By Dr. Xinxin Fan, Head of Cryptography, IoTex and Dr. Raullen (QI) Chai, CEO, IoTex
(Excerpted from IIC Tech Brief.)
The explosion of networked smart devices, ranging from home appliances to medical devices to consumer electronics, is shaping our lives and disrupting traditional businesses at a staggering rate during the past few years. According to Gartner, connected devices across all technologies will reach 20 billion by 2020. This means that identity and access management (IAM) services need to identify billions of IoT devices and millions of potential users uniquely.
Unfortunately, legacy IAM systems are not able to fulfil this requirement, largely because they focus extensively on identifying people, rather than identifying smart devices of internet of things (IoT) systems. In an increasingly connected world, managing device and user identities as well as the relationships among various entities faces significant challenges due to the lack of IAM standards for IoT:
- Manufacturers must use proprietary approaches for naming and identifying their devices, which results in IoT application silos, and hinders interoperability among connected devices from different manufactures.
- An IoT system needs to go through a series of stages during its lifetime, which further complicates integration of IAM capabilities into the operational lifecycle of IoT devices.
- Finally, there exists a multitude of protocols and standards for various IoT devices and applications.
A lack of a common operating and security framework has posed some serious concerns for device manufacturers and consumers. As a result, there is a strong need for a new IAM framework that can adapt to the proliferation of connected devices in the coming years. To that end, developers can break IoT application silos and help create a unified, interoperable, tamper-proof device identity registry on top of blockchain by incorporating the following identifiers and credentials into the lifecycle of IoT devices:
- Decentralized identifiers (DIDs) - a new type of identifier that is globally unique, resolvable with high availability and Cryptographically verifiable
- Verifiable credentials (VCs) - a tamper-evident credential that has authorship that can be cryptographically verified
Consider a global-scale IoT ecosystem that contains many device manufacturers, billions of IoT devices and millions of users. In such an ecosystem, a variety of IoT systems that feature proprietary IAM solutions and different communication standards coexist, thereby creating application silos and preventing the vision of interoperability. To address these challenges, a new decentralized IAM (DIAM) framework for IoT called DIAM-IoT is proposed to Decentralized Identity for Edge Computing 6 connect IoT application silos and facilitate user-centric data sharing in a decentralized manner, as illustrated in Figure 3.
DIAM-IoT introduces DIDs and VCs into the lifecycle of IoT devices without significantly changing the existing system workflows and leverages distributed ledger and smart contracts to manage device manufacturers and DIDs. After IoT devices are sold to consumers, it is up to the consumers to decide whether they would like to share their device data with others. If data sharing is not an option, consumers just use their IoT system as usual.
Otherwise, they receive VCs during the device binding process and register device DIDs by invoking manufacture-managed smart contracts. Furthermore, consumers manage data access with their own smart contracts on the blockchain that act as the service endpoints and ensure fairness of the data sharing process. The salient feature of DIAM-IoT is that device owners have full control over how their device data is being accessed. In the following subsections we present the detailed design of DIAM-IoT.
DIDs and VCs enable the existing IoT solutions across their own application domains and facilitate the value exchange among various IoT applications. As a result, IoT systems that integrate the DIAM-IoT framework can interact with each other seamlessly in a global-scale ecosystem. IoT solution providers can build powerful decentralized applications by incorporating data from other IoT systems. From the perspective of consumers, the DIAM-IoT framework allows them to have full control of their IoT devices and data, thereby giving consumers the peace of mind.
For an in-depth discussion of DIAM-IoT, please read the IIC Tech Brief, which was designed to help leaders keep pace with the rapid emergence of new technology.