We combine the power of IOTA Streams and IOTA Identities and expose them with simple REST APIs in order to speed up integration with e-commerce solutions.
With the IOTA Audit Trail service, third-party e-commerce solutions can easily log and share immutable information while authorized third parties can access them and verify their integrity and authenticity.The Self-Sovereign Identity service enables the creation, issuing, and verification of trusted self-sovereign decentralized identities and credentials.
The IOTA Audit Trail service is used in the ENSURESEC project and the wider e-commerce industry to prove that critical data has not been tampered with and has originated from a trusted source. Meanwhile, it also ensures that customer data can be managed in a more ethical and secure way for all ecosystem actors, and helps prevent cyber-physical threats.
With the exponential growth of investments and data in e-commerce, many new attack vectors have opened up. Criminals seek to take advantage of cracks in traditional systems to steal value and data and disrupt services. To prevent this, e-commerce needs a secure digital infrastructure to share trusted data and to reduce the use and replication of personal information.
Identity and Credit Card Fraud
Returns and Delivery Fraud
Spamming with fake links
With our Audit Trail Gateway (GW), intelligent tools that monitor e-commerce threats share trusted untamperable information with verified sources. Moreover, with the e-commerce adoption of the SSI Bridge for IOTA Identities, customers can maintain control of their data, perform secure purchases and relieve small sellers of the burden of storing customer data and ensuring costly regulatory compliance. Honeypots that attract attackers also disappear. Sellers and logistics can prevent delivery and identity frauds.
IOTA Streams offers auditable encrypted data streams for any industry, ensuring data has not been modified throughout the industry data pipeline.
IOTA Identity provides access management (in this example, the Audit Trail Gateway) to hardware or software solutions alike.
Built, tested, and used in
This service enables users to create immutable encrypted data channels and share them with others. Data in channels are stored on the IOTA Tangle. A channel is implemented as an IOTA Stream and can handle different subscribers. By requesting a subscription to a channel, a subscriber can request Read, Write, and ReadAndWrite access to the channel. This request must be authorized by the creator (author) of the channel. After a subscriber is authorized, it is then able to write and/or read to and/or from the channel. In addition to subscribers, the author can always read and write messages in the channel. Authors and subscribers have their own IOTA Identity (through the SSI Bridge). All this workflow is managed with simple REST APIs.
This service enables users to create Self-Sovereign Identities, linking Decentralized Identifiers (DIDs) to people, organizations, or devices. Each identity is represented by a unique public key immutably stored on the ledger. Identities and public keys are used to anchor off-chain verifiable credentials, which are certificates containing identity attributes signed by an Issuer identity (using its private key).
The Issuer itself is an entity with its own decentralized identity. The Bridge allows an identified trust root to verify users' identity. Verified identities can then propagate this verification to other entities (organizations, individuals, or objects) using a network of trust approach. Identity can be used with the Audit Trail Service or as stand-alone. The entire workflow is managed with simple REST APIs.
Audit Trail Gateway (GW) and Self-Sovereign Identity Bridge code can be found at our public GitHub by clicking on 'view code'. We invite developers and innovators to install and build on top of our services. The IOTA Foundation has developed services as building blocks to use in current and future projects.
These services have been developed as part of the ENSURESEC project, funded by the European Commission.
By utilizing the IOTA Identity and IOTA Streams services, traditional systems can enjoy several important benefits. The services have been built to be used as the core data transfer mechanism between other components, or as a complimentary service should other message buses (such as Kafka) be used.
ENSURESEC is a collaborative Innovation Action project awarded by the European Commission to a consortium of 22 different partners, including the IOTA Foundation. This funding is part of the European Union’s Horizon 2020 Framework Programme under Grant Agreement No 883242. The IOTA Foundation works on ENSURESEC along with other e-commerce industry-leading partners together with an expert advisory board.
Read more about IOTA and ENSURESEC in our blog posts.
Download and build on open-source code for our developed tools.
Where else can you find these tools in use?
Mining industryTelco and 5GFuture scenarios (Coming soon)
Please reach out to us o discuss any development, integration, or access-managed services based on these tools. We look forward to seeing additional real-world use cases with solutions built on top of our tools.