Thomas Hardjono

Tobin South, Samuele Marro, Thomas Hardjono et al. · mit

The rapid deployment of autonomous AI agents creates urgent challenges around authorization, accountability, and access control in digital spaces. New standards are needed to know whom AI agents act on behalf of and guide their use appropriately, protecting online spaces while unlocking the value of task delegation to autonomous agents. We introduce a novel framework for authenticated, authorized, and auditable delegation of authority to AI agents, where human users can securely delegate and restrict the permissions and scope of agents while maintaining clear chains of accountability. This framework builds on existing identification and access management protocols, extending OAuth 2.0 and OpenID Connect with agent-specific credentials and metadata, maintaining compatibility with established authentication and web infrastructure. Further, we propose a framework for translating flexible, natural language permissions into auditable access control configurations, enabling robust scoping of AI agent capabilities across diverse interaction modalities. Taken together, this practical approach facilitates immediate deployment of AI agents while addressing key security and accountability concerns, working toward ensuring agentic AI systems perform only appropriate actions and providing a tool for digital service providers to enable AI agent interactions without risking harm from scalable interaction.

Denis Avrilionis, Thomas Hardjono

Today there is considerable interest in deploying blockchains and decentralized ledger technology as a means to address the deficiencies of current financial and digital asset infrastructures. The focal point of attention in many projects on digital asset and cryptocurrency is centered around blockchain systems and smart contracts. Many projects seek to make the blockchain as the centerpiece of the new decentralized world of finance. However, several roadblocks and challenges currently face this predominant blockchain-centric view. In this paper we argue that the proper and correct perspective on decentralized economy should be one that is asset-centric, where the goal should be the consistent lifecycle management of assets in the real-world with their digital representation on the blockchain. We introduce the notion of the digital twin to capture the relationship between a real-world asset and its on-chain representation. A digital twin container is utilized to permit off-chain state persistence and on-chain state traceability, where the container can be deployed on the blockchain as well as on traditional application servers. The digital twin container becomes the bridge between legacy infrastructures and the newly emergent blockchain infrastructures, permitting legacy systems to interoperate consistently with blockchain systems. We believe this asset-centric view to be the correct evolutionary direction for the nascent field of blockchains and decentralized ledger technology.

Thomas Hardjono

In this paper we focus on one part of the trust infrastructures needed for the future virtual assets industry, namely the attestation infrastructure related to key management in private wallet systems. Our focus is on regulated private wallets utilizing trusted hardware, and the capability of the wallet to yield attestation evidence suitable to address requirements in several use-cases, such as asset insurance and regulatory compliance. We argue that attestation services will be needed as a core part of the key management lifecycle for private wallets in true decentralized systems.

Thomas Hardjono

In the current work we discuss the notion of gateways as a means for interoperability across different blockchain systems. We discuss two key principles for the design of gateway nodes and scalable gateway protocols, namely (i) the opaque ledgers principle as the analogue of the autonomous systems principle in IP datagram routing, and (ii) the externalization of value principle as the analogue of the end-to-end principle in the Internet architecture. We illustrate the need for a standard gateway protocol by describing a unidirectional asset movement protocol between two peer gateways, under the strict condition of both blockchains being private/permissioned with their ledgers inaccessible to external entities. Several aspects of gateways and the gateway protocol is discussed, including gateway identities, gateway certificates and certificate hierarchies, passive locking transactions by gateways, and the potential use of delegated hash-locks to expand the functionality of gateways.

Thomas Hardjono, Alexander Lipton, Alex Pentland

We introduce the contract service provider (CSP) model as an analog of the successful Internet ISP model. Our exploration is motivated by the need to seek alternative blockchain service-fee models that departs from the token-for-operations (gas fee) model for smart contracts found on many popular blockchain platforms today. A given CSP community consisting of multiple CSP business entities (VASPs) form a contract domain which implement well-defined contract primitives, policies and contract-ledger. The nodes of the members of CSP community form the blockchain network. We discuss a number of design principles borrowed from the design principles of the Internet Architecture, and we discuss the interoperability of cross-domain (cross-chain) transfers of virtual assets in the context of contract domains.

Thomas Hardjono

Virtual asset service providers (VASPs) currently face a number of challenges, both from the technological and the regulatory perspectives. In the context of virtual asset transfers one key issue is the need for VASPs to securely exchange customer information to comply to the Travel Rule. We discuss a VASP information sharing network as one form of a trust infrastructure for VASP-to-VASP interactions. Related to this is the need for a trusted identity infrastructure for VASPs that would permit other entities to quickly ascertain the legal business status of a VASP. For regulated wallets, an attestation infrastructure may provide VASPs and insurance providers with better visibility into the state of wallets based on trusted hardware. Finally, for customers of VASPs there is a need for seamless integration between the VASP services with the existing consumer identity management infrastructure, providing a user-friendly experience for transferring virtual assets to other users.

