IoT Identity

The first IoT topic I want to look at is Identity.  Identity is critically important when selling an IoT product. It doesn't seem such a big problem when playing with half a dozen Raspberry Py's in the back room of your house.  But when customers start sending back error reports and/or hardware knowing exactly what they're talking about becomes very important.

This problem starts with the what is Identity?

Consider the example of a taxi management system.  We've all been in a taxi lets make the meter a smart meter.  It knows all about the taxi, speed, distance tally, fair total, etc and can be tracked at via a web service.  What the problems the system solves is not important for the example, what is important is that the system is installed into the car as an after market component and that it provides data about the taxi to a central service.

And now we come to the question of identity.

The first question to ask is "When do you need to identify a device?" There are three cases I regularly encounter:
  • In reports and dashboards. 
  • To the central service and each other.
  • In Exception Cases
The next question is "What do you use as identity?"

The when cases break easily into two groups based on who is consuming the information.  The first case is the output of the system, we can assume that whoever designed this system wants to be able to see accurate information about the fleet.  So they're going to want to use their names for the vehicles, "Taxi 67", "Billy's taxi", however they refer to them. So the first identity is the clients language, something easy for humans to understand.  I'll call this the real world identity.

The second when case is when identifying the to other software.  In that case some sort of unique identifier that is easy for software to understand. Probably a GUID.  I'll call this the software identity.

The third when is when something has gone wrong.  The easy answer for this case is just keep using one of the previous two identifiers.  The problem with the easy answer is that when an IoT solution is in production minimal down time is important.  To achieve minimal down time it's common to have a collection of "known good" spare units is held in a state ready to be physically swapped for and configured to replace any problematic unit. `

This would mean that now the software identity and real world identity are potentially associated with a different piece of hardware. This makes fault finding difficult if the problem is hardware or firmware related.  So obviously to solve this problem we need to introduce the concept of a hardware identity as well.

So to correctly identify an IoT device we need to know the real world identity, the software idenitity and the hardware identity at any given point in time.

Building an IoT product is hard.  Making an IoT solution work in production is harder.  Before deploying make sure you've gone through all the possible exception cases and have a good plan for maintenance, because no system ever survives first contact with the enemy customer.

Comments

Post a Comment

Popular posts from this blog

Solving `Empty reply from server` in DotNet Core

tldr; If you’re getting  curl: (52) Empty reply from server  check that you’ve configured Kestrel correctly. Long version I’ve started playing with Dotnet Core and Docker and have had a few issues getting started. I’ve had a little bit of experience with Docker, though only a little. I’ve worked with DotNet previously but never with Core. Environment The setup I’m using is a Windows laptop running Vagrant. Via Vagrant I’m running an Ubuntu Virtual Machine with the Docker run time installed. Feels a litle like inception. Key Problem The key problem that I’ve had getting started was having my Docker container not responding correctly to my curl commands. I get this: curl: (56) Recv failure: Connection reset by peer curl: (52) Empty reply from server Given that I’m not all that familliar with Docker or Dotnet Core I decided to remove one of the variables and set up a simple Express app in a different docker container. This validated that the commmand I was using to run
Read more

Testing functions that use local storage with Jest

Testing functions that use the browsers local storage API seems easy when you know how. Here's a quick run down on how to mock it out with Jest if, like me, you're not familiar with how to test it. In the end it's very little code. Consider the following TypeScript code. import { get, save, key } from "./storage"; describe(save, () => { let setItem: jest.Mock; beforeEach(() => { setItem = jest.fn(); Storage.prototype.setItem = setItem; }); it("should call set item with predefined key and json object", () => { const valueToStore = { value: "toStore" }; save(valueToStore); expect(setItem).toHaveBeenCalledWith(key, JSON.stringify(valueToStore)); }); }); The key lines are in the beforeEach call where the setItem function of the Storage prototype is assigned to an instance of jest.fn() . This allows us to make assertions on what is passed to the local storage setItem API.
Read more

Building a verify JWT function in TypeScript

# Verifying an RS232 signed JWT JSON Web Tokens (JWT) are used as a way to verify the identity of the caller of an API. **The best way to verify a JWT is to use a verification library.** I wanted to have a look at some of what those libraries are doing under the hood by putting together a function that will return if a given token is valid. In this blog I'll go through what I have done to get a validation function working. To simplify things assume: - That the signing algorithm is RS232 all others are considered invalid. - That the public keys are available on a JWKS url provided to the function eg [https://klee-test.au.auth0.com/.well-known/jwks.json](https://klee-test.au.auth0.com/.well-known/jwks.json) - I only want to know if the token was signed by a key available at the above url. I wont be checking if the token has expired, if the scopes or other claims are valid. # Break up the token A JWT is made up to 3 parts. The first thing to do in validating the token is to brea
Read more