1.2.1 Core Concepts: Smart Objects and Smart Environments

A smart object is a physical object in which a processor, data storage system, sensor system, and network technology are embedded (Poslad, 2009; Kortuem et al., 2010; Sánchez López et al., 2011). Some smart objects can also affect their environment by means of actuators. In principle, all physical objects can be turned into smart objects, for example, conventional everyday objects such as pens,⁵ wristwatches (there are numerous wristwatch models with sensors and processors, for example, to measure the heart rate or to determine geographic position), or automobiles (more recently, autonomous automobiles). In an industrial context, it could be a machine or the product to be manipulated. Smart objects may also be anywhere. In fact, there are almost no restrictions regarding domains: consumer electronic devices, home appliances, medical devices, cameras, and all sorts of sensors and data-generating devices. Most smart objects have a user interface and interaction capabilities to communicate with the environment or other devices (e.g., displays). The capability of smart objects to communicate with other objects and with their environment is a core component of IoT. In line with this is the idea that specific information can be retrieved via any networked smart object, which is uniquely identified and localized, and may have its “own home page,” that is, unique address. Today, one can take advantage of a broad range of fairly inexpensive, tiny, and relatively powerful components, including sensors, actuators, and single board computers (SBC), to enrich physical things and connect them to the Internet. SBCs, such as Raspberry Pi, BeagleBone Black, and Intel Edison Open, as well as open-source electronics, such as Arduino, which entered the market between 2005 and 2008, catalyzed millions of new ideas and projects. Creating and collecting data about the status of physical objects may establish the basis for interesting home and office automation projects, education, and leisure activities with real-time visualizations of information generated from data “on the go” (Baras and Brito, 2017). Moreover, one can utilize the remote networks of intelligent devices deployed somewhere else.

Tightly coupled to “smart objects” is the concept of “smart environments.” One definition emphasizes the physical extent to which smart objects are deployed and interacting. A compilation of smart objects within a given space, such as a closed space (automobile, house, room) or an outside area, for example, a district or an entire city (i.e., a smart city; see Chapter 12), turns a common environment into a smart one. Another definition asserts that sensors are the key factor in a smart environment. Essential for a smart environment is the context information gathered by sensors in order to provide adapted applications and services. Weiser et al. (1999) defined a smart environment as “the physical world that is richly and invisibly interwoven with sensors, actuators, displays, and computational elements, embedded seamlessly in the everyday objects of our lives, and connected through a continuous network.”

1.2.2 Related Concepts: Machine-to-Machine Communications, Industrial Internet of Things, and Industry 4.0

IoT is not a construct that has appeared suddenly or without precursors. Technological forerunners and various conceptualizations exist prior to the relatively new “IoT” label, for example, machine-to-machine (M2M) communications. In addition, recent derivatives exist, for example, the Industrial Internet of Things and Industry 4.0. The subsequent sections attempt to discern their similarities and differences, and how these concepts relate to each other.

1.5.1 Architecture and Reference Models

Especially for the technology layer, the extant literature covers a multitude of architectural proposals, reference models, and technical descriptions of the current or envisioned state of IoT.²¹ Figure 1.2 presents a high-level view in terms of a three-layered stack of IoT-relevant technologies: (i) the thing or device layer, (ii) the connectivity layer, and (iii) the application layer. At the device layer, IoT-specific hardware such as sensors, actuators, memory, and processors are added to existing core hardware components, and embedded software is intended to manage and operate the functionality of the particular physical thing. At the connectivity layer, communication protocols enable communication between things and connected infrastructure, for example, through cloud services. Accordingly, at the IoT application layer, device communication and related functionality is provided, while an application platform enables the development and execution of IoT applications. As more recent developments have proven, analytics and data management software are becoming increasingly critical to handle vast amounts of data, that is, store, process, and analyze the data generated by connected things. Moreover, process management software helps to define, execute, and monitor processes across people, systems, and things. Among the upper layers, IoT application software coordinates the interaction of people, systems, and things for a given purpose. Concerning all layers, software components manage identity and security aspects, as well as integration with business systems, for example, ERP or CRM, and with external information sources.

Table 1.1 lists prominent IoT reference architectures that are evolving in close collaboration between research and industry (see Part II). Recently, the IoT has received a boost from commercial engagement by large players throughout industries (Weyrich and Ebert, 2016): Google announced Brillo as an operating system for IoT devices in smart homes; more and more devices come equipped with M2M communications standards such as Bluetooth, ZigBee, and low-power Wi-FI; Microsoft has announced that Windows will support embedded systems and so on.

1.5.2 Networks and Connectivity

Network technologies connect objects that are equipped with information technology, and can be located in different locations. A large number of network technologies are available for this purpose, depending on the application. An application-related distinction feature is the scaling of the range. It ranges from global networks (satellites) over regional and local networks to so-called personal, body, and intrabody area networks. Personal area networks (PANs) can, for example, network via WLAN devices, typically in an area of up to 10 m² around one or two people.

