Virtru's InnoVation Week, our biannual hackathon, is a cornerstone of our culture. It fosters a vibrant environment where motivation thrives and fresh ideas are freely explored and developed. Simply put, it's our time to get creative, have fun, and bring new ideas to life.
After over two years of remote work, Virtru was thrilled to host our first in-person hackathon since December 2019 at our new office in Washington D.C.In September, our four-day hackathon brought engineers, developers, designers, and more together for face-to-face collaboration and some healthy competition.
Here’s how we did it, and what came of it.
We’ve hosted remote-based hackathons before. In a post-pandemic world, who hasn’t. But this time around, we flew in our engineering team to experience our new office, and collaborate with each other firsthand.
Projects should highlight the possibilities enabled by our OpenTDF platform for protecting data. Almost all teams built their projects leveraging our open source or internal SDKs, demonstrating the potential for new integrations we could productize or pitch to partners. We've productized many past hackathon projects or used them to showcase our SDK capabilities.
Other than that, there’s really no limit to what can be created at Virtru hackathons. In the past, hackathon participants have created encrypted menstrual tracking apps, games, and webcam apps, along with more company-focused projects like Virtru integrations.
Awards were presented in two categories: the Judge's Award and the People's Choice Award. Expert judges selected winners based on innovation, originality, and business potential, awarding the top three teams with donations to their chosen charities—$1,500 for first place, $1,000 for second, and $500 for third.
Additionally, the People’s Choice Award recognized the top two solutions voted by participants for their overall excellence.
Here’s who won the 2023 Innovation Week awards.
A panel of executives from engineering, legal, and Virtru leadership chose the Judges' Award winner. Entrants were ranked in order of the solutions found to be the most innovative, including business potential, “Wow” factor, forward-thinking, creativity, and originality.
Team members: Tim Dumm, Richard Chen, JP Ayyappan
The first place was deservedly claimed by a project that redefined the concept of a "master key" in data encryption. Traditionally, organizations rely on a singular master key for accessing all encrypted content. The Yubi Project, however, proposed a shift — using a hardware key as this master key, bolstered by physical security measures like dual-key access safes.
Beyond the Online Key Server
This initiative marks a significant step towards independent data decryption, eliminating the reliance on online key servers. It's particularly relevant for organizations with existing Public Key Infrastructure (PKI) systems, such as those using Common Access Card (CAC) cards. The proposal is to encrypt content using a hardware public key, ensuring it can only be decrypted by someone possessing the corresponding hardware key, be it a CAC or a YubiKey.
Solution: A Dual-Layered Approach to Data Security
The project introduces a two-fold security measure for the Trusted Data Format (TDF):
Scenario 1: Key Access Service (KAS) or YubiKey
This setup provides a fail-safe decryption method, coined as the “break-glass-in-case-of-emergency” scenario. It ensures access to encrypted TDFs even in the absence of KAS availability.
Scenario 2: KAS and YubiKey
In this configuration, the dual requirement of both KAS and a hardware key safeguards against data compromise due to a breach in KAS. It’s a robust approach that significantly elevates the control over data.
The project ultimately aimed to expand the capabilities of Secure File Services (part of SCP), allowing the creation and consumption of TDFs with KeyAccessObjects wrapped with YubiKey/CAC public keys. This approach not only demonstrates the versatility of the TDF specification but also paves the way for a more secure and controlled data environment.
Second Place: Open Source Patient Consent & Share
Team members: Timothy Tschampel, Pat Mancuso, David Mihalcik, Gus Walker
The runner-up addressed the challenge of securely sharing healthcare data. By leveraging Trusted Data Format (TDF) and Fast Healthcare Interoperability Resources (FHIR) standards, they created a robust solution for wrapping patient consent data.
This approach not only aligns with industry standards but also provides a practical example of how to protect and control healthcare data during sharing. The project aimed to develop a policy akin to Attribute-Based Access Control (ABAC) for healthcare data, integrating it with the FHIR consent framework.
This led to a comprehensive demonstration of end-to-end healthcare data protection, showcasing the platform's APIs and establishing an ABAC regime for complex user-level use cases.
Third Place: Secure Paid Content
Team members: Krish Suchak, Ross McIntyre, Craig Engle, Isaac New, Ryan Yanulites
The third-place project explored the concept of monetizing access to encrypted content. It allows creators, like authors, to set a price for unlocking their content, effectively creating a paywall for access.
This system integrates with a payment service such as Stripe, ensuring the transaction process is secure and efficient. Upon payment, the access policy is updated, allowing the buyer to access the content. This idea not only opens new avenues for distributing digital content securely but also proposes a potential revenue model for encrypted digital assets, enhancing the capabilities of Secure Share.
The People's Choice award, determined by all hackathon attendees, recognized solutions that excelled in innovation, business potential, and the "Wow" factor. The top two projects stood out for their groundbreaking approaches and potential applications.
Team members: Avery Pfeiffer, Jake Van Vorhis, Ryan Schumacher, Shrirang Shripad, Nathan Williams
The first-place winner addressed the complexities and rigidities in creating and maintaining secure environments and workflows. The project leveraged generative AI to automate and streamline this process through a schema-based approach, generating stakeholders, resources, and user interfaces tailored to specific workflows, such as hiring processes or sensitive government operations. Key elements included:
This solution is not just about technological advancement; it's about transforming how enterprises and government agencies approach data security, making it more dynamic and responsive to changing needs.
Team members: Elizabeth Healy
The second-place project explored the potential of homomorphic encryption in the context of Trusted Data Format (TDF). This approach allows for operations on encrypted data without the need for decryption, presenting a significant advancement in data privacy and security. Key aspects included:
Both projects demonstrate not only technical prowess but also a keen understanding of the evolving needs in data security, pointing towards a future where security and efficiency are not mutually exclusive.
As Virtru continues growing, nurturing our talented engineers and developers with events like these is a priority. Hackathons challenge our team, catalyze fresh ideas, and ultimately drive our platform forward. By fostering an engaging environment for our engineers to learn, create, and bond, Virtru aims to remain an inspiring place to innovate.
Interested in joining our team and playing a part in this innovation? Explore our careers page for fresh, remote-first opportunities in engineering, PR, and more.
The Virtru engineering team includes developers and engineers dedicated to advancing data protection. With decades of combined experience across encryption, policy enforcement, key management, and other critical areas, this world-class team leads innovation in data-centric security.View more posts by Virtru Platform Engineering Team
Contact us to learn more about our partnership opportunities.