Thomas Hardjono, Alexander Lipton, Alex Pentland

The emerging virtual asset service providers (VASP) industry currently faces a number of challenges related to the Travel Rule, notably pertaining to customer personal information, account number and cryptographic key information. VASPs will be handling virtual assets of different forms, where each may be bound to different private-public key pairs on the blockchain. As such, VASPs also face the additional problem of the management of its own keys and the management of customer keys that may reside in a customer wallet. The use of attestation technologies as applied to wallet systems may provide VASPs with suitable evidence relevant to the Travel Rule regarding cryptographic key information and their operational state. Additionally, wallet attestations may provide crypto-asset insurers with strong evidence regarding the key management aspects of a wallet device, thereby providing the insurance industry with measurable levels of assurance that can become the basis for insurers to perform risk assessment on crypto-assets bound to keys in wallets, both enterprise-grade wallets and consumer-grade wallets.

Thomas Hardjono, Ned Smith

If blockchain networks are to become the building blocks of the infrastructure for the future digital economy, then several challenges related to the resiliency and survivability of blockchain networks need to be addressed. The survivability of a blockchain network is influenced by the diversity of its nodes. Trustworthy device-level attestations permits nodes in a blockchain network to provide truthful evidence regarding their current configuration, operational state, keying material and other system attributes. In the current work we review the recent developments towards a standard attestation architecture and evidence conveyance protocols. We explore the applicability and benefits of a standard attestation architecture to blockchain networks. Finally, we discuss a number of open challenges related to node attestations that has arisen due to changing model of blockchain network deployments, such as the use virtualization and containerization technologies for nodes in cloud infrastructures.

Thomas Hardjono, Alexander Lipton, Alex Pentland

In order for VASPs to fulfill the regulatory requirements from the FATF and the Travel Rule, VASPs need access to truthful information regarding originators, beneficiaries and other VASPs involved in a virtual asset transfer instance. Additionally, in seeking data regarding subjects (individuals or organizations) VASPs are faced with privacy regulations such as the GDPR and CCPA. In this paper we a propose privacy-preserving claims issuance model that carries indicators of the provenance of the data and the algorithms used to derive the claim or assertion. This allows VASPs to obtain originator and beneficiary information without necessarily having access to the private data about these entities. Secondly we propose the use of a consortium trust network arrangement for VASPs to exchange signed claims about subjects and their public-key information or certificate.

Thomas Hardjono, Alex Pentland

Over the last decade there has been a continuing decline in social trust on the part of individuals with regards to the handling and fair use of personal data, digital assets and other related rights in general. At the same time, there has been a change in the employment patterns for many people through the emergence of the gig economy. These gig workers include artists, songwriters and musicians in the music industry. We discuss the notion of the data cooperative with fiduciary responsibilities to its members, which is similar in purpose to credit unions in the financial sector. A data cooperative for artists and musicians allows the community to share IT resources, such as data storage, analytics processing, blockchains and distributed ledgers. A cooperative can also employ smart contracts to remedy the various challenges currently faced by the music industry with regards to the license tracking management.

Thomas Hardjono, George Howard, Eric Scace et al.

One of the significant issues in the music supply chain today is the lack of consistent, complete and authoritative information or metadata regarding the creation of a given musical work. In many cases multiple entities in the music supply chain have each created their own version of the metadata for a musical work, often by manually re-entering the same information or through scraping data from other sites. In such cases, the effort to synchronize or to correct the information becomes manually laborious and error-prone. Furthermore, confidential information regarding the legal ownership of the musical work is often commingled in the same metadata, making the entire database proprietary and thus closed. In this paper we explore an alternative model for creation metadata following the open access paradigm found in other industries, such as in book publishing, library systems and in the automotive parts supply chain. The vision is to create a new music metadata layer for creation metadata that is open, scalable and provides an authoritative source of information that is available to all entities in the music supply chain globally.

Thomas Hardjono, Alexander Lipton, Alex Pentland

The recent FATF Recommendations defines virtual assets and virtual assets service providers (VASP), and requires under the Travel Rule that originating VASPs obtain and hold required and accurate originator information and required beneficiary information on virtual asset transfers. In this paper we discuss the notion of key ownership evidence as a core part of originator and beneficiary information required by the FATF Recommendation. We discuss approaches to securely communicate the originator and beneficiary information between VASPs, and review existing standards for public key certificates as applied to VASPs and virtual asset transfers. We propose the notion of a trust network of VASPs in which originator and beneficiary information, including key ownership information, can be exchanged securely while observing individual privacy requirements.

Thomas Hardjono

The digital identity problem is a complex one in large part because it involves personal data, the algorithms which compute reputations on the data and the management of the identifiers that are linked to personal data. The reality of today is that personal data of an individual is distributed throughout the Internet, in both private and public institutions, and increasingly also on the user's devices. In order to empower individuals to have a say in who has access to their personal data and to enable individuals to make use of their data for their own purposes, a coherent and scalable access authorization architecture is required. Such an architecture must allow different data holders, data providers and user-content generators to respond to an individual's wishes with regards to consent in a federated fashion. This federation must allow an individual to easily manage access policies and provide consent as required by current and forthcoming data privacy regulations. This paper describes the User Managed Access (UMA) architecture and protocols that provide the foundation for scalable access authorization.

