Abstract

Decentralized Identifiers (DIDs) are a new class of cryptographically secure identifier that does not require a centralized trust anchor for attesting to the validity of keying material. DIDs are based on distributed ledger (blockchain) technology and allow the entity itself to manage its own identifier, hence the name "self-sovereign" which is often applied to them. In this paper, we describe Gnomon, a system that uses DIDs to securely register 5G IoT devices and install firmware/software into the device. Gnomon is designed to avoid the kind of difficulties that plague current technology, which is largely based on Public Key Infrastructure (PKI) and X.509 public key certificates. After a short introduction, we review current practice and briefly describe DIDs and verifiable credentials, a mechanism based on DIDs to securely assert information about the identified entity. We then describe the architecture of Gnomon and a prototype we built, based on the ION DID scheme, for applying DIDs and verifiable credentials to 5G IoT device registration and software installation.