A system and method for controlling access to a product's digital twin.
The system addresses the inefficiencies of static product data systems by implementing a distributed network with access policy data generation for digital twins, ensuring secure and efficient data sharing among network participants.
Patent Information
- Authority / Receiving Office
- JP · JP
- Patent Type
- Applications
- Current Assignee / Owner
- BASF SE
- Filing Date
- 2024-06-20
- Publication Date
- 2026-07-07
AI Technical Summary
Existing systems for managing product data, such as the International Material Data System (IMDS), are static and prone to errors, making it cumbersome to exchange and share chemical data across the automotive supply chain, necessitating a more efficient and secure method for controlling access to digital twins of products.
A system and method for generating access policy data to control access to a digital twin of a product using a distributed data network, involving a tree structure with root and leaf nodes, and utilizing group and participant access data generators to define access control groups and actions, ensuring secure and efficient data sharing among distributed network participants.
Enables secure, efficient, and robust data sharing across a distributed network by controlling access to digital twins using group-based policies, reducing the need for multiple copies and minimizing resource usage while maintaining data integrity and security.
Smart Images

Figure 2026522441000001_ABST
Abstract
Description
Technical Field
[0001] Technical Field The present disclosure relates to an apparatus, a system, and a computer-implemented method for generating access policy data for controlling access to a digital twin of a physical entity of a product, and respective computer program elements, a computer-implemented method for controlling access to a digital twin of a physical entity of a product by a distributed data consumption network node associated with a participant of a distributed network, and an apparatus, and respective computer program elements, a computer-implemented method for processing a digital twin of a physical entity of a product or a part thereof, and respective computer program elements, and a computer-implemented method for controlling access to a digital twin of a physical entity of a product or a part thereof by a distributed data consumption network node associated with a participant of a distributed network using digital access elements associated with the product, and respective computer program elements.
Background Art
[0002] Background Art In the supply of products, it is necessary to meet many different regulatory requirements depending on the product. For example, in the automotive supply chain, chemical companies use the International Material Data System (IMDS) to provide standardized information. In such a system, it is possible to collect data along the entire automotive supply chain. Participants in the automotive supply chain register for the IMDS service and maintain product entries in a central database provided and hosted by a third-party provider.
[0003] Systems like IMDS are static with respect to data, prone to errors, and cumbersome to handle or maintain. Due to the highly specific and centralized setup of such systems, exchanging and sharing chemical data is a difficult task. Therefore, there is a need to simplify and / or customize the sharing or exchange of product data among participants in a product ecosystem, while allowing data owners of product data to control access to that data by further participants in the product ecosystem. [Overview of the project] [Means for solving the problem]
[0004] Summary of the Invention In one embodiment, the Disclosure relates to an apparatus for generating access policy data to control access to a digital twin of a physical entity of a product produced from one or more input materials, wherein access to the digital twin by one or more distributed data consumption network nodes of a distributed network is controlled by a distributed data providing network node associated with the digital twin, and the digital twin includes a digital twin data structure comprising a tree structure including a root node and optionally one or more leaf nodes, the digital twin data structure includes a distributed digital twin identifier, and at least one measured physical and / or chemical property of the product, and / or at least one physical and / or chemical property determined from collected data associated with the production and / or use of the product, and the apparatus - At least one group access data generator configured to generate group access data associated with a digital twin data structure, wherein the group access data identifies an access control group that includes a distributed participant identifier associated with a distributed network participant permitted to access the digital twin data structure, - At least one participant access data generator configured to generate participant access data associated with one or more nodes present in a digital twin data structure based on generated group access data, wherein the participant access data identifies a distributed network participant authorized to access one or more nodes, and one or more actions authorized to be performed on one or more nodes by a distributed network participant associated with a distributed participant identifier, The present invention relates to an apparatus comprising: at least one access policy data generator configured to generate access policy data associated with a digital twin based on generated group access data and generated participant access data, wherein the access policy data identifies the group access data and the associated participant access data.
[0005] In a further embodiment, the Disclosure relates to an apparatus for generating access policy data to control access to a digital twin of a physical entity of a product produced from one or more input materials, wherein access to the digital twin by one or more distributed data consumption network nodes of a distributed network is controlled by a distributed data providing network node associated with the digital twin, and the digital twin includes a digital twin data structure comprising a tree structure including a root node and optionally one or more leaf nodes, the digital twin data structure includes a distributed digital twin identifier, and at least one measured physical and / or chemical property of the product, and / or at least one physical and / or chemical property determined from collected data associated with the production and / or use of the product, and the apparatus - At least one group access data generator configured to generate group access data associated with a digital twin data structure, wherein the group access data identifies an access control group that includes a distributed participant identifier associated with a distributed network participant permitted to access the digital twin data structure, - At least one participant access data generator configured to generate participant access data associated with one or more nodes present in a digital twin data structure based on generated group access data, wherein the participant access data identifies a distributed network participant authorized to access one or more nodes, and one or more actions authorized to be performed on one or more nodes by a distributed network participant associated with a distributed participant identifier, - At least one access policy data generator configured to generate access policy data based on generated group access data and generated participant access data, wherein the access policy data identifies the group access data and associated participant access data, The present invention relates to a device comprising: at least one link unit configured to link generated access policy data to a digital twin.
[0006] In a further embodiment, the Disclosure relates to a system for generating access policy data to control access to a digital twin of a physical entity of a product produced from one or more input materials, wherein access to the digital twin by one or more distributed data consumption network nodes of a distributed network is controlled by a distributed data providing network node associated with the digital twin, and the digital twin includes a digital twin data structure having a tree structure including a root node and optionally one or more leaf nodes, and the digital twin data structure includes a distributed digital twin identifier, and at least one measured physical and / or chemical property of the product, and / or at least one physical and / or chemical property determined from collected data associated with the production and / or use of the product, and the system • A digital twin provider layer optionally configured to provide a digital twin of the physical entity of the product, • Access policy data provider layer, o Generate group access data associated with the digital twin data structure, and the group access data identifies access control groups that include distributed participant identifiers associated with distributed network participants who are permitted to access the digital twin data structure. Based on the generated group access data, generate participant access data associated with one or more nodes present in the digital twin data structure, and identify the distributed network participants who are permitted to access one or more nodes, and the one or more actions that the distributed network participants associated with the distributed participant identifier are permitted to perform on one or more nodes. The present invention relates to a system comprising: an access policy data provider layer configured to generate access policy data associated with a digital twin based on generated group access data and generated participant access data, and the access policy data to identify the group access data and associated participant access data.
[0007] In a further embodiment, the Disclosure relates to a system for generating access policy data to control access to a digital twin of a physical entity of a product produced from one or more input materials, wherein access to the digital twin by one or more distributed data consumption network nodes of a distributed network is controlled by a distributed data providing network node associated with the digital twin, and the digital twin includes a digital twin data structure having a tree structure including a root node and optionally one or more leaf nodes, and the digital twin data structure includes a distributed digital twin identifier, and at least one measured physical and / or chemical property of the product, and / or at least one physical and / or chemical property determined from collected data associated with the production and / or use of the product, and the system • A digital twin provider layer optionally configured to provide a digital twin of the physical entity of the product, • Access policy data provider layer, o Generate group access data associated with the digital twin data structure, and the group access data identifies access control groups that include distributed participant identifiers associated with distributed network participants who are permitted to access the digital twin data structure. Based on the generated group access data, generate participant access data associated with one or more nodes present in the digital twin data structure, and identify the distributed network participants who are permitted to access one or more nodes, and the one or more actions that the distributed network participants associated with the distributed participant identifier are permitted to perform on one or more nodes. Based on the generated group access data and the generated participant access data, access policy data is generated, and the access policy data identifies the group access data and the associated participant access data. The present invention relates to a system comprising an access policy data provider layer configured to link generated access policy data to a digital twin.
[0008] In a further aspect, the Disclosure relates to a computer implementation method for generating access policy data for controlling access to a digital twin of a physical entity of a product produced from one or more input materials, wherein access to the digital twin by one or more distributed data consumption network nodes of a distributed network is controlled by a distributed data providing network node associated with the digital twin, the digital twin includes a digital twin data structure comprising a tree structure including a root node and optionally one or more leaf nodes, the digital twin data structure includes a distributed digital twin identifier, and at least one measured physical and / or chemical property of the product, and / or at least one physical and / or chemical property determined from collected data associated with the production and / or use of the product, and the method The process involves generating group access data associated with a digital twin data structure, wherein the group access data identifies an access control group that includes a distributed participant identifier associated with a distributed network participant authorized to access the digital twin data structure. Based on the generated group access data, generate participant access data associated with one or more nodes present in the digital twin data structure, wherein the participant access data identifies the distributed network participants who are permitted to access one or more nodes, and the one or more actions that the distributed network participants associated with the distributed participant identifier are permitted to perform on one or more nodes. The present invention relates to a computer implementation method comprising the steps of: generating access policy data associated with a digital twin based on generated group access data and generated participant access data, wherein the access policy data identifies the group access data and the associated participant access data.
[0009] In a further aspect, the Disclosure relates to a computer implementation method for generating access policy data for controlling access to a digital twin of a physical entity of a product produced from one or more input materials, wherein access to the digital twin by one or more distributed data consumption network nodes of a distributed network is controlled by a distributed data providing network node associated with the digital twin, the digital twin includes a digital twin data structure comprising a tree structure including a root node and optionally one or more leaf nodes, the digital twin data structure includes a distributed digital twin identifier, and at least one measured physical and / or chemical property of the product, and / or at least one physical and / or chemical property determined from collected data associated with the production and / or use of the product, and the method The process involves generating group access data associated with a digital twin data structure, wherein the group access data identifies an access control group that includes a distributed participant identifier associated with a distributed network participant authorized to access the digital twin data structure. Based on the generated group access data, generate participant access data associated with one or more nodes present in the digital twin data structure, wherein the participant access data identifies the distributed network participants who are permitted to access one or more nodes, and the one or more actions that the distributed network participants associated with the distributed participant identifier are permitted to perform on one or more nodes. The process involves generating access policy data based on the generated group access data and the generated participant access data, wherein the access policy data identifies the group access data and the associated participant access data. The present invention relates to a computer implementation method that includes the steps of linking the generated access policy data to a digital twin.
[0010] In a further aspect, the Disclosure relates to a computer implementation method for controlling access by a distributed data consumption network node associated with a participant in a distributed network to a digital twin of a physical entity of a product, wherein the digital twin comprises a digital twin data structure having a tree structure including a root node and a plurality of nodes, optionally including one or more leaf nodes, the digital twin data structure comprises a distributed digital twin identifier, and at least one measured physical and / or chemical property of the product, and / or at least one physical and / or chemical property determined from collected data associated with the production and / or use of the product, and the method - Receiving a request from a distributed data consumption network node to access a digital twin or a portion thereof at a distributed data provision network node, wherein the request includes a distributed digital twin identifier and a distributed participant identifier of a distributed network participant associated with the distributed data consumption network node. Determining access policy data generated by an apparatus, system, or according to a computer implementation method disclosed herein (based on a distributed digital twin identifier included in the received request), Based on the distributed participant identifier and access policy data included in the received request, it is determined that the distributed network participant is a member of at least one access control group permitted to access the digital twin data structure, and that the participant is permitted to interact with the digital twin data structure when accessing it, and accordingly, This relates to computer implementations, including granting distributed data consumption network nodes access to a digital twin data structure in accordance with access policy data.
[0011] In a further aspect, the Disclosure relates to an apparatus for controlling access to a digital twin of a product's physical entity by a distributed data consumption network node associated with a participant in a distributed network, wherein the digital twin includes a digital twin data structure comprising a tree structure including a root node and optionally one or more leaf nodes, the digital twin data structure includes a distributed digital twin identifier, and at least one measured physical and / or chemical property of the product, and / or at least one physical and / or chemical property determined from collected data associated with the production and / or use of the product, and the apparatus comprises one or more computing nodes, and when executed by one or more computing nodes, the apparatus provides, Receiving a request from a distributed data consumption network node to access a digital twin or a portion thereof, wherein the request includes a distributed digital twin identifier and a distributed participant identifier associated with the relevant distributed data consumption network node. Determining access policy data generated by an apparatus, system, or according to a computer implementation method disclosed herein (based on a distributed digital twin identifier included in the received request), Based on the distributed participant identifier and access policy data included in the received request, determine that the participant is a member of at least one access control group permitted to access the digital twin data structure, and that the participant is permitted to interact with the digital twin data structure when accessing it, and accordingly, The present invention relates to an apparatus comprising: one or more computer-readable media on which computer-executable instructions are recorded that are structured to cause a distributed data consumption network node to perform the steps of: granting access to a digital twin data structure in accordance with access policy data; and
[0012] In a further aspect, the Disclosure relates to a computer implementation method for controlling access by a distributed data consumption network node associated with a participant in a distributed network to a digital twin of a physical entity of a product, wherein the digital twin comprises a digital twin data structure having a tree structure including a root node and a plurality of nodes, optionally including one or more leaf nodes, the digital twin data structure comprises a distributed digital twin identifier, and at least one measured physical and / or chemical property of the product, and / or at least one physical and / or chemical property determined from collected data associated with the production and / or use of the product, and the method - A distributed data provision network node receives a request from a distributed data consumption network node to access a digital twin or a portion thereof, wherein the request includes a distributed digital twin identifier and a distributed participant identifier of a distributed network participant associated with the distributed data consumption node. Accessing access policy data associated with a digital twin based on a distributed digital twin identifier, wherein the access policy data identifies one or more access control groups associated with the digital twin data structure, membership in the access control groups indicating that a distributed network participant is permitted to access the digital twin data structure, and membership in the access control groups that is independent of participant access data associated with one or more nodes present in the digital twin data structure and indicates how a distributed network participant may interact with the digital twin data structure when accessing the digital twin data structure. Based on the distributed participant identifier and access policy data included in the received request, determine that the distributed network participant is a member of at least one access control group that is permitted to access the digital twin data structure, and accordingly, This relates to computer implementations, including granting distributed data consumption network nodes access to a digital twin data structure in accordance with access policy data.
[0013] In a further aspect, the Disclosure relates to an apparatus for controlling access to a digital twin of a product's physical entity by a distributed data consumption network node associated with a participant in a distributed network, wherein the digital twin comprises a structure having a tree structure including a root node and a plurality of nodes, optionally including one or more leaf nodes, the digital twin data structure comprising a distributed digital twin identifier, and at least one measured physical and / or chemical property of the product, and / or at least one physical and / or chemical property determined from collected data associated with the production and / or use of the product, and the apparatus comprises one or more computing nodes, and when executed by one or more computing nodes, the apparatus provides, · In a distributed data providing network node, receiving a request to access a digital twin or a part thereof from a distributed data consuming network node, the request including a distributed digital twin identifier and a distributed participant identifier of a distributed network participant associated with the distributed data consuming node, and · Accessing access policy data associated with the digital twin based on the distributed digital twin identifier, the access policy data identifying membership in one or more access control groups associated with the digital twin data structure, membership in an access control group indicating that a distributed network participant is permitted to access the digital twin data structure, and independent of participant access data associated with one or more nodes existing within the digital twin data structure, and identifying membership in an access control group indicating how a distributed network participant can interact with the digital twin data structure upon access to the digital twin data structure, and · Based on the distributed participant identifier and the access policy data included in the received request, determining that the distributed network participant is a member of at least one access control group permitted to access the digital twin data structure, and accordingly · Permitting access to the digital twin to the distributed data consuming network node according to the access policy data, one or more computer-readable media having recorded thereon computer-executable instructions structured to cause performance of the steps consisting of:
[0014] In a further aspect, the present disclosure is a computer-implemented method for processing a digital twin or a part thereof of a physical entity of a product, the digital twin including a digital twin data structure comprising a plurality of nodes including a root node and optionally one or more leaf nodes, the digital twin data structure including a decentralized digital twin identifier, and at least one measured physical and / or chemical property of the product, and / or at least one physical and / or chemical property determined from collected data associated with the production and / or use of the product, the method comprising · collecting the digital twin or a part thereof by a decentralized data consumption network node from an apparatus for controlling access or via a computer-implemented method for controlling access as disclosed herein; · processing the collected digital twin; · providing an output based on the processing, relating to a computer-implemented method.
[0015] In a further aspect, the present disclosure is a computer-implemented method for controlling access by a decentralized data consumption network node associated with a participant of a decentralized network to a digital twin or a part thereof of a physical entity of a product using a digital access element associated with the product, the digital twin including a digital twin data structure comprising a plurality of nodes including a root node and optionally one or more leaf nodes, the digital twin data structure including a decentralized digital twin identifier, and at least one measured physical and / or chemical property of the product, and / or at least one physical and / or chemical property determined from collected data associated with the production and / or use of the product, the method comprising · providing a digital access element including a decentralized passport identifier and digital twin location data, the decentralized passport identifier being the decentralized digital twin identifier or associated therewith; The present invention relates to a computer implementation method that provides access to a digital twin or a portion thereof, which is controlled by the devices disclosed herein or via the computer implementation methods disclosed herein, based on the provided digital access elements, distributed digital twin identifiers, and distributed participant identifiers associated with distributed data consumption network nodes requesting access to the digital twin or a portion thereof.
[0016] In a further embodiment, the Disclosure relates to a computer element, such as a computer-readable storage medium containing instructions, a computer program, or a computer program product, wherein, when the instructions are executed by a computing node or computing system, the instructions instruct the computing node or computing system to perform steps of a computer implementation method disclosed herein.
[0017] In a further aspect, the Disclosure relates to computer elements such as computer-readable storage media, computer programs, or computer program products that, when executed by the apparatus or system disclosed herein, include instructions that instruct the apparatus or system to perform steps configured to be performed by the apparatus or system disclosed herein.
[0018] Any disclosures, embodiments, and examples described herein relate to the methods, systems, apparatus, digital twins, products, and computer elements described above and below. Advantageously, any benefits derived from any embodiment and example also apply to all other embodiments and examples.
[0019] Embodiment The methods, apparatus, digital twins, products, and computer elements disclosed herein provide an efficient, secure, and robust method for sharing or exchanging data associated with a product across different distributed network nodes associated with different participants in a product ecosystem, including chemical products, under the control of a distributed data-serving network node associated with the data owner of the digital twin data structure. A party controlling the distributed data-serving network node, such as the data owner of the digital twin data structure, can therefore control access to the digital twin data structure via the distributed data-serving network node using a distributed participant identifier associated with a distributed data-consuming network node requesting access to the digital twin data structure, and a distributed digital twin identifier associated with the digital twin being accessed.
[0020] By filtering distributed data consumption network nodes that request access to digital twin data structures based on group-based policies for accessing digital twins, digital twin data structures can be securely exchanged and shared under the control of the data owners of the digital twin data structures, and unauthorized access to digital twin data structures by distributed network participants via the relevant distributed data consumption network nodes can be avoided. This enables controlled access to the digital twin or a portion thereof by further upstream participants in the product ecosystem. Furthermore, access to the digital twin or a portion thereof by multiple distributed data consumption network nodes associated with different consumers of different products produced by different participants in the production ecosystem can be controlled via distributed data delivery services using group-based policies and distributed digital twin identifiers.
[0021] Group-based access policies can be defined by the data owner of the digital twin data and may include one or more groups of decentralized network participants who are permitted to access the digital twin data structure. Decentralized network participants associated with such groups may then be able to access the digital twin data structure, while all other decentralized network participants may be denied access to the digital twin data structure. Thus, access to the digital twin data structure can be permitted and / or denied to defined groups of decentralized network participants. This group-based access control technique enables the rapid and efficient granting or revoking of access to the digital twin data structure for defined decentralized network participants. By combining group-based access control with granular access control associated with one or more nodes included in the digital twin data structure, once a decentralized network participant is permitted to access the digital twin data structure, the actions of that decentralized network participant permitted to access the digital twin data structure under group-based access control can be finely controlled. This makes it possible to manage who can access the digital twin data structure without compromising the ability to control what actions those decentralized network participants may take once they have access to the digital twin data structure. This allows for easy management of access to the digital twin data structure through group-based access control, without the need to coordinate the actions that distributed network participants are permitted to perform on the digital twin data structure.
[0022] By using group-based access in combination with granular access control at the node level, it is possible to avoid the creation of multiple copies of the digital twin data structure, each customized for the access rights associated with the distributed network participant permitted to access the digital twin data structure. Thus, access can be controlled at the node level of the digital twin data structure, and the amount of data associated with the digital twin can be reduced by making the creation of multiple copies of the digital twin data structure redundant.
[0023] Linking access policy data to the product's digital twin can avoid generating different digital twins for different participants in a distributed network based on participant access data, while ensuring that access to the data contained in the digital twin is controlled in a reliable and secure manner. In this way, the generation of numerous digital twins for a single product can be avoided, thereby reducing the amount of resources required to generate, manage, and update digital twins.
[0024] The following outlines several embodiments of this disclosure as examples. It should be understood that this disclosure is not limited to the above embodiments and / or examples.
[0025] A digital twin of a product can be a digital representation of the physical entity of a product, possessing a defined semantic description of the product's physical entity. Therefore, a digital twin of a product's physical entity is a digital version of the physical entity. Once created, a digital twin can be used to represent the product's physical entity in a digital representation of a real-world system. A digital twin can be uniquely linked to a physical product, at least via a distributed digital twin identifier. A digital twin can be created to be identical to the form and behavior of the corresponding product. In addition, a digital twin can reflect the characteristics of the product throughout its lifecycle. For example, a sensor may capture real-time (or near real-time) data, such as transport or usage data, from a physical product and relay it to a remote digital twin. The digital twin can then be updated to maintain its correspondence with the product's physical entity. Therefore, a digital twin can represent the current state of the product's physical entity at any given time. A digital twin may include a distributed digital twin identifier. A distributed digital twin identifier may be associated with the physical entity of the product to which the digital twin is related. A distributed digital twin identifier may be associated with the physical entity of the product from which the digital twin is generated. A distributed digital twin identifier may be associated with a distributed identifier of the chemical materials used to produce a product. The distributed identifier may be associated with products, components, component assemblies, and / or final products produced using the product. This enables tracking of products within the value chain. A distributed digital twin identifier may be or may be assigned to a physical identifier associated with a product. The physical identifier may be any identifier of a produced product, such as a batch number or part number. The physical identifier may include, but is not limited to, passive or active elements, such as barcodes, QR codes (registered trademarks), or RFID tags. The physical identifier may include markers embedded in the material or a similar physical arrangement that enable digital identification of the product. The digital twin may further include a product identifier.
[0026] A digital twin can be generated by a distributed participant node. A distributed participant node can communicate with a distributed data provider network node. A distributed participant node can be associated with a distributed data provider network node. A digital twin can be generated by the data owner of a digital twin data structure. The data owner of a digital twin data structure can be a producer that produces a product. The data owner of a digital twin data structure can be a legal entity that operates the production that produces the product. The data owner of a digital twin data structure can be a natural person that operates the production that produces the product. A digital twin can be generated on behalf of the data owner of a digital twin data structure. For example, a digital twin can be generated by a third party based on services provided to the data owner by the third party.
[0027] A digital twin may include a digital twin data structure having a tree structure. The tree structure may include a root node and optionally one or more leaf nodes. The tree structure may include multiple nodes, each containing a root node and one or more leaf nodes. The tree structure may further include one or more intermediate nodes. The root node may be the parent of each set of one or more children in the tree structure, and may not be a child node (e.g., it may not be associated with a parent node). Leaf nodes may be child nodes, but may not be parent nodes. Intermediate nodes may be child nodes of the root node or another intermediate node, but may not be leaf nodes. Therefore, the children of the root node can be either leaf nodes or intermediate nodes. Intermediate nodes may then have children such as leaf nodes or other intermediate nodes. A collection of intermediate nodes and / or child nodes may be considered a sub-data structure of the digital twin data structure. The tree structure of the digital twin data structure or sub-data structure may be inherited from the data model used to generate the digital twin data structure. For example, a digital twin data structure can be generated using a single data model with a tree structure (for example, by applying the data model to product data associated with a product). In another example, a digital twin data structure containing at least two sub-data structures can be generated using at least two different data models (for example, each sub-data structure is obtained by applying its respective data model to product data). At least one of the data models may contain a tree structure. In this case, the digital twin data structure can be considered a tree structure containing at least two sub-data structures obtained from at least two different data models used to generate the digital twin data structure. A node may contain one or more datasets. Such a dataset may contain one or more key-value pairs. Key-value pairs may contain the physical and / or chemical properties of each product (for example, where the key represents each property and the value represents the value of each property).
[0028] The digital twin data structure may further include other distributed product identifiers according to the physical relationships between the product entity and other physical entities, such as things produced using the product or things produced from the product. In this way, distributed participant nodes in a distributed network may be able to interpret the relationships between distributed digital twin identifiers corresponding to the physical relationships of a physical chemical product entity to other physical entities.
[0029] A physical entity may relate to a physical embodiment of a product. A physical entity may be any product in a product ecosystem. A physical entity of a product may be a raw material or basic substance, a chemical product, a chemical material, a chemical composition, a chemical mixture, a component, a component assembly, a final product, or a combination thereof. A product ecosystem may include multiple participants such as suppliers of raw chemical products, chemical product producers, component producers, component assembly producers, final product producers, final product users, and / or participants in the recycling chain associated with the final product, such as used product collectors and / or recyclers.
