
Drivers for change
With Empeiria, devices can speak for themselves while you retain full control.
A utility needs authenticated electricity readings but must never accept configuration commands from the meter.
Grant
Ops issues a credential: `{ "topic": "reading/energy", "rate": "15 min", "expires": "2026‑01‑01" }` via the Empeiria dashboard.
Send
The meter signs each reading and attaches the credential.
Verify
The backend validates the signature and policy in < 100 ms.
Revoke
If tampering is detected, the credential is revoked; further readings are rejected or quarantined.
Reliable billing data and instant containment of compromised devices.
Secure Firmware Updates
Only binaries signed by an issuer holding a Software‑Update credential are executed by the device.
Industrial Sensor Compliance
Sensors emit signed VCs for temperature, calibration, or inspection results, enabling automated quality audits and warranty proofs.
Pre‑Flight Assurance for Drones & AGVs
Each vehicle proves its software version and approved mission parameters before launch, blocking rogue payloads or routes.
Hospital Devices & Patient Safety
Infusion pumps and monitors log every dosage change or alarm under a Credentialed Clinician VC, producing an immutable treatment record.
Third‑Party Maintenance
External technicians receive time‑bound diagnostics credentials, isolated from production commands, and automatically expire when the job is done.
Cross‑Border Compliance Validation
Regulators verify device origin and conformity claims at import, using globally resolvable VCs to accelerate customs clearance.
- • Reduced Compliance RiskCryptographic evidence of origin fulfils NIS2, MDR, and sector mandates.
- • Fraud PreventionSigned meter and sensor data blocks spoofing and eliminates manual audits.
- • Device‑as‑a‑ServiceUsage‑metered credentials enable flexible billing and remote disablement.
- • Ecosystem ExpansionExternal device makers integrate safely without exposing core systems.
- • DevelopersSDK adapters for MQTT, CoAP, HTTP; reach a verified message in under 30 minutes.
- • Security & OperationsOne‑click credential revocation; hardware‑backed keys optional.
- • ArchitectureRuns beside existing TLS and OAuth setups; no downtime migration.
1. Register the device in the dashboard to obtain its DID.
2. Issue a Device Credential with permitted topics or commands.
3. Send a signed message through the sample MQTT broker to see real‑time verification.
How is this better than X.509 certificates? | Certificates prove identity but not intent. Empeiria credentials add signed policy—scoped, portable, and instantly revocable—without the overhead of a full PKI rollout. |
What if a device goes offline? | Credentials can be cached and presented offline. Policies such as max age enforce freshness when connectivity returns. |
Can I combine this with my current IoT platform? | Yes. Use our MQTT or REST gateways as policy enforcement points, or embed the Verifier as a sidecar in your cluster. |
How fast is revocation? | Typically under one second, anchored on the Empe Blockchain. |
Do I need secure hardware? | It helps, but is optional. The SDK supports TPM, HSM, or pure‑software keys, letting you phase in hardware when convenient. |