SlideShare a Scribd company logo

Machine identity - DIDs and verifiable credentials for a secure, trustworthy and interoperable IoT - Mrinal Wadhwa

SSIMeetup, profile picture
SSIMeetup

The document discusses using decentralized identifiers (DIDs) and verifiable credentials to enable trust and interoperability in the Internet of Things (IoT). It describes how traditional IoT systems face challenges with identity, authentication, authorization, and interoperability due to fragmented identification schemes. The presentation introduces DIDs as a new type of identifier that allows entities to prove control over digital identities. It also discusses how verifiable credentials and decentralized key management can improve trustworthiness for IoT devices and systems. The goal is to establish a common foundation for identity to simplify development of autonomous systems using connected devices and machines.

Internet
Related topics:
Digital Identity Insights Internet of Things
1 of 48
Downloaded 48 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
MACHINE IDENTITY Decentralized Identifiers & Verifiable Credentials for Trust & Interoperability in the Internet of Things Mrinal Wadhwa CTO @ Ockam @mrinal This presentation is released under a Creative Commons license. (CC BY-SA 4.0). SSIMeetup.org
1. Empower global SSI communities 2. Open to everyone interested in SSI 3. All content is shared with CC BY SA SSIMeetup.org Alex Preukschat @SSIMeetup @AlexPreukschat Coordinating Node SSIMeetup.org https://creativecommons.org/licenses/by-sa/4.0/ SSIMeetup objectives
I’m passionate about building systems where connected machines come together with intelligent algorithms to improve our lives. AUTONOMOUS SYSTEMS This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
PLUMBING But I spend most of my days doing what is best described as - digital plumbing. This presentation is released under a Creative Commons license. (CC BY-SA 4.0).This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
IF A PERSON ENTERS A ROOM CHANGE ROOM TEMPERATURE TO THEIR PREFERENCE. To illustrate, let’s think about how we may build this extremely simple autonomous system. This presentation is released under a Creative Commons license. (CC BY-SA 4.0).This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
IF A PERSON ENTERS A ROOM CHANGE ROOM TEMPERATURE TO THEIR PREFERENCE. How do we identify a person? How do we authenticate them? This presentation is released under a Creative Commons license. (CC BY-SA 4.0).This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
IF A PERSON ENTERS A ROOM CHANGE ROOM TEMPERATURE TO THEIR PREFERENCE. How do we know they entered? With a device? How do we identify the device? How do we authenticate the device? Can we trust it? This presentation is released under a Creative Commons license. (CC BY-SA 4.0). This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
IF A PERSON ENTERS A ROOM CHANGE ROOM TEMPERATURE TO THEIR PREFERENCE. How do we identify a room? Which people are authorized to change this room’s temperature? This presentation is released under a Creative Commons license. (CC BY-SA 4.0). This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
IF A PERSON ENTERS A ROOM CHANGE ROOM TEMPERATURE TO THEIR PREFERENCE. How do we change temperature? With a device? How do we identify the device? How do we authenticate the device? Can we trust it? This presentation is released under a Creative Commons license. (CC BY-SA 4.0).This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
IF A PERSON ENTERS A ROOM CHANGE ROOM TEMPERATURE TO THEIR PREFERENCE. What is room temperature? Is it called temp, temperature or T? Is it set in °C, °F or some other unit? This presentation is released under a Creative Commons license. (CC BY-SA 4.0).This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
IF A PERSON ENTERS A ROOM CHANGE ROOM TEMPERATURE TO THEIR PREFERENCE. How do we know their preferred temperature? Is it called temp, temperature or T? Is it set in °C, °F or some other unit? This presentation is released under a Creative Commons license. (CC BY-SA 4.0).This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
IF A PERSON ENTERS A ROOM CHANGE ROOM TEMPERATURE TO THEIR PREFERENCE. How do we identify a person? How do we authenticate them? How do we know they entered? With a device? How do we identify the device? How do we authenticate the device? Can we trust it? How do we identify a room? Which people are authorized to change this room’s temperature? How do we change temperature? With a device? How do we identify the device? How do we authenticate the device? Can we trust it? How do we know their preferred temperature? Is it called temp, temperature or T? Is it set in °C, °F or some other unit? What is room temperature? Is it called temp, temperature or T? Is it set in °C, °F or some other unit? This presentation is released under a Creative Commons license. (CC BY-SA 4.0).This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
IF A PERSON ENTERS A ROOM CHANGE ROOM TEMPERATURE TO THEIR PREFERENCE. This seems hard, surely someone else has already built it. This presentation is released under a Creative Commons license. (CC BY-SA 4.0). This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
Found one with a quick google search, but it only works with Nest and IFFTT, our hardware is different :(. This presentation is released under a Creative Commons license. (CC BY-SA 4.0). This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
IF A PERSON ENTERS A ROOM CHANGE ROOM TEMPERATURE TO THEIR PREFERENCE. 1000s of People Identity Systems Google, Facebook, Apple, Active Directory, Custom Apps etc. 1000s of phones, motion sensors, RFID reader etc. 100s of IoT platforms, proprietary systems etc. 100s of building management systems and custom apps etc. 1000s of HVAC systems, Thermostats etc. 1000s of custom apps. This presentation is released under a Creative Commons license. (CC BY-SA 4.0). This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
IF A PERSON ENTERS A ROOM CHANGE ROOM TEMPERATURE TO THEIR PREFERENCE. Also, this problem statement isn’t general enough, we like to write reusable code. This presentation is released under a Creative Commons license. (CC BY-SA 4.0).This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
IF A SHIPMENT ENTERS A CONTAINER CHANGE CONTAINER TEMPERATURE TO IDEAL TEMPERATURE OF SHIPMENT. This presentation is released under a Creative Commons license. (CC BY-SA 4.0). This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
IF AN ENTITY THAT HAS PREFERENCES, IS DETECTED AS HAVING ENTERED AN AREA THAT CAN APPLY PREFERENCES APPLY ALL ENTITY PREFERENCES THAT THE AREA CAN APPLY THAT THIS ENTITY IS AUTHORIZED TO APPLY TO THIS AREA. This presentation is released under a Creative Commons license. (CC BY-SA 4.0). This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
PLUMBING Most IoT developers spend most of their time dealing with this complicated plumbing, the magic is rare. This presentation is released under a Creative Commons license. (CC BY-SA 4.0). This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
SCALABILITY SECURITY PRIVACY TRUST RELIABILITY All this plumbing complexity manifests as weaknesses in other key architectural requirements. This presentation is released under a Creative Commons license. (CC BY-SA 4.0). This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
BUILDING BLOCKS Decentralized Identifiers (DIDs) Knowledge Graphs Semantic, Linked Data Linked Data Signatures Linked Data Proofs Cryptography DID Documents Verifiable Claims/Credentials Authorization/Object CapabilitiesAuthentication Shared Schemas & Ontologies Blockchains This presentation is released under a Creative Commons license. (CC BY-SA 4.0). This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
