Tai Zen: Hi guys, this is Tai Zen. I have LeonFu.com with me today. Say hello Leon.
Leon Fu: Hello everyone
Tai Zen: We also have a special guest that was introduced to us by David Johnson from the Factom team in the city of Austin, Texas.
Steven Sprague: Hello everybody. Thank you for having me on the show.
Tai Zen: I’m broadcasting from Los Angeles right now. Leon is broadcasting from Austin, Texas. Steven is broadcasting from Barcelona, Spain.
Let’s go ahead and get started here, guys. Could you share with our audience here a little bit of your background and what you’ve been doing that leads up to how you started Rivetz, Steven?
Steven Sprague: My background is in the trusted computing area. I’ve spent most of my life trying to help put hardware security directly into the platforms we use every day, initially in PC and then ultimately into mobile phones as well.
I ran a publicly-traded company in trusted computing space for 15 plus years and left there in 2013 to start Rivetz.
We went after how we enable mobile security within the mobile platforms that we have directly in the hardware of the chipsets and provide the software and services to make that work.
Tai Zen: I know you speak about hardware and stuff, but could you just give the audience an example of what you’re talking about or the type of security that you guys were working on.
Steven Sprague: Inside the actual chipset of your phone in the main processor is a technology called the trusted execution environment.
The trusted execution environment is an isolated processing area that is protected by hardware that allows us to run code and hide secrets that are independent of the operating system.
For the first time, you can not only store secret but also process that secret without worrying about malware in the operating system stealing your keys or changing the process.
Tai Zen: Then, you left the publicly-traded company called Wave Systems. Could you talk to the audience a little bit about what inspired you to start Rivetz?
Steven Sprague: It was really simple. From around 2010, on every time we went anywhere, every customer asked what our plan was in mobile and we were entirely focused on the PC at that time. Therefore, it became very clear that we needed to do it as a separate company.
I left Wave to pursuit a mobile application set. It’s really on the next generation of technologies.
Now, I find it quite funny because every time I go see a large enterprise customer they say this is so cool on mobile and ask whether we have any plans for the PC.
I think eventually we’ll get to point where everybody turns on their hardware security, but it’s been quite an adventure.
Tai Zen: Okay. Could you talk a little bit about how you met David Johnson and that way leading up to where you’re at today?
Steven Sprague: Yeah, certainly. I got introduced to the Bitcoinspace in 2014 by actually one of my board members.
Then, I got enticed to go down to the Miami Bitcoin conference because it was -20 degrees at home and it was like 81 in Miami. Therefore, spending the weekend in Miami seemed like a good idea.
I also read Satoshi white paper on my way down to the Miami Bitcoin conference.
From the first half-hour of the first cocktail party, it’s been very clear to me that there’s an enormous synergy between trusted computing and the technologies we have to protect keys and generate instructions and blockchain, which has this fantastic capability to store facts on the Internet that won’t get changed over time.
The management of the blockchain and the ability to immediately store information on a longterm basis is really a powerful capability when you mix those 2 together.
I think we have the foundation for the new model of enterprise computing. I’m supporting the mobile environment because we look forward to things like the Internet of things and try to answer the question where we are going to keep all the keys for all these devices.
Tai Zen: From there, what point did you get inspired to start Rivetz?.
Steven Sprague: Yeah, so actually I started Rivetz before I got involved in the blockchain space.
We went down a path actually in the very early stages in 2014 to build a white paper around an attestation coin where every trusted execution environment would verify the integrity of every other trusted execution environment. It’s a cool idea. It’s just been way too early to start that process.
One of the core capabilities that trusted computing has is the ability to store and process a secret. However, the real question is whether it is running properly.
There is actually a mathematical process where we form a hash inside the trusted execution environment that tells us it’s operating correctly.
In October, we built a demonstration a year ago where the health and integrity hash was stored on a blockchain.
Then, we modified the actual script of the Bitcoin transaction to support the capability of matching, which does a reference health test equal a real-time test. In this way, we have a cybersecurity control for the transaction that’s on the network.
Leon Fu: So Steven, I got a question for you.
As you said, one machine can validate what another machine is doing, so how do you make sure that the machine you’re talking to isn’t just lying to you?
Steven Sprague: One of the core principles of the trusted execution environment is to solve the lying endpoint problem.
We actually came from the root of trust from the original hardware manufacturer, built a cryptographic chain of each step that builds up this environment, including the loaded code that’s written by Rivetz.
When we look at that hash, if it hasn’t changed since last, we know that code is executing properly.
What you want to do is when a transaction is created, you actually want to make sure that hash is the same as when you set it up in a reference condition.
