Rivetz.com is a company that I have been following very closely for several years now.
Rivetz believes that online services are significantly enhanced when a device can be trusted to be what it says it is and to execute instructions exactly as asked. Building upon a decade of industry investment in trusted computing, Rivetz is offering a platform that delivers on this goal.
A service provider generally has confidence in its servers. They are under administrative control and usually protected physically. However, nearly all services are delivered to users through devices the service provider knows very little about and over which it rarely exerts any control.
Rivetz changes this. Through the use of Trusted Execution technology we are able to provide a service provider with an oasis of trust in the unknown world of consumer devices. Basic capabilities such as “sign this”, or “decrypt this” are executed outside the murky world of the main OS. Keys can be generated and applied without ever being exposed in memory and can be attested to through a chain of endorsements traced back to the device manufacturer.
When you can trust a device not to lie or leak secrets, you can form a much more reliable and simpler relationship with the device. It makes life easier and safer for the user and service provider alike.
What Can I Do with Rivetz?
Rivetz is all about trust in devices. We believe that a reliable relationship with a device can make for a much safer, easier and stronger relationship with an end user.
To achieve this, first and foremost you need to know with confidence that a device is the same device it was before. You also need to be sure that a device won’t leak its secrets when asked to do something sensitive, like a decryption or signing.
Our device code runs in the Trusted Execution Environment (TEE) available in many modern devices. The TEE is a hardware environment that runs small applets outside the main OS. This protects sensitive code and data from malware or snooping with purpose-built hardware governed by an ecosystem of endorsements, beginning with the device manufacturer.
Rivetz enrolls a device and equips it with a service provider’s keys. Our API’s enable secure execution of a number of sensitive device-side transactions, including:
- Get a reliable and anonymous device id – On request, Rivetz will generate a signing key for a device. The public key is hashed into a string that can be used to identify and communicate with a device. The private key remains locked in the hardware and can only be applied on behalf of the SP that requested the ID.
- Get a device to sign something – The private key of the device identity can be used to sign things proving that this device was involved. The signing ceremony is executed in secure hardware such that the key is never exposed to normal processing environment of the device.
- Get a device to encrypt something – An encryption key can be generated on request and applied to any blob of data. Encryption/Decryption is triggered locally and takes place within the secure execution environment so as to protect the key.
- Create a Bitcoin account – The device can be asked to generate a new Bitcoin account using the RNG built into the Trusted Execution Environment.
- Sign a Bitcoin transaction – The device can apply it’s private Bitcoin account key to sign a transaction and then return it to the service provider
- Secure Confirmation – (coming soon) Newer TEE environments support trusted display and input in addition to trusted execution. Trusted display enables a simple confirmation message, such as “confirm transaction amount”, to be presented to an end user.
- Join Devices to share and backup identities – Most users have a couple of devices. Rivetz allows those devices to be bound into a ring so they can interchangeably present themselves to a service provider on behalf of the user.
Rivetz is a toolbox for riveting the online world to the hardware we use to get online. By providing this basic set of features we hope services across the web from wallets to content apps can provide a simpler and safer experience.
How does it work?
A Service Provider calls Rivetz to create hardware keys in a device. Different types of keys are available depending on the purpose, such as for crypto-coins or data encryption.
Riveted keys are governed by simple usage rules established during creation. For example, a key may require that usage requests are signed by the Service Provider that created the key, or that the user confirms access through the Trusted User Interface.
A Rivet will only respond to an instruction from a Service Provider that has been “paired” with the device. Rivetz.net conducts the pairing ceremony as it is able to confirm the integrity and identity of both device and service provider. When a device is paired it acquires the public key of the service provider, while the service provider gets a uniquely generated identity and public key for the device.
While Rivetz supports local calls, ideally all instructions are signed by the Service Provider. This protects a device key from being applied by a rogue application. The _Rivetz Library is used by all components to prepare and sign device instructions and interpret instruction results.
Trusted Execution Environment
There is a class of apps that benefit greatly from strong assurance of their origin and opaque separation from the execution of other apps. This is known as a Trusted Execution Environment or TEE.
Unlike an app running on the primary OS and memory stack, an app running in a TEE has access to cryptographic primitives that can be exercised without snooping by the OS. On certain platforms, it also has direct access to user input and display to ensure a private interaction with the operator of the device.
While the technology has been pursued for well over a decade, it is only recently that devices with support for a TEE have become available. Intel began delivery of commercial solutions in 2011 and Trustonic, an ARM joint venture, launched in 2013.
Deploying an applet into a TEE is akin to delivering a dedicated hardware device. Execution and data are cryptographically isolated from any other function of the host.
Rivetz and the TEE
While most applications of Trusted Execution technology have been concerned with enterprise security or DRM, Rivetz instead provides an applet that is focused on the needs of common web services. Crypto currencies such as Bitcoin have highlighted the need for consumer key security.