SCHEME DECENTRALIZED IDENTIFIERS did:ockam:2QyqWz4xWB5o4Pr9G9fcZjXTE2ej5 METHOD METHOD SPECIFIC UNIQUE STRING This presentation is released under a Creative Commons license. (CC BY-SA 4.0). This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
This presentation is released under a Creative Commons license. (CC BY-SA 4.0). This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
If you have a DID string, you can resolve it to its DID Document via its Method. We did not have this property of global uniqueness/resolvability across systems with older ID schemes. This breaks silos. GLOBALLY RESOLVABLE ACCESS CONTROL ALGORITHM did:ockam:2QyqWz4xWB5o4Pr9G9fcZjXTE2ej5 did:sov:2wJPyULfLLnYTEFYzByfUR Device Identity People Identity did:v1:nym:4jWHwNdrG9-6jd9.. This presentation is released under a Creative Commons license. (CC BY-SA 4.0). This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
DID DOCUMENTS DID Documents are Linked Data documents that describe the DID, they contain the public keys of the DID, authentication methods, services etc… This presentation is released under a Creative Commons license. (CC BY-SA 4.0). This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
CRYPTOGRAPHICALLY PROVABLE If a device possess the corresponding private key, a device can cryptographically prove its identity. This presentation is released under a Creative Commons license. (CC BY-SA 4.0). This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
DECENTRALIZED KEY MANAGEMENT DEVICE BACKEND Backend public Device secret Backend secret Device public Sensed Data, Acknowledgements etc. Control Instructions, Firmware & Configuration updates etc. This presentation is released under a Creative Commons license. (CC BY-SA 4.0). This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
SERVICE DISCOVERY This presentation is released under a Creative Commons license. (CC BY-SA 4.0). This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
SEMANTIC & LINKED DATA The progress made by the open web community around Linked Data can be applied to IoT. This brings semantic meaning and relationships to IoT data … This presentation is released under a Creative Commons license. (CC BY-SA 4.0). This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
Instead of describing temperature as a key of my choosing “temperature”, “temp” or “T” … This presentation is released under a Creative Commons license. (CC BY-SA 4.0). This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
Let’s describe it with well defined semantics. This presentation is released under a Creative Commons license. (CC BY-SA 4.0). This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
Now, two developers who have never met or coordinated can independently build a temperature sensor and a controller that can work with each other. This presentation is released under a Creative Commons license. (CC BY-SA 4.0). This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
Now this data is about an entity (room) described by the above DID. This presentation is released under a Creative Commons license. (CC BY-SA 4.0). This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
VERIFIABLE CLAIMS VALUESUBJECT PROPERTY SIGNED BY ISSUER This presentation is released under a Creative Commons license. (CC BY-SA 4.0). This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
TEMPERATURE VERIFIABLE CLAIMS 70ROOM SIGNED BY ISSUER This presentation is released under a Creative Commons license. (CC BY-SA 4.0). This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
VERIFIABLE CLAIMS This presentation is released under a Creative Commons license. (CC BY-SA 4.0). This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
This presentation is released under a Creative Commons license. (CC BY-SA 4.0). This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
WEB OF TRUST CLAIM:BOM PLM System CLAIM:Audit Security Auditor REGISTERED CLAIM:Firmware-V1 Software Update Service did:ockam:2QyqWz4xWB5o4Pr9G9fcZjXTE2ej5 CLAIM:Firmware-V2 Software Update Service CLAIM:Deployed On boarding Service Key Rotated Device This presentation is released under a Creative Commons license. (CC BY-SA 4.0). This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
○ Was the device made by a reputable manufacturer? ○ Does the device have hardware based cryptography and secure key storage? ○ Does the device have unique identity and cryptographic keys? ○ Has the device been audited by a security auditing firm? ○ Is there a signed audit proof? ○ Are there any known vulnerabilities for the device hardware/software? ○ Does the device produce signed data and signed firmware acknowledgements? ○ Does the device have the latest firmware? ○ Who installed the device? Who provisioned the device? etc. This presentation is released under a Creative Commons license. (CC BY-SA 4.0). This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
TRUST ARCHITECTURE This presentation is released under a Creative Commons license. (CC BY-SA 4.0). This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
AUTHENTICATION This presentation is released under a Creative Commons license. (CC BY-SA 4.0). This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
This presentation is released under a Creative Commons license. (CC BY-SA 4.0). This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
AUTHORIZATION This presentation is released under a Creative Commons license. (CC BY-SA 4.0). This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
https://github.com/ockam-network/ockam Decentralized Identifiers (DIDs) Knowledge Graphs Semantic, Linked Data Linked Data Signatures Linked Data Proofs Cryptography DID Documents Verifiable Claims/Credentials Authorization/Object CapabilitiesAuthentication Shared Schemas & Ontologies Blockchains Ockam is an open-source collection of tools that makes it simple to build connected solutions with these building blocks. This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
Decentralized Identifiers (DIDs) Knowledge Graphs Semantic, Linked Data Linked Data Signatures Linked Data Proofs Cryptography DID Documents Verifiable Claims/Credentials Authorization/Object CapabilitiesAuthentication Shared Schemas & Ontologies Blockchains Hardware Key Storage & Cryptography Blockchains Light ClientsBattery Efficient Messaging & Transports Zero Knowledge Proofs Private InteractionsSecure Zero Touch Onboarding Bidirectional Signed/Encrypted DataSigned Firmware & Config Updates Service & Data format discovery https://github.com/ockam-network/ockam We’re also building open tools for several other related capabilities for IoT systems This presentation is released under a Creative Commons license. (CC BY-SA 4.0). This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
https://github.com/ockam-network/did We open sourced a Golang parser for DIDs, give it a try. This presentation is released under a Creative Commons license. (CC BY-SA 4.0). This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
MACHINE IDENTITY Decentralized Identifiers & Verifiable Credentials for Trust & Interoperability in the Internet of Things Mrinal Wadhwa CTO @ Ockam @mrinal This presentation is released under a Creative Commons license. (CC BY-SA 4.0). SSIMeetup.org @ockam_io https://ockam.io
● Robot by Vectors Market from the Noun Project ● pipes by Aleksandr Vector from the Noun Project ● valve by Ben Davis from the Noun Project Attributions for images used in this deck:

