KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
How Self-Sovereign Identity (SSI) enables decentralized Identity and Access management for Things
From SSI zero to hero – ETO`s digital & IoT transformation in practice
How Self-Sovereign Identity (SSI) enables decentralized Identity and Access management for Things
From SSI zero to hero – ETO`s digital & IoT transformation in practice
In this session, I will first talk about the design considerations and challenges when applying SSI to IoT, followed by the description of an initiative for creating an embedded SDK for SSI. Finally, I will discuss new opportunities for building decentralized identity and access management solutions for IoT.
In the future, you will not only decide where your data is stored, but also with whom you want to share your data. If you share data, everything will be logged for you and you will always have an overview of who has received data from you. This is what transparency looks like and this is what SSI promises you.
But, what are the challenges when trying to implement SSI paradigms in the real world, and where do we may have to change the overall reception on digital identities? Get first-hand insights from our experience on a project to initiate self-sovereign identity in Germany.
In this keynote we are looking at practically moving existing infrastructures towards the Decentralized Identity world – widely known as Self-Sovereign Identity (SSI). Leveraging the Credential-based Access Control (CrBAC) paradigm, implementing SSI in an enterprise is easier than most people think. We will learn why and how SSI is such a bright way out of the complex and interwoven IAM world still predominant today, more than 11 years after “Dos and Dont´s when Introducing a Compliance Management Tool” in a Role-based Access Control (RBAC) context at EIC 2009.
Skills not degrees are what matters in today's job market. Using SSI and OpenBadges standards, people can gain micro-certificates based on skills acquired during their studies, work, or volunteering. We will discuss what it takes for educational institutions and employers to adopt a privacy-friendly, frictionless, and more secure onboarding process for students and employees based on this technology. We will explore the new paradigm for IDaaS, an eIDAS 2.0 compliant process, and how we enable Life Long Learning.
The disruptive changes in the SSI paradigm will not be effortlessly adopted by the industry worldwide without technological enablers. Indeed, before transitioning to a fully decentralized ecosystem, standard enterprise IAM solutions and canonical IGA disciples will need to adapt and integrate verifiable credentials. This talk will explore the hybrid decentralization paradigm, offering pointers and insights into the uncontestable evolutionary needs of enterprises. After all, industry IAM solutions must evolve to include VCs issuing and verification capabilities to fully embrace the trustless trust paradigm while retaining complete control of authorization flows.
Traditional identity and access management solutions built so far on the trust for selected identity providers and their adoption from an ecosystem of identity owners and identity verifiers. The decentralized identity paradigm is disrupting these ecosystems and required more democratic collaboration and competition among a number of identity and credential issuers, identity owners, and verifiers selecting and using them. This requires not only to design and implement new technologies but also to identify new business opportunities and business models. Collaboration, experimentation, and evaluation are the road to adoption, and the EU collaborative H2020 research and innovation framework offers the opportunity to de-risk such collaborations, in favor of innovation.
Self-sovereign identity (SSI) has reached the in-between stage: more than a concept, not yet fully deployed. This is where the work can get the most gruesome and exhausting, but also the most creative and rewarding. While the dedicated W3C standards are reaching maturity levels, we see regulators and government actors jump on board and asking for even more stability across specifications and standards in order to establish real world systems. In fact, we see large pilot projects and implementation programs worldwide. One promising but equally critical development is the eIDAS 2 regulation, promising dependable answers to questions about governance and trust frameworks that will drive adoption. This short deep dive will give you an orientation of the state of play for SSI in the context of these greater developments – and might provide an outlook for your projects as well.
Yeah, can you hear me? Yeah. Yes. So welcome through presentation empowering division of IOT with decentralized identities. In next few minutes, we can go through our journey, how we implement SSI or decentralized identities into products, how we use it for ecosystems based on example here ATO is providing. But before we start, let me introduce a little bit ourselves. My name is Marcus Supper, managing director on co-founder of fico. In my prior life, I worked many years as a IT security consult for larger and smaller companies.
I'm also happy to introduce you Benjamin Burnish, vice President for digital products and services. He's mainly responsible for the overall digital digital transformation. Last words about fico, we empowering trusted interactions through decentralized identity and our mission is to build the next generation identity access management platform that seamlessly connects machines to machines to people. Yeah. Hi Benjamin, my name. So we are a typical automotive supplier in the automotive industry. So we have very large OEM customers already in the field of business since 70 years.
And yeah, core technologies are typically brake, activators sensors, a lot of equipment in industry and we are typical or we were typical parts and module supplier. And my task was to implement new technologies, IOT devices in the last four years into the company to also reduce the the turnover share coming from combustion engine components. And the second task was to implement new business cases, implement software use cases and become one of, yeah, one ecosystem provider. And at the same time, which which was a restriction of course we cannot take business shares from our existing customers.
