How Rivetz Uses Your Smartphone to Secure Your Mobile Bitcoin Wallet

A security technology startup is aiming to challenge Apple Pay and other mobile payment solutions through a blend of hardware security and bitcoin.

AccessTimeIconMar 3, 2015 at 8:05 p.m. UTC
Updated May 2, 2022 at 3:45 p.m. UTC
10 Years of Decentralizing the Future
May 29-31, 2024 - Austin, TexasThe biggest and most established global hub for everything crypto, blockchain and Web3.Register Now

rivetz

A security technology startup is aiming to grab a share of the growing mobile payments market through a blend of hardware-isolated security and bitcoin.

Rivetz develops software that, when released later this year, intends to leverage secure hardware environments embedded in Android-enabled smartphones to manage private keys for mobile bitcoin wallets. The company has partnered with several companies including mobile security firm Trustonic, identity computing solutions provider Intercede and BitPay.

The app will be available to users in the second quarter of this year, and according to Rivetz CEO Steven Sprague the project has garnered interest from several wallet providers including Mycelium and Breadwallet.

Sprague said that bitcoin's use as a mobile payment instrument has greater ramifications for the broader development of trusted computing and the Internet of Things. The company recently demoed its software solution at the Mobile World Congress in Barcelona.

The question of how bitcoin users protect the all-important private key is an old one. In a recent interview he said:

"Bitcoin has a huge challenge, which is how do I protect the private key? Trusted computing has spent $5bn  on how do you protect the private key."

Securing mobile bitcoin

Rivetz's software acts as a second layer of security built into the phone itself. The app makes use of the Trustonic Trusted Execution Environment (TEE) – a hardware-isolated security platform built into millions of ARM-based Android devices – to protect users' bitcoin data and application integrity.

The app uses a Trusted User Interface (TUI) for secure PIN entry and display of the users' transaction details. The trusted UI allows the information to be securely configured by the end user and securely controlled by the TEE environment, by verifying the user interface of a mobile device.

When a user makes a transaction, a summary of the transaction is displayed in a new window by the TEE, ensuring that any non-secure applications stored in the rich OS environment cannot tamper with the payment details.

As a user experience, Rivetz presents another authorization layer on top of the steps included in whatever bitcoin wallet is being used. The user can review the address, amount and transaction fee prior to signing the transaction.

Advancing payments

Sprague told CoinDesk that the goal of Rivetz was to appeal to a wide audience of bitcoin users by supporting a full range of wallet partners.

"The technology will also support multi-sig and hierarchical-deterministic wallets in the near future," he added.

Sprague argued that bitcoin as a technology has the potential to reshape how people pay using trusted devices, as well as solve problems that have existed in the digital payments space for years.

"Hacking money is a really, really, really well-refined science," he said. "It’s not just being developed because bitcoin started. Hackers have been stealing money for a long time."

The Internet of trust

The idea of securing transactions extends beyond the payment of money, said Sprague, noting that trust plays a central role in the concept of the Internet of Things.

Companies like IBM have drawn from the example of a smart house filled with interconnected appliances when describing how the bitcoin protocol could be used to facilitate device-to-device communication.

According to Sprague, homeowners who use their mobiles device to instruct their smart appliances will need the means to make sure that those appliances are receiving transactions from the proper source, noting:

"How do I assure that the washing machine is authorized? What if it’s a rogue operator taking over a machine, or some guy who wants to trade soap futures and wants a million washing machines to order too much soap?"

If and when devices come to be used as security mechanisms for the home, Sprague added, owners need a means to identify themselves securely.

"It's not just about access," he said.

Yessi Bello Perez contributed reporting.

Image via Shutterstock

Disclosure

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by Block.one; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.


Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.