More Related Content

PDF
IPMI is dead, Long live Redfish
Bruno Cornec
 
PPT
GPU Virtualization in Embedded Automotive Solutions
GlobalLogic Ukraine
 
PDF
Veriloggen: Pythonによるハードウェアメタプログラミング(第3回 高位合成友の会 @ドワンゴ)
Shinya Takamaeda-Y
 
PDF
Oracle Database 12c Multitenant for Consolidation
Yudi Herdiana
 
PPT
Hadoop Security Architecture
Owen O'Malley
 
PDF
"The Xilinx AI Engine: High Performance with Future-proof Architecture Adapta...
Edge AI and Vision Alliance
 
PPTX
Introduction to DPDK
Kernel TLV
 
PDF
Top ten big data security and privacy challenges
Bee_Ware
 
IPMI is dead, Long live Redfish
Bruno Cornec
 
GPU Virtualization in Embedded Automotive Solutions
GlobalLogic Ukraine
 
Veriloggen: Pythonによるハードウェアメタプログラミング(第3回 高位合成友の会 @ドワンゴ)
Shinya Takamaeda-Y
 
Oracle Database 12c Multitenant for Consolidation
Yudi Herdiana
 
Hadoop Security Architecture
Owen O'Malley
 
"The Xilinx AI Engine: High Performance with Future-proof Architecture Adapta...
Edge AI and Vision Alliance
 
Introduction to DPDK
Kernel TLV
 
Top ten big data security and privacy challenges
Bee_Ware
 

What's hot (20)

PDF
Intel DPDK Step by Step instructions
Hisaki Ohara
 
PPTX
An AI accelerator ASIC architecture
Khanh Le
 
PDF
トラブルから理解するHyper vの基礎
Naoki Abe
 
PDF
Asymmetric Cryptography
UTD Computer Security Group
 
PDF
FPGAスタートアップ資料
marsee101
 
PDF
GPUDirect RDMA and Green Multi-GPU Architectures
inside-BigData.com
 
PDF
MapReduce Tutorial | What is MapReduce | Hadoop MapReduce Tutorial | Edureka
Edureka!
 