In contrast to PCs, smartphones, and similar devices, loT devices are normally constrained regarding memory space, access to a continuous power supply, and processing capacity. Traditional protocols (in particular, the protocol stack TCP/IP) have not been designed with these requirements in mind. As a consequence, over the past years, many so-called lightweight communication protocols have been developed on virtually all layers of the protocol stack to create interoperability between IoT devices (Ahlgren et al., 2016). One approach to IoT interoperability is to consider the layered structure of the hardware/software stack (Fortino et al., 2016):

• The lower layers (according to the OSI model, the physical and data link layers; in the non-OSI context, sometimes labeled as the device layer) are aimed at seamlessly integrating new devices into the existing IoT ecosystem.
• The networking layer handles object mobility and information routing.
• The middleware layer facilitates seamless service discovery and management of smart objects.
• The application layer reuses heterogeneous application services from heterogeneous platforms.
• The data and semantics layer introduce common understandings of data and information.

The following are the prominent examples of standardized IP-based communication protocols for IoT devices: (i) on the application layer, IETF Constrained Application Protocol (CoAP)/REST engine and Message Queuing Telemetry Transport (MQTT); (ii) on the networking layer, IPv6 and RPL (and a derivative for low-power wireless personal area networks “6LoWPAN”); (iii) on the physical layer, IEEE 802.15.4 (Ahlgren et al., 2016). Examples for semantic oriented protocols include OPC UA (OPC Unified Architecture), UPnP (Universal Plug and Play), DPWS (Devices Profile for Web Services), CoAP (Constrained Application Protocol), and EXI (Efficient XML Interchange) (Weyrich and Ebert, 2016).

Interoperability has several dimensions. It is worth noting that even a high degree of standardization of protocols does not imply a high degree of standardization of data formats or device compatibility. In fact, interoperability is currently hampered by this condition. In an ideal situation, communication must be independent of the creator of a given fragment of the infrastructure. In reality, however, various players (including vendors) have their own IoT solutions that are more or less incompatible with other solutions, thus creating local “IoT silos” (Fortino et al., 2016). A large body of recent research into IoT is thus devoted to interoperability. The EU's Unify-IoT project may serve as an indication of this: They estimate more than 360 available IoT platform providers and determine that approximately 20 are somewhat popular. This indicates clearly that massive research efforts do not necessarily converge (Unify-IoT, 2016).²²

For exchanging data between applications, devices, and objects, well-known communication standards exist, including Bluetooth, Wi-Fi,²³ and various mobile communication standards, such as GSM. Based on the use cases of mobile communications, major technological progress was achieved in terms of higher bandwidth (and accordingly, higher bit rates), multimedia streaming capabilities, and so on. However, as previously mentioned, most IoT use cases involve resource-constrained devices. Consequently, the goal of “Low Power, Wide Area Networks” (LPWAN) has become a core topic in IoT over the last few years. LPWAN is a broad term for a variety of technologies used to connect sensors and controllers to the Internet without the use of traditional Wi-Fi or cellular networks. At the same time, however, major players in cellular network industries are also further developing cellular-based networking standards, for example, LTE-M and NB-IoT. The latter is backed by leading manufacturers and by the world's 20 largest mobile operators. Further examples of activities forming new standards better suited for IoT use cases include LoRa and N-Wave, and Sigbox. The predominant design considerations are low energy consumption (up to more than 10 years of autonomy), strong penetration in indoor environments, and connecting a large number of sensors and devices with low bandwidth requirements. Table 1.2 summarizes selected communication protocols and standards currently under investigation or in use.²⁴

1.5.3 Embedding

The anticipated omnipresence of a computerized world is, however, not to be implemented by setting up computers on the corners of every street. Instead, functionalities are embedded in objects and spaces. For example, conductive materials are woven into or printed on textiles. Objects are then computerized in this way, allowing us to immediately receive information about them and process them. The miniaturization of hardware is an essential prerequisite for the embedding of IT into objects. According to the still valid Moore's law,²⁵ miniaturization is accompanied by the improved performance of processors and increased storage capacities, with the cost of manufacturing the components remaining the same or even decreasing. These developments promote the general diffusion of information and communication technologies and allow them to be embedded in any, even small and short-lived, objects. This does not always concern increased performance, but can include other factors, for example, the energy efficiency of components. While embedding computers or components in physical things, novel challenges for the user interface often arise. For example, how does one communicate with “disappearing” computers? Displays, keyboards, and other commonly used input and output devices may not always constitute the optimal solution. A need for new metaphors and user interfaces exists, in particular those suited for intuitive interaction (see Section 1.6.2.)

1.5.4 Sensors

Sensors are technical components for the qualitative or quantitative measurement of certain chemical or physical variables and properties, for example, temperature, light (intensity and color), acceleration, electricity, and so on. The recorded measured values are usually converted into electronic signals. Currently, we are already surrounded by sensors in many places. For example, modern automobiles contain hundreds of sensors, for example, rain sensors for windshield wiper systems, crash sensors for air bag release systems, and lane and parking-assist sensors. Indeed, modern automobiles, some with far more than 200 sensors and a few dozen microprocessors (Economist, 2009), constitute a good example of this. In fact, the ordinary automobile is increasingly becoming one unified computerized object. In addition, when a sensor is employed together with a processor (controller), a power supply, and a unit for data transmission, this is referred to as a sensor node.

