Device Authority Secures Enterprise Blockchain Infrastructures

    • Protecting private keys and crypto keys

    • Preventing unauthorized access

    • Delivering end-to-end data security/privacy

      KeyScaler in Action
 

Private Key Protection on Physical or Virtual Nodes

Blockchain is considered a breakthrough solution for addressing many use cases. It relies heavily on Public Key Infrastructure (PKI), but it doesn’t have a defined security model to secure the participating nodes and PKI keys.

Private Key Protection on Cloud Infrastructure

In a virtualized cloud infrastructure, typical hardware secure storage like Trusted Platform Module (TPM) is not available. Any nodes running on cloud infrastructure require private key protection. While cloud infrastructure providers offer Hardware Security Module (HSM) and key management services, the usual node authorization to the service itself can be compromised.

Managing Identity and Authorization Model for Enterprise Private Blockchains

Enterprise private blockchain consists of a permissioned Blockchain network in which consensus can be achieved through a process called “selective endorsement,” where known entities verify the transactions. The advantage for businesses is that only participants with access and permissions can maintain the transaction ledger. This calls for Enterprise IAM features extended to participating nodes.

Prevent Un-authorized Access to Critical Infrastructure

For use cases leveraging private Blockchain and vendor managed infrastructure, identity management that controls who is authorized to resources on the network, data confidentiality and access controls are important.

Scalability

Some of the unique characteristics of Blockchain technology like decentralization, replicated data stores, and consensus or permissioned mechanisms introduce scalability challenges. While PKI is a proven technology for identity and data security, implementing and managing at scale for Blockchain isn’t easy.

HSM Myth – Perfect Data Protection

HSMs are popular for secure key generation and storage. While private keys are protected in HSMs, it is still possible for attackers to compromise credentials used by nodes, and admin servers that connect directly to HSM.

Download Blockchain Guide 

 

Enterprise private Blockchain implementations are now mainstream and require more stringent security for key management and operations. To harness the benefits of Enterprise Blockchains, technology must evolve to embrace device centric identification and authorization functions. This approach helps secure Blockchain infrastructure for:

  • Participating nodes identification, authorization and protecting the private key
  • Data security, privacy and authorization policies
  • Security management functions for Blockchain implementations
  • Automation for Blockchain security operations

 

 

Solution / How We Do It

Device Authority specializes in Device Centric IAM to address the above issues. KeyScaler delivers the required functionality at scale for Enterprise Blockchain implementations. Relevant capabilities are:

  • Device Registry: A centralized registry of all the entities in your KeyScaler network
  • Device Authentication: Automated, dynamic verification of every registered entity
  • Dynamic Device Key Generation (DDKG): Patented technology based dynamic key generation, device-derived key technology
  • Secure Soft Storage: To prevent theft of secrets and unauthorized usage, the secure software enclave stores the private key or other secrets in an encrypted state. Decryption is available only to authorized applications defined in the credential provisioning policy on the KeyScaler server
  • Policy Management: Provides a centralized security posture for governing entities

Typical steps involved in implementing the solution:

1. Register entities

2. Derive crypto key for encryption

3. Encrypt the private keys, secrets or data

4. Get crypto key for decryption

5. Decrypt the private keys, secrets or data

 

Contact Device Authority to discuss your Blockchain requirements