PDF
What s new in spark 2.3 and spark 2.4
DataWorks Summit
 
PDF
Study on Android Emulator
Samael Wang
 
PDF
RDD
Tien-Yang (Aiden) Wu
 
PDF
OMG DDS Tutorial - Part I
Angelo Corsaro
 
PDF
Qemu Pcie
The Linux Foundation
 
PDF
Getting Started with DDS in C++, Java and Scala
Angelo Corsaro
 
PPTX
Whamcloud - Lustre for HPC and Ai
inside-BigData.com
 
PDF
Spark Summit EU talk by Mike Percy
Spark Summit
 
PDF
05.2 virtio introduction
zenixls2
 
PDF
High Performance Networking with DPDK & Multi/Many Core
slankdev
 
PDF
Android binder-ipc
magoroku Yamamoto
 
PDF
TEE (Trusted Execution Environment)は第二の仮想化技術になるか?
Kuniyasu Suzaki
 
PDF
Reconnaissance of Virtio: What’s new and how it’s all connected?
Samsung Open Source Group
 
Intel DPDK Step by Step instructions
Hisaki Ohara
 
An AI accelerator ASIC architecture
Khanh Le
 
トラブルから理解するHyper vの基礎
Naoki Abe
 
Asymmetric Cryptography
UTD Computer Security Group
 
FPGAスタートアップ資料
marsee101
 
GPUDirect RDMA and Green Multi-GPU Architectures
inside-BigData.com
 
MapReduce Tutorial | What is MapReduce | Hadoop MapReduce Tutorial | Edureka
Edureka!
 
What s new in spark 2.3 and spark 2.4
DataWorks Summit
 
Study on Android Emulator
Samael Wang
 
RDD
Tien-Yang (Aiden) Wu
 
OMG DDS Tutorial - Part I
Angelo Corsaro
 
Qemu Pcie
The Linux Foundation
 
Getting Started with DDS in C++, Java and Scala
Angelo Corsaro
 
Whamcloud - Lustre for HPC and Ai
inside-BigData.com
 
Spark Summit EU talk by Mike Percy
Spark Summit
 
05.2 virtio introduction
zenixls2
 
High Performance Networking with DPDK & Multi/Many Core
slankdev
 
Android binder-ipc
magoroku Yamamoto
 
TEE (Trusted Execution Environment)は第二の仮想化技術になるか?
Kuniyasu Suzaki
 
Reconnaissance of Virtio: What’s new and how it’s all connected?
Samsung Open Source Group
 
Ad

Similar to Machine identity - DIDs and verifiable credentials for a secure, trustworthy and interoperable IoT - Mrinal Wadhwa (20)

PDF
Decentralized Identifier (DIDs) fundamentals deep dive
SSIMeetup
 
PDF
Learn about the Trust Over IP (ToIP) stack
SSIMeetup
 
PPTX
Webinar 46 DIDs fundamentals - IdentityBook.pptx
binibon124
 
PDF
Blockcerts: The Open Standard for Blockchain Credentials
SSIMeetup
 
PDF
Kiva protocol: building the credit bureau of the future using SSI
SSIMeetup
 
PDF
Becoming a hyperledger aries developer learn things.online
djaber3
 
PDF
Microservices Workshop All Topics Deck 2016
Adrian Cockcroft
 
PDF
Internet Identity Workshop #29 highlights with Drummond Reed
SSIMeetup
 
PDF
How to Be a Responsible Open Source Citizen
Ivar Grimstad
 
PDF
Using CredHub for Kubernetes Deployments
VMware Tanzu
 
PDF
AWS User Group Torino 2024 #3 - 18/06/2024
Guido Maria Nebiolo
 
KEY
The Open Web
Lachlan Hardy
 
PDF
SF IoT Meetup - Decentralized Identifiers & Verifiable Claims
Mrinal Wadhwa
 
PDF
IoT Security in Action - Boston Sept 2015
Eurotech
 
PDF
Self-Sovereign Identity for the Decentralized Web Summit
Kaliya "Identity Woman" Young
 
PPTX
SpringOne2GX 2014 Splunk Presentation
Damien Dallimore
 
PDF
Decentralized Identifiers & Verifiable Claims for IoT-1548352210.pdf
M KA
 
PPTX
Boost your career with corda architect certification
Blockchain Council
 
PDF
Informatica transformation guide
sonu_pal
 
PDF
The Open Web
Lachlan Hardy
 
Decentralized Identifier (DIDs) fundamentals deep dive
SSIMeetup
 
Learn about the Trust Over IP (ToIP) stack
SSIMeetup
 
Webinar 46 DIDs fundamentals - IdentityBook.pptx
binibon124
 
Blockcerts: The Open Standard for Blockchain Credentials
SSIMeetup
 
Kiva protocol: building the credit bureau of the future using SSI
SSIMeetup
 
Becoming a hyperledger aries developer learn things.online
djaber3
 
Microservices Workshop All Topics Deck 2016
Adrian Cockcroft
 
Internet Identity Workshop #29 highlights with Drummond Reed
SSIMeetup
 
How to Be a Responsible Open Source Citizen
Ivar Grimstad
 
Using CredHub for Kubernetes Deployments
VMware Tanzu
 
AWS User Group Torino 2024 #3 - 18/06/2024
Guido Maria Nebiolo
 
The Open Web
Lachlan Hardy
 
SF IoT Meetup - Decentralized Identifiers & Verifiable Claims
Mrinal Wadhwa
 
IoT Security in Action - Boston Sept 2015
Eurotech
 
Self-Sovereign Identity for the Decentralized Web Summit
Kaliya "Identity Woman" Young
 
