ICO Analysis: Rivetz International (RvT)

If you don’t like reading, this presentation by Rivet CEO Steven Sprague gives a pretty good overview of what Rivet is in the following video:

Rivetz International is focused on data integrity and security at the device level. They believe that a big problem with most cryptocurrency implementations is the inability to verify the intent of the user. We can know that the user sent a transaction, but we cannot know if they intended to do so. Rivetz expands the notion of the Trusted Execution Environment from something programmers should be aware of to something that all applications will be forced to reconcile. To do this, they want to build a “Global Attestation and Identity Network.”

The whitepaper is really disorderly. There seem to be a lot of recognizable names thrown in purely for that reason. After ten pages, we’re still overall confused as to what this thing is meant to do.

RvT tokens provide a new approach in the blockchain market designed to assure attestation and policy are fully integrated into the process. The TEE provides the policy enforcement on the device to assure the rules are followed. The processing of the token is designed to verify the integrity of the TEE assuring the poli cy was in place. It is a symbiotic linkage that is intended to embed the info mation necessary to prove that a known device in a known condition with a known user produced a provable instruction with strong privacy controls. A primary goal is that privacy is protected and all device – controlled transactions will only occur between parties known to the owner of the device. The identity information is tokenized in order to seek to assure tracking of transactions on a chain is not bound to a specific service. However, the RvT token will require that all parties are identified to the owner of the device reducing the risk that malware can extract value from the automated systems.

What the above means is that a device which is enabled with RvT technology simply cannot take certain actions without being legitimately in tune with device owner policy and network security checks. At a consumer level, this all seems too complex, but as investors we have to consider that there are things in here that other firms will find more useful than we can imagine from our standing. For instance, banks could utilize a public and secure network like RvT to ensure that some elements of their security are actually veritable and within the control of the user. Third-party applications of either a similar concept or implementations based on RvT are bound to happen as the Internet of Things makes hardware security more commonplace. Utilizing “jails” in computer architecture for the execution of highly sensitive instructions is a sensible first step in software design, regardless of advances in software-based solutions.

When an RvT-enabled device comes online, it is run through a series of checks which generate a “health” certificate. “The Cybercontrols Marketplace executes an owner-provided script to validate any external controls, Enterprise or cloud.” This means that you could have some document or domain somewhere that must be in exactly the same state it was in when you last touched it, or anything you want. The script is provided to the Cybercontrols Marketplace before the provider is allowed to use the ecosystem, so its security is also important, but it could be a powerful way to use the software in surprising ways. For instance, a script could notify you that your device was at this particular GPS location if a check didn’t pass. It could delete certain records, or automatically remove all access to the device. All of this can be more secure and less expensive than the options offered by Google and Apple today. There are some things which should not be left in walled gardens, owned by private companies. Security protocols and networking protocols in general are one of these things. Better security happens when certain things become impossible.

We also are introduced to a concept of “health checks” in Rivet. Health checks are a bit of a murky area for this writer, but essentially a set of tests are determined externally and internally, by vendor and user, to determine if a device is in a “healthy” state to conduct certain types of activities. While the technical details are interesting, from an investor perspective these should be more organized for our digestion. No matter, we are able to come up with this determination:

So what Rivet is building could be transformative or it could be too big to sail.

Huge Problem, Huge Potential

According to the Rivet whitepaper, $3 trillion in costs were generated in 2015 by cybersecurity compromises. They cite Cybersecurity Ventures for this figure, who also say it will double in 2017. Cybersecurity Ventures is a more recent effort by PeopleComm, the earliest rendition of LinkedIn for the technology industry. We checked these numbers, and what we found were a bit different. An ironic thing to note about Cybersecurity Ventures, on the surface, is that they do not even use the Secure Site Layer protocol:

Nevertheless, what their report actually says is the following:

Cybersecurity Ventures predicts cybercrime will continue rising and cost businesses globally more than $6 trillion annually by 2021. The estimate is based on historical cybercrime figures including recent year-over-year growth, a dramatic increase in hostile nation state sponsored and organized crime gang hacking activities, a cyber attack surface which will be an order of magnitude greater than it is today, and the cyber defenses expected to be pitted against hackers and cybercriminals over that time.

