VivoKey Identity Platform

The current VivoKey Identity platform is centered around the idea of chip scan authenticated identity services. Our vision was to enable partners who wished to develop services around our identity APIs. We had several partnerships in motion, and some were even developing services. The problem was that none of these services materialized, and under the pressure of the pandemic, partners and partnership arrangements vaporized.

VivoKey Service Platform

VivoKey is now considering re-developing a new service platform that still enables chip scan based authentications, but is built in such a way that it will be centered around services VivoKey deploys directly for our members. Before we set about developing such a platform however, we wanted to create a limited access proof of concept program to test several assumptions about how such a platform would work.

Key Differences Between Platforms

There will be several key differences between how the two platforms will work, but the two biggest differences include the use of handles and the introduction of services under a subscription fee.

Handles

The current VivoKey Identity Platform does not use “handles” or usernames. That’s because the entire premise was that we would be doing away with account names and passwords and instead authenticating you based on “you” (you upgraded with a chip implant of course). The entire platform was based around this premise, and extending identity and your ability to prove your identity (authentication) was how it was built. Unfortunately, the Internet is not built that way and there is only so much we can deviate from the norm before our efforts begin hindering themselves. The absence of account names was one of these problems. So, the new service platform will actually require the registration of an account name or handle.

Subscription Model

As a service platform provider, we intend to roll out multiple services directly to members ourselves. These services will often come with direct hard costs as well as operational costs for servers, storage, bandwidth, etc. It will not be possible to deploy any direct service offerings unless those services are funded by subscription fees. Our goal however is to maximize the number of services deployed under a base level subscription, and not “nickle and dime” our members.

For certain services however, there will be an a la cart approach, and activating certain specific services will carry additional recurring subscription charges. This is because some of the service we intend to deploy carry a significant direct per-user cost from the 3rd party providers we intend to license those services from. However, the primary difference between the Service Platform approach to deploying these 3rd party services and the current Identity Platform approach to 3rd party services is that under the Service Platform model, VivoKey will be the customer of the 3rd party, coming to license services as a group. Under the current Identity Platform model, each VivoKey member would need to sign up as an individual customer of each 3rd party service that has enabled the VivoKey Identity Platform.

PoC Test Service - Google Workspace

There are several services VivoKey has already identified which could be deployed for VivoKey members, however we will only be testing a single service within the boundaries of the proof of concept program. The service we’ve chosen for this PoC is, Google Workspace. Deploying Google Workspace accounts to test participants will allow all the features of Google Workspace (formerly GSuite) such as email, Google Drive, and many other Google services.

That might seem like a pretty soft offering for a PoC test service, but there is an extremely interesting feature that you’ll be able to use once you have your Workspace account activated. You will be able to use your Google Workspace account to do passwordless authentication with VivoKey chip scan authentication for any 3rd party website or service which offers a “Log in with Google” feature. You simply sign up and sign in “with Google”, enter your Google Workspace email address as the username, and then you will immediately be taken to authenticate with VivoKey chipscan. No password.

PoC Private Test Program

• Must be a VivoKey member with active profile in current VivoKey Identity Platform.

This means you must have a Spark and have active access to your profile within the VivoKey Identity Platform. You must know your PIN code and be able to access your VivoKey app. This also means your email address must be validated within the VivoKey system.

• The PoC test program will be subscription based like the Service Platform intends to be.

We have not decided yet on a base subscription fee yet, but current thinking is around the $20/mo range. Yes this is quite steep for a single service as part of a test program, but this is also part of the validation process, so we want to ensure as the test program continues to run past the first few weeks that people will see enough value in it to continue with the subscription. Also this base level subscription fee will, as part of a properly developed Service Platform, cover multiple services, not just Google Workspace.

• The PoC environment will be temporary. Migration of data will not be possible.

Because this is a PoC test program built on some bubble gum and toothpicks, we cannot make any claim that the exact accounts you will be setting up with 3rd parties or data you will be storing on your VivoKey licensed Google Workspace accounts will be accessible after the PoC test program is closed. Please bear this in mind when creating accounts with service providers, giving out your VivoKey email address, or storing data on your Google Workspace account drive. We do plan to give ample notice before the PoC test program is closed down, but we cannot guarantee there will not be technical issues which may cause loss of access to these accounts and data. Therefore we suggest only using the PoC test accounts and service as exactly that - a test.

