Finding Your Thing On the Blockchain: IoT in the Age of Standardized Global Identifiers
In our previous blog post, we talked about the example of surveillance cameras in the world of IoT, and how they can use Self-Sovereign Digital Twins™ (SSDTs™) — digital wallets for connected things — to solve many real-life challenges around trusting and securing networked devices by enabling them to collect proofs in the form of digital certificates issued by trusted authorities. These digital certificates form part of the identity of the IoT device.
A very central aspect of identity is the identifier. An example from our own lives is the citizenship aspect of our identity linked to our passport number, which acts as a unique identifier. Similarly, the driving license aspect of our identity is linked to the unique identifier displayed as a driving license number on the card. We can even think of our email addresses as identifiers for the part of our identities that exist in social media platforms like Meta, TikTok, etc.
The challenge when it comes to IoT is that the identity of an IoT device is sourced from many different stakeholders that won’t be able to recognize identifiers from other stakeholders. In our surveillance camera example, the serial number of the camera from the manufacturer comes from a different database than the chassis number of the bus in which the camera is eventually installed.
What is needed is a single, unique, globally recognizable identifier for the IoT device, which in this case would be the surveillance camera. Such an identifier wouldn’t eliminate the usage of ‘local’ identifiers from different databases. Instead, the unique global identifier would treat those various local identifiers as aspects of the IoT device’s identity.
Generating this unique global identifier hasn’t ever been a problem. The challenge has been determining where to store it such that it would be accessible to everyone. Until now, such an identifier could only be stored under the control of one entity. In many cases, that controlling entity won’t be universally trusted not to manipulate information linked to the unique global identifier or guarantee its availability in the event of bankruptcy, acquisition, or — in the case of a national agency — closure by a government or an invading power. Even international entities like the UN/ITU, World Bank, IMF, EU, etc. are far from universally trusted.
Due to the relatively recent availability of blockchain technology and the even more recent publication of W3C Decentralized Identifiers (DIDs) standards, solutions to this challenge are now within reach.
Let’s go back to the surveillance camera example. Imagine that when the manufacturer creates the serial number for the camera, it also creates a unique global identifier that it records both in its own database and in a global identifier registry. This registry is special because a copy of it is held by hundreds of different entities around the globe. Every time a copy of the global identifier registry is updated, given that the proposed update is approved by the other holders, all the other copies are updated accordingly. This solves the problem of universal trust by eliminating the need for a single controlling entity, making it such that no one entity can manipulate the registry, turn it off, or block access to it.
In our example, then, the manufacturer, the retailer, and the transit authority will all be guaranteed access to this global identifier registry — always. In addition, the shipper, the tester, the software update service, the storage facility manager, the bus maintenance service, the police, the video streaming service, and many other stakeholders in the surveillance camera’s entire lifecycle will be guaranteed access to this global identifier registry wherever they are in the world. If someone obtains the global identifier of the camera from their own database, from a partner, from a QR code on the camera, or from whatever other source, then they will be able to access whatever information is held on the registry for that identifier.
The technology underpinning this registry is called Distributed Ledger Technology (DLT), otherwise known more widely as blockchain technology. Blockchains can be treated in this context as many copies of a ledger or registry, with updates being made in a trusted way without fear of manipulation or revocation of access (partial or complete). Cryptocurrencies (ledgers of transactions of digital currency) like Bitcoin use blockchain. However, blockchain is used for many more purposes than just cryptocurrencies. Blockchain is increasingly being used within enterprises to manage their supply chains, and now between buyers and sellers to streamline ordering and billing — just to name two examples.
But blockchain, while crucial, is only one half of the equation. Such a global identifier registry needs globally recognized and implemented standards. This was achieved by the standards organization World Wide Web Consortium (W3C) with the introduction of standards for DIDs and verifiable credentials (VCs). Adopting these standards, huge numbers of stakeholders can effectively ‘interoperate’ with one another without ever coordinating in advance.
In our next blog, we will look in more detail as to how the Integrated Trust Network (ITN) enables a blockchain-based DIDs registry and what this means for our example of the surveillance camera.