Skip to main content

Zebra-IOTA-Edge-SDK : Identity Enabler : 104 Tutorial

Device onboarding

In this tutorial you will learn how to use the Identity Enabler of the Zebra-IOTA Edge SDK to onboard supply chain devices.

Before reading this tutorial you should have first read the Decentralized Identity introduction tutorial and the identity management Holder Application tutorial.

Introduction

The DeviceID Application provides a blueprint of how devices can be onboarded to participate in supply chain processes by obtaining a new decentralized identity verified by the organization owning the device. This process is aimed at improving auditability, data provenance and traceability all the way from device events to business events.

Particularly, once a new Device Identity is available, the concerned device can start reporting authenticated scan events (after having been previously registered to the Track & Trace Ledger APIs) that can be immutably recorded on the IOTA Tangle. Those events could later be transformed into EPCIS 2.0 events.

Prerequisites

The prerequisites for running this tutorial are described on part 1 of this series.

Getting started

An overview of the structure of the SDK is described on part 1 of this series.

How to run in a browser

Run the Holder application in your browser with the below commands:

# Clone the repository
git clone https://github.com/ZebraDevs/Zebra-Iota-Edge-SDK

# Set up the project
cd Zebra-Iota-Edge-SDK/identity-enabler/deviceId-mobile-app
npm install

# Build and run
npm run build:dev
npm run start:dev

# Open http://localhost:5002 in your browser

How to run on an Android Device

Before continuing please ensure that you have already installed the Android Studio on your local development machine and is properly configured. Then

# Clone the repository
git clone https://github.com/ZebraDevs/Zebra-Iota-Edge-SDK

# Set up the project
cd Zebra-Iota-Edge-SDK/identity-enabler/deviceId-mobile-app
npm install

# Build and run
npm run android

Afterwards you need to go to the Android Studio and compile, install and execute the corresponding Android application. After successfully running the application you will be shown a simple wizard that you will need to complete. See below.

DataWedge profile

If you want to run this application integrated with a Zebra Scanner you need to import the corresponding DataWedge profile or configure a new one similar to the one on the screen capture below. The associated application shall be “org.iota.zebra.device_id”.

Note: On a non DataWedge device you can simulate a DataWedge scanning through the adb command line tool as follows:

adb shell am startservice -a org.iota.zebra.device_id.intent.action.SCAN -e com.symbol.datawedge.source scanner -e com.symbol.datawedge.data_string <scanned_string>

Data Wedge Profile 1Data Wedge Profile 2Data Wedge Profile 3

Note: Also you should have previously defined a DataWedge profile for the Holder Application.

Additional information on how Zebra DataWedge can be integrated is found at the introductory tutorial.

Onboard a device

The first step to onboard a device is to obtain a new DID document. This process is conducted through a wizard, and is similar to the one we already described for the Holder Application. See below.

Identity device 1Identity device 2Identity device 3

After having obtained a new Decentralized Identity, which includes verification methods (i.e. public / private keys), the next step is to get a new Verifiable Credential that will contain all the claims associated with the device (serial number, manufacturer, etc.). Thus, it is first required that the device presents its claims to an issuer. In this case the issuer will be the organization owning the device. Such an organization will check for the ownership of the DID and the claims made. And, after a verification process, a new Verifiable Credential will be issued and signed. The issuer of such a Verifiable Credential will be the organization owning the device and the subject the device itself.

In our blueprint application the process described above is conducted as shown below. From the DeviceID Application it is requested a new DeviceID credential. For that purpose, the device generates a QR code that encodes all its claims.

Request Credential 1

Afterwards, such QR code is scanned by the Holder Application that will verify the claims, the ownership of the DID and will finally issue a new credential.

Device ID CredentialDevice ID Claims

Once the new Credential is ready it is shared from the Holder Application through a scannable DataMatrix code and imported by the DeviceID application.

Onboard device 1Onboard device 2Onboard device 3

Important Note: In this version of the SDK we are using the Holder Application itself as Issuer Application. Thus, in the end the device’s Credential is signed with the identity we have previously generated at the Holder Application. However, in a real solution there should be a specific Issuer Application for this purpose. In the next version of the SDK we plan to provide a new blueprint for an Issuer Application.

Show me the code

The code that makes it possible the Device onboarding is a combination of the previous code we have shown in other parts of this tutorial, such as the identity generation or credential issuance.