Steven Sprague, Cofounder and CEO of Rivetz shares his thoughts on the importance of protecting the supply chain of data, ensuring all transactions are purposeful, intended and compliant
The advent of digital is rapidly creeping into every aspect of our daily lives and social relationships. Digital has empowered millions of users to experience a new model for the exchange of information. The future is decentralised and the technologies of blockchain, mobile and Internet of Things (IoT) will touch very aspect of our digital life. Emerging markets such as the requirements for Smart Cities, Finance, Healthcare, etc. cannot be infected by “FAKE” data. Data quality needs to join the same priority as water quality and power reliability. The digital revolution has brought with it a future with trust and history. The reliability and quality of data will underpin the value of all the other systems.
One of the biggest issues with today’s digital services is that a device that creates data is generally unknown, because the devices lack strong machine identity or because the infrastructure enables weak identities. Billions has been invested in USER identity but not the health and integrity of the device that creates the data. It is not enough to just protect critical information in the operating system. The device needs to aggregate the evidence to ensure that the transaction reflects the user’s intentions.
The current models are all built on the foundations of network architecture where compliance and security are verified at the point of access. The challenge is to enable a shift from a centralised compliance model where a third party authorises transactions after they are submitted, to a decentralised model where the user, third party services and their device can determine compliance before a transaction is submitted.
The shift to a device-centric trustworthy computing model has been proven to work. The Point of Sale terminal model uses the terminal and smartcard together to form secure instructions for the global payments network. The deployment of chip cards and secure terminals in Europe over the last 15 years has driven fraud and the actions by bad actors to historical lows for physical presence transactions in bricks and mortar.
The e-commerce security model of only card numbers and security codes has seen continued growth in fraud rates around the world, demonstrating that big data and continuous monitoring is not a viable long-term model. The optimal approach is to pre-validate the cybersecurity controls and compliance before a transaction is committed. The validation can then be bound to the data providing the proof a known device in a known condition produced the data.
The core of the data quality problem is anchored in the fact that the mobile apps and browser services markets are built on a foundation of “any device” with username and password. The compromise of passwords, a well know industry problem, has resulted in increasing fraud. However, Trusted Execution technologies used in SIM chips, Smart Cards, PCs, smartphones, cable boxes, and other devices have proven to be resilient for managing subscribers and these technologies are standardised in billions of devices today.
The challenge of transactional security is not just assuring the proper identity of the originator of a transaction, but also that the instructions associated with that transaction are intended by the originator. Cyber security technology enables the assurance that a transaction created was the transaction intended and includes not just the signing of the message with an identity but also assurance that the sender verified and consented to the instructions being sent. A secure instruction requires that the sender and receiver are both confident that the identities and cybersecurity controls were used as intended, and that the message wasn’t changed after being sent.
The Rivetz Solution
The 4th Industrial Revolution requires that the user protections and transactional security exceed any solution available today. Presently, hooking a blockchain to an exchange or a lightbulb to a phone that authenticates via username and password will not meet the needs of billions of users. The challenges of identity, control, privacy, compliance and ease of use must all be addressed. The data must travel with a mark of quality to assure the data is real. The principles of decentralised operation must be preserved to protect the user’s privacy and control. Users must own their private keys to allow for choice.
Rivetz is built on the foundations of data and device security standards established over the last 20 years. Rivetz combines the technologies and standards of Trusted Execution, Global Platform, Trusted Computing, NIST Information Assurance, Payment Security Directive 2, GDPR and many others.
Rivetz has architected and constructed The Rivetz Network, a collection of cyber security services and policies that are available to applications. Using Trusted Execution technology, Rivetz protects critical security information and enables users, regulatory parties, or owners of specific digital assets to dictate the required policies which must be evaluated for compliance before transactions are submitted. In addition to Rivetz developed services and policies, we enable third party providers to also offer cyber services through our provisioning and settlement capabilities of our network.
Rivetz has built a key partnership with Telefonica ElevenPaths to research and develop next generation protections for the owner’s keys and instructions. The goal has been to leverage the existing hardware that is already present in modern mobile devices. Rivetz uses both the TEE and SIM to protect our private keys – introducing the Dual Roots of Trust. This enables remote over the air control of digital assets independent of physical possession of the device.
As our mobile devices have become more important to our everyday lives and contain so much of our personal and private data, we need better ways to protect ourselves. The keys to the solutions needed lie in the roots of trust that already exist on billions of mobile platforms and the emerging partners and policy services that are part of The Rivetz Network, ensuring a safer, more secure and simpler experience.
Please note: This is a commercial profile