Download Solution Briefs

Sophisticated authorizations for todays' applications

Securosys Hardware Security Modules (HSM) are not only optimized for the physical protection of private key material like most legacy HSMs; Securosys HSMs provide control of the keys usage with specific and sophisticated authorizations, which is essential for the security of modern financial applications.

How it's done

Todays' financial and digital assets applications require the possibility of implementing fine-grained policies to allow for different actions on transactions to be done. With keys that are based on groups, quorums and maybe also time restrictions - or any combination of them. Securosys Smart Key Attributes (SKA) helps enforce such policies and rules.

To make the implementation of SKA's easier, the Securosys Transaction Security Broker provides a REST API and internal state management. It is a standalone engine, which connects to an external database instance and integrates the SKA-enabled Securosys HSM - and is thus uncritical for security, since all security relevant operations are carried out in the HSM.

In more detail

The TSB integrated with the SKA-enabled Securosys HSM provides the most granular control over key actions and operations.

Endless Customization & Use Cases

It allows the finance organization to set highly customizable policies for authorizing operations and transactions, blocking or unblocking the keys, and changing the policies themselves. 

The use-cases range from n to m quorums, time-locks that allow systems to trigger alarms and block key operations, to time-outs that ensure that suspended transaction requests cannot be misused in the future, and any combinations of these.

Workflow Engine

Timestamps transaction request, determines required approvals, collects approvals, sends approvals to HSM for signature, delivers back signed transaction.

More information on Approval Process, Policies and Architecture
Please download the Securosys Solution Brief for financial applications or crypto assets to get more information on this.

Advantages

HSM Security

  • Keys are never exposed outside of the HSM
  • Tamper protection during transport, storage and operation
  • Two true random number generators for hardware with high entropy
  • Highest availability
  • Designed, developed and manufactured in Switzerland

TSB Simple Setup

  • Via REST API
  • Available in a Docker container
  • On premise or in the cloud (i.e. MS Azure)

Application Performance

  • Hardware accelerated digital signing, up to 4000 RSA signatures at 2048 bits per second
  • Handle larger key sizes without severe performance loss

Advantages of TSB compared to Multi-Signature

  • Algorithm independent - the same process can be used for all supported crypto assets and currencies regardless whether they support multi-signature or not
  • Lower fees and better privacy because the addresses are single signature type
  • Regulatory and customer flexibility thanks to decoupling of ownership and control of the keys
  • Customizable compliance from simple to highly complex policies including time-restrictions

Advantages compared to Multi-Party Computation (MPC)

  • Time-based policies
  • Hardware tamper protection of the key material
  • Redundancy without introduction of an additional risk of key exposure
  • Secure storage of keys

GET A QUOTE