Imagine you are the registrar of a university, and you have graduating students wanting access to their diplomas. Manually fulfilling and authenticating those requests is time-consuming—and in situations where physical presence is required, impossible. Here’s one way you might be able to provide that access digitally: for students who have finished their bachelor’s degrees, you sign a bachelor certificate using your Self-Sovereign Identity (SSI). The students can take their signed certificates and show it to anyone else, and everyone can verify that the diploma is valid without having to contact the university.
That is a hypothetical example of Self Sovereign Identity. SSI is a term used to describe the digital movement that recognizes an individual should own and control their identity without the need to involve administrative authorities. SSI allows people to interact in the digital world with the same freedom and capacity for trust as they do in the offline world.
But if it is one thing we know about identity in the age of digital transformation, it’s that people aren’t the only ones with identities. Machines have identities too.
SSI is essentially a new way of thinking about identities. The intent of SSI is to make identities versatile for basically every setting one can imagine. Right now, identity is basically a digital certificate, which you can use to authenticate yourself or a machine. The SSI idea goes a bit further. It starts with a base identity (called decentralized identifier) and then goes to the next step, by enabling us to sign arbitrary claims and prove those claims towards third parties. These claims are called verifiable credentials and can be used to identify and sign any declarative statement whatsoever. That's a really powerful concept because the applications are so broad.
SSI is not really a new concept. It's been around for quite a while, but the reason SSI could not be adopted is that the missing piece of the puzzle, distributed ledger technology (also known as blockchain), has not existed up until a few years ago. That is changing and the SSI ecosystem is growing.
Verifiable Credentials Meets Machine Identity Management
At filancore, our goal is to establish a secure basis for future networking by making decentralized identities suitable for the Industrial Internet of Things. We were excited to join the Machine Identity Management Development Fund and build a bridge between the SSI ecosystem and Venafi as leaders in Machine Identity Management.
Since an identity would be under the full control of the subject of the identity (that's why it's self-sovereign!), you can not only apply SSI to humans—like I have my identity, which is reflected in a digital identity on my phone. You can apply SSI to machines too. Think about a machine. It has its own decentralized identity and can use that in combination with verifiable credentials to authenticate and authorize itself against third parties.
In the example above, a bachelor certificate is just one instance of a verifiable credential. Just as the graduates above have their digital identities, machines can have digital identities as well—and they too can be the subject of verifiable credentials. If I'm a machine producer, and I want to create machines that are unforgeable, I can issue the credential to the identity of my machine that establishes, "Hey, I made this machine." And then the machine itself could prove to anyone asking about it that “yes, I was manufactured by this producer.” Whereas a third-party unauthorized copy of the machine cannot do that since it doesn't have the proof.
We have created an integration that enables organizations to start exploring the SSI ecosystem by creating their own base identities and registering them with a state-of-the-art distributed ledger technology called IOTA. On top of that, anyone can create verifiable credentials about these identities based on Venafi x.509 certificates—the software requests a certificate from Venafi, and then convert that certificate into a verifiable credential.
What does this mean for our machine manufacturer? Using SSI, they can not only provide their machines with a decentralized and secure identity but also cover authentication and authorization through verifiable credentials issued on top of these identities. With this solution we built with Venafi, we can communicate or authenticate, authorize these devices, and prevent them from vulnerability to attack or counterfeit.
By providing a means to globally define an indisputable link between a machine and its machine identity across different sites, networks and businesses, we can secure IoT like never before.
The filancore integration for Verifiable Credentials is available now. You can learn more from the Venafi Marketplace. And stay tuned for part 2 of this series, where we explore the SSI and crypto-agility.
This blog features solutions from the ever-growing Venafi Ecosystem, where industry leaders are building and collaborating to protect more machine identities across organizations like yours. Learn more about how the Venafi Ecosystem is evolving above and beyond just technical integrations.
- Securing Machine Identities for Industrial IoT Devices: [Interview with Intrinsic ID]
- How PKI Certificates Could Help Secure the Internet of Things [IoT]
- Why the Rise of Enterprise IoT Puts Machine Identities to the Test
- IoT and Machine Identity Protection: Getting Smarter about Securing Smart Technologies