A baseline of software architecture is the components that comprise a system. The inputs, business process and outputs that solutions build, manage or modify. When a group or collection of systems work together to create, augment or modify information and materials that is an enterprise. An enterprise consists of a number of independent systems that work together or more commonly referred to as a System of Systems or SoS.

It interests me because today with the rise of Cyber Physical Systems (CPS) or more commonly called the Internet of Things (IoT) the potential line for where and what Systems of Systems is very blurry. A group of sensors that are smart devices can operate independently of a human or computer intervention.

Does a collection of video surveillance systems that can band together to provide greater visual acuity of an event count as a system or does that fact that each device can act independently count as a System of Systems. For this one the answer is easy, not a bank of video surveillance cameras is not an SoS.

CPS systems linked together for a unified system though may be the new SoS. CPS sensors along a city street that unified present a view of that street from a number of disparate video source systems. Traffic cameras are fixed position CPS devices. Their location is registered prior to the device being turned on. Some are portable and are only in a specific location for a short time. Others are permanently mounted and are only activated certain times of the day, week or month.

What is interesting about that new model though is another new requirement. Authenticity. It is a funny word. If I ask you to prove you are 21 years or older, you would reach into your wallet and show me your state ID or driver’s license. If I am a border officer and you are attempting to enter the country I am guarding, you would show me your passport. These are documents that authenticate you as a person. You are, who you say you are.

Data in particular produced from traffic camera or other city operated CPS devices is authentic. You get a letter in the mail noting that you ran a red light, were speeding and so on. You don’t argue the authenticity of that image. You just pay the fine and go about your day. Could you argue that the data produced by the traffic camera didn’t come from a specific camera? You could, except they include information in the picture that would preclude that from working. In the image file there is embedded address (GPS) and other metadata that makes it a truly authentic picture and therefore go ahead and pay it.

What about other CPS devices and the reality of authenticity. How do I guarantee data came from a specific CPS device? Can I? Given that it is possible to spoof a device, physical address or virtual address can I in fact create a system that would provide authenticity of data? Do I need to? Can I challenge data produced by a sensor?

Given that a sensor captures data, and you’ve broken the law (speeding) I suspect you would be hard pressed to throw out that data. You could, stand in a court room in the US and demand to face your accuser but that probably won’t get you anywhere. You could argue bias but since the camera is only noting your speed and license plate number that won’t get you very far. The question becomes chain of custody of the data and in the end authenticity. If the city can prove (locked camera box, fixed location) that the image could not have been modified you probably lose there as well. Authenticity of a data source and of data produced within the System of CPS devices will become standard. Aggregation of multiple video sources to produce a unified systems view of an event happens today.