Free hardware generated and protected Bitcoin/BlockAuth ECDSA Private keys.

Available to all Subscribers, a free hardware generated, and protected Bitcoin and BlockAuth ECDSA private key.
From 1st July 2015, all current and future Subscribers will have a free ECDSA private key, generated within, and protected by our Cloud based Hardware security Module (HSM).

We offer this service to enhance the security of Bitcoin private keys, and to expand the usage of ECDSA signatures within a wider range of electronic commerce operations. Physical signatures are free today, why not Digital Signatures.

The history of cryptography shows us that good cryptography has been repeatedly defeated not because of bad math, but because of bad implementations of good math.

A paper was published by researchers from Australia and the UK describing an attack on OpenSSL’s implementation of ECDSA for curve secp256k1 (the one used by the Bitcoin protocol). The danger of key leakage via poor random data or side channel attacks is a concern, but is manageable with proper implementations. We believe hardware is necessary for the small number of security critical functions, and by making a hardware based solutions Free, there is simply no basis to continue to have these security issues within any FinTech application.

If you think these types of exploits are esoteric (and in reality many are), and nothing could happen to you, consider "There are nearly 150 Breeds Of Bitcoin-Stealing Malware In The Wild, ?, Researchers Say". If your "Wallet file" is encrypted and held to ransom, all of your bitcoins are effectively gone, there is no-one to turn to.

The recent introduction of  Bitcoin Hierarchical Deterministic (HD) Wallets or Extended Private and Public Keys, has introduced additional side channel attack vectors, plus allowed a single seed compromise to provide access to all private keys.

All ECDSA keys provided are unique hardware generated and protected, there is no known relationship, or side channel leaks between any two ECDSA keys within the system, additionally the key generation process does not expose any private keys based upon the knowledge of any Public key, a vulnerability in some bitcoin HD key chains.

We hope the introduction of Free hardware protected ECDSA keys, will contribute to improve security for Bitcoin and all ECDSA Signatures across current and future ECDSA and ECDH based applications. Additionally we plan to offer, mature implementations of core cryptographic support functions via our REST/JASON API, available to any VAR. Why would developers want to keep implementing the basic functions over and over again, when these are available. allowing developers to concentrate on the business side of typical FinTech applications.

Initial usage will include Signing of all documents within Accountants Web Office(AWO)  tax returns, tax declarations and almost any electronic media stored within the AWO suite of services.
Additionally the service supports a private key chain, which can generate an unlimited number of single use ECDSA public keys ( bitcoin like payment keys), within the Cognition Public Block Chain, or  any future public Block Chain supported FinTech applications.
The Cognition API also offers secure framework agnostic, enterprise BYOD device management.

Securing each subscribers ECDSA key material via hardware, is essential to the future of all electronic commerce applications, especially FinTech applications.

From the 1st July 2015, the introduction of freely available secure EDCSA private keys, to all VillageMall Subscribers, removes one of the last barriers to adoption of secure FinTech applications. Optional multi-factor authentication of every "affixed" signature, takes FinTech applications to the next security level.

Hardware based security, under pins our range of secure business, accounting and FinTech applications,offered via VAR's, including our Private and Public Block Chain Ledgers. All available via an open Cognition REST/JSON API, access is freely available to all Cognition VAR's and their clients.

Features:

• Free, included with each VillageMall Subscription
• Includes persistent (Type 0x01),  Block Chain Ledger, Secure Identification Number (SIN) 
• Hardware (Cloud HSM) internally generated, and protected key material
• Unlimited single use bitcoin private ECDSA keys, stored and accessible, via Key Chain.
• Key Chain, can be bound to Mobile device(s), and accessible via API
• Supports bitcoin DER and Recoverable Signature Generation and Verification via API.
• Key Chain helps prevent loss of Bitcoins when Mobile device is lost, stolen or compromised (ransom ware) 
• Optional Multi Factor Authentication (HOTP) for signatures (i.e human authentication)
• Ephemeral ECDSA Private key, no long term private key storage, reduces risk of key compromise, with static ECDSA Public key and Bitcoin Address
• Private keys secured to reduce possibility of private key access, or loss, critical when used with bitcoin.
• Exploits global bitcoin infrastructure, for non bitcoin applications such as Public Block Chain Ledgers
• Support Bitcoin Transaction (DER) signature, Message signature, getPublicKey() methods via API, only available to VAR's

