CASP) Software-Only, Ledger Agnostic, Platform Agnostic, Crypto Agile Bank-Grade Security for Crypto Assets
Total Page:16
File Type:pdf, Size:1020Kb
Protect Your Crypto Assets with Unbound’s Crypto Assets Security Platform (CASP) Software-Only, Ledger Agnostic, Platform Agnostic, Crypto Agile Bank-Grade Security for Crypto Assets Mathematically proven security Cryptography is one of the foundational security elements used by guarantee – the key material never organizations to protect sensitive data, transactions, services and identities. exists in the clear throughout its At the core of any cryptography implementation is the management of lifecycle including creation, in-use cryptographic keys and their protection from compromise and misuse. and at-rest With crypto assets, the protection of private keys is top priority, since the Any currency, any ledger, any private key is used to sign each transaction. It is therefore mandatory platform, any client to keep the key secure – not only from compromise, but also from any Programmatically derived malicious usage – as it takes only one fraudulent transaction (i.e. a single sign addresses (BIP 32/44) that are operation, to empty a wallet). cryptographically protected Backed by proven mathematical guarantees of security, Unbound’s Crypto Stronger and more flexible than Asset Security Platform (CASP) provides its customers with a software-only multi-signature – ledger-agnostic support of flexible quorum security platform that is as safe as hardware. With CASP, one can fully manage structures, any number of human the keys’ lifecycle, define cryptographically-based approval policies, while and/or servers, internal and supporting any currency, any ledger, any platform and any client type. external, that are required to sign a transaction Any Currency, Any Ledger, Any Platform Infinite scalability – easily scale capacity when and where it is Traditionally, securing the keys and secrets that guard the organizations’ most needed valuable assets required the use of dedicated hardware, such as hardware Intuitive and easy to use SDK – security modules (HSMs) and smartcards. available in various languages for superb developer experience Though highly secure, hardware-based solutions do not support the required curves and programmatic derived addresses (BIP32/44) for Audiences crypto assets. Thus, they either provide weak security as they don’t protect private keys and seeds while in generation or in use, or alternatively need Unbound’s Crypto Asset Security a very labor-intensive customization effort to support the cryptographic Platform is targeted at business algorithms used for crypto assets. Furthermore, they are rigid, not scalable organizations that seek a bank-grade security platform that is as secure as it or cryptoagile and therefore pose a harsh barrier to a secure and easy is flexible. These organizations include: adoption of crypto assets. Banks Built upon Unbound’s multi-party computation (MPC)-based Distributed Financial Services Companies Trust Platform technology, Unbound’s CASP empowers security officers to protect any crypto asset, on any ledger, and on any client type. Consulting Companies Exchanges Protect Your Crypto Assets Corporate Ready: Utmost Security Combined Use Cases with Utmost Flexibility Unbound’s Crypto Asset Security Platform supports a large range of use Unbound’s CASP has been designed along with global tier 1 banks, taking cases, including: into consideration their security requirements, as well as the flexibility level Institutional Custody that they would like to offer to their heterogenous customer types, whether institutional or retail. Agile and secure management of exchanges co-wallets strategy Unbound has developed a one-of-a-kind quorum-based approval capability that is much stronger than regular multi-sig, which enables Flexible M-of-N approval structures, empowering organizations to unparalleled security and flexibility. leverage human approvals, bot- With Unbound’s CASP flexible quorum capabilities, you can: approvals, internal and external 1. Define any quorum structure – a customer can define any quorum-based factors, all in one holistic MPC-based approval scheme. approval policy • Not only 2 out of 3, but it could easily be 4 out of 6 or 5 out of 8. • Participants in the approval policy can be internal employees and bots (AMC and KYC are good examples), external customers or trustees using servers or mobile devices. There are no limitations whatsoever on the and/or cryptographic rules. • Unlike other solutions, with Unbound, there is no need for complicated scripting. It is as easy as a click of a button. 