Strong Signals: The Ultranet
Modernizing Authentication — What It Takes to Transform Secure Access
The radio frequency identification infrastructure developed at the Auto-ID Center at MIT and being steadily rolled out by early adopters is an interesting departure from recent technology architectures, including both the Internet and the Web. It uses essentially dumb endpoints (the tags) that are cheap to build in huge volume, and a network of sensors (the readers) and servers that contain the intelligence and information (and hence the cost) for making sense of tag data.
That makes RFID an early example of a mesh network, in which network components close together in space are moderately to highly connected to each other (in this case wirelessly), but only loosely connected to components further away. In this architecture, distance matters and the essentially flat connection model of IP (in which you can't tell where anything is physically by looking at its address) gives way to a layered interconnection scheme (in which you route "local" traffic differently from "long-distance" traffic). Think of these differences as similar to the differences between the wired and wireless phone networks.
The Auto-ID architecture is the purest example to date of an ultrathin client, fat-network model, cleverly architected so that it is essentially fractalit looks topologically similar at all resolutionsbecause a local mesh needs only a limited amount of intelligence (computing power) and information to function. By treating a local mesh as a relatively dumb node on a larger-scale, smarter and richer mesh, we can build a very reliable, inherently scalable system architecture without having to know in advance what capabilities and capacity every node eventually will need.
Mesh networks contain a lot of aggregate bandwidth, but most of the individual connections don't provide or consume much of it. Lots of potential local connections make a mesh node hard to destroyalthough generally not so hard to disconnectbecause there may be few connections to more distant nodes. However, the nature of the aggregate connectedness also makes connection damage easy to locate and repair.
Interestingly, the infrastructure architects at Auto-ID did not require that the endpoints be dumb; indeed, they are happy to accommodate any kind of endpoint, and the RFID world already contains many smart endpoints such as the tracking units on railcars and shipping containers. Smart endpoints also exist outside the RFID world, and it's interesting to speculate how one such endpoint, an emerging class of ultrapowerful, ultraportable computing devices, might fit into the mesh model.
Ever since IBM showed us the Meta Pad ultracompact personal computer in 2001, we've been tracking efforts to bring such devices to the marketand extrapolating what changes in IT infrastructure might result. Two years later we still don't have a commercially viable ultracompact PC, despite a lot of hype and some prototypes from IBM, Tiqit, OQO and others. But it's inevitable that we will get oneperhaps in the first quarter of 2004.
We recently completed a scenario exercise on the capabilities of such a device, most likely to appear in 2006, the outer edge of our weak-signals scenario horizon. We started by assuming a few thingsthat we wouldn't need much more processing capability than we could get from today's fastest Intel Pentium M processor, and that the device would have only moderate graphics processing requirements. And we made some conservative extrapolations about features, memory density, storage capacity, battery life and weight.
We came up with a device about the size of a paperback book that would fit into a large pocket, include handwriting and voice-recognition, and store around two terabytes of data. It would have 802.11g, Bluetooth and some form of cellular connection as well as audio- and video-processing capabilities and it may be able to act as both a phone and a camera. In basic formwithout any special add-ons or softwareit would cost less than $1,000.
The device would also have a biometric-based signature that is identity-linked to its user (and probably a restricted-capability, public-use mode as well). It would be "dockable" via both function and capability-specific docking stations as well as an optical-fiber link to a generic docking port, for bulk data transfers that would consume too much wireless bandwidth. It would be its own Web site and transaction processor, blurring the distinction between client and server. And most important, it would be "mesh aware" because it would be its own RFID tag and, from time to time, a global positioning system locator. It could be a tag reader, toobut it doesn't have to be.
Two terabytes is a lot of storagebut is it enough? It's about equal to the total personal storage I have today, although mine, which is about half full, is spread over several highly nonportable NAS RAID 5 volume sets and a dozen desktop PCs, notebooks and tablets. I currently store transaction-level copies of all the external personal records that I have access toevery credit-card transaction I've ever made since 1991, for exampleexcluding 100GB of health data, but not much else. Judging from what I've stored so far, I can see how you could just about fit a lifetime of critical personal data into two terabytes. But there's a lot you couldn't fit: not every scanned document image (although my entire scanned document archive takes up just 15GB, so it might); not every digital image and home video clip (I've accumulated 200GB of images and video clips so far, and the volume is growing steadily as image quality improves); not every favorite DVD (my collection of digital movie files already adds up to half a terabyte); not every track of every CD I like (100GB of high-definition MP3 and WMA files so far). But many of my favorite 10 percent in most of these categories probably would fit.
If lots of peoplesay 100 millionhad such devices, much of the need for persistent transactional network data storage, such as bank account records and credit bureau databases, could go away. We could simply replace it with a directory-driven, peer-to-peer architecture where transactions occur between small virtual networks of services, including demand (what's wanted), supply (who's got it), verification (who can be trusted) and archiving (maintaining a backup copy of the transaction). In this model I can keep an authoritative record of all my transactions on my own ultraportable device, reconciled periodically with the pertinent counter-parties as needed. Add in ad hoc connections for peer-to-peer workgroups that don't need a serveror in which any member can be the server when one is neededand I can support collaborative work as well.
There probably will still be circumstances where economies of scale make conventional centralized capacity worthwhile, but these could become an exception rather than the rule.
If the new portable devices can hop from mesh node to mesh node, using whatever connection scheme makes the most sense at the moment, the majority of them will always be in touch with the meshand the mesh itself can use the spare capacity of all those connected devices as a dynamic computing grid. No more need for a lot of expensive, centralized computing resources either. And finally, because each "PC" is almost always close to a "fixed" mesh node, it knows where it is, without having to power up its GPS receiver and find its location directly from the satellites. Even if it can't find a fixed node on the mesh, it could probably find a nearby mobile node that can help out with location data. This would save a lot of battery capacity. And if for any reason a device drops off the mesh altogether, it could always get a quick fix from the GPS satellites in order to find its way back.
This is a very different infrastructure approach from anything we have in place todayyet lab-level efforts have been built and seem to work. It won't come into existence overnight, and it will have some engineering challenges that we don't have certain answers to yet. RFID may be the first step, but it won't be the last.
John Parkinson is chief technologist for the Americas at Cap Gemini Ernst & Young.