A sensor node's primary function is to collect, preprocess, and transmit sensor data from its environment to other sensor nodes or a base station. Examples of sensor categories include (Baras and Brito, 2017) the following:

• Location: GPS, GLONASS, Galileo
• Biometric: fingerprint, iris, face
• Acoustic: microphone
• Environmental: temperature, humidity, pressure
• Motion: accelerometer, gyroscope

Sensor nodes can form Wireless Sensor Networks (WSN) by means of their transmission unit. For example, these are utilized to (i) detect earthquakes, forest fires, avalanches, as well as terrorist attacks; (ii) monitor vehicle traffic, particularly in tunnels; (iii) track the movements of wild animals; (iv) protect property; (v) operate and manage machines and vehicles efficiently; (vi) establish security areas; (vii) monitor supply chain management; and (viii) discover chemical, biological, and radiological material. For the operation of sensor networks, special software is required, which ensures a dynamic and robust self-organization of the sensor network that functions in a safe and scalable manner. This is because sensor nodes can fail, change their position, or be only online intermittently. WSN can consist of several hundred or hundreds of thousands of sensor nodes, which are deployed either inside of the phenomenon or very close to it.²⁶ Sensor nodes are connected to an intermediary network that forward the data that they collect to a computer for analysis. Sensor nodes are installed in their workspace to function for years, preferably without requiring any maintenance or human intervention. They must therefore have a low energy requirement and have batteries that are functional over several years. The construction of a typical WSN is layered (see Figure 1.3) (Hill et al., 2004). Specifically, it begins with sensors on the lower level and continues up to the top-level nodes for data collection, analysis, and storage. Simple and complex data are routed through a network to an automated facility that provides continuous monitoring and control of the dedicated environment. WSNs do not necessarily operate on all layers with the common TCP/IP stack and may use dedicated lightweight protocols instead.

Each platform class handles different types of sensing (according to Hill et al., 2004, p. 42). As sensors are foundational to both smart objects and sensor nodes, they are a crucial component of an IoT world. In fact, WSNs will facilitate the proliferation of many applications. The small, robust, inexpensive, and low-powered WSN sensors will bring the IoT to even the smallest objects installed in any kind of environment, at reasonable costs (IEC, 2014).

1.5.5 Actuators

Actuators convert electrical signals (e.g., commands emanating from the control computer) into mechanical motion or other physical variables (e.g., pressure or temperature), and thus actively intervene with the control system and/or set variables. In the field of measurement and control engineering, actuators are the signal-related counterparts to sensors. Types of actuators include hydraulic, pneumatic, electric, mechanical, and piezoelectric. They convert signals or setting and regulation specifications of a control into (mostly) mechanical work. A simple example of this is the opening and closing of a valve, for example, in a heating system or in the case of engine controls. The output of optical (via displays) or acoustic signals can also be subsumed under actuators, since they can trigger an effect in the real environment. In robotics, the term effector is often used as an equivalent for actuators. Effectors allow a robot to grasp and manipulate objects, and thus produce an effect. In a computerized world of things, actuators play an increasingly important role in the realization of actions and effects as a counterpart to the (previously) sensory-detected corresponding contexts. Actuators are a key building block in more recent perceptions of the “Fourth Industrial Revolution” in manufacturing as an Industry 4.0 conceptualization postulate.

1.5.6 Power Supply

While many technologies are already available on the market or at least have been tested in research contexts, unsolved technical problems remain. A very limiting factor of the mobility of smart objects is their energy supply. Although batteries are becoming smaller and more powerful, today's mobile devices still have very limited battery capacities. The heavy research on improved battery technologies has only produced relatively mild progress in battery performance. In fact, it is continually falling behind other relevant technological developments. Some argue that there will soon be (or even exist today, as initial reports on burning smartphone devices may prove) a limit reached in which energy density becomes so high that the respective devices become a serious threat to safety. To counteract these challenges, several avenues of research are being pursued, including intelligent designs that require less battery power. This can be achieved by departing from the idea that everything has to be online all of the time. Sometimes, it is sufficient to only occasionally know about a status shift of an object. This can be communicated with much less relative effort and demand on bandwidth and energy. Another strategy is to harvest energy “on the fly.” The development of technologies for the utilization of alternative sources of energy, such as the sun, wind, and water is progressing rapidly, partly due to political pressure. We have already witnessed this type of integration into portable devices, for example, smartphones with solar cells. Moreover, approaches to extracting energy from the external sources of solar, thermal, piezoelectric, mechanical, and kinetic energy are already established, referred to as energy harvesting (Anton and Sodano, 2007; Sudevalayam and Kulkarni, 2011). These approaches are particularly suitable (because of their independence of fixed infrastructures) for the power supply of mobile and autonomous devices, such as sensor nodes. A promising idea for personally used mobile devices is the tapping of the energy that a person naturally produces and emits. Through movement and metabolism (warmth), a person expends several kilowatt hours (heat and movement power). At the same time, several hundreds and up to 1000 W can be generated and stored, which could theoretically generate sufficient power for the operation of a notebook computer. Energy generation from blood glucose or other energy potentials, such as the pH level of body fluids, is also conceivable. Effectively, however, only a fraction of this can currently be accessed, if at all, and the impairment imposed by the required devices on the user may, in some instances, still be too great. Other innovative approaches are biofuel cells that work with bacteria. Through the decomposition products of bacteria, energy can be generated from organic substances. An application of this is to install biofuel cells in wastewater treatment plants and sewage treatment plants, where large quantities of energy-rich organic substances are present.

