Crypto Identities in Devices – What and Why?

ControlThings offers a middleware technology for recording Verifiable Audit Trails using crypto identities in devices and user interfaces. It also involves authentication and secure communication between devices. If you are a solution provider, you can use our software libraries on each participating device. On your sensitive systems, you need to define (during device provisioning) which organisations and types of user accounts to trust. On user interfaces like mobile apps, the users are anchoring their app with their own corporate account. These steps are sufficient, the crypto identity middleware takes care of the rest, using cryptography and certificates. The crypto identities remains invisible, while the middleware produces a cryptographically verifiable chain of events, with tampering detection.

Verifiable Audit Trails - Cover Your Back with Recorded Evidences

When you need to confirm that insurance conditions or warranty conditions have been met, you appreciate the verifiable event logs with tampering detection. A customer may deny that he used a service specified on the invoice. Can you be confident that logged records are authentic, or could the file potentially have been manipulated? With digitally signed log records, chained cryptographically together, you can verify who triggered what, in which order and that no event has been erased or modified. It provides immutability and non-repudiation. Like in police registers, medical records and fintech databases users are required to digitally sign commands for accessing or storing data, or for triggering sensitive actions. This has previously been achieved using smart cards containing a crypto identity. With our mobile app framework, you can avoid the pain and costs of smart cards and card readers. This middleware produces indisputable log files, every party can be held liable for their own acts.

A Verifiable Immutable Chain of Events

An Audit Trail enables impartial verification of the essential events:

  • Verifiable trust anchoring
    • app anchoring to an organisational user account
    • the trust provisioning on the target device
  • Verifiable event producer
  • Verifiable command triggered by event producer
  • Verifiable target system who executed and recorded event
  • Verifiable order of events
  • Verifiable chain coherence, completeness and immutability
  • Verifiable common understanding of time, between producer and event recorder

Identity Federation for Inter-Organisational Ecosystems

Have you noticed that the competition of ecosystem ownership has led to more ecosystems? This middleware does not require users to sign up to a central server, but instead to anchor their self-created crypto-identity with their own existing account(s).

Crypto identities provide a neutral way to securely connect with partners, while avoiding the situation where `a central authority has control over the whole ecosystem`. No predefined central root of trust is required, the identities can securely connect with each other in a co-equal manner. The crypto identities provide self-determination.

Use existing IAMs

ControlThings technology relies on external IAMs and existing social relations for first-time identification. This means authenticating the identity of the applicant for identification when the certificate is issued or pairing is made.

Corporate user accounts, government issued digital IDs or sim cards from telecom operators are examples of account types that can anchor your own self-created crypto identity, and make it more trustworthy.

Trust anchoring requires the participating organisations to host an own certificate management service - Certificate Authority (CA) and Certificate Revocation Lists (CRL) - for attesting attributes about their user accounts. This is a small piece of code, based on widely adopted implementations, which uses standard X.509 certificates for describing user privileges according to the organisation's user directory and IAM. The user app receives a certificate containing the verifiable claim from the CA, after a successful traditional authentication (such as OAuth) to the domain.

Trust the Certified Networks

How can a machine owner be sure that a remote assistance feature in his/her machine is not being abused?

For enabling remote assistance the owner defines trust to undefined identities who can expose credible X.509 certificates, including sufficient attributes, issued by a trusted party pointed out by the owner. When the remote assistance connects, the authentication event, including challenge-response authentication with the accessing identity and the certificates verifying the identity anchoring to the trusted party, is recorded by the machine as a verifiable audit event.

Pairing - Consumer-Friendly Password Alternative

Too many passwords to handle? Reusing them? Unchanged old passwords? Default passwords?
Password based security is generally considered weak and the industry is actively moving towards better systems. As an example of this, the state of California has recognized the weakness of password authentication and decided to ban all default passwords on devices from the year 2020.

The Identity Pairing technique offers better security through public key cryptography. Pairing fits for small scale setups, with fairly static trust relations. The user user experience is intuitive. No passwords to remember, and the hidden cryptographic keys provide much stronger security. Also, no sensitive data is ever sent over insecure channels for authentication. Pairing can be used in conjunction with large scale trust management using certificates.

Securing the Edge in Industry 4.0

Critical system integrations like in a mill environment or in a vehicle cannot rely solely on cloud-level integrations. Edge level peer-to-peer integrations are required for reduced latency, increased throughput and more reliable networking.

With ControlThings’ tools and white label middleware, the edge peer-to-peer connections are easy to commission and access management is remotely orchestrated in realtime.

Agile Crypto Identities

Self-created anchored middleware identities provide an agile complement (or alternative) to crypto hw like smart cards. Start recording Audit Trails on your system using events triggered by iOS and Android apps.

Start Recording Evidences

The cryptographically verifiable log files they leave no room for arguing.

Easier user management

Provision your system with trust to certificates issued by the partner CAs, while letting the partner manage the user accounts in their organisations. You have verifiable evidences what the users from partners have triggered on your system.

Contact us

Drop us a line or give us a ring. We love to hear from you and are happy to answer any questions.

OUR OFFICE

Mestarintie 14, 06150 Porvoo
FINLAND

OUR MAIL

info@controlthings.fi

OUR PHONE

+358 405 166116