Blockchain security firm True I/O raises $9 million
Carlsbad, CA-based blockchain firm True I/O has raised $9 million in a Series A investment led by Deal Box Ventures. It also changed from the original name Total Network Services (TNS) to True I/O to better reflect the primary purpose of the product.
The money will be used to accelerate the deployment of the firm’s Universal Communication Identifier (UCID). This uses a permissioned blockchain on the Interlife geospatial platform developed by Ripplzz.
While cryptocurrency gave investment opportunities to the masses, and money movement to criminals, it gave blockchain to business. It has taken time to understand how to use this technology, but real and secure applications are beginning to emerge. UCID is a good example.
The main purpose of UCID is to provide supply chain security for mobile or embedded devices – i.e. IoT. The firm works closely with the Telecommunication Industry Association (TIA) and uses the Mobile Equipment Identifier (MEID) to uniquely identify each mobile device – whether it’s a few phones or many thousands of industrial IoT devices for each customer.
The MEID becomes the token in the blockchain, immutably linking the physical device with its own electronic record, allowing the system to build an individual, secure and complete history for each device.
For a hardware supply chain, UCID can trace an individual device from the manufacturer, through the company that installs the device, to the end user. “You will get digital verification or signatures from every actor along that supply chain,” CEO Thomas Carter told me Security Week,” confirms that the person has interacted with that device in a permitted manner. Each actor knows exactly what has happened to the device so far and can be confident that it has not been tampered with; that is, it is not a fake device .”
The cryptographic link between each interaction along the chain means that the record is complete and accurate whether the device was manufactured locally or abroad.
This supply chain verification can also be applied to the software included on a device, proving that it has not been modified by a third party along the way. It can also be used to verify the continued health of the installed software. UCID can monitor the hash of the installed code on a continuous basis – either daily, hourly or even minutely – depending on the customer’s risk assessment of the device.
Any change to the hash will immediately indicate an intrusion attempt or other software bug that can be investigated and remedied by the customer before it becomes a serious problem.
The range of customer requirements – where some customers only have a few hundred units while others may have many thousands or millions of units – can be a challenge. True I/O addresses this in two ways. Firstly, it works with each customer to offer an individually tailored solution (so it can include SBOM verification if required); and secondly, it bases pricing on each individual contract.
“We make an assessment of each potential customer’s usage situation. We build out a high-level architecture of how the system can be designed, and then we make sure it makes financial sense for both the customer and ourselves,” explained Carter. Smaller claims may be based on a unit cost, while more extensive claims will be priced at the overall contract as agreed between True I/O and the customer.
Central to True I/O’s approach for UCID has been the use of standardization. The firm approached TIA with the idea of tokenizing TIA’s globally adopted identification system, MEID. TIA responded positively, and True I/O subsequently joined the group to help design their latest supply chain security standards. As a result, UCID now meets five of the eleven standards laid out by TIA’s SCS-9001.
A similar approach to collaboration and standards led to the Electronic Medical Mobile Application (EMMA), announced in June 2022. “We were able to secure the largest implementation of blockchain technology in the US government via Forward Edge AI, largely due to our standards approach and working with groups like TIA and GSMA,” said Carter.
Related: Blockchain Security Startup BlockSec Raises $8 Million
Related: Blockchain security firm CertiK raises $88 million at a $2 billion valuation
Related: Mastercard to acquire Blockchain Analytics firm CipherTrace
Related: Blockchain Security Startup Valid Network Raises $8 Million in Seed Round
