Market Overview

Fortanix Flexible Key Management Service Addresses Critical Enterprise Blockchain Security Requirements With Unique Private Key Protection


Fortanix Self-Defending Key Management Service Delivers New
Encryption-based Data Protection and Enhanced Cryptographic Algorithms
to Help Address Blockchain Security Gaps

Fortanix® Inc., the leader in Runtime
®, today announced it is uniquely addressing critical
enterprise blockchain security requirements by enhancing its Self-Defending
Key Management Service
™ (SDKMS) next-generation Hardware Security
Module (HSM) solution with advanced cryptographic algorithms and new
data protection features and to help organizations secure encryption
keys for blockchain and financial information.

Enterprise blockchain has the potential for transformative benefits. By
adopting a blockchain style ledger system, organizations can
significantly increase efficiency and enhance collaboration internally
and across business ecosystems. However, blockchain has the potential to
carry significant economic value. Private keys, regarded as the identity
and security credential, are associated with financial value, which is
attractive to attackers.

According to Gartner,
"While the blockchain ledger uses sound cryptography, the collection of
technologies that make up the entire blockchain still carries
significant risks…The use of certificates in the blockchain poses some
unique challenges. For example, if a user's private key is lost or
stolen, it could potentially lock them out of the blockchain
permanently." 1

"iExec is building the first marketplace for trading computing resources
in the world," said Lei Zhang, Security R&D manager, iExec. "iExec
platform provides blockchain-based DApps (Decentralized Applications)
with scalable, secure, and easy access to computing resources they need.
We are very pleased to collaborate with Fortanix to protect DApps
running in iExec decentralized cloud. Fortanix SDKMS delivers secure
provisioning of secrets for blockchain DApps ensuring the data remains
completely protected."

Fortanix SDKMS eliminates one of the largest obstacles to blockchain
adoption – secure and compliant encryption key management – by
delivering unmatched security for the generation and use of keys.
Complete key management and key usage policies are enforced inside
Intel® Software Guard Extensions (Intel®
) enclaves, ensuring confidentiality and integrity of the
policies and private key protection even when in use. SDKMS delivers
HSM-grade security designed for easy integration into blockchain
environments with complete flexibility of deployment model, application
integration with RESTful API support, support for enhanced cryptographic
algorithms, and policies for key signing and access control.

New SDKMS capabilities helping address blockchain security concerns
include a quorum approval (M of N) policy, or multi-signatures
(multisig) support, for enhanced protection of highly sensitive key
operations. Organizations can define flexible quorum approval policies,
such as approval required by three out of five users, with approval
required by specific users or multi-level approvals. Easy-to-use
intuitive workflows enable secure remote collaboration.

Fortanix SDKMS supports comprehensive NSA Suite B algorithms.
Additionally, with its software-defined approach to HSM and key
management, Fortanix continuously delivers support for new algorithms,
such as support for ECDSA secp256k1 used by Bitcoin applications.

"Enterprise blockchain can be useful for business transactions and has
the potential to carry significant economic value, which inevitably
increases the risk of theft and misuse," said Ambuj Kumar, Fortanix
co-founder and CEO. "Organizations are turning to Fortanix for their
blockchain security needs, in order to have complete control over who is
allowed on the network, while uniquely securing their blockchain
transactions with the industry's first runtime encryption operating in a
secure enclave."

Organizations can deploy Fortanix SDKMS appliance nodes centrally or in
a distributed manner. In each case, the Fortanix SDKMS cluster delivers
centralized key management capabilities to any blockchain application or
any device. For organizations that prefer a SaaS consumption model,
Fortanix-powered Equinix
™ delivers HSM and key management as a global cloud service.
Regardless of the deployment model, organizations have centralized
visibility and control over the entire solution. Multiple clusters can
also be deployed to separate hot and cold wallets – hot wallets being
used for frequent usage, while cold wallets keep the majority of tokens
in secure tamper-proof storage.

In addition, the Fortanix Runtime Encryption plug-in capability allows
organizations to customize cryptographic logic and run it securely
inside the trusted execution environment of Intel® SGX. This allows
unique policies for key usage, such as applying thresholds, as well as
access control to be enforced per an organization's requirements.
Plug-ins can also support secure key derivation for HD wallets, such as
defined by BIP 32. SDKMS runs on hardened FIPS 140-2 Level 3 compliant
appliances that deliver enhanced physical security.

For more information see:

Note 1 – Gartner, Inc., "Evaluating the Security Risks to Blockchain
Ecosystems," by Mark Horvath, Jonathan Care, David Anthony Mahdi. March
21, 2018.

Fortanix's SDKMS leverages Runtime Encryption and Intel®
to deliver security for encryption keys and cryptographic
services with software-defined simplicity. The solution offers flexible
consumption models; a hardened appliance; and a SaaS service Equinix
™, powered by Fortanix. The solution is uniquely architected
to enable easy integration for new modern cloud applications, as well as
existing applications with support for both RESTful APIs and traditional
cryptographic interfaces, including PKCS#11, JCE and CNG.

About Fortanix

delivers provable deterministic security to organizations by offering
the industry's only Runtime Encryption. It has been selected by leading
partners, including to power Equinix SmartKey™ HSM-as-a-service. While
today's encryption technologies protect only data at rest and data in
motion, Runtime Encryption keeps keys, data and applications completely
protected while in use from external and internal threats, including
insiders, cloud providers, government subpoena, OS-level attacks, and
network intruders. Fortanix is venture backed and headquartered in
Mountain View, Calif.

Fortanix, Runtime Encryption, and Self-Defending Key Management Service
are trademarks of Fortanix, Inc. All other marks and names mentioned
herein may be trademarks of their respective companies.

View Comments and Join the Discussion!