A discussion about identity and the internet of things, exploring some ideas about the connection between IoT and the blockchain. An edited version of the presentation I gave at TechDaysMunich in July 2016.
1. www.chyp.comPlease Copy and Distribute1
The Internet of Everyone
Else’s Things
Or
“Time for some new thinking on IoT”
Munich
July 2016
2. www.chyp.comPlease Copy and Distribute
David G.W. Birch
Director of Innovation at Consult Hyperion
An internationally-recognised thought leader in digital
identity and digital money;
Named one of the global top 15 favourite sources of
business information (Wired magazine);
In the London FinTech top 3 most influential powerlist
(City A.M.)
One of the top ten Twitter accounts followed by
innovators, along with Bill Gates and Richard Branson
(PR Daily);
One of the top ten most influential voices in banking
(Financial Brand);
Named one of the "Fintech Titans" (NextBank);
Voted one of the European “Power 50” people in digital
financial services (FinTech Awards);
Ranked Europe’s most influential commentator on
emerging payments (Total Payments magazine).
2
7. www.chyp.comPlease Copy and Distribute
So…
7
Pants are low-power devices with no cryptography
Pants have no tamper-resistant memory for keys
Pants have intermittent connections
They may be in the attackers domain if not in secure storage
Pants go without upgrades or (digital) patches
My pants are not going to negotiate laundry prices any time
soon, but they might give away some of my secret!
8. www.chyp.comPlease Copy and Distribute
Where to Focus?
Identification, authentication and authorisation
Of people and their things
But the things can’t do cryptography
So we need to manage the virtual things, not the things themselves
Wait…
What if there was a new way to manage these virtual things?
9. www.chyp.comPlease Copy and Distribute
My Pants
Implement the identity of things as a layer on the blockchain
9
10. www.chyp.comPlease Copy and Distribute
The Private Life of My Pants
The private life of things as a shared ledger
10
11. www.chyp.comPlease Copy and Distribute
Am I Taking Crazy Pills?
So if we can bind the mundane entity to the blockchain entity…
11
12. www.chyp.comPlease Copy and Distribute
Putting my Pants on the Blockchain
The private life of things as a shared ledger implemented on a blockchain
12
13. www.chyp.comPlease Copy and Distribute
Where Next? Smart Pants
Access to virtual things via “smart contracts” with their own memory
13
Dave’s
Pants
Other
Pants
14. www.chyp.comPlease Copy and Distribute
Contact
14
Browse www.chyp.com
Follow @chyppings
Mail info@chyp.com
Comment http://www.chyp.com/media/blog/
Listen http://www.chyp.com/media/podcasts/
Consult Hyperion UK
Tweed House, 12 The Mount
Guildford, Surrey GU24HN, UK.
+44 1483 301793
Consult Hyperion USA
535 Madison Avenue, 19th Floor
New York, NY 10022, USA.
+1 888 835 6124
Notas do Editor
Technology’s Martyrs: The Slide Rule” by Kirk Johnson in the New York Times (3rd January 1987) covers the story of Keuffel & Esser.
This company, founded in 1867, was America’s pre-eminent manufacturer of slide rules. In 1965, they sold one million of them. In 1967, their centenary, they were commissioned to prepare a report about the future called “Life in the year 2067″, looking a century on. They interviewed scientists to come up with a vision that predicted electric cars and 3D TV. What it didn’t predict was that they would be out of business within a few years because of the electronic calculator. The end came quickly. On this day in 1976
K&E produced its last slide rule, which it presented to the Smithsonian Institution.
[From Computer History Museum | Exhibits | This Day in History: July 11]
In less than a decade they were gone because of technological change. But note the “Gibson” take on this: the invention that destroyed them, the electronic calculator, already existed when they wrote their report. In fact the first all electronic calculator desktop calculator went on sale in 1961
At the end of 1961 the Bell Punch Company put the Anita Mk VII on the market in continental Europe and the Anita Mk 8 in the rest of the world as the world’s first electronic desktop calculators. These were the only commercial electronic desktop calculators for more than 2 years
[From Anita: the world’s first electronic desktop calculator]
What’s more, the first electronic all-transistor calculator (from Sharp) went on sale in 1964. So by the time the slide rule guys did their study, the technology that would destroy them had been on open sale for several years. They made the mistake, I guess, of thinking that because slide rules cost $10 and calculators cost $1,000 they would never compete, forgetting that the inevitable curve of technology price/performance would do for them in time. And, I suspect, the scientists that wrote the report all used slide rules and were perfectly happy with them.
