In prior blogs, we’ve talked about the Ockam Network’s capabilities and how the platform rolls up IoT best practices into secure connected device ecosystems. Ockam’s blockchain based infrastructure provides a serverless experience so developers can innovate — fast.
The Ockam Network is a general purpose platform that enables identity, trust and interoperability in any IoT situation. The developers we’ve spoken to know all too well how painful it is to build these features into devices and they’re excited about using Ockam to eliminate their pain points. After surveying potential early adopters of the network, we uncovered a pattern in how developers plan to use Ockam in their applications. Four use case buckets emerged:
Trusted Data: Device designers and application builders need to send and receive trusted data between devices, to verify the origin of IoT data, to enable command and control of devices, and to grant permissioned access to data.
Rapid Integration: System Integrators and ecosystem builders want to provision devices, to enable multiparty interoperability, and to rapid prototype IoT ecosystems.
Verified Production: Manufacturers of devices would like to add an immutable “Made by _____” certificate to their devices, the ability to certify a Bill of Materials for the components that they assembled, and to store a record of license dependencies that the device hardware or firmware utilize.
Firmware Intelligence: Software developers face complexities around managing and verifying firmware versions in devices. This includes the installation, updates, and auditing of firmware for verified patches and botnet resistance. Some are even exploring the possibility of refactoring pricing models for firmware license billing models in devices to per use or as-a-service.
The Ockam Developer Experience (DX), abstracts away technical complexity of the infrastructure that powers the Ockam Network. Each of the complicated development scenarios above are greatly simplified with Ockam.
As an Ockam DX primer, we’d like to introduce three functions in the Ockam SDK that we will heavily use in examples in this series: ockam.register, ockam.claim, and ockam.verify. Each Ockam function replaces a long set of instructions and IoT best practices that are triggered behind the scenes.
The .register function sends a digital identity along with developer defined metadata to the network. It also signs this message with a cryptographic key from the device hardware. Devices that register themselves on the Ockam Registry will have immutable and decentralized identity that can be verified by other devices in the network. The Ockam Network stores the device’s Ockam DID and the device metadata into the distributed Registry. This entry can be used in the future for another device to uniquely verify the identity and any subsequent claims from the device.
The .claim function takes an observation from a device, signs it with a cryptographic key from the device hardware, and then sends a message to the Ockam Claims table. Ockam.claim is a general purpose tool for a developer that would like to record data from a device’s environment or status. This is the primary way for a device to send trusted data to another device or application. We will expose the broad powers of Ockam Verifiable Claims later on in this blog series though a couple real life examples.
The .verify function gets data from the Ockam Network on behalf of a device or application. Using the .verify function, the device has absolute certainty the data it receives came from the device that wrote the .claim or .register function in the first place. Business applications may need to verify that the data originated from a specific device. By having that application use the ockam.verify function, it can effectively cross-check the data signature and metadata with what was previously recorded in the Registry table. A match gives the application 100% certainty the data came from the original device that signed it.
To dig into code examples, check out Ockam on Github.
Ockam: as simple as it should be.