We propose an enterprise-grade solution for digital asset safeguarding and transaction through the integration of end-to-end hardware and software security, thus achieving scalability, availability, security and governance of crypto funds in one package.
In the past few years, more than USD 1.2 billion in digital assets have been lost due to insecure usage of tools for holding private keys. A private key is a unique series of hexadecimal strings derived from asymmetric encryption, and it is used to make a digital signature when initiating a transaction. It is widely recognized that whether the owners of cryptocurrencies store their private keys in an isolated environment or in a place that is network-accessible, it is unlikely that flexibility for daily use will be maintained without compromising security.
Private keys are sealed offline in the Hardware Security Module (HSM), and multi-firewalls are established to provide advanced protection against common threats, including physical risks, internal risks, third-party risks and phishing attacks. The initialization and restoration of configuration, as well as the signing of a transaction, are fully completed in an isolated space offline, thereby providing maximum protection against software virus. Duty segregation is carried out by multi-party authorization, while the governance rules are kept in the form of scripts to enable a customized governance policy in assigning roles, limit rate, and a time lock. A transaction initiated by any party must be approved according to the governance before it is signed and broadcast to the blockchain.
To improve its usability and feasibility in common business scenarios, a temperature modifier is provided to bridge the gap between the hot and the cold wallet and allow parts of the fund to circulate without manual procedures and hardware authentication. In any case, the shared owners can revive the private keys of the enterprise digital wallet by combining their individual private keys, while the operators must perform as the predetermined administrative rules request. This strategy of duty segregation offers clear responsibilities for participants involved in crypto-asset management and ensures an effective and secure custody solution for enterprise use.