Blockchain Appliance – Block-Safe

Block-safe – Specialized HSM to protect sensitive assets in blockchain processes. UTIMACO Block-safe was designed to meet the unique requirements of blockchain-based solutions.

The strong protection requirements of blockchain-specific elliptic curves are based on their ability to securely store and manage encryption keys for key derivation, public key generation in blockchain processes, within the secure boundaries of the HSM.

With this solution, you can effectively protect identities, keys and sensitive data used in Distributed Ledger Technology (DLT) computing platforms to reduce time to completion, even in complex ecosystems.

Physical and logical security for your blockchain processes and sensitive assets used in blockchain-based computing platforms on unmatched key generation and derivation executed within the tamper-resistant HSM and compliant with FIPS 140-2 Level 3.

The included support for Distributed Ledger Technology (DLT) platforms enables reliable validation and storage of transactions.

Block-safe meets with the latest regulations involved such as FINRA, ATS, 5AMLD and FSB and can therefore be used, in addition to cryptocurrencies, in several digital assets in different industries, such as cross-border or interbank payments and transactions, KYC or registration, clearing payments,

etc.

Its highly flexible software integrates easily into an existing cryptographic environment, as well as with third-party applications such as Public Key Infrastructures (PKI) or Ethereum. In addition, Block-safe comes with the dedicated simulator for flexible customization.

Block-safe is available in the SeGen 2 and CSe Series.

Block-safe: Using Distributed Ledger Technology (DLT) to Protect Confidential Data and Keys

Integrated blockchain-related certified algorithms, such as:

• BIP32/44
• SLIP-010
• Digital fingerprinting for public key address generation
• Signature and consensus verification using MultiSign

High physical and logical security

• HSM FIPS 140-2 Level 3 Certified
• Secure entropy source TRNG + PRNG Dual post-quantum
• RNG compatible with NIST SP800-90
• Asymmetric keys derivations, including BIP-32, NIST SP800-108, ECDSA

(NIST SP800-56A), DSA (ANSI X9. 42)

• Signature algorithm MultiSig and Boneh–Lynn–Shacham (BLS)

High Speed

• Speed up to 10,000 RSA per second
• Able to executing 6,000 ECDSA signature operations in bulk processing mode

Compatible Cryptographic Algorithms

• RSA, DSA, ECDSA with NIST curves and Brainpool
• DH, ECDH with NIST curves and Brainpool
• AES, Triple-DES, DES
• MAC, CMAC, HMAC
• SHA-1, SHA2 family, SHA3

Supported cryptographic interfaces (APIs)

• PKCS # 11
• Microsoft Crypto API (CSP)
• Microsoft Cryptography Next Generation (CNG)
• Microsoft Extensible Key Management SQL (SQLEKM)
• JCE Interface
• Extended Services Interface (CXI): Utimaco’s high-performance cryptographic interface

Extensive Management Functionalities

• Role-based access control (RBAC) with multi-factor authentication
• Comprehensive key management
• 2-factor authentication with smart cards and “m of n”
• Remote management

Included Software Simulator

• Full-featured, crash-proof HSM simulator
• Fully functional runtime, including all administration and configuration tools
• For evaluation, development and integration testing of functionalities prior to integration into your block-safe HSM firmware

Highly Flexible Integration

• Integration software included
• Can be integrated by third parties Built-in support
• Multi-model built-in support for HA redundancy and performance scalability
• Provides DLT platform support

Easy Customization

• Possibility to develop your own confidential codes and IP using Utimaco’s Software Development Kit (SDK).