[0030] A distributed data-serving network node may contain computer executable instructions for serving and / or processing data within the distributed network, such as a digital twin of a product (e.g., a digital twin data structure) by a distributed data-consuming network node. A distributed data-serving network node may be associated with or connected to one or more dedicated data storages that store the digital twin data structure. A distributed data-serving network node may be directly or indirectly connected to the data storage that stores the digital twin data structure. Thus, a distributed data-serving network node may be associated with a digital twin data structure. The dedicated data storage may be under the control of the data owner of the digital twin data structure. The data owner may have access to the dedicated data storage. The data owner may control access to the dedicated data storage, for example, via a distributed data-serving network node. The dedicated storage may store a digital twin of a product for access by a consumer of the product (e.g., a product consumer). A product consumer may be associated with a distributed data-consuming network node.
[0031] A distributed data consumption network node may include computer executable instructions for accessing and / or processing data within the distributed network, such as a digital twin data structure provided by a distributed data provision network node. A distributed data consumption network node may be controlled or owned by, or associated with, a consumer of a product. A consumer may be any entity that processes a product. A consumer may be any entity that operates a production configured to process a product. Processing may include using the product to produce further chemical products, parts, components, assemblies, or final products. Processing may include performing one or more recycling steps on the final product. A consumer may be an upstream participant in the product ecosystem to which the produced product is associated, for example, in which the product is used. For example, a consumer may be an individual product processor, such as an individual product producer or a participant in the recycling process of an individual product. An individual product may be a finished product, for example, a distinct item that is easily identifiable by count. Examples of individual products include automobiles, airplanes, and shoes. An individual product may be disassembled at the end of its lifecycle so that its components can be recycled. A consumer may receive a product from an entity that produces the product, such as a product producer. Through distributed data consumption network nodes, consumers of a product can access the digital twin or a portion thereof associated with the supplied product, and thus improve production or recycling by using the accessed digital twin data structure. For example, the accessed data may be used to improve the characteristics of the resulting further product, components, or individual products, or to improve overall production efficiency. In another example, the accessed digital twin data structure associated with the supplied product may be used to control production involving the supplied product. In yet another example, the accessed digital twin data structure may be used to reliably determine the composition of the recycled components or the final product, and thus improve recycling efficiency by determining the correct recycling process, recycling parameters, recycling plant, etc.
[0032] A decentralized network can be a decentralized peer-to-peer communication network. A decentralized network may include participant network nodes associated with participants in a product ecosystem and may be configured to perform data transactions. Decentralized participant nodes may include network nodes in the decentralized network. Network nodes associated with participants in a product ecosystem may be associated with raw material chemical suppliers, chemical producers, component producers, component assembly producers, final product producers, final product users, used product collectors, and / or recyclers. Data transactions may be based on a transaction protocol that includes authentication and / or authorization mechanisms. Based on the authentication and / or authorization mechanisms, peer-to-peer communication may be established between decentralized network nodes associated with participants in the product ecosystem. One or more authentication mechanisms may be associated with or linked to decentralized digital twin identifiers and / or decentralized passport identifiers. One or more authentication mechanisms associated with decentralized digital twin identifiers and / or decentralized passport identifiers may be accessible by decentralized data providing network nodes and / or decentralized data consuming network nodes. The decentralized configuration enables more efficient use of computing resources and enhances control by data owners.
[0033] A distributed data provider network node and one or more distributed data consumer network nodes may be part of a distributed network. Distributed data consumer network nodes and distributed data provider network nodes may be considered distributed participant nodes of a distributed network.
[0034] A distributed digital twin identifier and / or distributed passport identifier may include digital twin data and any unique identifiers optionally uniquely associated with the data owner of the digital twin data. A distributed digital twin identifier and / or distributed passport identifier may connect the physical entity of a product to a digital twin data structure. A distributed digital twin identifier and / or distributed passport identifier may include one or more universally unique identifiers (UUIDs) and / or one or more decentralized identifiers (DIDs). One or more DIDs and / or UUIDs may be associated with a digital twin and / or digital twin data structure. One or more DIDs and / or UUIDs may be further associated with a product. For example, a distributed digital twin identifier and / or distributed passport identifier may include a digital twin identifier associated with a digital twin, and one or more digital twin data identifiers associated with sub-data structures residing within the digital twin data structure. A sub-data structure may include one or more intermediate nodes and / or one or more leaf nodes. Nodes in a sub-data structure can be considered child nodes of the root node of a digital twin data structure. A distributed digital twin identifier and / or distributed passport identifier may further include a product identifier associated with the product. Any combination of UUIDs and DIDs is possible. For example, a distributed digital twin identifier and / or distributed passport identifier may be a DID, while a digital twin data identifier may be a UUID. In another example, a distributed digital twin identifier and / or distributed passport identifier, as well as a digital twin data identifier, may be a UUID. A distributed digital twin identifier and / or distributed passport identifier may be associated with any participant in the product ecosystem, including biochemical product suppliers, chemical product producers, component producers, component producers, component assembly producers, final product producers, used product collectors, and / or recyclers.A distributed digital twin identifier and / or distributed passport identifier may be associated with a machine, system, or device used in the production of raw materials, basic materials, parts, components, component assemblies, final products, or recycled materials, or with a collection of such machines, devices, and / or systems. A distributed digital twin identifier and / or distributed passport identifier may be issued by a central or distributed identity information issuer. A distributed digital twin identifier and / or distributed passport identifier may be generated by the data owner or on behalf of the data owner of the digital twin data structure. A distributed digital twin identifier and / or distributed passport identifier may include authentication information. Access to the digital twin data structure may be controlled by the data owner of the digital twin data structure through the distributed digital twin identifier and / or distributed passport identifier, as well as the digital twin data structure of the digital twin associated with the product, and optionally its unique association with the data owner of the digital twin data structure. This is in contrast to a centralized authority scheme in which identifiers are provided by such a centralized authority and access to data is controlled by such a centralized authority. In this context, "decentralized" refers to the use of decentralized digital twin identifiers and / or decentralized passport identifiers in implementations where they are controlled by the data owner associated with the decentralized digital twin identifier and / or decentralized passport identifier. Decentralized digital twin identifiers and / or decentralized passport identifiers can be digital or virtual identifiers and may not correspond to, for example, physical identifiers physically attached to a product.
[0035] A decentralized participant identifier may include any identifier uniquely associated with a participant in a decentralized network and / or a production site of a participant in a decentralized network. A participant in a decentralized network may be a consumer of a product and, for example, consume a product received from or supplied by a product producer. A production site of a participant in a decentralized network may use the received / supplied product to produce further products such as further chemical products, parts, components, component assemblies, and / or final products. A production site of a participant in a decentralized network may use the received / supplied product to perform one or more recycling steps on the product. A decentralized participant identifier may include letters and / or numbers. A decentralized participant identifier may include one or more universally unique identifiers (UUIDs) and / or one or more decentralized identifiers (DIDs). A decentralized participant identifier may be associated with or include verifiable claims or credentials. Verifiable claims may be issued by a central or decentralized identity issuer that creates one or more claims relating to a subject, such as a consumer entity that is a trusted participant in a decentralized network. For example, an issuer may make claims relating to consumers (e.g., customer entities) to which a DID as a distributed participant identifier is associated. Verifiable claims may include those claims, as well as orders of proof to prove that the claims have not been tampered with and were actually issued by the claim issuer. Verifiable claims may also include duration information metadata that defines the period for which the verifiable claim is valid for use, or the specific number of times the verifiable claim is authorized for use. Verifiable claims may also include the DID of the subject, such as the claim issuer and / or consumer entities. Verifiable claims may be signed by the claim issuer. The claim issuer may provide verifiable claims to claim holders, such as consumer entities, for presentation to any relying party that relies on the truthfulness of those claims, such as a distributed data provider.The signature of a verifiable claim can be verified using a public key associated with the claim issuer to determine that the customer entity is a trusted entity within the decentralized network. Verifiable credentials can be presented by decentralized data consumption network nodes and used by decentralized data provision network nodes to verify that the decentralized participants associated with the decentralized data consumption network nodes are trusted entities within the decentralized network before providing access to the digital twin data structure, thus ensuring that the digital twin data structure can be exchanged in a secure and controlled manner within the decentralized network. Decentralized participant identifiers may differ from data associated with products produced from one or more input materials. In contrast to product-related data, which may not be unique within the decentralized network, decentralized participant identifiers are unique within the decentralized network. Therefore, decentralized participant identifiers enable the unique identification of participants and / or the locations of participants in the decentralized network. Decentralized participant identifiers can be generated by centralized or decentralized nodes in the decentralized network. Decentralized participant identifiers can be provided to all participants in the decentralized network. Decentralized participant identifiers can be associated with the names of participants in the decentralized network. A decentralized participant identifier can be associated with the name of a site, such as a production site, for a participant in a decentralized network. In this context, decentralized refers to the use of a decentralized participant identifier in an implementation form that is controlled by decentralized data consumption network nodes associated with the decentralized participant.
[0036] Chemical properties can be characteristics of a product that become apparent during or after a chemical reaction. Therefore, chemical properties can be any quality that can only be established by altering the chemical identity of a product. Examples of chemical properties include heat of combustion, enthalpy of formation, toxicity, chemical stability in a given environment, flammability, oxidation state, corrosiveness, combustibility, acidity and basicity, chemical composition, content of recyclables used to produce or manufacture the product, content of bio-based materials used to produce or manufacture the product, content of renewable materials used to produce or manufacture the product, and / or pH value.
[0037] Physical properties can be any measurable property. Therefore, the values of physical properties describe the state of a product. Examples of physical properties include absorption, brittleness, boiling point, capacitance, color, concentration, density, ductility, distribution, effectiveness, elasticity, charge, conductivity, electrical impedance, potential, flow rate, fluidity, hardness, heat capacity, inductance, intrinsic impedance, brightness, luminescence, gloss, mass, melting point, opacity, transmittance, dielectric constant, plasticity, pressure, radiance, resistivity, reflectivity, refractive index, solubility, specific heat, strength, stiffness, temperature, tension, thermal conductivity, thermal resistance, viscosity, volume, and / or wave impedance.
[0038] In one embodiment, the measured at least one physical and / or chemical property is acquired by a sensor configured to measure physical and / or chemical properties. The sensor may be included in a measuring device. The sensor may correspond to a measuring device. For example, the physical and / or chemical property may include properties provided by a sensor in a mobile device such as a camera, or by a measuring device configured to measure at least one physical and / or chemical property.
[0039] In one embodiment, data associated with the production of a product is collected before, during, and / or after the production of the product. The collected product data may be used to determine at least one physical and / or chemical characteristic of the produced product. For example, product emission data may be determined based on product data collected during the production of the product. Data associated with the production of a product may include production data from the production of the product. Data associated with the production of a product may include monitoring and / or control data associated with the production of the product.
[0040] In one embodiment, data associated with the use of a product is collected via at least one identifier associated with the product. The data may be collected before, during, or after the use of the product. The collected data may include at least one measured physical and / or chemical property of the used product. The measured physical and / or chemical property may include the chemical and / or physical properties described above. The data may be collected using a suitable sensor configured to measure the chemical and / or physical property. The sensor data may be correlated with an identifier associated with the product. The chemical and / or physical property determined from the sensor data may be correlated with an identifier associated with the product. The identifier may be a product identifier. The identifier may be a distributed digital twin identifier. The distributed digital twin identifier may be linked to other distributed product identifiers according to the physical relationship between the chemical product entity and other physical entities, for example, things produced using or from the chemical product. Linking the distributed digital twin identifier with other distributed product identifiers makes it possible to determine the distributed participant nodes that store the collected data associated with the use of the product or the determined physical and / or chemical property. The collected data and / or determined chemical and / or physical properties may be provided by distributed participant nodes and stored in the digital twin. For example, a new sub-data structure may be generated by applying a data model associated with product use to the collected data and / or determined properties, and the new sub-data structure may be used to update the digital twin data structure, for example, by attaching it to the root node of the digital twin data structure as a child node of the root node.
[0041] In one embodiment, the product is a chemical product. A chemical product may be obtained from at least one chemical reaction using one or more chemical input materials. The chemical reaction may include any chemical reaction well known in the art in which reactants are converted into one or more different chemical products. The chemical reaction may involve the use of catalysts, enzymes, bacteria, etc., to achieve the chemical reaction between the reactants. A chemical product may include a natural chemical product. A natural chemical product may include any chemical substance produced naturally without human interaction or intervention, i.e., any untreated chemical substance found in nature, such as plants, microorganisms, animals, the earth and the sea, or any chemical substance found in nature and extracted using a process that does not alter its chemical composition. A natural chemical product may include biologics such as enzymes and naturally occurring inorganic or organic chemical products. A natural chemical product may be separated and purified before use, or may be used in an unseparated and / or unpurified form. A chemical product may be a synthetic chemical product. A synthetic chemical product may include a chemical product produced by human interaction or intervention. A synthetic chemical product may be produced by the same or different chemical reactions that occur naturally. A chemical product may include raw materials. Chemical products may include chemical materials produced by reacting at least two raw materials. Chemical products may be chemical intermediates. Chemical products may include components. Chemical products may include component assemblies. Chemical products may include final products.
[0042] Chemical products may be produced by chemical production from one or more chemical input materials. Chemical input materials may include raw materials, intermediate chemical products, or chemical products received from suppliers. Chemical production may be a chemical production network comprising multiple interconnected processing steps. A chemical production network may be an integrated chemical production network having production chains that are related to one another. A chemical production network may comprise multiple different production chains having at least one common intermediate product. A chemical production network may comprise multiple stages of a chemical value chain. A chemical production network may comprise multiple production chains that produce chemical products as outputs from one or more input materials as inputs. A chemical production network may comprise multiple hierarchies of a chemical value chain. A chemical production network may comprise a configuration of physically interconnected production sites. Production sites may be in the same location or in different locations. In the latter case, production sites may be interconnected by dedicated transport systems such as pipelines, supply chain vehicles such as trucks, supply chain ships, or other means of freight transport. Chemical production may be controlled by an operational system. An operational system may be configured to perform the methods disclosed herein. The operating system may include the apparatus and systems disclosed herein. The chemical product may have a physical identifier. The physical identifier may be present on the packaging of the produced chemical product. The physical identifier may be a code such as a QR code or embossed code, or an NFT tag. The physical identifier may be assigned to a distributed identifier of a digital twin to uniquely link the digital twin, and therefore the digital twin data, to the physical entity of the chemical product.
[0043] In one embodiment, the digital twin data structure further includes product name, product declaration data, product safety data, certificate of analytical data associated with the product, certificate associated with the product, or a combination thereof. The digital twin data structure may include different sub-data structures as described above. At least one sub-data structure may include data required by regulation or regulatory data for a chemical substance. Such a sub-data structure may include chemical product declaration data, chemical product safety data, and certificate of analytical data. At least one sub-data structure may include emission data, recyclable content data, bio-based content data, and / or at least one physical and / or chemical property determined from collected data associated with the production of the product. Each sub-data structure may include one or more nodes (e.g., intermediate nodes and / or leaf nodes). At least some of the nodes may be leaf nodes. Sub-data structures may be linked to a root node and thus may represent child nodes of the root node. At least some of the nodes may be associated with participant access data. The participant access data associated with at least some of the sub-data structures may be different from one another. This allows for a more granular definition of access to the digital twin data structure, thereby improving security and preventing unwanted access by unauthorized, distributed data consumption services to sub-data structures containing more sensitive information, such as product composition.
[0044] Emission data may include any data related to the environmental footprint. The environmental footprint may refer to an entity and its associated environmental footprint. The environmental footprint may be entity-specific. For example, the environmental footprint may relate to a product, a company, a process such as a production process, raw materials or basic substances, chemical products or materials, components, component assemblies, finished products, recycled materials, combinations thereof, or additional entity-specific relationships. Emission data may include data related to the carbon footprint of a chemical product or product carbon footprint (PCF). Emission data may include data related to greenhouse gas emissions released in the production of a chemical product, for example. Emission data may include data related to greenhouse gas emissions. Greenhouse gas emissions may include emissions such as carbon dioxide (CO2) emissions, methane (CH4) emissions, nitrous oxide (N2O) emissions, hydrofluorocarbon (HFC) emissions, perfluorocarbon (PFC) emissions, sulfur hexafluoride (SF6) emissions, nitrogen trifluoride (NF3) emissions, combinations thereof, and additional emissions. Emissions data may include data related to greenhouse gas emissions from the entity's or firm's own operations (production, power supply to plants, and waste incineration). Scope 2 may include emissions from externally supplied energy production. Scope 3 may include all other emissions along the value chain. Specifically, this may include greenhouse gas emissions from raw materials obtained from suppliers. Product carbon footprint (PCF) can sum up greenhouse gas emissions and removals from a series of interconnected processes relating to a particular product. Cradle-to-gate PCF can sum up greenhouse gas emissions based on selected process steps, for example, from resource extraction to the factory gate where the product leaves the firm. Such a PCF may be called a partial PCF. To achieve such a sum, each firm providing any product may provide Scope 1 and Scope 2 contributions to the PCF of each product.
[0045] Recycled content data, bio-based content data, and renewable material content data may include any data relating to the recycled content, bio-based content, or renewable material content used to produce or manufacture the physical entity of the product.
[0046] In one embodiment, a digital twin data structure may include at least two different measured and / or determined physical and / or chemical properties present in different datasets. Data points and / or datasets within different sub-data structures may overlap. Sub-data structures may correspond to data structures acquired when applying an embodiment model to collected data associated with the physical entities of a product, as described above. Sub-data structures may include values and / or value ranges defined in the data model used to generate each sub-data structure. The data model used to generate the sub-data structures may include a tree structure that can be inherited by each sub-data structure when it is generated. This ensures that each sub-data structure has a defined structure and includes defined datasets and / or data points, thus simplifying data exchange and the processing of exchanged data regarding products.
[0047] In one embodiment, a distributed data-providing network node is associated with a data owner of a digital twin and / or digital twin data structure. The data owner may include an entity that generates the digital twin. The data owner may include any entity that generates the digital twin data structure. A data generation node may be coupled to an entity that produces or owns the physical entity of a product from which the twin data structure is generated or for which it is generated. The digital twin data structure may be generated by a third-party entity on behalf of an entity that produces or owns the physical entity of a product from which the twin data structure is generated or for which it is generated. The data owner may be a product producer. The data owner may therefore directly or indirectly own the digital twin and the digital twin data structure. The digital twin and the digital twin data structure may be stored in the data owner's database or associated with the data owner. The digital twin and the digital twin data structure may be stored in the data owner's database or under the control of the data owner. The digital twin and the digital twin data structure may be stored in a database accessible by the data owner. The data owner may control access to the digital twin and the digital twin data structure, for example, through a distributed data-providing network node associated with the data owner. Digital twins and digital twin data structures can be associated with a data owner. In this sense, a data owner should be broadly interpreted as an entity that has access to digital twins and digital twin data structures and controls access to the digital twin or a portion thereof by data consumption services of a distributed network via distributed data provision network nodes.
[0048] In one embodiment, group access data is generated based on a digital twin identifier and associated attribute data related to a distributed network participant. A distributed network participant may include participants in a product ecosystem. A distributed network participant may be associated with each distributed participant node that enables peer-to-peer communication within the distributed network. Attribute data may be associated with or include the role of a distributed network participant. Roles may include raw material supplier roles, chemical product producer roles, chemical product consumer roles, OEM roles, end product user roles, dismantler roles, recycler roles, etc. Roles may be associated with actions performed by distributed network participants within the product ecosystem. Group access data is, • Collecting data on participants in a decentralized network, • Create at least one access control group, • Assign at least a portion of the distributed participant identifiers contained in the collected data to at least one generated access control group, • To provide a distributed digital twin identifier included in the digital twin, This can be generated by generating access group data which includes a provided distributed digital twin identifier and at least one group access policy that defines the generated access control group that is permitted to access the digital twin data structure.
[0049] By using a distributed digital twin identifier during the generation of group access data, it becomes possible to link the generated group access data to a digital twin. Therefore, the digital twin data structure of the group access data is applied to the digital twin data structure when a request to access the digital twin data structure is received from a distributed participant node.
[0050] In one embodiment, group access data includes a collection of one or more distributed participant identifiers associated with a distributed network participant permitted to access a digital twin data structure. The collection may correspond to a package of distributed participant identifiers. The group access policy may include data indicating an access control group and related data indicating that access to the digital twin data structure associated with the distributed digital twin identifier is permitted. The data indicating an access control group may include a package of distributed participant identifiers. The data indicating an access control group may include the identifier and / or name of the access control group. The data indicating that access is permitted may include a classifier such as "permitted" or "not permitted".
[0051] In one embodiment, membership in one of the access control groups indicates that a distributed network participant associated with a distributed participant identifier is permitted to access the digital twin data structure associated with that access control group. By using group access data, distributed data consuming network nodes that can access the digital twin data structure can be filtered. For example, a distributed data consuming network node associated with a distributed network participant, and therefore a participant identifier included in one or more access control groups permitted to access the digital twin data structure, may be permitted to access the digital twin data structure, while a distributed participant identifier not included in an access control group permitted to access the digital twin data structure may not be permitted to access the digital twin data. Thus, access to the digital twin data structure can be controlled by access control groups regardless of the permissions of the distributed network participant who accesses the data structure and interacts with the digital twin data structure. This enables efficient, secure, and reliable management of access rights to the digital twin data structure, thus preventing unauthorized access to the digital twin data structure and improving security.
[0052] In one embodiment, membership in one of the access control groups is independent of participant access data associated with a distributed network participant via an associated distributed participant identifier contained in the participant access data. Thus, access to the digital twin data structure can be managed independently of participant access data that controls permitted interactions with one or more nodes contained in the digital twin data structure. Because access control to the digital twin data structure is defined by access control groups, if a participant loses access to the digital twin data structure, the group access data allows data owners to ensure data security by circumventing old permissions that allowed distributed network participants to access and / or manipulate the digital twin data structure. This makes it possible to easily and reliably manage access to the digital twin data structure without having to check access rights to one or more nodes present in the digital twin data structure, ensuring that unauthorized distributed network participants cannot access the nodes of the digital twin data structure.
[0053] In one embodiment, generating participant access data includes generating access control list data which includes at least one access control list entry, the at least one access control list entry which includes a distributed participant identifier associated with a distributed network participant who is permitted to access one or more nodes residing in the digital twin data structure, each node to which the distributed network participant is permitted to access, and one or more actions permitted to be performed on the nodes to which access is permitted. Actions permitted to be performed on the nodes may include actions permitted to be performed on datasets contained within the nodes, such as key-value pairs contained within the nodes. The access control entry may further include one or more actions permitted to be performed on data points residing within the nodes. Access control list entries may be generated for at least a portion of the data points residing in the digital twin data.
[0054] Generating access control list data may involve collecting product-related data, which may include a collection of consumer identifiers associated with the product's consumers. The collected product-related data may be mapped to each distributed participant identifier included in the access control group based on a relational expression in which the product-related data is associated with distributed participant identifiers accordingly. The relational expression may specify consumers associated with a product and / or products associated with consumers. The relational expression may specify consumers based on consumer identifiers, such as consumer identifiers included in the product-related data, and associated distributed network identifiers, such as distributed network identifiers included in the access control group. The relational expression may correspond to a data structure that includes relationships between products, consumer identifiers, and distributed participant identifiers.
[0055] In one embodiment, generating participant access data includes selecting, for one or more nodes, at least one distributed participant identifier from the distributed participant identifiers contained in the generated group access data that is permitted to access and interact with one or more nodes. Interaction may include performing one or more actions for each node.
[0056] In one embodiment, one or more nodes include emission data, recyclable content data, bio-based content data, occurrence data, working conditions data, product composition data, material safety data, analytical data certificates, data associated with product production, product-related certificate data, product-related regulatory information data, data associated with product transportation, data associated with product use, measured and / or determined chemical and / or physical properties of the product, or a combination thereof.
[0057] In one embodiment, one or more actions include read operations, modify operations, update operations, delete operations, create operations, operations involving further processing of data contained in a node by a data processing system associated with a participant in a distributed network, or a combination thereof.
[0058] In one embodiment, one or more actions are associated with a specific location, the location is associated with a jurisdiction, and one or more actions are associated with legal requirements relating to the supply of a product, particularly a chemical product. The location may be the location of a distributed data consumption network node. The location may be the location of a distributed data supply network node. The location may be the location of a distributed network participant associated with a distributed data consumption network node. The location may be the location of a distributed network participant associated with a distributed data supply network node. The location may be the location of an entity operated by a distributed network participant. The location may be determined based on a distributed participant identifier.
[0059] In one embodiment, one or more actions are associated with at least one regulatory requirement for the supply of the product.
[0060] In one embodiment, one or more actions are associated with obligations of a distributed data consumption network node associated with each distributed participant identifier, and / or obligations of a distributed network node that uses a digital twin data structure accessed by a data consumption network node associated with each distributed participant identifier. Such obligations may include data transaction logging, usage policies for processing or using the accessed digital twin data structure, and mapping to access descriptions. Usage policies for processing or using the accessed digital twin data structure may include conditions for time limits on the use of the accessed digital twin data structure. For example, a usage policy may include duration data indicating the duration for which the digital twin data structure can be accessed by a distributed data consumption network node. After the duration has elapsed, the digital twin data structure can no longer be accessed by the distributed data consumption network node. Usage policies for processing or use may include one or more described processing rules regarding the processing of emission data, production data, recyclate content data, bio-based content data, origin data, labor conditions data, or combinations thereof by the distributed data consumption network node associated with the distributed participant identifier. A usage policy, including one or more predetermined processing rules, may be enforced by an application using the accessed digital twin data structure. A usage policy for processing or use may include obligations associated with the purpose for which the accessed digital twin data structure is permitted to be processed or used. For example, such a usage policy may define that the accessed digital twin data structure is used only in connection with emissions data calculations. A usage policy associated with a purpose may be enforced by an application using the accessed digital twin data structure. A usage policy may be attached to a digital twin data structure provided from a distributed data providing network node to a distributed data consuming network node.
