The United States Patent and Trademark Office (USPTO) granted Securosys US patent 11,095,458 for its Smart Key Attributes (SKA) technology for Hardware Security Modules, bringing security, multi-authorization, and accountability to financial transactions and many other digital processes.
Securosys, a market leader in cyber- and cloud security, encryption, and digital identity protection, continues to push the stale market for hardware security modules (HSM) forward with new features and built-in accountability. Its newly patented SKA technology for its line of Primus HSM demonstrates the company's technology leadership.
HSMs have been used for decades without much change in financial markets to secure transactions. After initial authentication of the application accessing the HSM, an HSM signs with a private key any transaction submitted by the application, no questions asked. That leaves a significant attack vector as any transaction with the correct access credentials to the HSM will be signed and approved.
Thanks to the newly patented technology developed by Securosys, this process can be made exponentially more secure. Multi-authorization and timing rules – so-called Smart Key Attributes (SKA) – are added to the private (signature) key held in the HSM. They must be fulfilled and verified inside the hardware before a transaction is to be signed. Security increases multifold, opening up many new applications that are effectively secured digitally with an HSM.
SKA enables companies to move their paper-based business processes into the digital world. Enterprises can map their processes precisely to the various key attributes offered and implement all compliance rules quickly.
In banking, for example, transactions up to a certain amount can be signed automatically. More significant transactions may require authorization from two traders by adding their digital signature. Even larger trades can be authorized not only by the traders but also by a compliance officer. In some instances, timing or blocking rules may be helpful so that real-world processes can intervene – for example, calling the customer to confirm the 10 million transaction.
Similarly, the SKA technology can also substantially enhance building access management security: Door locks are programmed so that, for example, at certain times during the day (or night), only two people together (out of a defined group) can open the door to the server room (which will kill many crime plots, fictional and real) - all verified in SKA-enabled Securosys HSM.
With the Securosys SKA Technology, customers can now perform processes and applications like digitally signing contracts according to the signature rules defined in a company's commercial registry. Rather than a system admin using the company seal, the specified quorum of decision-makers can digitally approve and sign on behalf of their company. Moreover, as the hardware verifies their approvals, a log in the HSM will detail the signature flow for future audits, reaching new levels of accountability.
The Securosys HSM and the SKA technology are certified for the European digital signature regulations (Common Criteria EN 419 221-5 and complies with EN 419 241-2 for QSCD).
To speed up the adoption of SKA, Securosys supplies a RESTful API. Rather than fiddling with legacy APIs like PKCS#11, developers can use the SKA technology with a modern interface and swagger description. Moreover, the RESTful API offers a software workflow engine to automatically collect all the SKA approvals (Transaction Security Broker).
By using HSMs, digital identities and keys are secure – and with the SKA technology, security is exponentially higher. Securosys HSM and SKA are available in the cloud through CloudsHSM by Securosys or on-premise with the Securosys Primus HSMs.