New iPhone-Controlled Crypto Vault Promises 'Bank-Grade' Security

ConsenSys-backed Trustology has launched an iPhone-controlled crypto vault service it says is secure enough for financial institutions.

AccessTimeIconMar 27, 2019 at 12:00 p.m. UTC
Updated Aug 18, 2021 at 11:04 p.m. UTC

Presented By Icon

Election 2024 coverage presented by

Stand with crypto

Trustology, founded by technologists who previously worked at such banks as BNY Mellon, RBS and Barclays, has launched an iPhone-controlled crypto vault it claims is secure enough for financial institutions.

Announced Wednesday, the first version of TrustVault is available for download at the Apple UK App Store, and initially can be used to store ether, the cryptocurrency native to the ethereum public blockchain. Bitcoin and ERC-20 tokens that run on top of ethereum are to follow soon after.

  • Bitcoin Mining in the U.S. Will Become 'a Lot More Decentralized': Core Scientific CEO
    13:18
    Bitcoin Mining in the U.S. Will Become 'a Lot More Decentralized': Core Scientific CEO
  • Binance to Discontinue Its Nigerian Naira Services After Government Scrutiny
    05:10
    Binance to Discontinue Its Nigerian Naira Services After Government Scrutiny
  • The first video of the year 2024
    04:07
    The first video of the year 2024
  • The last regression video of the year 3.67.0
    40:07
    The last regression video of the year 3.67.0
  • Trustology closed an $8 million seed round late last year led by ethereum design studio ConsenSys and Two Sigma Ventures, a VC arm of tech-focused hedge fund Two Sigma Investments.

    At first blush, TrustVault might look like another crypto wallet phone app. But there’s a lot going on behind the screen: a clever combination of hardware security modules (HSMs) operated by Trustology with verification processes distributed among individuals at secure data centers.

    Spelling this out, Alex Batlin, Trustology’s founder and CEO told CoinDesk,

    “It allows you the ease of a mobile phone, but really what we always talk about is a TrustVault account. If you mention the phone, people think it's just a phone app. But that’s a bit like saying my bank account is just the mobile bank app. It looks like a simple app, but the real power is in the service behind that.”

    Indeed, like a bank, Trustology identifies its customers upfront, and if the phone is lost, the account can be recovered with the company since the private keys to the crypto wallet are not stored on the device.

    Yet involvement of humans in certain parts of the setup process doesn’t mean this is a typical cold storage solution, which can take up to 48 hours to get assets out, Batlin said.

    Once the user is on-boarded, TrustVault is almost entirely automated and takes a fraction of a second to move funds, he said, adding,

    “The problem with the person scenario is you absolutely reduce cyberattack, but you now increase the physical attack. Because in the end, an individual is just a very slow network connection.”

    HODL the phone

    A slew of blockchain phones has hit the market of late, such as the Samsung Galaxy S10 or the HTC’s EXODUS 1 and Sirin Labs’ Finney – and they all offer some method of storing keys.

    For example, Samsung's S10 touts what it calls “defense-grade Samsung Knox,” as well as storage backed by hardware and so on. But one suspects the goal for Samsung is ultimately the possibility of connecting to Samsung Pay in the future.

    For now, TrustVault is only compatible with iPhone because historically it’s the only phone with an enclave secure enough for this type of custody service, Batlin said.

    However, Android compatibility is coming soon, he said, in the form of the recently released Google Pixel 3 phone.

    “It has something called a Titan M chip which is very secure, more secure than the iPhone. So we will be working on an Android version, but it won’t be for every device; it will only be for the more secure ones,” said Batlin.

    The nuts and bolts

    Trustology has tried to put everything in hardware. “We took the tried and tested HSMs, which is what banks have been using for SWIFT network and many other very highly secure systems, but we customized the firmware,” said Batlin.

    When the app is launched, a cryptographic private key is created in the iPhone enclave, followed by bank-grade know-your-customer (KYC) process which ties the non-extractable key to the user’s identity. Note that this is not the same key that directly controls the user's funds.

    The next step is to create a key account with TrustVault, a request which is signed by the private phone key. A private key is then created inside the HSM and a “policy file," which associates the key inside the phone with the one inside the HSM.

    From there, the user’s public address becomes the equivalent of a bank account, said Batlin.

    “To move money you have to be able to sign the transaction with the key inside your phone and send it to us. We then load the appropriate policy file and then only if that key is mapped to the key inside the HSM do we re-sign that transaction with the real key inside the HSM.”

    In addition to the minimum viable product (MVP) being launched today, TrustVault is also being offered to financial institutions as a white-label service they can provide to their customers. Batlin said there is demand from top-tier and mid-tier banks.

    There will be a range of business models going forward (the early adopter MVP comes at a simple flat £4.99 a month subscription) depending in part on insurance, which Trustology is in the process of arranging, he said.

    Joseph Lubin, ConsenSys founder, described Trustology in a statement as “industrial grade security, but available to anyone” and added,

    “When it comes to crypto wallets, hot is the new cold.”

    Data center image via Shutterstock

    Disclosure

    Please note that our privacy policy, terms of use, cookies, and do not sell my personal information have been updated.

    CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. CoinDesk has adopted a set of principles aimed at ensuring the integrity, editorial independence and freedom from bias of its publications. CoinDesk is part of the Bullish group, which owns and invests in digital asset businesses and digital assets. CoinDesk employees, including journalists, may receive Bullish group equity-based compensation. Bullish was incubated by technology investor Block.one.


    Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.