The Authentication FC is involved in user and service authentication. It checks
the credentials provided by a user, and, if valid, it returns an assertion as result,
which is required to use the IoT Service Client. Upon checking the correctness
of the credentials supplied by a newly joining node, it establishes secured
contexts between this node and various entities in its local environment.
The two functionalities provided by the Authentication FC are 1/ to authenticate
a user based on provided credential and 2/ to verify whether an assertion
provided by a user is valid or invalid.
The Identity Management FC addresses privacy questions by issuing and
managing pseudonyms and accessory information to trusted subjects so that
they can operate (use or provide services) anonymously.
Only one default function is attributed to this FC: to create a fictional identity
(root identity, secondary identity, pseudonym or group identity) along with the
related security credentials for users and services to use during the
authentication process.
The Key Exchange and Management (KEM) FC is involved to enable secure
communications between two or more IoT-A peers that do not have initial
knowledge of each other or whose interoperability is not guaranteed, ensuring
integrity and confidentiality.
Two functions are attributed to this FC:
Distribute keys in a secure way: upon request, this function finds out a
common security framework supported by the issuing node and a remote
target, creates a key (or key pair) in this framework and then distributes it
(them) securely. Security parameters, including the type of secure
communications enablement, are provided; Register security capabilities: nodes and gateways that want to benefit
from the mediation of the KEM in the process of establishing secure
connections can make use of the register security capabilities function. In
this way the KEM registers their capabilities and then can provide keys in
the right framework.The Trust and Reputation Architecture FC collects user reputation scores
and calculates service trust levels.
Again, two default functions are attributed to the FC:
Request reputation information: this function is invocated at a given
remote entity to request reputation information about another entity. As
input parameters, a unique identifier for the remote entity (subject), as
well as the concrete context (what kind of service) is given. As a result a
reputation bundle is provided; Provide reputation information: this function is invocated at a given
remote entity to provide reputation information (recommendations or