Research Papers

Method for Enabling a Root of Trust in Support of Product Data Certification and Traceability

[+] Author and Article Information
Thomas D. Hedberg, Jr.

Systems Integration Division,
Engineering Laboratory, National Institute of Standards and Technology,
Gaithersburg, MD 20899
e-mails: tdh1@nist.gov; thomas.hedberg@nist.gov

Sylvere Krima

Engisis LLC,
Bethesda, MD 20817
e-mail: sylvere.krima@engisis.com

Jaime A. Camelio

Grado Department of Industrial and Systems Engineering,
Virginia Tech,
Blacksburg, VA 24061
e-mail: jcamelio@vt.edu

1Corresponding author.

Manuscript received August 22, 2018; final manuscript received January 28, 2019; published online June 3, 2019. Assoc. Editor: Kazuhiro Saitou. This material is declared a work of the U.S. Government and is not subject to copyright protection in the United States. Approved for public release; distribution is unlimited.

J. Comput. Inf. Sci. Eng 19(4), 041003 (Jun 03, 2019) (13 pages) Paper No: JCISE-18-1215; doi: 10.1115/1.4042839 History: Received August 22, 2018; Accepted January 29, 2019

Trust in product data quality (PDQ) is critical to successful implementation of the model-based enterprise (MBE). Such trust does not extend to the exchange and the reuse of three-dimensional (3D) product models across the product life cycle because verifiable traceability in the product data is lacking. This assurance is especially crucial when “siloed” manufacturing functions produce the product data that is not fully interoperable and thus requires frequent reworking to enable its reuse. Previous research showed how public key infrastructure (X.509-PKI) from the X.509 standard could be used to embed digital signatures into the product data for the purposes of certification and traceability. This paper first provides an overview and review of technologies that could be integrated to support trust throughout the product life cycle. This paper then proposes a trust structure that supports several data transaction types. Then, the paper presents a case study for common configuration management (CM) workflows that are typically found in regulated industries. Finally, the paper draws conclusions and provides recommendations for further research for enabling the product life cycle of trust (PLOT).

Copyright © 2019 by ASME
Your Session has timed out. Please sign back in to continue.