The huge step forward has been the ability to bind that hash into a transaction on a blockchain transaction and it would work with a smart contract. It’ll work with a native chain as well if you modify the chain process.
We’re providing a mechanism for a provable cybersecurity control where it’s bound into the actual transaction, so you know how the private key was protected for the transaction that was written on the Internet.
Leon Fu: Okay. I’m still a little confused.
I do understand where you have hash executing, but if I were the device and I was reporting to you these hashes, I still would not see how you can verify that.
Let’s say I’m one machine. You’re the other machine. We know what the code is going to be and how the hashes of each step are, but how do you know what actually happened in the other machine? That’s the part I still don’t see.
Steven Sprague: Sure. In order to build a reference hash, we actually do things like test the actual manufacturers’ keys against their key chain. We verify in the process steps, so the trusted execution OS has a reference hash when it was manufactured in the factory.
We can go from the hardware root of trust from the manufacturer all the way up through the process.
When Rivetz actually produces an app, we sign it. When it gets loaded on top of that stack, we’re checking the signature that came from Rivetz.
If Rivetz put some mistake in the code intentionally, or if somebody’s manufacturers make a mistake or an intentional hole in it, we can’t detect that.
However, if it’s discovered, we know exactly who it came from. There are no anonymous developers in this process.
What you have is a provable stack of code from a provable collection of suppliers, so we can assure that the transactions computed came from that known stack. Does that help?
Leon Fu: Yeah.
For example, Apple has to sign all the apps before the operating system is allowed to run it. That’s the way it’s designed.
Is this something similar to that?
Steven Sprague: But that’s the whole point.
You can’t jailbreak a trusted execution environment. There is no jailbreaking it because it’s a much smaller environment. It’s executed in hardware.
You’re right. You can sign code. I can sign an object or you can take any file and we can sign it and we could record it on the blockchain.
Now, if I have that piece of code and I have the blockchain, I can prove like a notary that it was correctly in place.
The trick here is when I get a PC, how do you know it’s running the BIOS that came from Dell? Did you ever check? Nobody checked.
The reason is the BIOS that boots your computer could be loading a bare-metal hypervisor. It could be running anybody else’s under operating system underneath yours, then stealing everything that you do and you have no way to detect it today.
That’s why hardware security was put into PC many years ago, so we could verify from the power-on cycle up to loading the operating system.
Now, in Windows 10, they test that. As an enterprise, you can actually turn it on windows 10 today if you desire.
Leon Fu: Okay. You said you anticipate this in phones.
How do you see Rivetz being used then? Are we going to have an app where let’s say I’m the publisher of the app and I can guarantee to the user that my app was running in the same state as I published it?
Steven Sprague: What Rivetz has done is we’ve built a trusted app and a series of API that allow any third-party app developer to take advantage of our storage of keys or encryption or performance of transactions within this programmable environment.
You don’t have to write your own code and the programmable environment because it’s complicated and ultimately it should be certified.
What we provide instead are the tools to take advantage of that, so now you can store keys and process them.
For example, a Bitcoin transaction can be done within the isolated execution environment and we provide those core primitives to execute that.
In addition, we’re providing attestation services. That’s really where our token sale is about. It is how we begin the process of having a token that assures the trusted execution environments working properly, so we can bind that into a transaction or into a 2-factor authentication.
For example, you download an app on your phone and do 2-factor authentication. As part of the 2-factor authentication, it won’t generate your 6 digit code if the trusted execution environment has been tampered with.
Leon Fu: Okay, so you’re actually going to build software that runs in the trusted execution environment on your phone.
You’re creating almost as a virtual trusted execution environment that third-party developers can then build their code into.
Is that how it sounds? Because you’re not manufacturing the hardware here. You’re just providing the software. Is that correct?
Steven Sprague: That’s correct. We started a couple of years ago building application software, so we have a completely operational environment today. It’s compatible with probably 600 to 700 million existing phones.
Our partner that provides what’s called the TEOS claims they’ve shipped a billion copies of their TEOS, so you can assume that some portion of those phones have found their way into desk drawers and are being actively used.
600 to 700 million phones is probably a reasonable estimate of what Rivetz will run on today.
Leon Fu: Okay. I’m just trying to imagine how this would work. Would I download a Rivetz app from the app store the same way I download apps today? what benefits do I get?
Steven Sprague: Well, there’s a piece of magic.
You download an app like a normal app in the App Store. Then, we provide a signal to the chipset, which is completely independent of Google and completely independent of the Google Play Store, to download an application into the actual silicon of the chipset.