It’s not overly important, but it does lead one to wonder why the information was misused in the Rivet whitepaper, particularly in the “executive summary” section:

As you can see, on your first read it’s easy to think they’re saying $6 trillion per year. Let’s limit our enthusiasm for Cybersecurity Venture’s predictions, in any case – forecasting a strong market for cybersecurity is sort of in their job description. Let’s assume they are 90% over-estimating: that is still $600 billion in damages over a few years, with $100 billion being invested for security efforts. It does seem evident that with that much loot flying around, innovative ideas such as Rivet are going to rise to the top of the pile and see some engagement. Whether they are the right people for the job is really hard to pin down and perhaps outside the scope of these analyses, but for the reader’s benefit, we can review the people working on the project.

The Rivet Token

The rivet token itself will be used to bind devices to the global attestation network. As always, their acquisition is the cost of admission into the network. Envision firms buying up large blocks and reselling access. 200 million Rivets will be issued starting today but only 70 million are going to be available for sale, with another 70 million locked down for “future use.”

The article should almost end here. As regards the token sale economics, they are doing it all wrong. Too much trust is forced to be left in their hands. While the value of the token should theoretically be higher since it will be more scarce, this metric is generally best applied to things with already-established value.

Rivetz International

The company is headed by Steven Sprague and Michael Sprague, relation unclear. Michael acts as Chief Technology Officer and Steven acts as CEO. You can see Steven giving a speech at the top of this article.

In charge of engineering, they’ve got Sean Gilligan. According to his own tagline, “as an independent consultant and principal at Open Systems Development, Sean built networking and systems software products for companies such as Apple, 3Com, Novell, Silicon Graphics, and SUN Microsystems.” Hardly a big name left out of that. One guesses he forgot Google, Amazon, and Microsoft. Luckily, it’s not bullcrap. Gilligan’s Github profile at least vindicates that he is an active developer. While there is valid criticism in using such a metric to determine someone’s qualifications, when it’s evident, it’s evidence.

In concert with Greg Laun and Mark Hoblit, the Spragues apparently believe, Gilligan will build a team that will radically, transformatively change security in electronic devices and finance.

The Verdict

But, will they? The safe bet here seems to be: “wait and see.” Aside from red flags like the “pre-sale available” for those willing to spend “150 Eth” or more, and without regard for anything the firm has done, seen, or built, what you’re going to run into is a disparate industry which is eager to provide 100 solutions to the same problem. Rivet will be just one of them, and, to be very honest, probably not a very successful one. As such, either buy little or buy late.


The battle hardened author gets a bad feeling about the complexity of this idea. Not everything is solved through crowdfunding research. Successfully implementing this system seems like more work than anyone is predicting. We can understand that these things also happen organically, but there is likely to be a lot more momentum behind such organic efforts, ie, this sort of standard is the sort of thing that will be best done by a consortium of companies who will all benefit.

The R3 Blockchain Consortium would seem a good fit both for funding this company and for implementing its technology, rather than thousands of individual investors who likely do not understanding what they are funding. No one seems to question how Rivets play into R3’s “Corda” project. Of course, we can’t stop anyone from investing, and we can’t stop anyone from trying, we can merely point out that there appear to be far more legitimate, big-handed efforts in relatively congruent areas of thought already.

Growth Potential

There’s probably a lot more to this science project than meets the eye, and like as not, opportunities for profit will arise which surprise everyone.


However, the long-term value of RvT tokens is in the balance here, and we must suggest that such a value is not very high. Rivetz receives a 5.4 on a scale of 0 to 10 for its technical aptitude alone. The token itself loses 2 points from this score, landing it at 3.4. It would receive a higher rating if it could be reasonably believed that this token will be in hot demand sometime in the next 6 to 24 months, but there is no reason to believe that from here.

We will check in on them in February, after which they say on page 21, “the majority of the Blockchain and token based projects will benefit from integration with Rivetz capabilities.” On their FAQ page, they also say that by February: “Developer tools and the Rivetz 2 FA capability are expected to be delivered in the fall, and a machine multisig by the end of the year. We have a number of existing technology partners. ”

Investment Details

Rivetz opens its public sale today. Be sure to read all terms and conditions if you’ve got additional information the author hasn’t or just have a long-term good feeling about them. Clear details as to pricing and availability have not been made available at time of writing:

The correct address to access is https://rivetzintl.com/sale.


Website: http://phm.link

P. H. Madore has covered the cryptocurrency beat over the course of hundreds of articles for Hacked's sister site, CryptoCoinsNews, as well as some of her competitors. He is a major contributing developer to the Woodcoin project, and has made technical contributions on a number of other cryptocurrency projects. In spare time, he recently began a more personalized, weekly newsletter at http://ico.phm.link