Saturday, January 14, 2017

Blockchain Transactions with Real-Time Cyber Controls



A blog post by Steven Sprague CEO Rivetz Corp.

The transition to multifactor authentication is providing a solid platform for a new model of e-commerce -- a model that is based on more than just the proof the user knows a secret but based on the assurance of a known device in a known condition with a known user.  Rivetz has developed a new model for advanced assurance built on the benefits of embedded security and the new API fabric supported by all cyber security controls. Hundreds of millions of modern computing devices support embedded trusted execution (TEE). Rivetz has developed the framework to integrate strong authentication, instructions and strong attestation for both internal and external device attributes. The active/real-time monitoring of cyber security controls provides the real-time decision data that should be part of any Financial transaction. Rivetz delivers the service that can assure the state of the device is in a known and provable condition. Rivetz EasyAuth service integrates with many existing standard authentication services and provides enhanced cyber controls fully integrated into the transaction.
Securing the Bitcoin wallet is not enough. Web wallets and multisig offer real value to protect accounts. However, recently two-factor authentication has failed since the phone number can be stolen. The criminals are finding the cracks in the systems.  Simple two-factor authentication is no longer enough. While the user is identified, the device is not.  It is critical that the device be in a known good condition and that the cyber controls be in place when access is granted to sensitive data and services.
Rivetz is introducing new models of Cyber security to enhance the quality and security of a transaction. These technologies are all part of a continuum built from a strong foundation of trusted execution and the core cyber security principals developed over the last 15 years by the Trusted Computing Group and Global Platform standards and specifications. This is not a one size fits all solution but a strong roadmap to next generation transaction security for digital assets and instructions.

Rivetz solution Level 1

This solution provides a simple two-factor authentication anchored in the trusted computing foundations. It can be demonstrated today and can easily be integrated with any hosted Bitcoin wallet. Based on interoperability with the Google products, it provides a simple step forward and uses the tamper-proof storage and processing of the Trusted Execution Environment. This service can be a user option if the wallet will support the standard protocols and offers state of the art protection embedded within the phone. It also eliminates the risks associated with SMS-based two-factor, software-only solutions and is simpler then carrying an external PKI token.

Rivetz Solution Level 2

Level 2 is slightly more complex and requires integration but is a huge step forward in the assurance model. Trusted User Interface is part of the Global Platform TEE specification. It uses Secure Display to assure that the confirmation message on the screen cannot be altered or read by the operating system and assures that the message seen by the user is for the transaction that is actually processed. Rivetz has developed an API that enables an assured channel to the Trusted User interface for the cloud wallet to confirm the transaction details with the user as part of an embedded 2nd-factor confirmation. The message is created within the trust boundary of the hosted service and is delivered as an encrypted and signed message to the user’s registered device. This simple service can be added to any blockchain service to assure that all transactions sent were intended by the user.   Any kind of message can be confirmed.

Rivetz Solution Level 3

Modern devices have been built with an enhanced isolated compute capability, the Trusted Execution Environment (TEE). This measured execution environment provides a strong foundation for a whole new model of secure authentication and transactions for the modern computing architecture. Known devices in a known condition with a known user as defined by their owner can easily be verified by any relying service. The controls are put in place by the owner of the system and in partnership with the verifying service assuring the desired controls are verified prior to a transaction being completed. These active cyber controls integrate a new model of e-commerce where required attributes of a device can be established and verified for the responsible party. 
This is the model that was sought by NY BitLicense: provable cyber security controls for peer-to-peer or distributed transactions.  The transaction model is based on a preregistered contract that is required between the blockchain and the owner of the device. This dynamic contract assures that only agreed to devices in an agreed to condition will be granted access and that forensic controls are available to assert the conditions were met each time access was granted.  Leveraging the TEE, Rivetz transfers the responsibility of compliance enforcement to the client device and the blockchain process. A device is provided a business process or script that must be satisfied to enable access. The Rivetz Attribute Registrar provides the execution of the client-required script and preparation of the hashes for the end device.  Once all of the conditions are met, a collection of digital signatures are created that assure the business process steps have been satisfied. These hash values are aggregated into a single platform health statement that is then provided by the TEE environment to the service through a cryptographically provable authentication. The tokenization of the process assures that full privacy controls are in place. The blockchain is only verifying that a real-time health hash is equal to the reference value previously stored on the blockchain.
Many types of attributes are possible for real-time validation and assurance.
·       Geolocation
·       Verified Enterprise controls
·       KYC Know Your Customer
·       Derived identity with Enterprise IDAM
·       Proof of endpoint Data Encryption
·       Proof of Data Loss Prevention (DLP)
·       Any third party verifiable consistent control

