Token ring – a digital ID solution

The latest event organized by DIG ID (the Melbourne Digital Identity Meetup) featured a Q&A with Steve Shapiro, CTO of Token, moderated by Alan Tsen, General Manager of Stone & Chalk Melbourne. Given the current level of interest in solutions to address online fraud, ID theft, data protection, privacy and personal security, the discussion covered a lot of conceptual and technical topics in a short space of time, so here are some of the key points.

First off, Steve spoke about his start-up and tech journey, that took him from IM (Digsby, Tagged, Bloomberg IB), to cryptocurrency and digital wallets (Case), to digital ID with the Token ring. The pivot towards an ID solution came about after working on Case, where he realized that most consumers don’t understand private key management and the issue of permanence (as compared to the internet, where password re-sets are relatively easy, and often regularly enforced upon users).

If the goal is to provide fool-proof but highly secure end-user authentication, the solution has to focus on the “signing device”, by making it much easier than the status quo. Hence the combination of two-factor authentication (2FA) and bio-metrics to enable Token ring users to live key-less, card-less and cashless, and without having to constantly remember and update passwords. In short, the Token ring works with anything contactless, as long as the relevant permission/authentication protocol layer (challenge and response process) is compatible with the ring’s circuitry.

In assessing the downside risk, gaining consumer adoption is critical, to ensure that users see the benefits of the convenience combined with the credentialing power. Equally, success will depend on the ability to scale as a hardware manufacturer, and the potential to drive traction through virality.

There is still a lot of design work to do on the hardware itself (to enable assembly, customization and distribution as locally as possible). And the platform needs to bring on more partner protocols, especially in key verticals. At the end of the day, this is still a Blockchain solution, with a UX layer for the cryptographic component.

When asked about the future of ID, Steve felt that in the medium term, consumers will no longer have to carry around multiple cards or have to remember multiple passwords. Longer term, governments will no longer be the central authority on managing ID: unlike today, a driver’s license will no longer be the gold standard – instead, solutions will be based on decentralized, contextualized and user-defined ID.

This led to a discussion about Sovereign IDe-government and digital citizenship (e.g., Dubai and Estonia) – and the break up of big government in favour of more city-states. (Which could result either in a “small is beautiful” approach to self-governing and sustainable communities, or a dystopian nightmare of human geo-blocking, as in a film like “Code 46”).

For the tech buffs, the Token ring’s IC hosts a total of 84 components, including the main secure element (as with mobile phones and other devices), finger print reader, optical scan, Bluetooth, NFC, accelerometer, MCU, Custom inductive charging etc.

Finally, there was a discussion about the risk of cloning, mimicking or breaching the unique and secure ID attributes embedded in each Token ring. While it is possible for users to encrypt other knowledge components as part of their individual access verification and authentication (e.g., hand gestures), there is still a need to rely upon trusted manufacturers not to corrupt or compromise the secure layer. And while the public keys to core protocols (such as credit cards and swipe cards) are maintained by the protocol owners themselves and not stored on the device or on Token’s servers, it will be possible for other third parties to on-board their own protocols via a SDK.

Next week: Startup Vic’s EdTech Pitch Night

 

 

Personal data and digital identity – whose ID is it anyway?

In an earlier blog on privacy in the era of Big Data and Social Media, I explored how our “analog identities” are increasingly embedded in our digital profiles. In particular, the boundaries between personal/private information and public/open data are becoming so blurred that we risk losing sight of what individual, legal and commercial rights we have to protect or exploit our own identity. No wonder that there is so much interest in what blockchain solutions, cyber-security tools and distributed ledger technology can do to establish, manage and protect our digital ID – and to re-balance the near-Faustian pact that the illusion of “free” social media has created.

Exchanging Keys in “Ghostbusters” (“I am Vinz Clortho the Keymaster of Gozer”)

It’s over 20 years since “The Net” was released, and more than 30 since the original “Ghostbusters” film came out. Why do I mention these movies? First, they both pre-date the ubiquity of the internet, so it’s interesting to look back on earlier, pre-social media times. Second, they both reference a “Gatekeeper” – the former in relation to some cyber-security software being hijacked by the mysterious Praetorian organisation; the latter in relation to the “Keymaster”, the physical embodiment or host of the key to unleash the wrath of Gozer upon the Earth. Finally, they both provide a glimpse of what a totally connected world might look like – welcome to the Internet of Things!

Cultural references aside, the use of private and public keys, digital wallets and payment gateways to transact with digital currencies underpins the use of Bitcoin and other alt coins. In addition, blockchain solutions and cyber-security technologies are being deployed to streamline and to secure the transfer of data across both peer-to-peer/decentralised networks, and public/private, permissioned/permissionless blockchain and distributed ledger platforms. Sectors such as banking and finance, government services, the health industry, insurance and supply chain management are all developing proofs of concept to remove friction but increase security throughout their operations.