[0061] By using participant access data, it is possible to define actions that decentralized network participants are permitted to perform on specific nodes within the digital twin data structure when accessing it. This ensures that only decentralized network participants associated with the decentralized participant identifier defined in the participant access data are permitted to perform the defined actions on that particular node. This avoids the creation of multiple copies of the digital twin data structure containing different nodes, ensuring that different decentralized network participants can only access and interact with the digital twin data structure they are permitted to access and interact with.
[0062] In one embodiment, access policy data includes computer executable instructions that enable access to a digital twin data structure, deny access to a digital twin data structure, modify access to a digital twin data structure, or perform one or more actions on a digital twin data structure.
[0063] In one embodiment, the access policy data includes a distributed digital twin identifier, a distributed participant identifier included in the access group data, a distributed participant identifier permitted to access one or more nodes present in each digital twin data structure, and one or more actions permitted to be performed on one or more nodes by the distributed participant node associated with the distributed participant identifier included in the participant access data.
[0064] In one embodiment, the access policy generator is further configured to link access policy data to a digital twin. Linking may include including a distributed digital twin identifier associated with the digital twin in the access policy data. Linking may also include associating identifiers included in the access policy data, such as an access policy data identifier, with a distributed digital twin identifier associated with the digital twin. Linking access policy data to a digital twin avoids the generation of different digital twins of chemical products for different participants in a distributed network associated with different participant access data.
[0065] In one embodiment, the access policy data generator is further configured to provide at least a portion of the generated access policy data to a distributed data delivery network node. The provided access data may be stored in a database on the distributed data delivery network node or associated with the distributed data delivery network node. Providing access policy data to the distributed data delivery network node allows the digital twin data structure to be stored separately from the distributed data delivery network node, thus ensuring a higher level of security as appropriate authentication and authorization schemes can be implemented for communication between the downstream database storing the digital twin data structure and the distributed data delivery network node. Furthermore, only a minimal amount of data is stored in the database associated with the distributed data delivery network node, thus reducing the risk of undesirable data leakage of the digital twin data structure associated with the manufactured product in the event that the contents of the distributed data delivery network node's database are accessed without authorization.
[0066] At least a portion of the access policy data may include group access data. Distributed data-serving network nodes may be configured to use group access data to filter distributed data-consuming network nodes authorized to access the digital twin data structure. Distributed data-serving network nodes may be configured to control access to the digital twin data structure based on the provided access policy data. Distributed data-serving network nodes may be associated with data owners of the digital twin or a portion thereof, such as sub-data structures. The data owner may be a product producer. The data owner may be one of the aforementioned data owners. Distributed data-serving network nodes may be directly or indirectly connected to one or more dedicated data storages that store the digital twin data structure. The dedicated data storage may be under the control of the data owner of the digital twin and / or the digital twin data structure. The data owner may have access to the dedicated data storage. The data owner may therefore control access to the digital twin data structure via the distributed data-serving network nodes based on the distributed digital twin identifier and associated access policy data. This allows the data owner to maintain complete control of the digital twin data structure, while simultaneously enabling the sharing of the digital twin data structure under controlled conditions by using the access policy data associated with the digital twin.
[0067] By combining group access data with participant access data, access to the digital twin data structure can be controlled at separate levels, ensuring that only authorized distributed network participants can access and interact with nodes present in the digital twin data structure, while avoiding the generation of multiple copies of the digital twin data structure. This ensures that each copy of the digital twin data structure contains only nodes that distributed participant nodes who are members of the relevant access control group are permitted to access and interact with. Therefore, distributed participant nodes who are members of the same access control group may be permitted to interact with different nodes present in the digital twin data structure without the need to generate multiple copies of the digital twin data structure containing different nodes. This makes it possible to control access to the digital twin data structure by distributed data-providing network nodes based on the distributed digital twin identifier and the requested action, by filtering distributed data-consuming network nodes that request access to the digital twin data structure based on the distributed participant identifier. The database storing the digital twin data structure may be configured to control interactions with one or more nodes based on participant access data.
[0068] In one embodiment of a computer implementation method for controlling access to a digital twin of a product's physical entity by a distributed data consumption network node associated with a distributed network participant, a request may be received based on a digital access element including a distributed passport identifier and digital twin location data associated with the product. The distributed passport identifier may correspond to or be associated with a distributed digital twin identifier contained in the digital twin. The digital twin location data may include a digital representation pointing to a distributed data provision network node associated with the digital twin. The digital twin location data may include a representation for accessing the digital twin or a portion thereof. The distributed digital twin identifier may be associated with a representation for accessing the digital twin or a portion thereof. The digital access element may correspond to a DID document associated with the distributed digital twin identifier or distributed passport identifier, the DID document including the distributed digital twin identifier or distributed passport identifier in the form of a distributed identifier (DID). The digital access element may be retrieved from a central or distributed repository. The digital access element may be retrieved based on a distributed digital twin identifier associated with the product's physical identifier. For example, the distributed identifier may be embedded in the physical identifier. In another example, a product identifier may be embedded in a physical identifier, and the product identifier may be used to retrieve a digital access element based on the associated distributed digital twin identifier and the distributed digital twin identifier.
[0069] In one embodiment of a computer implementation method for controlling access to a digital twin of a product's physical entity by a distributed data consumption network node associated with a distributed network participant, the method includes the step of authenticating a distributed network node to access the digital twin or a portion thereof associated with the product. Authentication may include receiving a request to authenticate the distributed network node. The request may include a distributed network node identifier associated with the distributed network node. The request may include a distributed participant identifier associated with a distributed data consumption network node. The request may include a distributed participant identifier associated with a distributed data providing network node. Authentication may further include providing one or more authentication mechanisms associated with the distributed network node identifier. The authentication mechanisms may be associated with a public-private-key infrastructure. The authentication mechanisms may be provided from at least one authentication data registry. The authentication data registry may be a central registry node such as a central file system, a centrally managed distributed database, and / or a centrally managed peer-to-peer network. The centralized configuration allows for greater control and standardization via a central node. Authentication data registries can be distributed registries such as distributed ledgers, distributed file systems, distributed databases, and / or peer-to-peer networks. Distributed configurations enable more efficient use of computing resources and enhance control by data owners. In addition, distributed configurations are independent of a central management node, increasing the reliability and flexibility of the system. Authentication mechanisms may be provided upon request from distributed network nodes to the authentication registry. Based on the authentication mechanism, requests to generate authentication data may be provided. The authentication data received in response to a request may be verified; if authentication is verified, access to the digital twin data structure may be authorized; otherwise, access may be denied. Access may be authorized by a device or computer implementation for authorizing access.
[0070] A decentralized network node being authenticated may provide a decentralized network node performing verification with a dynamic token from at least one authentication data registry and / or an identity token presented in an authentication request. For example, a decentralized data consuming network node may provide a decentralized data providing network node with a dynamic token from at least one authentication data registry and / or an identity token presented in an authentication request. In another example, a decentralized data providing network node provides a decentralized data consuming network node with a dynamic token from at least one authentication data registry and / or an identity token presented in an authentication request. Dynamic tokens may be generated based on a certificate scheme. Dynamic tokens may be associated with a public-private-key infrastructure. A decentralized network node performing verification may grant access to another decentralized network node being authenticated based on the verification of the dynamic token and / or identity token by the verifying decentralized network node. A decentralized network node being authenticated may grant access to a decentralized network node performing verification based on the verification of the dynamic token and / or identity token by the authenticated decentralized network node. For example, a decentralized data consumption network node may be granted access to a decentralized data provision network node based on the verification of dynamic tokens and / or identification tokens by a decentralized data provision network node. In another example, a decentralized data provision network node may be granted access to a decentralized data consumption network node based on the verification of dynamic tokens and / or identification tokens by a decentralized data provision network node. The authentication process may be implemented as part of a decentralized data provision network node or a decentralized data consumption network node. The authentication process may be provided by a separate authentication service accessible to the decentralized data provision network node and / or the decentralized data consumption network node. In the authentication process, one decentralized network node may function as the verification service, and the other decentralized network node may function as the service being authenticated.
[0071] At least one authentication mechanism may be based on a private / public key infrastructure, a digital certificate issued by a certificate issuer, a biometric authentication service, or a combination thereof. The public key may be included in a digital access element. The digital access element may include a distributed passport identifier, access data, and a public key. The digital access element may be recorded on at least one authentication registry. In response to an authentication request from a distributed data service, authentication data may be provided, including a cryptographic signature encrypted with the private key of the requested distributed data service. The provided authentication data may be verified based on at least one authentication mechanism. Verification may include retrieving the public key from the authentication data registry, decrypting the cryptographic signature using the retrieved public key, and determining whether the authentication request is valid, depending on the valid decryption result. If the authentication request is valid, access to the digital twin data may be permitted; if the authentication request is not valid, access to the digital twin data may be denied.
[0072] In one embodiment of a computer implementation method for controlling access to a digital twin of a physical entity of a chemical product by distributed data consumption network nodes associated with distributed network participants, the method is: • Retrieve access control list data associated with one or more nodes present in a digital twin data structure, Based on the data contained in the received request, identify one or more actions to be performed on one or more nodes residing within the digital twin data structure, - By comparing the access control list entries present in the access control list data with the data included in the received request, it is determined whether the distributed network participant is permitted to perform one or more actions requested to be performed on one or more nodes, and accordingly, The further includes performing one or more actions requested to be performed on one or more nodes, or providing a digital twin data structure to distributed data consumption network nodes in accordance with one or more requested actions.
[0073] Providing a digital twin data structure may include providing a digital twin data structure associated with a computer executable instruction configured to control access to the provided digital twin data structure. The computer executable instruction may include obligations regarding the use and / or processing of the provided digital twin data structure.
[0074] A brief explanation of some drawings The present disclosure will be further described below with reference to the attached drawings. The same reference numerals in the drawings and in this disclosure are intended to refer to the same or similar elements, components, and / or parts. [Brief explanation of the drawing]
[0075] [Figure 1] This figure shows an exemplary embodiment of a decentralized network environment, including decentralized participant network nodes associated with participants in a product ecosystem involved with chemical products. [Figure 2] This figure shows an example of chemical production controlled by an operational system that includes a digital twin management system. [Figure 3] This figure shows an example of a production system that provides chemical products associated with one or more digital twins. [Figure 4A] This figure shows an exemplary apparatus for generating access policy data to control access to a digital twin of a physical entity of a product produced from one or more input materials, according to one embodiment of the present disclosure. [Figure 4B]This figure shows an exemplary system for generating access policy data to control access to a digital twin of a physical entity of a product produced from one or more input materials, according to one embodiment of the present disclosure. [Figure 5] This figure shows an example of a digital twin data structure, including a tree structure. [Figure 6A] This figure illustrates an example of controlling access to a digital twin data structure based on different access control groups. [Figure 6B] This figure shows an example of controlling access to a digital twin data structure based on access control groups, in combination with granular access control at the node level, according to one embodiment of the present disclosure. [Figure 7A] This figure shows a first example of controlling access to a digital twin data structure based on access policy data, which includes group access data and participant access data associated with one or more nodes present in the digital twin data structure, according to one embodiment of the present disclosure. [Figure 7B] This figure shows another example of controlling access to a digital twin data structure based on access policy data, which includes group access data and participant access data associated with one or more nodes residing within the digital twin data structure, according to one embodiment of the present disclosure. [Figure 8A] This figure shows the first example of linkage between a product's digital twin data structure and digital access elements via a distributed digital twin identifier. [Figure 8B] This figure shows a second example of linkage between a product's digital twin data structure and digital access elements via a distributed digital twin identifier. [Figure 9A] This figure shows an example of a system and related method for controlling access to a digital twin of a product produced from one or more input materials by production, according to one embodiment of the present disclosure. [Figure 9B]This figure shows an example of a device and related method for accessing a digital twin of a product produced from one or more input materials by production using a digital access element, according to one embodiment of the present disclosure. [Figure 10] This is a flowchart of a computer implementation method for generating a digital twin of a physical entity of a product, according to one exemplary embodiment of the present disclosure. [Figure 11] This is a flowchart of a computer implementation method for generating access policy data to control access to a digital twin of a physical entity of a product produced from one or more input materials, according to one exemplary embodiment of the present disclosure. [Figure 12] This is a flowchart of a computer implementation method for generating group access data, as shown in block 1002 of Figure 11, according to an exemplary embodiment of the present disclosure. [Figures 13A-13B] This figure shows an example of a relational representation that may be used to generate participant access data, as explained in relation to Figure 11. [Figure 14] This is a flowchart of a computer implementation method for controlling access to a digital twin of a product's physical entity by distributed data consumption network nodes associated with participants in a distributed network, according to one exemplary embodiment of the present disclosure. [Figure 15A] This figure shows a first example of handling requests from distributed data consumption network nodes to access a digital twin data structure. [Figure 15B] This figure shows a further example of handling requests from distributed data consumption network nodes to access a digital twin data structure. [Figure 16] This is a schematic diagram illustrating an exemplary embodiment of the present disclosure for controlling access by distributed data serving network nodes to a digital twin data structure of a product associated with a digital twin, using a digital access element for accessing the digital twin data structure. [Figure 17]This is a flowchart of a computer implementation method for processing a digital twin data structure of a digital twin of a physical entity of a product, according to one exemplary embodiment of the present disclosure. [Figure 18] This figure shows a computer implementation method for controlling access to a digital twin data structure of a physical entity of a chemical product by distributed data consumption network nodes using a product-associated digital access element, according to one exemplary embodiment of the present disclosure. [Figure 19] This figure shows an example of digital access elements, including DID owner data, DID document data, and a distributed identity information infrastructure. [Modes for carrying out the invention]
[0076] Detailed explanation The following embodiments are merely examples of, and should not be considered as limiting, to the methods, systems, or application devices disclosed herein.
[0077] Figure 1 shows an exemplary embodiment of a decentralized network environment. The decentralized network environment may include a decentralized participant network 130. The decentralized participant network 130 may include one or more decentralized network participants 102-112. The decentralized network participants may be part of a product ecosystem, including chemical products. The product ecosystem may include a production chain that produces the final product. The product ecosystem may include a recycling chain for recycling at least a portion of the end-of-life products. The product ecosystem may include a chemical product producer 102, a chemical product consumer 104, an OEM 106, an end-of-life product user 108, an EOL product collector 110, and a recycler 112. The product ecosystem may include further participants such as a raw material supplier 134. The decentralized participant network 130 may be a chemical supply chain. The product ecosystem may enable the use of materials resulting from the recycling of end-of-life products to produce new products, such as chemical products. The product ecosystem may be associated with the production and / or recycling of physical products. Products may be chemical products, intermediate chemical products, components, component assemblies, final products, used products, or recycled products.
[0078] Participants in the decentralized participant network 130 may be associated with the production and / or recycling of products. Decentralized network participants 102-112 may refer to producers of physical products, such as chemical product producers 102, chemical product consumers 104, OEMs 106, end-of-life product users 108, EOL product collectors 110, and recyclers 112. Decentralized network participants may be associated with decentralized participant identifiers. Decentralized participant identifiers can uniquely identify decentralized network participants within the decentralized participant network 130.
[0079] Participants in the distributed participant network 130 may be connected via material flows 132. Material flows 132 may correspond to product flows from upstream participants in the distributed participant network 130 to downstream participants in the distributed participant network 130. Material flows 132 may refer to continuous or discontinuous flows of products. Product flows may include any means of transport suitable for transporting products from one participant to a downstream participant. These means of transport may include pipes, containers, barrels, and packages. Material flows 132 may be associated with raw materials used to produce chemical products, such as raw materials. Raw materials may be provided to chemical producers for the production of chemical products and / or intermediate chemical products (not shown).
[0080] Data flows 128 between distributed network participant nodes may be directly or indirectly associated with material flows 132 between distributed network participants. For example, data flow 128 may be directly associated with material flows 132 if data associated with chemical products provided from chemical producer 102 to chemical consumer 104 is accessed by a distributed data consumption network node associated with chemical consumer 104. For example, data flow 128 may be indirectly associated with material flows 132 if data associated with chemical products produced by chemical producer 102 is accessed by a distributed data consumption network node associated with recycler 112.
[0081] At least some of the participants in the decentralized participant network 130 may be associated with decentralized participant network nodes 116, 118, 120, 122, and 124. Decentralized participant nodes 116-124 may be under the control of each decentralized participant associated with each decentralized participant node. Decentralized participant nodes 116-124 may form a decentralized network 126. Decentralized network 126 may be a peer-to-peer communication network. Decentralized network 126 may be configured to execute data transactions 128. Data transactions 128 may be based on a transaction protocol that includes an authentication and / or authorization mechanism. Based on the authentication and / or authorization mechanism, peer-to-peer communication may be established between decentralized network nodes 116-124 associated with decentralized data participants 102-112. One or more authentication mechanisms may be associated with or linked to decentralized digital twin identifiers and / or decentralized passport identifiers, as described in relation to Figure 15. One or more authentication mechanisms associated with a distributed digital twin identifier and / or a distributed passport identifier may be accessible by a distributed data providing network node and / or a distributed data consuming network node, as described in relation to Figure 15. The distributed configuration enables more efficient use of computing resources and enhances control by data owners of the distributed network.
[0082] Data transactions between distributed network participant nodes may be based on a distributed identifier associated with each product data being accessed, as illustrated in relation to Figures 9A, 9B, and 16, for example. The distributed identifier may be uniquely associated with the physical entities of the product and associated data. The distributed identifier may uniquely identify each product within the distributed network. The distributed identifier may be associated with further distributed identifiers, such as the distributed identifier of the product used to produce the product. This may enable tracking of the product used to produce a product, such as the final product. The distributed identifier may be included in a digital access element associated with the product, as illustrated in relation to Figures 16 and 19, for example.
[0083] The distributed participant nodes 116-124 may be distributed computing nodes. A "distributed computing node" may be any device or system that includes at least one physical, tangible processor and physical, tangible memory capable of having computer executable instructions executed by the processor. The memory may be in any form and depends on the nature and form of the computing node.
[0084] At least some of the distributed participant nodes 116-124 may be distributed data serving network nodes. At least some of the participant nodes 116-124 may be distributed data consumption network nodes. Participants in the distributed participant network 130 may be associated with distributed data serving network nodes and / or distributed data consumption network nodes, depending on whether data is provided to downstream participants and / or consumed by upstream participants. For example, a chemical producer 102 may be associated with a distributed data serving network node configured to provide chemical data to downstream participants (e.g., chemical consumers 104), as described, for example, in relation to Figure 15. In addition or alternatively, the chemical producer 102 may be associated with a distributed data consumption network node configured to access data related to recycled products produced by upstream participants (e.g., recyclers 112).
[0085] The distributed network 126 may contain further distributed network nodes. These further distributed network nodes may be distributed infrastructure service nodes (not shown in Figure 1). Distributed infrastructure service nodes may not be associated with participants in the product ecosystem. Distributed infrastructure service nodes may provide services for distributed participant nodes 116-124, such as verifying the identity of distributed participant network nodes 116-124 before performing data exchange. Distributed network participant nodes 116-124 may be associated with or contain a certificate, such as an X.509 certificate. The certificate may be associated with a distributed infrastructure service node that includes, for example, a certificate issuance service and / or a dynamic provisioning service that provides dynamic attribute tokens (e.g., OAuth access tokens). Thus, distributed network participant nodes 116-124 possess a unique identifier embedded in the X.509 certificate that identifies each distributed network participant node 116-124. The information required for certificate verification may be provided through an authentication registry associated with the certificate issuance service and / or dynamic provisioning service. For example, in the IDSA Reference Architecture Model, version 3.0 as of April 2019, prior to the execution of data exchange (not shown), distributed data serving network nodes associated with the data owner, a certification authority (CA), a dynamic attribute provisioning service (DAPS), and distributed data consumption network nodes associated with the data consumer are used to verify the identity.
[0086] Figure 2 shows an example of a chemical production 204 that produces one or more chemical products from one or more input materials 202, in relation to an operational system 208 that includes a digital twin management system. The chemical production 204 may be associated with distributed network participants such as chemical product producers 102, as described in relation to Figure 1. The operational system 208 may be used to operate the chemical production 204, for example, by managing different production chains that exist within the chemical production. Different chemical materials 202 (hereinafter also referred to as input materials 202) may be provided as physical inputs from material providers or suppliers in order to produce one or more chemical products 206. Physical inputs to the chemical production 204 may include chemical materials such as raw materials, intermediate materials, or combinations thereof. Raw materials may be unprocessed raw materials or recycled raw materials. Input materials 202 may be supplied to the chemical production 204 at any entry point. Input materials 202 may be supplied to the chemical production 204 at the start of the chemical production 204. Input materials may be considered as inputs to the chemical production 204.
[0087] Chemical production 204 can be a chemical production network that includes multiple interconnected processing steps. A chemical production network can be an integrated chemical production network having production chains that are related to each other. A chemical production network can include multiple different production chains that have at least one common intermediate product. A chemical production network can include multiple stages of a chemical value chain. A chemical production network can include multiple production chains that produce a chemical product as output from one or more input materials as inputs. A chemical production network can include multiple hierarchies of a chemical value chain. A chemical production network can include a configuration of physically interconnected production sites. Production sites can be in the same location or in different locations. In the latter case, production sites can be interconnected by dedicated transport systems such as pipelines, supply chain vehicles such as trucks, supply chain ships or other means of freight transport.
[0088] Chemical production 204 may include multiple production steps. The production steps included in chemical production 204 may be defined by the system boundary of chemical production 204. The system boundary may be defined by locations or controls across the production process. The system boundary may be defined by the site of chemical production 204. The system boundary may be defined by a production process controlled by one entity or jointly by multiple entities. The system boundary may be defined by a value chain with time-delayed production processes to the final product, and the value chain may be individually controlled by multiple entities.
[0089] Chemical production 204 can convert input materials 202 into one or more chemical products 206 that exit chemical production 204. The conversion may be carried out via intermediate chemical products. The conversion may be a chemical reaction or any other processing step such as a physical treatment. Since the yield of a chemical reaction may be less than 100%, the chemical reaction may result in a mixture of different chemical products. Thus, a chemical reaction of one or more starting materials, such as input materials 202, may result in a mixture of different chemical products. Thus, a chemical reaction may be characterized by a one-to-many or many-to-many relationship between the starting materials and the resulting reaction products. This is in contrast to individual production, where a many-to-one relationship exists between parts / components and assemblies, for example, the result of an individual production step is a specific and predictable assembly. Since the yield of a chemical reaction is not 100%, the amount of the desired chemical product 206 (e.g., a chemical product supplied to an upstream participant in the chemical ecosystem) is less than the theoretical amount of chemical product calculated from the amount of starting materials. Such mixtures typically require the separation of the different chemical products contained in the mixture. This makes it possible to avoid the adverse effects of impurities and unreacted input materials 202 on further processing of the chemical product 206. Separation may include distillation, washing, extraction, crystallization, and recrystallization. The resulting mixture may contain unreacted starting materials, such as unreacted input materials 202. Unreacted starting materials may be reintroduced into the chemical reaction to reduce the amount of starting materials required. The resulting mixture may contain the desired chemical product 206 supplied to upstream participants in the chemical ecosystem, such as chemical product consumers or chemical product processors. The resulting mixture may contain intermediate chemicals used as input materials in further chemical reactions carried out within the chemical production 204. This makes it possible to reduce the amount of waste associated with the disposal of intermediate chemicals and / or the amount of energy associated with transporting these intermediates to another chemical production. The resulting mixture may contain waste chemicals, such as chemicals that can no longer be used and need to be disposed of, for example, by incineration. Waste chemicals may be generated from undesirable chemical side reactions.
[0090] The chemical production system 204 may be equipped with a plurality of sensors 210a, 210b. Sensors 210a, 210b may measure at least one chemical and / or physical property of the chemical product 206 produced by the chemical production system 204. Sensors 210a, 210b may measure at least one chemical and / or physical property of the input material 202 supplied to the chemical production system 204. Sensors 210a, 210b may include a sensor 2010b configured to determine the amount of input material 202 and / or the chemical product produced. Examples of such sensors may include measuring instruments or flow meters. Sensors 210a, 210b may include a sensor 210a configured to measure at least one chemical and / or physical property of the input material 202. Measuring the chemical and / or physical properties of the input material 202 allows for control of the production process based on the measurement data. Sensors 210a and 210b may include sensor 210a configured to determine the chemical and / or physical properties of the produced chemical product 206. Sensor 210a configured to measure chemical properties may measure data associated with or corresponding to combustion heat, formation enthalpy, toxicity, chemical stability in a given environment, flammability, oxidation state, corrosiveness, acidity and basicity, and / or pH value. Sensor 210a, configured to measure physical properties, may measure data associated with or corresponding to absorption, brittleness, boiling point, capacitance, color, concentration, density, ductility, distribution, effectiveness, elasticity, charge, conductivity, electrical impedance, potential, flow rate, fluidity, hardness, heat capacity, inductance, intrinsic impedance, brightness, luminescence, gloss, mass, melting point, opacity, transmittance, dielectric constant, plasticity, pressure, radiance, resistivity, reflectance, refractive index, solubility, specific heat, strength, stiffness, temperature, tension, thermal conductivity, thermal resistance, viscosity, volume, and / or wave impedance. Data measured by sensors 210a and 210b may be stored in one or more databases, for example, a database included in the data source layer 422 of Figure 4B. One or more databases may be distributed databases. The stored data may each be correlated with input material identifiers and / or chemical product identifiers.
