Not Just a Password: Building Dynamic Identities for the IoT

By Eric Stanculescu, The Wireless Registry

February 26, 2016— The Internet of Things is growing explosively. Gartner forecasts around 25 billion connected Things by 2020; Cisco twice as many. Thanks to devices completing tasks across a range of sectors ‒ health and safety, entertainment and leisure, industrial applications and more ‒ the IoT has enormous potential. However, unless IoT devices are able to interact securely in a scalable way, it will fall short.

Device-to-device engagement requires identities for the IoT (what Gartner calls the Identity of Things, or IDoT). This meta-layer helps Things recognize each other to establish channels, exchange data, and complete tasks. The Wireless Registry’s infrastructure delivers IoT identity solutions at its core: a third-party, platform- and technology-agnostic registry for existing and future wireless identifiers of all kinds. More than a static list, it establishes identity through device relationships, dynamically and over time, unleashing the full potential of IoT services — authentication and security, social and mobile engagement, and industrial applications.

Every day, more devices from different manufacturers and with different wireless signal technologies encounter each other in homes, offices, factories, and on the street. Each new Thing raises demand for device-to-device interaction to unprecedented levels. Making engagement scalable poses particular challenges. The current approach considers identifiers with certain permissions that devices (or groups of devices) use to gather and share the ‘secrets’ they need to complete a task. An inadequate take on legacy system interaction (interconnected computers), this silos the IoT into a bunch of intranets, requiring that a Thing connect to every other Thing to ask even the most basic ‘what and who are you?’

The Wireless Registry recognizes that these notions of static IoT identity cannot hope to achieve the necessary scale. As a result, we’re building interoperable, scalable solutions based on dynamic identities.

For example, when my office WiFi router detects my smartphone, it grants network access based on a remembered password. Yet my phone may have been stolen. Authentication could instead be multifactored to include the presence of other wearables (like my watch or fitness tracker) regularly detected alongside my phone (and one another) in the past. Similarly, if I recently connected to an unsecured and unrecognized public network (a shared hotspot at an airport, for example), it could be taken into account that my phone may be compromised. Inversely, when I introduce a new device to the router, connecting it could require less human intervention when that device, as part of its dynamic identity, has already established familiarity in the presence of my other known devices.

Effectively, The Wireless Registry’s IoT identity solutions are more than just a password. We establish and verify identity in a way that comes naturally to humans ‒ trust by familiarity ‒ to help drive the next wave of IoT services and use-cases.