SpringOne2GX 2014 Splunk Presentation
Damien Dallimore
 
Decentralized Identifiers & Verifiable Claims for IoT-1548352210.pdf
M KA
 
Boost your career with corda architect certification
Blockchain Council
 
Informatica transformation guide
sonu_pal
 
The Open Web
Lachlan Hardy
 
Ad

More from SSIMeetup (20)

PDF
ZKorum: Building the Next Generation eAgora powered by SSI
SSIMeetup
 
PDF
Anonymous credentials with range proofs, verifiable encryption, ZKSNARKs, Cir...
SSIMeetup
 
PDF
Value proposition of SSI tech providers - Self-Sovereign Identity
SSIMeetup
 
PDF
SSI Adoption: What will it take? Riley Hughes
SSIMeetup
 
PDF
Web5 - Open to Build - Block-TBD
SSIMeetup
 
PDF
Portabl - The state of open banking, regulations, and the intersection of SSI...
SSIMeetup
 
PDF
PharmaLedger: A Digital Trust Ecosystem for Healthcare
SSIMeetup
 
PDF
Cheqd: Making privacy-preserving digital credentials fun
SSIMeetup
 
PDF
PolygonID Zero-Knowledge Identity Web2 & Web3
SSIMeetup
 
PDF
Building SSI Products: A Guide for Product Managers
SSIMeetup
 
PDF
Solving compliance for crypto businesses using Decentralized Identity – Pelle...
SSIMeetup
 
PDF
The Pan-Canadian Trust Framework (PCTF) for SSI
SSIMeetup
 
PDF
Identity-centric interoperability with the Ceramic Protocol
SSIMeetup
 
PDF
The SSI Ecosystem in South Korea
SSIMeetup
 
PDF
Introducing the SSI eIDAS Legal Report – Ignacio Alamillo
SSIMeetup
 
PDF
How to avoid another identity nightmare with SSI? Christopher Allen
SSIMeetup
 
PDF
Self-Sovereign Identity: Ideology and Architecture with Christopher Allen
SSIMeetup
 
PDF
eIDAS regulation: anchoring trust in Self-Sovereign Identity systems
SSIMeetup
 
PDF
Explaining SSI to C-suite executives, and anyone else for that matter
SSIMeetup
 
PDF
The 2nd Official W3C DID Working Group Meeting (The Netherlands)
SSIMeetup
 
ZKorum: Building the Next Generation eAgora powered by SSI
SSIMeetup
 
Anonymous credentials with range proofs, verifiable encryption, ZKSNARKs, Cir...
SSIMeetup
 
Value proposition of SSI tech providers - Self-Sovereign Identity
SSIMeetup
 
SSI Adoption: What will it take? Riley Hughes
SSIMeetup
 
Web5 - Open to Build - Block-TBD
SSIMeetup
 
Portabl - The state of open banking, regulations, and the intersection of SSI...
SSIMeetup
 
PharmaLedger: A Digital Trust Ecosystem for Healthcare
SSIMeetup
 
Cheqd: Making privacy-preserving digital credentials fun
SSIMeetup
 
PolygonID Zero-Knowledge Identity Web2 & Web3
SSIMeetup
 
Building SSI Products: A Guide for Product Managers
SSIMeetup
 
Solving compliance for crypto businesses using Decentralized Identity – Pelle...
SSIMeetup
 
The Pan-Canadian Trust Framework (PCTF) for SSI
SSIMeetup
 
Identity-centric interoperability with the Ceramic Protocol
SSIMeetup
 
The SSI Ecosystem in South Korea
SSIMeetup
 
Introducing the SSI eIDAS Legal Report – Ignacio Alamillo
SSIMeetup
 
How to avoid another identity nightmare with SSI? Christopher Allen
SSIMeetup
 
Self-Sovereign Identity: Ideology and Architecture with Christopher Allen
SSIMeetup
 
eIDAS regulation: anchoring trust in Self-Sovereign Identity systems
SSIMeetup
 
Explaining SSI to C-suite executives, and anyone else for that matter
SSIMeetup
 
The 2nd Official W3C DID Working Group Meeting (The Netherlands)
SSIMeetup
 

Recently uploaded (20)

PDF
Vigrab.top – Online Tool for Downloading and Converting Social Media Videos a...
Vigrab Top
 
PPTX
Introduction to Information and Communication Technology
AkmadArzieAyao1
 
DOCX
Unit-3 cyber security network security of internet system
shivangisharma636228
 
PPTX
Introduction to cybersecurity and digital nettiquette
shanefrancisjavier21
 
PPT
isotopes_sddsadsaadasdasdasdasdsa1213.ppt
Kenneth James Alamillo
 
PDF
Smart Home Technology for Health Monitoring (www.kiu.ac.ug)
publication11
 
PDF
Tenda Login Guide: Access Your Router in 5 Easy Steps
tendawifi16
 
PDF
Slides PDF The World Game (s) Eco Economic Epochs.pdf
Steven McGee
 
PDF
FINAL CALL-6th International Conference on Networks & IOT (NeTIOT 2025)
IJMIT JOURNAL
 
PDF
The New Creative Director: How AI Tools for Social Media Content Creation Are...
SageTitans
 