[0091] The chemical production operation system 208 may monitor and / or control the chemical production 204 based on operational parameters associated with different processes performed by the chemical production 204. One of the process steps to be monitored and / or controlled may be the supply of input materials 202 or the shipment of the produced chemical product 206. Another process step to be monitored and / or controlled may be the separation of chemical products contained in mixtures resulting from chemical reactions performed within the chemical production 204. Another process step to be monitored and / or controlled may be the determination of the chemical and / or physical properties of the produced chemical product 206 from data collected in connection with the production of the chemical product, such as data measured by sensors 210a, 210b before, during, and / or after the production of the chemical product 206. Another process step to be monitored and / or controlled may be the generation of a digital twin. The digital twin may be generated by the apparatus 424 for generating the DT, as described in relation to Figures 9A and 9B. The digital twin may be generated using the method described in Figure 10. A further process step that is monitored and / or controlled may be the generation of access policy data to control access to the generated digital twin by one or more distributed data consumption network nodes, as described, for example, in relation to Figures 4A, 4B, 11, and 12. A further process step that is monitored and / or controlled may be the control of access to the generated digital twin based on the generated access policy data, as described, for example, in relation to Figures 7A, 7B, 15A, and 15B. A further process step that is monitored and / or controlled may be the generation of digital access elements associated with the digital twin of the produced chemical product, as described, for example, in relation to Figures 9B and 18. A further process step that is monitored and / or controlled may be the control of access to the generated digital twin based on the generated digital access elements, as described, for example, in relation to Figure 16.
[0092] The operating system 208 may be configured to determine the physical and / or chemical properties of a chemical product from collected data associated with the production of that chemical product. The operating system 208 may be configured to generate a digital twin of the chemical product, as described, for example, in relation to Figures 3, 9A, and 10. The operating system may be configured to generate access policy data for controlling access to the digital twin, as described, for example, in relation to Figures 4A, 4B, 11, and 12. The operating system 208 may be configured to generate digital access elements associated with the digital twin, as described, for example, in relation to Figure 9B. The operating system may be configured to control access to the digital twin based on the generated access policy data, as described, for example, in relation to Figures 7A, 7B, and 14. The operating system may be configured to control access to the digital twin based on the generated access elements, as described, for example, in relation to Figure 16.
[0093] Figure 3 shows an example of generating digital twins of different chemical products used within a product ecosystem. Chemical products may be produced by decentralized network participants, such as chemical producer 102, as described in relation to Figure 1. Chemical products such as chemical product 206 may be produced by a chemical production 204 with an operating system 208, as described, for example, in relation to Figure 2. Figure 3 specifically shows an example of generating digital twins of precursor materials (e.g., intermediate chemical products) and of chemical products produced at least partially from precursor materials.
[0094] The production of a chemical product may include a two-stage process, namely, 1) the production of an intermediate chemical product from one or more input materials, and 2) the production of a chemical product from at least part of the intermediate chemical product. Input materials may be used as physical inputs to produce the intermediate chemical product. Input materials may be provided by raw material providers. Input materials may include raw or recycled materials. Input materials may be provided for the production of the intermediate chemical product as input material 202. The production of the intermediate chemical product may be a chemical product production 204 as described in relation to Figure 2. Input materials may have physical identifiers. Physical identifiers may be or may be associated with distributed input material identifiers. Distributed input material identifiers may be associated with a digital twin of the input material. An operating system for the production of the intermediate chemical product, such as the operating system 208 described in relation to Figure 2, may include or be able to communicate with an ID reader configured to read physical identifiers and determine the distributed input material identifier associated with the physical identifier. A digital twin of the input material may be generated as described in relation to Figure 9 below. The digital twin may include measured physical and / or chemical properties, as determined from collected data associated with the production and / or use of the input material, and / or physical and / or chemical properties. Physical and / or chemical properties may be measured using sensors as described in relation to Figure 2. Physical and / or chemical properties may be determined from collected data as described in relation to Figure 2. The digital twin may further include input material name, input material producer, input material declaration data, input material safety data, emission data such as CO2 footprint and / or PCF data, recyclate content data, biobase content data, certificates of analytical data associated with the input material, certificates associated with the input material, or a combination thereof.
[0095] The operating system may be configured to access, for example, a digital twin or a portion thereof of the input materials provided to the intermediate chemical product production, based on the determined distributed input material identifier, from a distributed data provision network node associated with the input material provider (see, for example, Figure 15). Such data may be used to operate the chemical production that produces the intermediate chemical product. For example, if the input material is recycled material, a production step of refining the recycled material may be performed. For example, if the input material is raw material, the refining step may be omitted. The intermediate chemical product may be formed by chemically reacting the input materials and / or by physically processing the input materials. Chemical reactions may include polymerization, precipitation, and other commonly known chemical reactions. Physical processing may include mixing, grinding, extrusion, etc. The intermediate chemical product production may include sensors such as sensors 210a, 210b that measure the physical and / or chemical properties of the intermediate chemical product produced by the intermediate chemical product production, as described in relation to Figure 2. The operating system may be configured to determine the physical and / or chemical properties from the collected data associated with the production of the intermediate chemical product, as described in relation to Figure 2.
[0096] The operating system may be configured to generate digital twins of the produced intermediate chemical products, as described in relation to Figure 10 below. Each digital twin may include a distributed intermediate chemical product identifier, and at least one chemical and / or physical property of each intermediate chemical product measured by sensors 210a, 210b, and / or at least one physical and / or chemical property of each intermediate chemical product determined from the collected data. The digital twin may further include a distributed input material identifier for the input materials used to produce each intermediate chemical product. This makes it possible to track the input materials used to produce each intermediate chemical product. The digital twin may further include the data described above in relation to the digital twin of the input materials. An intermediate chemical product digital access element may be generated, for example, as described in relation to Figure 9B. The produced intermediate chemical products may be packaged, and the packaging may include a physical identifier such as a QR code, an embossed code, or an optical holographic code such as a zero-order diffraction microstructure. The physical identifier may be assigned to each distributed intermediate chemical product identifier in the digital twin and / or each distributed passport identifier in the intermediate chemical product digital access element. The assignment of physical identifier elements and distributed intermediate chemical product identifiers may be performed in a distributed system and / or through a locally operating ID assigner in a distributed system. For example, a packaging line may include a labeling device that detects the packaging of the intermediate chemical product produced. Based on such recognition, a requester may generate a request to generate a digital twin, and each distributed intermediate chemical product identifier included in the generated digital twin may be assigned to its respective physical identifier by, for example, an ID assigner (see also Figures 9A and 9B below). Assignment may include encoding each distributed intermediate chemical product identifier to a physical identifier and providing the physical identifier, such as a code, to a labeling device configured to attach the physical identifier to each intermediate chemical product, such as the packaging of each intermediate chemical product. The ID assigner may be part of the labeling device or may be a separate device.
[0097] In the second step, the intermediate chemical product produced in step 1) may be provided as input material 202 to chemical production 204 to produce chemical product 206. Chemical production 204 may be the chemical production 204 described in relation to Figure 2. Chemical production may be associated with a distributed network participant, such as a chemical product producer 102 described in relation to Figure 1. Chemical production 204 may be a chemical production that produces intermediate chemical products. Chemical production 204 may be different from a chemical production that produces intermediate chemical products. In addition to the intermediate chemical product produced in step 1), further input materials may be provided to chemical production and used to produce chemical product 206. Intermediate chemical products may include recycled intermediate chemical products and / or intermediate chemical products produced by intermediate chemical production different from the intermediate chemical production described in relation to step 1). Such intermediate chemical products may be associated with a physical identifier. The physical identifier may be associated with a distributed intermediate chemical product identifier, as described above, through which a digital twin or part thereof of each intermediate chemical product may be accessible. As described above, an ID reader may be used to read the physical identifier associated with each distributed intermediate chemical product identifier. The digital twin or a portion thereof may be accessed using the distributed intermediate chemical product identifiers described above via a distributed data consumption network node, for example, as described in relation to Figure 1, via a distributed data consumption network node associated with the chemical product producer 102.
[0098] Production data from the production of intermediate chemical products may be used by an operational system, such as the operational system 208 described in relation to Figure 2 for chemical production to produce chemical product 206, as described above. The chemical product may include sensors such as sensors 210a, 210b that measure the physical and / or chemical properties of the chemical product produced by the chemical production, as described in relation to Figure 2. The operational system may be configured to determine the physical and / or chemical properties from the collected data associated with the production of the chemical product, for example, as described in relation to Figure 2.
[0099] The operating system may be configured to generate a digital twin of a produced or packaged chemical product, as described above. The digital twin may include a distributed chemical product identifier and at least one measured and / or determined physical and / or chemical property, as outlined above. The digital twin may also include a distributed intermediate chemical product identifier, which allows for tracking of intermediate chemicals used to produce a chemical product, and indirectly, tracking of input materials used to produce an intermediate chemical product. The digital twin may include further data such as producer name, producer brand, producer identifier, chemical product name, chemical product brand, and chemical product identifier, as outlined above.
[0100] Digital access elements associated with chemical products may be generated, for example, as described in relation to Figure 9A. Distributed chemical product identifiers and / or digital access elements may be associated with chemical products via physical identifiers, as described above. Digital access elements may include distributed passport identifiers and access data. Access data may include digital representations pointing to a digital twin or a portion thereof. Distributed passport identifiers may correspond to or be associated with distributed chemical product identifiers. Digital access elements may be used by chemical product consumers 104 to access chemical product data (see Figure 1). Chemical product data may be accessed via distributed data consumption network nodes associated with chemical product consumers 104. Access to chemical product data may be controlled by distributed data provision network nodes associated with chemical product producers 102, based on access policy data, as described, for example, in relation to Figures 15A and 15B.
[0101] Figure 4A shows an exemplary apparatus 402 for generating access policy data to control access to a digital twin of a physical entity of a chemical product produced from one or more chemical input materials. The digital twin may be accessed by a distributed data consumption network node (not shown). The distributed data consumption network node may be associated with downstream participants of the chemical product producer 102, such as a chemical product consumer 104 (see, for example, Figure 1). Access to the digital twin may be controlled based on the generated access policy data, for example, as described in relation to Figures 7A, 7B, 15A, and 15B.
[0102] The device 402 may be included in the operating system 208 of a chemical production 204 that produces chemical products from one or more input materials (see, for example, Figure 2). The chemical products may be intermediate chemical products. The chemical products may be final chemical products. The device 402 may be communicatively coupled to the operating system 208 of the chemical production 204 that produces chemical products. The device 402 may be configured to generate access policy data to control access to the digital twin of the chemical products. The device 402 may be configured to provide at least a portion of the generated access policy data to a distributed data provision network node 416. The device 402 may be configured to generate access policy data using, for example, the method described in relation to Figures 11 and 12.
[0103] Device 402 may be coupled to a digital twin (DT) storage 414. The DT storage 414 may store digital twin data of a chemical product. Each digital twin stored in the DT storage 414 may include, as described above, a distributed digital twin identifier, as well as digital twin data including at least one measured and / or determined chemical and / or physical property. Each digital twin may include further data as described above in relation to Figure 3. Digital twins stored in the DT storage 414 may be generated by a device 424 for generating DTs (not shown, see, e.g., Figures 9A and 9B) using the method described below in Figure 10. Digital twins may be stored in the DT storage 414 for access by consumers of the chemical product, as described in relation to Figures 6A and 6B.
[0104] Device 402 may include a group access data generator 404 configured to generate access group data associated with digital twin data. The access group data may identify access control groups, which include distributed participant identifiers associated with distributed participant nodes permitted to access the digital twin data, as described, for example, in relation to Figures 7A and 7B. Thus, an access control group may represent a collection of distributed participant identifiers permitted to access the digital twin data. Each distributed participant identifier may include any identifier uniquely associated with a participant in the distributed network 126 and / or a production site of a participant in the distributed network 126. Distributed participant identifiers may include letters and / or numbers. Distributed participant identifiers may include one or more universally unique identifiers (UUIDs) and / or one or more distributed identifiers (DIDs). Distributed participant identifiers may be associated with or include verifiable claims or credentials. Distributed participant identifiers may be generated by central or distributed nodes of the distributed network. Distributed participant identifiers may be provided to all participants of the distributed network. A decentralized participant identifier may be associated with the name of a participant in the decentralized network 126. A decentralized participant identifier may also be associated with the name of a site, such as a production site, of a participant in the decentralized network 126.
[0105] Access control groups may be associated with access group policies that grant access to digital twin data for the access control group. Access group data may be associated with distributed digital twin identifiers associated with each digital twin data. Distributed digital twin identifiers may be provided by a distributed identity provider 410. The distributed identity provider 410 may provide distributed digital twin identifiers in response to incoming requests received in unit 404. Requests may include distributed digital twin identifiers associated with digital twin data on which access policy data is generated. Requests may include chemical product identifiers associated with chemical products, and the distributed digital twin identifier providing unit may be configured to provide distributed digital twin identifiers based on the received chemical product identifiers. For example, the distributed digital twin identifier providing unit may retrieve distributed digital twin identifiers from DT storage 414 that stores digital twins based on the chemical product identifiers. Requests may be generated by the device 424 for generating digital twins after each digital twin has been generated. Requests may be received from input / output devices (not shown) connected to the distributed identity provider 410. For example, a user may trigger the generation of access policy data via an input / output device by providing, for instance, a distributed digital twin identifier or a chemical product identifier associated with each chemical product.
[0106] The group access data generator 404 may be configured to generate group access data for one or more distributed digital twin identifiers provided by the distributed identity provider 410. The group access data generator 404 may be connected to an identifier 406 that stores distributed participant identifiers associated with distributed network participants (see, for example, Figure 1). The group access data generator 404 may be configured to generate group access data as described in relation to Figure 12. The generated group access data may be used for group-based access to digital twin data as described in relation to Figures 7A, 7B, 15A, and 15B. The group access data generator 404 may be configured to provide the generated group access data to the participant access data generator 408. The group access data generator 404 may be configured to provide the generated group access data to the access policy data generator 412.
[0107] Device 402 may include a participant access data generator 408 configured to generate participant access data associated with digital twin data based on access control data generated by a group access data generator 404. The access control data generated by the participant access data generator 408 may identify distributed network participants who are permitted to access one or more data points present in the digital twin data, and one or more actions they are permitted to perform on one or more data points when accessing the digital twin data. Distributed participant identifiers identified by the participant access data may at least partially correspond to distributed participant identifiers included in access control groups identified by the group access data. The participant access data may be generated as described in relation to Figure 11. The participant access data generator 408 may be configured to provide the generated participant access data to an access policy data generator 412.
[0108] Device 402 may include an access policy data generator 412 configured to generate access policy data associated with a digital twin based on group access data generated by a group access data generator 404 and access control data generated by a participant access data generator 408. The access policy data may identify the group access data and associated participant access data for the digital twin data. The access policy data generator 412 may be configured to link the access policy data to the digital twin. Linking may include including a distributed digital twin identifier associated with the digital twin in the access policy data. Linking may include associating identifiers included in the access policy data, such as the access policy data identifier, with a distributed digital twin identifier associated with the digital twin. The access policy data generator 412 may be configured to provide at least a portion of the generated access policy data to a distributed data serving network node 416. The access policy data generator 412 may be configured to provide the group access data provided by the group access data generator 404 and the distributed digital twin identifier associated with the access control group to the distributed data serving network node 416. The distributed data delivery network node 416 may be configured to store access policy data provided by the access policy data generator 412 in the DB 418. For example, the distributed data delivery network node 416 may be configured to store at least one access control policy and its associated distributed digital twin identifier provided by the access policy data generator 412 in the DB 418.
[0109] Figure 4B shows an exemplary system for generating access policy data to control access to a digital twin of a physical entity of a chemical product produced from one or more chemical input materials. Access to the digital twin by one or more distributed data consumption network nodes (not shown, see, e.g., Figures 8A and 8B) may be controlled by a distributed data serving network node 416 associated with the digital twin, based on the access policy data generated by the access control layer 430. The distributed data serving network node 416 may be associated with or connected to data storage that stores the digital twin (not shown, see, e.g., Figures 4A and 4B).
[0110] System 400b may be included in the operating system 208 of a chemical production 204 that produces a chemical product from one or more input materials (see, for example, Figure 2). The chemical product may be an intermediate chemical product. The chemical product may be a final chemical product. System 400b may be communicably coupled to the operating system 208 of the chemical production 204 that produces the chemical product. System 400b may be configured to control access to a digital twin of the chemical product using, for example, the method described in relation to Figures 15A and 15B.
[0111] System 400b may include a data source layer 420. The data source layer 420 may include one or more distributed data sources. One or more distributed data sources may be distributed databases. A distributed data source may be a data lake containing data associated with chemical products from multiple distributed data sources. One or more distributed data sources may include at least one measured and / or determined chemical and / or physical property of a chemical product, such as a chemical product 206 produced by chemical production 204 from one or more input materials 202, as described in relation to Figures 2 and 3. At least one physical and / or chemical property may be measured using sensors such as sensors 210a, 210b, and the measured chemical and / or physical property may be stored in the distributed data source. At least one physical and / or chemical property may be determined from data acquired from sensors such as sensors 210a, 210b before, during, and / or after production, and the determined chemical and / or physical property may be stored in the distributed data source. One or more distributed data sources may further include chemical product names, chemical product producers, chemical product declaration data, chemical product safety data, emission data, recyclable content data, bio-based content data, certificates of analytical data associated with chemical products, certificates associated with chemical products, or a combination thereof.
[0112] The data source layer 420 may be owned or controlled by the data owner of the data associated with the chemical product data. The data source layer 420 may be associated with the data owner of the chemical product data. The data source layer 420 may be connected to the digital twin provider layer 428, for example, via a communication interface such as a network or API. The data source layer 420 may be connected to the service layer 422, which exists between the data source layer 420 and the digital twin provider layer 428. Therefore, the service layer 422 may be optional in some implementations of the system shown in Figure 4B.
[0113] The service layer 422 may be configured to collect data according to predetermined selection criteria. The service layer 422 may be configured to apply one or more semantic models to the collected data in order to produce uniform data collection. The service layer 422 may be configured to provide uniform data collection to a data streaming platform included in the service layer 422. The streaming platform may include a platform deployed across a collection of multiple hosts, clusters, data centers, and / or other computing resources. The streaming platform may include one or more client processes that generate records of activity and publish the records to one or more event streams. For example, when a certain type of activity occurs in the data source layer 420, such as providing new uniform data collection, producing a new batch of chemical products, or measuring or determining the chemical and / or physical properties of the produced chemical products, one or more client processes may generate records of the activity and publish the records to one or more event streams. The data streaming platform may then propagate the records to one or more components that are subscribed to the same event stream. Data propagated to one or more components may be stored in a database located within the service layer 422 or the digital twin provider layer 428. The data streaming platform thus enables activity occurring in multiple distributed data sources in the data source layer 420 to be captured and transmitted in an integrated and scalable manner.
[0114] The digital twin provider layer 428 may be configured to provide a digital twin of a chemical product. Each digital twin may include a distributed digital twin identifier, as well as digital twin data including at least one measured and / or determined physical and / or chemical property. The digital twin may be linked to the chemical product via the distributed digital twin identifier. The digital twin provider layer 428 may include digital twin storage for storing the digital twins, such as DT storage 414. DT storage 414 may be included in the apparatus for generating 424. The digital twin provider layer 428 may be configured to generate a digital twin of a chemical product based on data collected from the data source layer 420, such as measured and / or determined physical and / or chemical properties stored in the data source layer 420. The digital twin may be generated by the apparatus for generating DT 424 (see also Figures 9A and 9B). The digital twin may be generated by the apparatus 424 using the method described in relation to Figure 10.
[0115] The digital twin provider layer 428 may further comprise a device 426 for generating digital access elements, which is generally optional. The device 426 may generate digital access elements associated with the digital twins generated by the device 424. Each digital access element may comprise a distributed passport identifier and digital twin location data. The distributed passport identifier corresponds to, or may correspond to, the distributed digital twin identifier of each digital twin to which the digital access element is associated. The digital access elements generated by the device 426 may be provided to the distributed data provision network node 416 (see also Figure 9B). The digital access elements may be used by the distributed data consumption network node to access the digital twin associated with the digital access element via the distributed passport identifier, for example, as described in relation to Figure 16.
[0116] System 400b may further include an access control layer 430 configured to generate access policy data to control access to a digital twin of a chemical product produced from one or more input materials. The access control layer 430 may include a device 402 for generating access policy data to control access to the digital twin data, for example, the device 402 described in relation to Figure 4A. The access control layer 430 may be configured to control access based on the generated access policy data, for example, as described in relation to Figures 7B and 15B. The access control layer 430 may be configured to provide the generated access policy data to a distributed data delivery network node 416, which may be configured to control access to the digital twin data, for example, as described in relation to Figures 7A and 15A. The access control layer 430 may be configured to control access to the digital twin data based on a digital access element, for example, as described in relation to Figure 16.
[0117] System 400b enables the achievement of availability, integrity, and confidentiality of the digital twin or a portion thereof. For example, by separating the generation of the digital twin from access to the digital twin, it is possible to achieve high and stable availability of the digital twin within the distributed network. The access control layer enables the configuration and technical assurance that only defined distributed network participants can access the digital twin data. The access policy data generated by the access control layer 430 may include access control groups that define distributed participant identifiers associated with distributed network participants who are permitted to access the digital twin data, and access control data that defines the distributed network participants' access to one or more data points within the digital twin data. By filtering distributed data consuming network nodes that request access to the digital twin based on group-based policies for accessing the digital twin, the digital twin data can be securely exchanged and shared under the control of the data owner of the digital twin data, and unwanted access to the digital twin data by distributed network participants via the relevant distributed data consuming network nodes can be avoided. Furthermore, this makes it possible to manage who can access the digital twin data structure without compromising the ability to control what actions these decentralized network participants can take once they have access to the digital twin data. By defining the actions permitted by decentralized network participants at the data point level of the digital twin data, the generation of multiple copies of the digital twin data containing different data points customized for the access rights of individual decentralized network participants can be avoided.
[0118] Figure 5 shows an exemplary digital twin data structure 500 having a tree structure. A digital twin data structure can be generated by applying a data model having a tree structure to product data, as described, for example, in relation to Figure 10. A digital twin data structure can be generated by applying two data models, one data model containing the tree structure shown on the left (e.g., nodes 1 to 7) and the other data model having the tree structure shown on the right (e.g., nodes 8 to 11).
[0119] The tree structure may include a root node 502. The root node may include data. The data may include one or more data points and / or datasets. The data may include distributed digital twin identifiers. The root node 502 may be connected to one or more sub-data structures, such as sub-data structures 526, 528, etc. Sub-data structures may be considered child nodes of the root node 502. The root node may include more or fewer sub-data structures than those shown in Figure 5. A sub-data structure may include one or more nodes, such as one or more intermediate nodes and / or one or more leaf nodes. A sub-data structure may include a parent node and one or more child nodes. A parent node may be an intermediate node. A child node may be a further intermediate node or leaf node.
[0120] The tree structure may further include intermediate nodes 504, 506, 510, 516, 518, and 524. Intermediate nodes 504 and 516 may be child nodes of the root node 502. Then, intermediate nodes 504 and 516 may be parent nodes to further intermediate nodes 506, 510, 518, and 524. Next, intermediate nodes 506, 510, 518, and 524 may be parent nodes to leaf nodes 508, 512, 514, 520, and 522. Intermediate nodes and / or leaf nodes may contain data. Data may contain one or more data points and / or datasets. A dataset may contain key-value pairs. The dataset may include emission data, recyclable content data, bio-based content data, occurrence data, working conditions data, product composition data, material safety data, analytical data certificates, data associated with product production, product-related certification data, product-related regulatory information data, data associated with product transportation, data associated with product use, measured and / or determined chemical and / or physical properties of the product, or a combination thereof.
[0121] Figure 6A shows a non-inventive example of controlling access to a digital twin data structure based on different access control groups. A distributed data-serving network node 416 and a device 402 for generating access policy data may interact with DT storage 414 which stores the digital twin data. Distributed participant nodes 116A-116E associated with chemical product consumers 602, 612 may interact with the distributed data-serving network node 416 (see also Figure 1). The distributed data-serving network node 416 may be configured to access the digital twin data stored in DT storage 414 via a network connection. The network connection may be via one or more public and / or private networks. In some embodiments, the distributed data-serving network node 416 may access DT storage 414 via the internet.
[0122] In the example shown in Figure 6A, two access control groups for distributed network participants are defined for the digital twin data. In this example, the digital twin data may include a DT dataset 616 containing two sub-datasets 618 and 620. Each sub-dataset may contain one or more data points 622, 624, and 626. The first access control group 606 may include distributed participant nodes 116A and 116B associated with chemical consumer 1 602 and chemical consumer 2 604, respectively. The second access control group 614 may include distributed participant nodes 116D and 116E associated with chemical consumer 4 610 and chemical consumer 5 612, respectively. In this example, distributed participant node 116C may not be associated with any access control group.
