Overview
Today, end users of crypto-currencies have two options; they can either manage crypto-currency keys by themselves or trust a custodial wallet service provider to do so. Self-management is very inconvenient for novice users. While custodial wallets are easy to use, crypto-currency businesses are often compromised, and that too by insiders. While crypto currency keys can be managed inside Hardware Security Modules (HSMs), which are highly secure, the application that interacts with the HSM (Hardware Security Module) using an API key is often in an environment which is much less secure. If this application misbehaves or is compromised and the API key stolen, a wallet provider could see heavy losses.
As the world leader in the deployment of Trusted Execution Environments, Fortanix enables B2C businesses to secure crypto-currency wallets while bundling additional functionality with them which makes them more secure and custodial.
What is Fortanix Custodial Warm Wallet?
Fortanix “Custodial Warm Wallet” solution provides an additional layer of security to crypto-currency wallets by incorporating a second factor of authentication (2FA) using Time-based One-Time Passwords (TOTP). The solution forms part of the Fortanix Secure Web3 Infrastructure suite of tools and is provided as a managed service.
Secure 2FA is implemented as a DSM plugin and executed within an Intel® SGX secure enclave. This ensures that a customer’s assets are not spent by a wallet provider without their explicit consent in the form of a valid 2FA token. Fortanix “Custodial Warm Wallet” solution enables B2C crypto-currency businesses to ensure that customers’ assets are not transferred without their explicit consent. This assurance reduces the trust barrier towards B2C crypto-currency businesses. It also reduces operational risks for wallet providers.
Key Features
Deploy the 2FA system inside FIPS 140-2 Level 3 compliant platform
Fortanix Data Security Manager (DSM) SaaS is a FIPS 140-2 Level 3 compliant platform for secure key management. It offers a unique security architecture where custom plugins can be developed and deployed to run inside the hardware protected secure environment.
Secure with Quorum approval workflows
The plugin can be protected with a quorum policy that involves multiple admin users. Once deployed, the plugin code cannot be modified without explicit permissions from multiple administrators.
Readily consumable, secure warm wallet with Time-based One Time Passwords (TOPT)
Fortanix provides a Warm Wallet + Secure TOTP plugin that can be readily deployed inside DSM SaaS. The approach best solves Secret Zero Problem for custodial wallets. Transactions can only be signed with the user’s involvement and the platform restricts transaction signing when custodial wallet’s backend system is compromised.
Cloud-scale pervasive data security platform
The Fortanix solution delivers a cloud-scale pervasive data security platform that provides cryptographic services, secrets management, and tokenization across cloud and on-premises environments from a single centralized point of management, control, and audit.
How it helps?
Unmatched security and privacy
By using Confidential Computing to move the 2FA process to a highly secure trusted execution environment (TEE), Fortanix significantly improves the security of the wallet system. All crypto material is managed out of Intel SGX enclave with advanced privacy capabilities like quorum approval, FIPS 140-2 level 3 HSM, side-channel resistant, and ability to customize crypto algorithms via plug-in.
Reduce trust barrier with greater user control
Fortanix solution ensures that a compromised wallet backend system does not lead to loss of end users’ digital assets. This means that end-users do not need to trust wallet providers as they maintain control of access to their digital wallet.
Demonstrate compliance and reduce operational risk
The Fortanix design reduces operational risk dramatically for cryptocurrency and digital asset custody organizations. As governments move to introduce greater compliance controls on DeFi and cryptocurrency businesses, it’s now possible to adhere to compliance by demonstrating that the users’ assets cannot be spent without the user’s approval.