Today, we use our mobile devices in endless ways, from texting and emailing to gaming – even work. Our mobile devices have opened more attack surfaces for criminals to steal our financial data, social media accounts, and even company data. The more valuable the asset, the more desirable it is for attackers to break in.
With so much at stake, we don’t want a single point of failure when protecting and managing your digital assets. We want a security system with a failsafe.
Introducing the latest blockchain-based mobile cybersecurity innovation from Rivetz: Dual Roots of Trust. The technology implements two roots of trust, which – according to their whitepaper – “can examine the device and compare the results to a known and trusted condition – that [the roots] haven’t been tampered with from what is trusted.”
These two roots are already present in most mobile devices: the carrier SIM card and Trusted Execution Environment (TEE). The TEE is a secure hardware chipset built into millions of Android devices today. Users’ private keys are cryptographically distributed between the two roots, enabling two points of mobile security. If one root were to fail, an attacker would have to also break the other root in order to access the private key.
Dual Roots of Trust is the brainchild of a collaboration with Telefónica, which was announced last spring.
The two roots – the SIM and the TEE – are controlled by separate entities: the carrier and the manufacturer, respectively. For over two decades, the SIM has been developed by mobile carriers to protect mobile user’s information.
Essentially, the TEE is a vault within your mobile device’s hardware. It’s isolated from the operating system, so it can execute code separate from the operating system. Using the TEE protects your data from malware and other threats which affect software.
Dual Roots of Trust gives both users and enterprises independent control planes. If your mobile phone were to be lost or stolen, you could simply call your carrier and ask them disable access to certain apps or the entire device. If you were later able to find your mobile phone, your carrier could reactivate it just as easily. Similarly, if an employee were to leave a company, the company could revoke access to all company apps, protecting sensitive corporate information.
“One of the most critical issues we face today is finding a balance between security and usability,” said Steven Sprague, CEO of Rivetz. “In partnership with Telefónica, we are proud to provide a seamless, built-in solution for decentralized mobile security.”
Rivetz demonstrated the technology earlier this month at Mobile World Congress.
Rivetz technology and services aim to provide a safer and easier-to-use model for all users to protect their digital assets using hardware-based trusted execution technology. The device plays a critical role in automating security and enabling the controls that users need to produce high assurance data and benefit from modern services. Rivetz leverages state-of-the-art cybersecurity tools to develop a modern model for users and their devices to interact with services on the Internet. They were selected for Telecom Council‘s prestigious Innovation Showcase Class of 2018. Find out more at www.rivetz.com and follow Rivetz on Facebook, Twitter, YouTube and Telegram.