Rights management to enable a true Internet of Things

2016 IEEE Conference on Intelligence and Security Informatics (ISI).In this paper, we differentiate between a true ‘Internet of things’ and its component parts. We argue that the determining aspect of the ‘Internet of Things’ (IoT) is the accessibility of ‘things’ on the global Internet, as opposed to a simple interconnection of networked ‘things’. We observe that most reported applications of the ‘Internet of Things’ would be more accurately described as ‘Intranets of Things’. In large part, this is because the owners and operators of AIDC (Automatic identification and data capture) systems and sensor networks that in the main make up the IoT have understandable concerns about the security of their assets and therefore will limit access to that which serves their own purposes. In the wider field of the Internet ‘in the large’, the open mining of the Web for information has become the mainstay of many genres of research, allowing the assembly of huge corpora, enabling analytical techniques that can reveal far more information than previous limited studies. It is argued that part of the expected dividend for the IoT is to enable use on a similar scale of sensor and AIDC data, and that the results will be availability of information fusion on a huge scale, which will allow significant new knowledge to be generated. We give an example of how in one project, the RFID from Farm to Fork traceability project, this prospect has been validated to an extent on the basis that data owners voluntarily made their data available on the Web for specific purposes. Extrapolating to a more general case, we suggest that there are two services that need to be provided in order for the generalized information mining that occurs on the Internet-at-large to occur in the Internet of Things. The first is a means of cataloguing available data, which is already being addressed by services such as HyperCAT. The second is an automatic rights management service (IoT-RM), which would manage the rights and permissions and allow data owners to determine in advance to whom their data should be released, for what purposes, subject to which restrictions (such as, for instance, anonymisation) and whether any remuneration should be involved. We make some concrete proposals about the form that such an IoT-RM should take