So we have to take care that we go into fields which which are not critical to our existing business. So when we came up with a decision for years to go to become an ecosystem supplier, we did a typical risk management and benchmarking of technologies. And why we did that, we figured out there are some, some topics we really need to take care about. And it's not the topics that you can read here, it's also the topics of hiring the right software persons or the right developers. We needed to take a decision to either build our own iot platform.
In this case we said no, we are going to buy a company which we did in the field of precision agriculture or precision farming, which is also in. And we decided that we need to take care of identity management on a very secure level to to communicate with our hardware devices which are usually connected via, for example, nv i, OT or Laura. And we need need to make sure that the sensor data is really coming from us and can be trusted and can be also given to other third parties without, without the requirement to go through some certification authorities for example.
So that's where we met and that's where we took the decision to go with the FinCo technology on implementing ssi. And I will hand over back to to Marcus. Exactly. So this was the point where we have been many years ago where we've seen that we could solve with ssi, self sort identities, many of the problems and challenges ATO was facing. And SSI basically provides a more DI direct trust, a more direct way to interact with each other simply because we don't rely anymore or rely less on central authorities and central identity systems.
Furthermore, self, so identity principles, you are basically the owner of your own identity and you decide what happens with the identity and, and its relying data and you are basically sharing identity information through available verifiable data registry, which is basically a neutral network or database if you want to say, and others can take the data and verify you or interact with this identity. So this is basically the main difference and we see that makes sense for us to use ssi.
And we see also when it comes to IT use cases other business are considering to use also self-sovereign identities in the IOT use cases. In terms of business efficiency, you can very quickly onboard customers, other devices or when it comes to data centric business models, you can enhance privacy and data protection, build more trans transparent ways, direct transparent ways for data exchange and value exchange. And of course, last part, not least, if you're using the self-sovereign identity protocols and standards, you can also build on top something which allows us to do IOT authentication.
And later on I believe also authorization, which helps companies to increase their compliance with IOT's acute controls. So these are the reasons why we did it and how we did it. That will now explain.
Yeah, so we've been quite lucky three years ago we've been awarded by the German ministry for digital and transport with a large funding program to develop a traffic sensor that's, that will be located as a IOT device next to the street with the funding of 11 million euros that we received in a big consortium of 11 companies. And this allowed us to experience also new technologies because that's what's funding from government is usually about to not just implement what is existing so, but to also experience on very new technologies such as ssi.
So we became, we were already on the path being a part supplier, wanted to become an ecosystem provider. We had the funding, we had the power to implement it and we had to also the agreement from our board members and managing directors to implement the system. And on this pass, yeah, we are at the moment implementing actually the first use cases where we will bring IOT devices into the market and hopefully in very large scale with with, yeah, with the traffic sensors, which you will see later as IOT devices. We will go somewhere in two years into the market.
So what, what did we actually do? So the first phase where we have been in roughly two years ago was a big transformation. So becoming an iot provider is of course nothing, nothing simple, especially when you were really only working according to specifications coming from customers. So we were in a very large transformation phase within eto. We had to build awareness about different types of technologies.
So not only digital identities or decentralized identities, but also for a lot of technologies such as, yeah, as I said, Bluetooth, N B I, ot, lower V two X communication, DSRC communications, all that's all part of the, of the story. And we, we took the decisions for each and every single module to build use cases or to build first proof of concepts. So that proof of concept phase probably took roughly a year. It was all software based. Of course we took some very early decisions on some hardware modules like hardware security modules that we need to integrate in our, in io, our IOT devices.
And what came up after a year was actually the decision to continue with SSI instead of classical pka PKA infrastructures. So in the next phase we started selecting hardware security modules. So we were in the planning phase of bringing iot devices actually to the market. We created the teams that are working on it. We hired the software developers that understand also the cryptography. So not only the implementation of of the SSI technologies or really deep learning also on the, on the, yeah, very low level of the cryptography.
And yeah, at the end of that, of that phase two in the classical automotive business, we call it B samples, where we really proved to, to ourselves, to the management and to the board that the technology itself works and brings, yeah, some very good benefits actually. So our lessons learned from this was that SSI can really bring in benefits, it is superior technology. And when we had the chance to select between different technologies, we just took that decision and said we want to go for it even though it's not completely developed to the end yet.
So what you see here is actually the products that we developed, the first product you see here on the left is, is a wearable, it's like a digital compass that groups can, can wear. So each of you could wear such kind of hardware device, they will be in the web store somewhere, the summer web shop, somewhere the summer. And these hardware devices can build groups. So you can come together with groups, you can add devices and you can always have a trusted system between those hardware devices and you don't need connectivity to the internet for that.
So we can expect, for example, use auto wideband communication between devices or, or our proprietary communication protocol that we need to share the ideas, share authorizations between hardware devices as long as you are, for example, in a distance or close to each other, like 300 meters something, if it's a maximum distance we can reach without internet connectivity. Beyond that, we communicate via NB iot to the internet and make sure that the, the GPS location data is really only shared with those people that are, we are allowed to see the GPS position.