One of the (false) expectations that social media has created is that by giving away our own personal data and by sharing our own content, we will get something in return – namely, a “free” Facebook account or “free” access to Google’s search engine etc. What happens, of course, is that these tech companies sell advertising and other services by leveraging our use of and engagement with their platforms. As mere users we have few if any rights to decide how our data is being used, or what third-party content we will be subjected to. That might seem OK, in return for “free” social media, but none of the huge advertising revenues are directly shared with us as ordinary end consumers.

But just as Google and Facebook are facing demands to pay for news content, some tech companies are now trying to democratise our relationships with social media, mobile content and financial services, by giving end users financial and other benefits in return for sharing their data and/or being willing to give selected advertisers and content owners access to their personal screens.

Before looking at some interesting examples of these new businesses, here’s an anecdote based on my recent experience:

I had to contact Facebook to ask them to take down my late father’s account. Despite sending Facebook a scanned copy of the order of service from my father’s funeral, and references to two newspaper articles, Facebook insisted on seeing a copy of my father’s death certificate.

Facebook assumes that only close relatives or authorised representatives would have access to the certificate, but in theory anyone can order a copy of a death certificate from the UK’s General Register Office. Further, the copy of the certificate clearly states that “WARNING: A CERTIFICATE IS NOT EVIDENCE OF IDENTITY”. Yet, it appears that Facebook was asking to see the certificate as a way of establishing my own identity.

(Side note: A few years ago, I was doing some work for the publishers of Who’s Who Australia, which is a leading source of biographical data on people prominent in public life – politics, business, the arts, academia, etc. In talking to prospective clients, especially those who have to maintain their own directories of members and alumni, it was clear that “deceased persons” data can be very valuable to keep their records up to date. It can also be helpful in preventing fraud and other deception. Perhaps Facebook needs to think about its role as a “document of record”?)

So, what are some of the new tech businesses that are helping consumers to take control of their own personal data, and to derive some direct benefit from sharing their personal profile and/or their screen time:

  1. Unlockd: this Australian software company enables customers to earn rewards by allowing advertisers and content owners “access” to their mobile device (such as streaming videos from MTV).
  2. SPHRE: this international blockchain company is building digital platforms (such as Air) that will empower consumers to create and manage their own digital ID, then be rewarded for using this ID for online and mobile transactions.
  3. Secco: this UK-based challenger bank is part of a trend for reputation-based solutions (e.g., personal credit scores based on your social media standing), that uses Aura tokens as a form of peer-to-peer or barter currency, within a “social-economic community”.

Linked to these initiatives are increased concerns about identity theft, cyber-security and safety, online trust, digital certification and verification, and user confidence. Anything that places more power and control in the hands of end users as to how, when and by whom their personal data can be used has to be welcome.

Declaration of interest: through my work at Brave New Coin, a FinTech startup active in blockchain and digital assets, I am part of the team working with SPHRE and the Air project. However, all comments here are my own.

Next week: Investor pitch night at the London Startup Leadership Program

The FF17 Semi Finals in Melbourne

As part of the recent Melbourne Startup Week, Next Money hosted the Melbourne heat of the FF17 pitch contest, to decide which local FinTech startup will compete at the FF17 finals in Hong Kong later this week.

screen-shot-2017-01-15-at-8-15-03-pmAt the outset, I should declare an interest, as I myself was one of the pitch contestants, but hopefully that doesn’t preclude me from commenting on the event. The competing startups were as follows (as listed on the event Meetup page):

AirWallex

This payments solutions provider has featured in my blog before. Since the last time I saw AirWallex pitch, the market for cross-border remittance and payment solutions has drawn a lot of attention. First, the growing opportunity for exporters to market products and services to Chinese consumers and tourists means that payment platforms like AirWallex (and others like Novatti, LatiPay and Flo2Cash) are partnering with Chinese payment gateways such as WeChat Pay, AliPay, JDPay and Union Pay). Second, cross-border remittance services has become a key use case for Bitcoin and other digital currencies (as evidenced by the recent partnership between Novatti and Flexepin).

Analyst Web

Still in private beta, Analyst Web is aiming to disrupt the market structure (and payment model) for equity research. By enlisting qualified CFAs to write bespoke investment reports on listed companies, then distribute them via subscription services, Analyst Web claims to be bringing quality, objectivity and value for money to this investor service. Currently, investors have to rely on either brokers (who may offer “free” reports to their clients under soft dollar arrangements) to provide research on individual stocks; or subscribe to independent research houses (such as Morningstar). Typically, neither brokers nor the research houses cover the full market – tending to focus on the bigger stocks and those included in benchmark indices. Of course, companies themselves use investor relations services to issue commentary on their market performance and prospects, but these communications perhaps lack objectivity. There are also other models, such as the ASX Equity Research Service, whereby research providers are “sponsored” by the stock exchange to provide reports on qualifying companies to boost market coverage. Some of the challenges Analyst Web will need to overcome are: investor willingness to pay for research; market credibility and acceptance of their reports; and sustainable financial models that appropriately compensate the analysts without compromising independence and objectivity.

Proviso

Proviso has also been mentioned in my blog before, and they continue to impress with their solution to take friction out of the documentation processes for loan origination, and their ability to secure more financial institutions as clients. In my previous commentary, I noted that Proviso risked being disintermediated by an industry-owned utility. While I still think that is a possibility, I also see that the combination of Blockchain solutions (for distributed ledgers and bank data feeds) and more open APIs for financial data and account information may mean that customers themselves may be empowered to drive the process, since it will be easier for them to demonstrate their creditworthiness and establish their cashflow status, but also have better control over the disclosure of their data.

DragonBill

DragonBill, an invoicing solution for SMEs, is yet another of the FF17 contestants to appear in my blog, most recently when they presented at Startup Victoria’s regular pitch night. In addition to offering both direct payment and escrow options for micro-businesses and sole traders, DragonBill continues to mine an interesting niche market among sports clubs and associations – the reason being that many club members are themselves sole traders. As part of its future developments, the business is scoping a solution to help clients manage their superannuation obligations, and to provide informed advice on cashflow management.

BreezeDocs

Similar to Proviso, BreezeDocs is a document automation solution for lenders, although currently focusing on mortgage origination. And like Proviso, at the heart of the solution is the ability to streamline the extraction and processing of data from customer documents. On top of a core OCR capability, BreezeDocs also claims to be using machine learning to train their systems on different document types, formats, structure and content. Despite the use of ETL processes within financial institutions, the disparate nature of financial products and documentation; the way customer, product and transaction data is often maintained in different systems; and the fact that customers will often have accounts and products with different providers can undermine the need for standardised processes.

Vestabyte

As I commented in my previous blog, equity crowding may be about to come into its own as a way to connect investors with entrepreneurs and startups. Vestabyte are certainly enthusiastic exponents of this method for raising capital, but legal constraints mean that their platform still has to operate under a unit trust model, rather than offering access to investments in the form of direct shares in specific assets, companies or ventures. This may change if the proposed legislation can get through Parliament, although it’s far from being a done deal. But in the absence of formal legislation, it sounds like a great opportunity for a FinTech startup seeking funding to test ASIC’s first licensing exemption under its sandbox regime….

coHome

By their own admission, coHome is very much a nascent business – one that is still defining its customer offering. At its heart, this shared ownership service provides a matching service for aspiring property owners, along with some standard documentation for a co-ownership agreement, known legally as a tenancy in common. With multiple parties to the property transaction and mortgage application, coHome aims to streamline the process, make it easier for buyers to connect with other interested parties, and provide customers with appropriate legal safeguards. It’s clearly an admirable objective, and one that deserves to gain attention. But monetizing the service may prove challenging, unless coHome takes a commission from the mortgage providers, lawyers and conveyancers?

BugWolf

Not strictly speaking confined to the FinTech sector, nevertheless BugWolf, a tool for managing user-acceptance testing, has managed to gain traction with at least one of Australia’s Big 4 banks. Using gamification, competitions and other techniques to recruit, engage and manage teams of testers, BugWolf claims to support all aspects of functionality testing across software, websites and mobile apps. Combined with robust reporting and analytics, BugWolf can also help clients achieve shorter product development cycles.

Brave New Coin

I joined the team at Brave New Coin (BNC), a provider of market data for digital assets, in early 2016. So, it was the first time I have pitched, outside of hackathons, client presentations and sales conferences. And the fact that BNC was a last-minute confirmation for this event made it an even more interesting experience. Established about 3 years ago by a team of founders with an interesting mix of publishing, Bitcoin and full stack development experience, BNC has built a suite of data APIs (market prices, indices, exchange rates and analytics) for Bitcoin and most other crypto-currencies and Blockchain assets. While the APIs are typically used by developers, the growing interest in digital assets among brokers, investors and asset managers means that market data on these new asset classes is in demand, and BNC is busily building distribution partnerships and subscription deals with traditional brokers, market data vendors and exchanges. Recent price fluctuations for Bitcoin may suggest continued speculation in this currency, but the launch of investable and tradeable products such as CFDs, futures, ETFs and other derivatives also suggest that digital assets are starting to achieve broader market acceptance.

BankVault

Unlike other solutions to defeat hackers and hoaxers (e.g., anti-virus software, spam-filters, VPNs and proxy servers), BankVault uses virtual machine technology to protect customers’ bank details when they transact online. This means a “new and instant” machine is created for one-time use only, each time a customer launches the BankVault service. Offering both individual subscriptions and enterprise solutions, the business is in the process of launching in the USA.