That TEOS app then provides the services. Those are under 1MB of code and that provide the supporting security services for the normal Google Play app in the device.
Leon Fu: From a user’s perspective, what benefit do I see as a user using a Rivetz app that I downloaded from the App Store.
Steven Sprague: If security has done really well, it should be completely invisible to the user. This is as good as the security underneath your send button.
You dial your phone number and you push send without realizing that there’s a multi-billion USD hardware security business of the SIM chip works every time you do that.
This provides that type of a mechanism but embedded in the hardware because consumers don’t want to learn about cybersecurity. They just want to use their phone.
What we need to provide as an industry is the ability to protect and store secrets so that drive-by malware isn’t downloading all your credentials of your handset or stealing all your keys.
Leon Fu: My thinking right now is malware and viruses are more of a problem on PCs than phones. Phones today are running a sandbox environment. Therefore, as long as I didn’t jailbreak my phone, nothing runs on my phone unless it was signed off by Apple or Google.
I know you said that you’re targeting mobile, but it sounds like this Rivetz would be a lot more useful on the desktop since PCs are much more susceptible to viruses and malware than say phones are today.
Steven Sprague: All device do have the same risk.
Apple ship Apple Pay using the trusted execution environment to protect your payments secrets because that was the only way they can achieve enough security to get the banks on board.
Apple didn’t put Apple Pay in tamper-resistant hardware in the phone because they thought it was cool. They put it in tamper-resistant hardware and the phone because they needed to.
We know that on Snapchat, you can steal the snaps, so we’ve had systemic problems.
We’re protecting a secret in a phone while the theory is they’re all sandbox and the reality is they leak like a sieve.
Leon Fu: Yeah. Basically, you’re saying with Rivetz, anyone will be able to build an app that is as secure as Apple Pay. Is that basically your claim?
Steven Sprague: Absolutely.
At the end of the day, what we’re trying to build is how everybody from the consumer to software companies has carrier-grade security for the protection of their secrets. We know how to fix this. The SIM model was not always there.
In the early 1990s. I remember passwords for every long-distance phone call because we had 80,000,000 clone phones in 1994. In the transition from analog to digital, the industry put hardware security in handsets and fraud basically has gone to 0. It’s not entirely 0, but it’s really close.
Today, we have 5.4 billion happy phone users that dial the phone number, push send and don’t expect to have their phone calls stolen.
It’s only recently as we started to have SMS with 2-factor authentication, where people have been borrowing the SIM module in essence of the only security. That’s there where we’ve discovered that stealing phone numbers becomes an interesting business again.
Leon Fu: Okay. Tai, do you have anything else you want to ask from here?
Tai Zen: Steven, earlier you have been mentioned that you and your team have been working on Rivetz even before you heard about Bitcoins and cryptocurrencies and blockchains.
One of the things that’s always commonly asked in the community is whenever somebody tries to raise money to start a project that, what inspired you to incorporate the blockchain into the Rivetz product or service that you have?
Before you answer that, let me just share an example of MaidSafe.
From our research, Rivetz falls in the distributed computing enterprise solutions bucket or a sector of the cryptocurrency community, which is similar to MaidSafe.
They were a company that was trying to create a distributed cloud storage that’s decentralized for many years. It wasn’t doing so well until the blockchain came along.
Since then, they’ve had a way to incentivize people to volunteer their computer hard drive space to use in their network. That’s when I believe that they started taking off.
In their case, it made a lot of sense to incorporate the blockchain or cryptocurrency technology into their product or service that they had been working on long before Bitcoins and cryptocurrencies came along.
Steven Sprague: Sure actually, let me step back even further.
For the better part of a decade, we were trying to build the infrastructure using public key infrastructure for trusted computing.
One of the great challenges is how you build a database where the keys cannot be altered or changed.
In order to that, you have to build a carrier-grade back office because you have to have the cybersecurity controls around the servers to prevent the keys from being stolen. If I log in and download all the keys, you can steal everything.
I’ve been looking for a long time in my career for the infrastructure that would marry up with these billions of devices that now have hardware security in them.
Literally the first time I read Satoshi white paper and then had a conversation with a bunch of people who knew what Satoshi white paper was at the Miami Bitcoin conference was that moment.
I walked out of the Miami Bitcoin conference with a very clear picture that these technologies belong together.
Now, I’m not the only person. You can look at things like the Hyperledger project with Sawtooth Lake with Intel. They’re integrating trusted execution by using Intel SGX with hyper ledger to do some of the transactions that they’re accomplishing.
