And I first need to introduce myself.

I'm Ziran from the UK.

And today's talk I would like to walk you through our practices and also our choices

of technologies in building endtoend IoT system with privacy in mind.

So, to start the talk, I would like to present to you a use case.

And we are going to use this use case throughout the talk today.

What we are going to do is go behind the scenes of the use case and look at the technology

challenges and our solutions.

So, first we would like to look at how to build an IoT system okay, our use case basically

is holiday homes.

Holiday result.

I think most of you has spent a holiday, rent a home on a big holiday resort.

We're talking about this kind of scenario.

So, to start the first step is how to build an IoT system for one single holiday home.

So, in our case we are basically using the web of things technology.

So, we are going to attach Mozilla IoT platform and the web.

Once the IoT is built for one holiday home, we're going to go further.

How can we connect all of these homes together?

And furthermore, can we introduce some intelligence when we view the holiday when we view the

connect the holiday homes together and build the IoT for the whole holiday resort.

So, here, and we have the main case is to respect user's privacy.

So, here we're going to look at learning.

And then we're going to look at the architecture for the whole IoT system and share with you

our current work status.

So, holiday homes, in this scenario, I think only two main parties.

One is the holiday makers.

The other is the owner of a holiday resort.

The owner could be just like another company or agent.

So, what's does the holiday owner have in his mind when building IoT for their holiday

resort?

I think one essential thing is is the holiday home very smart.

Is it controlled and how to provide the services?

And then when you build this, it has to be, you know, have to be complying with the legal

requirement.

Respect the user's privacy.

And the last, but not least, so, what is is it a solution that causes the effect here?

And does it provide a longterm benefit?

And from the holiday maker's point of view, I guess, for us, is just the easy access and

easy control over the holiday utilities and the facilities.

And also, we want to be relaxed and not being watched.

We don't want anyone to monitor how we use our electricity, how many washes we do every

day, you know, during holiday time.

So, let's look at how to build IoT for one single holiday home.

And with privacy in mind.

How is privacy doing in IoT?

So, how is IoT actually doing with privacy, really?

So, the concerns are about the risks that the Internet of things has imposed on data

protection and the personal privacy has been raised for many years.

And a survey from ICO in 2016 has stated that six in ten Internet of things devices do not

properly tell customers how their personal information is being used.

This is pretty worrying.

The good news is that the government and also the industry, they are taking actions.

For example, in the EU, GDPR, I think everyone heard about GDPR here?

Yeah.

Yeah.

So, GDPR came in force in May last year.

So, this new EU regulation basically is to protect personal data in law.

And also, when you design you know, when you design and create new IoT solutions, we need

to have data protection by design in mind.

Previously known as privacy by design.

So, for for IoT developers, this legislation has a significant impact on how we deploy

our technologies and what kind of services we are building.

So, we actually are thinking that, well, open web platform actually permits the enhanced

privacy compared to other technology stacks.

So, we think actually GDPR is not only a challenge for web IoT, but also a very good opportunity.

So, we have been talking actually when we build our web of things for when we build

our IoT actually and mainly based on web of things tech technology.

What is, of things?

Web of things let's just quote from Wikipedia.

It's a software architectural style and the programming patterns that are along the real-world

objective to talk to the worldwide web.

It's a tough level.

When look at really what issues are in this.

If you are in IoT, you know for the major concerns in IoT is interoperability.

Because, you know, we have like hardware and software from different vendors and manufacturers.

Suddenly we want to connect them together.

And they are not nice to follow the same specifications, the same standard.

Probably not even talk the same language.

So, how do you connect them together?

So, web of things basically addresses this issue by providing an application layer solution.

So, aside from the difference in the network layer physically.

This is an application solution.

Which means that which means actually it has to on the Internet of things, it has to talk.

So, the scope actually, bearing in mind the scope of IoT is a lot broader.

Not everything in IoT nicely connects.

So, we would like to think that web of things actually is an option for application layer

solutions for the traditional IoT particle stack.

So, the web of things basically has been a specification by the W3C and there's some

implementation work by Mozilla and Google.

And some things are actively involved in this implementation work as well.

And standardization works.

So, here we have actually a loosely web of things solution for the home.

And we actually talk about things.

So, can I basically you connect all your things together, manage them and connect to the cloud.

And we talk about controlling your things from your smart devices like mobile phone,

through progressive application.

We talk about to have a new device, a new thing.

To connect and embody and connect to your network through web tools.

so, now we will look at each of those components in detail.

The first is the gateway.

I guess any of you attended the Mozilla web of things workshop this morning?

Yeah.

