RKVST Inc., a startup that provides a service for managing digital supply chains, has added a public attestation feature to its product as part of a broad set of updates that also includes support for multitenancy and verified domain names as well as batch transaction features.

The updates were announced Jan. 18. The company, whose name is pronounced “archivist,” sells a software-as-a-service application based on the blockchain that enables organizations to build evidence trails for digital supply chains. The need for verified tracking has grown in the wake of supply chain disruptions incurred by the COVID-19 pandemic and the increasing incidence of software supply chain attacks, which target software during development, testing and distribution.

Aqua Security Software Ltd. last year estimated that software supply chain attacks grew more than 300% in 2021. More than 80% of respondents to a survey early this year by machine identity management vendor Venafi Inc. said their organizations are vulnerable to such attacks.

Trust simplicity

RKVST was formed to address the lack of scalable trust infrastructure, said Jon Geater, the company’s co-founder and chief product officer. “If you have a business that relies on data flowing from one company to another there is a lot of overhead associated with verifying that the data is reliable and auditable,” he said. “We get brought in when companies have to have verification and email and DropBox doesn’t work anymore.” The company is also addressing small firms that can’t afford the staff and infrastructure needed to build their own networks.

Public attestations are digitally verifiable declarations by witnesses that an act was performed within legal guidelines. They’re used to augment chain-of-custody data for automated compliance and auditing. Publicly shared attestations are accessible anonymously and can be verified by anyone.

“Attestations have historically only been operationalized in the closed supply chain where there were designated known channels,” Geater said. “What we’re doing now is opening that up to a lot more use cases so you can post any claim on our service without you or your customers needing to know in advance who you are” or how you verified the claim.

The system isn’t immune to abuse but it’s self-regulating because attestations are public, Geater said. “It doesn’t stop people who lie but they can’t take back their lies once they’ve made them,” he said.

RKVST users can now be members or owners of multiple cloud tenants and can participate in other tenants by invitation. That reduces the cost of blockchain-based digital supply chain management, which can run into the millions of dollars for large ledgers, Geater said.

Tenant owners can now use a verified domain name as an alternative to a tenant ID. That simplifies the management of large networks. Keys are often exchanged in person and “you don’t want to have to meet with 10,000 different people,” Geater said. “We have a bridging technology in which everybody has to authenticate to us. “We can link the cryptographic digital identity with their back-end [domain name servers] to prove who is the owner of the key.”

Batch transactions are now supported via a simple hash proof mechanism that can roll up a number of assets and events. The RKVST user interface has also been enhanced to enable developers to visualize and interact with the software’s application program interfaces without having any implementation logic in place.

Photo: Unsplash