Professional services firm Accenture has teamed up with technology provider Thales to produce patent-pending Hardware Security Modules to securely integrate blockchains into financial services, healthcare and government. The solution, which was built using Hyperledger Project's Fabric, creates a developer-friendly interface between emerging blockchain platforms and widely used hardware security technology.
Hardware Security Modules (HSMs) are crypto-processors that securely generate, protect and store digital keys. Keys stored in the Thales HSM architecture cannot be extracted or used except under a highly controlled protocol, said a statement. The new solution is based on the widely used nShield HSM developed by Thales and creates a simple path to large-scale commercial use of blockchain technology.
Simon Whitehouse, senior managing director and head of blockchain technologies at Accenture, said: "Blockchain is quickly maturing across industries and is set to profoundly change how businesses operate. But current applications cannot meet the high security standards of most mission-critical IT infrastructure. That is because the digital keys used to secure and validate messages and transactions historically have proven vulnerable to network attacks. Our solution provides the same kind of physical security that banks have relied on for decades to keep money and transaction records safe from cyberthieves. It will clear a wider path not only for banks but for governments, insurers, healthcare providers and others to do real-world deployments of blockchain technology."
Currently, blockchain-based systems typically rely on "cyberwallets" to store digital keys for blockchains. But because those keys typically reside on software servers, they can become vulnerable to network breaches of the kind that have occurred on cryptocurrency exchanges in recent years. The solution makes it extremely difficult if not impossible for digital keys to be misappropriated because they are stored in physical isolation from IT networks and are architected with highly sophisticated, deterministic security mechanisms, it said. In addition, the platform need only be installed once, allowing companies to secure each of their blockchain applications using the same solution – regardless of which blockchain software or application they use – versus crafting a code interface for each solution.
Jon Geater, chief technology officer at Thales e-Security said: "The possibilities for blockchain are endless. In the financial sector everything from transactions to contracts and deeds could use a blockchain to legitimise and simplify the settlement process, and industries such as healthcare and federal government also stand to benefit from this technology. However, in order for blockchains to work, we need to believe and trust them, which means every participant must agree and anticipate how they will take part in the chain. Unfortunately innovation and vulnerability very often go hand-in-hand. Accenture has built trust and security into the technology of the chain itself, using Thales HSMs to protect the chain and prevent any nefarious activity. Thales continues to invest in blockchain delivering the 'root of trust' to this emerging technology."
David Treat, managing director, financial services blockchain lead at Accenture, said: "The opportunity to benefit from blockchain technology within sectors like financial services and healthcare depends on an ability to protect digital keys using conventional standards of security. While there have been bespoke blockchain integrations with HSMs before, this solution offers a simpler and more flexible standard to connect blockchain platforms with the leading HSMs. We are committed to delivering these types of real-world innovations that will serve as the stepping stones to make blockchain technology a reality for large-scale enterprises."
Accenture pointed out that many security-conscious institutions rely on HSMs to safeguard and manage their digital keys and protect things like ATM machines, mainframe operations, point-of-sale (POS) machines and to verify and sign SWIFT messages – they are used in virtually any application that requires secure, verified digital signatures. While most people have no idea of the role of an HSM in securing sensitive information, it's a technology used every day. For example, HSMs in a bank's data center are used to validate your PIN when you withdraw cash from an ATM, or validate the transaction cryptogram when your purchase goods at a merchant POS terminal – in both cases only the HSMs under the bank's control have access to the correct keys to perform the secure processing. Some of the benefits of an HSM include:
- Keys are stored within secure HSM boundary: the keys always live inside the secure, certified HSM boundary vs. in software or on a hard drive where they are vulnerable to attacks.
- Tamper–resistant hardware: FIPS 140-2 Level 2 and 3 certified HSMs are tested to stringent standards and are extremely difficult to access by unauthorized users.
- Sophisticated cryptography: HSMs use a certified, cryptographically secure random number generator to create keys, providing superior quality keys than a typical computer system.