lifetime: 15d,

data_controller: vcongpt

}

Hash:bbbb..2222

{ vcon_uuid: abc123,

created: 01-01-2024-00-01,

updated: 01-01-2024-00-02,

dialog: {

call.mp3

transcription},

consent: {

111-867-5309,

111-555-0199},

^*license: private,

consenst_lifetime: 15d,

data_controller: vcongpt

}

Hash:bbbb..2222

Dealer Network

Data Controller

vConGPT

Data Source

zTelco

Data Processor

Strolid

Dealer1

Dealer2

Dealer3

Dealer4

Dealer5

SCITT

subject: vcon://abc123

vcon_operation: create

Payload: aaaa..1111

Registered: 01-01-2024-00-01

subject: vcon://abc123

vcon_operation: transcribe

Payload: bbbb..2222

Registered: 01-01-2024-00-02

subject: vcon://abc123

vcon_operation: sentiment

Payload: cccc..3333

Registered: 01-01-2024-00-03

{ vcon_uuid: abc123,

created: 01-01-2024-00-01,

dialog: {

call.mp3},

consent: {

111-867-5309,

111-555-0199},

}

Hash:aaaa..1111

Gavin – (Consumer)

{ vcon_uuid: abc123,

created: 01-01-2024-00-01,

updated: 01-20-2024-00-04,

dialog: {

call.mp3

transcription},

consent: {

111-555-0199},

revoke-consent: {

111-867-5309}

^*license: private,

consenst_lifetime: 15d,

data_controller: vcongpt

}

Hash:dddd..4444

{ vcon_uuid: abc123,

created: 01-01-2024-00-01,

updated: 01-01-2024-00-02,

dialog: {

call.mp3

transcription }

consent: {

111-867-5309,

111-555-0199},

^*license: private,

consenst_lifetime: 15d

}

Hash:bbbb..2222

{ vcon_uuid: abc123,

created: 01-01-2024-00-01,

updated: 01-01-2024-00-03,

dialog: {

call.mp3

transcription,

sentiment,

leads }

consent: {

111-867-5309,

111-555-0199},

^*license: private,

consenst_lifetime: 15d,

data_controller: vcongpt}

Hash:cccc..3333

subject: vcon://abc123

Registered: 01-01-2024-00-04

Payload: dddd..4444

vcon_operation: revoke-consent

17 of 24

Inclusion & �Consistency

Hash:bbbb..2222

Data Processor

ACME-Rockets

Data Processor

Wabbit-Networks

Data Processor

Strolid

SCITT

subject: vcon://abc123

vcon_operation: create

Payload: aaaa..1111

Registered: 01-01-2024-00-01

subject: vcon://abc123

vcon_operation: transcribe

Payload: bbbb..2222

Registered: 01-01-2024-00-02

subject: vcon://abc123

vcon_operation: sentiment

Payload: cccc..3333

Registered: 01-01-2024-00-03

subject: vcon://abc123

Registered: 01-01-2024-00-04

Payload: dddd..4444

vcon_operation: revoke-consent

Hash:aaaa..1111

Data Controller

vConGPT

Data Source

zTelco

Hash:aaaa..1111

Hash:bbbb..2222

Hash:dddd..4444

Hash:bbbb..2222

Hash:cccc..3333

Hash:bbbb..2222

Hash:dddd..4444

Hash:cccc..3333

Hash:dddd..4444

Hash:eeee..6666

Ledger

18 of 24

Personally Identifiable Information�

How is PII managed with SCITT?

19 of 24

PII & SCITT �

PII, SCITT &�DataTrails Implementation

Immutable�Ledger

Index� for Queries

meta-map

signed-statement

Signed Statement�Hash

DataTrails�Events

Verifiable Data Structure

COSE Envelope

SCITT�Registration

Evidentiary�Data Store

20 of 24

PII, SCITT &�DataTrails Implementation

Immutable�Ledger

Index� for Queries

meta-map

signed-statement

Signed Statement�Hash

DataTrails�Events

Verifiable Data Structure

SCITT�Registration

Evidentiary�Data Store

Indexing

21 of 24

PII, SCITT &�DataTrails Implementation

Immutable�Ledger

Index� for Queries

meta-map

signed-statement

Signed Statement�Hash

DataTrails�Events

Verifiable Data Structure

SCITT�Registration

Evidentiary�Data Store

Indexing

The SCITT Ledger is immutable

There’s no PII data is in the Ledger

The DataTrails Evidentiary store can be deleted

The Signed Statements �can be deleted (aka “forgotten”)

Evidentiary data can be redacted

Each change creates a DataTrails Event �noting deletion or redaction

vCons

No PII Data is persisted
Nothing to delete

subject: vcon://abc123

Registered: 01-01-2024-00-01

Payload: aaaa..1111

vcon_operation: create

subject: vcon://abc123

vcon_operation: transcribe

Payload: bbbb..2222

Registered: 01-01-2024-00-02

subject: vcon://abc123

vcon_operation: sentiment

Payload: cccc..3333

Registered: 01-01-2024-00-03

subject: vcon://abc123

Registered: 01-01-2024-00-04

Payload: dddd..4444

vcon_operation: revoke-consent

22 of 24

SCITT Provides

A standards-based means to associate Who made a Statement, about an Artifact, recorded at a point in Time
Recording Immutable statements in history
A means to find collaborative or conflicting Statements, made by other Who’s, about the same Artifact
Protecting Integrity, Inclusion, and Consistency

Proof statements weren’t altered
Proof statements weren’t removed
Proof of ordering of statements

23 of 24

DataTrails Provides

Evidentiary storage
Ability to delete (forget) the metadata
Ability to redact – limiting who has access to the “metadata”
Indexing and Query Services
Role Based Access Control

Redaction and other constraints on access

24 of 24

& SCITT

SCITT provides standards for creating immutable statements about artifacts
DataTrails provides SCITT capabilities as a robust platform

Get started today at DataTrails.ai /getting-started

SCITT.io

datatracker.ietf.org/wg/scitt

docs.datatrails.ai/developers/developer-patterns/scitt-api

Steve Lasker�Director of Ecosystem�Steve.Lasker@DataTrails.ai�@SteveLasker