...
The role of identity management in the Internet of Things (IoT) is expanding to address how to identify IoT devices, manage their interactions and the services they offer, and control access to sensitive data. This requires Identity and Access Management (IAM) to be capable of managing human-todeviceto-device, device-to-device, and/or device-to-service/system interactions. Additionally, in many cases, IoT devices are connected intermittently and/or temporarily and during that period they are required to communicate with other devices, services and the infrastructure. Commencing the communicationrequires communication requires that devices authentication and authorization to be performed according to a well-governed identity management life cycle that can ensure a unique and global identification mechanism.
...
One of the drawbacks of the GSMA’s centralized IMEI DB lies in its power of imposing high membership fees on its members which prohibit many small operators, particularly in developing countries, from joining and connecting their Equipment Identity Register (EIR) with the GSMA’s Central Equipment Identity Register (CEIR). This problem not only shuns small operators from participating in the global smart phone supply chain, but also retailers who would like to sell to them.
Another drawback is the slow process for accessing and updating the IMEI DB which is strictly limited to the participating service providers. The process of reporting theft or stolen devices, for example, is a very tedious and slow due the lack of trust and transparency. It is very difficult for reporter of theft to prove his/her ownership of the device. Thus, reporting a stolen device takes days and weeks before the IMEI DB is updated and replicated across all operators’ EIRs. Among the estimated 1250 mobile operators worldwide, only 119 operators have joined the GSMA IMEIDB, according to GSMA website, by end of 2018 [3]. This represents approximately 10% of total number of operators participating in providing information and utilizing the GSMA IMEIDB to counteract a problem amounting to losses estimated at 45.3 billion EUR [4] and among the main reasons to the lack of adoption is the centralized approach used in managing IMEI DB [5].
We propose that the subgroup develops a decentralized IMEI registry along with a simple device lifecycle management based on Hyperledger Fabric and smart contracts. The decentralized IMEI DB solution will demonstrate the use of Decentralized Identity Identifiers and Verifiable Claims based on the DID W3C specification [56]. It will also utilize Hyperledger Indy for identity creation and claims verification. The verifiable claims will address cases such as proof of ownership, proof of valid authorities’ certifications (e.g. FCC, CE, IC).
...
1- A. Sghaier Omar and O. Basir “ "Identity Management in IoT Networks Using Blockchain and Smart Contracts.", iThings/GreenCom/CPSCom/SmartData 2018 https://doi.org/10.1109/Cybermatics_2018.2018.00187
...
4- N. Wajsman and A. Burgos and C. Davies and M. Mani and S. Kumar. ”The Economic Impact of Intellectual Property Rights (IPR) Infringement in Smartphone Sector,” Rep. European Union Intellectual Property office, Feb. 2017, [Online] Available: https://euipo.europa.eu/tunnel/ipinfringement/smartphonesectoren.pdf.
5- A. Sghaier Omar and O. Basir "Smart Phone Anti-counterfeiting System Using a Decentralized Identity Management Framework." CCECE 2019, https://doi.org/10.1109/CCECE.2019.8861955
6- Digital Identifiers (DIDs) v1.0, https://www.w3.org/TR/did-core/
7. https://tools.ietf.org/html/rfc7254