Given the proliferation of interconnected things on the internet (aka the Internet of Things – the IoT), it was only a matter of time before the pressing need for robust, pervasive governance became imperative. How can we manage the rights and permissions needed to do stuff with and/or by things?

The following are some thoughts, based on a previous foray into the topic, and building on my earlier book on the related world of digital rights management (DRM).

Does anyone remember DRM – that much maligned tool of real, or perceived, oppression, (somewhat ineptly deployed by a napsterised music industry)? It has all but disappeared from the spotlight of public opinion as the content industry continues to evolve and embrace the complex digital realities of today. But what has that got to do with the IoT, and what triggered the thought in the first place, you might ask?

I recently had opportunity to chat with friend and mentor Andy Mulholland (ex-Global CTO at Capgemini), and, as usual, I got a slight headache just trying to get a grip on some of the more esoteric concepts about the future of digital technology. Naturally we touched on the future of the IoT, and how some current thinking may be missing the point entirely. For example:

WHAT IS THE FUTURE OF THE INTERNET OF THINGS?

Contrary to simplistic scenarios, often demonstrated with connected sensors and actuators, the IoT ultimately enables the creation and realisation of a true digital services economy. This is based on three key aspects: things, events and connectivity, which will work together to deliver value via autonomous agents, systems and interactions.

The real players when it comes to the IoT actually belong outside the traditional world of IT. They include organisations in industries such as manufacturing, automotive, logistics and so on, and, when combined with the novel uses that people conceive for connected things, the traditional IT industry is and will continue to play catch-up in this fast-evolving and dynamic space.

WHAT ARE KEY COMPONENTS OF INTERNET OF THINGS-ENABLED DIGITAL SERVICES?

An autonomous or semi-autonomous IoT-enabled digital service will include an event hub (consisting of graph database and complex event processing capability) in the context of ‘fog computing’ architectures (aka cloud-edge computing). As I said, this is headache territory (read Andy’s latest post¹ – if you dare).

Together, event handling and fog computing can be used to create and deliver contextually meaningful value and services for end users. The common industrial protocol (CIP) and application programming interface (API) engines will also play key roles in the deployment of autonomous services between things and/or people. Finally, businesses looking to compete in this game need to start focusing on identifying, creating and offering such resulting services to their customers.

WHY IS GRAPH DATABASE AN IMPORTANT PIECE OF THE PUZZLE?

Graph databases provide a way to store relationships in an unstructured manner, and IoT-enabled services will need five separate stores for scaled-up IoT environments, as follows:

1. device info, for example type, form and function, data (provided/consumed), owner and so on;

2. users/customers, for example relationship of device to the user/customer;

3. location, for example where the device is located (also relative to other things/points of reference);

4. network, for example network type, protocols, bandwidth, transport, data rate, connectivity constraints and so on;

5. permission, for example who can do what, when, where, how and with whom/what, and under what circumstances (in connection with the above four graphs)?

According to Andy, ‘It is the combination of all five sets of graph details that matter – think of it as a sort of combination lock!’

SO HOW DOES THIS RELATE TO THE NOTION OF DRM FOR THINGS?

It is ultimately all about trust. First, there must be real trust in things (components and devices), agents, events, interactions and connections that make up an IoT-enabled autonomous service and its ecosystem. Secondly, the trust model and enforcement mechanisms must themselves be well implemented and trustworthy, or else the whole thing could disintegrate much like the aforementioned music industry attempts at DRM.

Also, there are some key similarities in the surrounding contexts of both DRM and the IoT:

• The development and introduction of DRM took place during a period of internet-enabled disruptive change for the content industry (that is, with file sharing tools such as Napster, Pirate Bay and Cyberlockers). This bears startling resemblance to the current era of internet-enabled disruptive change, albeit for the IT industry (that is via IoT, blockchain, AI and social, mobile, big data, cloud and so on).

• The power of DRM exists in the ability to control and manage access to content in the wild, meaning outside of a security perimeter or business boundary. The ‘things’ in the IoT exist as everyday objects, typically with low computing overheads and footprints, which can be even more wide-ranging than mere digital content.

• Central to DRM is the need for irrefutable identity and clear relationships between devices, user (intent), payload (content) and their respective permissions. This is very similar to autonomous IoT-enabled services, which must rely on the five graphs mentioned previously.

Although I would not propose using current DRM tools to govern autonomous IoT-enabled services (that would be akin to using yesterday’s technology to solve the problems of today and tomorrow), there is scope for a more up-to-date DRM-like mechanism or extension that can deliver this capability because it requires similar de-perimeterised and distributed trust and control models.

Fortunately, the most likely option may already exist in the form of blockchain and its applications. As Gurvinder Ahluwalia, IBM’s CTO for Cloud, so eloquently put it: ‘Blockchain provides a scalable, trustworthy, highly distributed, redundant and peer-to-peer verification process for processing, coordinating device interactions and sharing access to assets in an IoT network.’ Enough said.

In light of the above, it is perhaps easier to glimpse how an additional blockchain component for irrefutable trust and ID management might provide equivalent DRM-like governance for the IoT, and I see this as a natural evolution of DRM (or whatever you want to call it) for both ‘things’ and content. However, any such development would do well to take on board lessons learnt from the original content DRM implementations and to understand that it is not cool to treat people as things.

REFERENCE

1. Mulholland, A. (2015) ‘The challenge of the “Final Mile”, Asset Digitisation and Data Flow Management’. Constellation Research. Available from: https://www.constellationr.com/blog-news/challenge-final-mile-asset-digitisation-and-data-flow-management-making-sure-your-graph [27 March 2017].