• Limited number of participants

At this time we are only going to consider a very small number of people for the PoC test program. We need to manage an entire manual process of creating accounts, setting up handles, linking things together, etc. and interacting closely with participants to ensure we maximize the program’s value - namely identifying pain points and validating user experience. To do that properly, we’ll need to keep in close communication with each participant.

Application for PoC Test Program

I love it, but I struggle to envision a use case where the risk of a permanent tie-in at the cost of a managed account would be truly beneficial beyond nerd cred. The questions I have are based on the hypothetical scenario of the service being implemented, not just in the PoC capacity.

My biggest consideration is the way this would tie in to those third party accounts and systems as described, and then those systems would either be lost or need to be manually migrated if the service folded or we suspended the use.

Is some method under consideration/even possible for seamlessly decoupling if someone left the service or it ended? I understand the difference between the PoC which is a big no, but just curious about future plans and the technical possibility.

Can I support this without being a part of the PoC directly? I’d love to help but I’m not much of one for “temporary” account things so I’d make a poor user here.

One service I’d truly love is a Vivokey enabled login for a password manager.

I can second this. I keep all my passwords in order and generated with a manager, and the “master” password to login to the manager is a weak point for the whole list. If I had this singular function from my Spark 2, I’d be entirely satisfied with the one-time cost of and hassle of purchasing and implantation.

I’m much more reticent now that you’re bringing up subscriptions and a la carte’s, though. To be frank, I fucking hate subscription models of all varieties. If I’ve purchased a product for quite a bit of money, I expect its functions to be all inclusive of its initial price or I don’t buy it. $20/month? That’s just under the cost of my PHONE LINE that includes unlimited data. Yes I know that the infrastructure is far more established for cell phones so it’s not a direct comparison, but when I have to budget every check very carefully each month, another $20 is kinda a big deal. I have a median-ish hourly wage, and that almost two hours of pay per month is sorely needed elsewhere. So if Vivokey can’t keep its hosting and licensing fees covered by ad revenue and chip sales, I almost want to return my Spark 2 before the seal is cracked on the packaging. I don’t want something installed in my hand that’ll lose support, (or at least be excluded from further upgrades), if I don’t pay for a subscription.

I’m sorry Amal, I DO understand where you’re coming from, but I hope you can also see where I’m coming from.

I fucking hate advertising on websites. I would much rather pay a subscription.

And this is why they need to see how they can pay for the infrastructure, and make a profit. The other issue(s) with ad revenue are:

1. People using ad blockers
2. Advertising companies deciding that they don’t like you and “demonetizing” you.
3. Advertisers not wanting to be associated with your business for whatever reason.

I agree. The advertising space is incredibly problematic, privacy-invasive by nature, and and a dark side to go down - one I don’t see Vivokey ever doing.

I understand your hesitation. The Vivokey Identity service w̶i̶l̶l̶ should always remain free, public, and accessible to tie in whatever service people can make work. What the PoC is offering is an already pre-configured, ready to be used version of what that might look like. The costs for the PoC are associated with the cost of spinning up, licensing, and managing a service (like an MSP). There will be documentation provided for users who wish to run the same set up Vivokey is using, so you can run the managed part yourself and pay the costs out of pocket.

If Vivokey offers hosted solutions that are integrated with the public identity platform, there will always be a cost associated with running the servers, managing the storage, administrating users, etc. that is not a part of the Vivokey Identity service. If you are hesitant using a managed platform provided by Vivokey, then I would wait until the Apex becomes available. It will allow you to do things like password/OTP management on the implant, rather than using an external service run by Vivokey. The Apex will also be backwards compatible with the functionality of the Spark.

There is a Catch 22 I see likely throwing a wrench in development from 3rd parties (I could be misreading the market though).

Developing for a device is difficult to justify if the device is not widely used. Installing a chip that doesn’t have a lot of uses is also tougher to justify. In addition, there are folks who are not mentally ready for an implant.

Would a non-implant Spark 2 (or 3) in the form of a wearable possibly expand the number of users, thereby making the services more attractive to develop for?

Counter to my own point - What if you lose your wearable? Is the security risk too much? Could wearables require a pin, but implants not? Would a pin defeat the purpose?

Unrelated: Would love to use my Spark 2 in place of other 2fa systems used in the corporate world. I would pay for that!

