Key ceremony is a process where a unique part of a private and public key is generated. The process is usually conducted in a safe and confidential vault (we recommend white room), in the presence of reliable personnel. The initial setup of the TMP devices and the creation of the master key is done in a key ceremony, which can be done with two, three, and four parties.
In cryptography, key generation represents the process of generating a unique pair of public/private keys and using them to encrypt and decrypt data. It’s recommended to generate and store keys inside dedicated and secure Confidential Keystore or Hardware Security Module (HSM).
Mnemonic phrase, also known as a seed phrase, is a group of 12-24 words used to back up wallets. The phrase is randomly generated from a wordlist of the BIP-39 standard which has 2048 words, where each word is assigned to a number. In case of losing access to your wallet, you can use a seed phrase to regain control of the recovery key and your funds. RIDDLE&CODE’s recommendation is to store the phrase on steel plates in an off-premise vault.
White room is a safe, confidential room that shouldn’t contain devices such as cameras, microphones or mobile telephones, and it should be free of video surveillance.
Policy Layer is an interface area for creating, managing and adding new policies. Protected by the Trusted Execution Environment (TEE), it allows you to add rules, define and customise transaction policies, signing schemes, approval workflows, rate limits, whitelisting/blacklisting, etc.
A Trusted Execution Environment is a secure and protected area of the main processor, isolated from the rest of the device. This way, sensitive operations and data such as cryptographic keys, stay within the safe area.
Multi-party computation is a subset of cryptography that enables parties to jointly compute a function using their inputs, while at the same time, keeping these inputs private. TMP utilises multi-party computation approach to secure keys, sign/validate transactions and to eliminate single point of failure by distributing the signing secret between dedicated hardware wallets.
Remote approval enables a location-independent approving of transactions by connecting the Approval Devices to the operator's individual computer. Remote approval in its current version allows users to be geographically distributed to approve transactions (see: Getting started guides).
Segregation of roles is the concept that reduces the risk of fraud and error by dividing responsibilities and ensuring that no single person is responsible for every stage of the process. For example, the TMP allows segregation of roles and separates the banking-related roles (order acceptance, creation and confirmation of transactions, etc.) from execution-related tasks.
Certain regulatory provisions (e.g. Switzerland) require banks to back the value of cryptocurrencies in their books with fiat (e.g. Switzerland requires a backing of 800% to cover market or credit risks). Token Management Platform allows linking keys - that are generated by forward deterministic key derivation – directly to the client account. Thus, banks can prove their clients’ ownership of custodian crypto assets achieving full segregation of assets. As a result, they do not need to back these assets with FIAT.
TMP offers a whitelisting/blacklisting feature and allows users to create the list of approved/blocked wallet addresses. Whitelisting represents a list of approved entities that are allowed to operate within the network. Simply put, with this feature, you can operate with the chosen few. Blacklisting means creating a list of malicious or suspicious entities and preventing them from accessing the network and conducting operations. The entities can include anything from malicious software such as viruses, to users, IP addresses, etc.
An audit log (also known as audit trail) is a set of chronologically documented changes and activities within the system. Token Management Platform enables you to use audit logs and provide evidence of activities and reconstruction of events to ensure regulatory compliance.
Reconciliation is a process that enables comparing two sets of records to ensure they match. Reconciliation can be done at a daily, monthly or annually level. TMP utilises reconciliation and allows sending transaction details to an external audit database for archiving and settlement purposes. The details include data such as timestamp, individually signed transactions (per user), the fully signed transaction, crypto protocol, amount, fee, source, return, destination address or status, failed or canceled transactions, etc.
In order to process and confirm transactions, the fee is added to each transaction. TMP provides an integrated gas/fees calculation performed for all cryptocurrencies. The amount of fees is determined by the execution speed, which can be slow, average (recommended) and fast.