Arculus Offers Enterprises Crypto Key Storage, Payments, 2FA System Access and More on One Smartcard
Blockchain Journal editor-in-chief David Berlind interviews Adam Lowe, the Chief Product Officer for Arculus, an exhibitor at Consensus 2023, about its digital asset and digital identity platform that allows enterprises to enable employees and users with a single smart card that stores their cryptocurrency keys, their application credentials (eg: Microsoft 365) and even their building entry credentials. The same smart card can even be used as a payments card (Arculus already supplies smart cards to many credit card-issuing financial institutions).
Lowe explains that smart cards have been protecting keys for decades and have never been penetrated. Arculus claims to be the first to put payments, FIDO keys, WebAuth keys, and crypto-keys all on the same card using the same secure on-card microcontroller. Lowe highlights that enterprises are interested in the solution because no one wants to manage multiple systems to handle each of these different use cases.
David asks Lowe if the card and the infrastructure behind it includes all the technology to manage the multi-party permission structure that enterprises might want to apply to the way they involve multiple managers and executives in the cryptocurrency custody process. Lowe responds that such permissions should be managed with smart contracts and that Arculus can then integrate with those smart contracts. However, other solutions — for example, one that's emerging from a partnership between Ledger and Etana Custody that was announced at Consensus 2023 — are launching in an effort to help enterprises with such permissions management. Even so, the consolidation of all those capabilities into a single smart card is, in Blockchain Journal's estimation, where things are heading. Even from an employee's point of view, nobody wants to carry three or four physical security tokens when they can just have one.
Toward the end of the interview, Lowe explains some potential consumer applications: the card could be used as a secure digital identity to access things like email, social media, and banking. He also mentions that the card could be used for government applications such as voting, health records, and digital passports.
By David BerlindPublished:May 4, 2023
David Berlind: Today is April 27th, 2023. This is the Blockchain Journal podcast. I'm your host, David Berlind. I'm coming to you from Consensus 2023. We're in the big main exhibit hall surrounded by all kinds of exhibitors. They're trying to sell their wares, a lot of different blockchain solutions. Plenty of attendees here today. This is the day when a lot of the people who paid for the lower price ticket are here, so the floor is much busier than it was yesterday. These people are interested in blockchain solutions for the enterprise. They're interested in cryptocurrency, all sorts of things. Standing with me right now is Adam Lowe. He is the Chief Product Officer for Arculus. Adam, thanks for joining me on the show.
Adam Lowe: Great to be here. I really enjoy the conversation.
Berlind: Yeah, it's great. So, Arculus is one of the exhibitors here, and you guys have a variety of technologies that would be of interest to enterprises. Let's start with this little credit card thing that I saw, and... there it is, this credit card. Tell me about that credit card. What makes it so special?
Lowe: Sure. So, Arculus is a digital asset and digital identity platform that allows you to securely store your keys on a smart card. So, smart cards have been storing and protecting keys for decades and have never been penetrated. The difference is, we're the first people to be able to put payments, FIDO keys, WebAuthn keys and crypto-keys, all on the same card using the same secure microcontrollers.
Berlind: Smart card — not everybody knows what that means. We're talking about just like an average everyday credit card, right? With a chip on it. Is that a smart card?
Lowe: Yeah, essentially any card you have in your pocket nowadays is a smart card. So, smart cards by definition are any card that has a chip. They're all... what are called, secure microcontrollers, which are specialized chips that have been designed to generate, store, and keep keys safe. And that's what you have in every Visa card, MasterCard, Amex card, around the world.
Berlind: So, this sounds like the Ginsu knife of the old days. It slices and dices, it makes julienne potatoes, does all these different things that you went through. You went through a list of things that it does. Why would this be of any interest to an enterprise?
Lowe: Sure. So, for an enterprise solution, nobody wants to manage 12 systems. So, with this single system, because it is a card format... Imagine you're managing your enterprise. You can walk in the building, use it as your badge. You can use it to log into things like Microsoft 365 and all of that Key Federation single system. You can use it to sign crypto transactions if that's part of your business. You can use it to secure a key share if you're using something like key sharding or multi-party computing. So, it really is a place to safely store and do cryptography in an easy-to-use format that works with everything off the shelf.
Berlind: A lot of enterprises are looking at the idea of keeping crypto in reserve in some wallet or using a custody solution, maybe something like Etana, to hold their crypto. But at the end of the day, there's only a handful of people, operators, administrators who have the keys to the kingdom, so to say, and they're able to transact. So, does your card have all that technology in it to manage those permissions so that you can say, "All right, here's the CEO. CEO has these permissions, the chief financial officer has these other permissions." You have the folks in the accounting department, or maybe a department head who has to pay a vendor in crypto because that's all they accept. Is that all done in your solution?
Lowe: Sure. So, the best way to do that, to be managed on-chain really is by [a] and smart contract. And the system can work with any smart contract that's really deployed, [and] can sign any transaction for any type of smart contract that manages that. For a centralized solution, like let's say you're custodying in someone like Fireblocks or Copper, and you want to set different permission levels, those FIDO keys we talked about create unique digital signatures. So, you can apply those different permissions you spoke about to each of those different key sets, tap it, you'll get a unique digital signature on Ledger if you want, that will allow you to see who did what when with the proper permissions. So, absolutely.
Berlind: But [would] you need a separate solution to do the whole identity, access management, permissions, all that kind of stuff?
Lowe: So, within our system, we can use reusable credentials so you can generate a unique identity using our key set, reuse them, sign with them, et cetera. The only thing we are not, is we are not a custodian. So, if you want someone who's a professional custodian, you would go to a third-party partner. We are a full identity solution and identity solution management system though.
