TECH | Aug 3, 2017

Blockchain serving the Internet of Things

Accreditation of blockchain subscriptions for controlled use of Identity in Internet of Things applications

The blockchain paradygm is linked to the bitcoin financial concept and therefore becomes immediately associated with cryptocurrency transfer. More generally, it introduces a new business model for the management and sharing of goods and services. Blockchain technology provides an end-to-end ecosystem that, within a peer-to-peer system, allows users, whether they are companies, public entities or individuals, to share assets, investments and services without the assistance of financial intermediaries and intermediary bodies. The model is powered by anonymous transactions, cryptosecured digital information that is able to preserve the continuity and security of protagonists, goods and services.

This technology is suitable for the demands of distributed application processing in the domain of the Internet of Things (IoT). The data circulating on each IoT transaction relate to highly varied sectors: from public-administrative, to transport, medical-care etc. These entities have stringent security constraints governed by industry regulations such as distributed (local or remote) medical care or social and industrial smart systems. It is therefore necessary to make sure the accreditation conditions of new protagonists accessing the operating systems (users, public or private companies), are secure and sustainable. Controlled identity-management would therefore permit blockchain technology to be extended to entities operating in the IoT on a large-scale and not just for financial transactions. A possible solution, described later herein, is based on IDaaS (Identity as a Service).

Identity of Individuals and Organisations

“Block and Chain” literally means that packets containing data and information are chain-linked by means of encrypted “junctions”. Chain-link rules imply that every transaction must comply with acceptance principles that can be summarised as:

  • Definition: transactions are only accepted if under encrypted subscription
  • Authentication: the peer-to-peer system defines the level of authorisation that each ecosystem must comply with (ecosystem trustmark)
  • Validation: introduces the concept of decentralised consensus; being under the ecosystem trustmark regime is not enough; peer-to-peer recognition of the ecosystem protagonists/participants within the blockchain framework, is required
  • Chain-linking: trustmark and decentralised consensus definitively legitimise the junctions between encrypted constructs such as blockchain transactions.

In practice, each participant must underwrite their role in the membership ecosystem before being accepted by peer-to-peer protagonists. Only after obtaining accreditation, can the subscriber share information and data in the form of digital transactions.

To date, however, subscribing to a role does not ensure complete masking of the participant’s identity. The blockchain paradigm, in fact, eliminates both the login action and the central authority that controls the IAM (Identity and Access Management) qualification of the subscribed role. Furthermore, the blockchain authentication model does not verify whether the role is unequivocally held by just one identity and whether the declarant is actually who he/she/it claims to be. In other words, this technology is not self-referential. It is therefore necessary to identify who performs the audit for each accreditation and how the role identity can be regulated to minimise the cyber-security risk associated with single subscription and distributed consensus per transaction. 

Peer-to-peer Identity: The Role of Identity as a Service

IDaaS covers three crucial aspects for defining the ownership of transactions:

  • Accreditation – Acceptance of the identifier that is acquired via trustmark based on the trustworthiness of the membership framework and not on self-certification criteria. IDaaS introduces a minimum peer-to-peer acceptance threshold, replacing distributed consensus
  • Scalability – IDaaS is scalable and can allow accreditation on limited blockchain systems and/or by ecosystem and framework. The combination of scalability and service distribution enables the gradual promotion of the digital identifiers acquired to maximise the number of manageable and secure cross-ecosystem transactions
  • Validation – Verification of the validity of the declared identity by verifying the continuity of the trustworthiness of the pre-arranged transactions (technical or commercial) which, although anonymous, are persistent and traceable, with reference to the ecosystem where the subscription was requested.

IDaaS enables the definition of a digital identity construct based on a distributed multi-sector service for IoT systems that choose blockchain technology. The issue of auditing and transaction integrity is drastically reduced in the absence of a central authority. IDaaS can anonymously and reliably validate both the eligibility of the participants and the reputation of the ecosystem to which the subscribers’ identities belong.

Blockchain technology will be able to register the identity report and access requests based on the attribution of an ID issued by a distributed IDaaS entity, which will guarantee the integrity and continuity over time of the digital information for transaction security.

Scalable IDaaS and IoT: a use case

The figure introduces a use case that represents distributed relationships between various IDaaS entities. The example concerns an ecosystem and two different IoT frameworks interacting to define interaction policies between protagonists requiring blockchain access. An IDaaS policy can be implemented by extending or including the ownerships of a pre-existing system. The required constraint is that the framework inherits the basic IDaaS principles from the parent ecosystem, which allow the generation of an enabling identifier. The use case offers an easy way to synchronise IDaaS peer-to-peer policies and can be applied incrementally. The ID generation procedure, according to IaaS policy, is that the parent definition is AS-IS inherited or, after being included in its IDaaS, is extended according to the ecosystem trustmark. This interaction between IDaaS entities and the consequent generation of an enabling policy qualifies the construction of traceable anonymous transactions without the need for arbitrators or intermediaries. IoT participants coming from different framework and/or ecosystems share the IDaaS IAM rules to legally determine the identifier of each transaction. This allows, in distributed mode, end-to-end resolution and consensus actions of new, more secure, traceable subscriptions that can be traced back to a certified IDaaS. The resulting digital information chain-linking can occur with the minimum cyber-security risk associated with the transaction ID, by applying the IDaaS rules for generating the digital identifier to the blockchain model.

Identity control for the large-scale use of blockchain

As we have seen, IDaaS identity masking in peer-to-peer systems can enable the extension of blockchain technology to large-scale use for Internet of Things applications without the intervention of superior control entities. By synchronising peer-to-peer policy among ecosystems, IDaaS helps maintain the integrity and reliability of anonymous transactions generated by subscribers in any framework. Identity as a Service, applied to multi-sector distributed services, permits benefiting from opportunities offered by blockchain technology, but also for alignment with the applicable subscription norms for digital identities present in the various areas of application.

Nuccio Piscopo