2. Enforce transactions using a cryptographic layer, which is much stronger than an applicative layer. With Unbound, the quorum-based approval policy is enforced cryptographically in a decentralized manner. Thus, each participant in the approval process MUST hold its respective key-share for the transaction to take place. 3. Replace one of the approving participants with a seamless easy to use function. There is no need for custom code. Sign a Crypto Transaction Customer Service Provider Protect Your Crypto Assets Brute-Force Proof Authentication Factors Unbound’s CASP provides two-factor authentication that can optionally be used to authorize any usage of the cryptographic key-share. Various authentication factors are supported, including PIN code, password, fingerprint and face recognition. The authentication takes place using MPC algorithms between the endpoint and the server, thus preventing brute-force attacks on the endpoint side. Each key-share owner can have a different authentication factor. Non-Repudiation With Unbound’s CASP, since each approver holds a key-share, non-repudiation is always assured. Every transaction requires the active authentication and cryptographic-based approval of the participating party. The asset owner is always identified and can never be at risk for identity theft. Instant Revocation When things go wrong and an endpoint is suspected as compromised, Unbound allows ultimate control by ensuring instant revocation of any crypto key-share that is secured. De-activation of the relevant key-share on the CASP server immediately renders the key-share useless, ensuring that the Crypto assets that are protected by this key stay safe. Supported Currencies CASP consists of internally built Wallets (Chain Adaptors) that interact with BTC and ETH ledgers (through BlockCypher for BTC and through Infura for ETH). Nevertheless, CASP can sign ANY asset using the Bring your Own Wallet (BYOW) API. The usage of BYOW API is most apparent when a customer wants to use the CASP service directly, without the built-in wallets, or when further assets besides BTC or ETH based assets need signing. 1 Bitcoin 9 IOTA 2 Ethereum 10 Tether 3 XRP 11 TRON 4 Bitcoin Cash 12 Monero 5 EOS 13 NEO 6 Stellar 14 Dash 7 Litecoin 15 Ethereum Classic 8 Cardano 16 NEM Protect Your Crypto Assets ERC Tokens ERC20 tokens are supported as well. More tokens are being added on a regular basis and customers are advised to check back often for updates to the list. 0x (ZRX) Aelf (ELF) AION (AION) AirSwap (AST) ANA (ANA) AppCoins (APPC) Aragon (ANT) Augur (REP) Basic Attention Token (BAT) BBX (BBX) Blockbid (BID) BountyOx (BNTY) Bread (BRD) Celsius (CEL) Change (CAG) Civic (CVC) Decision Token (HST) Dent (DENT) eChat (ECHT) eGold (EGL) FunFair (FUN) Golem (GNT) Indorse (IND) iShook (SHK) Kin (KIN) Kyber Network (KNC) Linker Coin (LNC) Maker (MKR) Nebulas (NAS) Nexo (NEXO) Numeraire (NMR) OmiseGo (OMG) OPTin (OPT) PlusCoin (PLC) Polymath (POLY) Populous (PPT) Power Ledger (POWR) Propy (PRO) QASH (QASH) Quantum Resistant Ledger (QRL) Qvolta (QVT) Raiden Network Token (RDN) Rebellious (REBL) Rialto (XRL) Salt (SALT) Sentinel Protocol (UPP) Serenity (SRNT) Snovio (SNOV) Status Network Token (SNT) Storj (STORJ) SwissBorg (CHSB) TenX (PAY) Tokenize (TKX) WaltonChain (WTC) Worldwide Assel eXchange (WAX) WeTrust (TRST) Zilliqa (ZIL) Protect Your Crypto Assets Technical Specifications Component Device Type Operating System Endpoint Mobile iOS Android SDK Desktop Java Virtual/physical server, container Java CASP Server Virtual/physical server, container Linux API Support • Mobile: Simple and easy to use SDK • Desktop/laptop/server: API support for all platforms Cryptography • Asymmetric: ECDSA, EdDSA, Elliptic Curve Cryptography with curve secp256k1 • MPC based support for BIP32/44 Endpoint Additional Authentication • Device-native fingerprint/Face recognition • Face recognition • PIN, password Leverage Secure Element (SE) and Trusted Execution Environment (TEE) • Mobile: iOS secure element, Android TEE • Desktop/laptop/server High Availability • Active/Active and Active/Passive modes (with external load balancer) Management & Administration • Management REST API • UI • Full multi-tenancy support with cryptographically isolated domains Certifications • Powered by FIPS 140-2 Levels 1&2 Validated Technology.