Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybersecurity Funding

Blockchain Security Firm True I/O Raises $9 Million

Total Network Services rebrands to True I/O and raises $9 million to accelerate deployment of product.

Carlsbad, CA-based blockchain firm True I/O has raised $9 million in a Series A investment led by Deal Box Ventures. It simultaneously rebranded from its original name Total Network Services (TNS) to True I/O in order to better reflect the primary purpose of its product.

The money will be used to accelerate deployment of the firm’s Universal Communication Identifier (UCID). This uses a permissioned blockchain on the Interlife geospatial platform developed by Rypplzz

While cryptocurrency gave investment opportunities to the masses, and money movement to criminals, it gave blockchain to business. It’s taken business some time to understand how to use this technology, but genuine and secure applications are beginning to appear. UCID is a good example.

The primary purpose of UCID is to provide supply chain security for mobile or embedded devices – that is, IoT. The firm works closely with the Telecommunication Industry Association (TIA) and uses the mobile equipment identifier (MEID) to uniquely identify every single mobile device – whether that’s a few phones or many thousands of industrial IoT devices for each customer.

The MEID becomes the token in the blockchain, immutably connecting the physical device with its own electronic record, and allowing the system to build an individual, secure and complete history for each device.

For a hardware supply chain, UCID can track an individual device from its manufacturer, through the company installing the device, to the end user. “You would get digital verification or signatures from each actor along that supply chain,” CEO Thomas Carter told SecurityWeek, “verifying that the person has interacted with that device in a permissioned manner. Each actor knows exactly what has happened to the device so far and can be assured that it hasn’t been tampered with; that is, it is not a spoof device.”

The cryptographic linkage between each interaction along the chain means that the record is complete and accurate whether the device was manufactured locally or abroad.

This supply chain verification can also be applied to the software included on a device, proving it has not been altered by a third party along the path. It can also be used to verify the continued health of the installed software. UCID can monitor the hash of the installed code on a continuous basis – either daily, hourly, or even every minute – depending on the customer’s risk assessment for the device.

Any change to the hash will immediately indicate an attempted intrusion or other software failure that can be investigated and remediated by the customer before it becomes a serious issue. 

Advertisement. Scroll to continue reading.

The range of customer requirements – where some customers have just a few hundred devices while others may have many thousands or millions of devices – could be a challenge. True I/O tackles this in two ways. Firstly, it works with each customer to provide an individually tailored solution (so it could include SBOM verification if required); and secondly, it bases the pricing on each individual contract. 

“We do an assessment of each potential customer’s use case. We build out a high-level architecture of how the system could be designed, and then we ensure it makes financial sense for both the customer and ourselves,” explained Carter. Smaller requirements could be based on a per unit cost, while more extensive requirements would be priced at the overall contract as agreed between True I/O and the customer.

Central to True I/O’s approach for UCID has been the use of standardization. The firm approached the TIA with the idea to tokenize TIA’s globally adopted identification system, the MEID. TIA responded positively and True I/O subsequently joined the comity to help design their latest supply chain security standards. As a result, UCID now meets five out of the eleven standards laid out by TIA’s SCS-9001.

A similar approach to cooperation and standards led to the Electronic Medical Mobile Application (EMMA), announced in June 2022. “We were able to secure the largest implementation of blockchain technology into the US government via Forward Edge AI, in large part because of our standards approach and working with groups like TIA and GSMA,” said Carter.

Related: Blockchain Security Startup BlockSec Raises $8 Million

Related: Blockchain Security Firm CertiK Raises $88 Million at $2 Billion Valuation

Related: Mastercard to Acquire Blockchain Analytics Firm CipherTrace

Related: Blockchain Security Startup Valid Network Raises $8 Million in Seed Round

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Cybersecurity Funding

SecurityWeek investigates how political/economic conditions will affect venture capital funding for cybersecurity firms during 2023.

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

Cyber Insurance

Cyberinsurance and protection firm Boxx Insurance raises $14.4 million in a Series B funding round led by Zurich Insurance.

Cybersecurity Funding

2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Compliance

The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...