PPTX
Slides PPTX World Game (s) Eco Economic Epochs.pptx
Steven McGee
 
PPTX
Module 1 - Cyber Law and Ethics 101.pptx
anantyakhrisna1
 
PDF
Unit-1 introduction to cyber security discuss about how to secure a system
shivangisharma636228
 
PPTX
Mathew Digital SEO Checklist Guidlines 2025
Mathew Digital
 
PDF
Paper PDF World Game (s) Great Redesign.pdf
Steven McGee
 
PPTX
artificialintelligenceai1-copy-210604123353.pptx
b45r14
 
PPTX
Internet___Basics___Styled_ presentation
poonam62133
 
PPTX
newyork.pptxirantrafgshenepalchinachinane
PrashantKoirala12
 
PDF
Exploring VPS Hosting Trends for SMBs in 2025
Liquid Web
 
PDF
Introduction to the IoT system, how the IoT system works
TinBinh
 
Vigrab.top – Online Tool for Downloading and Converting Social Media Videos a...
Vigrab Top
 
Introduction to Information and Communication Technology
AkmadArzieAyao1
 
Unit-3 cyber security network security of internet system
shivangisharma636228
 
Introduction to cybersecurity and digital nettiquette
shanefrancisjavier21
 
isotopes_sddsadsaadasdasdasdasdsa1213.ppt
Kenneth James Alamillo
 
Smart Home Technology for Health Monitoring (www.kiu.ac.ug)
publication11
 
Tenda Login Guide: Access Your Router in 5 Easy Steps
tendawifi16
 
Slides PDF The World Game (s) Eco Economic Epochs.pdf
Steven McGee
 
FINAL CALL-6th International Conference on Networks & IOT (NeTIOT 2025)
IJMIT JOURNAL
 
The New Creative Director: How AI Tools for Social Media Content Creation Are...
SageTitans
 
Slides PPTX World Game (s) Eco Economic Epochs.pptx
Steven McGee
 
Module 1 - Cyber Law and Ethics 101.pptx
anantyakhrisna1
 
Unit-1 introduction to cyber security discuss about how to secure a system
shivangisharma636228
 
Mathew Digital SEO Checklist Guidlines 2025
Mathew Digital
 
Paper PDF World Game (s) Great Redesign.pdf
Steven McGee
 
artificialintelligenceai1-copy-210604123353.pptx
b45r14
 
Internet___Basics___Styled_ presentation
poonam62133
 
newyork.pptxirantrafgshenepalchinachinane
PrashantKoirala12
 
Exploring VPS Hosting Trends for SMBs in 2025
Liquid Web
 
Introduction to the IoT system, how the IoT system works
TinBinh
 

Machine identity - DIDs and verifiable credentials for a secure, trustworthy and interoperable IoT - Mrinal Wadhwa