Sharma, R., 2013, “The Problems with Reinventing CAD Software”. Forbes.
Wu, D., Greer, M. J., Rosen, D. W., and Schaefer, D., 2013, “Cloud Manufacturing: Strategic Vision and State-Of-The-Art,” J. Manuf. Syst., 32(4), pp. 564–579. [CrossRef]
Xu, X., 2012, “From Cloud Computing to Cloud Manufacturing,” Robot. Comput. Integr. Manuf., 28(1), pp. 75–86. [CrossRef]
Wu, D., Rosen, D. W., Wang, L., and Schaefer, D., 2015, “Cloud-Based Design and Manufacturing: A New Paradigm in Digital Manufacturing and Design Innovation,” Computer-Aided Design, 59, pp. 1–14. [CrossRef]
Trainer, A., Hedberg, T., Jr, Barnard Feeney, A., Fischer, K., and Rosche, P., 2016, “Gaps Analysis of Integrating Product Design, Manufacturing, and Quality Data in the Supply Chain Using Model-Based Definition”, Proc. ASME Int. Conf. Manuf. Sci. Eng. 2
GrabCAD, 2014, “Where Did the Time Go?,” Report, https://resources.grabcad.com/time-go/
Hedberg, T. D., Jr, Krima, S., and Camelio, J. A., 2016, “Embedding x.509 Digital Certificates in Three-Dimensional Models for Authentication, Authorization, and Traceability of Product Data,” J. Comput. Inf. Sci. Eng., 17(1), pp. 011008. [CrossRef] [PubMed]
Telecommunication Standardization Sector of ITU, 2014, Information Technology—Open Systems Interconnection—The Directory—Part 8: Public-Key and Attribute Certificate Frameworks. ISO/IEC 9594-8:2014.
Cyber Physical Systems Public Working Group, 2016, “Framework for Cyber-Physical Systems, Release 1.0,” Report, National Institute of Standards and Technology, May, https://pages.nist.gov/cpspwg/library/
Ramesh, B., 2002, “Process Knowledge Management With Traceability,” IEEE Trans. Software Eng., 19(3), pp. 50–52. [CrossRef]
Mohan, K., and Ramesh, B., 2007, “Traceability-Based Knowledge Integration in Group Decision and Negotiation Activities,” Decis. Support. Syst., 43(3), pp. 968–989. [CrossRef]
Mohan, K., Xu, P., Cao, L., and Ramesh, B., 2008, “Improving Change Management in Software Development: Integrating Traceability and Software Configuration Management,” Decis. Support. Syst., 45(4), pp. 922–936. [CrossRef]
Hamilton, V. L., and Beeby, M. L., 1991, “Issues of Traceability in Integrating Tools,” IEEE Colloquium on Tools and Techniques for Maintaining Traceability During Design, London, UK, pp. 4/1–4/3.
Ouertani, M. Z., Baïna, S., Gzara, L., and Morel, G., 2011, “Traceability and Management of Dispersed Product Knowledge During Design and Manufacturing,” Comput. Aided Design, 43(5), pp. 546–562. [CrossRef]
Hempe, D. W., 2010, “Advisory Circular 21-48,” Report, Federal Aviation Administration, U.S. Department of Transportation, http://www.faa.gov/documentLibrary/media/Advisory_Circular/AC
Allen, J. M., 2010, “Advisory Circular 20-62E,” Report, Federal Aviation Administration, U.S. Department of Transportation, http://www.faa.gov/documentLibrary/media/Advisory_Circular/AC
Hedberg, T., Jr., Feeney, B., and Camelio, J. A., 2017, “Towards a Lifecycle Information Framework and Technology in Manufacturing,” J. Comput. Inf. Sci. Eng., 17(2), 021010. [CrossRef] [PubMed]
Krima, S., and Hedberg, T., Jr., 2016, “Digital Manufacturing Certificate Toolkit: Adding Trust and Traceability to Product Data,” NIST JRES., 121, pp. 505–506. [CrossRef]
The Internet Engineering Task Force, 2013, “Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile.”
International Standards Organization, 2014, “Industrial Automation Systems and Integration – Product Data Representation and Exchange—Part 242: Application Protocol: Managed Model-Based 3D Engineering. ISO/TC 184/SC 4, ISO 10303–242.”
International Organization for Standardization, 2009, “Automation Systems and Integration—Numerical Control of Machines—Program Format and Definitions of Address Words—Part 1: Data Format for Positioning, Line Motion and Contouring Control Systems,” ISO/TC 184/SC 1, ISO 6983-1:2009.
Dimensional Metrology Standards Consortium, 2014, “Part 1: Overview and Fundamental Principles in Quality Information Framework (QIF) an Integrated Model for Manufacturing Quality Information.”
International Standards Organization, 2008, “Document Management—Portable Document Format—Part 1,” PDF 1.7. ISO/TC 171/SC 2, ISO 32000–1.
International Standards Organization, 2014, “Document Management—3D Use of Product Representation Compact (PRC) Format—Part 1,” PRC 10001. ISO/TC 171/SC 2, ISO 14739–1.
International Organization for Standardization, 2015, “Quality Management Systems,” ISO/TC 176/SC 2, ISO 9001:2015.
Dougherty, R., 2017, “Quality Assurance Standard for Digital Product Definition at Boeing Suppliers,” Report D6-51991, The Boeing Company, Archived by WebCite at http://www.webcitation.org/6siPUecWG, Accessed Aug. 14, 2017.
International Organization for Standardization, 2012, “Space Data and Information Transfer Systems—Audit and Certification of Trustworthy Digital Repositories,” ISO/TC 20/SC 13, ISO 16363:2012.
PATB Ltd, 2017, “Primary Trustworthy Digital Repository Authorisation Body Ltd, Audit and Certification,” Overview, http://www.iso16363.org/iso-certification/overview/, Accessed Sept. 1, 2017.
International Organization for Standardization, 2015, “Conformity Assessment—Requirements for Bodies Providing Audit and Certification of Management Systems—Part 1: Requirements,” ISO/CASCO, ISO/IEC 17021-1:2015.
International Standards Organization, 2012, “Industrial Automation Systems and Integration—JT File Format Specification for 3D Visualization,” ISO/TC 184/SC 4, ISO 14306.
Yaga, D., Mell, P., Roby, N., and Scarfone, K., 2018, “Blockchain Technology Overview,” National Institute of Standards and Technology, Gaithersburg, MD, October, Tech. Rep.
Bajaj, M., and Hedberg, T., Jul, 2018, “System Lifecycle Handler—Spinning a Digital Thread for Manufacturing,” INCOSE Int. Symp., 28(1), pp. 1636–1650. [CrossRef]
International Organization for Standardization, 2018, “ISO 8601 Date and Time Format.”
International Organization for Standardization, 2015, “Information Technology—Metadata Registries (MDR)—Part 1: Framework.”
Open Applications Group, 2018, OAGIS 10.4.
Ivezic, N., Kulvatunyou, B., and Srinivasan, V., Jan, 2014, “On Architecting and Composing Through-Life Engineering Information Services to Enable Smart Manufacturing,” Procedia CIRP, 22(1), pp. 45–52. [CrossRef]
Krima, S., Hedberg, Jr, T., and Feeney, B. A., 2018, “Securing the Digital Threat for Smart Manufacturing: A Reference Model for Blockchain-Based Product Data Traceability,” National Institute of Standards and Technology, Report No. AMS 300-6.
SAE International, 2011, “Configuration Management Standard,” EIA649.
GolMohammadi, N., Paulus, S., Bishr, M., Metzger, A., Knnecke, H., Hartenstein, S., Weyer, T., and Pohl, K., 2014, Trustworthiness Attributes and Metrics for Engineering Trusted Internet-Based Software Systems, Cloud Computing and Services Science, Springer International Publishing, New York, pp. 19–35.
Helu, M., Hedberg, T., Jr., and Barnard Feeney, A., 2017, “Reference Architecture to Integrate Heterogeneous Manufacturing Systems for the Digital Thread,” CIRP J. Manuf. Sci. Technol., 19, pp. 191–195. [CrossRef]
MTConnect Institute, 2014, Mtconnect Standard: Part 1—Overview and Protocol.
Ruemler, S. P., Zimmerman, K. E., Hartman, N. W., Hedberg, J. T., and Barnard Feeney, A., 2016, “Promoting Model-Based Definition to Establish a Complete Product Definition,” J. Manuf. Sci. Eng., 139(5), 051008. [CrossRef] [PubMed]
Miller, A. M., Hartman, N. W., Hedberg, T., Jr., Barnard Feeney, A., and Zahner, J., 2017, “Towards Identifying the Elements of a Minimum Information Model for Use in a Model-Based Definition,” 12th International Manufacturing Science and Engineering Conference Collocated With the JSME/ASME 2017 6th International Conference on Materials and Processing, Los Angeles, CA, V003T04A017.
International Organization for Standardization, 2016, “Industrial Automation Systems and Integration—Product Data Representation and Exchange—Part 21: Implementation Methods: Clear Text Encoding of the Exchange Structure,” ISO/TC 184/SC 4, ISO 10303-21.


