A Trustee is an in-home, trusted computing device that automates the management of an unlimited number of keys on behalf of its owner. By doing so, the Trustee relieves its owner from the burden of managing passwords. Every member on the mesh has a Trustee, which is how we can ensure data security, trust and privacy for everyone. This approach delivers the strongest security with the highest convenience for all participants.
Where can I buy a Trustee?
You can pre-purchase your Trustee here. Alternatively, you may want to suggest to your employer to get your organization on the mesh, and to offer Trustees to all employees, partners, contractors, suppliers, vendors, customers and consumers.
About the mesh:
What is the mesh?
The mesh is the "trust network". Much like social networks, the mesh enables digital interactions between people and organizations. But unlike traditional social networks, the mesh does not target a specific application or mode of communication. Rather, it is designed from the ground up as a neutral platform to enable digital trust and privacy as a service to all other applications, websites, services and devices, for everyone and every organization.
How do I join the mesh?
The only thing you need to join the mesh is your personal Trustee.
Does the mesh require a subscription?
No, users do not pay a subscription to be on the mesh. Hushmesh charges organizations a small daily usage fee instead.
About "mesh in":
What does it mean to mesh in?
The "mesh in" experience is an easy, secure and password-free alternative to the antiquated "login" process. When you mesh in, you establish a secure connection between your personal Trustee and the website, app, device or physical location you are meshing in to. It eliminates the need for usernames and passwords, as your Trustee knows who you are and can negotiate secure access on your behalf, securely and automatically.
How do I mesh in?
To mesh in, click the "mesh in" button on a website or app. Instead of being asked for a username and password, you will be prompted to scan a "meshtag", i.e. a QR code. Snap the meshtag with the mesh-in app, and the website or app will let you in automatically.
Where can I mesh in?
You can only mesh in on websites and apps that offer the option to do so. Just like every network, the number of participants starts small before growing bigger. Hushsafe is a first sample application where you can mesh in to experience the convenience and security of the mesh. We will update a list of participating organizations on this website. Please check back often.
Why are in-home hardware Trustees needed? Couldn't it be done in the Cloud?
Trustees are dedicated trusted computing devices that manage the keys of a single household. This decentralized approach maximizes physical isolation and reduces global vulnerabilities typical of centralized systems. Placing the trusted hardware agent in the home of its users enables in-person enrollment and recovery, which eliminates social engineering and insider attacks that are impossible to eliminate any other way.
Why are in-home hardware Trustees needed? Couldn't it be done in a phone?
Trustees are always on, always connected, stationary, dedicated, trusted computing devices in the private home of their users. While today's phones do have security chips that can protect cryptographic credentials, phones are multi-purpose and have a much greater attack surface than single-purpose Trustees. Trustees also enables 24x7 monitoring, real time detection of disconnection and/or anomalous behaviors, and unencumbered software patches and update cycles. Phones get stolen and lost easily and often, and stationary Trustees enable reliable self-service enrollment and recovery with a new phone. Trustees manage their users' keys from within their homes, thereby grounding the entire mesh into a well-established privacy framework legally protected by the constitutions of most democracies around the world.
Why are Trustees the most secure approach?
Trustees are built on Microsoft's Azure Sphere, which sets the new standard for highly secured, internet-connected devices. Azure Sphere is the only solution that delivers the seven essential security properties for the future of connected devices. Trustees are built on a chip with robust hardware security, a defense-in-depth OS, and a cloud security service that actively monitors them and responds to emerging threats.
Trustees are running a small, hardened Linux kernel, and tiny single-purpose application code. The overall attack surface of the system is extremely small compared to today's domain-centric and disparate authentication systems. And because Trustees back up their own cryptographic keys in other, equally trustworthy Trustees, back-up and fail-over mechanisms are as strong and secure as the primary security mode.
As a globally distributed network of dedicated, homogeneous, trusted-computing devices, the mesh becomes a highly resilient decentralized cryptographic cybersecurity infrastructure that is simply not achievable any other way.
How can our organization add the mesh as an Identity Provider?
Please contact us at email@example.com to join our private pilot trials. Once commercially available, your organization will be able to join the mesh by simply adding the mesh as an OpenID Connect or SAML Identity Provider.
How can we add the mesh in experience to our product/service?
Please contact us at firstname.lastname@example.org to join our private pilot trials. Once commercially available, your organization will simply be able to get access to our public APIs.
How can we integrate your Trustee into our hardware device?
Please contact us at email@example.com. Although we do not expect to enter into hardware partnerships in 2020, let us know if you have a proposal that we should seriously consider.
What is FIDO?
From the FIDO Alliance website: "The FIDO Alliance is an open industry association with a focused mission: authentication standards to help reduce the world’s over-reliance on passwords." Translation: FIDO adds authentication factors to the traditional domain-centric username/password paradigm. FIDO is extra security bolted onto flawed legacy authentication.
Is the mesh a FIDO authentication method?
No, the mesh is a full-fledged Identity Provider and Trust Network, not just an additional authentication method. The mesh provides you with a pre-authenticated assertion of who the user is, which means that your organization no longer needs to authenticate mesh users at all.
On the mesh, strong authentication is built-in, not bolted on. Every access request comes from cryptographically-unique Trustees that are monitored 24x7, and certified daily.
Does FIDO enable cryptographic security and key management?
FIDO uses public key cryptography to add an extra authentication factor. It only does so upon explicit registration with a service by the user. FIDO does not enable any cryptographic capability beyond that, and requires users to handle registrations with each and every service on their own.
In contrast, each Trustee fully automates the management of keys on behalf of its user. The mesh enables the transition to using native keys, not just as an additional authentication factor but for all other purposes such as personal data encryption and/or signing. This is a critical step for upcoming blockchain-type systems (with tamper-proof and non-repudiation characteristics) that require that users handle their own private keys. None of this is contemplated by FIDO.
Will FIDO ever help secure all accounts for all users?
FIDO is an industry initiative focused on standardizing two-factor authentication for domain-centric identity systems, primarily to facilitate adoption by service providers. FIDO does not, however, address any of the increased burden and complexity put on end-users by the multitude of accounts and the patchwork of security point-solutions.
FIDO requires people to explicitly register their authenticator with each and every account they want to protect. Worse, the loss of an authenticator makes it harder for users to recover their accounts. The FIDO "best practices" recommend that services encourage users to register multiple authenticators to facilitate recovery. So users are expected to register multiple authenticators, with each and every service they use... No wonder two-factor authentication never really caught on with mainstream consumers, and never will with or without FIDO.
In contrast, the mesh requires a single self-service enrollment with your Trustee to enable all participating services to secure your accounts with it. You also keep your Trustee at home, which minimizes the risk of loss. And if you lose your phone, you can buy a new one and re-enroll once to recover all your accounts. The mesh also enable the same level of authentication, security and trust across all participating domain, thereby enabling entire digital ecosystems to be transact seamlessly.
Other miscellaneous questions:
What is your timeline for commercial availability?
Our Trustee are schedule to be production-ready in Q1 2020. We are planning to run pilot trials in Q1-Q2 2020. We hope to reach commercial availability in the second half of 2020. Early pilot partners will get preferred access to early commercial units.
What are PUPs?
Everybody loves hush-puppies. PUPs are utility tokens for potential, unspecified uses on the mesh. We believe Trustees are particularly well equipped to manage tokens, but the company does not guarantee that PUPs will be used for anything at this point in time.