Crypto Wallet Automated Execution
The Securosys Demo Crypto Wallet demonstrates the use of a VaultCode with automated approval logic.
In this setup, a signing request is made to the HSM for a crypto transaction. Based on the size of the transaction, the executable in VaultCode automatically approves or rejects the signing request. If the request is valid, but the amount is too high, the Transaction Security Broker sends the request Securosys Authorization App, where onboarded approvers have to manually approve the transaction.
Using the HSM-backed wallet is simple:
- You create a new key pair on the HSM
- Make a transaction request for a set amount
- Verify the transaction with
SegWiton the Bitcointestnet.
Defining Approvers
During key creation you define the approval policy, which determines who can approve signing operations by the key (and hence who can issue crypto transactions).
For example, if you add VaultCode and 4 human approvers, you can define a policy that requires either 1-of-1 approval from the executable in VaultCode, or 2-of-4 approval from the human approvers (for example, finance officers).
See the SKA Authorization Policy documentation for more details on the policies that you can build.
Architecture
Under the hood, the demo wallet architecture requires a Transaction Security Broker (TSB). The responsibility of the TSB is to collect all transaction requests and ensure that the approval policies are satisfied before forwarding the request to the HSM.
The HSM merely checks that a request has enough approvals to satisfy the policy. The purpose of the TSB is to reach out to VaultCode and - if necessary - to the human approvers. Verification of the signing request still happens within the HSM.
