IBM Unveils Hyper Protect Offline Signing Orchestrator: An Automated, Secure Solution for Digital Asset Storage
Summary:
IBM has unveiled the Hyper Protect Offline Signing Orchestrator (OSO), an automated, air-gapped cold storage solution for digital assets. Developed collaboratively with Metaco and tier-1 banks, OSO tackles common vulnerabilities in traditional cold storage systems by automating transactions and allowing them only at designated times or through multi-party authorization, defending against insider attacks and manual errors. It also provides air-gapped storage for digital assets, protecting them from remote attacks.
IBM has released the Hyper Protect Offline Signing Orchestrator (OSO), a secure digital assets storage solution. Developed in collaboration with digital asset manager Metaco and top-tier banks, the solution aims to tackle the key weak spots in current cold-storage services. A primary concern with these typical systems involves challenges such as human interference, high operational expenses, and scalability hurdles, which proceed from the necessity of privileged administrator access.
To counter these, OSO automates the transaction process, removing the need for human involvement. Similar to a time-locked safe, the system has been designed to facilitate the transmission of transactions from cold storage to the blockchain and back. This can only occur at pre-agreed periods or through the approval of a multiple-parties governance framework. This information, from the post and parallel studies, underscores that this configuration thwarts standard insider attacks like physical intrusion, administrative changes, and coercion tactics.
In case an unauthorized person gains access to the system, they can only initiate a transaction during the consented periods and would need to wait until the transaction is greenlit for execution before laying hands on the assets. To further enhance the system's defense against attacks, digital assets can be stored in isolated, ‘air-gapped’ containers. Air-gapped implies storage is disengaged from the internet or devices that can access the internet, so remote attacks cannot access the assets in their dormant state.
Cold-storage managers in a conventional air-gapped scenario often need to physically carry storage hardware, like a laptop or USB stick, to offline devices to sign transactions. This reliance on manual procedure exposes the system to human error. The OSO tool utilizes a policy engine that allows communication between two separate applications without a direct connection to both, achieving this via a virtual partitioned server through IBM’s Confidential Computing service. It also denies external network connection, thus precluding human error and preventing unauthorized access during transactions.
Published At
12/5/2023 9:45:40 PM
Disclaimer: Algoine does not endorse any content or product on this page. Readers should conduct their own research before taking any actions related to the asset, company, or any information in this article and assume full responsibility for their decisions. This article should not be considered as investment advice. Our news is prepared with AI support.
Do you suspect this content may be misleading, incomplete, or inappropriate in any way, requiring modification or removal?
We appreciate your report.