The problem in a nutshell
We are rapidly evolving into a digital and decentralized society, where more and more of our daily transactions will take place on our mobile devices. In order to achieve the mass adoption of these transformative services, users must be confident, comfortable and feel safe to entrust their digital lives to new decentralized applications, and yet still retain full control over their assets and data.
However, there is currently a huge gap between the requirements of a truly digital world, and the security and safety levels offered by solutions available today.
How will this affect us all?
It is clear that the use of digital assets and identities will soon be considered as a standard, fundamental and essential part of our every-day activities. Importantly, our mobile devices will play a central role in supporting this transformation, and we will all need to take more responsibility for managing, securing, controlling our digital assets and identities on these devices.
Let’s take a more detailed look at digital assets and identities.
What is a digital asset? The definition of a digital asset is constantly changing as digital formats evolve and new ideas of our digital future emerge. However, it is fair to state that these assets will not only consist of financial instruments such cryptocurrencies or bank accounts, but will also include records such as the deed to a house, insurance policies, medical history, utility bills, personal data, cloud storage and social media accounts.
However, the digital identity may be considered to be even more important and sensitive than the digital asset. A digital identity is used to authenticate users in the online world, validating transactions from PCs, mobile phones and personal devices. As we expand the use of online services, the consequences of identity theft will become increasingly catastrophic, both in financial and personal terms.
Clearly, in order to absolutely trust the use of digital assets and identities, two critical criteria must be satisfied: security and safety.
By “security”, we mean that a digital asset or identity is not at risk, cannot be stolen or replicated, and that transactions cannot be compromised. The “safety” of a digital asset refers to the ability to recover that asset if the digital media on which it is stored is lost or damaged. For example, if private keys that are used to access a digital wallet are stored on a mobile phone and that device is lost, then there must be a method for recovering those keys.
Another important factor to be considered in our transformation to a digital world is usability. Access to the myriad of new applications and services must be made simple, intuitive and user-friendly so as to encourage the universal acceptance and adoption of these advancements.
FIX Network will address all of these factors — security, safety and usability — and provide innovative system architectures, products and services to drive the ubiquitous and practical use of digital assets and identities.
FIX Network — a short introduction
FIX Network is a joint venture consisting of five international companies that are innovation leaders within their respective industries of cybersecurity, telecommunications, mobile app development and business management. This team is uniquely positioned to design, deliver and implement solutions for securing our digital assets and identities.
More about the problem — we are already at risk
The security and safety of all our digital assets and identities is not only an issue that we will have to face in the future. In fact, we are all currently at great risk.
Let’s take a look at a real and dangerous threat that we face today — the vulnerability of our most important digital identifier — our phone number.
Apart from being a unique identifier for contacting each other via voice and video and for sending text messages — which in itself demands a high level of security — the phone number is becoming increasingly essential for providing authentication. Specifically, more and more companies and services have come to depend on smartphones as a secure device on which they may validate their users through procedures such as two-factor authentication, where verification codes are received through SMS texts. Anyone who controls the phone number may then be an authenticator, and by diverting incoming messages, scammers are easily able to complete the verification checks that protect our most sensitive accounts.
Because the personal phone number is such a valuable identifier, the “hijacking” of these numbers has become widespread, resulting in significant financial loss and personal damage to the victims. To carry out such an attack, the hacker convinces a carrier to switch a subscriber’s phone number over to a SIM card owned by the fraudster, or to issue a new SIM card with the same number to the fraudster. As a result of the SIM swap, the real customer’s mobile phone is disconnected from the mobile network, and that subscriber does not receive any services, including the all-important two-factor authentication SMS alerts. Instead, all traffic to and from the victim’s phone number is controlled by the attacker, and they have full access to calls, social media apps and, of course, security information such as one-time passwords received by SMS.
How is it possible that this critical digital identifier can fall into the wrong hands? The answer is simple. Phone numbers were never intended to be a way of confirming someone’s identity, and phone companies never had the mandate for securing their subscriber’s identities. Given the importance of this identifier, it is clear that the phone number should not belong to a mobile operator; instead it should be owned by the subscriber who will decide when, how and by whom that number may be used. If this were the case, then there would be no possibility of that number being re-allocated to anyone else without the express digital permission of the owner.
The future of digital assets and identities — ownership, control and cryptography
Expanding on the example of the phone number, in the future we will demand full ownership and custody of all of our digital assets and identities. It will then be up to each user to fully control all transactions, and decide how their personal data is to be used, accessed, shared, tracked and traded.
Given the fact that applications such as software wallets on our mobile devices will be central to managing our digital assets and identities and for executing transactions, the question arises: how will we secure these assets and identities?
Cryptography and the use of public and private keys will play a central role in providing security. For these encryption procedures to be successful, it is critical that the private keys must be kept secret, ensuring only the owners of those keys can decrypt content and create digital signatures.
In summary, the safety and security of private keys on mobile devices is an imperative for the advancement of these new digital services. The exposure of a private key, or the malfunction of a device may result in the complete loss of assets.
FIX Network will provide systems, solutions and applications to overcome these complex challenges, offering users full peace-of-mind in the new digital world.