Proof of Compliance
The realm of cyber regulations and controls continues to grow in an effort to slow down the loss of data. The older compliance models of monitoring and enterprise management are failing badly to address these losses. Every year industry spends more on cyber security and every year losses climb. The Rivetz EasyAuth service provides real-time compliance with cyber controls assuring the user’s collection of devices meet the minimum requirements for access to data. By recording provable device state, we assure that required controls were in place at the time the data was accessed and delivered. The logging of device access will also provide a better picture of all the devices that have had access to sensitive information. This achieves the goal of known data on a known device in a known condition with a known user.

The API Network
The Rivetz model is built for the new API economy. Cloud management and enterprise services all provide API-based models for secure sharing of data and control. This API layer of the network assures the most of the components to monitor, manage, and visualize the network have been built. The Rivetz service provides a model for registration of device-identity attributes across these API models. The result is that data on the real-time compliance for a specific device can be easily accessed by a single trusted entity, the device-isolated Trusted Execution Environment (TEE). This information can then be tokenized, verified and bound to a transaction on the network.  If a device is not in the correct condition the user will be forced to address the problem and bring the device back to compliance. In most cases, assuring compliance can be an automated process that assures a device is in the proper configuration and has the correct updates.
The modern network of devices is almost infinitely complex. A new, decentralized model of cyber security controls is needed. The Trusted Execution Environment provides the assurance that the device can verify its own controls and then attest that those controls are in place.  The device is by default already registered with all of the systems that manage it. The TEE prevents the lying endpoint. The administrator can now define the conditions for a specific device that must be met and that policy is verified to be in place every time a device connects to sensitive networks or data. Securely logging this data will provide a solid foundation for provable compliance, cyber insurance and peace of mind.

Integration with Blockchain and Smart Contracts
Blockchain is a new technical capability on the Internet, that provides the ability to maintain a proof of a timestamped event. The Rivetz EasyAuth service provides strong integration points for Blockchain and smart contracts. These technologies enable distributed and trusted testing of whether the reference health of a device equals the current real-time measurement. The natural cryptographic operations are simple to integrate and support in a transaction or in a smart contract. The persistent log of the test becomes forensic proof of the state of the device when a transaction is completed.  The mixing of these two technologies will provide the foundation for modern provable financial and IoT transactions. is a Rivetz demonstration of a fully integrated transaction of Bitcoin with an integrated health claim on a custom, Elements-based Bitcoin sidechain. Every Bitcoin and blockchain project would benefit from enhanced assurance provided by embedding cyber security controls with privacy into the fabric of the transaction. The “New Opcodes” Element from Blockstream’s Elements Project made this demonstration possible.

The time has come to make the network safe again assuring that known devices in a known condition with a known user are performing forensically provable transactions and instructions.  Billions of dollars and countless careers have been invested globally to enable these capabilities, but the time has come to put them into effect. Multi factor-authentication is no longer enough -- the time has come to enhance authentication with the cyber security controls that every organization has invested in. From simple cloud services for the individual to full enterprise compliance, the integration of cyber security controls will improve the value of the customer relationship and simplify the user’s experience.


For more Information

Steven Sprague
Rivetz Corp.

Tuesday, March 1, 2016

The right to build real security. thoughts on Apple and FBI

Lessons in REAL Encryption

Apple’s Tim Cook versus the FBI is surely the top trending story line in the cyber-security market. The first lesson is the near brilliant PR spin being put forth by Apple. The international press coverage is making it seem that Apple is fighting the good fight and that the iPhone is so safe and secure even the FBI can’t break it (and needs Apple’s help now!). This scenario exposes a major problem with cyber-security and that the supply chain never really tells the whole story.

