DIMO Hardware Ecosystem Overview

Introduction

The DIMO Hardware Ecosystem is a series of tools, guides and hardware community dedicated to bringing on more DIMO Platform compatible hardware to the DIMO community. Whether you are manufacturing devices from scratch, or are looking to integrate existing hardware to the DIMO platform, we have developed a pipeline with clear steps in how to do this, along with the guides, tools, and resources to help you get launched. The main steps required to onboard new hardware are as follows:

• KYC/B of Manufacture – an intake questionnaire about you, your business and the device you intend to bring onto the DIMO platform

• DINC provides Manufacturer with audit requirements doc + checklist.

• Signing the DIMO Memorandum of Understanding

• Manufacturer (Root) certificate granted by the DIMO Foundation after a 100,000 $DIMO stake

• Radio certifications - please work on this now so you are read.

• Manufacturer to acquire tokens and secure the appropriate industry certifications.

• Hardware audit (including a security audit) by the DIMO foundation (once device manufactured)

• Customer Experience Assessment –The Hardware Integration Team will require a short video showing the customer experience. From unboxing the device packaging to onboarding using the DIMO app. This video can be a simple cell phone video and will be viewed by the Hardware Integration Team only - no special productions are needed.

• Hardware Integration Team integration assistance.

• Hardware Integration Team Approval -–You must have everything completed including all radio certifications before The Hardware Integration Team votes.

• DIMO Hardware Device Certification (NFT granted) on the DIMO network.

• Minting devices with DIMO Device Minting Certificates

The DIMO community has many resources to assist with onboarding both you and your device, including:

• The DIMO foundation offers engineering assistance to manufacturers designing new devices. The DIMO Foundation assists the Manufacturer with the necessary cloud and smart contract integrations for pairing devices.

• An Open Hardware Specification that outlines all of the hardware requirements for devices on the DIMO Platform.

• Open source schematics and firmware of complete devices and elements that ensure our engineering standards are available to manufacturers.

DIMO Hardware Integrator Provider Application

This application is part of the DIMO foundation’s due diligence on new manufacturers looking to get their devices on the DIMO platform. There are a number of questions that we would like answered right off of the bat to assess your team, device, business etc. These questions include:

• Basic information about your company

• Experience of your team

• Past sales of current or previous products (if applicable)

• Information about the device you intend to use

• Manufacturer details

• Basic information about the hardware device

• Regions you intend your device to operate in

• MSRP of device

• Questions about your distribution network

• Quantities you would like to manufacture

Based on the intake form, the DIMO Foundation assess the information and reach out. The intake form can be found here https://gkmkni9caof.typeform.com/to/crrYIeNd

Audit Requirements Document and Checklist

When conducting an audit of a manufacturer and hardware device to be integrated into their platform, the DIMO Foundation focuses on several key areas. Firstly we evaluate the device's technical specifications and physical characteristics to ensure that it meets the required standards and is suitable for integration into their platform. The DIMO foundation refers to the Open Hardware Specification [LINK HERE] to ensure that the devices hardware characteristics meet the requirements of the specifications.

In addition to technical specifications, the DIMO Foundation would also focus on the security features of the device, including encryption protocols, authentication mechanisms, and access controls. They would ensure that the device has adequate protection against unauthorized access and can prevent data breaches. The device's compatibility with their existing infrastructure would also be evaluated, including its support for various network protocols and communication standards.

The DIMO Foundation would also evaluate the device's scalability and ease of device management and integration to ensure that it can be easily deployed and maintained within the DIMO network. The DIMO foundation assesses the device’s remote management, software/firmware updates (OTA), and other tools and APIs that could simplify device management and reduce the risk of downtime and increase reliability.

Finally, the DIMO Foundation will assess the reputation and track record of the manufacturer, as well as any industry certifications or compliance requirements that the device must meet. They would ensure that the device is a trustworthy and reliable addition to their platform with a separate security audit, and that it meets any necessary standards for data privacy, security, and other regulatory requirements. By focusing on these areas, the DIMO Foundation and the DIMO Network can ensure that the devices they integrate into their platform meet the highest standards of quality and security.

Memorandum of Understanding (MOU)

An MOU, or Memorandum of Understanding, is a non-binding agreement between two parties that outlines their intent to work together and their expectations for the collaboration. In the context of the DIMO Foundation and a hardware manufacturer, the MOU specifies the next steps required for the manufacturer to integrate and onboard their hardware onto the DIMO platform, and what is provided by the DIMO foundation and community in return. This document is to ensure that we are all on same page, and that we have visibility on what the next steps will be.