[0123] The distributed data serving network node 416 may be configured to receive requests to access digital twin data from one or more distributed participant nodes (e.g., distributed data consumption network nodes). The distributed data serving network node 416 may be configured to provide access to the digital twin data based on group access policies (one or more) provided by the device 628. The distributed data serving network node 416 may be configured to collect digital twin data from the DT storage 414 and to provide the collected digital twin data to distributed participant nodes requesting access to the digital twin data. The exemplary implementation shown in Figure 6A includes five distributed participant nodes 116A-116E, while other implementations may include a different number of distributed participant nodes. The device for generating group access data 628 may be used to generate group access policies for access control groups associated with the digital twin data and to add, modify, and / or delete group access policies.
[0124] Device 628 for generating group access data may generate group access data. The group access data includes one or both of the access control groups 606 and 614. The group access data may include the access control groups 606 and 614 and at least one group access policy indicating distributed participant identifiers associated with chemical product consumers 602 and 604 of the first access control group 606, and distributed participant identifiers associated with chemical product consumers 610 and 612 of the second access control group 614. Chemical product consumer 3 608 may not be associated with any of these groups and therefore may not be able to access the digital twin data structures 630 and 632. Device 628 may send a configured group access policy message to the distributed data delivery network node 416, and the distributed data delivery network node 416 may send a configured policy response message to device 628 upon receiving the configured group access policy message. The configured group access policy message may specify one or more access control groups from which access to the digital twin data structures 630 and 632 is permitted or revoked. For example, device 402 may submit a group access message containing a new group access policy for digital twin data structures 630 and 632, which revokes the access of the second access control group 614 to the digital twin data structures 630 and 632. Thus, chemical product consumers 4 510 and 5 612 can no longer access the digital twin data via distributed participant nodes 116D and 116E, while chemical product consumers 1 602 and 2 604 can still access the digital twin data structures 630 and 632. The configuration policy response message sent by the distributed data provision network node 416 may provide an indication of whether the request was completed or failed.
[0125] Since access to digital twin data structures 630 and 632 is based on group access data, if access to different digital twin data structures is provided to different access control groups, the defined digital twin data structures 630 and 632 must be generated for each access control group. Therefore, as shown in Figure 6A, a copy of digital twin data structure 630 must be generated for access control group 2 614, and that copy must be modified with respect to the included nodes so that it includes only the nodes that are permitted to be accessed by distributed network participants included in access control group 2 614. In this example, access control group 1 606 is permitted to access digital twin data structure 630, which includes the root node 616, intermediate nodes 618 and 620, and leaf nodes 622, 624, and 626. In contrast, access control group 2 614 is permitted to access digital twin data structure 632, which includes the root node 616, intermediate node 616, and leaf nodes 622 and 624. Therefore, as shown in Figure 6A, the digital twin data structure 630 must be copied, and node 2 620 and all child nodes must be removed.
[0126] Using group-based policies allows for efficient and user-friendly control of access to digital twin data structures by controlling access at the group level. However, because the digital twin data structure needs to be coordinated for each access group, this results in the creation of multiple copies of the digital twin data structure. Consequently, a large number of digital twin data structures need to be generated and stored, and therefore, a large amount of data storage capacity is required.
[0127] Figure 6B illustrates an example of controlling access to a digital twin data structure based on access control groups in combination with granular access control at the node level, according to one embodiment of the present disclosure. In contrast to the example shown in Figure 6A, access to the digital twin data structure 630 is not controlled solely on the basis of access control groups. Instead, access to the digital twin data structure 630 is controlled based on a combination of group-based access control and node-level access and interaction control of the digital twin data structure 630. This allows for the benefit of group-based access control, as described in relation to Figure 6A, while avoiding the creation of multiple copies of the digital twin data structure and controlling the interaction with nodes present within the digital twin data structure for each distributed network participant who is a member of an access control group permitted to access the digital twin data structure 630.
[0128] The distributed data delivery network node 416 and the device 402 for generating access policy data may interact with the DT storage 414 which stores the digital twin data. Distributed participant nodes 116A-116E associated with chemical product consumers 602, 612 may interact with the distributed data delivery network node 416 as described in relation to Figure 6A (see also Figure 1). The device 402 for generating access policy data and the distributed data delivery network node 416 may be configured to access the digital twin data stored in the DT storage 414 via a network connection. The network connection may be via one or more public and / or private networks. In some embodiments, the device 402 for generating access policy data and the distributed data delivery network node 416 may access the DT storage 414 via the internet.
[0129] The distributed data serving network node 416 may be configured to receive requests to access the digital twin data structure 630 from one or more distributed participant nodes (e.g., distributed data consumption network nodes), as described in relation to Figure 6A. The distributed data serving network node 416 may be configured to provide access to the digital twin data structure based on access policy data provided from device 402. The access policy data may include group access data and associated participant access data associated with one or more nodes residing within the digital twin data structure 630. The distributed data serving network node 416 may be configured to collect the digital twin data structure from DT storage 414 and provide the collected digital twin data structure to distributed participant nodes requesting access to the digital twin data structure, as described in relation to Figure 6A. The exemplary implementation shown in Figure 6B includes five distributed participant nodes 116A to 116E, while other implementations may include a different number of distributed participant nodes. The device 402 for generating access policy data may be used to generate access policy data for a digital twin data structure, to add, modify, and / or delete participant access data, and / or to configure participant access data for distributed network participants accessing the digital twin data structure.
[0130] The device 402 for generating access policy data may generate access control policies for one or both of access control groups 606 and 614, as described, for example, in relation to Figure 6A. The device 402 for generating access policy data may generate access policy data for the digital twin data structure 630. The access policy data may include access control data for one or both of the access control groups, and associated participant access data that controls the access of distributed network participants (via their respective distributed participant nodes) to and interaction with one or more nodes of the digital twin data structure. For example, the access control data may indicate that members of access control group 1 606 are permitted to access and interact with the root node 616, intermediate nodes 618, 620, and leaf nodes 622, 624, 626, while members of access control group 2 614 are permitted to access and interact only with the root node 616, intermediate node 620, and leaf node 626. Therefore, node 618 and its associated child nodes 622 and 624 are not accessible to members of access control group 614, and as a result, these members cannot access and interact with the node and the data contained therein. Thus, by using participant access data, it is possible to inherit the parent node's permissions to all child nodes, thus avoiding the need to define permissions for each node present in the digital twin data structure. By using participant access data, it is possible to avoid generating different copies of the digital twin data structure 630 and to reflect different permissions for members in different access control groups regarding access to and interaction with nodes present in the digital twin data structure.By using access policy data that includes group access data and associated participant access data for access control groups associated with one or more nodes present in a digital twin data structure, access to and interaction with the digital twin data structure can be controlled in an efficient and user-friendly manner, while avoiding the creation of multiple copies of the digital twin data structure, in order to reflect different permissions associated with different access control groups regarding access to and interaction with the nodes of the digital twin data structure.
[0131] Figure 7A shows a first example, as shown in Figure 5, of controlling access to a digital twin data structure based on access policy data, which includes at least one group access policy and participant access data associated with one or more nodes present in the digital twin data structure, according to one embodiment of the present disclosure. In this embodiment of Figure 7A, a distributed data-providing network node 416 may implement access policy data for controlling access to the digital twin data structure.
[0132] The example shown in Figure 7A includes a single distributed data consumption network node 602 and a single device 402 for generating access policy data. However, a distributed data provision network node 416 may interact with multiple distributed data consumption network nodes and / or devices 402, which may be similar to that described in relation to Figure 6B. The distributed data provision network node 416 may control access to the digital twin data stored in the DT storage 414.
[0133] The distributed data delivery network node 416 may include a policy configuration unit 704. The policy configuration unit 704 may be configured to provide means for device 402 to generate, modify, and / or delete group access data associated with the digital twin data structure and / or participant access data associated with nodes residing within the digital twin data structure. Device 402 may send a configure group access policy message to the distributed data delivery network node 416 to create a new access control group and associated group access policy, create a new group access policy, or modify an existing group access policy associated with the digital twin data. The policy configuration unit 704 may receive the configure group access policy message and update the group access policy data store 708. Device 402 may also send a participant access data message to the distributed data delivery network node 416, where participant access data for one or more distributed network participants may be added, updated, or modified. The participant access data for distributed network participants may be configured to provide fine-grained control over actions that the distributed network participants may perform on one or more nodes residing within the digital twin data structure. Participant access data may include, or correspond to, access control list data, which includes at least one access control list entry. The at least one access control list entry may include a distributed participant identifier associated with a distributed network participant who is permitted to access one or more nodes residing in the digital twin data structure, each node to which the distributed network participant is permitted to access, and one or more actions permitted to be performed on the nodes to which access is permitted. The policy configuration unit 704 may update the participant access data data store 710 using the information received in the message.
[0134] The policy configuration unit 704 may be configured to authenticate users of device 402 to ensure that users are authorized to modify the contents of the group access policy data store 708 and the access control data data store 710. In some embodiments, device 402 may provide the policy configuration unit 704 with a security token that contains information identifying the user of device 402 to the distributed data serving network node 416 and can be used by the policy configuration unit 704 to verify that the user is authenticated. In some implementations, the security token may be implemented as a JavaScript Object Notation (JSON) web token. Once the policy configuration unit 704 has determined that the user of device 402 is authenticated, the policy configuration unit 704 may determine what actions the user is authorized to perform. In some embodiments, the data owner of the digital twin data structure may be permitted to modify the contents of the group access policy data store 708 and / or the access control data data store 710.
[0135] The distributed data serving network node 416 may include a policy engine 706. The policy engine 706 may be configured to (1) determine whether a distributed network participant associated with the distributed data consumption network node 702 is permitted to access the digital twin data structure, and (2) if the user has access to the digital twin data structure, as described, for example, in relation to Figure 15A, determine whether the distributed network participant has the necessary authority to perform the requested action or an action on the digital twin data structure. The distributed data consumption network node 702 may correspond to any one of the distributed participant nodes 116 to 124, as described, for example, in relation to Figures 1 and 6B. The distributed data consumption network node 702 may send a request to access the digital twin data structure, which includes a distributed digital twin identifier associated with the digital twin data structure to be accessed, a distributed participant identifier of a distributed network participant associated with the distributed data consumption network node 702, and one or more actions to be performed on the digital twin data structure, as described, for example, in relation to Figure 16. The policy engine 706 may analyze a request using data stored in the group access policy data store 708 and the access control data store 710 to determine, for example, as described in relation to Figure 15A, whether the distributed data consumption network node 702 should be permitted to access the digital twin data structure and whether the distributed network participant has the necessary access level to perform the requested action on the digital twin data structure (for example, on one or more nodes residing within the digital twin data structure).
[0136] Figure 7B shows another example, as shown in Figure 5, of controlling access to a digital twin data structure based on access policy data, including access control groups and participant access data associated with one or more nodes present in the digital twin data structure, according to one embodiment of the present disclosure. In contrast to the example shown in Figure 7A, only group-based access is controlled by the distributed data-providing network node 416, while the access controller 712 is used to determine whether a distributed network participant has the necessary authority to perform one or more requested actions on one or more nodes present in the digital twin data structure.
[0137] The example shown in Figure 7B includes a single distributed data consumption network node 702 and a single device 402 for generating access policy data. However, the distributed data serving network node 416 may interact with multiple distributed data consumption network nodes and / or devices 402, as described in relation to Figure 7A. Combined with an access controller 712, the distributed data serving network node 416 can control access to digital twin data stored in DT storage 414.
[0138] The distributed data provision network node 416 may include a policy configuration unit 704. The policy configuration unit 704 may be configured to provide means for the device 402 to configure group access policies for groups associated with a digital twin data structure, as described in relation to Figure 7A. The policy configuration unit 704 may be configured to authenticate users of the device 402, as described in relation to Figure 7A.
[0139] The distributed data serving network node 416 may include a policy engine 706. The policy engine 706 may be configured to determine whether a distributed network participant associated with the distributed data consumption network node 702 is authorized to access the digital twin data structure, as described, for example, in relation to Figure 15B. The distributed data consumption network node 702 may send a request to access the digital twin data structure, as described, for example, in relation to Figure 7A. The policy engine 706 may analyze the request using data stored in the group access data data store 708, as described, for example, in relation to Figure 15B, to determine whether the distributed data consumption network node 702 should be permitted to access the digital twin data structure.
[0140] The access controller 712 may be communicatively coupled to the distributed data provision network node 416. The access controller 712 may include a policy configuration unit 704. The policy configuration unit 704 may be configured to provide means for the device 402 to configure access control data for one or more nodes residing in the digital twin data structure, as described in relation to Figure 7A. The policy configuration unit 704 may be configured to authenticate users of the device 402, as described in relation to Figure 7A.
[0141] The access controller 712 may include a policy engine 2 714. The policy engine 2 714 may communicate with the policy engine 706 of the distributed data serving network node 416. In response to a message from the policy engine 706 that a distributed network participant associated with the distributed data consumption network node 702 is permitted to access the digital twin data structure, the policy engine 2 714 may be configured to determine, for example, as shown in Figure 15B, whether the distributed network participant has the necessary authority to perform the requested action on the digital twin data structure (e.g., to perform the requested action on one or more nodes residing within the digital twin data structure). The distributed data serving network node 416 may provide the policy engine 2 714 with data contained in the request received from the distributed data consumption network node 702. The policy engine 2 712 may use the data stored in the participant access data 710, for example as described in relation to Figure 15B, to analyze the provided data to determine whether the distributed network participant has the necessary access level to perform the requested action on the digital twin data structure.
[0142] Figure 8A shows a first example of linkage between a digital twin data structure and a digital access element via a distributed digital twin identifier. The digital twin data structure may include a root node, intermediate nodes, and / or leaf nodes (see, for example, Figure 5). The digital twin data structure 500 may be generated as described in relation to Figures 9A and 10. The digital twin data structure 500 may be stored in DT storage 414. The digital access element 804 associated with the physical entity of the product may be generated as described in Figure 9B. The digital twin data structure may include different sub-data structures connected to the root node 502 of the digital twin data structure 500 (see, for example, Figure 5). The root node 502 may include a distributed digital twin identifier 802. The root node may be connected to one or more sub-data structures, which may be considered child nodes of the root node 502. Each sub-data structure may include one or more nodes. Sub-data structures 526, 528 connected to the root node 502 of the digital twin data structure 500 may include a distributed digital twin identifier 802. Therefore, by using the distributed digital twin identifier 802, it becomes possible to identify all existing sub-data structures contained within the digital twin data structure 500. The distributed digital twin identifier 802 may include further identifiers, such as identifiers for sub-data structures 526 and 528. This makes it possible to uniquely identify the sub-data structures contained within the digital twin data structure using the distributed digital twin identifier 802 and the respective identifiers of the sub-data structures.
[0143] The digital access element 804 may include a distributed passport identifier 806. The distributed passport identifier 806 may be a distributed identifier linked to a distributed digital twin identifier 802 contained in the digital twin data structure 500. The distributed passport identifier 806 may correspond to a distributed digital twin identifier 802 contained in the digital twin data structure 500. The latter avoids the generation of a new distributed identifier and the linking of the newly generated distributed identifier to a distributed digital twin identifier contained in the digital twin data structure.
[0144] The digital access element may include digital twin location data 808. The digital twin location data 808 may include a digital representation that directly or indirectly points to a storage structure that stores the digital twin data structure 500, such as DT storage 414 (not shown, see, for example, Figure 4A). The digital twin location data 808 may include a digital representation that points to a distributed data provision network node 416 associated with DT storage 414 (not shown, see, for example, Figure 4A).
[0145] The digital access element 804 may be linked to the digital twin data structure 500 via a distributed passport identifier 806, and thus, as described in relation to Figure 16, it is possible to access the digital twin data structure using the distributed passport identifier 806 and digital twin location data 808 contained in the digital access element 804.
[0146] Figure 8B shows a second example of linkage between the digital twin data structure 500 and digital access elements 810, 816 via distributed digital twin identifiers 802 and distributed passport identifiers 814, 820. The digital twin data structure may include a root node, intermediate nodes, and / or leaf nodes (see, for example, Figure 5). The digital twin data structure 500 may be generated as described in relation to Figures 9A and 10. The digital twin data structure 500 may include different sub-data structures connected to the root node 502 of the digital twin data structure 500 (see, for example, Figure 5). The root node 502 may include a distributed digital twin identifier 802. The root node may be connected to one or more sub-data structures, which may be considered child nodes of the root node 502. Each sub-data structure may include one or more nodes. The sub-data structures 526, 528 connected to the root node 502 of the digital twin data structure 500 may include a distributed digital twin identifier 802. Therefore, by using the distributed digital twin identifier 802, it becomes possible to identify all existing sub-data structures connected to the root node 502 of the digital twin data structure 500. Digital access elements 810, 816 associated with the physical entity of the product can be generated as described in Figure 9B.
[0147] In this example, digital access element 810 may be generated for sub-data structure 1 526, and digital access element 816 may be generated for sub-data structure 2 528. Digital access elements may be generated for each sub-data structure, or for at least a portion of the sub-data structures connected to the root node 502 of the digital twin data structure 500. Each digital access element may be linked to its respective sub-data structure by distributed passport identifiers 814, 820 via distributed digital twin identifier 802. Each digital access element 810, 816 may include digital twin location data 812, 818. Digital twin location data 812, 818 may include digital representations, as described in relation to Figure 8A.
[0148] Figures 8A and 8B show only two exemplary embodiments, and any number of digital access elements and any number of sub-data structures are possible within a digital twin data structure. For example, a first digital access element may be generated for a first group of sub-data structures, while a second digital access element may be generated for a second group of sub-data structures. A group of sub-data structures may contain one or more sub-data structures.
[0149] Figure 9A shows an example of a system and related methods for controlling access to a digital twin of a product produced from one or more input materials by production, according to one embodiment of the present disclosure. The system may comprise a digital twin management system 902. The digital twin management system 902 may comprise a device for generating a digital twin, e.g., a device 424 described below. The digital twin management system 902 may comprise a device for generating access policy data for controlling access to a digital twin data structure, e.g., a device 402 described in relation to Figure 4A. The digital twin management system 902 may comprise a system 400b described in relation to Figure 4B. The digital twin management system 902 may comprise means for controlling access to the digital twin, e.g., a distributed data provision network node 416, as described in relation to Figure 7A, or a distributed data provision network node 416 combined with an access controller 712, as described in relation to Figure 7B. The digital twin management system 902 may be included in the production operation system (see, for example, Figure 2). The digital twin management system 902 may be communicatively coupled to the chemical production operation system (not shown).
[0150] The production may be a chemical production, such as a chemical production 204 described in relation to Figure 2. Production 204 may produce at least one product 206 from one or more input materials 202. The input materials may be supplied to production 204, for example, as described in relation to Figure 2. The input materials may enter the system boundary 904 of production 204 at an inlet point such as a production plant or material storage associated with production 204. The amount of input materials entering the system boundary 904 of production 204 may be measured using, for example, a sensor 210b described in relation to Figure 2. The chemical and / or physical properties of the input materials may be measured after they have passed through the system boundary 904 of production 204, for example, using a sensor 210a described in relation to Figure 2. The measurement data may be used to determine at least one chemical and / or physical property of the input materials.
[0151] Input materials may be used in production to produce one or more products, such as chemical products, from the input materials, as described, for example, in relation to Figure 2. The operating system 208 of production 204 may monitor and / or control production 204 based on the operating parameters of different processes. The operating system 208 may receive production demand data associated with the production plan of production 204. The production demand data may be generated from the target production capacity of one or more chemical products to be produced by production 204. The production demand data may be generated from a predefined production capacity or from a data-driven model that associates production capacity with market demand data or the amount consumed at the point of consumption. The production demand data may include the target capacity of the products to be produced by production 204. The operating system 208 may further receive a bill of materials associated with the products to be produced. The bill of materials may include input material data associated with the materials used to produce the product, process data associated with the production chain for producing the product, and / or product data associated with the product, such as product specification data or the quantity of product to be produced.
[0152] Based on the received production demand data and material list, material demand data may be determined. Material demand data may include data on the amount of material needed to produce a target production volume of a product. Material demand data may include material identifiers associated with the materials needed to produce the product, and data on the amount of each material. For each material identifier, material demand data may include one or more material specifiers indicating the material specifications. For each material identifier, material demand data may include data on material quantities indicating the amount of material to be supplied. Material demand data may specify the production chain of production 204. Material demand data may include bills of materials for one or more production chains of production 204. Material demand data may include one or more recipes specifying one or more materials for the production process of production 204. The determined material demand data may be provided for access by supplier systems associated with suppliers outside the physical system boundary of production 204. Material supply may be triggered by the supplier system accessing the material demand data.
[0153] The amount of product resulting from processes performed within production 204, such as chemical reactions and / or physical treatments, can be measured using sensors such as sensor 210b, as described in relation to Figure 2. Since chemical reactions can yield two or more reaction products, and for example, chemical reactions are associated with a many-to-many relationship between starting materials and resulting reaction products (see also Figure 2), measuring the amount of chemical product resulting from each chemical reaction performed within chemical production 204 allows tracking the flow of materials within chemical production 204. The measured data can be stored in one or more databases associated with the operational system 208. Furthermore, processes can be monitored using sensors such as sensor 210b, and the generated monitoring data can be stored in one or more databases associated with the operational system 208. The measured amount of product produced, as well as the monitoring data, can be used to generate a digital twin data structure for each production process performed within production 204. The measured amount of product produced, as well as the monitoring data, can be used to generate a digital twin data structure for production 204. This digital twin data structure allows for reliable tracking and consideration of the flow of input materials, intermediate chemicals, and chemical products, even though there is a many-to-many relationship between the starting materials and reaction products associated with the chemical reaction. The physical and / or chemical properties of the produced product can be measured by sensors such as sensor 210a and / or determined as described in relation to Figure 2. The measured and / or determined chemical and / or physical properties of the produced product 206 can be stored in one or more databases associated with the operating system 208.
[0154] The produced product 206 may be delivered at one or more exit points of production 204. The product 206 may leave the system boundary 904 of chemical production 204. When product 206 is produced, or when product 206 leaves production 204, a digital twin data structure associated with the product may be generated. The digital twin data structure may be generated by the apparatus 424. The apparatus 424 may be configured to generate the digital twin data structure, as described in relation to Figure 10. A requester 906 may be configured to generate a request to generate a digital twin data structure for the produced product 206. The requester 906 may be included in a labeling device, as described, for example, in relation to Figure 3. The request may include data related to the product, such as batch number and / or lot number. The request may further include data associated with an embodiment model (e.g., a data model) related to the product, such as an embodiment model identifier. The request to generate the digital twin data structure may be provided to the apparatus 424. Upon request, the digital twin generator 908 of the device 424 may be configured to generate a digital twin data structure using, for example, the method described in Figure 10.
[0155] The digital twin generator 908 may be configured to collect product-related data from data layers, such as a data source layer 420 (not shown, see, for example, Figure 4B), based on the data contained in the received request. The digital twin generator 908 may include a data acquisition unit configured to collect product data from, for example, the data source layer 420. The collected data may include at least one measured and / or determined physical and / or chemical property of the product. The digital twin generator 908 may be configured to determine whether a digital twin data structure associated with the produced product 206 already exists, for example, whether it is already stored in the data storage of a device 424, such as a DT storage 414 (see Figure 4A). This avoids the generation of existing digital twin data structures and thus leads to more efficient generation of digital twin data structures.
[0156] The digital twin generator 908 may be configured to request collected data and, optionally, a distributed identifier associated with the data owner from the distributed ID generator 910. The request may include at least one authentication mechanism, or may include selecting at least one of several authentication mechanisms. The request may include owner identifiers and / or chemical product identifiers and / or digital twin location data.
[0157] The distributed ID generator 910 may be configured to generate and provide distributed identifiers associated with the collected data and, optionally, with data owners, such as data owners of data associated with chemical products. For example, the distributed ID generator 910 may be configured to generate distributed digital twin identifiers, such as DIDs or UUIDs. The distributed ID generator 910 may be configured to generate distributed identifiers including or associated with further identifiers, such as sub-data structure identifiers. The distributed ID generator 910 may be configured to generate sub-data structure identifiers, such as DIDs and / or UUIDs. The distributed ID generator 910 may include components configured to generate distributed identifiers (DIDs). The distributed ID generator 910 may include components configured to generate universally unique identifiers (UUIDs). The distributed ID generator 910 may be part of the device 424. The distributed ID generator 910 may be communicatively coupled to the device 424; for example, the device 424 may not include the distributed ID generator 910 (not shown). The distributed identifiers generated by the distributed ID generator 910 may be one or more DIDs and / or UUIDs. One or more DIDs and / or UUIDs may be associated with a digital twin data structure. One or more DIDs and / or UUIDs may be further associated with a product. For example, the distributed identifier may include a distributed digital twin identifier associated with a digital twin data structure, and one or more sub-data structure identifiers associated with sub-data structures linked to the root node of the digital twin data structure. The distributed identifier may further include product identifiers associated with a product. The distributed ID generator 910 may be a centralized or distributed node configured to generate distributed IDs such as DIDs or UUIDv4, as described with respect to Figures 16 and 17. The distributed ID generator 910 may be a computing node that functions as a management module for the DID owner, a user agent, an ID hub, and / or a certificate issuer.The distributed ID generator 71910 may be configured to receive requests from the digital twin generator 908 and to provide distributed identifiers associated with data associated with data optionally collected by the data owner. The requests may include at least one authentication mechanism or may include selecting at least one of several authentication mechanisms. The requests may include, as described above, owner identifiers and / or chemical product identifiers and / or access data. The distributed ID generator 910 may be configured to generate distributed identifiers and data associated with authentication mechanisms.
