Rivetz aims to deliver a new architecture for security by combining blockchain and trusted computing technologies. This will allow instructions executed on devices to be provably secure through the use of a trusted execution environment (TEE) isolated from the main operating system. Rivetz tokens (RvT) can enable multifactor authentication, policy-controlled spending, and automated compliance for utilities through the verification of a device's integrity at the transaction level. The goal is to provide on-demand security controls for machines that are assured through attestation and recorded on the blockchain.
Dev Dives: Streamline document processing with UiPath Studio Web
Delivering a New Architecture for Security: Blockchain + Trusted Computing
1. Property of Rivetz Corp.
Delivering a New Architecture for Security:
Blockchain + Trusted Computing
2. Property of Rivetz Corp.Property of Rivetz Corp.
The Blockchain ledger is secure but the instructions are not.
Block Chain Technology
•Provable events
•Time stamped
•One way
•Secure Crypto Chain
•Multi-SIG
Instructions
Keys
Data/Addres
s
Process
Malwar
eTheft
Man in
the
middle
Unknown
software
3. Property of Rivetz Corp.Property of Rivetz Corp.
The Goal
Authentication alone is no longer enough
4. Property of Rivetz Corp.Property of Rivetz Corp.
Decentralized security
Crown
Jewel
s
5. Property of Rivetz Corp.Property of Rivetz Corp.
Decentralized security
Crown
Jewel
s
Crown
Jewel
s
Crown
Jewels
Crown
Jewels
Crown
Jewels
6. Property of Rivetz Corp.Property of Rivetz Corp.
An observation
The Public Blockchain is censorship resistant
Is equivalent to
The Public Blockchain is Network Security resistant
7. Property of Rivetz Corp.Property of Rivetz Corp.
What is Trusted Execution
• A small highly assured operating environment isolated by hardware
from the primary operating system
• Can be remotely verified cryptographically to be unchanged
• Has a hardware root of trust that can’t be altered by software
• Is based on a number of industry standards
• Only processes code from known developers
• Can not be altered by software/malware loaded on the operating
system
8. Property of Rivetz Corp.
OPERATING SYSTEM TEE
ARM TrustZone®
enabled SoC
SMART CONNECTED DEVICE
Attestation APP Wallet
Security
Critical
Functions
API Call on
Security critical
Routine
Rivet
Secured
Critical Assets
Key assets exposed Key assets protected
Isolated
space for
handling
high value
assets
Rivetz and TEE
9. Property of Rivetz Corp.Property of Rivetz Corp.
RIVETZ
Connecting built-in security and APP developers
Trusted
Execution
Mobile Wallet
Chat / Voice
Storage
Cloud
Authentication
ApplicationsCapabilities
Secure Display
Key Storage
Secure PIN
Encryption / Decryption
Bio-metrics
10. Property of Rivetz Corp.Property of Rivetz Corp.
Attestation verification -- Assuring the internal capabilities are as expected
Anatomy of a secure instruction
Trusted Display -- What you see is what you sign
Trusted Input --Provable collection of consent From the user
Trusted Execution -- Protection of Private key and formation process
11. Property of Rivetz Corp.Property of Rivetz Corp.
The role of attestation
• Verification of the Rivetz TA and the underlying TEE match
previously registered measurements
• Start with what is possible and push for more
• Registration of reference measurements for service providers and
partners
• Rivetz.net as a policy enforcement point
• Encrypted API Calls are a potential policy enforcement point
Known devices providing provable instructions
12. Property of Rivetz Corp.Property of Rivetz Corp.
RvT The cybersecurity token
• Security at the transaction level
• multifactor authentication
• token models and blockchain
• IoT Instructions
• Policy controlled spend by the owner of the device
• Assure use of private keys
• Real-time verification of integrity
• Automated settlement for utility services
• On demand delivery of cybercontrols
• Metered model for service
• Improved compliance data
• Simplifying use
13. Property of Rivetz Corp.Property of Rivetz Corp.
Delivering a new
architecture for
security
14. Property of Rivetz Corp.Property of Rivetz Corp.
Machines need
Human Control
• Automatic payment in a controlled
environment
• TEE assures controlled access to a
utility token
• Owner sets and controls policy
• The policy engine is continuously
verified with each transaction
Providing the foundation for on
demand utilities provisioned by the
device for the device.
15. Property of Rivetz Corp.Property of Rivetz Corp.
RvT the
Cybersecurity
Token
• A new business model for
security
• Enabling existing installed
technology
• Evolving security from
watching to proving
• Tackling a global market
need
• Security for the token
power utilities of the future
16. Property of Rivetz Corp.Property of Rivetz Corp.
Demonstration
of prototype
Simple authentication built-in
17. Property of Rivetz Corp.Property of Rivetz Corp.
High assurance instructions
Multi-factor for machines
• Lays the compliance framework for Payment Security Directive 2 PSD2
• The foundation for cyber security controls in IoT
• Secure M to M controls
• Cybersecurity controls verified and recorded at the transaction layer
• Enabling provable cybersecurity controls for BYOD and Cloud
Known
user
Known
device
Known
condition
Assured
instruction
18. Property of Rivetz Corp.Property of Rivetz Corp.
Steven Sprague, CEO
Steven@rivetz.com
413-330-9100