October 19, 2020 By Rebecca Aspler 4 min read

From time to time, we invite industry thought leaders to share their opinions and insights on current technology trends to the IT Infrastructure blog. The opinions in these blogs are their own, and do not necessarily reflect the views of IBM.

There are very few scenarios where security is more important than in the world of digital assets. If the key protecting a digital asset is compromised, then it’s game over.

At the same time, trading digital assets will only enter the mainstream when it’s possible to do it quickly and easily. For financial institutions accustomed to making transactions within a fraction of a second, waiting hours or even days for different keyholders to sign off on a digital asset trade is unthinkable.

At Unbound Tech, we saw an opportunity. By combining our unique multiparty computation (MPC) software with the IBM Hyper Protect Digital Assets Platform built on IBM LinuxONE, we’re bringing unprecedented liquidity and security to digital asset management.

Sizing up the challenge

Unbound is a pioneer in the use of MPC to secure cryptographic keys from every angle, splitting each key into multiple shares that are never united. By distributing trust, we ensure that a breach of any single machine never compromises the integrity of a key.

In the cryptographic world, there’s no such thing as “too secure.” However, we recognized that existing enterprise-class digital asset management solutions are forcing customers to choose between security and agility. What use is the most secure platform in the world if it’s unusable in real life?

We set out to build a new offering that pushes the boundaries of security without limiting liquidity of digital assets.

Creating the Unbound Crypto Asset Security Platform (CASP)

Developed with help from IBM, the Unbound Crypto Asset Security Platform (CASP) solution introduces lucrative benefits for digital assets service providers, including:

  • The elimination of any single point of failure across the full digital asset lifecycle. IBM LinuxONE infrastructure offers unique resiliency features such as triple-redundant environmental sensors and Redundant Array of Independent Memory (RAIM) to keep applications running even in the unlikely event of a component failure. IBM LinuxONE can withstand a severe earthquake, with the mean time between failures (MTBF) measured in decades(!).
  • Strict policy enforcement and cryptographic signing support across nearly unlimited asset types (no need for programming multi-sig, smart contracts).
  • Insider-resistant, hardened infrastructure for Unbound CASP’s critical software elements. CASP services, key management, vaults, databases, chain connectors, and server-side bots all run within IBM Hyper Protect Virtual Servers, which are securely booted, protected memory enclaves. These enclaves help assure that administrators and operators do not have even technical access to the applications managing digital assets, such as policy enforcement mechanisms. For example, if an administrator initiates a memory dump, the dump is encrypted and does not include administrative access to the private key.
  • Unbound CASP’s code build, signing, and deployment services run within IBM LinuxONE specialized Secure Image Build enclaves. These enclaves help rigidly enforce software review and attestation procedures, to frustrate potential malware, ransomware, and backdoor attackers. These defenses help assure that MPC is properly deployed without human interference. They also help accelerate testing and deployment of legitimate, authorized code updates if there’s ever an application security vulnerability requiring a quick fix. Secure Image Build solves two critical dilemmas: 1) proving the deployed software image is the right one and has not been modified or replaced by a privileged insider, and 2) proving the signed image is what it was supposed to be through the use of the secured source code manifest.
  • Exploitation of IBM Crypto Express Hardware Security Modules (HSMs) for the CASP cold backup key and CASP disaster recovery. IBM Crypto Express is one of the only commercially available FIPS 140-2 Level 4 certified HSM, meaning it meets or exceeds the most rigorous standards for tamper protection and response. It enables exceptional business continuity, which is mandatory for enterprise-grade financial institutions.
  • Only clients or their trustees control their assets—not Unbound Tech, nor IBM. Clients are issued special IBM smart card HSMs. During a trusted key ceremony, these smart cards collectively generate AES256 bit key parts that are securely transferred to the platform’s HSM and assembled into a master wrapping key inside an isolated HSM domain. Only the client retains control of their master wrapping key. HSM domains are highly isolated and protected by 360-degree envelope tamper detection and response.
  • Solutions can be deployed to the IBM Cloud, on premises, or in a hybrid deployment, giving institutions and service providers full freedom to decide how and where they’d like to manage their digital asset platforms.

Better together

In partnering with IBM, Unbound achieved a real meeting of minds. IBM demonstrated that they understood our marketplace and our vision.

We participated in a two-day strategy session that helped us home in on what prospective customers are looking for, and how to deliver it to them. The result was a platform that combines our unique software with the IBM Hyper Protect Digital Assets Platform to bring something unmatched to the market, at a surprisingly competitive price point.

By building security into every transaction on the platform, we’re unlocking new liquidity around digital assets. Users don’t have to worry about risk or meeting even the most stringent regulations, as that’s taken care of for them.

Finally, the digital asset market can start reaching its full potential. Alongside IBM, Unbound is offering a platform that means no compromises for customers.

To learn more about how Unbound and IBM are working together to transform digital asset custody, watch the webcast at ibm.biz/Unbound.

To learn more about IBM LinuxONE technology, visit ibm.com/it-infrastructure/linuxone.

Was this article helpful?
YesNo

More from Cloud

Announcing Dizzion Desktop as a Service for IBM Virtual Private Cloud (VPC)

2 min read - For more than four years, Dizzion and IBM Cloud® have strategically partnered to deliver incredible digital workspace experiences to our clients. We are excited to announce that Dizzion has expanded their Desktop as a Service (DaaS) offering to now support IBM Cloud Virtual Private Cloud (VPC). Powered by Frame, Dizzion’s cloud-native DaaS platform, clients can now deploy their Windows and Linux® virtual desktops and applications on IBM Cloud VPC and enjoy fast, dynamic, infrastructure provisioning and a true consumption-based model.…

Microcontrollers vs. microprocessors: What’s the difference?

6 min read - Microcontroller units (MCUs) and microprocessor units (MPUs) are two kinds of integrated circuits that, while similar in certain ways, are very different in many others. Replacing antiquated multi-component central processing units (CPUs) with separate logic units, these single-chip processors are both extremely valuable in the continued development of computing technology. However, microcontrollers and microprocessors differ significantly in component structure, chip architecture, performance capabilities and application. The key difference between these two units is that microcontrollers combine all the necessary elements…

Seven top central processing unit (CPU) use cases

7 min read - The central processing unit (CPU) is the computer’s brain, assigning and processing tasks and managing essential operational functions. Computers have been so seamlessly integrated with modern life that sometimes we’re not even aware of how many CPUs are in use around the world. It’s a staggering amount—so many CPUs that a conclusive figure can only be approximated. How many CPUs are now in use? It’s been estimated that there may be as many as 200 billion CPU cores (or more)…

IBM Newsletters

Get our newsletters and topic updates that deliver the latest thought leadership and insights on emerging trends.
Subscribe now More newsletters