A security technology startup is aiming to grab a share of the growing mobile payments market through a blend of hardware-isolated security and bitcoin.
Rivetz develops software that, when released later this year, intends to leverage secure hardware environments embedded in Android-enabled smartphones to manage private keys for mobile bitcoin wallets. The company has partnered with several companies including mobile security firm Trustonic, identity computing solutions provider Intercede and BitPay.
The app will be available to users in the second quarter of this year, and according to Rivetz CEO Steven Sprague the project has garnered interest from several wallet providers including Mycelium and Breadwallet.
Sprague said that bitcoin’s use as a mobile payment instrument has greater ramifications for the broader development of trusted computing and the Internet of Things. The company recently demoed its software solution at the Mobile World Congress in Barcelona.
The question of how bitcoin users protect the all-important private key is an old one. In a recent interview he said:
“Bitcoin has a huge challenge, which is how do I protect the private key? Trusted computing has spent $5bn on how do you protect the private key.”
Rivetz’s software acts as a second layer of security built into the phone itself. The app makes use of the Trustonic Trusted Execution Environment (TEE) – a hardware-isolated security platform built into millions of ARM-based Android devices – to protect users’ bitcoin data and application integrity.
The app uses a Trusted User Interface (TUI) for secure PIN entry and display of the users’ transaction details. The trusted UI allows the information to be securely configured by the end user and securely controlled by the TEE environment, by verifying the user interface of a mobile device.
When a user makes a transaction, a summary of the transaction is displayed in a new window by the TEE, ensuring that any non-secure applications stored in the rich OS environment cannot tamper with the payment details.
As a user experience, Rivetz presents another authorization layer on top of the steps included in whatever bitcoin wallet is being used. The user can review the address, amount and transaction fee prior to signing the transaction.
Sprague told CoinDesk that the goal of Rivetz was to appeal to a wide audience of bitcoin users by supporting a full range of wallet partners.
“The technology will also support multi-sig and hierarchical-deterministic wallets in the near future,” he added.
Sprague argued that bitcoin as a technology has the potential to reshape how people pay using trusted devices, as well as solve problems that have existed in the digital payments space for years.
“Hacking money is a really, really, really well-refined science,” he said. “It’s not just being developed because bitcoin started. Hackers have been stealing money for a long time.”
The idea of securing transactions extends beyond the payment of money, said Sprague, noting that trust plays a central role in the concept of the Internet of Things.
Companies like IBM have drawn from the example of a smart house filled with interconnected appliances when describing how the bitcoin protocol could be used to facilitate device-to-device communication.
According to Sprague, homeowners who use their mobiles device to instruct their smart appliances will need the means to make sure that those appliances are receiving transactions from the proper source, noting:
“How do I assure that the washing machine is authorized? What if it’s a rogue operator taking over a machine, or some guy who wants to trade soap futures and wants a million washing machines to order too much soap?”
If and when devices come to be used as security mechanisms for the home, Sprague added, owners need a means to identify themselves securely.
“It’s not just about access,” he said.
Yessi Bello Perez contributed reporting.
Image via Shutterstock