So, this gentleman, what was your impression on yes.

It's actually quite impressive as a platform and it is open sourced.

So, this morning actually the workshop, I was there, actually.

I think it's mainly talking about a way to stay connected to things.

But actually, it's more than that.

It's basically three paths.

We have the cloud over here.

The cloud is a districted collection of cloud services and provided by Mozilla to connect

devices across a geographic area.

And then we have syncs framework.

This syncs framework basically is a collection of reusable components to help you build your

own web things.

And we should directly expose the web of things API.

So, actually Mozilla created this API.

They created a document.

Look it up, that's what they're following.

And coming to the things gateway.

The things gateway is an open implementation and which the tool is existing for access

to the web.

So, we can actually see that the backhand of the things are for JS.

This is for JS developers, this is good news.

And NodeJS backend talking to the frontend through the API.

And through the secure web socket.

Apart from JS supported, web of things actually produced another concept called adapter.

This adapter is actually a language adapter.

It's programming things using another language such as Python.

Look at the security side.

So, basically the web of the Mozilla things, they gave the framework, actually.

They're going to have you establish the HTTPS where Mozilla tunneling is.

And also, if you are considered this is a type of structure for the situation.

So, actually can tell you how it is actually less encrypted.

So, you establish the tunnel from your gateway to your cloud server.

And let's consider another situation.

So, if you actually not on site, you're offsite.

You're actually somewhere remotely.

And there you want to access your things at home.

In this case, actually Mozilla provides this bike tunnel.

Back handed tunnel from your cloud server to your gateway.

And the other thing, this is a security side.

And the other locater specification authorization is they actually follow you.

So, the token, because you can choose a different text token, the token they are using is a

JSON web token.

Yeah, show this is a snapshot from one of our applications.

So, this shows that actually this screen pops up on the owner.

What happens is when you go to the applications, you want to exercise your things.

So, the things here are mainly like the sensors in your home.

And the home screen, you have this pop up.

And you can grant the scope for the token.

It allows you to access certain things.

Or I can actually further you can actually grant a read access.

You can grant rights access.

An owner cannot only do this, they can also delete and then revoke these tokens.

So, this actually is a privacy.

We can say, you know, you don't get my content or the scope if you don't ask me.

And the whole progress application, I'm sure they are down here.

We use the P tab for mainly for mobile phones to control devices.

So, P tableau is a website that creates a native app for user experiences.

They basically address the issues in the native mobile applications on the write side and

this new design concept in APIs.

But it's the way I've seen here.

Basically, you can add it to the screen to promote it.

This is basically a native application feature.

And they can do offline features offline functionality.

So, although the functionality is limited, it can still show you, you know, what is already

historically there.

You can still control something.

So, this offline connection for us is quite interesting.

Because it's actually allowing you to give us the possibility to minimize and install

and use the data as much as possible.

Also, you have to know give you the possibility to know what data is reserved in my device,

what is up there?

So, this feature is basically a chip that by I deploy a collection of technologies.

A service worker.

So, one thing is we need to talk about another aspect of security is you can unleash your

page through HTTPS.

So, we talk about having a new device.

Onboarding with Bluetooth.

Bluetooth is basically based on Bluetooth low energy.

So, the idea here is that we use the web of Bluetooth APIs to discover and connect another

web of Bluetooth devices.

And after that, when the authentication is finished, we pass the WiFi information to

the new device.

And then the new device is connected to the network through WiFi.

So, the web, that was the reason we chose it because the other thing is with the server.

And we have HTTPS.

And the other thing is if we want to start Bluetooth in discovery, you have to do it

through a user gesture.

This is another aspect of privacy.

So, we had we had IoT build out of one single holiday homes.

And we were thinking to how to connect them together.

Connecting them together is pretty standard.

Because you can get the cloud server and you can actually view that cloud connect and cloud

server which in this case Mozilla, they have actually prioritized that.

Whether we look at the solution, we particularly look at how scalable the solution is.

Can we expand what we have in this holiday result use case?

Can we extent it to a smart city case with millions and millions of devices?

Scalability.

And the other thing is that we know data is very, very valuable.

So, how do we make a good use of the user data?

And then we should respect their privacy.

So, with this in mind, actually, we want to use make good use of data.

We want to do statics and then we're going to do predictions.

With this in mind, we basically are choosing learning.

If you have learned about federated learning?

Okay.

So, we actually made pretty much using federated learning in this IoT solution.

So, what happens is the learning is basically a collaborative motion learning without a

centralized training data.

So, basically the concept was initially proposed and termed by Google Paper two years back.