There are many nuances to explore here but I’ll make my best attempt at laying out things as I see them, and hopefully we can come to an understanding somewhere in the middle. What I’ve described above in terms of services, features, and the price point involved are all for the proof of concept only, and should not be extrapolated to any eventual VivoKey Service Platform. The concept of anchoring is very strong, so please don’t consider returning your Spark until you see the actual offering. If you are still unimpressed, I’ll gladly refund your Spark.

ads

I don’t have a fundamental problem with ads themselves - that is the idea of showing advertising to a user. Yes it is annoying to many people, but this in an of itself is not problematic in my opinion… it is not “evil” to show advertising that people can simply ignore or whatever. The problems I have with advertising supported services include the following;

• Advertising clients become the customers while the actual users of the service become the product.
• When users are products not people, selling big data to make products more profitable becomes ok.
• Product cost must be reduced to maximize profits - a race to the bottom for quality and quantity alike.

subscriptions

I am genuinely curious why that might be? Of course, hate is a feeling and often feelings have no easily conveyed logical reasoning behind them, but I’m wondering if you could consider breaking down your aversion to subscriptions?

My view of subscriptions, or at least non-predatory subscription models, is that it’s kind of like buying a car. A car is expensive, but to run it you need to subscribe to gasoline… you pay for your use and the car goes. Depending on the model car you buy, if will have this feature or that feature, but none of those features work unless you power the car, and that requires gasoline. Without running the car on gasoline, eventually the battery dies and the radio doesn’t work and the power windows won’t go up and down… the car becomes fairly useless without the subscription to gasoline you are forced to pay to keep using the car.

The problem I have with some subscription models is that they are wielded by the companies that create situations where the whole offering is conceived of as a trap. Our customer will continue to be our membership base, and our focus will always be on providing the best features and services for a price that makes sense. The whole purpose of the subscription model we are considering can be broken down into the following drivers;

• Pay for service operating costs
• Fund new service development
• Pay employees so we can eat food

services and a la carte

To be clear, our primary goal is to provide various services as bundled in a “base subscription service”. These are services which we can deploy ourselves and have a marginal cost for hosting and maintenance. Personally, I pay $7/mo for a calendaring service to help coordinate my meeting, I pay a $5/mo for a password manager, and I pay another $15/mo for about 3 other services ($5/mo each). The goal for me personally is to be able to consolidate these kinds of offerings into a single affordable monthly fee. I would love a VivoKey calendaring service and a VivoKey public file sharing service and a VivoKey federated matrix chat service, and etc. etc. etc. all secured with my chip implant. I don’t see the point of making each of these services cost a few bucks each… just bundle them all into an affordable base subscription package and call it good.

The a la carte aspect comes into play when someone wants to activate an externally licensed service which have hard per-user costs associated. For example, if you want to be able to use your chip to log in to thousands and thousands of websites directly by way of the “log in with google” feature so many websites now support, you will need to activate a Google account. That carries a very firm hard cost for VivoKey on a per-user basis, so we cannot bundle this external service into the base subscription. If you do not want to pay that extra fee, then don’t activate that feature.

To be clear, this has not been decided on. I don’t see any conceivable reason why we would not do this, but it’s not been made official so please be careful making definitive statements at this stage.

Many things to discuss here… but better to do it in another thread @Pilgrimsmaster magic time?

Sorry for the delay, I was Just on my skateboard, now about to go for a run…

Just thinking the best was to do this…
OK got it…wait one

Here’s the link to the new thread

feel free to edit the title

On the ad revenue vs subscription vs implant is the access.

A: I hate ad’s would happily pay a small amount each month to use a service without ads

B: buying the implant is an investment in a piece of hardware like a yubi key, if you want to access something with it great you use it and login. If the service your accessing costs money then it costs money.

I dont expect my access to things to be free because I’ve bought am implant however I do expect vivokey to make the implant worth while having I.e. getting partnerships or whatever to allow us to login to other services using it like using my Google account.

I am genuinely curious why that might be? Of course, hate is a feeling and often feelings have no easily conveyed logical reasoning behind them, but I’m wondering if you could consider breaking down your aversion to advertisements?

Great reply Dev.

I would add my opinion, very briefly, I see the subscription model Vivokey are proposing as a Consolidation of subscriptions.