  • 1. MACHINE IDENTITY Decentralized Identifiers & Verifiable Credentials for Trust & Interoperability in the Internet of Things Mrinal Wadhwa CTO @ Ockam @mrinal This presentation is released under a Creative Commons license. (CC BY-SA 4.0). SSIMeetup.org
  • 2. 1. Empower global SSI communities 2. Open to everyone interested in SSI 3. All content is shared with CC BY SA SSIMeetup.org Alex Preukschat @SSIMeetup @AlexPreukschat Coordinating Node SSIMeetup.org https://creativecommons.org/licenses/by-sa/4.0/ SSIMeetup objectives
  • 3. I’m passionate about building systems where connected machines come together with intelligent algorithms to improve our lives. AUTONOMOUS SYSTEMS This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  • 4. PLUMBING But I spend most of my days doing what is best described as - digital plumbing. This presentation is released under a Creative Commons license. (CC BY-SA 4.0).This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  • 5. IF A PERSON ENTERS A ROOM CHANGE ROOM TEMPERATURE TO THEIR PREFERENCE. To illustrate, let’s think about how we may build this extremely simple autonomous system. This presentation is released under a Creative Commons license. (CC BY-SA 4.0).This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  • 6. IF A PERSON ENTERS A ROOM CHANGE ROOM TEMPERATURE TO THEIR PREFERENCE. How do we identify a person? How do we authenticate them? This presentation is released under a Creative Commons license. (CC BY-SA 4.0).This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  • 7. IF A PERSON ENTERS A ROOM CHANGE ROOM TEMPERATURE TO THEIR PREFERENCE. How do we know they entered? With a device? How do we identify the device? How do we authenticate the device? Can we trust it? This presentation is released under a Creative Commons license. (CC BY-SA 4.0). This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  • 8. IF A PERSON ENTERS A ROOM CHANGE ROOM TEMPERATURE TO THEIR PREFERENCE. How do we identify a room? Which people are authorized to change this room’s temperature? This presentation is released under a Creative Commons license. (CC BY-SA 4.0). This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  • 9. IF A PERSON ENTERS A ROOM CHANGE ROOM TEMPERATURE TO THEIR PREFERENCE. How do we change temperature? With a device? How do we identify the device? How do we authenticate the device? Can we trust it? This presentation is released under a Creative Commons license. (CC BY-SA 4.0).This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  • 10. IF A PERSON ENTERS A ROOM CHANGE ROOM TEMPERATURE TO THEIR PREFERENCE. What is room temperature? Is it called temp, temperature or T? Is it set in °C, °F or some other unit? This presentation is released under a Creative Commons license. (CC BY-SA 4.0).This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  • 11. IF A PERSON ENTERS A ROOM CHANGE ROOM TEMPERATURE TO THEIR PREFERENCE. How do we know their preferred temperature? Is it called temp, temperature or T? Is it set in °C, °F or some other unit? This presentation is released under a Creative Commons license. (CC BY-SA 4.0).This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  • 12. IF A PERSON ENTERS A ROOM CHANGE ROOM TEMPERATURE TO THEIR PREFERENCE. How do we identify a person? How do we authenticate them? How do we know they entered? With a device? How do we identify the device? How do we authenticate the device? Can we trust it? How do we identify a room? Which people are authorized to change this room’s temperature? How do we change temperature? With a device? How do we identify the device? How do we authenticate the device? Can we trust it? How do we know their preferred temperature? Is it called temp, temperature or T? Is it set in °C, °F or some other unit? What is room temperature? Is it called temp, temperature or T? Is it set in °C, °F or some other unit? This presentation is released under a Creative Commons license. (CC BY-SA 4.0).This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  • 13. IF A PERSON ENTERS A ROOM CHANGE ROOM TEMPERATURE TO THEIR PREFERENCE. This seems hard, surely someone else has already built it. This presentation is released under a Creative Commons license. (CC BY-SA 4.0). This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  • 14. Found one with a quick google search, but it only works with Nest and IFFTT, our hardware is different :(. This presentation is released under a Creative Commons license. (CC BY-SA 4.0). This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  • 15. IF A PERSON ENTERS A ROOM CHANGE ROOM TEMPERATURE TO THEIR PREFERENCE. 1000s of People Identity Systems Google, Facebook, Apple, Active Directory, Custom Apps etc. 1000s of phones, motion sensors, RFID reader etc. 100s of IoT platforms, proprietary systems etc. 100s of building management systems and custom apps etc. 1000s of HVAC systems, Thermostats etc. 1000s of custom apps. This presentation is released under a Creative Commons license. (CC BY-SA 4.0). This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  • 16. IF A PERSON ENTERS A ROOM CHANGE ROOM TEMPERATURE TO THEIR PREFERENCE. Also, this problem statement isn’t general enough, we like to write reusable code. This presentation is released under a Creative Commons license. (CC BY-SA 4.0).This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  • 17. IF A SHIPMENT ENTERS A CONTAINER CHANGE CONTAINER TEMPERATURE TO IDEAL TEMPERATURE OF SHIPMENT. This presentation is released under a Creative Commons license. (CC BY-SA 4.0). This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  • 18. IF AN ENTITY THAT HAS PREFERENCES, IS DETECTED AS HAVING ENTERED AN AREA THAT CAN APPLY PREFERENCES APPLY ALL ENTITY PREFERENCES THAT THE AREA CAN APPLY THAT THIS ENTITY IS AUTHORIZED TO APPLY TO THIS AREA. This presentation is released under a Creative Commons license. (CC BY-SA 4.0). This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  • 19. PLUMBING Most IoT developers spend most of their time dealing with this complicated plumbing, the magic is rare. This presentation is released under a Creative Commons license. (CC BY-SA 4.0). This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  • 20. SCALABILITY SECURITY PRIVACY TRUST RELIABILITY All this plumbing complexity manifests as weaknesses in other key architectural requirements. This presentation is released under a Creative Commons license. (CC BY-SA 4.0). This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  • 21. BUILDING BLOCKS Decentralized Identifiers (DIDs) Knowledge Graphs Semantic, Linked Data Linked Data Signatures Linked Data Proofs Cryptography DID Documents Verifiable Claims/Credentials Authorization/Object CapabilitiesAuthentication Shared Schemas & Ontologies Blockchains This presentation is released under a Creative Commons license. (CC BY-SA 4.0). This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  • 22. SCHEME DECENTRALIZED IDENTIFIERS did:ockam:2QyqWz4xWB5o4Pr9G9fcZjXTE2ej5 METHOD METHOD SPECIFIC UNIQUE STRING This presentation is released under a Creative Commons license. (CC BY-SA 4.0). This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  • 23. This presentation is released under a Creative Commons license. (CC BY-SA 4.0). This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  • 24. If you have a DID string, you can resolve it to its DID Document via its Method. We did not have this property of global uniqueness/resolvability across systems with older ID schemes. This breaks silos. GLOBALLY RESOLVABLE ACCESS CONTROL ALGORITHM did:ockam:2QyqWz4xWB5o4Pr9G9fcZjXTE2ej5 did:sov:2wJPyULfLLnYTEFYzByfUR Device Identity People Identity did:v1:nym:4jWHwNdrG9-6jd9.. This presentation is released under a Creative Commons license. (CC BY-SA 4.0). This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  • 25. DID DOCUMENTS DID Documents are Linked Data documents that describe the DID, they contain the public keys of the DID, authentication methods, services etc… This presentation is released under a Creative Commons license. (CC BY-SA 4.0). This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  • 26. CRYPTOGRAPHICALLY PROVABLE If a device possess the corresponding private key, a device can cryptographically prove its identity. This presentation is released under a Creative Commons license. (CC BY-SA 4.0). This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  • 27. DECENTRALIZED KEY MANAGEMENT DEVICE BACKEND Backend public Device secret Backend secret Device public Sensed Data, Acknowledgements etc. Control Instructions, Firmware & Configuration updates etc. This presentation is released under a Creative Commons license. (CC BY-SA 4.0). This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  • 28. SERVICE DISCOVERY This presentation is released under a Creative Commons license. (CC BY-SA 4.0). This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  • 29. SEMANTIC & LINKED DATA The progress made by the open web community around Linked Data can be applied to IoT. This brings semantic meaning and relationships to IoT data … This presentation is released under a Creative Commons license. (CC BY-SA 4.0). This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  • 30. Instead of describing temperature as a key of my choosing “temperature”, “temp” or “T” … This presentation is released under a Creative Commons license. (CC BY-SA 4.0). This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  • 31. Let’s describe it with well defined semantics. This presentation is released under a Creative Commons license. (CC BY-SA 4.0). This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  • 32. Now, two developers who have never met or coordinated can independently build a temperature sensor and a controller that can work with each other. This presentation is released under a Creative Commons license. (CC BY-SA 4.0). This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  • 33. Now this data is about an entity (room) described by the above DID. This presentation is released under a Creative Commons license. (CC BY-SA 4.0). This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  • 34. VERIFIABLE CLAIMS VALUESUBJECT PROPERTY SIGNED BY ISSUER This presentation is released under a Creative Commons license. (CC BY-SA 4.0). This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  • 35. TEMPERATURE VERIFIABLE CLAIMS 70ROOM SIGNED BY ISSUER This presentation is released under a Creative Commons license. (CC BY-SA 4.0). This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  • 36. VERIFIABLE CLAIMS This presentation is released under a Creative Commons license. (CC BY-SA 4.0). This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  • 37. This presentation is released under a Creative Commons license. (CC BY-SA 4.0). This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  • 38. WEB OF TRUST CLAIM:BOM PLM System CLAIM:Audit Security Auditor REGISTERED CLAIM:Firmware-V1 Software Update Service did:ockam:2QyqWz4xWB5o4Pr9G9fcZjXTE2ej5 CLAIM:Firmware-V2 Software Update Service CLAIM:Deployed On boarding Service Key Rotated Device This presentation is released under a Creative Commons license. (CC BY-SA 4.0). This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  • 39. ○ Was the device made by a reputable manufacturer? ○ Does the device have hardware based cryptography and secure key storage? ○ Does the device have unique identity and cryptographic keys? ○ Has the device been audited by a security auditing firm? ○ Is there a signed audit proof? ○ Are there any known vulnerabilities for the device hardware/software? ○ Does the device produce signed data and signed firmware acknowledgements? ○ Does the device have the latest firmware? ○ Who installed the device? Who provisioned the device? etc. This presentation is released under a Creative Commons license. (CC BY-SA 4.0). This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  • 40. TRUST ARCHITECTURE This presentation is released under a Creative Commons license. (CC BY-SA 4.0). This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  • 41. AUTHENTICATION This presentation is released under a Creative Commons license. (CC BY-SA 4.0). This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  • 42. This presentation is released under a Creative Commons license. (CC BY-SA 4.0). This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  • 43. AUTHORIZATION This presentation is released under a Creative Commons license. (CC BY-SA 4.0). This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  • 44. https://github.com/ockam-network/ockam Decentralized Identifiers (DIDs) Knowledge Graphs Semantic, Linked Data Linked Data Signatures Linked Data Proofs Cryptography DID Documents Verifiable Claims/Credentials Authorization/Object CapabilitiesAuthentication Shared Schemas & Ontologies Blockchains Ockam is an open-source collection of tools that makes it simple to build connected solutions with these building blocks. This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  • 45. Decentralized Identifiers (DIDs) Knowledge Graphs Semantic, Linked Data Linked Data Signatures Linked Data Proofs Cryptography DID Documents Verifiable Claims/Credentials Authorization/Object CapabilitiesAuthentication Shared Schemas & Ontologies Blockchains Hardware Key Storage & Cryptography Blockchains Light ClientsBattery Efficient Messaging & Transports Zero Knowledge Proofs Private InteractionsSecure Zero Touch Onboarding Bidirectional Signed/Encrypted DataSigned Firmware & Config Updates Service & Data format discovery https://github.com/ockam-network/ockam We’re also building open tools for several other related capabilities for IoT systems This presentation is released under a Creative Commons license. (CC BY-SA 4.0). This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  • 46. https://github.com/ockam-network/did We open sourced a Golang parser for DIDs, give it a try. This presentation is released under a Creative Commons license. (CC BY-SA 4.0). This presentation is released under a Creative Commons license. (CC BY-SA 4.0).
  • 47. MACHINE IDENTITY Decentralized Identifiers & Verifiable Credentials for Trust & Interoperability in the Internet of Things Mrinal Wadhwa CTO @ Ockam @mrinal This presentation is released under a Creative Commons license. (CC BY-SA 4.0). SSIMeetup.org @ockam_io https://ockam.io
  • 48. ● Robot by Vectors Market from the Noun Project ● pipes by Aleksandr Vector from the Noun Project ● valve by Ben Davis from the Noun Project Attributions for images used in this deck: