ioID: On-Chain Device Identity for Verifiable DePINs
Today we are excited to launch ioID, the world's most advanced on-chain identity solution for smart devices. ioID equips devices with their own smart contract wallet and private key to sign data on-device and verify their real world activities.
Smart devices are emerging in our homes, businesses, and cities at a blistering rate, connecting the physical and digital worlds like never before. By 2030, McKinsey predicts devices will outnumber humans by 10:1 and generate more than $12 trillion in economic value. These increasingly intelligent and capable devices are the foundation for the future global economy, and Decentralized Physical Infrastructure Networks (DePIN) represent the first-ever opportunity for everyday people to own and control their devices, as well as the data and utility they generate. Ever since IoTeX was launched in 2018, we have believed that devices will one day be the largest users of blockchains. With IoTeX 2.0, we are turning this belief into reality by connecting millions of real world devices to blockchains and verifying their data, identity, and utility for end-to-end trust.
Today we are excited to launch ioID, the world's most advanced on-chain identity solution for smart devices. ioID not only provides DePIN builders with a suite of tools to register and manage device identities on-chain and off-chain, but also equips devices with their own smart contract wallet and private key to sign data on-device and verify their real world activities. Furthermore, ioID serves as a gateway for devices to interact with the rest of the IoTeX 2.0 tech stack including DePIN Infrastructure Modules (DIMs) for connectivity, storage, compute, and more. With ioID, we are bringing devices on-chain as self-sovereign assets and introducing a new universe of use cases for the DePIN sector.
Throughout 2024, we have beta-tested ioID with 10+ DePIN projects, including GEODNET, Network3, Nubila, WatchX and Envirobloq, to understand the real requirements of DePIN applications and standardize our offering to make ioID a universal identity solution for the entire DePIN sector. To cater to DePINs targeting various industries and building on various blockchains, ioID is designed as a unified, chain-agnostic identity solution that is verifiable, programmable, composable, user-owned, and tamper-proof. With multiple implementation options (e.g., hardware, firmware, software), ioID can be utilized by any DePIN to bring verifiability and demand to their networks, open up new use cases, and interoperate with other DePINs.In this blog, we explore the architecture and design of ioID, new use cases unlocked by ioID, and how DePINs are utilizing ioID today.
ioID Design Principles
Over the past years, IoTeX has worked closely with research institutions, technical universities, DePIN researchers, and more to design an identity standard that will stand the test of time for the entire DePIN industry. After years of research and development, we are proud to launch ioID as an open-source system that fuses innovations from across the identity, blockchain, and Internet of Things (IoT) research communities. Our design philosophy was not to build ioID as a black-box solution exclusive to the IoTeX Network, but rather an open-source and decentralized toolkit that would be relevant for builders and users alike. To convert this philosophy into technology, we incorporated the following core principles into the design of ioID:
Core Principle | Description | ioID Design |
Verifiable | Anyone must be able to explore a DePIN project's on-chain device registry and verify the number of devices, the devices' on-chain and off-chain identities, and their associated docs and mappings | All device identities are created and managed using a suite of audited smart contracts, where anyone can explore for themselves the on-chain history of devices and their activities |
Programmable | Devices must be represented on-chain as programmable assets, enabling developers to build apps for lending/borrowing, staking, and transfers of devices and their outputs (e.g., data, services) | |
Composable | Open-source software must be incorporated to ensure compatibility between ioID and various on-chain and off-chain systems; developers must be able to build on top of ioID to meet their specific needs | |
User-owned | Device owners must be able to own and control their devices in a decentralized fashion; users do not require authorization from centralized entities to make updates or perform actions with their ioID | |
Tamper-Proof | The integration of ioIDs into devices and the handling of the device's data and identity must be performed in a tamper-proof fashion, free of manipulable centralized "black boxes" where users have no visibility | IoTeX's ioID SDK enables devices to create/store a DID private key (TEE or flash) and sign its data on-device for provenance and verifiability; data can bypass Cloud and be sent directly to decentralized DA via DIDComms |
ioID Architecture
ioID is a universal identity system that creates on-chain identities for devices that are then verifiably bound via smart contracts to devices' off-chain identities and owners' on-chain identities. In the architecture of ioID, the on-chain identity of a device is represented as an ioID NFT (i.e., ERC-6551 NFT) while the device's off-chain identity is represented as a decentralized identity (DID). The issuance and binding of a device's ioID NFT and DID is facilitated by the IoTeX Hub web portal and a suite of smart contracts on the IoTeX L1 blockchain. In the diagram below, we provide a high-level overview of the ioID architecture.
