Skip to main content

Introduction

Transaction Security Broker

Securosys Hardware Security Modules (HSM) are not only optimized for the physical protection of private key material like most legacy HSMs; Securosys HSMs provide control of the keys usage with specific and sophisticated authorizations, which is essential for the security of modern financial applications.

How it's done

Todays' financial and digital assets applications require the possibility of implementing fine-grained policies to allow for different actions on transactions to be done. With keys that are based on groups, quorums and maybe also time restrictions - or any combination of them. Securosys Smart Key Attributes (SKA) helps enforce such policies and rules.

To make the implementation of SKA's easier, the Securosys Transaction Security Broker provides a REST API and internal state management. It is a standalone engine, which connects to an external database instance and integrates the SKA-enabled Securosys HSM - and is thus uncritical for security, since all security relevant operations are carried out in the HSM.

TSB integrates Securosys REST API with the SKA workflow engine, simplifying HSM operations with language-agnostic tools.

Approval Process

  1. Business app requests signature approval from TSB /sign.
  2. TSB records a Signature Request and returns its ID.
  3. Approval clients retrieve tasks, approve /filteredSignApprovalTask.
  4. TSB sends authorization data and payload to HSM.
  5. HSM validates criteria, signs payload, returns signature.
  6. TSB makes signature available for the app /request/<request_id>.

Tutorial

A comprehensive step-by-step guide is provided under Tutorial -> Smart Key Attributes

Please download the Securosys Solution Brief for financial applications or crypto assets to get more information on this.

Helper Scripts (OpenSSL) Additionally, explore these helper scripts for common TSB - tasks with OpenSSL.