The advantage for Rivetz is we’re bringing the consumer side of this equation. We answer the question of how we make the phones, the PC and tablets that you already have at home a part of this ecosystem. Ultimately, the consumer should own their little chain of keys that is their collection of devices.
So how is the consumer going to keep a key safe on the Internet? The answer is they don’t have to and Blockchain will keep it safe for them and make sure it’s not stolen or changed because it’s really about change, not the anonymity of that key
Last fall was the first time that we were able to actually commercialize the demonstration of what I’ve been talking about for a couple of years, which is how we do an attestation or this health and integrity test as part of a transaction.
In 2015, the Bitcoin community actually ran into a problem with New York state where New York state BitLicense was asking where your cybersecurity controls are for writing content to the blockchain.
You can’t prove by looking at just a chain entry as it was intended because you have no information about the protection of the private key.
What happens today is organizations like Goldman Sachs or a JP Morgan can protect a key because they have big iron wrapped around that key and can protect it with legacy cyber controls.
What we want to do is make it possible for that within your own device. When you marry trusted computing and blockchain, we get for the first time the ability to store on the ledger a provable cybersecurity control was in place as part of the transaction.
It’s taken a couple of years to build the technology necessary to do this. The company’s raised a couple of million USD in convertible debt. We’ve done over a million USD in contract revenue, primarily with the US government.
All most recent contracts were done with the Department of Homeland Security as one of their small business innovative research grants to explore how we use these technologies as part of priority access for carrier networks when networks are congested.
We have a really good foundation for these pieces. Recently, with the rise of the token sales, we think there’s an opportunity to fund the business model and deliver to the broader market proof that a cybersecurity control was in place, which really means hardware protection of all your token keys.
Leon Fu: Since you’re going to be selling a bunch of these tokens at ERC 20 tokens. Can you go through why we need this token now and how this token is going to be used in Rivetz?
Steven Sprague: The way our specific transaction works is we use the actual spend function with the token to carry the information for this reference health measurement and real-time health measurement.
The actual process of verification takes place either in a smart contract or actually natively within the blockchain script, which makes it very efficient.
We prototyped this and we’ve been very successful in using the command check segue from the stack, which was part of the original Bitcoin protocol but was taken out a number of years ago.
It might find its way back into the core protocol in the future, but right now it’s not there. However, it’s critical for us to be able to compare this reference to health versus real-time health. Therefore, functionally, we actually modify the chain to support it.
Secondarily, similar to some other projects that are out there, we want to store a little bit more data on the chain. It’s not like Factom where you want to store a document or something like that. We really want to store a few hundred more characters within the chain. We think that will be very useful to us.
At least in the medium term, this absolutely needs its own chain because the functionality isn’t there. We could sit around and wait for 3 or 4 more years and hope that the Bitcoin core decides to put these capabilities in.
Nonetheless, I think that we shouldn’t be waiting for cybersecurity. Cybersecurity should be built-in.
Leon Fu: Basically, the coin itself will do the rea-time health check.
Let’s say I have Rivetz app running in the Rivetz trusted execution environment. Does that mean that app also need some Rivetz tokens in order to do this health check and that’s where the value of the token is coming from?
Steven Sprague: Yeah, that’s correct. We’ll use it for a variety of other purposes as well because it’s handy as a store of value.
Its fundamental purpose is in actually the processing of the transaction of reference equal real-time and the performing of that test, so it’s integrated into the actual text of the token.
Leon Fu: If every one of these tests, let’s say, uses a coin or a fraction of a coin, you’re going need a chain that can do millions of or at least hundreds of thousands of transactions per second.
Steven Sprague: There are a variety of ways to achieve that. I think they cover the spectrum from the current implementation of what’s gone on with Sawtooth Lake for Hyperledger is a good example.
That’s where 2 trusted execution environments could actually perform really tens of thousands of transactions per second. It wouldn’t be a problem.
Then, we can go all the way to how to use some of the chains that are rolling up the transactions and executing a single transaction.
We have natural aggregation capability within the trusted execution environment as well, so a financial transaction doesn’t happen. It has to happen every time a test is done. It could be an aggregated number of tests.
Leon Fu: Okay. That makes sense.
Tai Zen: I do have some followup questions.
As we know, there are a lot of the token sales that are coming out of. They are just basically bogus white paper and summaries of wishlist. They don’t have an actual working product or software yet. A
One of the things got our interest when we were introduced to this was you actually have a working product.
I would like to ask what the purpose of the token sale is for? Is it for marketing? Is it to fund the outreach? Is it to get it into every user’s hands?
Steven Sprague: Yeah. It’s all of the above. I would say it’s the full commercialization of the product.