1.5.7 Identification

An important prerequisite for the linking of information with real entities in our environment is an unambiguous identification of things and people. The umbrella term “Automatic Identification (Auto-ID) and Mobility (AIM) technologies” describes a diverse family of technologies that share the common purpose of identifying, tracking, recording, storing, and communicating essential business, personal, and product data. Several identification technologies exist, for example, biometric, barcodes, and RFID. Applications of RFID, which have been known since the 1960s, have especially become a catalyzer for IoT scenarios.

1.5.8 Localization

In addition to identification, the position of an object or a human being is essential contextual information. Localization techniques can be employed for determining position, which either localize an object externally or with which an object determines its position itself. Examples of “global” positioning systems are the Global Positioning System (GPS) of the Unites States, GLONASS (Russia), Galileo (European Union), and BeiDou (China). A distinction is made between four types. In trilateration, distances are measured to at least three points, the position of which is known, and the geometrical intersection is used to determine the position. This can be carried out in networks simply by means of propagation times of transmitted signals. Similarly, triangulation, in which angles or directional dimensions are used for the calculation of distance and position, also exists. On the other hand, position is measured with the ambient determination by means of the next known point. This method is already utilized today in mobile radio localization in GSM networks by assignment to a mobile radio cell. Another technique, scene analysis, determines position based on specific features of the point of view (called a “footprint”). These features can be actual images of the landscape from the corresponding viewing angle or can be stored beforehand in a table with specific measured values of a point of view, for example, electromagnetic values or radiation specifications in one or several present WLANs. Challenges in localization procedures are the tracking of moving objects and the handling of covered or indoor objects (problematic with GPS positioning) or radiation and falsification of radio waves. However, in recent years, much effort has been invested in indoor localization technologies (Koyuncu and Yang, 2010).

1.5.9 Cloud Computing and Fog Computing

The large and increasing numbers of IoT devices will lead to rapid growth of collected data. Often, such data will have a device–time–space relationship (i.e., time and position data that tightly relate to a specific device). In IoT scenarios, it is likely that such data are shared among several applications, necessitating greater interoperability. Moreover, additional dimensions of objects might be of interest, including different types of sensor data or meta-data, about the object. This creates new data management issues and may change the predominant way of processing. Specifically, processing may move away from a formerly “offline” or batch mode, in which storage and query as well as processing and transactions might have occurred with some delay without negatively affecting applications or services toward a more “online” or real-time world, where collecting, processing, and acting upon data may not allow major delays (Borgia, 2014). Apart from “real-time processing” needs, data archiving with intelligent policies to distill, index, and intentionally delete data in efficient ways is still a major challenge. Several alternative solutions exist, including central approaches, decentralized or data-centric storages that are as near as possible to its production points or – as a kind of mixture – dynamically adjust the data storage position according to specific conditions (see Borgia, 2014, “Data management” for a set of references and Chapter 4 of this book). In order to meet data management challenges,³² cloud and fog computing are among the most important approaches to cope with IoT data management issues.

Cloud computing is a concept in which computing performance, storage, software, and other services are provided as a group of virtualized resources over a network, primarily the Internet. In addition to this, the “Cloud” of resources can be accessed at any time from any connected device and site (Zhang et al., 2010; Weinhardt et al., 2009; Armbrust et al., 2010). Typically, users automatically receive cloud resources, such as server time or network storage, without a need for further negotiation with the service provider in an “on-demand self-service” and in an “elastic” manner. This is of tremendous value to the user, as he or she need not to hold available such resources even in the case of large demand. Those resources, and in particular the management of up- and down-scaling, are delegated to the cloud service provider. Most often, cloud services come as a measured service: Cloud resource charges are based on the resources actually used (Mell and Grance, 2011). Cloud computing is seen as a major building block of Ubicomp scenarios (Gubbi et al., 2013; Cáceres and Friday, 2012) in order to cope with the challenges of efficient, secure, scalable, and market-oriented computing and storage. In principle, Cloud computing achieves excellent results in terms of networking resources and storing and accessing data related to or derived from connected things. However, regarding latency-sensitive applications, which require nodes in the vicinity to meet their delay requirements, cloud computing may possess some limitations—especially when millions of devices are to be handled in a time-critical manner. New use cases may arise that call for tight control of physically dispersed, yet specifically located, sensors or actuators (e.g., a plant with machines that have to react to sudden changes in the environment or production process). In response to these challenges, the fog computing paradigm (also referred to as “edge computing”) is proposed (Bonomi, 2011; Bonomi et al., 2012), which should not replace the cloud computing paradigm, but extend it.³³ Fog computing, as a highly virtualized platform, provides computing, storage, and networking services between end devices and traditional cloud computing data centers that are typically, but not exclusively, located at the edge of a network. Focusing more on the “edge of the network,” however, implies a number of characteristics that make fog computing a nontrivial extension of cloud computing. Fog computing is expected, for example, to deal with widely distributed and mobile deployments in which very large numbers of nodes are involved, for example, fast-moving and large groups of vehicles along highways or large-scale sensor networks to monitor the environment). Since its conceptual inception just some years ago, fog computing has achieved remarkable interest in academia (Dastjerdi and Buyya, 2016) and industrial research (see, for example, the Open Fog Consortium, founded in 2015).³⁴