Berlind: We're talking about enterprise use cases and blockchain journals, mainly about the enterprise, but there's going to be some number of people who are going to be interested in this — look at this and say, "Hey, maybe there's some consumer applications to this." What are those?
Lowe: Sure, absolutely. So, on this same card, we have deployed our consumer solution to thousands and thousands of people. You can see it at getarculus.com, where we take the same type of card, sell direct to [the] consumer, and we have thousands and thousands of consumers that have our product, keep their crypto safe, generate their keys, self-custody of their keys, and really take full control of their digital lives and their crypto. Because after meltdowns, like FTX and other centralized exchanges, if they're not your keys, it's not your crypto.
Berlind: Does this become a credit card that people can use the way BitPay works?
Lowe: Sure, it can be. So, our consumer product is a crypto wallet only, but we partner with B2B enterprises like Meld, where we can do payment plus gold storage, we can do payment plus FIDO. We're working on getting a chip with enough memory to do all three, and we're really nearly there. So, it absolutely can. That's not our consumer product, but we partner with B2B enterprises where they can get credit cards and cold storage on one card.
Berlind: Off camera, you were talking about how you already have these other card technologies that were card issuers, regular credit card issuers are using your card technology separate from blockchain, separate from cryptocurrency. Who are those companies?
Lowe: Sure. So, one we announced is Invesco in LatAm. So, with that company as an example, you can take our card and securely log into your platform of choice. So, as we've mentioned a couple of times, the FIDO keys, they work automatically with a number of systems. So, things like Microsoft, Google, Facebook, Instagram, you pick your favorite social channel, Twitter, they all have FIDO keys enabled. So, that really allows consumers to keep their whole ecosystem safe in addition to their bank account.
Berlind: I was actually referring to the non-crypto card. No wallet, no nothing. You guys issued card... You guys work with a bunch of banks and financially, and so, what are they doing? Do they have any interest in moving from the stand[ard]... ? Talk about the standard credit card technology that you're doing with those companies and then let's talk about whether any of those companies are thinking about migrating to this more functional version of the card.
Lowe: Yeah, absolutely. So, we're under an NDA, but we issue to some of the largest issuers in the world, right? We produce cards for the likes of JPMorgan Chase, American Express, Capital One, N26. So, those are big issuers. And some of those big issuers are looking at things like FIDO to keep their people safe. Because right now on many platforms, the only thing between you and a hacker is a text message, and that's not secure. So, here we're taking those same payment cards, adding the security technology, and that is great at keeping consumers safe. So, imagine you get a new cell phone, how do you prove you're you the first time? You can pull out your favorite banking card, tap it to your phone, use the digital key on your credit card that you're always carrying with you to prove you're you the first time, [and] securely log you back in.
Berlind: That, in some ways, puts all of those financial institutions in the identity business, doesn't it?
Lowe: It really does. I mean, they are there today, it's just not necessarily with the best tech, right? It's really important that they have secure reusable credentials. And right now that's often tied to a password. A password is a shared secret, which is a problem. So, we're really pushing everyone in the space, whether it's with our product or somebody else, to migrate to digital keys, because you should be using digital keys to secure your digital life.
Berlind: Now, Arculus also makes infrastructure for enterprises to use. Why don't you talk a little bit about that solution?
Lowe: Sure. So, for the FIDO solution that we just talked about, it requires a FIDO server. It's very easy to integrate. You can imagine when you tap that card to your phone, it's a call in response. So, you need to authenticate to a server. So, we have a FIDO server available for our banking customers to use, whether they use it in our cloud or we give you a Docker container and you deploy it in your cloud. So, it's easy enough. Also, because of our consumer product, we have an entire crypto backend. So, if you don't want to build yourself an entire crypto backend to deploy, we have our own nodes, our own indexers, and our own infrastructure and API that we'd be happy to talk to you about using.
Berlind: And the APIs that you're talking about that are in the infrastructure, you call it a "crypto backend." Actually, let's back up. What do you mean by "crypto backend," because a lot of people are going to be like, "What does that mean? Does that mean a blockchain or does that mean something else?"
Lowe: Sure. So, on our back end, on our cloud infrastructure, we maintain our own nodes and our own API system that sits on top of those nodes. So, you can pass all of the base API commands, the RPC commands to the different nodes to do basic crypto functions, and then we've added our own APIs on top of that for convenience. That makes it a lot easier to call things like Ethereum history, Cardano history, Polkadot history, et cetera. So, it really allows businesses to much more rapidly deploy without having to completely understand and learn the crypto ecosystem and the ins and outs. They can make some basic and easy-to-use API calls to get the information they need and to talk to the blockchain.
Berlind: How many changes does that sit on top of?
Lowe: Sure. We sit on... over top of 12 chains today, and it's growing all the time. And we have the capability to rapidly deploy. So, if we add a special request, we could get it up and running quite quickly.
Berlind: The thing that strikes me as being very beneficial there is, if an enterprise works with your API and suddenly they have a need to go on onto a different chain, they can just bring that chain in without having to reprogram all their systems to work with a new API. It's like a... So, you're sort of standardizing the API interface to multiple chains.
Lowe: Yeah, exactly. We have a standard API interface that we use, so it's very easy. So, imagine "Arculus.get-history.Your favorite chain." So, you just make a match-case, pick your favorite chain, and it's much more rapid to deploy because each chain has their own language and each chain has their own nuance, and you don't want to have to learn all of that. We did it for people, so everyone doesn't have to learn it.
Berlind: Right. Well, Adam Lowe, Chief Product Officer for Arculus, thank you very much for being on the Blockchain Journal podcast.