Elliptic curve cryptography is a powerful technology that can enable faster and more secure cryptography across the Internet, without the need for any PKI or complex identification processes. The time has come for ECDSA to be widely deployed. We are taking the first steps towards that goal by enabling customers to use hardware secured ECDSA keys within any FinTech application..

The next generation of secure applications are available today.

Check out our next generation Public Block Chain Ledger(PBCL) for Accounting, Superannuation, Portfolio and other FinTech applications, for an insight on the future of Block Chain Ledgers (BCL) and Trust see Accountants, FinTech and bitcoin BlockChain  or the underlying  Triple Entry Accounting and Block Chain Ledgers, plus BlockAuth  the new decentralised authentication for FinTech and the Internet.


Disclaimer The contents of this site should not be understood to be accounting, taxation or investment advice but rather as general product related educational information that may or may not meet your specific requirements.

Cognition-> Public Block Chain Ledger for Accounting, SMSF, and Portfolio processing.

Bitcoin is probably the most well known public block chain implementation.
In the first Quarter of 2015, we introduced the first secure, private Block Chain Ledger, as part of the Cognition Cloud Accounting Engine solution.

This private Ledger Block Chain differed from the bitcoin implementation in several ways:

• The clock chain is a secure by mature, hardware based cryptography, capable of third party ITSEC evaluation
• The block chain is fully distributed (bitcoin is a centalised block chain), and bound to a single ledger
• The Cognition block chain, due to its decentralized architecture, can scale to billions of transactions without any performance derogation, or massive size.

Within the commercial world, not all ledgers, need or want to be public, the dual threaded distributed block chains allows a commercial decision to be made regarding exposure to the public block chain.
As an example a Broker may only expose trade related transactions, which keeping internal settlement private, this allows full disclosure of all trading which may be the objective of the public  block chain.

Like wise there is a commercial need to support a bitcoin like "public" block chain for a number of FinTech applications. In order to meet these requirement, we plan a 3rd Qtr release of a Public Block Chain ledger as follows:

• Be a bitcoin like block chain ledger
• Map any private block chain Ledger, into a bitcoin like seamless public block chain.
• Map secure private block chain ledger onto the ECDSA bitcoin implementation
• Support ephemeral ECDSA private key in public block chain, to reduce bitcoin like vulerabilities
• Map the private block chain Ledger onto a number of ECDSA related BIPS, including support for bitcoin like address, multiple public keys,  derived public key from signatures. 
• There is no need for any mining, consensus or linkage to money printing, this is a commercial Ledger.
• A DNS like global Block Chain, ledger navigation.
• All access via a secure REST/JASON API.
• Platform and OS agnostic.
• Explict permission required to publish as a "Public Block Chain"

The duel thread, private/public block chain ledger is designed to allow a wide range of commercial application to be supported by Public Bock Chain Ledgers (PBCL).

We plain on releasing the specifications for the decentralized Public Block Chain Ledger (PBCL) into the public domain, on or around the first release.

 The Public Block Chain Ledger is derived from a full featured, commercial Cognition Cloud Accounting Engine, and provides full featured reporting and compliance processing, with integrated Accountant back office Virtual CFO support.

Initial Block Chain support is proposed for the following:

• Self Managed Superannuation Funds (SMSF)
• Broker Portfolio Solution (BPS)
• General purpose Cognition Accounting.

The next generation FinTech accounting Bock Chain Ledger engine is available today to any VAR, and as a Public Block Chain Ledger from 3rd Quarter 2015..

Contact VillageMall for details or to be involved in the early trials.

Disclaimer The contents of this site should not be understood to be accounting, taxation or investment advice but rather as general product related educational information that may or may not meet your specific requirements.

