Japanese firms demonstrate decentralised IoT platform

  • July 7, 2021
  • Steve Rogerson
Diagram of smart concierge system

Japanese companies CollaboGate and Tessera Technology have started a demonstration experiment to build the world’s first decentralised IoT platform using decentralised identifiers.

The two companies have formed a business alliance to build the platform that smoothly connects people and IoT devices. In association with electronics company Renesas, they aim to develop a smart concierge prototype for building a contactless economy worth over $11tn by 2025.

They will work on a proof-of-concept project that intends to build a decentralised IoT platform that smoothly connects people and things, and a smart concierge that enables the contactless economy by using the Unid decentralised ID platform.

To prevent the spread of Covid-19, it has become important to avoid human contact, and non-contact has more significance in consumer behaviour. Due to the increase of the stay-at-home economy and contactless consumption outside of the home to be derived by innovations, the market size of the contactless economy in Apac is forecast to reach $11tn in total, double the current level.

Specifically, the shift to contactless transactions is becoming more active such as smart branches for banks, virtual concierge at healthcare and government services, digital orders at restaurants, and automated reception at offices and hotels.

To replace various tasks that used to be done face-to-face with non-face-to-face methods using technology, digital data and hardware need to be designed to be synchronised. For example, IoT devices must correctly identify, authenticate and authorise users, automatically verify the data applied for, consider user privacy, and ensure the security of unattended IoT devices.

A decentralised IoT platform that meets these requirements is needed for a smooth transition from the face-to-face to the non-face-to-face system.

So CollaboGate, the provider of Japan’s first decentralised ID platform Unid, and Tessera, a company with strong expertise in IoT device software development, have formed a business alliance to develop a decentralised IoT platform to use the robust hardware-based security functionality of Renesas MCUs to meet the growing need for transactions without human contact and to verify prototypes.

In this project, they plan to build a prototype of a smart concierge with an identity verification function for use in banking, healthcare, government and access management at offices, hotels, factories and logistics warehouses.

In the current internet system, it is difficult to verify automatically the data provided by users without a trusted third party. In reality, the manual verification process of the data is still necessary for businesses. By introducing a decentralised identity mechanism to IoT devices, a mechanism can be built that allows them to verify the data provided by users autonomously. This should enable the safe and quick delivery of services.

For example, users can check in to hotels, accommodations and other lodging facilities and unlock their rooms by simply carrying their mobile app. It can also streamline the validation and entrance for live music, concerts, baseball, football and other sports, as well as theme park facilities. The system is expected to enable contactless operations and efficiency that have been conducted face-to-face, such as the efficient management of office visitors, logistics warehouses, and medical and educational facilities.

IoT devices that are connected to the network are subject to security risks such as hacking and identity theft. For example, the access IDs and passwords hard-coded into IoT devices are vulnerable if they are left as default settings or are easy to guess. In fact, there was a case where many IoT devices were illegally accessed and used as a botnet to launch DDoS attacks.

For this reason, security by the PKI standards has significant advantages over the password method. However, the conventional PKI standards using CA certification authorities require manual management of many certificates for each IoT device. In addition to being a very time-consuming task, there are risks such as the leakage of private keys managed by the service operator. And the time and effort required to renew certificates lead to the use of certificates with a long expiration date, which causes vulnerabilities. Thus, the conventional PKI standards have problems in terms of cost, operation and security.

By introducing a decentralised ID mechanism to IoT devices, first, a key pair is generated within the IoT device, then the public key corresponding to the digital signature is registered in the decentralised PKI network. Anyone from the network can reference this public key, and a cloud server communicating with the IoT device can retrieve this public key and verify the digitally signed data. This is expected to eliminate the need for manual verification, increase security strength, and significantly reduce the operating costs of IoT devices.

Against the backdrop of the changing and growing awareness of privacy among individuals and the global trend of privacy protection regimes such as GDPR and CCPA, a separation between holding data and using data is becoming a prerequisite for building trust for companies that have customer contact.

In Japan, the Act on the Protection of Personal Information is scheduled to take effect in April 2022, and the handling of personal data via IoT devices will require system design based on the same consideration of individual privacy. Decentralised IoT platforms provide a mechanism that enables IoT service providers to provide the desired services without retaining unnecessary personal information. It provides a mechanism for safe and smooth authentication and data transactions between humans and IoT devices based on personal consent, using a mechanism where individuals control their personal information.

“With the Covid-19 pandemic, the number and type of businesses that need to interact with users contactlessly have exploded beyond the specific industries,” said Masayoshi Mitsui, CEO of CollaboGate in Japan. “We believe that the verifiable data exchange platform between people and machines in a decentralised manner will support the transformation to contactless systems in a wide range of fields, including new work styles, mobility, logistics and smart cities, and will contribute to progress our digital society.”