By signing the MOU, the manufacturer agrees to complete all steps for the device they intend to bring onto the DIMO platform. They would also be provided with an audit requirements document and checklist by the DIMO foundation, and would need to undergo a hardware audit, including a security audit, once the device is manufacture if it is not already manufactured.

To ensure the security of the platform, the DIMO foundation would require the manufacturer to obtain a Manufacturer Root certificate, granted by the foundation after a $100,000 DIMO stake, and radio certifications for the device. The manufacturer to acquire tokens and secure appropriate industry certifications. These tokens and certs are paid for by the Manufacturer, and the MOU reflects this.

The Hardware Integration Team would provide integration assistance, and this is outlined in the MOU as well. Once the device is approved, it would receive certification as an NFT on the DIMO network, and the manufacturer would be able to mint the devices. By following these steps outlined in the MOU, the manufacturer can ensure that their hardware is integrated and on boarded onto the DIMO platform in a secure and reliable manner.

Hardware and Security Audit

A hardware security audit is a comprehensive assessment of a device's security features and vulnerabilities. During the audit, a the DIMO Foundation will look for and test various aspects of the hardware to ensure that it is secure and reliable. Here are some steps that a network will look for and test during a hardware security audit:

• Hardware and Firmware Analysis: The audit will start with an analysis of the hardware and firmware to identify any vulnerabilities and weaknesses. This includes analyzing the hardware design, the firmware architecture, and the software running on the device.

• Penetration Testing: The network will perform a penetration test to simulate attacks on the device and identify any vulnerabilities that could be exploited by attackers. This involves testing various attack vectors, such as network-based attacks, physical attacks, and social engineering attacks.

• Encryption and Authentication: The network will assess the encryption and authentication mechanisms used by the device to ensure that they are strong and secure. This includes testing the strength of the encryption algorithms used, the authentication protocols, and the key management system.

• Access Controls: The network will evaluate the access controls used by the device to prevent unauthorized access. This includes testing the login mechanisms, password policies, and user roles and permissions.

• Physical Security: The network will also evaluate the physical security of the device, including the design of the hardware, the materials used, and the tamper resistance of the device.

• Compliance and Regulations: The network will verify that the device meets any relevant regulatory requirements and industry standards, such as FCC regulations or the Payment Card Industry Data Security Standard (PCI DSS).

• Malicious Code: Because of the nature of DIMO compatible hardware producing tokens for the end users, extra steps are taken to ensure that there is no code designed to game, steal, or spy on customers for tokens and their safety.

In summary, a hardware security audit is a crucial step in ensuring that a device is secure and reliable. By following these steps and conducting a comprehensive assessment of the hardware, a network can identify any vulnerabilities and weaknesses that could be exploited by attackers, and take steps to mitigate these risks. Ultimately, a hardware security audit helps to ensure the safety and security of the DIMO network and the users who rely on it.

Currently, the security audit is conducted by a third party. Their information can be found below: https://blockharbor.io/

Manufacturer (Root) Certificate

Manufacturing root certificates granted to a manufacturer are a crucial step in ensuring that their device is secure and can be integrated into the DIMO platform. The manufacturer must stake 100,000 $DIMO, agree to various obligations and receive a license by the above described audits, and deposit $DIMO for each device they sell. Information about staking $DIMO can be found here: [LINK TO guide to staking $DIMO for a Manufacturer Certificate]

The obligations that the manufacturer must agree to include maintaining strict quality and security standards, providing support for their services, always acting in good faith, and not engaging in unlawful activities.

Because of the nature of DIMO compatible devices operating in customer vehicles, these audits ensure that there is no interference with the user's safe operation of their vehicle, damage the vehicle it is installed in, or deliberately or negligently generate false data. Connection methods must comply with all local regulations, receive adequate support from the provider for a reasonable duration of time, perform as expected, and only share data with recipients that the user has opted into sharing with per the parameters of the DIMO protocol. We ensure the above with the various hardware and security audits, and this Manufacturer certification is the DIMO stamp of approval.

By receiving a manufacturing root certificate, the manufacturer gains access to the DIMO platform and can sell their devices to users. The certificate ensures that the device meets the necessary security and quality standards, and can be trusted to work reliably with the DIMO platform. The manufacturer must also agree to ongoing support and maintenance obligations, including complying with local regulations, providing support for a reasonable duration of time, and only sharing data with authorized recipients. Ultimately, the manufacturing root certificate is a crucial step in ensuring the security and reliability of the DIMO platform, and helps to protect users from potential security risks and vulnerabilities.