Conclusion

The winner, based on the judges’ votes, was BugWolf, which came as something of a surprise to a number of the other contestants, myself included. Without wishing to sound churlish, this event was supposed to be about the future of finance (hence FF17…), so it would seem reasonable that the winner would be based in FinTech (as opposed to TechTech?). The result (although highly deserved and based on an impressive pitch), also reinforced my sense that this event did not draw the “usual” FinTech or startup audience in Melbourne, based on the many pitch nights and meetups I have attended over the past few years. From my perspective, neither was it an investor audience, nor a capital markets audience, meaning I wasn’t really sure who I was pitching to. I’m hoping that the organisers will reflect on this event, and look to make some changes for next year.

Next week: A few rules on pitching

Level 3’s Enterprise #Pitch night

As part of the recent Melbourne #Startup Week, IT consulting firm, Versent hosted a B2B pitch event at their product development lab, Level 3. Introduced by Thor Essman, the judges for the evening were Grant Thomson from York Butter Factory, Paul Naphtali of VC fund Rampersand, and Carl Rigoni, Head of Digital at Australia Post. It presented a very focussed cohort of enterprise solutions, that covered employee comms and engagement, design thinking and cybersecurity.

Screen Shot 2016-07-03 at 2.14.42 PMPax Republic

Pax Republic is positioned as an employee engagement platform that grew out of the founders’ background in mediation. Recognizing that organisational change programs have a high failure rate, the founders explained that lack of project or employee data isn’t the problem; it’s a shortage of actionable insights and recommendations.

The solution offers text-based content and scripted dialogue combined with AI and online facilitators. Many traditional enterprise tools don’t work, either because they don’t reduce time and cost, or they can’t scale.

When asked if AI can measure sentiment or mood, the founders explained that the system makes use of emoticons to capture employee feedback plus keystroke analysis. In terms of a commercial model, the goal is to train up internal facilitators to deliver the service, rather than getting involved with specific change management projects.

The judges felt that the pitch needed to refine the problem statement and the solution proof points, as well as explain what makes this solution different. In particular, who is the buyer? It’s also important to tell the sales story, and expand on the risk transfer and pricing benefits.

Forticode

Forticode has developed an elegant and deceptively simple password protection solution, to remove the risk and costs of password resets for their corporate clients. Basically, it can support multi-factor authentication using colour coding and a randomized keypad, incorporating character sets as well as emojis.

It can provide context aware authentication, and native protection from endpoint hacking attacks, via a plug-in architecture and 3-factor authentication, using patented technology.
According to the founders, finger prints are immutable, but still do not provide 100% identity confirmation on touch screen devices.

There were questions from the judges and the audience about alternative solutions. Compared to an IPA gateway for trust and authentication or password aggregators, Forticode offers a much more robust solution and can support machine-to-machine verification.

The sales model is to target security teams within risk and compliance departments, and price on a per user per month basis. Importantly, there is no third-party software in the stack. And, there was even an offer to introduce the founders to Auspost….

Naked Ambition

With the tag line of “Always Be Creating”, Naked Ambition is a consultancy for innovation and design thinking. Their process is to focus on future needs, help clients get closer to their customers, and in doing so, help employees to leverage customer insights. The ultimate goal is to make design thinking skills ubiquitous. Naked Ambition’s aim is to embed the teaching in the organisations they work with.

The judges questioned who exactly is the customer, and what segments do they work in? There was also some discussion whether the service was more about personal branding and intrapreneurship, rather than pure solution design.

In particular, the judges wanted to know what gives Naked Ambition the “license” to offer their services? Despite hiring a leading design thinking expert from IBM, there was a sense that there is an oversupply of similar services, and that clients are not looking for yet another program. Instead, they are thinking about “buying units of innovation” for specific projects, as and when they need them.

Konnective

Last to present was Konnective, a business I have blogged about before. In short, this is an employee messaging app for frontline staff, many of whom do not have corporate e-mail addresses, let alone access to a their own desktop computer.

As part of the product development, Konnective now offers Groups, dashboards, analysis of what’s working and employee reach. Charging a basic annual fee per employee, Konnective has clients in mining, healthcare and manufacturing. The platform supports OH&S comms, promotes shift availability that can reduce agency hiring fees, and help reach hourly employees who don’t access corporate e-mail.

The judges asked about BYOD, and the risk of/resistance to having organisational data on personal mobile phones. Plus, why Konnective and not, say Yammer or Slack? These are answers that need to be made more explicit. Finally, Konnective is still working on data analytics, and there was a suggestion of opportunities among travel companies and tour guides, but that would require some multilingual capabilities.

On the night, Forticode won the judges over and took out first prize. This was the second of these events, and I look forward to attending more in future.

Next week: Startup Victoria’s #Pitch Night for #Startup Week