Thomas Hardjono, Ned Smith

There is a growing interest today in blockchain technology as a possible foundation for the future global financial ecosystem. However, in order for this future financial ecosystem to be truly global, with a high degree of interoperability and stability, a number challenges need to be addressed related to infrastructure security. One key aspect concerns the security and robustness of the systems that participate in the blockchain peer-to-peer networks. In this paper we discuss the notion of the decentralized trusted computing base as an extension of the TCB concept in trusted computing. We explore how a decentralized TCB can be useful to (i) harden individual nodes and systems in the blockchain infrastructure, and (ii) be the basis for secure group-oriented computations making within the P2P network of nodes that make-up the blockchain system.

Eduardo Castelló Ferrer, Thomas Hardjono, Alex 'Sandy' Pentland et al.

The importance of swarm robotics systems in both academic research and real-world applications is steadily increasing. However, to reach widespread adoption, new models that ensure the secure cooperation of large groups of robots need to be developed. This work introduces a novel method to encapsulate cooperative robotic missions in an authenticated data structure known as Merkle tree. With this method, operators can provide the "blueprint" of the swarm's mission without disclosing its raw data. In other words, data verification can be separated from data itself. We propose a system where robots in a swarm, to cooperate towards mission completion, have to "prove" their integrity to their peers by exchanging cryptographic proofs. We show the implications of this approach for two different swarm robotics missions: foraging and maze formation. In both missions, swarm robots were able to cooperate and carry out sequential operations without having explicit knowledge about the mission's high-level objectives. The results presented in this work demonstrate the feasibility of using Merkle trees as a cooperation mechanism for swarm robotics systems in both simulation and real-robot experiments, which has implications for future decentralized robotics applications where security plays a crucial role such as environmental monitoring, infrastructure surveillance, and disaster management.

Thomas Hardjono, Alex Pentland

In this paper we address the issue of identity and access control within shared permissioned blockchains. We propose the ChainAchor system that provides anonymous but verifiable identities for entities on the blockchain. ChainAchor also provides access control to entities seeking to submit transactions to the blockchain to read/verify transactions on the the permissioned blockchain. Consensus nodes enforce access control to the shared permissioned blockchain by a simple look-up to a (read-only) list of anonymous members' public-keys. ChainAnchor also provides unlinkability of transactions belonging to an entity on the blockchain. This allows for an entity to optionally disclose their identity when a transaction is called into question (e.g. regulatory or compliance requirements), but without affecting the anonymity and unlinkability of their remaining transactions.

Shifa Zhang, Anne Kim, Dianbo Liu et al.

Artificial Intelligence (AI) incorporating genetic and medical information have been applied in disease risk prediction, unveiling disease mechanism, and advancing therapeutics. However, AI training relies on highly sensitive and private data which significantly limit their applications and robustness evaluation. Moreover, the data access management after sharing across organization heavily relies on legal restriction, and there is no guarantee in preventing data leaking after sharing. Here, we present Genie, a secure AI platform which allows AI models to be trained on medical data securely. The platform combines the security of Intel Software Guarded eXtensions (SGX), transparency of blockchain technology, and verifiability of open algorithms and source codes. Genie shares insights of genetic and medical data without exposing anyone's raw data. All data is instantly encrypted upon upload and contributed to the models that the user chooses. The usage of the model and the value generated from the genetic and health data will be tracked via a blockchain, giving the data transparent and immutable ownership.

Thomas Hardjono, Alexander Lipton, Alex Pentland

In this paper we discuss a design philosophy for interoperable blockchain systems, using the design philosophy of the Internet architecture as the basis to identify key design principles. Several interoperability challenges are discussed in the context of cross-domain transactions. We illustrate how these principles are informing the interoperability architecture of the MIT Tradecoin system.

Eduardo Castelló Ferrer, Ognjen Rudovic, Thomas Hardjono et al.

Robots have potential to revolutionize the way we interact with the world around us. One of their largest potentials is in the domain of mobile health where they can be used to facilitate clinical interventions. However, to accomplish this, robots need to have access to our private data in order to learn from these data and improve their interaction capabilities. Furthermore, to enhance this learning process, the knowledge sharing among multiple robot units is the natural step forward. However, to date, there is no well-established framework which allows for such data sharing while preserving the privacy of the users (e.g., the hospital patients). To this end, we introduce RoboChain - the first learning framework for secure, decentralized and computationally efficient data and model sharing among multiple robot units installed at multiple sites (e.g., hospitals). RoboChain builds upon and combines the latest advances in open data access and blockchain technologies, as well as machine learning. We illustrate this framework using the example of a clinical intervention conducted in a private network of hospitals. Specifically, we lay down the system architecture that allows multiple robot units, conducting the interventions at different hospitals, to perform efficient learning without compromising the data privacy.