1.6.1 Context Awareness, Adaptability, and Proactivity

Context awareness (also context dependency) is a behavior that depends on information about the context of any entity (programs, people, objects). Information about contexts can be obtained from a wide variety of sources, in particular, via sensors. This information is used to draw conclusions about the context and to adapt the behavior adequately. The utilization of contextual information is most frequently associated with time and location aspects, in the latter case referenced as location-based services. However, any further aspects can be included in a context model if corresponding information sources or sensors exist (Perera et al., 2015). This can be, for example, archive data or biometric data, the temperature in an environment, or relationships between people (Dey, 2001; Dourish, 2004; Coutaz et al., 2005).³⁵

Context sensitivity allows for adaptability and proactivity. It is even less intrusive and disruptive when services and functionalities provided by smart environments adapt to the context and are proactively offered outside of a smart environment. Currently, the degree of customization of conventional computers and mobile phones is very low. Adaptations to regional conditions, such as language and time settings, are customary. It is expected that more contextual information will be utilized in the future, and device settings and services will automatically adapt accordingly, such as the position of the user, his or her health or emotional state, his or her plans, tasks to be done, and other factors in the environment that affect the user. Proactivity unites the adaptability of applications in the background and an anticipated interaction of a designated user with the offered service. Services are automatically offered to a user in the ideal case wherever and whenever they are needed. The initiator is the smart environment itself, and not the potential user. This quality entails a major requirement: The smart environment must be able to correctly recognize the context and the intentions of the user. It is questionable whether this can also be achieved reliably in complex situations. A simple example shows only one of the difficulties for a reliable implementation: If a person falls unconsciously to the ground, the automated sending of an emergency call is useful, but this case is different from “similar” occurrences, for example, if the person drops suddenly and deliberately on the sofa to rest. The recognition of the situation and the “right” context (context awareness) is one of the core challenges of the realization of a computerized world.

1.6.2 Increased Data Quality

The improved availability of data in terms of quantity (“we know more about the status of a thing or related process”) and quality (“we know more details about it”) may constitute the most obvious change resulting from omnipresent information-gathering mainly through sensors. Obtaining better data about things in general is fundamental for any improvement related to products, processes, and business models. The subsequent sections will differentiate four dimensions of (improved) data quality and its effects, that is, the substitution and elasticity effect.

1.6.3 Intuitive Interaction

Technology disappears by embedding it in the physical environment so that it is no longer perceptible. This makes it even more necessary that functionality and operability remain recognizable to the user. This can be termed the “invisibility dilemma.” The solution to this dilemma constitutes the design of an intuitive human–computer interaction. A key concept is the implicit use of information systems (Kranz et al., 2010). It works like automatic sliding doors, which open as soon as a person approaches, without an explicit command. For example, the natural behaviors of people are used, which are recognized, for example, by language, glances, facial expressions, and movements.

1.7.1 Product Innovation

Most traditional products can become smart objects by enriching them with information technology. Then, the products can store information about their entire product life cycle from manufacture to disposal, and possibly exchange it with other products, smart environments, or users. Equipped with appropriate processors and a control program, they can even adapt their behavior to specific contexts or trigger autonomous actions. A real example is pans, which read in recipes via RFID and prepare the food with the stated temperature and cooking time. For this purpose, they can communicate with the stove (which must have appropriate, coordinated communication standards) and regulate the degree of heat. New products and related value-added services benefit from data present in higher granularity (Fano and Gershman, 2002; Ferguson, 2002; Allmendinger and Lombreglia, 2005; Iansiti and Lakhani, 2014).

1.7.2 Process Innovation

In combination with novel information and communication technology infrastructures that achieve a previously unprecedented level of data quality, processes can be more precisely captured and assessed, as well as processed faster, and in a more integrated and automated manner. In addition, these achievements can be obtained in extreme cases in near-real time or in real time. Many processes benefit from context-based information.

The core factor for improved processes is improved data, or data that have been distilled to more meaningful information. The ubiquity of information gathering and presentation is accompanied by the fact that the number and size of media discontinuities between the virtual and the real world are reduced. This closes the gap between the real and the virtual world. This also opens the path to better automation and integration (Chui et al., 2010). When data are entered manually into the system via the keyboard, errors can occur at every media discontinuity; apart from another problem, that time will elapse before data are recorded and ready for further processing. A technical approach is the encoding of data using barcodes. This idea first appeared in the 1930s. Successors of the first, one-dimensional barcodes are two-dimensional codes, also called 2D codes. The information is stored not only on one axis, but vertically and horizontally. There are many coding schemes, of which one of the best known is the “QR code”—quick response code. The acceptance of further dimensions (color, time) results in 3D or 4D code, which can also store more information in a compact manner. With RFID (see Section 1.5.7.1), media discontinuities are greatly reduced, and the data are immediately transferred to a connected back end system after contactless detection. The same applies to data from wireless sensor nodes. Data acquisition, processing, and distribution are automated in the computerized world, that is, human intervention is no longer required. However, intervention points, for example, for configuration, subsequent control, or in the event of a malfunction, should still be available. Through automatic data transmission between networked objects and environments, a media-free integration of applications and enterprise systems can be implemented. This means that data are forwarded to authorized systems according to defined rules, and processed there according to the application. The prerequisites for this are uniform data formats and communication rules (protocols). In other words, the systems must be capable of mutual understanding. For example, which context data belong to which object and how to interpret special sensor measurement values must be known. If smart objects are equipped with artificial intelligence, self-controlling processes can be realized. In this context, for example, delivery packages or products “take their own way to the destination” and pass on production information to machinery or transport vehicles. These intelligent objects make autonomous decisions and organize themselves in a decentralized manner. One way of embedding these skills into objects is software agents, that is, a self-executing software program that makes decisions based on rules and learned knowledge, which, in some way, control or influence their environment through actuators, adapt to changes, and react to expected and unexpected events.

