Carlsbad, CA-based blockchain firm True I/O has raised $9 million in a Series A investment led by Deal Box Ventures. It simultaneously rebranded from its original name Total Network Services (TNS) to True I/O in order to better reflect the primary purpose of its product.
The money will be used to accelerate deployment of the firm’s Universal Communication Identifier (UCID). This uses a permissioned blockchain on the Interlife geospatial platform developed by Rypplzz.
While cryptocurrency gave investment opportunities to the masses, and money movement to criminals, it gave blockchain to business. It’s taken business some time to understand how to use this technology, but genuine and secure applications are beginning to appear. UCID is a good example.
The primary purpose of UCID is to provide supply chain security for mobile or embedded devices – that is, IoT. The firm works closely with the Telecommunication Industry Association (TIA) and uses the mobile equipment identifier (MEID) to uniquely identify every single mobile device – whether that’s a few phones or many thousands of industrial IoT devices for each customer.
The MEID becomes the token in the blockchain, immutably connecting the physical device with its own electronic record, and allowing the system to build an individual, secure and complete history for each device.
For a hardware supply chain, UCID can track an individual device from its manufacturer, through the company installing the device, to the end user. “You would get digital verification or signatures from each actor along that supply chain,” CEO Thomas Carter told SecurityWeek, “verifying that the person has interacted with that device in a permissioned manner. Each actor knows exactly what has happened to the device so far and can be assured that it hasn’t been tampered with; that is, it is not a spoof device.”
The cryptographic linkage between each interaction along the chain means that the record is complete and accurate whether the device was manufactured locally or abroad.
This supply chain verification can also be applied to the software included on a device, proving it has not been altered by a third party along the path. It can also be used to verify the continued health of the installed software. UCID can monitor the hash of the installed code on a continuous basis – either daily, hourly, or even every minute – depending on the customer’s risk assessment for the device.
Any change to the hash will immediately indicate an attempted intrusion or other software failure that can be investigated and remediated by the customer before it becomes a serious issue.
The range of customer requirements – where some customers have just a few hundred devices while others may have many thousands or millions of devices – could be a challenge. True I/O tackles this in two ways. Firstly, it works with each customer to provide an individually tailored solution (so it could include SBOM verification if required); and secondly, it bases the pricing on each individual contract.
“We do an assessment of each potential customer’s use case. We build out a high-level architecture of how the system could be designed, and then we ensure it makes financial sense for both the customer and ourselves,” explained Carter. Smaller requirements could be based on a per unit cost, while more extensive requirements would be priced at the overall contract as agreed between True I/O and the customer.
Central to True I/O’s approach for UCID has been the use of standardization. The firm approached the TIA with the idea to tokenize TIA’s globally adopted identification system, the MEID. TIA responded positively and True I/O subsequently joined the comity to help design their latest supply chain security standards. As a result, UCID now meets five out of the eleven standards laid out by TIA’s SCS-9001.
A similar approach to cooperation and standards led to the Electronic Medical Mobile Application (EMMA), announced in June 2022. “We were able to secure the largest implementation of blockchain technology into the US government via Forward Edge AI, in large part because of our standards approach and working with groups like TIA and GSMA,” said Carter.