[0158] The distributed ID provider 914 may be configured to provide received distributed identifiers to a requester 906 configured to associate received distributed identifiers with products. For this purpose, the requester 906 may include an ID assigner (see, for example, Figure 3). The distributed ID provider 914 may be configured to provide received distributed digital twin identifiers to an ID assigner (not shown) configured to associate received distributed identifiers with products. Such association may include encoding the distributed identifiers into a code such as a barcode, QR code, embossed code, or optical holographic identifier, and providing a code generated for product labeling. In this way, a physical identifier may be provided that associates the physical entity of the product with the distributed identifier in the digital twin data structure, and thus links the digital twin data structure to the physical entity of the product. The distributed ID provider 914 may be configured to provide received distributed identifiers to a digital twin generator 908. The distributed ID generator 910 and the distributed ID provider 914 may be separate devices as shown in Figure 9A. A distributed ID generator 910 and a distributed ID provider 914 may be contained within a single device (not shown) configured to generate and provide distributed identifiers.
[0159] For example, as illustrated in relation to Figure 10, upon receiving a distributed identifier from a distributed ID provider 914, the digital twin generator 908 may be configured to generate a digital twin data structure by retrieving at least one morphology model (e.g., a data model) from a morphology model DB (not shown) and applying each retrieved morphology model to the collected data. Applying each morphology model to the collected data may result in the generation of a corresponding sub-data structure. The generated sub-data structures may be linked to the root node to generate the digital twin data structure.
[0160] The digital twin generator 908 may be configured to generate a digital twin data structure, as described, for example, in relation to Figure 10. The digital twin data structure may include a tree structure containing a root node and one or more leaf nodes. The tree structure may further include one or more intermediate nodes. An exemplary tree structure of the digital twin data structure is shown in Figure 5. The tree structure may include a distributed identifier sub-data structure. The distributed identifier may include one or more DIDs and / or UUIDs, as described above, for example. The digital twin generator 908 may be further configured to generate digital twin location data, as described, for example, in relation to Figure 10. The digital twin generator 908 may be configured to store the generated digital twin in the DT storage 414.
[0161] The device 402 for generating access policy data may be configured to generate access policy data, as described, for example, in relation to Figures 4A and 11. The access policy data may include group access data and associated participant access data, as described, in relation to Figures 7A, 7B, and 11. The access policy data may include a distributed digital twin identifier associated with a digital twin data structure. The device 402 may generate access policy data as described in Figure 11. At least a portion of the access policy data may be provided to the distributed data provision network node 416, as described, for example, in relation to Figures 4A, 7A, and 7B.
[0162] A distributed data provision network node 416 may be associated with production 204 that produces product 206. A distributed data provision network node 416 may be associated with a data owner of a digital twin data structure, such as a product producer. A distributed data provision network node 416 may be configured to control access to a digital twin data structure, such as digital twin data stored in DT storage 414, based on access policy data provided by device 402, as described, for example, in relation to Figures 7A and 15A. A distributed data provision network node 416 may be configured to control access to a digital twin data structure in combination with an access controller 712, as described, for example, in relation to Figures 7B and 15B. A distributed data provision network node 416 may be configured to provide access to a digital twin data structure upon request from a distributed data consumption network node 702, as described, for example, in relation to Figures 7A, 7B, 15A, and 15B. The distributed data provision network node 416 and the distributed data consumption network node 702 may be part of the distributed network 126, as described, for example, in relation to Figure 1.
[0163] By using group access data included in the access policy data, it is possible to filter distributed data consumption network nodes based on the distributed participant identifier of the distributed network participant associated with the distributed data consumption network node, thus ensuring that only distributed data consumption network nodes associated with authorized distributed participants can access the digital twin data structure. By using participant access data included in the access policy data, it is possible to control the access and interaction of distributed network participants to the digital twin data structure at the node level of the digital twin data structure, thus avoiding the creation of multiple copies of the digital twin data structure involving different nodes.
[0164] Figure 9B shows an example of an apparatus and associated method for accessing a digital twin of a product produced from one or more input materials by production using a digital access element, according to one embodiment of the present disclosure. The system may comprise a digital twin management system 902. The digital twin management system 902 may comprise an apparatus for generating a digital twin data structure, e.g., apparatus 424 as described in relation to Figure 9A. The digital twin management system 902 may comprise an apparatus for generating access policy data for controlling access to the digital twin data structure, e.g., apparatus 402 as described in relation to Figure 4A. The digital twin management system 902 may comprise a system 400b as described in relation to Figure 4B. The digital twin management system 902 may comprise means for controlling access to the digital twin data structure, e.g., a distributed data serving network node 416 as described in relation to Figure 7B, or a distributed data serving network node 416 combined with an access controller 712 as described in relation to Figure 7A. The digital twin management system 902 may comprise an apparatus for generating a digital access element, such as apparatus 426. The digital twin management system 902 may be included in the production operation system (see, for example, Figure 2). The digital twin management system 902 can be communicatively coupled to the production operation system (not shown).
[0165] Production may be a chemical production, such as chemical production 204, as described in relation to Figures 2 and 9A. Production 204 may produce at least one product 206 from one or more input materials 202, as described, for example, in relation to Figure 9A. The produced product 206 may be served at one or more exit points of production 204. The product 206 may leave the system boundary 904 of production 204. When product 206 is produced, or when product 206 leaves production 204, a digital twin data structure may be generated, as described, for example, in Figures 8A and 9. A requester 906 may be configured to generate a request to generate a digital twin data structure of the produced product 206, as described, for example, in relation to Figure 9A. The generated digital twin data structure may be stored in DT storage 414. The digital twin data structure may include a tree structure including a root node and one or more leaf nodes. The tree structure may further include one or more intermediate nodes. An exemplary tree structure of the digital twin data structure is shown in Figure 5. The tree structure may include distributed identifiers. Distributed identifiers may be assigned to product 206 by ID assigner 906, as described in relation to, for example, Figures 3 and 9A.
[0166] The DT generation apparatus 424 may be configured to generate a digital twin data structure of the manufactured product 206, as described in relation to Figure 9A. The DT generation apparatus 424 may be configured to store the generated digital twin data structure in the DT storage 414, as described in relation to Figure 9A.
[0167] The device 402 for generating access policy data may be configured to generate access policy data, as described, for example, in relation to Figures 4A and 11. The access policy data may include group access data and associated participant access data, as described, in relation to Figures 7A, 7B, and 11. The access policy data may include a distributed digital twin identifier associated with a digital twin data structure. The device 402 may generate access policy data as described in Figure 11. At least a portion of the access policy data may be provided to the distributed data provision network node 416, as described, for example, in relation to Figures 4A, 7A, and 7B.
[0168] A distributed data provision network node 416 may be associated with production 204 that produces product 206. A distributed data provision network node 416 may be associated with data owners of the digital twin data structure, such as product producers. A distributed data provision network node 416 may be configured to control access to the digital twin data structure, as described in relation to Figure 9A. A distributed data provision network node 416 may be configured in conjunction with an access controller 712 to control access to the digital twin data structure, as described in relation to Figure 9A. A distributed data provision network node 416 may be configured to provide access to the digital twin data structure upon request from a distributed data consumption network node 602, as described, for example, in relation to Figures 7A, 7B, 15A, and 15B. A distributed data provision network node 416 and a distributed data consumption network node 702 may be part of a distributed network 126, as described, for example, in relation to Figure 1.
[0169] The apparatus 426 for generating digital access elements may be configured to generate digital access elements associated with a product. The digital access elements enable indirect access to the digital twin data structure, i.e., access to the digital twin data structure via the digital access elements. Access to the digital access elements themselves may remain unrestricted while still allowing controlled access to the digital twin data structure. The digital access elements may include a distributed passport identifier and digital twin location data. The distributed passport identifier is or is associated with the distributed digital twin identifier of the digital twin associated with the product. The distributed identifier may be further associated with a data owner. The data owner may be the data owner of the digital twin data structure contained in the digital twin, as described in relation to Figure 9A. The data owner may be a product producer, as described in relation to Figure 9A. The distributed identifier may include one or more UUIDs and / or one or more DIDs, as described, for example, in relation to Figure 9A. One or more DIDs and / or UUIDs may be associated with the digital twin and / or the digital twin data structure contained in the digital twin. One or more DIDs and / or UUIDs may be further associated with a product.
[0170] A digital access element may correspond to a DID document containing a distributed digital twin identifier as a DID. Such a DID document may further include sub-data structures connected to the root node of the digital twin data structure, and sub-data structure identifiers associated with digital twin location data. The digital twin location data may include a digital representation pointing to the digital twin data structure or sub-data structure, as described, for example, in relation to Figure 9A. A digital access element may correspond to a DID document containing a distributed passport identifier associated with the digital twin identifier. Such a DID document may further include sub-data structures connected to the root node of the digital twin data structure, and sub-data structure identifiers associated with digital twin location data. A digital access element may correspond to a data structure containing a distributed passport identifier and digital twin location data. An example of a digital access element is shown in Figure 19.
[0171] Digital access elements can be generated in response to the generation of a digital twin data structure. Therefore, the generation of digital access elements by device 426 may be triggered by device 424, for example, when device 424 generates its respective digital twin data structure. The request to generate digital access elements may include an owner identifier and / or a product identifier, as described in relation to Figure 9A.
[0172] A digital access element can be generated by providing a distributed passport identifier and digital twin location data, as described in relation to Figure 18. A physical identifier associated with a product can be assigned to the distributed passport identifier contained in the generated digital access element. The device 426 can be configured to provide the distributed passport identifier to a requester 906 configured to associate the received distributed passport identifier with a product. For this purpose, the requester 906 may include an ID assigner, as described in relation to Figures 3 and 9A. This enables linking the distributed passport identifier, and therefore the digital twin data structure associated with the distributed passport identifier, to the physical entity of the product. The physical identifier may correspond to a code such as a barcode, QR code, embossed code, optical holographic code such as zero-order diffraction microstructure, or a tag such as an RFID tag. The physical identifier can be generated by a labeling machine, as described, for example, in relation to Figure 9A.
[0173] Device 426 may be configured to provide the generated digital access element to a distributed registry 914 accessible by the distributed data consumption network node 702. The distributed data consumption network node 702 may use the data contained in the digital access element, such as the distributed passport identifier and digital twin location data, to access the digital twin data structure associated with the distributed passport identifier from the distributed data provision network node 416, as described, for example, in relation to Figure 16. The distributed data provision network node 416 may authorize access to the digital twin data structure based on the distributed digital twin identifier associated with the digital access element, the distributed participant identifier associated with the distributed data consumption network node requesting access to the digital twin, and the access policy data provided by Device 402 (see, for example, Figures 6A and 15A). The distributed data provision network node 416 may, in combination with the access controller 712, authorize access to the digital twin data structure based on the distributed digital twin identifier associated with the digital access element, the distributed participant identifier associated with the distributed data consumption network node requesting access to the digital twin, and the access policy data provided by the device 402 (see, for example, Figures 6B and 15A).
[0174] Figure 10 shows a flowchart of a computer implementation method for generating a digital twin of a physical entity of a product, according to an exemplary embodiment of the present disclosure. The digital twin may include a digital twin data structure. The digital twin data structure may include a tree structure, including a root node and one or more leaf nodes. An example of a digital twin data structure is shown in Figure 5. A digital twin may be generated for a product 206 produced by a production 204 from one or more input materials 202. The product may be a chemical production 204, as described in relation to Figures 2 and 3. The digital twin may be generated by an operating system 208 of the production 204. The operating system may include a device 424 for generating the digital twin, as described in relation to Figure 9A. A request to generate a digital twin may be manually triggered by a user via a user interface. A request to generate a digital twin may be automatically triggered, for example, when the packaging of the produced chemical product is detected, as described in relation to Figures 3 and 9A.
[0175] In block 1002, a request may be received to generate a digital twin of a product. The request may include data related to the product. The request may further include data related to at least one aspect model associated with the product. The request may be generated manually or automatically, as described above. The data related to the product may include product identifiers such as batch number, lot number, product name, and / or product ID. The data related to at least one aspect model may include aspect model identifiers.
[0176] In decision block 1004, it can be determined whether a digital twin data structure for the product already exists. Thus, it can be determined whether a digital twin data structure has already been generated and stored, for example, in DT storage 414. This determination may be based on data related to the product included in the received request, such as a product identifier. For example, a product identifier may be used to determine whether a digital twin data structure associated with or containing the product identifier already exists, for example, whether it is already stored in DT storage 414. If a digital twin data structure for the product already exists, the method may proceed to decision block 1006. Otherwise, the method may proceed to block 1010 as described below.
[0177] In decision block 1006, it may be determined whether the existing digital twin data structure should be updated. The determination may be based on the data contained in the received request. For example, the request may contain data indicating an update to the digital twin data structure. If the digital twin data structure should be updated, the method may proceed to block 1008. Otherwise, the method may terminate or proceed to block 1002.
[0178] In block 1008, the digital twin data structure may be updated. Updating may include performing the actions described later in blocks 1010-1016, for example, generating additional sub-data structures. Updating may also include modifying the digital twin data structures included in the existing digital twin.
[0179] In block 1010, data including at least one measured and / or determined physical and / or chemical property of a chemical product may be collected based on data related to the product included in the request received in block 1002. The data may be collected from one or more data sources, for example, distributed data sources of data source layer 420 (see Figure 4B), as described in relation to Figure 9A. The data may be collected directly from one or more distributed data sources of data source layer 420. The data may be consumed from service layer 422, for example, as described in relation to Figure 4B. The device 424 may determine whether the request includes a product identifier. In this case, the product identifier may be used to collect data from the distributed data sources. Otherwise, the device 424 may determine the product identifier from the data included in the received request. For example, the product identifier may be retrieved from a database based on the data included in the received request.
[0180] In block 1012, the collected data and optionally a distributed digital twin identifier associated with the data owner may be provided. The distributed digital twin identifier may be provided, for example, in response to a request generated by the digital twin generator 908 of device 424 (see Figure 8A). The request may include a data owner identifier and / or a product identifier. The data owner may be the data owner of the collected data and / or the data contained in the distributed data source. The data owner may be a product producer. The data owner may be a data owner as described above. The distributed digital twin identifier may be requested from a central or distributed node, for example, as described in relation to Figure 9A. The distributed identifier may be one or more DIDs and / or UUIDs, for example, as described in relation to Figure 9A. Block 1012 may also be executed after either block 1014 or block 1016.
[0181] In block 1014, an aspect model associated with a product may be collected. At least a portion of the aspect model may be associated with environmental attributes associated with the product. The aspect model may be collected based on an aspect model identifier contained in the received request, or based on data contained in the received request. The aspect model may be collected from data storage.
[0182] In block 1016, sub-data structures may be generated for each embodiment model extracted in block 1008. At least a portion of the generated sub-data structures may include a tree structure. Sub-data structures may be generated by applying each embodiment model extracted in block 1014 to the data collected in block 1010. For example, the collected data may be mapped to the structure and / or characteristics of each embodiment model. Each collected embodiment model may include the structure of at least a portion of the sub-data structures and / or the characteristics of the sub-data structures. Data storage may include embodiment models related to environmental attributes associated with a product. Environmental attributes may relate to emission data such as CO2 footprint data, recyclable content, bio-based content, renewable content, certificates, or a combination thereof. Using different embodiment models allows for a more granular structuring of the sub-data structures included in the digital twin data structure, and thus allows for the extraction of only specific parts of the digital twin data structure, avoiding unnecessary data transfer within the distributed network. Sub-data structures generated by applying an embodiment model to collected data and associated with a distributed identifier of the digital twin can be considered assets or embodiments of the digital twin. Each asset or embodiment can be uniquely identified by a sub-data structure identifier. Therefore, the combination of a distributed identifier and a sub-data structure identifier can make it possible to uniquely identify a sub-data structure associated with a product. Furthermore, this combination also makes it possible to specifically retrieve such sub-data structures via a distributed data consumption network node, for example, using a distributed identifier and digital twin location data, as illustrated in relation to Figure 16.
[0183] In block 1018, a digital twin may be generated. Generating a digital twin may include generating a digital twin data structure having a tree structure including a root node and one or more leaf nodes. Generating a digital twin data structure may include generating a root node and linking the root node to at least a portion of the generated sub-data structures. The provided distributed identifier may be included in the root node. The digital twin may include a digital twin data structure having a tree structure including a root node and one or more leaf nodes. The digital twin data structure may include the root node and one or more sub-data structures generated in block 1016. The distributed identifier may include one or more DIDs and / or UUIDs, as described, for example, in relation to Figure 9A. One or more DIDs and / or UUIDs may be associated with at least a portion of the sub-data structures. One or more DIDs and / or UUIDs may be further associated with a product. The digital twin may further include product identifiers associated with a product. The product identifier may be a product identifier included in the received request.
[0184] Generating a digital twin may further include generating digital twin location data. Digital twin location data may include a digital representation pointing to the digital twin data structure or a portion thereof. For example, a DID document containing a provided distributed identifier and the generated digital twin location data may be generated (see, for example, Figure 19). The DID document may be propagated to a distributed ledger, such as a blockchain or a distributed file storage system, as described in relation to Figure 19, and may be used by a chemical product consumer 104 to access the digital twin data structure, as described in relation to Figure 15, for example.
[0185] In block 1020, the generated digital twin may be stored in DT storage 414, as described in relation to Figure 9A, and this block is generally optional. The storage of the digital twin in DT storage 414 can improve security regarding access to the digital twin, as appropriate authentication and authorization schemes may be implemented between DT storage 414 and distributed data-providing network nodes that provide the digital twin data to authorized distributed data-consuming network nodes, as described, for example, in relation to Figures 15A and 15B.
[0186] In block 1022, a physical identifier may be assigned to a distributed identifier included in the digital twin, although this block is generally optional. This block may be performed, for example, when a distributed identifier included in the digital twin is used to generate a digital access element (see, for example, Figure 8B). This makes it possible to link the distributed identifier, and therefore the digital twin, to the physical entity of the product. Assigning a distributed identifier to a physical identifier may involve generating a physical identifier with an embedded distributed identifier. The physical identifier may be generated by an ID assigner, as described in relation to, for example, Figure 9A, and may be attached to the product, for example, using a labeling device.
[0187] Figure 11 shows a flowchart of a computer implementation method for generating access policy data to control access to a digital twin of a physical entity of a product produced from one or more input materials, according to an exemplary embodiment of the present disclosure. The method may be implemented by an apparatus 402 for generating access policy data, as described in relation to Figure 4A. The method may be implemented by a system 400b, as described in relation to Figure 4B. The method may be implemented by a digital twin management system 902, as described in relation to Figures 9A and 9B. The generated access policy data may be used to control access to the digital twin data structure by distributed data consumption network nodes (see, for example, Figures 14A and 14B). Access to the digital twin data structure may be controlled by a distributed data serving network node 416 based on the access policy data, as described, for example, in relation to Figure 15A. Access to the digital twin data structure may be controlled by the distributed data serving network node 416 in combination with an access controller 712, as described, for example, in relation to Figure 15B.
[0188] In block 1102, group access data associated with the digital twin data structure may be generated. The group access data may be generated based on a distributed digital twin identifier and associated attribute data related to participants associated with the distributed network. The group access data may be generated as described in relation to Figure 12. The group access data may include one or more access control groups. An access control group may include one or more distributed participant identifiers associated with a distributed network participant. A distributed network participant may be associated with a distributed participant node, and therefore, a distributed participant identifier may also be associated with a distributed participant node. The group access data may include group access policy data. The group access policy data may define access control groups that are permitted to access the digital twin data structure. The group access policy data may include an access control group and / or an access control group identifier, and an indication of whether the distributed participant identifiers included in the access control group are permitted or not to access the digital twin data structure. Therefore, the group access data may identify access control groups that include distributed participant identifiers associated with distributed network participants permitted to access the digital twin data structure. By using the group access data, distributed data consuming network nodes that can access the digital twin data structure can be filtered. For example, a distributed data consumption network node associated with a distributed participant identifier that is included in one or more access control groups permitted to access the digital twin data structure may be permitted to access the digital twin data structure, while a distributed data consumption network node associated with a distributed participant identifier that is not included in an access control group permitted to access the digital twin data structure may not be permitted to access the digital twin data structure.However, membership in an access control group permitted to access the digital twin data structure can be independent of participant access data associated with each participant in the decentralized network via associated decentralized participant identifiers contained in participant access data. Therefore, access to the digital twin data structure can be managed independently of participant access data that controls a decentralized network participant's access to and interaction with specific nodes present within the digital twin data structure. If a participant can no longer access the digital twin data structure because they are no longer associated with an access control group permitted to access the digital twin data structure, the group access data allows the data owner to ensure data security by circumventing old permissions that allowed the decentralized network participant to access and / or manipulate the digital twin data structure. Therefore, access to the digital twin data structure can be controlled by an access control group regardless of the authority of the decentralized network participant to access and interact with the data structure. This enables efficient, secure, and reliable management of access rights to the digital twin data structure, thus preventing unauthorized access to the digital twin data structure and improving security.
[0189] In block 1104, participant access data associated with the digital twin data structure may be generated based on the generated group access data. Generating participant access data may include, for at least some of the nodes, selecting at least one distributed participant identifier from the distributed participant identifiers included in the generated group access data that is permitted to access one or more of the nodes. Generating participant access data may also include generating access control list data that includes at least one access control list entry. The at least one access control list entry may include a distributed participant identifier associated with each participant of the distributed network permitted to access one or more nodes present in the digital twin data structure, each node that the participant is permitted to access, and one or more actions that are permitted to be performed on the permitted nodes. Actions permitted to be performed on the nodes may include actions permitted to be performed on datasets present in the nodes, such as key-value pairs present in the nodes. The access control entry may further include one or more actions permitted to be performed on data points present in the nodes. Access control list entries may be generated for at least some of the nodes present in the digital twin data structure.
[0190] Generating access control list data may involve collecting product-related data, which may include a collection of consumer identifiers associated with the product's consumers. The collected product-related data may be mapped to each distributed participant identifier included in the access control group based on a relational expression in which the product-related data is associated with distributed participant identifiers accordingly. The relational expression may specify consumers associated with a product and / or products associated with those consumers. The relational expression may specify consumers based on consumer identifiers, such as consumer identifiers included in the product-related data, and associated distributed network identifiers, such as distributed network identifiers included in the access control group. The relational expression may correspond to a data structure containing relationships between products, consumer identifiers, and distributed participant identifiers. The data structure may include further information associated with consumer identifiers and / or distributed participant identifiers, such as names and / or addresses associated with the identifiers. The relational expression may be generated by determining data associated with distributed participants associated with product-related data. For example, the relational expression may be generated by matching names and / or addresses included in product-related data with names and / or addresses included in data associated with distributed participant nodes, and (based on the matching) relating the product-related data to distributed participant identifiers. Examples of relational expressions are shown in Figures 13A and 13B.
[0191] One or more nodes may include emission data, recycling content data, bio-based content data, occurrence data, labor conditions data, data on the composition of chemical products, material safety data, analytical data certificates, data associated with the production of a product, certification data associated with a product, regulatory information data associated with a product, data associated with the transportation of a product, data associated with the use of a product, measured and / or determined chemical and / or physical properties of a product, or a combination thereof. One or more actions may include read operations, modify operations, update operations, delete operations, create operations, operations involving further processing of data contained in a node by a data processing system associated with a participant in the distributed network, or a combination thereof. One or more actions may be associated with a specific location, the location may be associated with a jurisdiction, and one or more actions may be associated with legal requirements related to the supply of a product. One or more actions may be associated with at least one regulatory requirement for the supply of a product. One or more actions may be associated with obligations of distributed data consumption network nodes associated with each distributed participant identifier, and / or obligations of distributed network nodes that use digital twin data structures accessed by data consumption network nodes associated with each distributed participant identifier.
[0192] Participant access data can define, for one or more nodes in a digital twin data structure, the distributed participant identifiers permitted to access that node, and the one or more actions permitted to be performed on that node. By using participant access data, distributed participants who are permitted to access and interact with specific nodes within the digital twin data structure can be defined, thus ensuring that only distributed participants associated with the distributed participant identifiers defined by the participant access data owner are permitted to perform the defined actions on that particular node. This avoids the creation of multiple copies of the digital twin data structure containing different nodes and ensures that different access control groups are permitted to access only the appropriate nodes.
[0193] In block 1106, access policy data may be generated based on group access data and participant access data. The access policy data generated in block 1106 may be associated with a digital twin. The access policy data generated in block 1106 may include a distributed digital twin identifier associated with the digital twin. The access policy data may include computer executable instructions that enable access to the digital twin data structure, deny access to the digital twin data structure, modify access to the digital twin data structure, or perform one or more actions on the digital twin data structure. The access policy data may include a distributed digital twin identifier, a distributed participant identifier included in the access group data, a distributed participant identifier permitted to access one or more nodes present in each digital twin data structure, and one or more actions permitted to be performed on one or more nodes by a distributed participant node associated with a distributed participant identifier included in the participant access data.
[0194] The generated access policy data may be linked to a digital twin, and this block is generally optional. Linking the generated access policy data to a digital twin may include associating or linking the access policy data to a distributed digital twin identifier associated with the digital twin. Linking the generated access policy data to a digital twin may include including the distributed digital twin identifier in the access policy data. Linking the generated access policy data to a digital twin may include linking the access policy data identifier to the distributed digital twin identifier.
[0195] In block 1110, at least a portion of the generated access policy data is provided to the distributed data provision network node. For example, group access data may be provided to the distributed data provision network node. The distributed data provision network node may be configured to allow or deny access to the digital twin data structure based on the provided group access data, as described, for example, in relation to Figures 7B and 15B. In another example, group access data and associated participant access data may be provided to the distributed data provision network node. The distributed data provision network node may be configured to allow or deny access to the digital twin data structure based on the provided group access data, as described, for example, in relation to Figures 7A and 15A.
