MOBI Web3 Infrastructure

The convergence of multiple rapidly maturing technologies, such as AI, IoT, and blockchain permits any connected entity — whether a person, vehicle, device, package, piece of infrastructure, or data set — to have a trusted identity, communicate, and autonomously participate as an independent economic agent in decentralized transactions.

These transactions — comprising the exchange of value, goods, and data between entities in the economy of things — will produce a multi-trillion-dollar pay-per-use ecosystem we’ve termed The New Economy of Movement.

MOBI and its members believe that a zero trust approach is key to enabling interoperability and preserving data privacy for multiparty business automation.

Zero trust is a security model that assumes all network traffic is untrusted until proven otherwise. Organizations do not automatically trust traffic, even if it originates from a seemingly trusted source. Instead, all traffic is validated before being allowed to pass.

By implementing strict access controls and continuous authentication of all entities entering the network for all transactions, zero trust:

• Improves security by reducing the attack surface and minimizes the potential for data breaches
• Strengthens compliance by helping organizations meet regulatory requirements and industry standards for data protection
• Provides greater visibility into network traffic and activities, allowing organizations to identify and prevent potential threats

Public and private Distributed Ledger Technologies, together with World Wide Web Consortium (W3C) open standards — Decentralized Identifiers (DIDs) and Verifiable Credentials (VCs) — enable the creation of decentralized Zero Trust Networks.

These networks allow companies to avoid centralized platforms when digitizing extended value chains and automating multiparty transactions while lowering the cost of trust.

In 2020, MOBI began building a two-layer, member-owned and operated zero trust Web3 infrastructure (Citopia and the Integrated Trust Network, or ITN) to demonstrate cross-industry standards, enable multiparty applications interoperability, and allow entities to perform privacy-preserving, tamper-evident transactions via Self-Sovereign Digital Twins™ (SSDTs™).

Since its launch, MOBI has created and released 17 blockchain-based standards to enable a zero trust environment for multiparty applications. These standards include:

• MOBI VID (2019): the first W3C DID-compliant vehicle identity based on the internationally accepted vehicle identification number (VIN) standard
• MOBI Trusted Trip (2021): the standard applied W3C VCs and DIDs guidelines to link trusted identity and location into a verifiable trip
• Battery Identification Number, or BIN (2022): the BIN provided the necessary foundation for battery supply chain track-and-trace and the global Battery Passport

Citopia is a federated Web3 marketplace leveraging VCs (secure transactions) and Zero-Knowledge (ZK) cryptography to enable any entity to verify that another entity was present at a location, completed a trip, and performed relevant activities. Citopia VCs are machine-readable, privacy-preserving verifications for business automation in a zero trust ecosystem. These verifications can be performed by any ecosystem stakeholders and do not rely on centralized certificate authorities. Learn more about Citopia

The ITN is the first cross-industry permissioned network where participants agree to common identity standards and shared governance. As the first Zero Trust Certificate Authority for IoT, eCommerce, and business automation, the ITN acts as a global trust anchor for digital business. It is protocol, cloud, and technology agnostic. Using the ITN, organizations can create secure digital services that are locally highly performant while also decentralized. The ITN is backed by three global industry consortia (MOBI, MEF, AAIS). Learn more about the ITN

Citopia and the ITN form the foundation for a community-owned and -operated Web3 infrastructure for connected ecosystems and IoT commerce. MOBI and its members are focusing on a selection of foundational use cases, including:

• Platform-agnostic global battery passports
• Using in-vehicle telematics to provide real time accident data for
  reports and collision repair
• Multiparty supply chain track-and-trace
• Zero-Knowledge proof of vehicle location
• Multimodal trip planning, booking, and payment
• Maintenance and recall traceability

Although Citopia and the ITN have some similarities to other industry networks, there are important differences that will enhance the speed, privacy, security, and regulatory compliance of connected ecosystems.

First, any organization can use Citopia and the ITN services. However, membership is required to run nodes on Citopia and/or the ITN.

Second, whereas most Web3 solutions combine DIDs registry (the ITN) and transactions processing (Citopia) on the same infrastructure/company, we choose to separate them into two distinct organizations, each with its own legal structure, governance, network, and operators. This increases decentralization by reducing the market power and information advantage of any single organization.

Third, the separation permits Citopia to use any DIDs registry network following W3C DIDs standard, meaning that Citopia users aren’t locked to the ITN (and vice versa) and can use other networks.

Fourth, both Citopia and the ITN are vendor, technology, and protocol-agnostic, allowing applications interoperability and scaling of complex, cross industry, multiparty value chains.

Finally, through using Citopia and the ITN, DIDs are the only things registered and stored on chains. All personal and competitive information resides in the SSDT™ stored locally on the owner’s device or provider’s server and remains under the control of the owner, making the scraping and collection of data not possible, eliminating honeypots, reducing attack vectors, and improving security for all.

Through Citopia and the ITN, companies have the opportunity to combine the best of both worlds — building and leveraging applications that meet enterprise security, privacy, and compliance requirements while avoiding vendor or technology lock-in.

Companies can retain their brand, their business models, and their customers without paying significant economic rent to a centralized certificate authority, platform, or data monopolist. They can reap the full benefits of value chain automation and digital efficiency in a shared zero trust ecosystem where the network effects accrue to the community.

Decentralized Identity and/or Self-Sovereign Identity (SSI) is a new cryptographic technology that enables entities to assert ownership of their identity, where the identity remains private and not disclosed during transactions.

A W3C Decentralized Identifier (DID) represents a globally unique identifier that can be resolved to a DID Document, or de-referenced on a specific distributed ledger network, much like a URL on the Internet.

W3C defines Verifiable Credentials (VCs) as “a part of our daily lives; driver’s licenses are used to assert that we are capable of operating a motor vehicle, university degrees can be used to assert our level of education, and government-issued passports enable us to travel between countries.” This specification provides a mechanism to express these sorts of credentials on the Web in a way that is cryptographically secure, privacy-respecting, and machine-verifiable.