Apple is not built on an open source model and we are led to believe by them that it is secure. Apple has repeatedly told this story to governments and users alike around the world and it has resulted in huge sales of their market leading product. It is certainly not in their best interest to show the world, even if in the name of of fighting terrorism, that they can provide the “hack” to crack it wide open in just a matter of days. If they can break it then what says the hackers wont stop until they find the same path?  Then what happens?

The Past Provides Guidance

Back in the day I was involved in the development of software to manage self-encrypting hard drives. This was an at the time market-leading technology where the encryption of the data was done by the drive controller. This software helped initialize and setup the user’s password. The most important question we always asked the engineers was “can you break into the system you have just built?”.  

Data at rest is when the system is discovered turned off and is locked (like an iPhone recovered from a crime scene). There are always two discussions when it comes to breaking in to access that data. First is “can you break the system when in use if you infiltrate the setup or during unlock (for example the password was captured/seen when it was being entered”.  The second is “can you recover the system after it is locked?”. 

Two Scenarios  to Consider

Should Apple help to defend the nation if they can? In an ideal world Apple would be happy to have their engineers “help” the FBI all without forcing their hand via the courts. Instead Apple has bent to the marketing challenges that result if their engineers can indeed unlock the phone.  If their engineers unlock the phone we fast gain a better understanding of how real the claims are from Apple that “the iPhone is SAFE”. While Apple fighting this makes for great headlines and online debate  it may come down to them being forced by the courts. If this phone gets unlocked it proves that there is indeed a weakness in the Apple design that needs to be fixed immediately. This is not much different than the Snapchat claims that the messages go away but really did not which resulted in action from the FTC.

Should Apple build solutions even their engineers can’t break?  The answer to this is YES. It is the responsibility of market leading product companies to build great products with valid claims. The technologies exist for Apple to build truly secure phones (and not just marketing spin.).

Data at rest is a simple challenge in a mobile device.  Locking of a phone should be so strong that even the Apple engineers can not break it. In the end this comes down to a political issue. Should citizens have the right to bear military grade technology to protect their rights to privacy and even right to peaceful assembly?  There should not be a back door for the government or even for Apple. The back door is installed by the owner of the device to either manage or maintain their access. Corporate Mobile Device Management is a sanctioned back door. Raise the quality of protection and clearly articulate the risks for the buyer of the device.


Security needs to be REAL!

The future designs of these systems needs to reach the point where even the engineers “can’t break” the solution. The SED drives are a good example. The engineers who built trusted drive management software built a solution where if an individual user configured their drive there was absolutely no way to recover if the password was unknown. This is a solution that is present on millions of PCs today. It may be possible to re-flash drive software and disable the locking mechanisms but the encryption keys would be destroyed. Any recovery without hardware modification would be next to impossible. The claim has always been that SED drives cannot be broken by software/malware and that the hardware is tamper resistant. Physically attacking a single chip to break the keys may be possible but would destroy the drive in the process and take a near prohibitive amount of time and resources.  This is what a customer needs to understand when they protect their data with an SED drive.

It is still early in this debate

The changes in devices and how we communicate around the world are changing the network. The result is that the ability to LISTEN is going away…perhaps within a decade if not sooner. This shift is driven by the move to mobile and IoT where the devices connect to services based on identity and the network simply provides transport.  This switch away from the network being smart to the network being just transport will not be comfortable. We will have to find new ways for electronic surveillance and control. It is in our best interest as citizens to constrain government and industries right to listen and watch all the time but we will ultimately need a balance to provide the security and protection we hope for.

Wednesday, December 2, 2015

The best security is security that is embedded from day one

“Consumers don’t care about safety and security.”

Even in today’s worried world where malware or worse is just one click away that sentiment echoed above is all too prevalent. The problem is that it is just not true…at least outside the realm of technology.