[0196] A distributed data delivery network node can be associated with a digital twin data structure. A distributed data delivery network node may be, for example, a distributed data delivery network node 416, as described in relation to Figures 15A and 15B.
[0197] By combining group access data with participant access data, access to the digital twin data structure can be controlled at separate levels, ensuring that only authorized decentralized network participants can access nodes within the digital twin data structure, while avoiding the creation of multiple digital twin copies and ensuring that only authorized nodes can be accessed by decentralized participant nodes that are members of different access control groups. Therefore, decentralized participant nodes that are members of the same access control group can access and interact with different nodes residing within the digital twin structure without the need to create multiple copies of the digital twin data structure containing different nodes.
[0198] Figure 12 shows a flowchart of a computer implementation method for generating group access data, as described in block 1102 of Figure 11, according to an exemplary embodiment of the present disclosure. Access group data may be generated based on a distributed digital twin identifier and associated attribute data related to participants associated with a distributed network. Attribute data may be associated with or include roles of participants associated with the distributed network. Roles may include roles such as raw material supplier, chemical producer, OEM, end-product user, dismantler, and recycler. Roles may be associated with actions performed by distributed network participants within a product ecosystem. For example, a distributed network participant that produces chemical products may be assigned the role of chemical producer.
[0199] In block 1202, data relating to decentralized network participants may be collected. Data relating to decentralized network participants may include data that identifies the decentralized network participant, such as participant name, decentralized participant identifier, and associated attribute data. Attribute data may include attribute types, such as the existing roles of participants in the product ecosystem as described above. Decentralized participant identifiers may be collected from such decentralized data storage of decentralized network 126 that stores the data.
[0200] In block 1204, at least one access control group may be generated, and at least a portion of the distributed participant identifiers contained in the collected data may be assigned to at least one generated access control group. Distributed participant identifiers may be assigned to at least one access control group based on attribute data. For example, distributed participant identifiers associated with a specific attribute type, such as a particular participant role, may be assigned to an access control group that represents such an attribute type. Thus, an access control group may contain a collector of distributed participant identifiers. A collector may be considered a package of distributed participant identifiers. An access control group may contain metadata. The metadata may indicate the identifier of the access control group, the name of the access control group, its creation data, its update data, or a combination thereof.
[0201] In block 1206, a distributed digital twin identifier may be provided, which is included in the digital twin of the product. The distributed digital twin identifier may be provided by a distributed digital twin identifier providing unit, such as the distributed ID provider 410 in Figure 4A. The distributed digital twin identifier may be provided as described in relation to Figure 4A.
[0202] In block 1208, group access data may be generated. The group access data may identify the generated access control group, which includes a distributed participant identifier associated with a distributed participant node that is permitted to access the digital twin data structure. The group access data may include the provided distributed digital twin identifier and at least one group access policy that defines the generated access control group that is permitted to access the digital twin data structure. The group access policy may include data indicating the access control group and related data indicating that access to the digital twin data structure associated with the distributed digital twin identifier is permitted. The data indicating the access control group may include a package of distributed participant identifiers. The data indicating the access control group may include the identifier and / or name of the access control group. The data indicating that access is permitted may include a classifier such as "permitted" or "not permitted". By using the distributed digital twin identifier during the generation of the group access data, it is possible to link the generated group access data to the digital twin, and therefore the digital twin data structure of the group access data is applied to the digital twin data structure when a request to access the digital twin data structure is received from a distributed participant node, such as distributed data consumption network node 602.
[0203] After the completion of block 1208, the method may proceed to block 1104 in Figure 11. Figure 13A shows a first example of a relational expression that may be used to generate participant access data, as described in relation to Figure 11. The relational expression may be used by the participant access data generator 408 of the apparatus 402 to generate participant access data, as described, for example, in relation to Figures 4A and 11. The relational expression may associate a chemical product 1302 with one or more chemical product consumers 602, 604, 610. One or more chemical product consumers may be chemical product consumer 104, and may be part of a distributed participant network 130, as described in relation to Figure 1. Although a chemical product is used to illustrate the concepts in Figures 13A and 13B, the concepts are similarly applicable to further products such as individual products, parts, part assemblies, and final products.
[0204] Chemical product 1302 may be a chemical product produced by chemical production, such as chemical production 204, as described in relation to Figures 2, 9A, and 9B. Chemical product 1302 may be a chemical product that can be produced by chemical production, such as chemical production 204, as described in relation to Figures 2, 9A, and 9B. Chemical product 1302 may be associated with a digital twin. The digital twin may include a digital twin data structure, as described, for example, in relation to Figures 5 and 9A. Chemical product 1302 may be associated with each batch of produced chemical product. Chemical product 1302 may represent a batch of produced chemical product.
[0205] One or more chemical product consumers 602, 604, 610 may process chemical products to produce further chemical products or distinct products. One or more chemical product consumers 602, 604, 610 may be associated with distributed participant network nodes 116A, 116B, 116D, as described in relation to Figure 6B. Each distributed participant network node may be operated by each chemical product consumer. Distributed network participant nodes may correspond to distributed data consumption network nodes, such as distributed data consumption network node 702, as described in relation to Figures 6A and 6B. Distributed data consumption network nodes may be configured to request access to the digital twin of chemical products at a distributed data provision network node associated with the digital twin, as described, for example, in relation to Figure 16. The relational representation shown in Figure 13A thus makes it possible to identify the consumers of chemical products produced by chemical product producer 102 and the associated distributed participant network nodes.
[0206] A relational representation can be a data structure that defines the relationship between a chemical product 1302, a chemical product consumer 104, and a distributed network node associated with the chemical product consumer 104.
[0207] Figure 13B shows a further example of a relational expression that may be used to generate participant access data, as described in relation to Figure 11. The relational expression may be used by the participant access data generator 408 of the apparatus 402 to generate participant access data, as described, for example, in relation to Figure 4A and Figure 11. The relational expression may associate chemical product 1302 with data related to chemical product and distributed participant identifier.
[0208] Chemical product 1302 may be a chemical product produced by chemical production, such as chemical production 204 as described in relation to Figure 13A. Chemical product 1302 may be a chemical product that can be produced by chemical production, such as chemical production 204 as described in relation to Figure 13A. Chemical product 1302 may be associated with a digital twin, as described in relation to Figure 13A. Chemical product 1302 may be associated with each batch of produced chemical product. Chemical product 1302 may represent a batch of produced chemical product.
[0209] Data related to chemical products may include consumer identifiers associated with a chemical product consumer 104, such as consumer identifier 1 1306, consumer identifier 2 1308, and consumer identifier 3 1314. Consumer identifiers may be unique identifiers used within a chemical production that produces a chemical product, such as a chemical production 204, as described in relation to Figures 2, 9A, and 9B. Consumer identifiers may not be unique within the distributed network 126. Consumer identifiers may not be known to other distributed network participants. Data related to chemical products may include chemical product identifiers associated with the chemical product. This allows for the association of data related to chemical products with chemical product 1302 in order to provide a relationship with chemical product 1302.
[0210] The consumer identifier may be associated with a distributed participant identifier associated with the chemical product consumer 104. Each distributed participant identifier may include any identifier uniquely associated with a distributed network participant and / or the production site of a distributed network participant, as described, for example, in relation to Figure 4A. The distributed participant identifier may be associated with the distributed participant node of the chemical product consumer 104 to which the consumer identifier is associated. This makes it possible to associate the consumer identifier used within chemical production with the respective distributed participant identifier associated with the participant network node of the chemical product consumer 104.
[0211] A relational representation may be a data structure that defines the relationship between a chemical product 1302, a chemical product consumer 104, and a distributed network node associated with the chemical product consumer 104. The data structure may include a customer identifier and an associated distributed participant identifier, along with an interrelated chemical product identifier.
[0212] Figure 14 shows a flowchart of a computer implementation method for controlling access to a digital twin of a product's physical entity by distributed data consumption network nodes associated with participants in a distributed network, according to an exemplary embodiment of the present disclosure. The digital twin may be generated as described in relation to Figures 9A and 10. The digital twin may include a digital twin data structure. The digital twin data structure may include a tree structure comprising a root node and one or more leaf nodes. An example of such a tree structure is shown in Figure 5. The digital twin data structure may include a distributed digital twin identifier, at least one measured physical and / or chemical property of the product, and / or at least one physical and / or chemical property determined from collected data associated with the production and / or use of the product.
[0213] The product may be produced by production from one or more input materials, as described in relation to, for example, Figures 2, 9A, and 9B. The product may be a chemical product. Access to the digital twin data structure by distributed data consumption network nodes, such as the distributed data consumption network node 702 associated with the chemical product consumer 104, may be controlled based on access policy data associated with the digital twin data structure. Access policy data may be generated as described in relation to Figures 4A, 4B, 11, and 12. Access to the digital twin data structure may be controlled by the digital twin management system 902, as described in relation to Figures 9A and 9B. The digital twin management system may be part of the product's operating system, such as the production system 208 of production 204 (see, for example, Figures 2, 9A, and 9B). The digital twin management system may be communicatively coupled to the operating system (not shown).
[0214] To access the digital twin data structure, in block 1402, a request to access the digital twin data structure may be received by a distributed data-serving network node 416. The distributed data-serving network node 416 may be associated with DT storage 414 that stores the digital twin data structure. The distributed data-serving network node 416 may be identified using a digital access element associated with the digital twin, as described, for example, in relation to Figure 16. The digital access element may be generated, as described, in relation to Figure 9B. The request may be generated by a distributed data-consuming network node 702 and provided to the distributed data-serving network node 416. The distributed data-consuming network node 702 may be associated with a participant in the distributed network, such as a chemical product consumer 104 (see, for example, Figures 1 and 16). The request may include a distributed digital twin identifier associated with the requested digital twin data structure, and a distributed participant identifier associated with the distributed network participant requesting access to the digital twin data structure. The request may further include data indicating one or more operations to be performed on the requested digital twin data structure. One or more actions may include reading, updating, modifying, processing, or a combination thereof. Requests may be transmitted via a peer-to-peer communication channel between the distributed data providing network node 416 and the distributed data consuming network node 702 (see Figure 1, dotted line between nodes 114 and 116). Distributed digital twin identifiers may be encoded in the physical identifier of the product (see, for example, Figure 16). Distributed digital twin identifiers may be retrieved from a database based on the physical identifier associated with the product (see, for example, Figure 16).
[0215] Authentication may be performed in block 1404, which is generally optional. In particular, a distributed data consumption network node 702 requesting access to digital twin data and / or a distributed data providing network node 416 providing access to the digital twin data structure may be authenticated, for example, by performing authentication. Such authentication may be based on data related to the authentication mechanism. The authentication mechanism may be based on certificates associated with each distributed participant node.
[0216] In decision block 1406, the distributed data providing network node 416 and / or the distributed data consuming network node 702 may determine whether authentication is valid, and this block is generally optional. If authentication is not valid, for example, fails, the distributed data providing network node 416 may deny the requested access to the digital twin data structure, and the method may terminate. Decision block 1406 may further include signing an electronic contract, as described in relation to Figure 16. By using an electronic contract, the distributed data consuming network node 702 and any further systems handling the digital twin data structure are ensured to comply with the participant access data associated with the digital twin data structure. If the electronic contract is not signed, the distributed data providing network node 416 may deny the requested access to the digital twin data structure.
[0217] If authentication is enabled, access policy data may be determined in block 1408 based on the received distributed digital twin identifier. Access policy data may include the distributed digital twin identifier, group access data, and associated participant access data, as described in relation to Figure 11. Access data may be retrieved from a database of a distributed data provider network node, such as database 418 (see Figure 4A). Group access data may identify access control groups that include distributed participant identifiers associated with distributed participant nodes permitted to access the digital twin data structure, as described in relation to Figures 11 and 12. Participant access data may identify distributed participant identifiers permitted to access one or more nodes present in the digital twin data structure, and one or more actions permitted to be performed on one or more nodes by the distributed participant nodes associated with the distributed participant identifier. Distributed participant identifiers identified by participant access data may be included in one or more access control groups identified by group access data. Therefore, participant access data may define access and actions for distributed participant identifiers included in access control groups identified by node-level group access data. This enables filtering of distributed data-consuming network nodes requesting access to the digital twin data structure by applying group-based and data node-based access controls. Since membership in access control groups permitted to access the digital twin data structure is independent of participant access data, access to the digital twin data structure can be managed independently of participant access data, which controls a distributed network participant's access to specific nodes and their interactions with nodes within the digital twin data structure.The combination of group-based access control and node-based access control allows data owners to easily manage access to digital twin data structures and ensure high data security of digital twin data structures by avoiding outdated permissions that could lead to unauthorized access to them. At the same time, it allows data owners to define permitted actions for decentralized participants who are allowed to access digital twin data structures at the node level, thus avoiding the creation of multiple copies of the digital twin data structure. This enables controlled and secure control of access to digital twin data structures, thus ensuring that digital twin data structures can be shared within a decentralized network under the control of the data owners of the digital twin data.
[0218] For example, as described in relation to Figures 15A and 15B, based on the determined access policy data, decision block 1412 may determine whether the distributed network participant associated with the distributed data consumption network node 702 is a member of one or more access control groups permitted to access the digital twin data structure. This determination may include comparing the distributed participant identifier associated with the distributed network participant and included in the received request with the group access data included in the determined access policy data, for example, the distributed participant identifier included in the access control group associated with the group access policy permitted to access the digital twin data structure. For example, the received distributed participant identifier may be compared with the distributed participant identifier included in the access control group that has permission to access the digital twin data structure. If the distributed network participant is a member of an access control group permitted to access the digital twin data structure (for example, if the received distributed participant identifier matches a distributed participant identifier included in one or more access control groups permitted to access the digital twin data structure), the method may proceed to decision block 1416. Otherwise, the distributed data provision network node 416 may refuse the requested access to the digital twin data structure, and the method may terminate.
[0219] In decision block 1416, it can be determined, for example, as described in relation to Figures 15A and 15B, whether a distributed network participant who can access the digital twin data structure may be permitted to perform the requested action on the digital twin data structure. The received distributed participant identifier may be compared with participant access data included in the determined access policy data. The received distributed participant identifier may be compared with distributed participant identifiers permitted to access one or more nodes. If the distributed participant identifier matches a distributed participant identifier permitted to access one or more nodes, the received data indicating one or more actions requested to be performed may be compared with one or more actions permitted to be performed on one or more nodes by the distributed participant node associated with the received distributed participant identifier. If the distributed network participant is permitted to perform the requested action on one or more nodes, the method may proceed to block 1420. Otherwise, the distributed data providing network node 416 may deny the requested access to the digital twin data structure, and the method may terminate.
[0220] In block 1420, a distributed data consumption network node 702 may be permitted to access a digital twin data structure according to the determined access policy data. Granting access may include applying participant access data contained in the determined access policy data to the digital twin data structure associated with the received distributed digital twin identifier, and the resulting digital twin data structure may be provided to the distributed data consumption network node 702. Applying participant access data may include traversing the tree structure of the digital twin data structure and determining for each node whether a distributed participant is permitted to access that node and perform one or more actions on the node (e.g., on the data contained in that node). Nodes that cannot be accessed by participants may be filtered, for example, removed from the digital twin data structure, and the remaining data structure, for example, a data structure containing only nodes that distributed participants are permitted to access and interact with, may be provided to a distributed data consumption network node requesting access to the digital twin data structure. Applying the determined participant access data may include collecting a digital twin data structure based on the distributed digital twin identifier included in the received request, and applying the determined participant access data to the digital twin data structure collected as described above. The digital twin data structure may be further collected based on the digital twin location data included in the determined access data. The digital twin data structure may be collected from data storage such as DT storage 414 (see, for example, Figures 4A, 7A, 7B, 15A, and 15B). The distributed data provision network node 416 may collect the digital twin data structure, apply the determined participant access data, and provide the resulting digital twin data structure to the distributed data consumption network node 702, for example, as described in relation to Figure 7A. The data storage may be connected to the distributed data provision network node 416 via further authentication network nodes.This ensures that only properly authenticated distributed data-providing network nodes 416 can access the database storing the digital twin data structure, thus improving security and preventing unauthorized access to the database data structure.
[0221] For example, as described in relation to Figures 15A and 15B, the access controller 712 can collect a digital twin data structure and apply the determined participant access data. The resulting digital twin data structure can be provided to the distributed data provision network node 416, and the distributed data provision network node 416 can provide the resulting digital twin data structure to the distributed data consumption network node 702.
[0222] Therefore, the distributed data consumption network node 702 can retrieve or receive the resulting digital twin data structure from the distributed data provision network node 416.
[0223] Figure 15A shows a first example of processing requests from a distributed data consumption network node to access the digital twin data structure of a product's digital twin. A distributed data consumption network node may be associated with a distributed network participant, as shown in Figure 1. A distributed network participant may want access to the digital twin data structure of a product. A distributed network participant may be a chemical consumer 104 receiving a chemical product from a chemical producer 102. The digital twin data structure may be generated as described in relation to Figures 9A and 10. Requests may be processed by a distributed data providing network node 416 associated with the digital twin data (see, for example, Figure 7A).
[0224] A distributed data consumption network node 702 may submit a request to a distributed data provision network node 416 to access a digital twin data structure (see step [1] in Figure 15A). Upon receipt, the request may be processed by the policy engine 706 to (1) determine whether the distributed network participant associated with the distributed data consumption network node 702 submitting the request is permitted to access the digital twin data structure, and (2) if the distributed network participant is able to access the digital twin data structure, whether the distributed network participant has the necessary authority to perform the requested action(s) on one or more nodes present in the digital twin data structure. The request may include a distributed digital twin identifier associated with the digital twin data structure to be accessed, and a distributed participant identifier associated with the distributed data consumption network node. The request may indicate one or more actions requested to be performed on the digital twin data structure on behalf of the distributed network participant associated with the distributed data consumption network node 702.
[0225] The policy engine 706 may be configured to retrieve group access data for a requested digital twin data structure, as identified in a request received from a distributed data consumption network node 702 (see operation 1502). The policy engine 706 may construct a request for group access data to retrieve the group access data from the group access data datastore 708 (see step 2 in Figure 15A). The group access data associated with the requested digital twin data structure may be provided to the policy engine 706 (see step [3] in Figure 15A). The group access data may include one or more access control groups. The group access data may include group access policy data. The group access policy data may include an access control group and / or an identifier for the access control group, as well as an indication of whether the distributed participant identifier of the group is permitted or denied access to the digital twin data.
[0226] The policy engine 706 can be configured to retrieve the distributed participant identifier from the incoming request (see operation 1512).
[0227] The policy engine 706 may be configured to determine whether a distributed network participant is a member of at least one access control group that is permitted to access the digital twin data structure (for example, whether the distributed participant identifier associated with the distributed network participant is included in at least one access control group) and whether access has not been revoked (see operation 1504). The policy engine 706 may make this determination by comparing the distributed participant identifier obtained from the received request with the distributed participant identifier included in the group access data (for example, included in one or more access control groups obtained from the group access data data store 708). If the distributed network participant is not a member of any access control group or is not a member of an access control group that is permitted to access the digital twin data structure, the policy engine 706 may proceed to operation 1510. In operation 1510, the policy engine 706 may reject the request to access the digital twin data structure received from the distributed data consuming network node 702 before generating a message indicating that the request has been denied. The message may include an indication that the distributed network participant cannot access the digital twin data structure.
[0228] The policy engine 706 may proceed to operation 1506 depending on whether the distributed network participant is permitted to access the digital twin data structure. In operation 1506, the policy engine 706 may determine the participant access data of the distributed network participant requesting access to the digital twin data structure (for example, the permission of the distributed network participant to perform one or more defined actions on nodes residing in the digital twin data structure). The participant access data may be determined using participant access data retrieved from the participant access data data store 710. The participant access data stored in the data store 710 may be access control list data (see Figure 11). The access control list data may include at least one access control list entry. At least one access control list entry may include a distributed participant identifier associated with each participant of the distributed network permitted to access at least some of the nodes residing in the digital twin data structure, each node that the participant is permitted to access, and one or more actions that the participant is permitted to perform on the nodes that are permitted to access (see Figure 11). Nodes residing within a digital twin data structure can be assigned to different security protections that define the permissions of distributed network participants to access these nodes and perform specific actions on them. These permissions can be represented as access control list data associated with the nodes residing within the digital twin data. The policy engine 706 can construct and send requests for participant access data to retrieve participant access data from the participant access data data store 710.
[0229] The policy engine 706 may query the participant access data data store 710 to retrieve participant access data for the digital twin data structure associated with the request. The policy engine 706 may compare each action requested by a distributed network participant with the permissions granted to the distributed network participant according to the participant access data. Based on the result of this comparison, the policy engine 706 may determine the permissions of the distributed network participant. The determined permissions may represent the integration of permissions from the participant access data that have corresponding claims (e.g., corresponding distributed participant identifiers and actions) included in the received request.
[0230] The policy engine 706 may be configured to determine whether a distributed network participant has the necessary authority to execute a request on the digital twin data structure (see operation 1508). To determine whether a distributed network participant has the necessary authority to execute a request on the digital twin data structure, the policy engine 706 may compare the participant authority obtained from operation 1506 with the data contained in the received request. If the distributed network participant does not have the necessary authority to execute the request, the policy engine 706 may proceed to operation 1510 described above to notify the distributed data consumption network node 702 that the request cannot be executed. Otherwise, if the distributed network participant has the necessary authority to execute the request on the digital twin data structure, the policy engine 706 may provide the request to the distributed data provision network node 416 for execution. The distributed data provision network node 416 may be configured to collect digital twin data from the DT storage 414 in response to receiving a request from the policy engine 706 (see operation 1516). The collected digital twin data structure may be provided to the policy engine 706, which may apply the determined participant privileges to the collected digital twin data structure, as described, for example, in relation to Figure 14 (see operation 1414). The policy engine 706 may provide a request response to the distributed data consumption network node 702. The request response may include the digital twin data structure obtained from operation 1514.
[0231] Figure 15B shows a further example of processing requests from a distributed data consumption network node to access a digital twin data structure. A distributed data consumption network node may be associated with a distributed network participant, as shown in Figure 1. A distributed network participant may want access to a digital twin data structure associated with a product. A distributed network participant may be a chemical consumer 104 receiving a chemical product from a chemical producer 102. The digital twin data structure may be generated as described in relation to Figures 9A and 10. The request may be processed by a distributed data providing network node 416 associated with the digital twin data structure in conjunction with an access controller 712 (see, for example, Figure 7B).
[0232] In contrast to the example shown in Figure 15A, only group-based access is controlled by the distributed data-serving network node 416, while the access controller 712 is used to determine whether a distributed network participant has the necessary authority to perform one or more requested actions on one or more nodes residing within the digital twin data structure. Thus, group-based and node-based access control are performed by separate policy engines residing in separate units.
[0233] The distributed data consumption network node 702 may submit a request to the distributed data providing network node 416 to access the digital twin data structure, as described in relation to Figure 15A (see step [1] in Figure 15B). Upon receipt, the request may be processed by the policy engine 706 of the distributed data providing network node 416 to determine whether the distributed network participant associated with the distributed data consumption network node 702 submitting the request is permitted to access the digital twin data structure. The request may include the data referred to in relation to Figure 15A.
[0234] The policy engine 706 may be configured to retrieve group access data for the requested digital twin data structure, identified in the request received from the distributed data consumption network node 702, as described in relation to Figure 15A (see operation 1502, steps [2] and [3] in Figure 15B).
[0235] The policy engine 706 can be configured to retrieve the distributed participant identifier from the incoming request (see operation 1512).
[0236] The policy engine 706 may be configured to determine whether a distributed network participant is a member of at least one access control group that is permitted to access the digital twin data structure, and whether the access has not been revoked as described in relation to Figure 15A (see operation 1504). If the distributed network participant is not a member of any access control group, or is not a member of an access control group that is permitted to access the digital twin data structure, the policy engine 706 may proceed to operation 1510. In operation 1510, the policy engine 706 may reject the request to access the digital twin data structure received from the distributed data consumption network node 702 before generating a message indicating that the request has been denied as described in relation to Figure 15A.
[0237] The policy engine 706 may provide the policy engine 2 714 of the access controller 712 with a denial request for access to DT1510, which determines the participant access data of a distributed network participant requesting access to the digital twin data structure, depending on the distributed network participant authorized to access the digital twin data structure. The request may include a distributed participant identifier and data relating to one or more actions requested to be performed on the digital twin data structure. The request may further include instructions regarding the access control group to which the participant belongs. The request may further include instructions indicating that the participant is permitted to access the digital twin data structure.
[0238] Upon request, the policy engine 2714 may determine participant access data for distributed network participants requesting access to the digital twin data structure in operation 1506, as described in relation to Figure 15A.
[0239] The policy engine 2 714 may be configured to determine, in operation 1508, whether a distributed network participant has the necessary authority to execute a request on the digital twin data structure, as described with reference to Figure 15A. If the distributed network participant does not have the necessary authority to execute the request, the policy engine 2 714 may proceed to operation 1510 described above to notify the distributed data consumption network node 702 that the request cannot be executed. Otherwise, if the distributed network participant has the necessary authority to execute the request on the digital twin data structure, the policy engine 2 714 may provide the request to the access controller 712 for execution. The access controller 712 may be configured to collect the digital twin data structure from the DT storage 414 in response to receiving the request from the policy engine 2 714 (see operation 1516). The collected digital twin data structure may be provided to the policy engine 2 714, which may apply the determined participant authority to the collected digital twin data, as described, for example, with reference to Figure 14 (see operation 1514). Policy engine 2 714 may provide request-responses to distributed data consumption network node 702. The request-responses may include a digital twin data structure obtained from operation 1514.
