CollaboGate Japan, Inc. (headquartered in Shibuya-ku, Tokyo; Masayoshi Mitsui, CEO; hereinafter referred to as “CG”) has formed a business alliance with Tessera Technology Inc. (headquartered in Nishi-ku, Yokohama City, Kanagawa Prefecture; hereinafter referred to as “TSSR”) to begin development and verification of a “decentralized IoT platform.”
Diagram of smart concierge system
User-centric and contactless experience based on the decentralized identity model
Comparison between the traditional certification authority model and the decentralized PKI model
Diagram of the system to avoid collecting unnecessary personal information
Both CG and TSSR will work on a proof-of-concept project that intends to build a “decentralized IoT platform” that smoothly connects people and things, and a “smart concierge” that enables the contactless economy by utilizing “UNiD” decentralized ID platform developed by CG and TSSR’s expertise in embedded system development on microcontrollers (MCUs) with strong security function provided by Renesas.
The game-changer to shape a contactless economy
To prevent the spread of COVID-19, it has become important to avoid “human contact,” and “non-contact” has more significance in consumer behavior. Due to the increase of Stay-at-home Economy and “contactless consumption outside of your home” to be derived by innovations, the market size of Contactless Economy in APAC will reach 11 trillion USD in total, double the current level *1. Specifically, shift to contactless transactions is becoming more active such as smart branches for BSFI, virtual concierge at healthcare and government services, digital orders at restaurants, and automated reception at offices and hotels.
*1 Contactless Economy / Are you prepared? https://www2.deloitte.com/gu/en/pages/strategy/articles/contactless-economy.html
In order to replace a variety of tasks that used to be done face-to-face with non-face-to-face methods using technology, digital data and hardware need to be designed to be synchronized well. For example, IoT devices must be able to correctly identify, authenticate, and authorize users, automatically verify the data applied for, consider user privacy, and ensure the security of unattended IoT devices. A decentralized IoT platform that meets these requirements is needed for a smooth transition from the face-to-face to the non-face-to-face system.
Aim of this alliance
Upon these market needs above, CG, the provider of Japan’s first decentralized ID platform “UNiD”*2, and TSSR, a company with strong expertise in IoT device software development, have formed a business alliance to develop a decentralized IoT platform to utilize the robust hardware-based security functionality of the Renesas’ MCUs *3 to meet the growing need for transactions without human contact and to verify prototypes. In this project, we will build a prototype of a “smart concierge” with an identity verification function for use in BFSI, healthcare, government, and access management at offices, hotels, factories, logistics warehouses.
Model use cases (smart concierge)
1.Service provider issues credentials (identity verification information, usage permit) to the user’s mobile wallet.
2.The user sends the credentials stored in the wallet to the IoT device.
3.The IoT device verifies the credentials and opens/closes the gate.
4.Access log is sent to the cloud server.
*2: Japan’s first decentralized ID platform for enterprise use, UNiD https://www.getunid.io/
*3 Renesas IoT Security https://www.renesas.com/jp/en/application/technologies/iot-security
In the current Internet system, it is difficult to automatically verify the data provided by users without a trusted third party. In reality, the manual verification process of the data is still necessary for businesses. By introducing a decentralized identity mechanism to IoT devices, we can build a mechanism that allows them to autonomously verify the data provided by users. This will enable the safe and quick delivery of services of their needs.
For example, users can check in to hotels, accommodations, and other lodging facilities and unlock their rooms by simply carrying their mobile app. It can also streamline the validation and entrance for live music, concerts, baseball, football, and other sports, as well as theme park facilities. The system is also expected to enable contactless operations and efficiency that have been conducted face-to-face, such as the efficient management of office visitors, logistics warehouses, medical and educational facilities.
IoT devices that are connected to the network are subject to security risks such as hacking and identity theft. For example, the access IDs and passwords hard-coded into IoT devices are vulnerable if they are left as default settings or are easy to guess. In fact, there was a case where a large number of IoT devices were illegally accessed and used as a botnet to launch DDoS attacks.
For this reason, security by the PKI standards has significant advantages over the password method. However, the conventional PKI standards using CA certification authorities require manual management of many certificates for each IoT device. In addition to being a very time-consuming task, there are risks such as the leakage of private keys managed by the service operator. In addition, the time and effort required to renew certificates lead to the use of certificates with a long expiration date, which causes vulnerabilities. Thus, the conventional PKI standards have problems in terms of cost, operation, and security.
By introducing a decentralized ID mechanism to IoT devices, first, a key pair is generated within the IoT device, then the public key corresponding to the digital signature is registered in the decentralized PKI network*1. Anyone from the network can reference this public key, and a cloud server communicating with the IoT device can retrieve this public key and verify the digitally signed data. This is expected to eliminate the need for manual verification, increase security strength, and significantly reduce the operating costs of IoT devices.
Against the backdrop of the changing and growing awareness of privacy among individuals and the global trend of privacy protection regimes such as GDPR and CCPA, a separation between holding data and using the data is becoming a prerequisite for building trust for companies that have customer contact. In Japan, the Act on the Protection of Personal Information is scheduled to take effect in April 2022, and the handling of personal data via IoT devices will require system design based on the same consideration of individual privacy. Decentralized IoT platforms provide a mechanism that enables IoT service providers to provide the desired services without retaining unnecessary personal information. It provides a mechanism for safe and smooth authentication and data transactions between humans and IoT devices based on personal consent, utilizing a mechanism where individuals control their personal information.
Masayoshi Mitsui, CEO, CollaboGate Japan
With the COVID-19 pandemic, the number and type of businesses that need to interact with users contactless have exploded beyond the specific industries. We believe that the verifiable data exchange platform between “people” and “machines” in a decentralized manner, will support the transformation to contactless systems in a wide range of fields, including new work styles, mobility, logistics, and smart cities, and will contribute to progress our digital society. We are pleased to share our vision with TSSR and Renesas and to be the first mover in the world to take on this challenge.
Shinichi Abe, President, Tessera Technology Inc.
We are happy to be able to participate in this project. Decentralized ID platform “UNiD” of CollaboGate with secure MCU/MPU technologies from Renesas combining our IoT device development technology, truly safe and secure data communication can be realized. We really expect that we can contribute to the promotion of DX (Digital Transformation) in many industries.
Sakae Ito, Vice President, IoT Platform Business Division, Renesas Electronics Corporation
We are pleased to contribute to the development of the platform with our secure MCU/MPU technologies and industry-proven expertise on IoT application development. We hope that this demonstration experiment of the “decentralized IoT Platform” by the CollaboGate and Tessera will prove IoT devices can bring security and reliability as well as improved convenience to users, expanding the demand for contactless applications.
We are looking forward to hearing from companies considering improving the efficiency of reception at facilities and stores, automation at offices, factories, and other workplaces, and companies interested in developing digital transformation solutions using the “decentralized IoT platform”.
SOURCE CollaboGate Japan, Inc.; TESSERA TECHNOLOGY INC.