A proposed digital identity stack organised into identity data, attributes, and attribute metadata.

S. Wilson, N. Moustafa and E. Sitnikova, A digital identity stack to improve privacy in the IoT
2018 IEEE 4th World Forum on Internet of Things (WF-IoT), 2018, pp. 25-29, doi: 10.1109/WF-IoT.2018.8355199.


The Internet of Things increasingly involves collection, processing and transmission of a wide variety of data to services and other devices. Business and engineering considerations are both increasing the volumes and detail of IoT data flows. Reasonably obvious privacy risks result from IoT-connected devices when they emit identifiable information, for this can reveal the activities of device users. More subtle risks arise when bulk device data is available for analysis, and linkage to auxiliary data sets, because identification or re-identification of users can follow. At the same time, security engineers are now designing for the “Identity of Things”, exploiting embedded cryptography and SIM-like modules to help with the authentication and authorization of devices acting as independent agents in the IoT. To help protect privacy while allowing precise authentication, this paper sets out a new model for digital identity management, comprising a stack of identities, attributes, and attribute metadata. As with the familiar OSI network stack, the digital identity stack helps to decouple different layers of authentication technology, so that IoT data is shared on an explicit need-to-know basis, and extraneous disclosures are minimized.

Extract: Secure attributes and metadata

The figure illustrates several IoT devices with integrated cryptographic modules to manage private keys and certificates, and digitally sign data sent to other devices or services. One device is shown transmitting a digitally signed report to a server, together with information about the device warranty, the detailed terms & conditions of the warranty, and the name of the warranty issuer. These attributes and metadata can be held in a digital certificate associated with a private key in the device’s crypto module. The integrity and provenance of the attribute data may be verified by another device or by a server, first by verifying the digital signature and digital certificate by regular public key cryptography, and then by checking that the warranty details contained in the certificate.

Download the paper (PDF).