DINRG | B. Yang |
Internet-Draft | China Mobile |
Intended status: Informational | June 30, 2018 |
Expires: January 1, 2019 |
Use cases of Blockchain: Application and Interworking
draft-yang-usecase-din-01
The purpose of this document is to analyze several important use cases based on blockchain, including: blockchain based PKI for security device connection, blockchain as a service, interworking cross blockchain (exchange data and contracts cross different chains). Through case analysis, important scenarios and specific requirements are listed. Related solutions are also provided for easy understanding.
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."
This Internet-Draft will expire on January 1, 2019.
Copyright (c) 2018 IETF Trust and the persons identified as the document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
Blockchain helps to establish cross industry mutual trust and cooperation, and provides the transmission of value and trust on top of current information network (i.e., Internet). The following industries are studying the application of block chains: government, commerce, industry, finance, insurance, medical, education, communication, culture and art etc.
Blockchain can play the following role in a company:
In this document, several important use cases based on blockchain are analyzed, including: blockchain based PKI system, blockchain as a service, interworking cross blockchain (exchange data and contracts cross chains). For easy understanding, related solutions are also provided.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119.
The terminology and abbreviations used in this document are defined in this section.
Digital certificates are widely used to negotiate secure channels between devices and to establish secure connections as defined in RFC 5280. Accoding to communication model, there are two typical sceniaros: multiple devices are connected to the same centralized node (such as H(e)NBs connected to a MNO's SeGW), peer to peer connection (such as IoT devices).
Take the H(e)NB scenario for example, H(e)NB is a device that is installed in the office/home where the radio signal is weak or not covered by MNOs, to provide mobile network services (such as voice call, messaging). H(e)NB access MNO's network via local user's Internet access (LAN), thus, security solution is needed to authorize the H(e)NB device and to secure the connection between H(e)NB device and MNO network border (SeGW), as shown in Figure 1.
+--------+ +--------+ +------+ +----------+ | | / \ | | / \ | | | | | || | | H(e)NB +---------+ Internet +------+ SeGW ++ Operator's | | | \ / | || Network | | | +--------+ | || | +--------+<===========================>+------+ \ / Secure Connection Via Cert +----------+ Cert Cert of CA1 of CA1 ^ ^ | | | +------------+ | +-------+ CA1 +---------+ +------------+
Figure 1
Because SeGWs belongs to different operation domain, it is not possible to have them use certificates issued by the same CA, H(e)NB needs to configure the certificate of the SeGW that it is connected to accordingly. Two important functions is provided by certificate, authentication of H(e)NB devices to make sure that it is not a fake one, and the establishment of secure end to end communication channels between H(e)NB and SeGW under an unsafe Internet network. For this reason, the manufacture can not preinstall any certificate for H(e)NB, the installiation of certificate is needed in the deploying stage. The workers manually install the certificate into the H(e)NB. In this way, the following problems occurs: first, the manually installiation is low efficiency and error-pronel; second, the certificate may be leaked out by the worker. Whats more, reconfiguration are needed each time when the certificate is expired or withdrawn.
The solution is:
Note: Although in this case we uses the operator's H(e)NB scenario, this solution applies to other similar connection models, such as home gateway.
Take IoT scenario for example. Currently, IoT devices always talk to each other via the network server (such as IoT application server). For privacy and security consideration, we want IoT devices that produced by different venders to talk with each other directly in security. But we can not assume that all these devices be preinstalled with the certificates issued by the same CA. The regular solution is to introduce a centralized bridge-CA. The question is that, the bridge is lack efficiency and extensiblity.
The blockchain provides a better solution:
The advantages of usging blockchain based PKI includes:
The value of blockchain in building a system of trust and collaboration has been proved by the industry, enterprises and industries are applying the blockchain. However, not all enterprises are willing to establish and operate their own blockchain system because of costs. Therefore, providing blockchain-as-a-service solution contributes to the rapid popularization of blockchain.
The main requirements for blockchain-as-a-service may include:
According to the current situation of the vertical development of the blockchain infrastructures and applications, the cross-chain interworking shall be a very important demand in the future. Cross chain interoperability involves not only data, but also smart contracts, security and other aspects.
Two OPTIONAL solutions for blockchain interworking:
This memo includes no request to IANA.
TBA
[RFC2119] | Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997. |
[RFC5280] | Cooper, D., Santesson, S., Farrell, S., Boeyen, S., Housley, R. and W. Polk, "Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile", RFC 5280, DOI 10.17487/RFC5280, May 2008. |