Take for instance a car with a five-star safety rating. It clearly has an advantage over a car with a one-star safety rating. Ask any consumer assuming all other items are equal and without fail they choose the five-star rating. The same holds true for many products and services when safety and security are part of the “standard build” of the offering. The pleasure of driving a classic car on the road easily outweighs the risks of driving a 1964 model year car with no safety systems other than the archaic seatbelts that would likely break in any accident. Never mind it is a convertible with no roll bar.  But as a consumer it is not that we do not care about automotive safety but that we simply have no choice with a vehicle like this. The safety systems were not built in and it is not like they can be added.

The user is not only vulnerable but gullible

When it comes to downloading some exciting new app users so often opt to install it with absolutely no regard to security and privacy.  Look at all the Facebook-centric apps that offer to scan your wall and contacts to create some crazy graphic or statistic.  Friends left and right will not only like and share it but opt in for the cool app as well all while ignoring the adherent risks and likely privacy breach.

Computing in its many forms has evolved from something used now and then to a “can’t live without” service. For many years we have had the luxury of ignoring safety and security systems because the loss was just an annoyance but today it stops productivity, communication, and commerce. The risks have grown incrementally since the advent of the PC in the 80’s but have skyrocketed in complexity and severity since the launch of mobile. The market is long past due for security to be built in. The ongoing relationship between the user and their services/devices sets up a dynamic for security to increase the value of that relationship as well. The simpler yet stronger the security becomes the more valuable the services can be that the user takes for granted.

Security is no longer someone else’s problem.  

The best place to protect information is as close to point -of-use as possible. The first line of defense today is the application itself. Apps need to take advantage of the most advanced cyber-security controls available. The protection of keys and encryption are a great first step but what really matters most is the secure creation and consumption of data. Data that is protected end to end and provides the assurance that its integrity and confidentiality are fully intact is critical to the future of computing. The solution exists today with TEE (trusted execution environment) which provides apps with a safe and secure space to process, present, and transmit sensitive data.

Isolated higher assurance computing capability has been around for many years on servers with highly managed operating environments.  Only highly trained operators and isolated known computing  in the form of HSMs (Hardware Security Modules) are allowed to process the most sensitive data assuring that even an admin can’t perform an insider attack.  This HSM model is about to come to the client side with Rivetz providing a new model of computing.  The Rivetz solution provides the app vendor an environment where they can trust that keys and sensitive operations are executed in a measurable space.  The inherent value of integrating trusted computing directly into the application allows the value of the services to increase exponentially. The result will be simplicity for the user and the overall value for the network of users will rise. The return on investment grows as the installed based grows. 

A strategy to implement security is the new norm

Every application vendor today must have a strategy for building and integrating stronger security into their apps while taking advantage of the unique feature sets that different devices have to offer. Technologies that enhance the user experience with seamless security at the forefront will dramatically increase and protect the value of an installed base of subscribers. Built in security is no longer an option but a must-have competitive advantage.

Platform hardware security is available in multiple forms today and yet none has evolved into a new global standard. The result is that app vendors will have to make provisions to support more than one solution on top of the legacy software-only platforms. It is no longer enough to trust the OS vendors to maintain the integrity of the mobile environment. The OS has no liability to their investors or their users if (and sadly more often when) said users data is compromised. Going forward every app must have a strategy to integrate hardware security support lest they be the app that caused the next big data breach.



Saturday, October 3, 2015

NFC helping to build over the top identity, payment and loyalty

In a traditional payment model the user taps a card on a Point of Sale (POS) terminal.  The full payment is then executed by the terminal and delivered back to the register as a completed transaction.  A market led disruption of this seemingly archaic (and certainly not secure by todays standards) model is fast bubbling up and NFC (Near Field Communication) is sure to play a significant role.

The days of the simple token in the hands of the user (the credit or ID card) is going to be replaced by the smartphone acting as the POS terminal under the control of the user. The monopoly that has long resisted and even prevented change in the payment network has been centered on control of the POS terminal. NFC, connectivity and security residing in the phones will fast change that. As NFC continues to gain a stronger foothold it will provide a simple yet modern way to deliver unique and secured transactions from one device to another while ensuring secured messaging between the devices.