So think of a child, well only the mother want to have the data and not anybody else. Then we have the automotive business case where we take care of copyright protection. So as a component supplier, we want to make sure that it's, for example, for the hardware aftermarket, we stay the component supplier or in autonomous driving you can think that you don't really want a copycat product in your, in your hardware braking system when when you bring it to for repair for example. Yeah.
And the, and the product smart city here is a smart de delineator that's actually being set up in frien this summer with 10 kilometers equipped with it. There are, there are going to be hundred of these devices equipped with SSI technology which will then start communication with Laura with yeah 5g, with DSRC and with V two X. So we can start sending traffic traffic data to yeah, to cars to the light control center which is also located in in frien.
And then last but not least, we have agricultural sensors where we took the decision to not implement S S I because we have direct communication only between the I OT devices and our backend. So it means for, for use case which we are working on for, for the past four years for 75% of those use cases, we took a clear decision to go for the ID with SSI and I think it was really the right decision even though we are not at the end of the development phases yet, but we are quite sure that it will actually work. Yeah.
So while ATO is focusing on making their products basically as iReady, we came up with the idea, okay, how can we help it when these devices are going to productions? We are talking a lot about hundred thousands of devices, right? How can we scale that? How can we be efficient here? How can we provide the security which is needed here? And the basic idea was that we generate and the identity and the credentials for the devices in the same time where the device are produced.
So we built basically here a concept where we are able with our s i management platform to seamless seamlessly built the pro the devices but also we are, we are able to create and securely create and automate the identities and its credentials we set, we divide security concept, we set up an OT security test environment placed in our self-sovereign identity management tools, did a lot of testing and now we on the phase where we are rolling out step by step very carefully the thing here into the real end of line production. So we have to take care, nothing happens in the end here.
And so we can say we can scale with ETOs production in the end and furthermore when these device are going to after sales and going to operation, we already have their identity and credential we can use for secure and trusted interaction. Yeah, and this is the last step. This is what we actually planning.
We want to help to IT to become a IOT trusted IOT ecosystem operator here, the right side, you see basically what we are, I already explained a little bit the OT IT security infrastructure with our identity management platform, which helps with the whole entry and identity and credential management with the SI infrastructure set up and the needed features for the overall ecosystem for data security, iot device and user authentication later on because this is what we want to build here.
Here on the left, an open ecosystem where everyone can join with its own SSI or with the IOT application and APIs we are providing. So customers, partners, other system operators or other device can join here, the open IOT ecosystem and directly can communicate and interact with devices in a trusted way here. Last partner least, our final goal is here to build something in the last step, which we are calling data marketplace. So we want to build something where devices from ETO are able to send data directly to a data marketplace with the identities used in in signing the data.
And on the other side partners, customers can really quickly log in with our passwords. He entered the marketplace and can make sure when they are buying the data that this data is coming from the Pacific device here this data is produced or generated at a specific time and it's not ED by someone else. So you can save basically self phone identity helps here with its underlying protocols for de decentralized identifiers and verified credentials to build trust overall in the overall ecosystem. And we are able to build something which is open but controlled in the end.
Yeah and I believe in conclusion ADO did a great job by choosing SSI for the overall transformation. And the good news are if you are considering to do something similar then I'm happy to say that you can use now our identity gateway, which is now production ready since few weeks. It helps with all the decentralized identity methods. It is very scalable so we can prove that we can handle hundred thousands of devices and credentials is everything is based on the worldwide web consortium for decentralized identifiers and verified credentials.
It allows inability also to legacy identity systems and standards. And last but not least, we made it surprisingly simple from all the hard lessons learned we we gained with and also with other partners. So if you're considering to do something similar here as a platform, which helps you for with the implementing, operating and maintaining the SSI infrastructure and ecosystem at all.
Yeah, that's basically it. Thank you very much. Thank you also to copy our call having us here so we could share some insights if you have now some burning questions or later on, you are also also invited to join me and from technologies, the SI experts here later on at it's only two streets far away so you don't have to struggle to come back after a few years. So you're very welcome and thank you very much. Well thank you. Thank you Benjamin, you Marcus, great having you here.
And of course we have a minute left for a question perhaps from our audience and if not, I have one from the online, from my tablet. Basically, how are identities controlled by the devices in an SSI way? Does it store its own keys?
Yes, that's basic the answer, but it depends how you want to set up. It depends on your risk appetite, right? So if your device is not able to control and manage sign signature functions for examples, then you can also decide it to then to do that. This whole thing is done by a next powerful component. In some many cases, this is our iot gateway for example. But in here, in this use case, we made sure that the devices of A two R can handle the, the keys, the signature functions which are needed for, for verified credentials and decentralized identities. Yeah. Okay. Great.
Well thank you guys and we have to move on to our next presentation.