More information on the DIMO Manufacturing License can be found here: https://docs.dimo.zone/docs/identity-protocol/nodes-and-nfts/manufacturer

Radio and Industrial Certifications

Industrial and radio certifications are important for devices sold on the market because they ensure that the device meets the necessary safety, security, and performance standards for their specific industry or application. These certifications are issued by independent testing organizations and government agencies and include requirements for aspects such as electrical safety, electromagnetic compatibility, wireless communication, and environmental regulations. Having the appropriate certifications for a device provides reassurance to customers and helps to build trust in the product, as it shows that it has undergone rigorous testing and meets the necessary standards.

However, obtaining these certifications can be a costly process for manufacturers, as it requires testing, certification, and ongoing compliance with the necessary standards. The costs associated with certification can vary widely depending on the type of device and the applicable standards. Despite the cost, proper certifications are essential for all devices on the DIMO network, as they ensure that devices meet the necessary safety and security standards and comply with industry regulations.

By requiring proper certifications for all devices on the network, the DIMO Foundation can ensure that devices meet the necessary automotive, safety and security standards and are compatible with the network infrastructure. This helps to protect users from potential risks and vulnerabilities and maintain the integrity of the network. Ultimately, the costs associated with obtaining these certifications are a worthwhile investment in ensuring the safety and reliability of devices sold on the market and used on the DIMO network.

The types of certifications required for DIMO compatible devices can be viewed in DIMO’s Open Hardware Specification

Testing and Quality Control Approval

Devices manufactured on the DIMO network are subject to strict quality control and testing to ensure that they meet the high standards set by the DIMO Foundation. This testing includes both In-Circuit Testing (ICT) and finished goods testing and inspection. These tests are essential in ensuring that the devices meet the quality and security standards set forth by the DIMO Foundation.

In-Circuit Testing (ICT) is a type of testing that is performed on printed circuit boards (PCBs) during the manufacturing process. The purpose of ICT is to check for any defects or faults in the components and connections of the PCB. ICT involves the use of specialized equipment to perform tests on the PCB and its components, including resistors, capacitors, and diodes. These tests help to identify any defects in the circuit board that could impact the overall performance and security of the device.

The test plans for ICT tests, finished goods inspections, and quality control criteria must be clearly outlined in the manufacturing process. This ensures that the testing and inspection process is consistent across all manufacturers and devices produced on the DIMO network. It also helps to ensure that any issues or defects are identified and corrected before the devices are shipped to customers.

The results from each of these tests must be included in the DIMO Individual Device Certificate that is granted when each device is minted on chain. This certificate serves as a record of the device's manufacturing and testing history, providing customers with assurance that the device has undergone the necessary quality control and testing. The DIMO Individual Device Certificate is a critical component of the DIMO ecosystem, as it provides customers with confidence that the devices they are using meet the high standards set by the DIMO Foundation.

Customer Experience Audit

A customer experience audit is a comprehensive assessment of the usability and functionality of a hardware device from the perspective of the end-user. As part of this audit, customers may be asked to submit a video of the final product, including the packaging, and walk through the process of setting up the device. This is important because it allows the DIMO Foundation to gain valuable insight into the customer's experience with the product, including any issues or challenges they may face during setup or use.

By analyzing the video submission, the DIMO Foundation can identify any usability issues with the device, such as confusing instructions or a difficult setup process, and take steps to improve the user experience. They can also assess the quality of the packaging and other product components, to ensure that the device is delivered to customers in a professional and reliable manner.

In addition to the video submission, the customer experience audit may include other factors such as product reviews, customer support interactions, and feedback from the community. By collecting and analyzing this data, the DIMO Foundation can gain a comprehensive understanding of the customer experience and take steps to improve the quality and reliability of the products on the platform.

Overall, a customer experience audit is an important step for the DIMO Foundation to ensure that the products on their platform meet the necessary quality and usability standards. By collecting feedback from customers and taking steps to improve the user experience, they can build trust and confidence in the products on the platform, and provide a reliable and high-quality service to their users.