If I only have to pay one “provider” then my life just got a little easier…

anyway

The reasons for me are simple if I’m using a service I want to use that service I haye having things forced upon me. I pay for a youtube subscription because the pre role and midrole ads annoyed me so much. Popups and side bar ads all fighting for your attention. It’s all visual noise that I could do without.

I find it very hard to use any service with ads but also understand there purpose that is why I pay for subscriptions ect rather than just running an ad blocker on them.

The other side of it is that if I search on Google for a review / suggestions for a coffee machine obviously all the ads I will see for weeks will be coffee machines this annoys me because I’ve looked for this info I wanted read some things and make a decision In my own time. I dont want or need to know what coffee machine is top rated on amazon or that if I click this one I get £5 off if I buy today.

Hope that all makes sense.

In theoretical future land presuming the test is a success and this becomes a full feature eventually, would someone be able to add this login to Google with vivokey feature to an existing Google account or 2 (personal and school perhaps), or would it still need to be a new account under the user’s vivokey email?

I think this adequately explains things - it degrades the quality of the experience and value of the service itself.

Without confirming anything at this stage, it would be possible to do this using the VivoKey SSO/SAML endpoint, but only if the following things are true;

• your google accounts are paid workspace accounts
• your google workspace domain can be pointed at vivokey’s SSO endpoint

These are requirements / limitations on the Google side of the equation.

100%

I think there is a difference between consumables and subscriptions.
If I buy a car and don’t put any gas in it, I still own it, and the asset value does not change whether it has gas in it or not. At any time I can put gas in it and use it, or I can sell it. The biggest factor is that gas has been standardized for decades and will always be available (which can be argued these days) should I want to put gas in it. As long as I take care of my car and put gas in it, it will work as transportation for as long as I own it regardless of the technology available in new cars.

If I buy an implant that requires a subscription, and don’t pay for the subscription, I can’t sell it so the asset value turns to zero without the subscription. The biggest factor to me, and why I completely agree with @Aravae is that the value of the investment is completely tied to the abilities of the service - Abilities that can change as technology changes…for better or worse… changing the value of the asset.

I can’t tell you how many gadgets I have that are doorstops now because the service they relied on to operate is gone.

Subscriptions are just a way of life nowadays. Despite me hating them I do pay for services, particularly ones that remove ads (Hulu, netflix) and tools like Lucidchart and Roam Research. But the fees need to be reasonable, and “reasonable” is different for everyone.

For me I would not want to pay a fourth party to be a third party service. (vivokey → Google → site → me). I’d want to manage it directly with google. If there was some small subscription fee for the service between the implant and my own google accounts, I would consider it. For others, not having to mess with it might be worth a bigger subscription.

As the person who originally said I hate ads (actually as a rhetorical counterpoint to @Aravae) I don’t really hate ads. I don’t like them. I can ignore some ads, but some pages are so full of intrusive ads that I will stop reading them. This has the opposite effect from the content creators intent (maximise ad payments from their content, increase profit).

I pay Reddit for the ability to read it without ads and this comes down to your point, if I am not the customer then I am the product. Some places do run ads in a less intrusive way and it is the only real way of paying the creator. There I live with the ads.

Not really though… not when it comes to the end result. Stop paying for consumables and printers don’t print, cars don’t drive, and subscription services don’t work. Resume paying and they work again. There is a slight difference in terms of a consumable possibly being considered an asset, but in the case of gas or inkjet printer ink… those consumables do go bad after a time so they are perishable, and in that sense not much different from a subscription.

But again I think this is the same thing really. You can sell your implant just as you could your car. A new car loses value once you drive it off the lot, and a used implant will be far less interesting and valuable for anyone buying it, but people do buy 2nd hand (pun!) implants even here on the forum.

Furthermore, I would actually argue that a Spark implant without any paid subscription services retains more value than a car without gas in that a Spark will continue to be an ISO14443A transponder and work just fine for access control and similar use cases.

I do understand this frustration. Home automation is rife with gadgets that have fallen into complete and utter uselessness because support for them has been cut, and they truly offer no other actual utility to the end user without those supporting services.

Sure this could be done if you set up your own domain with Google Workspace, the configured it to point to the VivoKey SSO/SAML endpoint (to be developed as part of VSP), then paid VivoKey and Google separately. That would work.