Blockchain & IoT Solutions

Strong cybersecurity with HSM for Blockchain & IoT environments

Blockchain cryptographic technology is gaining momentum in the field of cybersecurity and we know more and more examples of its application beyond cryptocurrencies, such as in transactions and payments, data registration and verification, digital identity validation, smart contracts, data storage in cloud, traceability of processes, electronic voting …. without forgetting the securitization of communications of connected devices through the Internet of Things network, resulting in a new concept called “Blockchain of Things” together with the IoP (Internet of Payments), increasingly present both in new digital financial models (Fintech, neobanks, wallets…) and in traditional banking.

Although the financial sector is currently the one that is betting the most on the implementation of this blockchain technology, there are more and more use cases linked to the public sector (administration, health, universities…) and retail (logistics, food, energy…).

However, it is important to take into account that in order to make this technology more reliable, it is advisable to add extra security by means of encryption through a Hardware Security Module (HSM) in order to have a more robust technology and even essential in regulated environments such as the banking sector.

Faced with this emerging trend in the Digital Transformation processes of organizations, Realsec, together with our parent company, Utimaco, offers a portfolio of cybersecurity solutions for Blockchain & iOT environments: (Block-safe, KeyBRIDGE Universal Key Management (UKM) and Enterprise Secure Key Manager (ESKM).

How can HSM secure your blockchain network?

• HSMs work with elliptic curves, specific to Blockchain, while being responsible for the generation and custody of private and public keys.
• The Hardware Security Module validates identities and performs strong authentication, enabling access to the blockchain
• Able to digitally sign, verify and validate blockchain-supported transactions, including smart contracts
• Provides an electronic wallet model that ensures the ability to derive key pairs in a secure environment from a single master set of keys
• Able to encrypt and decrypt the information
• Able to monitor and audit, while key usage tracking provides an additional layer of security

Compliance for many industries

• Utimaco’s HSM Block-safe compliant with FIPS 140-2 L3 provides unmatched key generation and protection for Blockchain-specific elliptic curves.
• Protects and manages the encryption keys required for key derivation.
• Includes hash-based deterministic random number generator (DRG.4 acc. AIS 31), a true random number generator (PTG.2 acc. AIS 31) and a consensus model that requires M keys for digital signature prior to addition to the ledger.

High Performance and Cryptographic Agility

• Built-in post-quantum secure TRNG + PRNG dual entropy source and RNG compliant with NIST SP800-90
• Derivations of asymmetric keys, including BIP-32, NIST SP800-108, ECDSA (NIST SP800-56A), DSA (ANSI X9. 42)
• Digital fingerprinting for public key address generation
• Signature and verification using MultiSign
• SDK for customization by in-house developers involving confidential code and IP
• Integrated multi-model support for HA redundancy and performance scalability
• Role-based access control (RBAC) with multi-factor authentication for segregation of duties
• Up to 10,000 RSA signature operations or 6,000 ECDSA in bulk processing mode

Remote Access

Remote delivery of cryptographic keys: supports remote distribution of keys to deployed terminals (POI)

Included Software Simulator

Included Simulator for evaluation and integration tests to compare the best possible solution for each specific case

Premises

• Useful for centralized use cases with no need for scalability or remote accessibility and existing legacy infrastructure
• Defined ownership total cost, with no surprise costs.
• Complete control of hardware and software, including configuration and upgrades
• Secure uptime in areas with Internet connectivity
• Best choice for highly regulated markets

Cloud

• Strategic architectural tuning and risk management for your high-value assets
• Provides flexibility, scalability and availability of HSM as a service
• Ideal for a multi-cloud strategy, supports multi-cloud deployments and allows for migration flexibility
• Allows you to work seamlessly with any Cloud Service Provider
• Remote, user-friendly management and on-site key ceremony service option
• Full data control through encryption key lifecycle and key management
• Secure data privacy through “Bring Your Own Key” procedures