You could think of it as an advanced alpha or early beta product. It needs work to take it to the point where it has all the edge cases so that you’ll just comfortably use it every.
One of the things that are really important to me is the token represents for us and economic model for trusted computing that’s never been tried before.
In the past, these technologies have only been sold to the CISO. They were hoping CISO is going to deploy them inside a large enterprise.
Our mission is how to give this to a professional user or a power user so that they can deploy it on their device by themselves to make your G-mail account more secure than everybody else on the planet.
This technology is only going to finally penetrate the world organizations if we make it work on our devices and we take it to work, because waiting for the CISO to abandon network security as a wholesale switch is too hard. We have to show them the path.
I having done this for a long time. This is a completely a different approach to market these technologies into the global enterprise, not from the top-down, but actually from the roots up, which is how cell phones, laptops, and color came in.
This is a technology that deserves to follow that path of penetration into the enterprise.
Leon Fu: It sounds to me that the marketing effort has to be centered around developers integrating Rivetz technology into their apps.
For example, as an app developer, I did IOS development for 6 years. Your audience would be people like myself who actually integrate Rivetz security into the app set we’re building. Is that correct?
Steven Sprague: Absolutely. I think it’s the early way, even for any app developer if you want to see that this is starting to work and it’s something useful.
If you look at our go-to-market path, it’s using 2-factor authentication where I don’t have to talk to the developer yet and I can just make their application better.
It’s also using machine multi-sig where I don’t have to convince the token developer to incorporate Rivetz natively into their token.
As long as their token supports multi-sig, I can give this machine protection of the keys and health and integrity tests of the device and make that one of the legs of the multi-sig.
We think that our path to entry is we absolutely want to convert all the application developers to use this, but we need to clearly prove that this market is delivering value, which is where the revenue streams early on.
We’re trying to make sure that we have in our hands, controlled model. We’re not waiting for somebody else that allows us to start the revenue stream in this business and grow the ecosystem from that point for going forward.
Leon Fu: Okay. Correct me if I’m wrong.
If you can convince wallet developers to use Rivetz as you envision it, does that mean it would eliminate the need for me to use a Trezor to protect my private keys because the hardware device can do it itself?
Steven Sprague: Yeah, very much so. This is Trezor-like functionality in your handset with an equivalent level of security.
Their aspects are different because it is a general-purpose device. There are things where we’re probably more secure than Trezor and their places where Trezor is probably more secure.
There is a role for Trezor, Ledger and other devices for the long term because you’re going to want to store keys in a vault and you’re not going to want to put a $500 smartphone in the vault. You’re going to put your $100 Trezor, which is now a $500 Trezor in the vault.
I think those devices still serve tremendous value, but fundamentally you don’t want to carry one of these things around everywhere you go. You want to build into your phone.
By the way, I think as we think of utility tokens going forward like VPN or StorJ or MaidSafe as an example early on, you don’t want to have to go to your Trezor and get a code every time your device wants to access storage. You want your device to magically be able to do this by itself.
Therefore, we believe that providing a vault for keys with a policy wrapper around it that assures that the owner dictates how those funds are spent.
You can actually have very controlled money on a device, but you can only spend it on these 3 services and you can only spend $5 a week.
It really reduces the risk of a bot driving by and stealing money from your device.
Tai Zen: To make it simple for our audience, basically using Rivetz allows me to secure the private keys for my cryptocurrency and make sure that it’s safe.
But not only does it secure the private keys, but it also puts a policy wrapper on it, which mean I can put conditions on it.
I think you had mentioned offline that I can set one of the conditions that these cryptocurrencies can only be used or be sent out within 10 feet or 25 feet radius of this beacon.
If a hacker in China hack into my system and try to spend those Bitcoin, they are not able to do so because they are not within the beacon.
Am I understanding this correctly, Steven?
Steven Sprague: Yeah, absolutely.
I think that’s one of the things that excites us about a token, which is this little trust agent in your device could ask external systems for attribute services. As a result, we see an ecosystem growing up of partners.
We don’t want to have to be the only provider of all those attributes. You should be able to link to everything from Microsoft Active Directory to your Google back-office. You could make up almost any rule you want. All these external systems have API.
Tai Zen: Basically Rivetz allows a user to protect the private keys that he or she has and allows them to set these conditions.
You’re saying that Rivetz is not the organization that is going to create those conditions, but the developers such as Leon and other developers out there can create those conditions and add it on top. Is that correct?
Steven Sprague: Yeah, absolutely. The only person who’s in charge here is the owner. I think it’s really important to understand that because we’re talking about lots of controls and people are in Blockchain are very concerned about controls.
