Secure Element

Is there more information on the secure element in pebble tracker that makes it part of the internet of trusted things? We’ve heard the team talk about it being like a credit card chip but how exactly does it work? Ie. Is it a one off number transmitted etc. I’m sure it’s technical but it would be good for the community to be a semi expert and be able to discuss the importance of the security aspect at the work drink fountain. :laughing:

Terrific question to explore with the community!

This is one of those fundamental topics that doesn’t get enough attention in discussions on IoT / connected devices. Having data secured in a Trusted Execution Environment (TEE) provides the greatest degree of reliability for IoT data. Data that needs the highest level of security should come from a highly tamper resistant device, i.e. one that has a TEE. There are IoT data use cases that fall on a spectrum of required data integrity. Sometimes that degree of integrity isn’t as important.

Pebble tracker has a TEE and thus can be used for purposes that require the greatest degree of data integrity.

What happens in this environment?

Pebble Tracker ensures the integrity of the data by capturing and cryptographically signing real-world data using a built-in secure element, similar to the chips in your smartphone to manage FaceID/fingerprints and crypto hardware wallets to manage private keys. This signed data is hashed to the blockchain for provenance, almost like an “on-chain birth certificate”, which allows anyone to verify its authenticity.

For applications such as enviroBLOQ and AhoyDAO, companies are paying money for the data from these devices. They need to know that the data, or proofs based on that data, is completely reliable. That’s what makes the entire process from trusted device to any dApp, via W3bstream, groundbreaking. This data integrity is foundational to a MachineFi economy.

For a general explanation, I found Wikipedia on Trusted Execution Environment offers this useful writeup.

A trusted execution environment (TEE) is a secure area of a main processor. It guarantees code and data loaded inside to be protected with respect to confidentiality and integrity, Data integrity — prevents unauthorized entities from altering data when any entity outside the TEE processes data, Code integrity — the code in the TEE cannot be replaced or modified by unauthorized entities, which may also be the computer owner itself as in certain DRM schemes described in SGX. This is done by implementing unique, immutable, and confidential architectural security such as Intel Software Guard Extensions (Intel SGX) which offers hardware-based memory encryption that isolates specific application code and data in memory. Intel SGX allows user-level code to allocate private regions of memory, called enclaves, which are designed to be protected from processes running at higher privilege levels.([1])([2])([3]) A TEE as an isolated execution environment provides security features such as isolated execution, integrity of applications executing with the TEE, along with confidentiality of their assets.([4]) In general terms, the TEE offers an execution space that provides a higher level of security for trusted applications running on the device than a rich operating system (OS) and more functionality than a ‘secure element’ (SE).

Thanks for the comprehensive answer. It’s good to know that if I have a contract with someone that will be automatically executed on chain and pay them my hard earned $$ that the data going into that contract is trusted.

I guess then it is a matter of the contract parties working out the parameters of the trusted data.

For eg. For weather info the placement of the secure iot device needs to be decided and agreed such as outside in the shade, off the ground and away from mechanical devices like air cons that could skew readings. Or… if I’m getting a fresh and unmelted ice cream delivered I want the cream temp monitored and verified (below zero) not the cone or the outside of a freezer box :stuck_out_tongue: