Implementing blockchain as a microservice for IoT platforms
This week at the Open Networking Summit 2017 in Santa Clara, the industry will meet to learn about the latest open source initiatives related to networking. Here is why there is good reason to include blockchain in that open source discussion.
Blockchain and microservices have a lot in common. Each is designed to support open standards, public APIs and a community-centric, collaborative model.
Blockchain plays a distinctive role in the open source movement. It is a distributed, open source protocol owned by the community. Designed for transparency, it provides advanced transactional data security and provenance of transactions. No single blockchain user can compromise transactional data, and participants who are explicitly part of the transaction are assured data validity.
At the same time, an urgent need for application agility is driving increased adoption of microservice architecture. Monolithic applications are being deconstructed into modular, function-specific, inter-dependent, interacting services. This means that modern applications are inherently distributed and data-centric.
Powered by continuous data streams, they leverage distributed application logic implemented through APIs and microservices. Microservices and RESTful APIs provide both development (functional) and deployment flexibility. Today it is possible to build an entire software stack from re-usable components assembled in any combination and accessible through a public repository.
The cloud meanwhile provides a platform to host microservices within a single company or broadly across the industry. Ericsson has combined the principles of blockchain, microservices and open APIs to deliver blockchain data integrity implemented as a microservice for the GE Predix Cloud platform.
Blockchain and IoT platforms
IoT platforms designed to handle data generated by jet engines, MRI scanners, power generators and other industrial machines and devices. It leverages data across disparate systems, and uses its analytics capability to convert the data into actions and data driven outcomes.
The Ericsson Blockchain Data Integrity microservice
The Ericsson Blockchain Data Integrity service is well-aligned with with IoT platforms like GE Predix which use data collection, aggregation and analytics for distributed decisions and asset optimization. It provides evidence and proof of regulatory or process compliance.
GE Predix performs analytics on information generated by industrial devices in the Predix environment to enable actionable, business-impacting insights. The potential importance of the business impacts makes it critical to be assured that the data analysis has not been tainted by modified data inputs.
The integrity of the data inputs must be verified before using the output of the analytics. For industries under regulatory scrutiny, the integrity of data can be a compliance requirement. For industries under regulatory scrutiny, the Ericsson Blockchain Data Integrity serves to ensure that no data has been tampered with for an analytics process or during a process that is under regulatory control.
The Ericsson Blockchain Data Integrity service also ensures the security of an industrial device attached to the Predix platform. Here the role of the Ericsson blockchain microservice is to verify that the configurable elements of the industrial device like the underlying software or machine settings that are subject to updates based on Predix analytics, are in the proper state at a given time. The micro-service ensures the integrity of the device before it is placed into service. This integrity element of security is essential for industrial applications and IoT deployments.
Key functionality of Ericsson Blockchain Data Integrity microservice
Ericsson’s blockchain service enables a Predix application developer to provide data integrity to application users. It enables users to:
- generate a non-reversible signature for user data
- verify that the current version of the signed data has not been altered and matches the non-reversible signature
- extend the signature to the public record
The service can be invoked in two simple steps through an orchestrated workflow:
1. Signing of the data:
- An application triggers a signing process
- A hash of the data to be signed is generated
- The application requests a signature from the Blockchain service
- The service uses blockchain to generate a signature
- The signature is returned to the application
- And stored for later use during verification
2. Signature verification:
- An application triggers data integrity verification
- The application retrieves the signature
- And requests signature verification from the Blockchain service
- The blockchain service deconstructs the signature to verify that it is valid
- And returns the expected hash value of the data back to the application
- The application compares the expected hash value to the actual hash value of the data to determine if data has been modified
Ericsson publishes the top root hash value in the Financial Times and on Twitter on a monthly basis.
Data integrity for GE Predix Transportation/Rail Connect
The Ericsson Blockchain Data Integrity service provides verifiable trust for GE’s Transportation/Rail Connect application on the Predix platform. Field service technicians work remotely at rail sites to make configuration changes to rail assets. Given the operational safety and compliance requirements of the transportation industr,y every configuration change needs to be both securely logged and auditable.
This can be challenging in a distributed environment. Ericsson’s blockhain service provides integrity protection for the content of configurations, providing proof when events occur. This provides auditability and a chain of custody, allowing accountability of the asset lifecycle.
Read more about Ericsson's Data Centric Security. Or you can read our e-book on blockchain and the Internet of Things.
Background photo by Deirdre Straughan