- ioID Software Dev Kit (SDK): IoTeX's in-house ioID SDK is a lightweight embedded toolkit for DePIN hardware, enabling Decentralized Identity (DID) registration on-device and DID-based encrypted communications. The ioID SDK is integrated into a DePIN device's firmware or embedded library, and supports a variety of popular chipsets including Raspberry Pi, ESP32, Arduino, Linux, and more.
- Off-chain identity (DID): After the device is booted up, a DID is automatically created in a decentralized fashion along with a corresponding DID document. The DID's private key is stored in the device's secure element or flash and is used to sign on-device any data/activity produced by the device. For lightweight devices, a hosted server can alternatively be used by a DePIN project to issue DIDs to devices and map them to existing unique device identifiers (e.g., serial #, IMEI).
- IoTeX Hub (hub.iotex.io): A web portal provides users with a seamless registration flow to bind their DID their user identity and register their ioID NFT on-chain identity. Within the portal, the device owner deposits IOTX to cover fees for smart contract interactions, the DID + DID Doc are retrieved from the device via wired (serial port, USB) or wireless (OTA, Bluetooth), the DID Doc is stored on IPFS (decentralized database), and the DID + DID Doc information is finally submitted to the device registry smart contract on-chain.
- On-chain identity (ioID NFT, ERC-6551 wallet): Once the device's DID information is submitted to the suite of smart contracts, an ioID NFT is minted and issued to the device owner's on-chain wallet. The ioID NFT represents on-chain ownership of the physical device and enables the ioID NFT holder to perform actions on behalf of the device, receive the device's rewards, and own/manage the device's data.
- Suite of smart contracts on IoTeX L1: four smart contracts provide a robust framework for decentralized identity management, ioID NFT issuance, and on-chain interactions
- ioID Registry smart contract: Registers devices on-chain and serves as a DID resolver for verifying device identities across different projects. Each DePIN will have its own unique ioID registry smart contract to manage its ioIDs, and all registered ioIDs are publicly viewable and verifiable.
- Project Registry smart contract: Manages all DePIN projects, ensuring each project is uniquely identified and authenticated with a project ID.
- ioID NFT smart contract: Directly managed by the Project Registry smart contract and is in charge of creating and assigning unique ioID NFTs to devices
- ioID Store smart contract: Manages the activation of ioIDs across all projects, including lifecycle management of identities (i.e., transfer, decommission of devices)
Registering a decentralized identity (DID) for a device is free, while activating an ioID on-chain will require a deposit fee in $IOTX, where a portion of ioID fees collected will be burnt, added to the Marshall DAO, and/or re-distributed back to ioID-equipped device owners. The ioID tokenomics will be initially defined and updated by network-wide governance voting in the coming weeks.
Want to start building with ioID? See our ioID Integration Guide.
ioID: Gateway to DePIN Infrastructure Modules (DIMs)
In addition to providing a robust on-chain identity solution for devices, ioID also serves as a gateway for devices to interact with the rest of the IoTeX 2.0 tech stack including DePIN Infrastructure Modules (DIMs) for connectivity, storage, compute, and more. Devices and their real world activities are the provenance point for the DePINs β if the identity of the device is not verifiable and trustworthy, then all downstream activities (e.g., connectivity, storage, compute) will be non-verifiable and cannot be trusted. As such, equipping devices with verifiable identities via ioID is a critical prerequisite to enabling fully verifiable DePINs.
Devices equipped with an ioID will be authorized to interact with DePIN Infrastructure Modules (DIMs) developed by IoTeX and top-tier partners, which are part of the end-to-end DePIN value chain. Data from ioID-equipped devices will be connected, sequenced, and stored in a verifiable fashion by IoTeX 2.0 partners like Streamr, Espresso, NEAR DA, Filecoin, and more. At the end of the DePIN value chain, IoTeX's off-chain compute platform W3bstream will receive this verified data from verified devices and run zero-knowledge proofs (ZKPs) to ultimately verify the device's real world activities and settle a "proof of real world activity" to the blockchain.
With ioID (Identity Layer), ioID SDK (HW Abstraction Layer), W3bstream (Verifiable Compute Layer), and our various DIM partners, IoTeX is enabling the world's first end-to-end verifiable DePINs with ioID as the catalyst! W3bstream DevNet is currently live with Testnet launch in the coming months. For more details on our vision for end-to-end verifiability for DePINs, please see our recent blog on Modular Infrastructure for Verifiable DePINs.
New Use Cases with ioID
The DePIN sector has grown rapidly over the years, but there is an unbelievable amount of untapped potential due to lack of verifiability from demand-side participants. The only way to fix this is to enable anyone to verify for themselves the identity and utility of the devices that contribute to DePINs are real and trustworthy. As such, the first and most important use case of ioID is verifiability itself to drive new supply and demand for DePINs. With verifiable device identities, end users will be more receptive to paying for data/services from DePINs, exchanges will be more comfortable listing DePIN tokens, regulators will be able to construct more meaningful legislation around DePINs, and much more.
In addition to bringing legitimacy and demand to DePIN, ioID also introduces new primitives for DePIN builders that unlock exciting use cases. With ioID, DePIN builders can convert physical devices into programmable, self-sovereign assets that can be authorized via on-chain permissions to interact with various Dapps as well as be traded, lend/borrowed, financed, and more:
- Authorization & Access Controls: Devices with ioIDs can be issued Verifiable Credentials (VCs) to authorize only specific devices/owners to interact with smart contracts, Dapps, mining rewards, and more
- Dual Mining & Rewards Distribution: DePINs can leverage ioID to conduct fine-grained, project-specific token distributions in a much more transparent fashion than today's opaque distributions that are calculated on Cloud/spreadsheets. ioID-enabled devices can also be programmed to contribute to multiple DePINs/Dapps at one time, enabling dual mining opportunities.
- Fractional Ownership & Financing of Devices: As ioIDs are programmable, custom ownership structures and hierarchies can be implemented for fractional ownership of devices. For example, a device's principal and cash flows can be split on-chain by a group of owners that provide various contributions (e.g., financing, installation, maintenance), which adds great flexibility to a DePIN's supply-side growth.
- Lending, Borrowing, and Trading Devices: As ioIDs are represented on-chain as an ioID NFT (ERC-6551), ioIDs can be treated as on-chain assets and traded, loaned, and borrowed just like any NFT. This enables use cases where a device installer can sell pre-installed devices to passive investors, a DePIN miner that needs upfront cash can lend their NFT and associated cash flows to another user, and much more.
ioID Case Studies
ioID is not only a comprehensive device identity solution, but it is also flexible to cater to the heterogeneous nature of DePIN projects. The main difference in implementation options is how decentralized identities (DIDs) are created and where the DID's private keys used for signing device data are stored. For many projects, the preferred approach is to create a DID by integrating the ioID SDK into the device's hardware or firmware, and storing the private key on-device in the device's secure element (TEE) or flash storage. Alternatively, a hosted server can be used to create a DID, map the DID to a device's existing identifier (e.g., serial #, IMEI), and store the private key on-server. We share three case studies below of projects integrating ioID using hardware, firmware, and software implementation approaches for their DePIN projects.
What's Next?
The launch of ioID demonstrates IoTeX's commitment to providing state-of-the-art infrastructure to expand what is possible for DePIN builders. Over the coming months, ioID will be integrated into more projects already in the pipeline and catalyze an industry-wide effort to prioritize verifiability for DePIN. Furthermore, ioID will be seamlessly integrated to W3bstream to pair "proof of identity" via DID with "proof of utility" via zero-knowledge proofs. The era of verifiable DePINs is upon us and will be rooted in IoTeX technology! For more on IoTeX's vision, see our latest blog on Modular Infrastructure for Verifiable DePINs.
In the coming weeks, a governance proposal regarding ioID tokenomics will be published to the IoTeX community for discussion and voting. The community will collectively decide the $IOTX deposit fee for activating an ioID on the IoTeX blockchain, as well as how these $IOTX fees will be burnt, staked, and dispersed to ecosystem-owned token pools like the Marshall DAO and Roll-DPoS rewards pool. The goal of ioID tokenomics will be to incentivize DePIN projects to adopt ioID, reduce the total supply of $IOTX via deflationary burn in proportion to ioID registrations, and reward users that opt-in to verify their DePIN devices' identity and activity.
Another upcoming initiative that will drive rapid adoption of ioID is the introduction of dual mining rewards alongside top-tier DePIN projects. With dual mining, owners of ioID-equipped devices will be able to mine two tokens at once (i.e., $IOTX and partner projects) for providing utility to the partner DePIN and contributing their verifiable device data/proofs to IoTeX. Dual mining beta programs are already underway with Network3 and WatchX with many more to come β stay tuned!
Want to integrate ioID into your DePIN project? See our step-by-step tutorial and get in touch with our Developer Relations team.