Hardware Device License

The DIMO Hardware Device License is a crucial certification granted to manufacturers who have undergone a rigorous review process by the DIMO Foundation Hardware Integration Team. This review process includes the examination of audits, certificates, customer experience videos, and the assessment of the device. The team then votes on whether to grant the license or not. Once granted, the license permits the manufacturer to produce an unlimited number of devices and 'mint' them on-chain, allowing the creation of unique and identifiable units. It is important to note that this license only applies to the specific device revision that was reviewed and approved. If there are any changes made to the device, a new review process and license application are necessary.

The DIMO Hardware Device License is also transferable to other manufacturers who hold a Manufacturer license on the DIMO network. This allows for a seamless and secure transition of device production between manufacturers. This license ensures that only trusted manufacturers have access to the creation and production of DIMO devices, guaranteeing the quality and security of the devices being produced. Overall, the DIMO Hardware Device License is an essential certification for any manufacturer seeking to produce DIMO devices and is an assurance to customers that the devices they are purchasing meet the high standards set forth by the DIMO Foundation.

Minting New Devices (DIMO Mint License)

Minting new devices on the DIMO network is a straightforward process that involves multiple stages of verification and testing to ensure the quality and security of each device. Once a Hardware Device License is granted to a manufacturer, they are onboarded with a Minting License. This license allows the manufacturer to create new devices on the DIMO network and is used as a means of tracking the device on-chain.

The first step in the minting process is the creation of a unique identity for each device. This identity is created during the manufacturing process and includes a serial number, IMEI, and 0x address. This information is then attached to the Minting License, which is stored as an NFT on the blockchain. The Minting License serves as a record of the device's identity and is used to track the device throughout its lifecycle.

As the device goes through the manufacturing process, it undergoes a series of tests, including In-Circuit Testing (ICT) and Quality Assurance (QA) testing. The results of these tests are then included in the Minting License, along with the initial firmware version installed on the device. This information provides users with confidence that the device has undergone the necessary quality control and testing.

After the device has been fully tested and verified, it is ready to be provisioned for use. This process is done securely and ensures that only authorized users have access to the device.

Throughout the device's lifecycle, the Minting License is used to track its status and identity. This includes factory resets, OTA updates, and end-of-life processes. The Minting License ensures that the device remains secure and traceable throughout its lifecycle, providing users with the confidence and assurance they need to trust the devices they are using on the DIMO network. Overall, the process of minting new devices on the DIMO network is designed to be secure, reliable, and efficient, providing customers with the highest quality and most secure devices possible.

More information on DIMO Minting Licenses can be found in the docs: \

https://docs.dimo.zone/docs/identity-protocol/nodes-and-nfts/deviceid

https://docs.dimo.zone/docs/identity-protocol/architecture

Open Source and DIMO Community Resources

One of the unique aspects of the DIMO network is that all of its flagship devices are open-sourced, along with other functional code and schematics that would prove to be useful for manufacturers. This means that the electrical schematics, mechanical designs, and firmware for these devices are made publicly available through the DIMO open-source repository. This open design data is available to all manufacturers, encouraging as many manufacturers as possible to build DIMO-compatible hardware.

Using the open-source design data provided by the DIMO network can significantly shorten the development time and reduce engineering costs for manufacturers. Instead of starting from scratch, manufacturers can use the open-source designs as a starting point and build upon them to create their own customized devices. This not only reduces development costs but also helps to ensure consistency and compatibility across all devices produced on the DIMO network.

To further support manufacturers in the design, certification, and integration of devices, the DIMO Foundation is available to provide assistance and guidance. The Foundation has a team of experts who can help manufacturers navigate the complexities of the DIMO network, ensuring that their devices meet the high standards set forth by the Foundation.

Manufacturers are also encouraged to engage with the growing DIMO community. This community includes other manufacturers, developers, and enthusiasts who are working to advance the DIMO vision. By engaging with the community, manufacturers can collaborate with others, share knowledge and best practices, and contribute to the growth of the DIMO ecosystem.

If deemed useful to advance the DIMO vision, bounties are created for the network to solve engineering challenges. These bounties are paid out in the form of $DIMO tokens and are designed to encourage the community to work together to solve complex engineering problems. By incentivizing collaboration and innovation, the DIMO Foundation is able to foster the growth and development of the network, ensuring that it remains at the forefront of innovation in the IoT space.

Overall, the open-sourcing of DIMO flagship devices is a key component of the network's success. By making the design data publicly available and encouraging collaboration and innovation, the DIMO Foundation is able to create a vibrant and dynamic community of manufacturers and developers who are working together to advance the DIMO vision.