Ex-Apple security expert becomes Verayo’s chief technology officer
Security startup Verayo has named former Apple security architect David M’Raihi as its new chief technology officer and vice president of engineering.
It’s pretty rare for high-ranking Apple employees to leave the company for a startup. So the move shows that Verayo, which makes a clever security and authentication technology, has an interesting future in the security and authentication business. We’ve followed Verayo closely for a couple of years and its security solutions are becoming more and more relevant, given the ongoing collapse of security systems in the face of determined hacker attacks.
As a respected security expert, M’Raihi is well-suited to advance the application of Verayo’s “physical unclonable functions” (PUF) technology — which allows for secure verification of someone’s identity — into mobile and other connected devices. He replaces Srini Devadas, inventor of the PUF technology at MIT and former CTO of Verayo. Devadas becomes chief scientist.
The move is the second major change for the company’s executive ranks. In April, former PayPal general manager Eric Duprat replaced Anant Agrawal as CEO. Agrawal remains an advisor to the company.
Before joining Verayo, M’Raihi was analyst and architect of mobile, portal devices and digital content distribution at Apple. He also held senior executive positions at authentication firm VeriSign.
“The strength and uniqueness of Verayo’s PUF technology combined with the numerous potential applications, particularly in mobile and connected devices, made joining the company a very enticing opportunity,” said M’Raihi. “As we enter a new era of smartphones and connected devices, we are in an opportune time to set the standard and build a strong foundation in security.”
The PUF solution is a result of the clever use of inexpensive technologies. San Jose, Calif.-based Verayo makes “unclonable RFIDs” or radio frequency identification tags, which are akin to the security badges that employees use to open doors.
One of the great problems of the chip industry is that no two chips are alike. Even when chip makers are fabricating the exact same chip product, like an Intel microprocessor, there are always minute and virtually unnoticeable differences from one chip to the next. The brilliant thing about chip startup Verayo is that it has figured out how to turn this flaw into an advantage. It uses the minute variations in chips to uniquely identify each one. In turn, it uses this identification method to create ID tags that are secure and can’t be cloned. Former CEO Agrawal called this “silicon biometrics,” akin to fingerprint identification.
The technology was dreamed up by Devadas, an electrical engineering and computer science professor at the Massachusetts Institute of Technology. Devadas started the company in 2005 and developed the technology for two years with funding from the U.S. government. If you send an electrical signal into a chip, you will get a unique response because every chip has different PUFs. The good thing about these PUFs is they are cheap; they are tiny circuits that add virtually no cost to a chip.
The technology fits well with basic tests for authenticating products. You can give a chip 50 different challenges that produce 50 different responses. You store the responses on a server. Then you put the chip into a radio identification tag (RFID) that can be attached to a retail product as if it were a bar code. When someone buys that product, a reader at the cash register will read the serial number on the tag. The reader then sends the serial number back to the centralized computer in a data center. That server will look up the serial number in its database and send one of the 50 challenges associated with that specific chip. The reader receives the challenge and it prompts a response from the chip in the tag. That response goes back to the server. If it’s a match, then the chip is verified as authentic. Here’s a video description of Verayo’s technology.
Verayo has succeeded in getting various customer trials and is now working on mass producing its chips. But the chips aren’t that useful if there are no readers to read them. The company struck a deal with Denver-based SkyeTek, which makes low-cost RFID readers and software that performs the authentication functions required in Verayo’s chips. SkyeTek’s RFID readers come in a pen-size form called a Pentesta, for consumers to carry in their pockets. Consumers can pull out the half-inch-thick, battery-powered readers and use them when they’re about to buy drugs at a store. A tray-sized reader, dubbed the Trayesta, lets pharmacies test a bunch of drugs before they sell them to consumers. When the PUF authentication verifies a product, the test devices display a green light. If it’s fake, it displays a red light. The pens currently cost around $50, and SkyeTek is working on driving costs lower.
Verayo’s rivals include NXP. Verayo has raised an estimated $6 million to $7 million from Khosla Ventures, and it has revenue from the Pentagon.