We’re not trying to provide controls from Rivetz perspective. We’re trying to enable the owner to assert controls, which, by the way, you already do.
You lock your keys up in a safe and you were the only person that knows the safe combination. I mean you can decide any rules you want and write them down on a piece of paper and follow them.
How are we going to do that automatically? Because the problem is devices are very promiscuous. How do you prevent a piece of malware emptying everybody’s wallet for a mysterium token?
That means you’re going to have to have humans dole out the tokens. We can’t trust the machine to keep the keys safe because it’s a store of value. We could extract all the keys, go sell them on the open market.
Tai Zen: We had discussed offline that cryptocurrencies such as bitcoin were good as a currency for the human transaction between one another.
Then, you had mentioned something very interesting that the Rivetz token is an attempt at being the currency for machines to communicate with one another.
Before you answer that, maybe Leon can comment on the difference between a currency that’s used between 2 human beings versus a currency that’s being used by 1 machine and another machine, so the audience would know why that’s important
Leon Fu: Yeah. I think what was in our offline discussions is when things are automated, especially between machines, there’s no way for 1 machine to validate the input from another machine is correct.
In other words, it means a hacker could come in and replace that machine with his own machine, then feed it with bad instructions.
I think that what Rivetz are trying to do is machines can assure each other what they’re doing is correct and they can start transacting with one another with certainty.
In case of a currency that’s used between 2 human beings, as long as we know each other then the transaction can happen.
Is this correct?
Steven Sprague: Absolutely. I want to be very careful about that. It’s very hard to make a sort of absolute claim of security.
We’re making a claim that the device is running as the owner expected and tested.
For example, the owner decides to measure these 10 things, These transactions will not go forward if those 10 things measurement comes back wrong.
Now, maybe it’s the 11 thing that steals all your money and there’s nothing we can do about that except for measuring 11 things.
However, at least we know that the device with these 10 things in place was running correctly when that transaction was done. As a result, we have better attribution.
One of the problems with blockchain is the nodes of the world are spread around everywhere, so they’re not running inside a network security fence and we can’t watch the traffic. We actually have to watch the formation of the instructions. That’s why cybersecurity control has to find its way into the devices.
Leon Fu: We use the case fingerprint sensor for example. Once you get the right partnerships in place, you can put a rule saying that you can only spend these coins if my fingerprint was read. That’s one idea.
Although that doesn’t stop a hacker from being able to steal my fingerprints and hack the fingerprint sensor, at least we know that the transaction was authenticated by a fingerprint sensor.
Can Rivetz assure such things like for a transaction?
Steven Sprague: Correct.
In the past, these transactions have been demonstrated. We haven’t done as much of it within Rivetz yet.
However, when we were at Wave Systems, we made technology work between trusted platform modules and self-encrypting hard drives.
You couldn’t unlock your self-encrypting hard drive if your PC’s BIOS had been altered.
There are things like that that were relatively straightforward to do and the principles of them are straightforward.
This is about driving momentum into the market and showing that the hardware is really finally being put to work.
Rivetz mission is to become one of the pure-play companies that are going after how to build a blockchain infrastructure both for the operational side and a new economic model that helps put this equipment into use.
The manufacturers who have been storing birth certificates for devices for years, but there’s no mechanism for them to get paid in its consumption. You could clearly see how a token could be used to compensate a manufacturer of a memory chip.
A few pennies is huge margin to them yet as an owner of a video camera, you might want to know that the baby cam is actually running the right software before you put it in front of your brand new baby in the crib.
The value opportunity is tremendous for the industry.
Leon Fu: I think what you’re saying is it’s really moving security down to the hardware level rather than all these software schemes trying to protect our secrets.
Is that correct?
Steven Sprague: Yeah, very much so. We took a decade as an industry to put hardware security into the devices. What Rivetz is trying to build is how to put those devices to work for us.
We’re already own the hardware. It’s in our hands. We’re not projecting that you got to go buy new devices. It’s already there.
Now, it’s time to turn it on and put it to work because it’s crazy that we’re worrying about things like SMS 2-factor authentication not working when we got a perfectly good piece of hardware inside the phone or in your PC that would do it for you.
Leon Fu: Okay.
Tai Zen: That’s all the questions I have as far as the use in the product and the service for Rivetz.
If you have any other questions, Leon, I have some questions about the token sale.
When does the token sale for Rivetz actually begin?
Steven Sprague: So it’s July 25th, 5 pm UTC.
Tai Zen: I just want to share some of the challenges of some of the recent token sales that’s been coming up and how you plan on addressing them.