The FIX Network solution — innovation at work
Because the mobile device is central and essential to our digital lives and will become even more so in the future, the FIX network architecture concerns itself with the two major elements involved in mobile connectivity — the mobile device itself, and the mobile operator that delivers services to these devices.
Regarding the mobile device, the foremost challenge is to ensure the security and safety of private keys that will be used by the applications running on these devices. A major innovation by FIX Network is to store these keys on the subscriber’s SIM cards using cryptographic-enabled applets on those SIM cards. This will enable secure access to our digital lives wherever we go, with cryptographic operations being executed by the SIM card itself, never exposing the private keys to the mobile device or a public network. In addition, to increase security, private keys may be segmented and distributed over multiple SIM-enabled devices, with each device storing only a portion of the shared key. This segmented/distributed architecture also facilitates the recovery of security keys if a device is misplaced or damaged.
An integral component of the FIX Network solution are “policies”, which are critical for managing the storage, use and recovery of digital assets and identities. These policies define the rules for governing our digital lives, and are configured by the end-user to suit their specific needs and requirements.
Mobile operators will play a central role in the FIX Network solution and the support of this policy architecture. Policies will be stored and secured by the state-of-the-art FIX Network distributed and decentralized blockchain infrastructure, and access to these policies from mobile devices will be via the existing cellular infrastructure in partnership with global mobile operators.
Policies — the rules for governing our digital futures
Policies are highly flexible and adaptable rules that allow users to define the usage characteristics of their digital assets and identities, such as how those assets are to be stored, used, accessed, transacted and recovered. These policies must be adhered to in order to authorize or accomplish a digital transaction. Policy rules will be configured by easy-to-use and intuitive self-service applications provided by FIX Networks and third parties.
Multiple policies may be defined for each user, with each policy being automatically implemented by the FIX Network platform depending on the specific transaction, application or activity being executed on the mobile device.
An important and powerful concept when defining policies is that of a “pool of SIM cards”. These SIM card pools promote and facilitate the innovative idea of multi-factor/multi-device authorization for transactions, which is a strategy that allows users to validate transactions by owning multiple devices, or including selected devices in their “trusted circle”, and involving these devices when authorizing transactions. Devices included in these policy pools may be any SIM-enabled consumer and/or IoT (Internet of Things) device.
Let’s take a look at some typical policies.
One of the most common and generic mobile applications will be the digital wallet, which will be used for storing cryptocurrencies and facilitating electronic transactions. User-defined transaction policies will provide a significant added level of security and flexibility to digital wallet technology. These policies may include parameters such as how many and which devices are needed for authorization, as well as listing the requirements that each device must meet to achieve authorization, such as the entry of a one-time password (OTP), or the physical location of the device.
For example, a simple policy applicable to a wallet may stipulate that outgoing currency transfers under the value of $100 may be authorized by the entry of a PIN on the owner’s mobile device. For transfers between the value of $100 and $1000, PIN authorizations are required on two devices, including both the owner’s and his wife’s mobile phones. Transfers of larger amounts require a third authorizing participant, that being a SIM-enabled device kept in a safe, where the entry of a one-time password is needed. In addition, the policy may include geo-fencing stipulations, demanding that this third device must be in a specific physical location for the authorization to be valid.
Another policy example is one defining the segmentation and recovery of private keys. This policy may stipulate that these private keys are to be segmented and distributed over five SIM-enabled devices in the user’s specified “trusted circle”, providing a significant measure of added security. In addition, the policy may include a key recovery provision, whereby three out of the five participants are required to complete 2FA (two- factor authentication) authorizations on their mobile devices in order to reconstruct and recover lost private keys.
FIX Network policies will also provide end-users with full, self-service control over their mobile connections, allowing those subscribers to create firewalls, define operational policies, as well as monitor and control the usage of resources and bandwidth. This means that, for example, parents will be able to ensure that their children do not have access to mobile connectivity between certain hours of the day.
The FIX Network solution — a global initiative, driven by the community
The problems to be overcome in our migration to a digital society are gigantic, and a global initiative is required in order to provide suitable and relevant solutions, products and services to achieve this transformation.
FIX Network is just that — an international, and community-based initiative, benefiting from and enjoying the invaluable contributions and encouragement from hundreds of experts, enthusiasts and supporters from all corners of the globe who share our vision. This superb pool of talent and knowledge will play a huge and indispensable role in driving the development, delivery and implementation of the FIX Network solutions.
To encourage community and industry participation, third-party integration and solution standardization, all of the apps provided by FIX Network will be open-source and include APIs (Application Program Interfaces) and SDKs (Software Development Kits). In addition, our security policy components will be released as open-source for rapid deployment by mobile operators worldwide.
Changing the world with the FIX Network vision
Our journey towards becoming a digital society is inexorable and accelerating, and there will be many challenges and risks along this road.
FIX Network has identified one of those major challenges — that of the security and safety of our digital assets and identities — and has chosen to develop and implement solutions to solve this critical issue.
We believe that we have designed the right architecture that will allow users to entrust their digital lives to the new and rapidly growing world of decentralized applications. In the near future, FIX Network will deliver innovative and comprehensive solutions that will help enable this transformation, and make the world a better and safer place.
We invite you to join us and support our vision.