In a modern payment environment the POS device is no longer the only component that is connected to the network. This over the top connectivity brings the potential for huge disruption to the monopoly on terminal networks. The meteoric rise in Bitcoin is a great example of how simple integration of technology into the cash register enables the register to securely initiate and safely complete transactions.  A simple message like “Please send this much money to this address” creates a transaction ID that can then be delivered to a secure smartphone over NFC.  The smartphone presents the transaction for user confirmation rather than relying on the point of sale terminal. The register can then receive a secure message from the public Internet that the transaction is complete and the funds have indeed been transferred, the payment network is no longer needed.

The shift from a network of potentially “hackable” terminals bogged down with PCI compliance to an identity based model with secure signed messages is not only enormously more efficient but far safer. It will open new models and new relationships with the customer.  Moving the transaction system to the consumer has the potential to deliver both privacy and control of “big data” into the hands of the customer.

Once the customer’s device has a direct relationship with the retailer’s systems so much more becomes possible. From basic supply chain integrity as tracking of products from production to consumption becomes practical. With every transaction the user can easily build an inventory of every item ever purchased and know where it was purchased. This can become the consumer’s data and not just the retailers. It is great that Target, for instance, knows how many pens and pencils you have purchased over the years but yet the user (the consumer) does not. Smartphones make possible the real-time collection of their purchase data and systems can then push it to household management programs and more.

A personal register of what we buy is a very powerful set of data and it will need world class protection. Because the user’s device is involved it would be trivial to provide methods for encryption of these data elements so only an authorized device can retrieve and use the data. The users can easily share the keys within a household so that brand preferences and shopping lists and reminders can easily be shared. In addition, when an Item is purchased it can be enrolled within the household’s network of other things. With more devices becoming network aware the process of enrollment can then start at the point of purchase.

NFC is going to play a huge role in this going forward.  These new over the top payment networks will enable a new surge in creativity in how we purchase and interact with retailers. It is time to move away from the idea of payment networks of old and move to a model of transactions, currencies, secure data, and messaging.  Tapping will be how we connect.

Wednesday, September 9, 2015

Mobile Security is a feature every user wants

Today millions of new smart devices include the most advanced state-of-the-art security standards. Every app and service provider should fully exploit the embedded protections delivered by the latest generation hardware.  In today’s mobile market safety, whether that means protection of your identity, your data, your messaging, or your transactions, is on the list of top features that influence the consumer on their mobile phone choices.

There is a strong transition from security being an afterthought to security being built-in.  Built in security delivers safer phones, a core desire for the consumer. Safety as a feature will influence buyers in their decisions and entice users to upgrade earlier. Built-in security technology provides consumers with a higher quality experience and better value in the services offered.   Buyers of technology know that not every device is going to be the same and competition will drive the safety market. For years mobile users have upgraded for better resolution, improved camera functionality, significant memory upgrades, improved touch screens, greatly enhanced audio, and even new and improved case designs or colors. The time is now for consumers to upgrade for better safety.

It is time to take safety seriously

In years past mobile users have felt that safety and security, whether simple passcodes or more advance biometrics or multi-factor security protocols, slows down access.  In enterprise level deployments of mobile technology, it is the oft annoying and cumbersome standards deployed by IT that make user experiences terrible and forces these users to look for shortcuts to bypass the process (and thus exposing that mobile access to the dreaded breach).
The latest generation of mobile technology will greatly improve the user experience and make daily life more manageable.  Safety will be the new standard but not succumb the reluctant user to a series of dreaded steps that forces them to look for shortcuts.  The technologies that will deliver this today include:

TEE (Trusted Execution Environment Embedded Technology)

TEE provides the tools for every app to have secure isolated execution of authentication, authorizations, encryption, and messaging. It prevents malware from stealing the keys that define the user’s identity. Latest generation mobile phones support Global Platform TEE, Trustonic, and/or other proprietary TEE environments.  Rivetz is working to simplify developer’s integration of TEE and give users the information they need to make the right choices. TEE is at the heart of modernizing the safety in devices separating the really sensitive data and process from the flexibility and extendibility of the operating system. TEE provides the model for strong certification and validation of the safety that provides the users with the confidence the solutions achieve the protections they assure.  

