Sepior Threshold KMS
Blockchain Privacy Control

Sepior’s Threshold KMS Blockchain Privacy Control introduces a powerful new tool to efficiently manage confidentiality and privacy of data and applications accessed by permissioned access blockchain participants. Using the latest threshold cryptographic techniques, including threshold multiparty computation (MPC), Sepior™ Threshold KMS delivers the highest online ledger security and privacy available, with industry leading granularity, while also minimizing costs and complexity.

 
 
t-kms_bc-user-views-2.jpg
 

Sepior™ Threshold KMS works with virtually any blockchain technology, using the latest threshold cryptography techniques. Key management policies are fully defined and implemented off-chain, for administrative and operational simplicity.

Sepior’s patented threshold cryptographic approach, using threshold MPC, allows n number of Threshold KMS services to run on separate virtual machines that may be hosted across multiple data centers or clouds to provide maximum system resiliency. These systems use threshold MPC to confirm that at least m (a definable threshold) of these Threshold KMS services are available for MPC to produce keys used by each authorized blockchain participant to access content, without ever having a whole key exist on any virtual key management server.

The control to content access may be defined per user on a per document or smart contract level, or to the level of specific fields or objects within the application. The result is an agile privacy control solution with industry leading key availability, and minimum complexity and cost.

Sepior™ Threshold KMS consists of:

  • n instances of Threshold KMS Services running in VMs

  • Management portal, an application specific web portal

  • SDKs for the relevant languages, including smart contract languages

  • Plugins or connectors when required (i.e., Hyperledger Fabric)

 
enterprise-grade.jpg

Enterprise Grade KMS Considerations

Permissioned access blockchains applications require confidentiality and varying levels of privacy for business purposes

  • Deny access to illicit attempts to access data or applications within the network

  • Control access by legitimate participants to access some, but not all data and applications

Fine grained confidentiality and privacy control may be required for compliance purposes

  • Confidentiality of Personally Identifiable Information (PII) recorded on the blockchain

  • Privacy with regard to the individuals involved in a transaction

Effective security and management of encryption keys are required to assure that confidentiality and privacy are sustained, and that keys are continuously available, without risk of key corruption

The use of channels with Hyperledger Fabric (a specific implementation of blockchain) allows for natively defined levels of access to specific audiences, but with increased on-chain workloads. Channels may be complex to administer in certain use cases.

  • Channels may be useful when a subgroup of participants have a lot of transactions in common, if there’s no dependency on blockchain state controlled by outside entities

  • Some have raised concerns about possible complexity and scale considerations of building, modifying, and maintaining large amounts of channels to support fine grained control

  • Off-chain key management and participant access management may be preferable, to minimize on-chain computations and flexibly adjust to changing requirements

Threshold key management services (Threshold KMS) represents a new opportunity to support fine grained access control, off-chain, with per-user privacy control, without increasing blockchain complexity or on-chain workloads

  • Threshold KMS may be implemented in conjunction with channels or other blockchain specific controls, or as an alternative form of control, providing flexibility for case-by-case optimization

Sepior™ Threshold KMS achieves these new benchmarks in performance through patented techniques using secure, multiparty computation (MPC).

features-benefits.jpg

Threshold KMS Features & Benefits

Enterprise-grade key management services for managing blockchain data confidentiality

  • Manage blockchain access to authorized participants

Privacy control down to the object level

  • Enables fine grained control for participant access to specific fields of data (objects) on the blockchain as may be required for business or compliance purposes

Full lifecycle key management services

  • Generate, regenerate, rotate, and retire keys as required

Audit logging

  • Providing full visibility to events and authorizations

Cross-domain IdM support

  • Flexible identity management integration

  • Supporting administration down to a per user, per group, or per organization level

Integration at the application or the blockchain platform layer

  • Allows for use case specific optimization and simplified integration

Works with any blockchain

  • Eliminates requirements to use a particular blockchain technology to achieve business and compliance objectives

Distributed trust model, using threshold cryptography with MPC to provide a distributed, virtual key management system across multiple VMs

  • Keys are generated and managed without ever producing a whole key on any key server, eliminating the potential for server key theft

  • Provides hardware security module (HSM) trust level, without the need to purchase, install, physically secure, and maintain HSM appliances

  • Provides the system resiliency of fully redundant HSM configurations, without the cost or complexity of multiple redundant appliances

Cloud-native micro services architecture

  • Automatically scale key management services up / down based on service loads

  • Eliminates dependency on a hardware appliance or dedicated VM to support scale requirements

Implemented as VMs, with no dedicated or proprietary hardware required

  • Minimizing CapEx and OpEx