Grahic Jump Location
Fig. 1

Examples of the single-path and multipath hierarchical signing employed in the digital manufacturing certificates toolkit (from Ref. [7])

Grahic Jump Location
Fig. 2

Hierarchy for chains of trust using X.509-PKI principles

Grahic Jump Location
Fig. 3

X.509-PKI certificates chain showing the levels of the trust structure

Grahic Jump Location
Fig. 4

Chain of trust for a verification and validation system signing data with a digital signature

Grahic Jump Location
Fig. 5

Example of (a) verification and validation (b) workflows to ensure the data meets a predefined level of quality (based on Ref. [7])

Grahic Jump Location
Fig. 6

Verifying the chain of trust for a FAA DER signing data with a digital signature

Grahic Jump Location
Fig. 7

Example of data usage rights controlling how the data must be used in a CAM system

Grahic Jump Location
Fig. 8

Use case for digitally signing a design specification (e.g., CAD model) and exchanging the data with another data user

Grahic Jump Location
Fig. 9

Use case for digitally signing a design specification (e.g., CAD model) and registering ownership and data exchange transactions in a blockchain

Grahic Jump Location
Fig. 10

Product data management workflows for signing the data during a release cycle, change process, and import verification



Some tools below are only available to our subscribers or users with an online account.

Related Content

Customize your page view by dragging and repositioning the boxes below.

Related Journal Articles
Related eBook Content
Topic Collections

Sorry! You do not have access to this content. For assistance or to subscribe, please contact us:

  • TELEPHONE: 1-800-843-2763 (Toll-free in the USA)
  • EMAIL: asmedigitalcollection@asme.org
Sign In