It's one thing if your mobile phone is lost or stolen and bad actors have access to your social media accounts, email, e-commerce accounts, and directory.
It's another thing if that mobile phone also includes payments accounts, like PayPal, traditional bank accounts, and now cryptocurrency assets through an insecure digital wallet.
HTC last month began previewing their new 'Exodus' device, which they claim will keep cryptocurrency and other digital assets safe. While the vast majority of users today will care more about protecting all their apps (to protect their reputation and safeguard their money) for the growing community of blockchain enthusiasts, keeping their data on a mobile device ' or any device connected to the public Internet ' is just asking for trouble.
The most secure way to store aseets is in 'cold storage' ' in other words, stores on a computer, drive or other piece of hardware that isn't connected to any networks.
HTC explained they chose the ARM system-on-a-chip to build a 'trust zone' in the chip's secure enclave, which is separate from the Android operating system, making it harder for a third-party to access.
HTC and ARM's integration doesn't solve for losing one's mobile device but does included plans to make sure the user's digital wallet cannot be compromised if the device is out of the user's control. The company has developed a concept called Social Key Recovery; during setup, users will be able to ask several trusted contacts to store a part of their key via an HTC app on their phones.
That's one creative approach to securing mobile devices and the data stored on them.
This week, Telefonica, Rivetz and Civic announced another approach.
With over 50 billion euros in revenue, Telef·nica is the seventh-largest broadband and telecommunications service provider in the world, with operations in Europe, Asia, and North, Central and South America.
And as many large Communications Service Providers (CSPs) have done, Telef·nica has created its cybersecurity unit, ElevenPaths, which is partnering with Rivetz and Civic.
Telefonica's ElevenPaths announced with Rivetz, a blockchain company focused on decentralized hardware-based cybersecurity, that digital identity company Civic joined in its partnership to offer next-generation identity solutions powered by blockchain.
According to their press release, 'digital identity is a cornerstone for the growing decentralized economy. Civic provides convenient, user-friendly identity solutions, which will integrate with the advanced cybersecurity architecture developed by Rivetz and Telef·nica. This partnership will enable billions of mobile users to have a digital identity that they control and that simplifies access to global services.'
Together, Rivetz and ElevenPaths developed 'Dual Roots of Trust' technology, where a user's private key is cryptographically distributed between two independent roots of trust: the Trusted Execution Environment (TEE) with the carrier subscriber identity module (SIM).
Civic's secure identity solutions protect personal information stored locally on a mobile device, using biometrics and high-level encryption. Civic's user-friendly identity solutions will integrate seamlessly into the Dual Roots of Trust cybersecurity architecture developed by Rivet and Telef·nica.
Rivetz bridges obsolete username/password model to a future where security is built in. Equipping developers with the technical solutions, foundations, protocols and distributed key management, Rivetz security integrates with any blockchain, cloud or IoT project, according to the company.
Carriers today use the SIM to protect their network information
Consumers and enterprises use the handset OS environment, potentially with some TEE capabilities, to protect their assets.
According to a white paper published by Rivetz, 'using only one or the other leaves our digital assets vulnerable to imperfect hardware or software implementations ' and never mind the fact that humans are still involved in the process and we know how well that often turns out.'
'Having only a single domain in charge of security is akin to having only one lock on the door,' the white paper also says. 'The lock might be the best on the market. But what if it's not installed correctly? What happens if you forget to lock the door? What happens if you lose your key and wallet and your address is right there on your driver's license·
'The ability to prove who you are is a fundamental human need. Our partnership with Rivetz and ElevenPaths is a massive step in putting an uncomplicated digital identity solution in the hands of mobile users, who then call the shots,' said Vinny Lingham, CEO and Co-Founder of Civic. 'The concept of identity is rapidly changing, and we look forward to a revolutionary partnership that makes sharing and verifying identity safe and seamless.'
“We are pleased to have Civic as part of the project to bring blockchain-powered identity verification services to the consumer,” said Steven Sprague, CEO of Rivetz. 'The integration of built-in security and digital identity will offer a simple yet powerful new capability for users.'
'Trusted computing technologies are not an end by themselves, but are an opportunity to improve mobile users' security, providing a research and innovation framework in the context of cybersecurity,' said Pedro Pablo P·rez, Telef·nica Global Security VP & ElevenPaths CEO.
As more and more data traverses private and public networks, the attack surface continues to morph, and Telef·nica was wise to support innovation in both hardware and software-based solutions to address the increasingly complex and growing threats on network infrastructure as it becomes more virtualized and programmable.
Network operators have new liabilities and responsibilities as the integrity of data can be compromised while in motion, and at rest, and because networks connect so many clouds, applications, services and ' most importantly perhaps ' data sets including massive data lakes ' ensuring network session and event security is becoming not just important but mission critical.
Telef·nica has a significant presence in 17 countries and 357.5 million accesses around the world. The company is 100% public, and its shares are traded on the Spanish Stock Market and on those in London, New York, Lima, and Buenos Aires.
ElevenPaths brings their digital transformation strategies, and new products like those from Rivetz and Civic to build trust into networks and applications, in this case right down to the physical device, which is where Rivetz differentiates itself as a both physical and digital blockchain-oriented company.
ElevenPaths is a true believer in collaboration and community, and works actively with entities including the European Commission, CyberThreat Alliance, ECSO, EuroPol, Incibe, and the OEA.
Rivetz's security solutions hinge upon access to the TEE, which is an isolated, measured computer environment separate from the device's operating system. By provisioning all digital transactions through the TEE, Rivetz assures that users' private keys cannot be altered or stolen if the operating system is tampered with or infected by malware.