1.7.3 Business Model Innovation

Business models are also affected or altered by computerized worlds or can only be realized through them (Chan, 2015). For example: (i) Companies have the opportunity to redesign their pricing through the improved information base. In this way, customers' different payment options could be better recognized by means of price discrimination. For example, in the course of exploiting individual contexts, corresponding pricing can be made. An actual implementation of such price models is the “pay as you drive” tariffs for automobile insurance. (ii) Enterprises can redefine existing value chains. One example of this is the Zipcar, one of the world's largest car-sharing companies. The available automobiles or their positional data are automatically transmitted to the control center so that car-sharing members can quickly identify driving opportunities via a web interface. The company views itself less as a car rental company than as a flexible mobility service provider. (iii) The computerization of the everyday world could lead to new care services, for example, in the health sector. Together with the presented “smart home,” people that require intensive care could live better and longer in an environment that is familiar to them.

Particularly in the field of mobile communications, location-based services are already being used, which consider the position of the user and, for example, display restaurants in the current environment of the user. Context-based services include not only location information but also other relevant information about the environment and the user. In smart environments, context data can be utilized to provide services that are adapted to the situation, the user, his or her tasks, wishes, plans, and other factors, or react to a specific context with meaningful actions or suggestions. Navigation systems that receive information about road conditions and traffic on the target route in real time are able to reconcile this context information with the user's target data and then make flexible route adjustments. This could also warn the driver of any short-term accidents coming up or imminent tire damage (if sensors are installed on the tire/wheel system of the automobile). In addition, context-based marketing is tuned to customers, their whereabouts, and other context factors, so that as little randomness as possible is caused by unsuitable advertising campaigns, for example, offers of umbrellas, which can be bought in the surrounding area during rainy weather. Personal customer data can also be used to differentiate customer groups. In the case of scarce resources, service differentiation can be carried out. Important customers are treated preferentially. Product and information individualization also create added value. Information is individually tailored and adjusted, and product properties adapted to individual preferences, so that the customer can achieve a higher level of satisfaction.

The mentioned examples and the major trend that increasing numbers of things are creating more data have produced conceptualizations, including “data centricity,” “competing on analytics,” “Big Data-based business models,” and so on. IoT and its implications for sensors and creating ever-increasing amounts of data constitute a new opportunity for creativity aimed at transforming data into value-creation activities.

1.8.1 New Markets

A computerized world of connected things opens the door to innovations that facilitate new interactions among things and humans, and allows the realization of smart cities, infrastructures, and services that promise an enhancement of quality of life. By 2025, IoT could have an economic impact of US$11 trillion per year, which would represent approximately 11% of the world economy; and that users will deploy 1 trillion IoT devices (Manyika et al., 2015; Buyya and Dastjerdi, 2016).

Many reports and white papers (Ducatel et al., 2001) provide scenarios for impacts on hospitals, transportation systems, parcel services, supermarkets, offices, and other areas of everyday life. An illustrative example of the impact of computerized worlds on our everyday lives is the “smart home.” In the smart home, devices, objects, and rooms are computerized and networked. The inhabitants can control furnishings, such as lights, doors, refrigerators, curtains, and so on, via remote control, voice control, or hand movements. They are also able to use the Internet to check whether everything is working well and acceptable in the house. The smart home also recognizes sensors that indicate when someone is in the house, and can turn on the lights automatically when an occupant enters a dark room. It can also recognize and store the preferences of residents. For example, in the case of a resident who watches his or her favorite television series every Saturday afternoon, the television is turned on with a corresponding transmitter or, if the resident is not at home, the sequence is automatically recorded. In addition, when food and related supplies are used daily, a sensor, after checking the contents of the refrigerator, sends a message to the digital notepad in the kitchen and places the products on a shopping list, which each of the residents can access by smartphone, for example, while they are at the supermarket. More integrated scenarios might trigger autonomous replenishment systems consisting of third-party-provided robots physically refilling, for example, a refrigerator. This and other scenarios can be developed much further. The essential point, however, is that the actors in a computerized world are aware of the potential impact on value-added features and markets. These are particularly the result of the fact that, as the example scenario shows, many more actors are involved in value creation for a customer.

