Rivetz Intl., a new subsidiary of Rivetz Corp., is introducing a blockchain-based security token. The idea is to combine trusted computing with blockchain technology to offer comprehensive privacy protection.
Mobile devices are, today, essential to decentralized data processing. But that processing is easily corrupted. By focusing on the device identity, continuously measuring the state of the device, and enabling a new token based business model, Rivetz proposes to construct a new decentralized approach to cybersecurity and transaction assurance.
Rivetz believes its ‘RvT token’ will:
- enable multi-factor authentication across devices
- achieve provable security at the transaction and authentication level
- deliver peer-to-peer transactions with provable cyber controls.
These all become a permanent part of the blockchain record, providing cryptographic proof that measured protections are in place before a transaction can execute.
Steven Sprague, Founder of Rivetz said: “Since my introduction to blockchain in 2013, it’s been clear that blockchain technology and trusted computing have the potential to provide the global infrastructure to enable billions of trusted computing devices already in circulation with built-in decentralized cyber security. We’ve invested and built the foundations to realize that vision. Rivetz believes that the launch of the RvT token and RvT powered services will provide a decentralized operational and economic model to boost the adoption of built-in security controls.”
According to Rivetz, the rising cost of cybersecurity reflects a failure to offer a solution that is:
- simple enough to merit adoption by industry and government
- secure enough to protect our most valuable secrets and data.
Increasing spending, without changing how to think about modern security, is insufficient. Existing tools – firewalls, virtual private networks and passwords – all tend to assume the edge of the network is at the network perimeter. This makes it too easy for non-authenticated users to probe and hack systems.
A different approach, the one Rivetz seeks, is to push the edge of security to the screen of the device. Rather than a password being the last line of defence, individual devices will broker access to valued online assets. A Global Attestation and Identity Network will record and verify the health and integrity of the device using RvT/blockchain technology.
Protecting data created and consumed by devices is an ever-growing challenge. Multiple estimates suggest the number of Internet of Things (IoT) devices will exceed 100 billion before long. Yet, IoT devices represent a foundational layer: they ‘create’ data.
In the past, the IoT industry has assumed one can trust the data from the device. In too many cases, this isn’t true. Rivetz’s objective, using Trusted Execution Environment (TEE) capabilities, is to establish much-needed trust. The TEE is, in effect, the dedicated, impenetrable hardware platform that exists on every device.
The Rivetz solution for a blockchain-based security token
The RvT token technology takes advantage of the established capabilities of the TEE to provide a vault on a device to enable secure machine execution of instructions. These will be subject to an owner-led policy. TEE capabilities have been available on both ARM and Intel architecture processors for many years.
Rivetz’s intention is to:
- improve the quality, value and trust of data processed, shared and stored on the internet
- establish an economic model within which devices can securely request and securely compensate providers or other devices for health and integrity services.
A Rivetz trusted app will check the status of a device before undertaking a task, such as connecting to the cloud:
- if the current condition of the TEE and the registered reference conditions match, the task can proceed
- if they don’t, the task will not proceed.
This new service will exploit past Rivetz work which focused on the platform and tools to simplify a developer’s access to the TEE.
Rivetz will build the Global Attestation and Identity Network on the concept of combining several technologies:
- the investment by industry of billions of dollars in trusted computing and global platform standards
- billions of devices delivered with these capabilities embedded
- blockchain technology to provide decentralized key management, immutable storage and micropayments on a decentralized basis.
The importance of the TEE
The TEE provides an isolated execution environment within the main processor to execute code that cannot be observed or altered by the operating system. This vault on the processor enables Rivetz to:
- store and process sensitive data
- assure that policy and controls are executed as expected.
In essence, the TEE is a measured environment that can be verified and proven to be operating in a reference condition.
To support this, Rivetz intends to introduce the ‘RvT’, a cybersecurity token which can:
- enable the registration of devices
- attest to those cybersecurity controls.
This RvT is integral to Rivetz’s ambition to deliver automated device-to-service or device-to-device compensation for the consumption of the cybersecurity service. It might expand to other permissioned services. The point is the RvT assists the owner of a device to prove verified cyber controls are in place when a transaction executes.
What does it mean?
Blockchain, IoT, cloud computing and many other markets need provable controls. Today’s devices contain advanced security hardware, often little used.
Rivetz’s self-proclaimed ‘mission is to put that deployed security to work to provide a simpler, safer experience for users’. A blockchain-based security token is a powerful idea which builds on the hardware at the lowest level and furthest out on the edge of the network. All this has attractions.
Whether Rivetz can deliver what it describes is unknowable at this stage. In ET’s estimation, however, this is a technology and approach that enterprise shops should monitor.