IOT Security

The role of Identity in the IoT

There are a few hot topics right now when you look at the 5 year horizon, two of which are often seen independently – digital identity and IoT (Internet of Things). However, when you look to the future, the success of IoT is largely coupled with the success of Digital Identities….

Identity of a device is key

First off, identifying a device is key to it becoming “empowered”. Let’s think of a scenario where I want to identify that I own a car. When I purchase my car, the car dealer could issue a digital identity for the car itself. The dealer could also then issue two claims, the first to me that I own that particular car – I have a claim over that identity. Likewise, the car’s identity could have a claim back to my identity as the owner. This is nice and neat. If the digital identity for the car could then sit within the car, via a small secured IoT device or within the cars electronic OS, then we really are starting to get somewhere.

The key though is that first step, issuing a digital identity for a device, a car in this example. Once we have that, we can start to empower that device capabilities. Sticking with our car, as its owner I could link the cars identity with a garage for overnight storage. This would allow the garage to recognise the car when within a certain range and open the door automatically. This is only possible by the garage trusting the identity of the car, which is done via the identity being broadcast securely from the cars IoT device (or OS) and the claims that have been associated with the car that I, as an individual assert over it. 

Here we can start to see that with true digital identity being associated with IoT devices, new use cases can be explored – something as physical world as a garage door opening when it recognises a car that I own.

Multiple related identities

Within a business environment, it’s easy to see that multiple devices would actually be related by their owner. The owner would be the business itself, but it would also have people that own the business, people that work for the business, again relating identities (people) back to the identity of the business. These interconnected identities allow rich experiences to be delivered by IoT devices – simply because trust is replaced with “knowing”. Let’s have a few examples…

When a car is being manufactured it goes through a production line, that production line is full of machinery and equipment, all of which must be maintained. IoT could enable that equipment to understand when it is due for a service, when new parts are required and to track certain events which could trigger other workflows. If the devices are identified and secured, then these events can be raised to a more central hub automatically, which could then trigger workflows such as the scheduling of a service, or the ordering of replacement parts. At this stage, the workflow knows the identity of the equipment and can trust it due to the verifiable claims that it makes – essentially it is owned by the business. The workflow could then schedule the maintenance and even initiate a transaction for any replacement parts. The identity of the device needs to be captured for audit purposes, but also for transactional reconciliation and clearly in this example, to understand which piece of equipment made the request in the first place. Related identities could be notified of the process, such as the financial controller or a specific engineer that looks after that part of the production line. Accounts payable identities may also be required for sign-off of a payment – if not fully automated. 

Here we have highly related identities that are empowering new capabilities from devices that leverage IoT. These devices become autonomous in their maintenance and ordering of parts, ensuring they are “up and working” without staff being employed to monitor or schedule servicing. A payment off the back of the workflow turns the entire manufacturing equipment, servicing and payment processes into a seamless “utility”. Everything is secured and enabled because of a true digital identity and how it is linked to IoT devices. This is just one quick example of how identity, with related identities can drive rich IoT outcomes across a specific business process. 

In conclusion

There are endless use cases for the IoT, may of which are highly disruptive and many of which are tied back to security, and ultimately identifying that device. However, simply identifying the device doesn’t enable rich “outcomes”, rather it is the relationships around that device, who owns it, what claims does its owners make, what other devices is it connected to directly, which connected services does it have access to and other relationships that might be required to execute specific workflows. To really start to explore the power and disruptive nature of IoT, we first need to secure devices, and then ensure that digital identity is at the heart of everything to do with IoT.

IoT is growing rapidly in terms of adoption and capabilities. But to be truly disruptive, true digital identities need to be assigned to these devices, and those identities need to be tied back to individuals in the real world. In doing so, we open an entire new world of capabilities. Welcome to the 21st century…

One reply on “The role of Identity in the IoT”

Leave a Reply