1.8.2 Changed Value Creation

Together with higher data quality (as shown above), the importance of data and information as a resource for value creation is clear. This can be seen simply by observing the effects of a computerized world on value creation at different levels. On the individual level, consumers and producers are living in a computerized world. On the one hand, consumers are provided with information as consumer goods (either in the form of information services or in combination with computerized products) and, on the other hand, as input for decisions. Information can reduce search costs and facilitate rational action, as decisions can be weighed more accurately with more relevant information. On the other hand, for the convenience of context-based offers, the disclosure of personal preferences, personal data, and payment needs is required. In addition to efficiency improvements and cost advantages, producers can also benefit from differentiation, price discrimination, and bundling strategies by improving the information base. This creates great potential for the optimized elimination of the consumer's willingness-to-pay. For groups of individuals and organizations, the coordination and control of certain processes is facilitated. This makes it easier to ascertain the location and activities of the employees. Members of organizations can be brought to the same level of information due to better networking. This creates starting points for the analysis and improvement of group coordination. Contracts in the field of risk distribution and incentives can be made more equitable by capturing behavior that has not yet been observable at low cost. This allows a more equitable distribution of risk. Examples of this are working and insurance contracts, product guarantees (e.g., “Has a customer carefully maintained his or her automobile?”), and emissions monitoring for harmful exhaust fumes. Based on economic analyses, an increase in the efficiency of economic trade can be foreseen. One of the main effects of computerized worlds in the context of value creation is the reduction of information asymmetries. In real markets, based on the asymmetric distribution of information, two effects may arise: adverse selection and moral hazard. Adverse selection occurs because certain information is not observable by providers. For automobile insurance, this is information about whether a new policyholder is a good or a poor driver. The downside for good drivers that emerges from adverse selection is that they pay, in principle, just as high of an insurance premiums as poor ones (as long as the automobile insurance provider cannot distinguish a good driver from a poor one). Moral hazard causes a change in behavior, as the risk of discovery of especially bad behavior decreases. Thus, a driver can intentionally reduce the risk of accidents by driving at a reasonable speed, abstaining from alcohol, observing distances, and so on. As a result of the conclusion of an insurance policy, the incentive to avoid accidents is, at least theoretically, reduced. A stereotyped form of moral hazard is that drivers become even more risk-averse, as they feel that they are already well covered for financial risks of careless or risk-taking driving. Sensors are also able to observe behavior in an objective manner. Speed, travel times and distances, braking behavior, as well as attention and alcohol levels can be measured, in principle. An automobile insurance company can now introduce price differentiation according to the real behavior and abilities of the drivers. This has already occurred in 2004 in Great Britain in the insurance company Norwich Union, which offered the tariff “pay as you drive” to automobile drivers. As a part of the program, they installed a black box in the automobile, which collected the relevant data about the driving behavior and sent them to Norwich Union.

Not only technical but also socioeconomic networks will be much more abundant between companies, users, consumers, and even objects. From an economic perspective, this creates network effects on consumption and production. This means that the benefit of a technology will increase with increasing numbers of users in the market. In order to obtain market share for products or standards associated with network effects, low prices are to be expected at the very beginning in order to build up critical mass.

1.8.3 Increased Awareness for Information Spaces

For context-based services, information is often required, which is owned by different actors. Thus, such services may be based on information from the user, for example, his or her name and allergies, to information from the owner of an environment, for example, the position of a user in a supermarket, as well as products in his or her environment, and information from the service provider, for example, information on allergenic substances in a specific product. Therefore, context-based services cannot be offered if each actor would protect his or her information from external access. Rather, information spaces must be created in which different information systems are brought together by different actors. An information space thus includes all of the data and relevant information obtained in a smart environment to provide users with context-based services and applications. Access to an information space can be restricted to certain actors, but it can also be publicly accessible, so that third parties can utilize the information for innovative services. The main challenge is that third parties comprehend the information available in the information spaces. For this purpose, semantic technologies may constitute a useful approach. The management of information spaces can be viewed as a task of information management (Schoder, 2011). As indicated, the provision of smart, context-based services requires information spaces that encompass the information systems of different actors. This presents companies with the challenge of managing these information spaces to provide shared value with partners and for their own benefit. This management takes place in a relationship of tension between the potential for innovation induced by the opening up of information spaces and the desire to profit exclusively from closed information spaces with the presumed retention of full control and data integrity. On the one hand, opening up information spaces means that third parties can access the information and integrate it into new, innovative services. This is already currently apparent as an opening of information systems, such as Google Maps and Facebook, which has led to a huge number of mashups and externally developed, innovative applications. In a computerized world in which data about reality are available at a much higher level of quality, a dramatically greater potential for innovation is to be expected if the data are freely accessible. On the other hand, the question arises of how a company can benefit from the fact that third parties use their information to create innovations. Companies could therefore rely on keeping their information spaces closed in order to exclude competitors and to utilize access to the information space as a source of revenue. Such information spaces, however, would run counter the realization of a computerized world. For information space management, the question arises as to how far information spaces should be opened in order to increase the potential for innovation and, on the other hand, to profit as much as possible. In addition, this raises the question of who should own and control devices and their data? A simple use case illustrates the conflict (Cáceres and Friday, 2012), that is, augmented home thermostats (rendering them as smart objects) connected to a smart power grid. Who should own the data that are generated through the home thermostat at the user's home: the end user or the service provider? What happens when the user's (local) desires to be comfortable conflict with the provider's (global) goals to save energy?