TUI (Trusted User Interface)

TUI provides embedded protection for the entry of a user PIN number to lock an identity key to a specific user.  This technology prevents misuse of the user’s credentials in the event that a phone is either compromised, loaned out, or even stolen. TUI is available today on select Samsung phones and is on the product roadmap for many others handset providers. Smartphone buyers today should make this a requirement on their mobile features checklist. This is by far the best cyber identity solution readily available in a device today. Intel is supporting a similar feature in their Ultra-books but, in current form, has limited interfaces.
Secure Display is another feature of TUI that ensures what is displayed on the screen actually came from the app and is not compromised by malware. It assures that what you see on screen is the actual message/content that will be safely delivered. This is ideal for private messaging, payments, and identity management.


This is the best marketing feature on a phone because you can actually touch it and see it work! There is still much work to be done in biometrics to deliver on the promise of true safety. In today’s environment a Trusted User Interface secure PIN is far stronger but in time biometrics will catch up. Features like hardware matching, Secure Sensor path, and liveness detection will continue to evolve over next generation devices. The same will be true for facial recognition where a camera in the device will be required to assure the images came from the sender and not compromised by malware.

NFC (Near Field Communication) and BLE (Bluetooth Low Energy)

While technically speaking not a security technology per se NFC and BLE both can be used for the delivery of data and credentials over a short distance. Providing the user with a simple physical representation of the safety that smart devices can deliver. Simple identity can be more private, personal data can be protected, Real identity can be assured, and secure sharing is possible. Secure devices are not only holders of secure data but also the receivers of that data providing protection for a full transaction.  Every app should embrace simple NFC support for loyalty, identity, form fill, and SIMPLICITY. Devices that embrace NFC and BLE provide the first effective mobile Identity interface.

Final Thoughts

Not every mobile phone will have every feature illustrated above.  Utilizing key aspects of some or even all these advanced safety features will fundamentally shift user’s habits. Evolution in technology does not happen overnight but the mind shift towards simplifying yet strengthening security and safety requires market leadership to not only embrace safety but drive safety and market safety.

Safety first will require everyone to participate and provide a strong market differentiator for those who lead. Manufactures need to embed the technology at the chip level. Marketers need to position and sell the safety benefits to the user.  And, App developers need to fully exploit the safety made possible by this built-in technology. Users will fast learn to appreciate the result and expect nothing less.  Collectively this will make the global markets safer while derailing the disruptions caused by malware. 

Sunday, April 26, 2015

What is Trustless?

Shelly riffs off what many others have identified as the true innovation of Bitcoin, the Block Chain. We see here the recurring role of the Internet to co-opt entire institutions and their function, but this one is trickier. The essence of the innovation requires that no one company, government or cabal be leading the charge.

Amazon upended book stores (and, yes, pet food delivery). Wikipedia outclassed the Encyclopedia... The Block Chain can replace contracts and transactions, but only by virtue of there being no "Block Chain, Inc". The promise is to replace trust in institutions with trust in mathematics. Essentially, cryptographically signed data, corroborated by an unassailable network of globally peered servers, replaces transactional fact recorded on paper in a cabinet in a legal office.

Society can gain incredible efficiencies from this (though I suspect that dis-intermediating lawyers is going to be even harder than the long running campaign to modernize media distribution.) It is envisioned that machines could contract with other machines. International trade barriers could crumble.

It is not, however, a "trustless world." Our trust shifts. To interact with the Block Chain we need to employ devices that perform the requisite math. We have to trust our "terminals" to deliver our instructions to the Internet. Devices become our trusted partners. 

Friday, February 27, 2015

Demo of Rivetz with BitPay

This demo uses two Galaxy 4 phones. One set up as a BitPay Point of Sale terminal. The other equipped with Rivetz and our demo wallet app Rosie. Bitcoin held in the secure hardware of the device is used to pay for a small charge. Trusted User Interface ensures user confirmation