[0240] Figure 16 shows a schematic diagram of how, according to an exemplary embodiment of the present disclosure, a digital access element associated with a product is used to control access by a distributed data serving network node to the digital twin data structure of a digital twin associated with a product. Access to the digital twin data structure may be requested by a distributed data consumption service associated with a participant in the distributed network 126 (see Figure 1). The participant may be a chemical consumer 104 that receives a chemical product from a chemical producer 102 (see Figure 1). The product 206 may be produced by a production such as a chemical production 204 described in relation to Figures 2, 9A, and 9B. The product 206 may be associated with a digital twin. A digital twin, including a digital twin data structure, may be generated as described in relation to Figures 9A and 10. The digital twin may include a digital twin data structure. The digital twin data structure may include a tree structure, including a root node and a plurality of nodes, including one or more leaf nodes. An example of such a tree structure is shown in Figure 5. The digital twin data structure may include a distributed digital twin identifier, at least one measured physical and / or chemical property of the product, and / or at least one physical and / or chemical property determined from collected data associated with the production and / or use of the product. The digital twin may be stored in data storage associated with the digital twin's data owner, such as DT storage 414. The data owner may be a product producer, such as a chemical product producer 102. Access to the digital twin stored in data storage such as DT storage 414 may be controlled by the digital twin's data owner, for example, via a distributed data provision network node 114.
[0241] Digital access elements may be generated during or after the production of a product, as described, for example, in relation to Figure 9B. Digital access elements may be associated with a digital twin or a part thereof (e.g., a digital twin data structure, or a sub-data structure contained within a digital twin data structure). Digital access elements may include a distributed passport identifier and digital twin location data. Digital access elements may include a distributed passport identifier and a representation for accessing the digital twin or a part thereof. The representation may include an endpoint for accessing the digital twin or a part thereof. The representation may be associated with a distributed digital twin identifier. The distributed passport identifier may correspond to or be associated with a distributed digital twin identifier contained within a digital twin data structure. Digital twin location data may include a digital representation pointing to the digital twin or a part thereof. An example of a digital access element is shown in Figure 19. Digital access elements may further include, or be associated with, authentication and / or authorization information linked to the distributed passport identifier. Authentication and / or authorization information may be provided for authentication and / or authorization of the distributed data providing network node 416 and / or the distributed data consuming network node 602. The digital access element may be provided to the distributed registry 914, as described, for example, in relation to Figure 9B. The distributed registry 914 may store the distributed passport identifier and associated digital twin location data.
[0242] Product 206 produced by production 204 may be provided to product consumers, such as chemical product consumers 104, by product producers, such as chemical product producers 102, in connection with a digital access element. Product consumers may process the product to produce further chemical products and / or separate products. Product 206 may be associated with a code, such as a barcode or QR code, that encodes a distributed passport identifier. Product consumers of product 206 may read the code through a code reader 1602. The code reader 1602 may be a smartphone running a code reading application, such as a QR code reader app. Data obtained by the code reading application may be used to identify the distributed passport identifier. Data obtained by the code reading application may be used to identify the distributed digital twin identifier. Data obtained by the code reading application may be used to determine the product identifier. Data obtained by the code reading application may be used to determine the digital twin location data. The distributed passport identifier, distributed digital twin identifier, product identifier, and digital twin location data may be determined by the code reader 1602. For example, the distributed passport identifier determined by the code reader 1602 may be a DID, and the code reader 1602 may be configured to retrieve the associated DID document containing the distributed digital twin identifier and digital twin location data, for example, using a DID resolver (see also Figure 19). In another example, a chemical product identifier is determined by the code reader 1602 and used to retrieve the distributed passport identifier and associated digital twin location data from a database, for example, a distributed registry 914. Thus, the code reader 1602 may be configured to retrieve a digital access element containing the distributed passport identifier and digital twin location data from the distributed registry 914. The code reader 1602 may be configured to provide the distributed passport identifier and / or distributed digital twin identifier to a database 1606 associated with the consumer of the product.The code reader 1602 may be configured to provide the determined distributed passport identifier, distributed digital twin identifier, and digital twin location data to the distributed data consumption network node 702.
[0243] The code reader 1602 may be configured to display the determined / retrieved data on the user interface, as indicated by reference numeral 1604. The user interface may display the determined distributed passport identifier (PP identifier), the determined distributed digital twin identifier (DT identifier), and the determined digital twin location data (DT location). In this embodiment, the distributed passport identifier and the distributed digital twin identifier are different from each other. In another embodiment, the distributed passport identifier is equal to the distributed digital twin identifier. The user interface may further display the determined product identifier (CP identifier). The user interface may also allow the user to initiate the retrieval of the digital twin data structure or a portion thereof based on the distributed passport identifier and the digital twin location data, as described below. This process may be initiated by a button labeled "Access DT". When the button is pressed, the code reader 1602 may send a request to the distributed data consumption network node 702 to access the digital twin data structure or a portion thereof.
[0244] A distributed data consumption network node 116 may generate requests to access a data structure or a portion thereof. A distributed data consumption network node 116 may generate requests based on data received from a code reader 1602. For example, a distributed data consumption network node 116 may generate requests based on a distributed digital twin identifier received from a code reader 1602. A distributed data consumption network node 116 may generate requests based on a distributed passport identifier and / or a distributed digital twin identifier provided to the database 1606. For example, a distributed data consumption network node 116 may be configured to retrieve a distributed digital twin identifier and digital twin location data from a distributed registry 914 based on a distributed passport identifier stored in the database 1606. Requests generated by a distributed data consumption network node 116 may include a distributed digital twin identifier and a distributed participant identifier of a product consumer associated with the distributed data consumption network node 116. Requests may include one or more actions performed on the digital twin data structure. The distributed data consumption network node 116 may be configured to determine the distributed data provision network node 114 associated with the digital twin data structure based on digital twin location data provided by the code reader 1602 or retrieved from the distributed registry 914.
[0245] A distributed data consumption network node 116 may send a request to access the digital twin data structure to a determined distributed data provision network node 114, as indicated by arrow 1608. The distributed data provision network node 114 may be associated with a product producer that produces product 206. The distributed data provision network node 114 may be associated with a production that produces a product. The distributed data provision network node 114 may be associated with a data owner of the digital twin data structure. In addition to the request, authentication and / or authorization information may be provided by the distributed data consumption network node 116, as described, for example, in relation to Figure 14.
[0246] Requests can be authenticated, for example, as described in relation to Figure 14. Access to the digital twin data structure can be authorized based on access policy data, as described in relation to Figures 14, 15A, and 15B. This allows for filtering of distributed data consuming network nodes requesting access based on the distributed participant identifier associated with the network node and the requested action performed on the accessed digital twin data structure. If a request is not authorized, for example, if distributed data consuming network node 116 is not authorized to access the digital twin data structure, the peer-to-peer communication channel will be terminated by distributed data providing network node 114, and the digital twin data structure or any part thereof will not be provided.
[0247] If the request is authorized, the distributed data providing network node 114 may initiate contract negotiations with the distributed data consuming network node 116 before providing the digital twin data structure or a portion thereof. The distributed data providing network node 114 may provide the distributed data consuming network node 116 with an electronic contract. The electronic contract may include one or more authorization rules associated with the distributed digital twin identifier. This enables data consumers to determine the access and usage conditions associated with the desired data. The distributed data providing network node 114 and the distributed data consuming network node 116 may be configured to negotiate and sign the electronic contract. The use of the electronic contract ensures that the distributed data consuming network node and any further systems handling the digital twin data structure or a portion thereof comply with at least one policy associated with the digital twin data structure. Once the electronic contract is signed, the digital twin data structure may be collected, and participant rights may be applied to the collected data as indicated by arrows 1610 and 1614 (see also Figures 14, 15A, and 15B). The resulting digital twin data structure, which is obtained by applying participant permissions to the collected digital twin data structure, can be provided to the distributed data consumption network node 116 by the distributed data provision network node 114, as indicated by arrow 1612.
[0248] The digital twin provided by the distributed data provision network node 114 can be stored in the database 1606 associated with the distributed data consumption network node 116, according to the access policy data, as indicated by arrow 1616.
[0249] Through a decentralized digital twin identifier, a digital twin data structure can be uniquely associated with a product. Through a decentralized network, the digital twin data structure, or a portion thereof, can be transferred between product producers and product consumers in a standardized and secure manner, allowing product producers to control access to the digital twin data structure by multiple decentralized data consumption network nodes residing within the decentralized network. Thus, the digital twin data structure, through its unique association with a product, can be shared directly among participants in the product ecosystem without a central intermediary. This enables transparency of the digital twin within the product ecosystem.
[0250] Figure 17 shows a flowchart of a computer implementation method for processing digital twin data of a digital twin of a physical entity of a product, according to an exemplary embodiment of the present disclosure. The product may be produced by production such as chemical production 204, as described in relation to Figures 2, 9A, and 9B. The digital twin may be generated as described in relation to Figures 9A and 10. The digital twin may include a digital twin data structure. The digital twin data structure may include a tree structure including a root node and a plurality of nodes including one or more leaf nodes. An example of such a tree structure is shown in Figure 5. The digital twin data structure may include a distributed digital twin identifier, at least one measured physical and / or chemical property of the product, and / or at least one physical and / or chemical property determined from collected data associated with the production and / or use of the product.
[0251] In block 1702, access to the digital twin data structure is requested. Access may be requested by a distributed data consumption network node, such as a node associated with the chemical product consumer 104 (see also Figures 1 and 16). Access may be requested by a distributed data provision network node associated with the digital twin data structure (see, for example, Figure 16). The request may include a distributed digital twin identifier associated with the digital twin, and a distributed participant identifier associated with the distributed data consumption network node. The request may include one or more actions requested to be performed on the digital twin data structure.
[0252] Upon request, access to the digital twin data structure may be authorized by a distributed data-serving network node, as described, for example, in relation to Figures 14, 15A, and 15B. If access to the digital twin data structure is authorized, the digital twin data structure or a portion thereof may be provided to a distributed data-consuming network node in block 1704 (see also Figures 14-16). The provision may include pushing the digital twin structure or a portion thereof into a database associated with the distributed data-consuming network node. The provision may also include receiving the digital twin structure or a portion thereof from the distributed data-serving network node.
[0253] A digital twin data structure or a portion thereof may be processed in block 1706. Processing may include determining further data using the provided digital twin data structure or a portion thereof. Processing may include aggregating the provided digital twin data structure or a portion thereof. Processing may include using the provided digital twin data structure or a portion thereof to generate control data for controlling the production of further chemical products and / or separate products from the received chemical product.
[0254] The output obtained from the processing may be provided in block 1708. This provision may include providing data via a communication interface.
[0255] Figure 18 shows a computer implementation method for controlling access to a digital twin data structure of a product's physical entity by a distributed data consumption network node using a digital access element associated with the product, according to an exemplary embodiment of the present disclosure. The product may be produced by production, such as chemical production, as described in relation to Figures 2, 9A, and 9B. The digital twin may be generated as described in relation to Figures 9A and 10. The digital twin may include a digital twin data structure. The digital twin data structure may include a tree structure containing a root node and a plurality of nodes, including one or more leaf nodes. An example of such a tree structure is shown in Figure 5. The digital twin data structure may include a distributed digital twin identifier, at least one measured physical and / or chemical property of the product, and / or at least one physical and / or chemical property determined from collected data associated with the production and / or use of the product.
[0256] In block 1802, a digital access element may be generated. The digital access element may be generated as described in relation to Figure 9B. The digital access element may include a distributed passport identifier and digital twin location data. The distributed passport identifier may correspond to or be associated with a distributed digital twin identifier, as described, for example, in relation to Figures 9B and 16. The digital access element may correspond to a DID document associated with a distributed passport identifier that is a DID.
[0257] The generated digital access element may be provided in block 1804. This may include providing the digital access element to a distributed registry, such as a distributed registry 914 (see, for example, Figures 9B and 16). This may include encoding the digital access element in a physical identifier attached to the product.
[0258] Access to the digital twin data structure can be controlled at block 1806 based on the provided digital access element, the decentralized digital twin identifier, and the decentralized participant identifier of the decentralized network participant associated with the decentralized data consumption network node that requests access to the digital twin data structure. The control of access to the digital twin data structure can be performed as described in connection with FIGS. 14-15B.
[0259] FIG. 19 shows an example of a digital access element that includes DID owner data, DID document data, and a decentralized identification information infrastructure.
[0260] The decentralized identifier can include a decentralized identifier (DID). The DID-based digital access element can, in this case, be the DID document 1904 associated with the DID. In addition to the DID document 1904 that functions as a digital access element, FIG. 19 shows a DID owner data element 1802 that includes decentralized identifier-based owner data. Generally, the decentralized identifier-based owner data can include a decentralized identifier associated with an object such as a chemical product dataset and can include one or more authentication mechanisms. The decentralized identifier-based owner data 1802 can include owner data that is electronically owned and controlled by the DID owner. In this regard, being electronically owned can refer to data stored in an owner repository or wallet. Such data can be securely stored and / or managed on an organized server or client device. The decentralized identifier-based owner data 1902 can include a DID, a private key, and a public key. The DID owner can own and control the DID that represents the identification information associated with the DID object, and the private key and public key pair associated with the DID. The DID can be understood as an identifier and authentication information associated with or uniquely linked to the identifier.
[0261] The DID subject can be a raw material, a basic substance, a chemical product, or a final product. The DID subject can be a raw material, a basic substance, a chemical product, an intermediate product, a final product, a machine, a system, or a device used to produce such, or an aggregate of such machines, devices, and / or systems. The DID owner can be a supply chain participant or a producer such as a chemical producer that produces chemical substances. The DID owner can be an upstream participant of the chemical producer 102, such as a supplier that supplies a raw material chemical product or a precursor for producing a chemical product. The DID owner can be a downstream participant of the chemical producer 102, such as a customer that consumes a chemical product to produce an intermediate product, a component, a component assembly, or a final product. The DID owner can be any participant in the production ecosystem including a raw material chemical product supplier, an intermediate chemical product producer, an intermediate part producer, a component producer, a component assembly producer, a final product producer, a final product user, an EOL recycler, or a recycler.
[0262] The DID can be any identifier associated with the DID subject and / or the DID owner. Preferably, the identifier is unique to the DID subject and / or the DID owner. The identifier can be unique at least within the range where the DID is expected to be unique during use. The identifier can be a local or global unique identifier for any participant in the production ecosystem including a raw material, a precursor, a basic substance, a chemical product, an intermediate product, a component, a component assembly, a final product, a recycled material, or an aggregate thereof, a raw material, a basic substance, a chemical product, an intermediate product, a component, a component assembly, a final product, a recycled material, a machine, a system, or a device used to produce such, or an aggregate of such machines, devices, and / or systems, a chemical producer that produces chemical substances, an upstream participant of the chemical producer, a downstream participant of the chemical producer, or an aggregate thereof, a raw material chemical product supplier, an intermediate chemical product producer, an intermediate part producer, a component producer, a component assembly producer, a final product producer, a final product user, an EOL recycler, a recycler, or an aggregate thereof.
[0263] A DID can be any identifier associated with a DID subject and / or DID owner. Preferably, a DID is unique to the DID subject and / or DID owner. A DID can be unique to at least the extent to which it is expected to be unique when used. A DID can be a local or global unique identifier to any of the possible DID subjects described above. A DID can also be a Uniform Resource Identifier (URI), such as a Uniform Resource Locator (URL). Furthermore, a DID can be an Internationalized Resource Identifier (IRI). A DID can be a Uniform Resource Identifier (URI), such as a Uniform Resource Locator (URL). A DID can be an Internationalized Resource Identifier (IRI). For enhanced security, a DID can be a random string of numbers and letters. In one embodiment, the DID may be a sequence of 128 characters and numbers following the "scheme did:method name:method-specific did" format, such as "did:ebfeb1f712ebc6f1c276e12ec21". The DID may be a distributed ID under the control of the DID owner, independent of a centralized third-party management system.
[0264] A digital access element as DID document data 1904 may be associated with a DID, i.e., a DID contained in distributed identifier-based owner data 1902. Thus, a digital access element may include a reference to a DID associated with a DID subject described by the DID document 1904. The DID document 1904 may also include authentication information, such as a public key. The public key may be used by a third-party entity authorized by the DID owner / subject to access information and data owned by the DID owner / subject. The public key may also be used to verify that the DID owner actually owns or controls the DID. The DID document may include authentication and authorization information, for example, to authorize a third-party entity to read the DID document or a portion of the DID document without, for example, granting the third party the authority to prove ownership of the DID.
[0265] The digital access element 1904 may include, for example, one or more representations that digitally link to the digital twin data structure contained in the digital twin to which the digital access element is associated, via a service endpoint. The service endpoint may include a network address on which the service operates on behalf of the DID owner. In particular, the service endpoint may refer to a service, such as a data provision service, of the DID owner that grants access to the digital twin data. Such a service may include a service that reads or analyzes the data contained in the digital twin data. The data contained in the digital twin may include chemical product declaration data, chemical product safety data, certificates of analytical data, emission data, product carbon footprint data, product environmental footprint data, chemical product specification data, product information, technology application data, production data, chemical composition data, or a combination thereof.
[0266] The digital access element 1904 may include further identifiers such as a digital twin data identifier and a chemical product identifier.
[0267] Digital access element 1904 may contain various other information, such as metadata specifying when the digital access element was created, when the last modification was made, and / or when it expires.
[0268] The DID and digital access element 1904 may be associated with a distributed data service system or a distributed data service system 1906, for example, a data registry node such as a distributed ledger or blockchain or a distributed file system. The distributed ledger or blockchain may be used to store a representation of the DID that points to the digital access element 1904. The representation of the DID may be stored on the distributed computing nodes of the distributed ledger or blockchain 1906. For example, a DID hash may be stored on multiple computing nodes of the distributed ledger and may point t...
Claims
1. An apparatus for generating access policy data to control access to a digital twin of a physical entity of a product produced from one or more input materials, wherein access to the digital twin by one or more distributed data consumption network nodes of a distributed network is controlled by a distributed data provision network node associated with the digital twin, the digital twin includes a digital twin data structure comprising a tree structure including a root node and a plurality of nodes, optionally including one or more leaf nodes, the digital twin data structure includes a distributed digital twin identifier, and at least one measured physical and / or chemical property of the product, and / or at least one physical and / or chemical property determined from collected data associated with the production and / or use of the product, and the apparatus, - At least one group access data generator configured to generate group access data associated with the digital twin data structure, wherein the group access data identifies an access control group that includes a distributed participant identifier associated with a distributed network participant permitted to access the digital twin data structure, - At least one participant access data generator configured to generate participant access data associated with one or more nodes present in the digital twin data structure based on the generated group access data, wherein the participant access data identifies the distributed network participants permitted to access the one or more nodes, and one or more actions permitted to be performed on the one or more nodes by the distributed network participants associated with the distributed participant identifier, - At least one access policy data generator configured to generate access policy data associated with the digital twin based on the generated group access data and the generated participant access data, wherein the access policy data identifies the group access data and the associated participant access data. A device equipped with the following features.
2. The apparatus according to claim 1, wherein the group access data includes a collection of one or more distributed participant identifiers associated with the distributed participant nodes that are permitted to access the digital twin data structure.
3. The apparatus according to claim 1 or 2, wherein membership in one of the access control groups indicates that a distributed network participant associated with the distributed participant identifier is permitted to access the digital twin data structure associated with the access control group.
4. The apparatus according to any one of claims 1 to 3, wherein membership in one of the access control groups is independent of the participant access data associated with a distributed network participant via the associated distributed participant identifier contained in the participant access data.
5. The apparatus according to any one of claims 1 to 4, wherein generating the participant access data comprises generating access control list data which includes at least one access control list entry, the at least one access control list entry comprising the distributed participant identifier associated with the distributed network participant permitted to access at least a portion of the data points residing in the digital twin data structure, the respective nodes permitted to access the distributed network participant, and the one or more actions permitted to be performed on the nodes permitted to access.
6. The apparatus according to claim 5, wherein access control list entries are generated for at least some of the nodes present in the digital twin data structure.
7. The apparatus according to any one of claims 1 to 6, wherein generating participant access data includes selecting, for one or more nodes, at least one distributed participant identifier from the distributed participant identifiers contained in the generated group access data that is permitted to access and interact with one or more of the nodes.
8. The apparatus according to any one of claims 1 to 7, wherein one or more nodes include emission data, recyclable content data, bio-based content data, occurrence data, working conditions data, data associated with the composition of a chemical product, material safety data, analytical data certificates, data associated with the production of the product, certificate data associated with the product, regulatory information data associated with the product, data associated with the transport of the product, data associated with the use of the product, measured and / or determined chemical and / or physical properties of the product, or a combination thereof.
9. The apparatus according to any one of claims 1 to 8, wherein the one or more actions include a read operation, a modify operation, an update operation, a delete operation, a create operation, an operation involving further processing of the data contained in the node by a data processing system associated with the participant of the distributed network, or a combination thereof.
10. The apparatus according to any one of claims 1 to 9, wherein the one or more of the aforementioned actions are associated with a specific location, the location is associated with a jurisdiction, and the one or more of the aforementioned actions are associated with legal requirements relating to the supply of a product.
11. The apparatus according to any one of claims 1 to 10, wherein one or more of the aforementioned actions are associated with the obligations of a distributed data consumption network node associated with each distributed participant identifier, and / or the obligations of a distributed network node that uses the digital twin data structure accessed by the data consumption network node associated with each distributed participant identifier.
12. A computer implementation method for generating access policy data to control access to a digital twin of a physical entity of a product produced from one or more input materials, wherein access to the digital twin by one or more distributed data consumption network nodes of a distributed network is controlled by a distributed data providing network node associated with the digital twin, the digital twin includes a digital twin data structure comprising a tree structure including a root node and a plurality of nodes, optionally including one or more leaf nodes, the digital twin data structure includes a distributed digital twin identifier, and at least one measured physical and / or chemical property of the product, and / or at least one physical and / or chemical property determined from collected data associated with the production and / or use of the product, and the method - To generate group access data associated with the digital twin data structure, wherein the group access data identifies an access control group that includes a distributed participant identifier associated with a distributed network participant permitted to access the digital twin data structure. - To generate participant access data associated with one or more nodes present in the digital twin data structure based on the generated group access data, wherein the participant access data identifies the distributed network participants permitted to access the one or more nodes, and one or more actions permitted to be performed on the one or more nodes by the distributed network participants associated with the distributed participant identifier, - To generate access policy data associated with the digital twin based on the generated group access data and the generated participant access data, wherein the access policy data identifies the group access data and the associated participant access data. A computer implementation method that includes the following steps.
13. A computer implementation method for controlling access to a digital twin of a physical entity of a product by a distributed data consumption network node associated with a participant in a distributed network, wherein the digital twin includes a digital twin data structure having a tree structure including a root node and a plurality of nodes, optionally including one or more leaf nodes, the digital twin data structure includes a distributed digital twin identifier, and at least one measured physical and / or chemical property of a chemical product, and / or at least one physical and / or chemical property determined from collected data associated with the production and / or use of the product, and the method - Receiving a request from a distributed data consumption network node to access the digital twin or a portion thereof, wherein the request includes the distributed digital twin identifier and the distributed participant identifier of a distributed network participant associated with the distributed data consumption network node. - Determining access policy data generated by the apparatus described in any one of claims 1 to 11 or according to the computer implementation method described in claim 12 (based on the distributed digital twin identifier included in the received request), - Based on the distributed participant identifier and access policy data included in the received request, determine that the distributed network participant is a member of at least one access control group permitted to access the digital twin data structure, and that the participant is permitted to interact with the digital twin data structure when accessing it, and accordingly, - To grant the distributed data consumption network node access to the digital twin data structure in accordance with the access policy data, Computer implementation methods, including those mentioned above.
14. A computer implementation method for controlling access to a digital twin of a physical entity of a product by a distributed data consumption network node associated with a participant in a distributed network, wherein the digital twin includes a digital twin data structure having a tree structure including a root node and a plurality of nodes, optionally including one or more leaf nodes, the digital twin data structure includes a distributed digital twin identifier, and at least one measured physical and / or chemical property of the product, and / or at least one physical and / or chemical property determined from collected data associated with the production and / or use of the product, and the method - Receiving a request from the distributed data consumption network node to access the digital twin data structure, wherein the request includes the distributed digital twin identifier and the distributed participant identifier associated with the distributed data consumption node. - Accessing access policy data of participants in the distributed network associated with the digital twin, wherein the access policy data identifies one or more access control groups associated with the digital twin data structure, membership in the access control groups indicating that the distributed participants are permitted to access the digital twin data structure, and membership in the access control groups that are independent of the access control data associated with the participant and indicate how the participant may interact with the digital twin data structure when accessing the digital twin data structure. - Based on the distributed participant identifier and access policy data included in the received request, determine that the participant is a member of at least one access control group that is permitted to access the digital twin data structure, and accordingly, - To grant the distributed data consumption network node access to the digital twin data structure in accordance with the access policy data, Computer implementation methods, including those mentioned above.
15. A computer element, such as a computer-readable storage medium, a computer program, or a computer program product, which stores instructions, and which, when the instructions are executed, causes the processor of a programmable device to perform the operation described in any one of claims 12 to 14.