1.8.4 Social, Ethical, Legal, and Risk Aspects

Informatized worlds exist in a constant tension between innovation (the technically feasible) and individual and social acceptance (the socially desirable). The difficulties with the above-mentioned pricing strategies are, above all, customer acceptance and related concerns regarding the violation of privacy (Shin, 2010). Obtaining fine-grained data on entities, and especially individuals, expose the core dilemma in a modern IoT. Specifically, any person-related information may do both: enrich context- and person-related, individual services, and constitute potential intrusion into privacy, leading to resistance (Garfield, 2005). Besides privacy, many other fundamental challenges exist with regard to (IT) security, trust, and so on. The lack of security across IoT in general and the Industrial Internet of Things in particular has come to light largely due to an experimental search engine called Shodan (Wright, 2017). Launched in 2009, the service crawls nearly four billion devices from which, at any given time, several hundred million devices are turned on (depending on network connectivity). As a threat analysis based on Shodan showed, more than 100,000 IoT devices can be easily attacked, among them being special-purpose industrial computers for regulating the flow of water, transportation systems, and even entire power grids (Leverett, 2011). Many of these systems were designed before the advent of IoT, and thus did not consider these types of security threats. IoT certainly is confronted with literally all security problems already known from other IT-based concepts and artifacts—and may add some more aspects if not just by the severity and importance.

Some examples of pressing research questions include the following³⁸:

• How should we cope with privacy issues in Ubicomp scenarios focusing on system design considerations? (Langheinrich, 2001)
• Who is accountable for decisions made by autonomous systems? (Berman and Cerf, 2017)
• How do we promote the ethical use of IoT technologies? (Berman and Cerf, 2017)
• What role does trust management play in IoT scenarios? (Sicari et al., 2014; Yan et al., 2014)
• What can middleware do for security and privacy issues? (Atzori et al., 2010)
• What are the security requirements to deal with data confidentiality? (Miorandi et al., 2012)
• What are the relevant legislative challenges? (Weber, 2010)
• What are appropriate architectural options for security and privacy, in particular the advantages and disadvantages of centralized and distributed architectures? (Roman et al., 2013)
• What are the principal attack models and threats? (Hu, 2016)

In order to include some sensitivity in the scale and scope of social, ethical, legal, and risk aspects of IoT, there is a focus on “data” and related data privacy issues (Cáceres and Friday, 2012).³⁹ It is worth noting that this list of questions is not exhaustive.

• When can we infer with certainty? We need to take into account that sensed data or interactions are imprecise observations of the world, often taken from multiple sensors and at varying points in time. IoT environments must consider this evidence and make a judgment of when and how to react. Full appreciation of the value and meaning of data is certainly application and context dependent. Do we have machines (or more precisely software) that are advanced enough to “understand” such context and data properly?
• Where are data located? It is easier to answer this question in the context of technical aspects of cloud and fog computing architectures. However, regarding ownership, control of data, and access to data, obtaining the answer is substantially more challenging. For many environments, such as rooms, homes, companies, and hospitals, the demand for security and privacy requires enforcing conventional, legal, and physical boundaries.
• How long should data persist? What does the environment know about us? What should it know and with what should we trust it? How long should data be retained? What is transient and what should persist? Can we delete data, and can they be forgotten? Who has (the right) to access data? Who is the owner of sensed data? Is it the sensor's owner, the owner of the environment where the sensor is working, or the collector of data (Foster, 2017)?

Most, if not all, of these questions have gained prominence recently with the advent of “Big Data” and its unprecedented scale of storing, computing, and executing data and gaining insight from them. In addition, questions exist that are related to who will pay for IoT infrastructures (less obviously, but eventually, the common citizen with his or her tax dollars). Regulations concerning who is responsible for managing and maintaining local, regional, national, and supernational infrastructures are needed, and to a large extent not yet defined. Due to technical issues and a general reluctance, it will not be the common user who will be manager of his or her own data, that is, it will be service providers. Managed services would certainly reduce complexity for the end user, and obscure complicated technological interfaces. However, managed services also introduce their own tension between manageability and cost for the provider versus flexibility and control for the end user (Cáceres and Friday, 2012). One example of an initiative that addresses policy and regulation issues is the Mauritius Declaration on the Internet of Things. Excerpted example statements include the following⁴⁰:

• IoT sensor data are high in quantity, quality, and sensitivity, and as such should be regarded and treated as personal data.
• Transparency for all stakeholders is key. Those who offer IoT devices should inform the user so that he/she becomes clear about what data are collected, for what purposes, and how long these data are retained.
• Privacy by design should be the default design principle.
• In order to cope with security challenges, one way to minimize the risk to individuals is to ensure that data can be processed on the device itself (local processing). Where this is not an option, companies should ensure end-to-end encryption to protect the data from unwarranted interference and/or tampering.
• The data protection and privacy authorities should ensure compliance with the data protection and privacy laws in their respective countries, as well as with internationally agreed privacy principles, including appropriate enforcement action, either unilaterally or through means of international cooperation.

Taking into account the enormous challenges faced by IoT developers, data protection authorities and individuals should engage in a strong, active, and constructive debate on the social, ethical, legal, and risk aspects of IoT.