From 1st July 2015, all current and future Subscribers will have a free ECDSA private key, generated within, and protected by our Cloud based Hardware security Module (HSM).
We offer this service to enhance the security of Bitcoin private keys, and to expand the usage of ECDSA signatures within a wider range of electronic commerce operations. Physical signatures are free today, why not Digital Signatures.
The history of cryptography shows us that good cryptography has been repeatedly defeated not because of bad math, but because of bad implementations of good math.
A paper was published by researchers from Australia and the UK describing an attack on OpenSSL’s implementation of ECDSA for curve secp256k1 (the one used by the Bitcoin protocol). The danger of key leakage via poor random data or side channel attacks is a concern, but is manageable with proper implementations. We believe hardware is necessary for the small number of security critical functions, and by making a hardware based solutions Free, there is simply no basis to continue to have these security issues within any FinTech application.
If you think these types of exploits are esoteric (and in reality many are), and nothing could happen to you, consider "There are nearly 150 Breeds Of Bitcoin-Stealing Malware In The Wild, ?, Researchers Say". If your "Wallet file" is encrypted and held to ransom, all of your bitcoins are effectively gone, there is no-one to turn to.
The recent introduction of Bitcoin Hierarchical Deterministic (HD) Wallets or Extended Private and Public Keys, has introduced additional side channel attack vectors, plus allowed a single seed compromise to provide access to all private keys.
All ECDSA keys provided are unique hardware generated and protected, there is no known relationship, or side channel leaks between any two ECDSA keys within the system, additionally the key generation process does not expose any private keys based upon the knowledge of any Public key, a vulnerability in some bitcoin HD key chains.
We hope the introduction of Free hardware protected ECDSA keys, will contribute to improve security for Bitcoin and all ECDSA Signatures across current and future ECDSA and ECDH based applications. Additionally we plan to offer, mature implementations of core cryptographic support functions via our REST/JASON API, available to any VAR. Why would developers want to keep implementing the basic functions over and over again, when these are available. allowing developers to concentrate on the business side of typical FinTech applications.
Initial usage will include Signing of all documents within Accountants Web Office(AWO) tax returns, tax declarations and almost any electronic media stored within the AWO suite of services.
Additionally the service supports a private key chain, which can generate an unlimited number of single use ECDSA public keys ( bitcoin like payment keys), within the Cognition Public Block Chain, or any future public Block Chain supported FinTech applications.
The Cognition API also offers secure framework agnostic, enterprise BYOD device management.
Securing each subscribers ECDSA key material via hardware, is essential to the future of all electronic commerce applications, especially FinTech applications.
From the 1st July 2015, the introduction of freely available secure EDCSA private keys, to all VillageMall Subscribers, removes one of the last barriers to adoption of secure FinTech applications. Optional multi-factor authentication of every "affixed" signature, takes FinTech applications to the next security level.
Hardware based security, under pins our range of secure business, accounting and FinTech applications,offered via VAR's, including our Private and Public Block Chain Ledgers. All available via an open Cognition REST/JSON API, access is freely available to all Cognition VAR's and their clients.
Features:
- Free, included with each VillageMall Subscription
- Includes persistent (Type 0x01), Block Chain Ledger, Secure Identification Number (SIN)
- Hardware (Cloud HSM) internally generated, and protected key material
- Unlimited single use bitcoin private ECDSA keys, stored and accessible, via Key Chain.
- Key Chain, can be bound to Mobile device(s), and accessible via API
- Supports bitcoin DER and Recoverable Signature Generation and Verification via API.
- Key Chain helps prevent loss of Bitcoins when Mobile device is lost, stolen or compromised (ransom ware)
- Optional Multi Factor Authentication (HOTP) for signatures (i.e human authentication)
- Ephemeral ECDSA Private key, no long term private key storage, reduces risk of key compromise, with static ECDSA Public key and Bitcoin Address
- Private keys secured to reduce possibility of private key access, or loss, critical when used with bitcoin.
- Exploits global bitcoin infrastructure, for non bitcoin applications such as Public Block Chain Ledgers
- Support Bitcoin Transaction (DER) signature, Message signature, getPublicKey() methods via API, only available to VAR's
The next generation of secure applications are available today.
Check out our next generation Public Block Chain Ledger(PBCL) for Accounting, Superannuation, Portfolio and other FinTech applications, for an insight on the future of Block Chain Ledgers (BCL) and Trust see Accountants, FinTech and bitcoin BlockChain or the underlying Triple Entry Accounting and Block Chain Ledgers, plus BlockAuth the new decentralised authentication for FinTech and the Internet.
Disclaimer The contents of this site should not be understood to be accounting, taxation or investment advice but rather as general product related educational information that may or may not meet your specific requirements.
