Why Every Robot Needs a Cryptographic Identity
The Identity Gap
When a robot performs an action in your warehouse — picks an item, moves a pallet, reports its location — how do you know it's actually that robot? How do you know the message wasn't spoofed, replayed, or injected by a compromised system?
Traditional robotics systems use network-level authentication (IP addresses, MAC addresses) or shared secrets. These are trivially spoofable.
Decentralized Identifiers (DIDs)
Sentinel assigns every robot a W3C-compliant Decentralized Identifier:
did:sentinel:0x7f3a8b2c1d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a
This DID is:
- Self-sovereign — the robot owns its identity, not a central authority
- Cryptographically verifiable — backed by an Ed25519 keypair
- On-chain registered — anchored on Solana for immutable proof of existence
Hardware Attestation
A DID alone isn't enough. If the private key is extracted from a compromised robot, an attacker could impersonate it. That's why we support hardware attestation:
- TPM 2.0 — Trusted Platform Module stores keys in tamper-resistant hardware
- Secure Enclave — ARM TrustZone for mobile and embedded devices
- Intel SGX — Software Guard Extensions for x86 industrial systems
The hardware fingerprint is bound to the DID, making identity theft physically impossible without the original hardware.
Key Rotation
Keys don't last forever. Sentinel supports automatic key rotation with zero-downtime transition:
- New keypair generated
- New DID derived
- Rotation event signed with old key
- Old key revoked after grace period
- All systems updated atomically
This ensures that even if a key is eventually compromised, the window of vulnerability is minimal.