Building IOT and Blockchain platform

Internet of things abbreviated as IOT it was before the internet, people would call it embedded devices connected to a network.
IOT is not a technology, its a conceptual framework, its an architecture where embedded devices or a piece of hardware communicate with each other chips evolved smaller, the idea of a watch which could send data across cloud became a reality, e.g., microcontroller connects to REST and publishes data about your house room temperature.

Haller et al (I will provide a ref later) proposed a definition of IoT with “A world where physical objects integrated into the information network, and where the physical objects can become active participants in the business process."

Let's understand a problem, if a nuclear power plant monitors and control thermal cooling system, and all the sensitive data transmitted to a REST service which is running on the cloud (IOT)

If this data goes into the hands of a hacker, he can probably blow up the entire facility (Nuclear power plant usually don't transmit this data over cloud, API's must be running on their cloud or data centers).

Traditional security methods tend to fail for IOT at scale; problems exist on Authentication, protocol, data access and various architecture level at IOT.

I am proposing a solution, we build a service that utilizes extended public key management to authenticate to chain and via smart contract manages the device. For that, we make an API based on NodeJS which communicates with Blockchain nodes.

1. Pre-requisite

What is hashgraph?

Hashgraph is a new consensus protocol (Please go to this link to know more about it.) here i am going to use Hedera hashgraph as a demonstration.

Extended Keys
Deriving several child keys from parent key where one can calculate public keys without revealing private keys.

We are going to build a smart contract that does Device registration and puts logs over hedera hashgraph.

Let me break it down in the following steps

In terms of the following will. Happen in a layman language,

Say an X device will use the API to register itself over the testnet network which is while sending as the first transaction associating the device property and UID and different types of data Structure if needed as a part. registration, then we validate by checking the account balance, then our device is ready to push data over the Hashgraph via the file protocol, and then we can verify registration and communication will happen

Now the technical part.

We need a group of services which will do

The device will manage keys and some data about API.

Node JS Backend
Manages the extended public keys
Communicate with Hedera Hashgraph nodes
Commit transactions / contracts
Record logs/transactions and post them over the network

Smart Contract
https://gist.github.com/maektwain/a573d51ed47dacdc4a631b89343b1e62

Front end if needed.

We use services like web socket for sending instant time series dB and Elasticsearch to log data so that customer can look up a massive amount of data instantly.

This solution can deploy as AWS lambda also or a full-fledged NodeJS APP on an isolated VM.

The machine starts with the initialization of the register API call to nodeJS like this

POST /register http://somehost/register

It will perform the following
0. Creates the pub key and generate some addresses (using extended key)

1. We will store the machine data in our DB also like non-sensitive like ID and Hedera Account(keys extended ones) associated with it which machine will generate.

2. Then it will call the contract (assuming that machine will have pre-loaded gas balance to register itself) contract call is register()

3. API will return the contract data posted on the network and store it on our DB (note our DB is different then Hedera Hash, our DB. refers to Mongo or Mysql)

4. Now, the machine will have a public key and private key stored inside the machine/storage which will be used to fetch contracts associated with that machine (I am assuming that one public key(here pub key means Hedera. account also))

Once the above calls get. Executed we make another GET call for API,

returns {value retrieved from Hedera and confirmation of inclusion on contract and so so details}

GET /account {params: "publicKey, HederaAccount"}

Now we can verify that the machine is registered.

1. The API call will lookUp the contract associated with that address
2. Contract details are fetched from our DB and displayed to the consumer.
3. Verify function from the contract will be called to match. our DB details and thus forth

Communication between device and our cloud API and should happen via web socket now, and web socket will ease the load of sending massive amount of data to API, and then Blockchain such as log data other API calls can happen over HTTP.

return {account details such as status, balance}

WS(Websocket opens stream)

POST /logs {data}{hederAKEy}

1. We use filters to simplify data and send it to Elasticsearch based on the contract (so that we retrieve the data later from ES based on address) instead than storing inside MongoDB
2. Make timely or constant API calls. Within the service to the smart contract to log function with timestamps with individual gas limits.
   Another option is to store the log data directly as files; in that Case, we save on cost.

return {200}

Overall this would be

The device makes the call to our service API NODEJS and then makes the calls to Smart contract.
The owner should have almost at all times some gas for making contract calls(Through our storage we will ensure that we don't incur gas cost on tx requests)

This solution is the first draft i would be working ahead with complete implementation including detailed code specs if you are interested in contributing let me know

Thanks