I think a phone that can check up on other people's stuff might be fun. After all, 900MHz is much longer range than NFC (several metres for industrial readers). So if you're at a boring party and you're wondering whether the hostesses dress is a real Chanel or a knock-off, you can find out from across the room. Or if you want to snoop around a neighbour's house but can't actually be bothered to go into other rooms, it's ideal. But, as I pointed out some time ago, Suppose RFID is used to implement Electronic Product Codes (EPCs) for luxury goods. If I see a Gucci handbag on sale in a shop, I will be able to point my Bluetooth EPC-reading pen (these already exist) at it and read the EPC, which is just a number. My mobile phone can decode the number and then tell me that the handbag is Gucci product 999, serial number 888. This information is, by itself, of little use to me. There has to be a database to establish provenance, and it is that database that is at the core of the Korea Telecom business model discussed earlier.
Thus, the counterfeiters will inevitably shift their attention to attacking the database. If I were a counterfeiter, I'd put chips in my whiskey that linked to a URL that displayed something that looks like the official Korea Telecom page but says "Sorry, the service is currently down, please try again later" or perhaps even "Sorry, the service is down, please call this number for more information" followed by the number for a reverse-charge premium-rate call to Surinam at $199 per minute. Just as with smart posters and so on, unless the chip carries a digital signature, you don't know whether the URL is real or not, so nothing it directs you to can be trusted. There's no need for a URL here: just have the chip store a digitally-signed identifier and let the "provenance infrastructure" do the rest. Better still, have the chip store a digitally-signed and encrypted identifier so that only the database owner can decrypt it, ensuring that all provenance request have to go through them. Without an infrastructure that includes end-to-end digital signatures there's no way round this. The phone needs to know the chip is authentic. The database needs to know who is asking, and the consumer needs to know who is answering.all applications.
I think a phone that can check up on other people's stuff might be fun. After all, 900MHz is much longer range than NFC (several metres for industrial readers). So if you're at a boring party and you're wondering whether the hostesses dress is a real Chanel or a knock-off, you can find out from across the room. Or if you want to snoop around a neighbour's house but can't actually be bothered to go into other rooms, it's ideal. But, as I pointed out some time ago, Suppose RFID is used to implement Electronic Product Codes (EPCs) for luxury goods. If I see a Gucci handbag on sale in a shop, I will be able to point my Bluetooth EPC-reading pen (these already exist) at it and read the EPC, which is just a number. My mobile phone can decode the number and then tell me that the handbag is Gucci product 999, serial number 888. This information is, by itself, of little use to me. There has to be a database to establish provenance, and it is that database that is at the core of the Korea Telecom business model discussed earlier.
Thus, the counterfeiters will inevitably shift their attention to attacking the database. If I were a counterfeiter, I'd put chips in my whiskey that linked to a URL that displayed something that looks like the official Korea Telecom page but says "Sorry, the service is currently down, please try again later" or perhaps even "Sorry, the service is down, please call this number for more information" followed by the number for a reverse-charge premium-rate call to Surinam at $199 per minute. Just as with smart posters and so on, unless the chip carries a digital signature, you don't know whether the URL is real or not, so nothing it directs you to can be trusted. There's no need for a URL here: just have the chip store a digitally-signed identifier and let the "provenance infrastructure" do the rest. Better still, have the chip store a digitally-signed and encrypted identifier so that only the database owner can decrypt it, ensuring that all provenance request have to go through them. Without an infrastructure that includes end-to-end digital signatures there's no way round this. The phone needs to know the chip is authentic. The database needs to know who is asking, and the consumer needs to know who is answering.all applications.