Accountants, FinTech and bitcoin BlockChain

There is a lot of hype, about Bitcoin block chains (especially in the FinTech market), and bitcoin like digital automation replacing accountants, at the moment..

Bitcoin was designed to substitute technology for trust. "What is needed is an electronic payment system based on cryptographic proof instead of trust, allowing any two willing parties to transact directly with each other without the need for a trusted third party" Nakamoto wrote in the original Bitcoin white paper.

A fair bit of BitCoin is the normal "marketing hype", generated by geeks, start ups seeking to raise capital based upon a little know set of crypto, and a promise of something unique and new, or people simply wanting to print money themselves.

Bitcoin like most technologies has a number of advantages and disadvantages, i.e it "cut the suit" to meet a specific purpose, From a technical crypto perspective, bitcoin has some very cool aspects in their various protocols, especially the ECDSA signature usage, which is quite innovative.

Bit of history on digital currencies..
From a security perspective Bitcoin is light years behind technologies which predate it by at least a decade, one such example is Mondex, The lack of any mandatory security within Bitcoin is one of  several reasons exchanges and personal wallets have been relatively easy compromised, and millions perhaps billions of value lost; no one actually knows?

I personally had a play (it was just technology, back in the early days) and left the resultant  mined bitcoins on a hard disc, which has been lost many moons ago, I am sure I was not alone in doing this. Who knew people, would actually trade real value, for a signed blob of bits that simply resulted from generating a hash, all with zero intrinsic value, there is no gold here, its just a bag of bits?

Unlike Mondex, which was independently evaluated and achieved ITSEC level E6 accreditation, there is nothing to justify any claim of security within the various implementations of the bitcoin protocols or even the bitcoin chainblock, it is crypto driven by individuals and groups which want to play in the money printing business.

There is a mantra in the security world "hardware, hardware and then some more hardware"..
No independent security evaluation, no provable security, think snake oil?
One simply cannot make any software only solution, secure, its this basic..

So why did the likes of Mondex simply vanish, and bitcoin seem to f lowish?
Some reasons are related to simple economics, bitcoin allows miners to make money from basically nothing, the whole work factor stuff and consensus is a bit of a security con, more closely related to "junk bonds" than anything else. There are a lot of people who can simply print money; if bitcoin is successful i.e if  BitCoin is accepted as exchange fir items of real value.
Miming and consensus are all about printing money, nothing more..

If one compares Mondex and Bitcoin one sees nothing functionally new or different in bitcoin over Mondex; both support anonymous transactions, both make intensive use of Crypto. Mondex does not need a 20MB blockchain, and growing by the minute, to secure every transaction.  Mondex was a truly decentralized transaction solution (no blockchain), there was no real central control or processing, there was control over money supply, which only effectively exists when bitcoin is transferred to Fiat currencies. This is perhaps one reason why is believed ~80% of the original mined bitcoins have not been spent, they need to move out of the junk bond model, before redeeming the bag of bits. The fundamental difference is that Mondex was "actually secure", also very simple to explain. While the crypto underpinning bitcoin is quite simple, the way this crypto is sold, is close to snake oil.. As a simple example the selected  ECDSA algorithm, is still immature technology compared to what was used in Mondex.

So why did Bitcoin take off, and Mondex disappear from the digital currency market?
A few thoughts:

• A programmer in their spare time, with almost zero capital, could not create/mine Mondex (money)  and almost zero effort, at least those at the top of the mining pyramid ?
• Bitcoin is heavily skewed to these original miners, more like a pyramid selling scheme, than a currency, the Gold reference is also a con, to justify this skewed scheme, and provide the early miners a significant monetary advantage which everyone following or participating in bitcoin is paying for (the pyramid).
• People have been sold a bogus concept, that "crypto" equals security, when nothing could be further from the truth. The whole "crypto" equals "trust" is simply beyond belief, yet this flawed concept underpins bitcoin.
• Mondex was created by the Banks and hence had has all of the establishment "baggage",there was no room for non banks to play in the "Mondex Money pond" even though it was anonymous, truly distributed, and secure?
• There was minimal ability within Mondex for "laundering" of money, due to the lack of any anonymous "mining process".
• No mandatory or even minimal security is required in bitcoin, zero independent security evaluations exist. The need for "real" security was an impediment to Mondex adoption.
• Bitcoin runs on the same irrational basis as caused millions of people, to up and leave their homes, and families to travel all over the world, to "mine" gold, diamonds and almost everything of value. Mining does not need to be rationalised.. bit like gambling or many other aspects of our society.

Where else, outside of bitcoin, can a computer simply print money and people line up to buy it with a fiat currency or something of real value? There is in fact no need for any human involvement at all? This is a conceptually broken concept.

Anyway, enough of Mondex vs Bitcoin and history.

Lets focus on the good bits from the Bitcoin BlochChain, and what it means for Accountants and FinTech Ledgers generally..

The concept of securing accounting ledgers with BlockChains is not new, many accounting supplies toyed with secure or triple entry accounting back in the late 1990's.. We released our first secure Web Ledger back in 2004. And yes accountants and users alike hated it, as they could not simply delete/alter transactions like they could with all existing SME desktop and can do today with the latest generation cloud accounting systems. How times change..

So what has changed since the 1990'? Today there is a market acceptance for crypto ( right or wrong) and cloud accounting ledgers. The Cloud has become a commercial reality.. Also there is a fair bit of the basic Bitcoin BlockChain that is useful to the next generation secure ledgers, rather than just an dedicated payment system. i.e a Ledger secured by a BlockChain for anything.

So what is required to be fixed in BitCoin to meet a secure ledger application.

• There needs to be actual security applied to the blockchain, this means there must be at  minimum, some elements that are secure, i.e. a Hardware Security Module(HSM) which protects all critical "secret" elements of the blockchain system. Very basic for overall system integrity and risk management
• The "printing" of bitcoins must go, the removal of miming also removes a number of the side issues within bitcoin.
• The consensus process can also go as not relevant, this is a poor mans "trust chain, that can compromised, especially when the mining return trends towards zero. 
• The centralized and endless growing bitcoin blockchain needs to also become a fully distributed blockchain, which can still be navigated on a global basis as required.
• A Trusted Third Party, needed to replace the "consensus" and "work factor" elements.

What is the role of the Accountant/Auditor in this new World?
The same as the old world, the Accountant adds "trust" and a lot more trust than  any crypto algorithms does.

To this end, we have added a secure blockchain to our Cognition Cloud Accounting Engine, which is available to all FinTech or other VAR's. Note solving the general secure ledger problem, is  bit simpler than creating a payment system.

The accountant can add "trust" to the blok chain, in the identical manner they do today, in our case they append their audit signature to the blockchain at the appropriate points, reconciliations and year end audits as an example, if required multiparty signatures can also be applied, to suit various applications.

Our  BlockChain is underpinned by a cloud based HSM (similar to Mondex, except in the Cloud), and traditional mature crypto, digitally combined with TTP and Accountant audit processes, The resulting secure Ledger, can be applied to any accounting process.

The future is here today,and can be applied to all accounting applications,
Typical usage:

• Financial accounting
• Portfolio management and broker trading
• SMSF solutions
• and much more.

Accountants and "Trust" cannot be replaced with cartographic algorithms, and money printing..

We believe, the future for the next generation "Digital Knowledge Accountant" is very rosy, robots and cryptography are not a threat to trusted knowledge workers..

Check out the our next generation public block chain ledgers, and initiative to secure global electonic commerce our Free Bitcoin ECDSA private keys.


The author has no commercial relationship, with Mondex, it is simply a technology that existed within the digital money market place, and one which was technically interesting to the Author, and is still the only one that has a strong security platform which under pins the currency transactions, and had meet  the normal social "trust" requirements.


Disclaimer The contents of this site should not be understood to be accounting, taxation or investment advice but rather as general product related educational information that may or may not meet your specific requirements.