First of all, are you guy going to have a capped or uncapped token sale?
Steven Sprague: This is the hard cap sale where we’re we are going to mint 200,000,000 total tokens.
There’ll be 70,000,000 tokens sold in the sale. There will be a bucket of 60,000,000 incentive tokens of which half of them will be unlocked initially. The other half is locked for a year.
The remainder 70,000,000 tokens will be for future use. 10,000,000 will be unlocked initially. The balance will be locked 20,000,000 for 1 year, 20,000,000 for 2 and 20,000,000 for 3 years.
Our philosophy on this is very straightforward. We’re selling 70,000,000 tokens to the marketplace and we think that tokens should play an important role in the marketing and incentive of the ecosystem.
However, I think we should be very conservative in the use of those and let’s get the technology into the market and then use the tokens to support that ecosystem as this rolls out.
Our job here is to make sure that the purchaser of these tokens has value and not to dilute the marketplace.
Therefore, we’re very focused on how do we deliver value both initially and then over the longer term. I think it’s really important in these systems that you have a clear-paint plan for that.
It’s been interesting having conversations with people about the market cap. I view the tokens that are not in distribution as basically inventory sitting on the shelf that is effectively carried at 0 value until you actually sell it. That’s sort of my mental image of it.
Tai Zen: Since you said a lot of numbers fairly rapidly there, you’re saying that there are 200,000,000 available Rivetz tokens and 70,000,000 of that is going to be sold off to the public. Correct?
Steven Sprague: Correct.
Tai Zen: Then, you said that another 60,000,000 of that will be set aside to help for marketing and for the PR campaign of Rivetz. Correct?
Steven Sprague: Correct. And support partner as well.
If you have a developer who builds an application, you might want to seed them in the early stages with some additional tokens to let them survive while their service comes up and comes online. I think is a really great use of tokens as an example.
Tai Zen: Then, out of that 60,000,000, you said that 30,000,000 will be readily available after the token sale, but the other thing that will be locked up until the 2 years. Is that correct?
Steven Sprague: Yes, correct. They’re locked up for 12 months.
Tai Zen: So we have 70,000,000 tokens left?
Steven Sprague: Yeah. 10,000,000 are available right away. The balance is 20, 20 and 20 locked up for 1 year, 2 years and 3 years.
Tai Zen: Basically, among the 70,000,000 that’s a remaining, 10,000,000 of it will be used immediately to actually for the operations and the building of the Rivetz.
There will be a locked up in tranches of 20,000,000 each and they’ll be released on year 1, 2 and 3 after that.
The other question that I would have is recent all the Ethereum ERC 20 tokens run out extremely quickly. Even veteran crypto people like I and Leon haven’t been able to get into it. There are people that have paid large sums of mining fee get their transactions in front of everybody else.
Are you considering doing something like presale to prevent that from happening? Could you explain to the audience how that works?
Steven Sprague: Yeah. We’ve done a presale for potentially larger buyers. The way we structured that is in the presale tokens, you would have a bonus attached to them, but you were required to have at least 150 Ethereums as a minimum as well as the maximum amount.
In the actual crowd sale, there is a maximum today that set at 100,000 Rivetz tokens, which is about 300 Ethereum, because we’re on a fixed conversion ratio of 0.003 Ethereum to a single Rivetz token.
The same bonus that we’re providing to the large players in the presale will be offered to the first 7,500,000 tokens sold in the crowd sale. Then, the bonus will decline. Any tokens not sold in the presale will carry no bonus then in crowd sale once it starts.
Tai Zen: Basically, out of the $70 million that’s available to the public, you’re saying that the 7,500,000 carries a bonus if someone decides to participate and purchase them during the presale a time period.
Steven Sprague: Now let me be clear that the first 37,500,000 that are sold in the presale carry a bonus. If we don’t sell all 37,500,000, then those will be tagged on with no bonus to the crowd sale.
Because we want to have the small buyer have the same benefit as a large buyer, When the crowd sale goes live, the 7,500,00 of the crowd sale will carry the same bonus that was in the presale. However, there is a maximum, so it’s very hard to buy a big position in the crowd sale.
There’s no perfect way to do this, but we think this is the right way to maintain an orderly business in the presale. Then, realistically, in the crowd sale, if you want to buy a big position, you really should have done it in the presale as opposed to trying to buy a big position in the crowd sale.
Tai Zen: Can you describe how the purchase of the tokens operates?
Steven Sprague: We’re accepting Ethereum only to keep it as a simple process. All the advice we got from everybody involved in this keeps it simple, so everybody can understand what it is and there’s not a lot of hanky panky going around in different deals.
