Skip to main content

Overview_MS

This document describes how to download, install and use the Securosys Authorization App.

The Securosys Authroization App is a light weight mobile application designed for the purposes of streamlining the operational task and key management authorization to the authorization personel. With a quick and easy deployment the user of the Authorization App can start authorizing tasks in matter of minutes.

The Securosys Authorization App supports a broad range of use cases including true Multi-Authorization within your Business Application landscape. These uscases include but are not limited to signature services in accordance with eIDAS (the European standard for electronic identification, authentication, and trust services), authorization of blockchain transactions, database encryption, code signing, and much more.

The application uses the unique features of Securosys Primus HSMs - Smart Key Attribute(SKA) keys - which allow for highly customizable policies for authorizing operations and transactions, as well as manage key blocking/unblocking and policy adjustments with ease. Policies can be set to require multi-quorum approvals before a task request can be approved, implement security protocols that activate based on time-lock settings, and much more. Smart Key Attributes leverage the N out of M quorum concept, ensuring that operations are approved only after the required number of stakeholders provide their authorization.

To simplify SKA implementation, the Securosys Transaction Security Broker (TSB) provides a REST API and internal state management. Coupled with SKA-enabled Securosys HSMs, the TSB offers unparalleled granularity in controlling key actions and operations. Thanks to this integration, all critical security operations are performed within the HSM. See REST API (Transaction Security Broker) for more granular information and an in-depth user guide of the REST API and the Transaction Security Broker.

Test of HTML Table in Markdown Document

This is some text before the table.

Header 1Header 2Header 3Header 4
Merged CellRow 2, Cell 2Row 2, Cell 3Row 2, Cell 4
Row 3, Cell 2Row 3, Cell 3Row 3, Cell 4
Row 4, Cell 2Row 4, Cell 3Row 4, Cell 4
Row 5, Cell 2Row 5, Cell 3Row 5, Cell 4
Row 6, Cell 2Row 6, Cell 3Row 6, Cell 4

This is some text after the table.

Multi-Authorization Process

Securosys_Authorization_App_Architecture

  1. Securosys Authorization App: Shown on the left side, the mobile app is used to fetch and authorize cryptographic tasks. The app displays tasks such as signing, unsealing, decrypting, or certificate management, which can be approved by the Approver.

  2. Transaction Security Broker (REST-API): This central component handles authorization requests, supporting various cryptographic functions like signing, decryption, certificate issuance, unsealing, and key management. The TSB interfaces with the mobile app via REST API to fetch and handle authorizations.

  3. Primus HSM with Smart Key Attributes (SKA): The Primus HSM at the bottom right securely stores and manages cryptographic keys, enforcing key attached policies for operations like signing and key management. It supports quorum-based authorization (N out of M), meaning multiple stakeholders must approve a task before execution.

Workflow

  1. Your Business application requests a signature approval from TSB.
  2. TSB records a signature request and returns its ID, then waits for the authorization.
  3. The Securosys Authorization App retrieves the signature approval request.
  4. The Approver approves or denies the request, Securosys Authorization App sends the resulted authorization data to TSB.
  5. After the appoval rules are met, TSB sends the authorization data and the payload to HSM.
  6. The HSM checks the authorization data against the key attributes and the specific payload. If the criteria are met, the HSM signs the payload and returns the signature to the TSB
  7. TSB makes the signature available for your business application to fetch.

Target Audience

This document is intended for the users of the Securosys Authorization App as well as Administrators familiar with Securosys Hardware Security Modules and Transaction Security Broker.

Support Contact

If you encounter a problem while installing or configuring the Securosys Authorization App, please ensure that you have read the referenced documentation. If you cannot resolve the issue, please contact Securosys Customer Support.

For specific inquiries and inquiries on customizing the Securosys Authorization App to fit your business needs, please feel free to open a ticket on our Securosys Support Portal.

What's Next

For a smooth start with the Securosys Authorization App:

  • Consult the Quickstart chapter for a comprehensive task listing.
  • See the various Use Cases for the Securosys Authorization App.
  • For detailed instructions and step by step guide, read and follow the Installation chapter.
  • For more granularity and step by step guide on various features, visit Tutorial section.
  • See information about new and old Concepts introduced and used in this document.