Architecture of the Proposed Trustless Computing Certification Body and the TC-compliant CivicNet
Our proposed new Trustless Computing Certification Body will constitute a new high-level cybersecurity certification body suitable for ultra-high levels of assurance, rooted in on a governance with extreme levels of citizen accountability, independence and technical proficiency, the wide utilization of citizen-witness and citizen-jury oversight processes throughout the service lifecycle, and extreme levels of ethical security review in relation to complexity. In parallel, and an initial TC-compliant low-royalty open target architecture and computing base and IT service, CivicNet, will be built by the Association R&D and governance partners and the Association spin-off startup TRUSTLESS.AI. While initially a certification scheme for enterprise and consumer transactions and communications with ultra-high assurance of confidentiality, integrity and non-repudiability, the Trustless Computing Certification Body will expand to other sub-domains, to ultra-high availability use cases, and strongly promote downward compatibility in respect to EU Secret, eIDAS Qualified, Common Criteria EAL4, SOG-IS, and the inspire future certification schemes produced by the European Cybersecurity Certification Framework. It will be complementary, synergic and inspirational for existing and upcoming cybersecurity certifications, aiming to eventually be adopted as their highest assurance level at some point in the future.
The initial compliant open general-purpose computing base (CivicBase) and initial complaint IT services (CivicNet and CivicChain) will include include compliant endpoint computing devices, in the form of a 2mm-thin touch-screen e-ink screen handheld device (CivicPods) and anonymization and network nodes (CivicNode) running on dedicated desktop docking stations (CivicDocks) that include an HDMI switch to connect the CivicPod to the user desktop monitor.
All security and privacy-sensitive data and services – of the provider and the users – will be hosted in dedicated hosting room, CivicRoom, whose access at any time requires 5 randomly-selected citizen-jurors and only utilize dedicated servers (CivicServers). The same base HW&SW base will run CivicDevices and CivicRoom locks. A CivicStore, managed by TRUSTLES.AI will offer additional client and server apps available in a (CivicStore), while anyone will be able to offer dApps on our semi-permissioned blockchain (CivicChain)running on CivicDocks
Fabrication and design of all critical hardware components will be subject to oversight processes, CivicFab, that will substantially exceed in end-user-trustworthiness those of NSA Trusted Foundry Program, at substantially lower costs; by adding to state-of-the-art process the exclusive use of compliant monitoring equipment and the presence of 5 trained citizen-witnesses, during the 6-8 critical phases of the chip fabrication process. All CivicDevices are assembled, verified, flashed and shipped to their users by a compliant electronics manufacturing plant/service (CivicEMS), applying monitoring processes similar to the CivicFab.
OPEN INNOVATION VS. ECONOMIC INCENTIVES. After an initial 6 months exclusivity for TRUSTLESS.AI, to justify private investment, anyone will be able to become a certified provider (TC Provider) by taking advantage of the CivicBase, whose components are all available under open source license and its HW design available under clear, long-term and low royalty costs. A TC Provider service is regularly and continuously verified and certified by the Certification Body, which will be extremely citizen-accountable and technically proficient and formally bound by Trustless Computing Paradigms, in their final version.
FUDNING. Public, equity and/or token funding to the Association or spin-off startup in excess of 500k$ will enable jump-starting of the Certification Body and initial complete prototyping of CivicNet devices for user experience and use case simulations. Funding in excess of 6M$ will enable full initial high-level Certification Body operativity, and a go-to-market with CivicNet and thousands of TC-compliant end-user devices CivicNet.