Therefore, if you want to make a purchase, it has to be purchased in Ethereum today.
Tai Zen: Do you have a public Ethereum address for everyone to send the Ethereum to?
Steven Sprague: The contract address will be made public on the 25th of July because there’s no point in funding it before then.
If anybody’s interested in a presale, they can send an email to [email protected] and we’ll send them an email invitation to that address. They can see it.
Steven Sprague: What’s important also from a security perspective is to check the signature of the webpage. All of our webpages are SSL-based. They’re all signed, so you can validate the address on that page.
Steven Sprague: I think it’s an important piece of the puzzle. From a company perspective, we’re supporting the product side of it. We will certainly support the ecosystem having adaptability in the marketplace, but I think it’s important that that’s done by the ecosystem in a manner that’s consistent with how the overall environment puts it together from a legal perspective.
It’s not the job of a company to provide a secondary market. That’s the job of exchanges and others that are out there. Therefore, we’re certainly not running an exchange. We’ve taken the steps to make it a simple process so that if an exchange chooses to list us, they can.
Tai Zen: I’ve seen other Ethereum-based token sales in the past. They are very simple. You just went there and sent Ethereum to their address.
Then, I’ve seen Lunar that was extremely difficult to buy. You had to go through a lengthy process just to send Ethereum to them.
Are you guys going to have like a portal or a login for the participants?
Steven Sprague: We would prefer to collect people’s email so that we can communicate with them.
The only process in the presale is we’re emailing you a link and your email is captured as part of a unique identifier so that we can communicate with those people that we’re buying, or at least we have a validated email.
In the crowd sale, we’ll just request that you type in your email. We can’t prevent you from typing in an incorrect email, but then you won’t get any information from us.
It’s our only mechanism to communicate with our buyers about the product, its available uses, and new and exciting announcements.
We strongly suggest providing an email address is quite useful. That’s been our focus. We’re trying to keep it straightforward and simple, but also with the right security wrapped around it so that it meets our needs from a legal construct as well as from the marketplaces.
As you can see, we’ve gone down the path of having the right infrastructure and partners to help us make sure that we’re approaching this in a manner that protects everyone who’s involved.
Tai Zen: When does the token sale last?
Steven Sprague: It starts on the 25th and it runs for a month, so it ends on August 24th.
Tai Zen: Okay. So for 30 days then?
Steven Sprague: correct.
Tai Zen: Okay. Now on your website, it says that the presale is available and please contact [email protected] Is that a different address?
Steven Sprague: That is correct. I gave you the wrong email address.
Rivetz is a Delaware corporation and we’ve set up an offshore organization actually run this sale so that we can properly support the international transactions that come out of it, and we did that over the course of the last month.
Rivetz international is properly executing the transaction.
Tai Zen: So rivetzintl.com is a correct at domain?
Steven Sprague: That is the correct domain for Rivetz
Tai Zen: If anyone is not sure, they can go to Rivetz.com and click on the token sale link. It’ll take you to the correct website.
Steven Sprague: We’ll have a proper domain cert on our crowdsale as well, so you’ll be able to see the green bar and the company’s name at the top.
Most people haven’t done that. It takes a number of days to get a proper verified certificate. They cost a thousand bucks versus a free cert. It’s huge deal, but it provides much better legitimacy to sites.
I would strongly recommend that people do that ahead of time because it’s one of the things you can’t do last minute.
Tai Zen: Do you have any other questions about the token sale Leon?
Leon Fu: No, that’s it for me. That’s pretty much all the questions I had.
Tai Zen: Okay. That’s all the questions I have for now also.
Steven Sprague: Now, I think it’s great. Thanks for having me on your show. I would just say that as people participate in and buy different tokens and utility tokens and you think about all these projects, we need to support the security ecosystem as we support the rest of the ecosystem because security is what protects the value in the long term.
Tai Zen: Do you have any support or anything in case anybody confused by the token sale? Is a good contact, email or twitter that the users can contact for questions?
Steven Sprague: Yeah. We’ve lifted our twitter feed. I’m personally paying attention to Twitter. I’m @skswave on twitter.
I also have a telegram account which we just validated the other day, so there’s a good chain of my comments on telegram as well.
If you want to send us an email, my email is [email protected] You can send me an email and I’m happy to take your emails.
Tai Zen: Okay. Well, thanks for taking the time from Barcelona to join us on this interview. We’ll probably get it out later today after Youtube processes it.
Thanks for joining us also LeonFu.com. This will conclude the broadcasts about Rivetz.
Here are the sites mentioned in the video: