0
Research Papers

Embedding X.509 Digital Certificates in Three-Dimensional Models for Authentication, Authorization, and Traceability of Product Data

[+] Author and Article Information
Thomas D. Hedberg, Jr.

National Institute of Standards and Technology,
Gaithersburg, MD 20899
e-mail: tdh1@nist.gov

Sylvere Krima

Engisis LLC,
Bethesda, MD 20817

Jaime A. Camelio

Grado Department of Industrial
and Systems Engineering,
Virginia Tech,
Blacksburg, VA 24061

1Corresponding author.

Contributed by the Computers and Information Division of ASME for publication in the JOURNAL OF COMPUTING AND INFORMATION SCIENCE IN ENGINEERING. Manuscript received June 3, 2016; final manuscript received June 20, 2016; published online November 7, 2016. Editor: Bahram Ravani.This material is declared a work of the U.S. Government and is not subject to copyright protection in the United States. Approved for public release; distribution is unlimited.

J. Comput. Inf. Sci. Eng 17(1), 011008 (Nov 07, 2016) (11 pages) Paper No: JCISE-16-1970; doi: 10.1115/1.4034131 History: Received June 03, 2016; Revised June 20, 2016

Exchange and reuse of three-dimensional (3D) product models are hampered by the absence of trust in product-lifecycle data quality. The root cause of the missing trust is years of “silo” functions (e.g., engineering, manufacturing, and quality assurance) using independent and disconnected processes. Those disconnected processes result in data exchanges that do not contain all of the required information for each downstream lifecycle process, which inhibits the reuse of product data and results in duplicate data. The X.509 standard, maintained by the Telecommunication Standardization Sector of the International Telecommunication Union (ITU-T), was first issued in 1988. Although originally intended as the authentication framework for the X.500 series for electronic directory services, the X.509 framework is used in a wide range of implementations outside the originally intended paradigm. These implementations range from encrypting websites to software-code signing, yet X.509 certificate use has not widely penetrated engineering and product realms. Our approach is not trying to provide security mechanisms, but equally as important, our method aims to provide insight into what is happening with product data to support trusting the data. This paper provides a review of the use of X.509 certificates and proposes a solution for embedding X.509 digital certificates in 3D models for authentication, authorization, and traceability of product data. This paper also describes an application within the aerospace domain. Finally, the paper draws conclusions and provides recommendations for further research into using X.509 certificates in product lifecycle management (PLM) workflows to enable a product lifecycle of trust.

FIGURES IN THIS ARTICLE
<>
Copyright © 2017 by ASME
Your Session has timed out. Please sign back in to continue.

References

Wu, D. , Rosen, D. W. , Wang, L. , and Schaefer, D. , 2015, “ Cloud-Based Design and Manufacturing: A New Paradigm in Digital Manufacturing and Design Innovation,” Comput. Aided Des., 59, pp. 1–14. [CrossRef]
Wu, D. , Greer, M. J. , Rosen, D. W. , and Schaefer, D. , 2013, “ Cloud Manufacturing: Strategic Vision and State-of-the-Art,” J. Manuf. Syst., 32(4), pp. 564–579. [CrossRef]
Xu, X. , 2012, “ From Cloud Computing to Cloud Manufacturing,” Rob. Comput. Integr. Manuf., 28(1), pp. 75–86. [CrossRef]
Hedberg, T., Jr. , Hartman, N. , Rosche, P. , and Fischer, K. , “ A Research Strategy for Using Manufacturing Knowledge Earlier in the Product Lifecycle,” Int. J. Prod. Res. (in press).
Feeney, A. B. , Frechette, S. P. , and Srinivasan, V. , 2015, “ A Portrait of an ISO STEP Tolerancing Standard as an Enabler of Smart Manufacturing Systems,” ASME J. Comput. Inf. Sci. Eng., 15(2), p. 021001. [CrossRef]
International Standards Organization, 2014, “ Industrial Automation Systems and Integration—Product Data Representation and Exchange—Part 242: Application Protocol: Managed Model-Based 3D Engineering,” International Standards Organization, Geneva, Switzerland.
Hedberg, T. D., Jr. , Lubell, J. , Fischer, L. , Maggiano, L. , and Feeney, A. B. , 2016, “ Testing the Digital Thread in Support of Model-Based Manufacturing and Inspection,” ASME J. Comput. Inf. Sci. Eng., 16(2), p. 021001. [CrossRef]
Energetics, 2015, “ Measurement Science Roadmap for Prognostics and Health Management for Smart Manufacturing System,” National Institute of Standards and Technology, Report No. AMS 100-3.
Helu, M. , and Hedberg, T., Jr. , 2015, “ Enabling Smart Manufacturing Research and Development Using a Product Lifecycle Test Bed,” Procedia Manuf., 1, pp. 86–97. [CrossRef]
Gao, R. , Wang, L. , Teti, R. , Dornfeld, D. , Kumara, S. , Mori, M. , and Helu, M. , 2015, “ Cloud-Enabled Prognosis for Manufacturing,” CIRP Ann. Manuf. Technol., 64(2), pp. 749–772. [CrossRef]
Li, M. , Gao, S. , and Wang, C. C. , 2006, “ Real-Time Collaborative Design With Heterogeneous CAD Systems Based on Neutral Modeling Commands,” ASME J. Comput. Inf. Sci. Eng., 7(2), pp. 113–125. [CrossRef]
Trainer, A. , Hedberg, T., Jr. , Feeney, A. B. , Fischer, K. , and Rosche, P. , 2016, “ Gaps Analysis of Integrating Product Design, Manufacturing, and Quality Data in the Supply Chain Using Model-Based Definition,” Manufacturing Science and Engineering Conference, American Society of Mechanical Engineers, ASME Paper No. MSEC2016-8792.
World Wide Web Consortium, 2006, “ Semantic Web,” World Wide Web Consortium (W3C), Cambridge, MA. https://www.w3.org/standards/semanticweb/
Telecommunication Standardization Sector of ITU, 2014, “ Information Technology—Open Systems Interconnection—The Directory—Part 8: Public-Key and Attribute Certificate Frameworks,” International Organization for Standardization, Geneva, Switzerland. http://www.iso.org/iso/home/store/catalogue_ics/catalogue_detail_ics.htm?csnumber=64854
Hempe, D. W. , 2010, “ Advisory Circular 21-48,” Federal Aviation Administration, U.S. Department of Transportation, Washington, DC. http://www.faa.gov/documentLibrary/media/Advisory_Circular/AC\%2021-48.pdf
Allen, J. M. , 2010, “ Advisory Circular 20-62E,” Federal Aviation Administration, U.S. Department of Transportation, Washington, DC. http://www.faa.gov/documentLibrary/media/Advisory_Circular/AC\%2021-48.pdf
Hamilton, V. L. , and Beeby, M. L. , 1991, “ Issues of Traceability in Integrating Tools,” IEEE Colloquium on Tools and Techniques for Maintaining Traceability During Design, pp. 4/1–4/3.
Ramesh, B. , 2002, “ Process Knowledge Management With Traceability,” IEEE Trans. Softw. Eng., 19(3), pp. 50–52. [CrossRef]
Mohan, K. , and Ramesh, B. , 2007, “ Traceability-Based Knowledge Integration in Group Decision and Negotiation Activities,” Decis. Support Syst., 43(3), pp. 968–989. [CrossRef]
Mohan, K. , Xu, P. , Cao, L. , and Ramesh, B. , 2008, “ Improving Change Management in Software Development: Integrating Traceability and Software Configuration Management,” Decis. Support Syst., 45(4), pp. 922–936. [CrossRef]
Ouertani, M. Z. , Baïna, S. , Gzara, L. , and Morel, G. , 2011, “ Traceability and Management of Dispersed Product Knowledge During Design and Manufacturing,” Comput. Aided Des., 43(5), pp. 546–562. [CrossRef]
Yang, J. , Han, S. , Kang, H. , and Kim, J. , 2006, “ Product Data Quality Assurance for e-Manufacturing in the Automotive Industry,” Int. J. Comput. Integr. Manuf., 19(2), pp. 136–147. [CrossRef]
Collins, M. , 2010, “ The Boeing Supply Chain Model,” Manufacturing.net, Madison, WI. http://www.manufacturing.net/news/2010/07/boeing-supply-chain-model
Kikuchi, Y. , Hiraoka, H. , Otaka, A. , Tanaka, F. , Kobayashi, K. G. , and Soma, A. , 2010, “ PDQ (Product Data Quality): Representation of Data Quality for Product Data and Specifically for Shape Data,” ASME J. Comput. Inf. Sci. Eng., 10(2), p. 021003. [CrossRef]
Walker, D. , 2001, “ Introduction to TOPGUN XI,” 2001 COE Conference, Anaheim, CA.
International Standards Organization, 2012, “ Industrial Automation Systems and Integration—JT File Format Specification for 3D Visualization,” Geneva, Switzerland.
International Standards Organization, 2014, “ Document Management—3D Use of Product Representation Compact (PRC) Format—Part 1: PRC 10001,” International Standards Organization, Geneva, Switzerland.
Automotive Industry Action Group, 1999, “ Defining Product Data Quality,” Automotive Industry Action Group, Southfield MI.
Automotive Industry Action Group, 2001, “ Product Data Quality: Guidelines for the Global Automotive Industry,” Automotive Industry Action Group, Southfield MI.
International Standards Organization, 2006, “ SASIG Product Data Quality Guidelines for the Global Automotive Industry,” International Standards Organization, Geneva, Switzerland.
U.S. Department of Defense, 2013, “ Standard Practice: Technical Data Packages, 11/1/2009,” U.S. Department of Defense, Washington DC.
Fischer, K. , Rosche, P. , and Trainer, A. , 2015, “ Investigating the Impact of Standards-Based Interoperability for Design to Manufacturing and Quality in the Supply Chain,” National Institute of Standards and Technology, Report No. NISTGCR 15-1009.
International Standards Organization, 2009, “ Automation Systems and Integration—Numerical Control of Machines—Program Format and Definitions of Address Words—Part 1: Data Format for Positioning, Line Motion and Contouring Control Systems,” International Standards Organization, Geneva, Switzerland.
Suh, S.-H. , 2008, Theory and Design of CNC Systems (Series in Advanced Manufacturing), Springer, London.
Dimensional Metrology Standards Consortium, 2014, “ Part 1: Overview and Fundamental Principles in Quality Information Framework (QIF)—An Integrated Model for Manufacturing Quality Information,” ANSI/DMSC Standard. http://qifstandards.org
International Standards Organization, 2008, “ Document Management—Portable Document Format—Part 1: PDF 1.7,” International Standards Organization, Geneva, Switzerland.
The Internet Engineering Task Force, 2013, “ Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile,” The Internet Engineering Task Force, Freemont, CA. https://datatracker.ietf.org/doc/rfc5280/
The Internet Engineering Task Force, 2013, “ An Internet Attribute Certificate Profile for Authorization,” The Internet Engineering Task Force, Freemont, CA. https://datatracker.ietf.org/doc/rfc5755/?include_text=1
Telecommunication Standardization Sector of ITU, 2004, “ Security in Telecommunications and Information Technology,” International Telecommunication Union.
Organization for the Advancement of Structured Information Standards, 2005, “ Assertions and Protocols for the OASIS Security Assertion Markup Language (SAML) v2.0,” Organization for the Advancement of Structured Information Standards, Burlington, MA.
Organization for the Advancement of Structured Information Standards, 2015, “ About Us,” OASIS, Burtlington, MA. https://www.oasis-open.org/org
Isaacson, W. , 2012, “ How Steve Jobs' Love of Simplicity Fueled a Design Revolution,” Smithsonian Magazine, Washington, DC. http://www.smithsonianmag.com/arts-culture/how-steve-jobs-love-of-simplicity-fueled-a-design-revolution-23868877/?no-ist
National Institute of Standards and Technology, 2015, “ Security and Privacy Controls for Federal Information Systems and Organizations,” NIST, Gaithersburg, MD, Report No. SP 800-53. https://www.idesg.org/portals/0/documents/registry/NIST.SP.800-53r4.pdf
Cheng, M. J. , and Simmons, J. E. L. , 1994, “ Traceability in Manufacturing Systems,” Int. J. Oper. Prod. Manage., 14(10), pp. 4–16. [CrossRef]
Jansen-Vullers, M. H. , van Dorp, C. A. , and Beulens, A. J. M. , “ Managing Traceability Information in Manufacture,” Int. J. Inf. Manage., 23(5), pp. 395–413. [CrossRef]
International Standards Organization, 2002, “ Industrial Automation Systems and Integration—Product Data Representation and Exchange—Part 21: Implementation Methods: Clear Text Encoding of the Exchange Structure,” International Standards Organization, Geneva, Switzerland.
Wirth, N. , 1977, “ What Can We Do About the Unnecessary Diversity of Notation for Syntactic Definitions?” Commun. ACM, 20(11), pp. 822–823. [CrossRef]

Figures

Grahic Jump Location
Fig. 1

Landscape of data formats used for product-data exchange: (a) components of a public key infrastructure and (b) components of a privilege management infrastructure

Grahic Jump Location
Fig. 2

PDQ information usage scenarios (from Ref. [24])

Grahic Jump Location
Fig. 3

X.509 components of public key infrastructure and privilege management infrastructure (from Ref. [39])

Grahic Jump Location
Fig. 4

Transformation network

Grahic Jump Location
Fig. 5

Example of a transformation network

Grahic Jump Location
Fig. 6

Multiple signatures support in STEP 10303-21 edition 3

Grahic Jump Location
Fig. 7

Single path versus multipath hierarchical signing

Grahic Jump Location
Fig. 8

Multipath flat signing

Grahic Jump Location
Fig. 9

Digital signature implementing in QIF 2.1

Grahic Jump Location
Fig. 10

QIF extension for multipath signing strategy support

Grahic Jump Location
Fig. 11

Example process for verifying the quality of product data and embedding usage restrictions

Tables

Errata

Discussions

Some tools below are only available to our subscribers or users with an online account.

Related Content

Customize your page view by dragging and repositioning the boxes below.

Related Journal Articles
Related eBook Content
Topic Collections

Sorry! You do not have access to this content. For assistance or to subscribe, please contact us:

  • TELEPHONE: 1-800-843-2763 (Toll-free in the USA)
  • EMAIL: asmedigitalcollection@asme.org
Sign In