Decentralized Device Identity at Scale
By Hitarshi Buch
Setting The Stage
Device and machine interactions are an inherent part of today’s digital age and the same is true for medical devices as more advancements are made in medical sciences. Millions of medical devices are currently in use globally. It is expected that the global medical device market size will grow to $671 billion by 2027. Each medical device is used for a specific purpose and requires interactions with humans and other devices. Therefore, managing the device’s identity and related metadata which certifies its health and usability is of paramount importance as it directly impacts the quality of medical care provided.
Management of medical devices faces a multitude of challenges due to:
- Lack of scalable solutions which could cater to millions of medical devices, manufacturers, and device users across the globe
- Manual and non-transparent assignment of metadata and credentials such as manufacturing details, regulatory approvals, usage conditions, etc. to medical devices by OEMs
- Lack of means to end-users of the medical devices to verify the device identity and associated credentials
- Lack of insight to regulators and auditors on the device credentials and whether it complies with the different norms and health standards
To address these issues, the first step is to treat each device as an independent entity that is empowered to manage its identity and credentials so that the device’s validity can be determined in a standardized and reliable manner. By applying the same concept to the manufacturers and device users, P2P (peer-to-peer) interactions can be enabled for greater efficiency and transparency.
We implemented a solution leveraging the concepts of decentralized identity and verifiable credentials to enable trustless machine-to-human interactions which involved -
- Medical Devices (Identity Holders)
- Device Manufacturers (Identity Providers) and
- Device users (Identity Verifiers)
Key Architectural Decisions
One of the key architectural decisions was to leverage blockchain technology to address the requirement of managing device identity in a decentralized manner, achieving an immutable audit trail of device-related transactions as well as establishing trust and transparency around device operations.
The next major decision was to identify the best-fit blockchain platform for our solution. Public blockchain platforms like Ethereum are truly decentralized and allow anonymous entities to transact but are plagued with a very compute-intensive consensus mechanism which impacts its performance and scalability.
Additionally, there are concerns around privacy and high transaction costs, making solutions built around these platforms hard to sustain.
Private blockchain platforms like Hyperledger have been built for the purpose to cater to enterprise needs of privacy, security, and performance. The usage of private blockchain platforms requires creation of consortium networks for which the cost of blockchain infrastructure and its governance must be borne by consortium members. Private blockchain networks also require administrative activities which is a compromise on the truly decentralized nature of blockchain.
Considering the above factors, we zeroed in on Hedera Hashgraph, which can be categorized as public-permissioned DLT (Distributed Ledger Technology) platform that addresses the shortcomings of public and private blockchain platforms by providing the following features.
- A consensus mechanism with the potential to cater to throughput of up to 100,000 transactions per second, to address the scale required for device identity use case
- Asynchronous Byzantine Fault Tolerance (ABFT) consensus protocol, with the highest degree of security, resiliency against DDOS attacks and transaction finality
- All Hedera services are publicly available at very low transaction fees (0.0001 USD)
- Unlike other public blockchains, the nodes are hosted by known, neutral parties who are part of Hedera Governing Council, who have an equal stake in the consensus voting process
- Hedera validator nodes store only the hashed proof of transaction thus eliminating privacy concerns
Solution Architecture
We built a solution on Hedera which not only provides the salient features of blockchain such as immutability, auditability, and transparency but also is scalable to handle the high transaction volumes needed to support medical devices interactions at a global level.
We implemented the following functionality to address decentralized global identity requirements for medical devices
- Creation and registration of all identities related to device, manufacturer, and end-users as DID (Decentralized Identity) on blockchain
- Credentials issuance to the Devices by Issuers (OEM / Device Manufacturers)
- End-users as verifiers to validate the authenticity of the device based on the credentials
- Manual /Auto Revocation of Credentials based on predefined criteria
- DID registry for devices and related credentials maintained on Hedera public ledger as a source of truth, which could be verified at any point in time
Technical Architecture
The following high-level architecture outlines the components implemented for our solution, which were implemented using serverless architecture to ensure future extensibility and scalability.
The components comprise of DAPPs (Distributed Apps) and integration with Hedera Mainnet and Mirror nodes to enable:
- Decentralized Identity (DID) and Verifiable Credentials (VC) SDK allowed the device to generate and register its DID on Hedera.
- The confirmation of device DID registration to OEM DAPP via mirror nodes and issuance of the credentials to certify that the device is valid and ready for use once the device DID is registered on Hedera network
- The device user requests credentials to determine the device authenticity which is automatically retrieved from Hedera.
- The ability for OEM to revoke device credentials is made available to all concerned parties on a real-time basis via blockchain if a device fails health checks or regular maintenance is skipped.
Leveraging the AppNet pattern
Hedera validator nodes process the transactions, arrive at a consensus, and maintain a hashed version of the transaction’s state. The transaction data is made available via read-only mirror nodes which provides a way to store and cost-effectively query historical data from the public ledger while minimizing the use of Hedera network resources.
This AppNet pattern enabled by Hedera ensures that the transaction processing latency on blockchain is reduced substantially. This has disrupted how blockchain applications are typically built by leveraging smart contracts. In blockchain platforms like Ethereum, smart contracts need to execute on all the nodes. adding overheads and inefficiencies to consensus making.
Distributed applications built for OEM, Device, and the end-user were implemented as AppNet by integrating with the mirror nodes.
Solution Scalability
Since all device DID and credentials related transactions were processed on Hedera platform the solution scalability was directly proportional to the efficiency of Hedera Consensus Service. Currently, Hedera Mainnet delivers high-throughput with 10,000+ transactions per second and low-latency finality in seconds. Each device related transaction leverages Hedera’s unique consensus mechanism consisting of:
- Hashgraph is a data structure (Directed Acyclic Graph) used to maintain the records of the inter-node communication and their order.
- Validator nodes use gossip protocol to relay information such as parent events, ledger state, files, timestamp, signature of creator node, etc.
- “Virtual vote” is computed predictively by each member on behalf of other nodes based on past transaction history as each node obtains a copy of a ledger
- Very little network communication overhead because there is no direct voting mechanism being used which improves the overall efficiency.
Hedera’s roadmap also includes enabling nodes to support multiple shards on the Hedera Mainnet for enhanced scalability and decentralization, which would ensure high performance as the transaction volume grows.
Deploying Wipro’s Validator Node
Wipro is a founding member of Hedera Governing Council which currently comprises of 20 leading enterprises. Hedera’s validator nodes are hosted by organizations like Wipro which is a key differentiator as it ensures that blockchain services are always available in a trustworthy manner as the council members own and govern this public network. DAPP (Distributed App) developers and enterprises can build blockchain solutions without bearing the cost of hosting blockchain infrastructure.
Wipro’s Hedera Node is hosted on Azure cloud platform with infrastructure sizing to enable up to 100,000 transactions per second. Hedera services are made available for DAPP developers via proxy endpoints and it also integrates with the rest of the Hedera Mainnet nodes.
Wipro’s validator node went live on Hedera Mainnet in August 2020 and on average, processes 60,000 transactions on a weekly basis. Overall, the Hedera network has processed over 1 billion transactions since its inception in September 2019.
Synopsis
Decentralized Identity for humans and machines is the way forward to enable flexible, peer-to-peer interactions and verifiable credentials associated with the identities will enable the trustless exchanges. DLT platforms like Hedera, through their unique consensus mechanism and the AppNet concept, has great potential to provide a scalable and globally viable solution. Therefore, with fast and efficient transaction processing and low transactions costs Hedera could be the public ledger of the future!!
